www.surfdomeinen.nl

- SURF B.V. -

Issued by GEANT OV RSA CA 4

About this certificate

This digital certificate with serial number 95:e9:15:db:8e:24:6a:d6:a7:d4:39:67:9d:53:e5:48 was issued on by GEANT Vereniging.

With 5 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

SURF B.V.

Organization: SURF B.V.
State / Province: Utrecht
Country: NL

GEANT Vereniging

Organization: GEANT Vereniging
Country: NL

This certificate will expire on

Certificate Details

Serial Number (hex): 95:e9:15:db:8e:24:6a:d6:a7:d4:39:67:9d:53:e5:48
Serial Number (int): 199265219865551244463764589886907344200
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: c7:ce:72:ad:be:43:b8:f3:a4:7b:89:b7:16:b8:48:c5:73:83:6c:71
AuthorityKeyId: 6f:1d:35:49:10:6c:32:fa:59:a0:9e:bc:8a:e8:1f:95:be:71:7a:0c

Fingerprint (sha1): 8b:f9:9a:d9:1d:f7:ec:e0:66:ca:fc:13:a9:e2:50:9a:cf:6b:af:47
Fingerprint (sha256): 36:be:60:55:ae:4b:f2:ed:e8:9c:9a:15:86:08:ad:3f:42:2a:79:3d:4b:db:60:ca:a6:77:b8:fc:75:15:a1:af

Issuing Certificate URL: http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt

Revocation information

OCSP Server: http://GEANT.ocsp.sectigo.com
CRL Distribution Point: http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl

Check the revocation status for certificate www.surfdomeinen.nl

5

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.surfdomeinen.nl

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.surfdomeinen.nl
devel.surfdomeinen.nl
domeinen-devel.surfnet.nl
domeinen.surfnet.nl
surfdomeinen.nl

Other certificates including the domain name surfdomeinen.nl

(limited to 100 certificates)
www.surfdomeinen.nl
sirene.surfdomeinen.nl
www.surfdomeinen.nl
www.surfdomeinen.nl
www.surfdomeinen.nl
portal-api-test.surfdomeinen.nl
www.surfdomeinen.nl
www.surfdomeinen.nl
www.surfdomeinen.nl
www.surfdomeinen.nl
www.surfdomeinen.nl
www.surfdomeinen.nl
www.surfdomeinen.nl
www.surfdomeinen.nl
www.surfdomeinen.nl
stargate.surfdomeinen.nl

Certificate

The complete raw certificate details for www.surfdomeinen.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIoTCCBomgAwIBAgIRAJXpFduOJGrWp9Q5Z51T5UgwDQYJKoZIhvcNAQEMBQAw
RDELMAkGA1UEBhMCTkwxGTAXBgNVBAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNV
BAMTEUdFQU5UIE9WIFJTQSBDQSA0MB4XDTIzMDcwMzAwMDAwMFoXDTI0MDcwMjIz
NTk1OVowUTELMAkGA1UEBhMCTkwxEDAOBgNVBAgTB1V0cmVjaHQxEjAQBgNVBAoT
CVNVUkYgQi5WLjEcMBoGA1UEAxMTd3d3LnN1cmZkb21laW5lbi5ubDCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBANOlu8UzXOgJtwAvqB11MseQx5JB4oIV
rXsz2lmIdXP37qBjeg/cCkTfyxWRoToIkSXnXerhkxLqR6uf50Xt4zDznaG8KYx/
PPptAAIkVt8+QDWxYwi45d/Ow8W/m1ew3DnKP+MzmJWi5EZa9z3s6aZFc21BfTFS
KKh9WZdB1qiTgalQsCvO9xSZYn9NdJkAHMpn/xImCmuMmEUyV4MblZvGu9oTmpam
o8WW/CuoOJGG19NkVs5wbCSTY6FuaKPJpXNsf94roJuAeUT2KcEfhBU7gWY2Xne8
FS1+cIayRpyPiTwH0kGWtywZRNAhxE4Zhqoo8yHx+KYdCfcZVzgG8j4r5fufx8SU
qlLtgcmv61HCuclrDpDRGTB54jZBJnvK5D4KySoRgn3GQDBU7HELl7apABzBxsgv
QfLxES/XymLwEYB+WVfbk5nagMapohupr9CNkGpCTRUSEYvMx1QGzfGmoN7GILmC
LPDJHbJaYAmHnG7Eangbn4mfrcxVwR2PP4HqtdK/7uTDc87HPt+BQP7j9d4/3WO7
n2iOKEt2FG2hVPTQIcClRXZcIFPWBcZasJr98u+qTb3XQkjRYK1auHqO/d2ZTbOm
Gc3Opey8xMEz1U4yBewj9T28pNonRf2jdscNgLtOHWNwJNRAwPWrggeYtBgNr2O5
huOSWDHxsLpNAgMBAAGjggN/MIIDezAfBgNVHSMEGDAWgBRvHTVJEGwy+lmgnryK
6B+VvnF6DDAdBgNVHQ4EFgQUx85yrb5DuPOke4m3FrhIxXODbHEwDgYDVR0PAQH/
BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAk8wJTAjBggrBgEFBQcCARYXaHR0
cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMD8GA1UdHwQ4MDYwNKAyoDCG
Lmh0dHA6Ly9HRUFOVC5jcmwuc2VjdGlnby5jb20vR0VBTlRPVlJTQUNBNC5jcmww
dQYIKwYBBQUHAQEEaTBnMDoGCCsGAQUFBzAChi5odHRwOi8vR0VBTlQuY3J0LnNl
Y3RpZ28uY29tL0dFQU5UT1ZSU0FDQTQuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8v
R0VBTlQub2NzcC5zZWN0aWdvLmNvbTCCAX8GCisGAQQB1nkCBAIEggFvBIIBawFp
AHYAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhCCp/mZ0xaOnQAAAGJGnewtAAABAMA
RzBFAiEArYMhrxB4eIiXQv+le1OVtjygUkI4yeH9Xr6rHZwU2p4CIBonLmNX6uMr
NSQjF9Bkg69GdyHUyI5k0bLtEFQy1EzfAHYA2ra/az+1tiKfm8K7XGvocJFxbLtR
hIU0vaQ9MEjX+6sAAAGJGnew/gAABAMARzBFAiAXRW5tz5JhSK5es1r9H67PQF/Q
q7+CK/xcHoItJcxgqAIhANQT3RebPEYQsnjInFXEasH1WwXh/2FBo2nhSdHCmnX3
AHcA7s3QZNXbGs7FXLedtM0TojKHRny87N7DUUhZRnEftZsAAAGJGnew3wAABAMA
SDBGAiEAqJsq9c9eW4+7fRSsHCzjHmwd4XRQdp4yXSBaOzI5OaACIQCSy7pA6fXi
zhfyK+dWmSdfH+2gwMH7Oh4E81XObL+AHzB2BgNVHREEbzBtghN3d3cuc3VyZmRv
bWVpbmVuLm5sghVkZXZlbC5zdXJmZG9tZWluZW4ubmyCGWRvbWVpbmVuLWRldmVs
LnN1cmZuZXQubmyCE2RvbWVpbmVuLnN1cmZuZXQubmyCD3N1cmZkb21laW5lbi5u
bDANBgkqhkiG9w0BAQwFAAOCAgEApLVJe4lNNSqEHNUvFmr6f5vqseG3pQD6VpPZ
TxQd2r0mrc5OHdjqs3A8Wnut/XKfrkRoT2CI2mOyKzrqOhsuSty1qWg671LxRyIA
1o8/LYz98ZyTXxbvQ71kAWWLGSnl52ojyYhY5RjSIBL2MCf/+BLOIq7GBeye38uG
oH0Z6xBQXV82+VHCIQyeX74rj4r9h9xzKS9kyykgd8LrvBt8yOrGE0F1LzHTvXiH
L/OjrIDjktB+UUXk2Bg/YrFd6iiRTMKipWu3VmwtBynd6UUojwBpsUF1lsV1QiJQ
tNKkgCj0w4St9Vhbo80SxH3mCJfFoR36ZNdoi/pfaIHIPiriAsP+3b595ox6BNjJ
K4iotdU2FqodSO6RZhSFL4kXPHNDmRrz2S2iEIlRRSwgE5OqC9nmm+DEW6Pl1/P7
OllBNq5mt4CSu/0P05aGb7OLtBlC9KCeIO0/a7/6oabO6zRrq2pBBXHmdYsYRouX
SPTiYkKzNgeLuKWwk9P8byDu65VeT1U/BetLkzEuYl6kFdn9jmhJmhpZvrvHsevw
WNvQ3VvnszEZg+wo8OxWN/CvGqwFNsjCe9IUtGZ4ymWEiB36xhA/dVrRfddKQ/cJ
mOS3/kCGAsS5ReP/g0WqfSrcGHsfsaIWqc/KrA2TAkVInZ3LJuuJQoWA4WyedfSC
JsskjB0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA06W7xTNc6Am3AC+oHXUy
x5DHkkHighWtezPaWYh1c/fuoGN6D9wKRN/LFZGhOgiRJedd6uGTEupHq5/nRe3j
MPOdobwpjH88+m0AAiRW3z5ANbFjCLjl387Dxb+bV7DcOco/4zOYlaLkRlr3Pezp
pkVzbUF9MVIoqH1Zl0HWqJOBqVCwK873FJlif010mQAcymf/EiYKa4yYRTJXgxuV
m8a72hOalqajxZb8K6g4kYbX02RWznBsJJNjoW5oo8mlc2x/3iugm4B5RPYpwR+E
FTuBZjZed7wVLX5whrJGnI+JPAfSQZa3LBlE0CHEThmGqijzIfH4ph0J9xlXOAby
Pivl+5/HxJSqUu2Bya/rUcK5yWsOkNEZMHniNkEme8rkPgrJKhGCfcZAMFTscQuX
tqkAHMHGyC9B8vERL9fKYvARgH5ZV9uTmdqAxqmiG6mv0I2QakJNFRIRi8zHVAbN
8aag3sYguYIs8MkdslpgCYecbsRqeBufiZ+tzFXBHY8/geq10r/u5MNzzsc+34FA
/uP13j/dY7ufaI4oS3YUbaFU9NAhwKVFdlwgU9YFxlqwmv3y76pNvddCSNFgrVq4
eo793ZlNs6YZzc6l7LzEwTPVTjIF7CP1Pbyk2idF/aN2xw2Au04dY3Ak1EDA9auC
B5i0GA2vY7mG45JYMfGwuk0CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 199265219865551244463764589886907344200
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT Vereniging'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT OV RSA CA 4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-07-03 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-07-02 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Utrecht'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SURF B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.surfdomeinen.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 863446045225489783364359955699569170873843051683931921010840299242707178708189931780975028762548712444750761688445192402491560263810956336116115644642396577314300102026652799799358087009808861815861080908615416549457620335503922180143767548444367075302604055342444219040285167083214847918149397893049806078183856846165998590812443136820381973051139709400296787478915309247291250859686840605903241145264784922296621065080177678085817027661193467934970502257948762649356982303157392550180835840509766289785346289337589384891643381563286739166016969651231877373280048620440681208234295213950190371020916732648697560542482989950822379697629651333706753246914103494915140013805024936295267131684435391843272068153833351924706598022251976619860129307687763032050608297950446539799477110516718441343852761758048351001366403675613612711599309896988123930160126044622714276646499490688751385837390285960788226514935082183744496233278713826710021333171854694850383630085605308716790959003840628866774107838283635317795485224847081473970827175185447994666300166714866310374246966990771780579109841750457222890152185635146640173309121090362923395579947286603756914346990949452061071629579094748525836828891062943277922422059205651901519489972813
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f1d3549106c32fa59a09ebc8ae81f95be717a0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							c7ce72adbe43b8f3a47b89b716b848c573836c71
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.79
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							016900760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a74000001891a77b0b40000040300473045022100ad8321af107878889742ffa57b5395b63ca0524238c9e1fd5ebeab1d9c14da9e02201a272e6357eae32b35242317d06483af467721d4c88e64d1b2ed105432d44cdf007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab000001891a77b0fe0000040300473045022017456e6dcf926148ae5eb35afd1faecf405fd0abbf822bfc5c1e822d25cc60a8022100d413dd179b3c4610b278c89c55c46ac1f55b05e1ff6141a369e149d1c29a75f7007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b000001891a77b0df0000040300483046022100a89b2af5cf5e5b8fbb7d14ac1c2ce31e6c1de17450769e325d205a3b323939a002210092cbba40e9f5e2ce17f22be75699275f1feda0c0c1fb3a1e04f355ce6cbf801f
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (111 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.surfdomeinen.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'devel.surfdomeinen.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'domeinen-devel.surfnet.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'domeinen.surfnet.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'surfdomeinen.nl'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00a4b5497b894d352a841cd52f166afa7f9beab1e1b7a500fa5693d94f141ddabd26adce4e1dd8eab3703c5a7badfd729fae44684f6088da63b22b3aea3a1b2e4adcb5a9683aef52f1472200d68f3f2d8cfdf19c935f16ef43bd6401658b1929e5e76a23c98858e518d22012f63027fff812ce22aec605ec9edfcb86a07d19eb10505d5f36f951c2210c9e5fbe2b8f8afd87dc73292f64cb292077c2ebbc1b7cc8eac61341752f31d3bd78872ff3a3ac80e392d07e5145e4d8183f62b15dea28914cc2a2a56bb7566c2d0729dde945288f0069b1417596c575422250b4d2a48028f4c384adf5585ba3cd12c47de60897c5a11dfa64d7688bfa5f6881c83e2ae202c3feddbe7de68c7a04d8c92b88a8b5d53616aa1d48ee916614852f89173c7343991af3d92da2108951452c201393aa0bd9e69be0c45ba3e5d7f3fb3a594136ae66b78092bbfd0fd396866fb38bb41942f4a09e20ed3f6bbffaa1a6ceeb346bab6a410571e6758b18468b9748f4e26242b336078bb8a5b093d3fc6f20eeeb955e4f553f05eb4b93312e625ea415d9fd8e68499a1a59bebbc7b1ebf058dbd0dd5be7b3311983ec28f0ec5637f0af1aac0536c8c27bd214b46678ca6584881dfac6103f755ad17dd74a43f70998e4b7fe408602c4b945e3ff8345aa7d2adc187b1fb1a216a9cfcaac0d930245489d9dcb26eb89428580e16c9e75f48226cb248c1d