certdurp.bronckhorst.nl

- Gemeente Bronckhorst -

Issued by KPN BV PKIoverheid Organisatie Server CA - G3

About this certificate

This digital certificate with serial number 01:f8:ea:61:40:14:8c:6c was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Gemeente Bronckhorst

Company registration number: 00000001813647290000
Organization: Gemeente Bronckhorst
Organization unit: Omgeving
State / Province: Gelderland
Locality: Hengelo
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 01:f8:ea:61:40:14:8c:6c
Serial Number (int): 142121091669986412
Serial Number lenght: 57 bits, 8 octets

SubjectKeyId: 06:63:0a:62:3c:a2:e3:6a:7d:57:4c:1d:9c:63:44:e9:72:35:d6:55
AuthorityKeyId: c3:9a:a6:7b:5e:74:2b:82:b6:c6:72:fd:74:4e:85:d2:97:cd:fd:18

Fingerprint (sha1): 3e:74:78:15:c2:e4:4d:b9:3c:ed:39:3f:fb:ee:a4:f5:66:69:0a:bd
Fingerprint (sha256): 29:19:19:e3:5d:97:70:10:5e:e4:5c:be:fa:31:f0:dc:91:45:3e:a5:30:21:b7:fb:ca:6a:e8:c3:b4:f1:fd:c2

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer

Revocation information

OCSP Server: http://g3ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl

Check the revocation status for certificate certdurp.bronckhorst.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for certdurp.bronckhorst.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

certdurp.bronckhorst.nl

Other certificates including the domain name bronckhorst.nl

(limited to 100 certificates)
meldingen.bronckhorst.nl
*.bronckhorst.nl
extranet.bronckhorst.nl
digikoppeling.bronckhorst.nl
duo.bronckhorst.nl
exchange.bronckhorst.nl
simsite.bronckhorst.nl
exchange.bronckhorst.nl
bronckhorst.nl
mijn.bronckhorst.nl
duo.bronckhorst.nl
mijninkomen.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
sync.bronckhorst.nl
extranet.bronckhorst.nl
intranet.bronckhorst.nl
mohis.bronckhorst.nl
certdurp.bronckhorst.nl
intranet.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
thuiswerken2.bronckhorst.nl
personeelshandboek.bronckhorst.nl
bronckhorst.nl
iparticipatie.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
brk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
secure.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
duo.bronckhorst.nl
felix.bronckhorst.nl
simsite.bronckhorst.nl
personeelshandboek.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
webmail.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
waarmerk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enserinck.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
afspraken.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
begraafplaatsreservering.bronckhorst.nl
test-ipa.bronckhorst.nl
intranet.bronckhorst.nl
ibzpink.bronckhorst.nl
intranet.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
exchange.bronckhorst.nl
wkpb.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
secure.bronckhorst.nl
waarmerk.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
digikoppeling.bronckhorst.nl
g-rooster.bronckhorst.nl
extranet.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
mijn.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
cloudadapter.bronckhorst.nl
www.bronckhorst.nl
exchange.bronckhorst.nl
afspraken.bronckhorst.nl
izaaksuite.bronckhorst.nl
simcms.bronckhorst.nl
wkpb.bronckhorst.nl
www.bronckhorst.nl
mdm-sentry.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
thuiswerken.bronckhorst.nl
mijninkomen.bronckhorst.nl
www.bronckhorst.nl
bronckhorst.nl
www.bronckhorst.nl

Certificate

The complete raw certificate details for certdurp.bronckhorst.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIII5zCCBs+gAwIBAgIIAfjqYUAUjGwwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMRcwFQYDVQRhDA5OVFJOTC0yNzEyNDcw
MTE2MDQGA1UEAwwtS1BOIEJWIFBLSW92ZXJoZWlkIE9yZ2FuaXNhdGllIFNlcnZl
ciBDQSAtIEczMB4XDTE3MDkxNTA5MzAwNFoXDTIwMDkxNDA5MzAwNFowgacxCzAJ
BgNVBAYTAk5MMRMwEQYDVQQIDApHZWxkZXJsYW5kMRAwDgYDVQQHDAdIZW5nZWxv
MR0wGwYDVQQKDBRHZW1lZW50ZSBCcm9uY2tob3JzdDERMA8GA1UECwwIT21nZXZp
bmcxHTAbBgNVBAUTFDAwMDAwMDAxODEzNjQ3MjkwMDAwMSAwHgYDVQQDDBdjZXJ0
ZHVycC5icm9uY2tob3JzdC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAJJJ0HgBEzXPw/40d+KDXfOi2LQcEjDaFer8hv9osN+MyMuQpWMZDJj8N3u8
I20lsfJ/5obOpI1A/rxkNJ9vbnFazsVgEi/BbyfSYzB5vRDN+Zt7147TAA5Apblx
CQDgqYKlyTjxYo4acQO0P8yQiiXRa/ovTyfxUMat3k0Y2ve2P+UGlEN8WfTbXDZ7
uUZJLcVv/SnQ55kAM+IRdoXiWgwAY1ZL5AwZ0VxE37UVDgvrByfTOEz//V9EOc7t
7z1BDg6qVP17ObwLKH8ppoEztZ2vQkbT6POluQD+vRO9obMT7dYNY7wiZ/iPPjsw
zOPcckIpVwKsbgyW/AP3tSlb1OUCAwEAAaOCBEowggRGMIGUBggrBgEFBQcBAQSB
hzCBhDBYBggrBgEFBQcwAoZMaHR0cDovL2NlcnQubWFuYWdlZHBraS5jb20vQ0Fj
ZXJ0cy9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0aWVTZXJ2ZXJDQUczLmNlcjAo
BggrBgEFBQcwAYYcaHR0cDovL2czb2NzcC5tYW5hZ2VkcGtpLmNvbTAdBgNVHQ4E
FgQUBmMKYjyi42p9V0wdnGNE6XI11lUwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAW
gBTDmqZ7XnQrgrbGcv10ToXSl839GDCBsQYDVR0gBIGpMIGmMIGZBgpghBABh2sB
AgUGMIGKMDcGCCsGAQUFBwIBFitodHRwczovL2NlcnRpZmljYWF0Lmtwbi5jb20v
cGtpb3ZlcmhlaWQvY3BzME8GCCsGAQUFBwICMEMMQU9wIGRpdCBjZXJ0aWZpY2Fh
dCBpcyBoZXQgQ1BTIFBLSW92ZXJoZWlkIHZhbiBLUE4gdmFuIHRvZXBhc3Npbmcu
MAgGBmeBDAECAjBeBgNVHR8EVzBVMFOgUaBPhk1odHRwOi8vY3JsLm1hbmFnZWRw
a2kuY29tL0tQTkJWUEtJb3ZlcmhlaWRPcmdhbmlzYXRpZVNlcnZlckNBRzMvTGF0
ZXN0Q1JMLmNybDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIG
CCsGAQUFBwMBMCIGA1UdEQQbMBmCF2NlcnRkdXJwLmJyb25ja2hvcnN0Lm5sMIIB
9gYKKwYBBAHWeQIEAgSCAeYEggHiAeAAdwDuS723dc5guuFCaR+r4Z5mow9+X7By
2IMAxHuJeqj9ywAAAV6E37a/AAAEAwBIMEYCIQCZxq/bqnVuYciqXYdZBux9jQRE
plndefRjG9m1sw+nEAIhAMYnzblQhW5gBTdJTxZZMCI1GvmYZq2f2qYad/Fx62D1
AHYAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16ggw8AAAFehN+39gAABAMA
RzBFAiEA5d1smvMywyUV0fYAwBRfHXGjva9F8SFLeDrr3MGXMAQCIFgqHoEc8gOm
qqLw0NZ7yzCfkoNEVSJ83CeB8jAdVFQxAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqr
UugakJZkNo4e0YUAAAFehN+4yAAABAMARzBFAiBXea4l8sFIAYJawLB/JAUGuH3N
rUu7g8U1FI4FSbc1tQIhAPPEcsLYQgADnevTLRuYQXZRvrc+VqmIplYujYH/6fT/
AHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFehN+4zAAABAMA
RjBEAiArFOu5AX3pW6aFfb+SDGRP2d3mvyCOt/4jAfYgsKnzbwIgQKwLRWrkXh9D
pwahUfVcul/sdlUaeO7K4dQYbPJMJSQwDQYJKoZIhvcNAQELBQADggIBAJWc59Tz
HKU1Yt3ZJEnw8amJiGKg6FdbxZNWR3Z44LM9K0pNA9eFRP0b+bBEfCvAozVnS4H4
7B/GhPaSUGw6M+kF8FnK49fki9rehGDOK1ma0gCN1onrsr5Oh3WItiYL5XurzqjA
kNYostxwSy45LVTUTisrNOOdv7/uiND3YOv8cUPbi+uTqjdwrSG2nAMTWZhr0zXy
jg9M4sEDkAGcxPOGvmlVawxYiwP5cLvtYsgXGCdoV+MbBl1u5EJgyRnLY314lBSk
oxX/UDXYSBFBpFyjsc/8y3HTrillr7HKlE2WesunOxfGNuX0149D4gAO0u3i5RRE
5t9gZvrL/7yCHw6LThdx373zAf87KCEgK0Zrr/d+/dPEoS3s36Men02Xr2rxBXqC
Y3APWzxk5O6cnY/iahhCwe9u7sE5CdV+cSFhbGN/vpbW7jEKt+e0gtYSj+RQkOHF
mN74ZxQfmEynDbuyIHrS6qaZf75kTJDdhinLJ6nOsOAizwQ1hHG32aF0v9ZBkvXq
Cw2Q5owUalIMiy1QXhVpNuMW5Nhr1NEGkg76cNVPsMUd/P0QmZgFQ/u8HRjsRRyY
BxFO59/U5YOjbrvdLjM9xM2GJQcrQIlTUxqwqTX5cztnY8f3v2aaH0ylZ859/vlz
KtJ5su2VlUc4MKWSqqfJ+1LMwHT1/xBGLKmj
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkknQeAETNc/D/jR34oNd
86LYtBwSMNoV6vyG/2iw34zIy5ClYxkMmPw3e7wjbSWx8n/mhs6kjUD+vGQ0n29u
cVrOxWASL8FvJ9JjMHm9EM35m3vXjtMADkCluXEJAOCpgqXJOPFijhpxA7Q/zJCK
JdFr+i9PJ/FQxq3eTRja97Y/5QaUQ3xZ9NtcNnu5RkktxW/9KdDnmQAz4hF2heJa
DABjVkvkDBnRXETftRUOC+sHJ9M4TP/9X0Q5zu3vPUEODqpU/Xs5vAsofymmgTO1
na9CRtPo86W5AP69E72hsxPt1g1jvCJn+I8+OzDM49xyQilXAqxuDJb8A/e1KVvU
5QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 142121091669986412
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.97
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'NTRNL-27124701'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN BV PKIoverheid Organisatie Server CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-09-15 09:30:04 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-09-14 09:30:04 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gelderland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Hengelo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gemeente Bronckhorst'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Omgeving'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000001813647290000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'certdurp.bronckhorst.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 18467191728336106783143110056040052908672115395821858519295160745409509967263573850627267457713431259898173296074798866454583792694156739531427667681843480402278275688568357881727768302188176355850207761698718903704845661043856724407758652200701367175205116170512356743996210694768150136668343300521576341978181729837349357516249796414786516071169113765760342039779018251073487795046899284893955681627097909071313472250453321315547759550574666427630568615844007894966950620324264901629985170633592935635952823039380127458137766477165142887930656321854029787285200444867051217878784597626315781667701768684180927665381
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g3ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							06630a623ca2e36a7d574c1d9c6344e97235d655
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c39aa67b5e742b82b6c672fd744e85d297cdfd18
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'certdurp.bronckhorst.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (486 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (482 bytes)
							01e0007700ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000015e84dfb6bf000004030048304602210099c6afdbaa756e61c8aa5d875906ec7d8d0444a659dd79f4631bd9b5b30fa710022100c627cdb950856e600537494f16593022351af99866ad9fdaa61a77f171eb60f50076008775bfe7597cf88c43995fbdf36eff568d475636ff4ab560c1b4eaff5ea0830f0000015e84dfb7f60000040300473045022100e5dd6c9af332c32515d1f600c0145f1d71a3bdaf45f1214b783aebdcc19730040220582a1e811cf203a6aaa2f0d0d67bcb309f92834455227cdc2781f2301d545431007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000015e84dfb8c8000004030047304502205779ae25f2c14801825ac0b07f240506b87dcdad4bbb83c535148e0549b735b5022100f3c472c2d84200039debd32d1b98417651beb73e56a988a6562e8d81ffe9f4ff007500a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc100000015e84dfb8cc000004030046304402202b14ebb9017de95ba6857dbf920c644fd9dde6bf208eb7fe2301f620b0a9f36f022040ac0b456ae45e1f43a706a151f55cba5fec76551a78eecae1d4186cf24c2524
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00959ce7d4f31ca53562ddd92449f0f1a9898862a0e8575bc59356477678e0b33d2b4a4d03d78544fd1bf9b0447c2bc0a335674b81f8ec1fc684f692506c3a33e905f059cae3d7e48bdade8460ce2b599ad2008dd689ebb2be4e877588b6260be57babcea8c090d628b2dc704b2e392d54d44e2b2b34e39dbfbfee88d0f760ebfc7143db8beb93aa3770ad21b69c031359986bd335f28e0f4ce2c10390019cc4f386be69556b0c588b03f970bbed62c81718276857e31b065d6ee44260c919cb637d789414a4a315ff5035d8481141a45ca3b1cffccb71d3ae2965afb1ca944d967acba73b17c636e5f4d78f43e2000ed2ede2e51444e6df6066facbffbc821f0e8b4e1771dfbdf301ff3b2821202b466baff77efdd3c4a12decdfa31e9f4d97af6af1057a8263700f5b3c64e4ee9c9d8fe26a1842c1ef6eeec13909d57e7121616c637fbe96d6ee310ab7e7b482d6128fe45090e1c598def867141f984ca70dbbb2207ad2eaa6997fbe644c90dd8629cb27a9ceb0e022cf04358471b7d9a174bfd64192f5ea0b0d90e68c146a520c8b2d505e156936e316e4d86bd4d106920efa70d54fb0c51dfcfd1099980543fbbc1d18ec451c9807114ee7dfd4e583a36ebbdd2e333dc4cd8625072b408953531ab0a935f9733b6763c7f7bf669a1f4ca567ce7dfef9732ad279b2ed9595473830a592aaa7c9fb52ccc074f5ff10462ca9a3