ideedock.kpnnet.org

- KPN IT Solutions -

Issued by KPN Corporate Market CSP Organisatie CA - G2

About this certificate

This digital certificate with serial number 18:ff:0d:a7:00:e5:69:ff:ac:d2:80:48:4f:94:7f:a2 was issued on by KPN Corporate Market BV.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • The Subject Alternate Name extension MUST contain only 'dnsName' and 'ipaddress' name types. (BRs: 7.1.4.2.1)
  • Subscriber certificate with an RSA key contains invalid key usage(s): KeyUsageKeyAgreement Key usage values digitalSignature, nonRepudiation, keyEncipherment, and dataEncipherment may only be present in an end entity certificate with an RSA key (RFC 3279: 2.3.1)
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • Compliant certificates should use the utf8string encoding for explicitText (RFC 6818: 3)
  • Subscriber certificates authorityInformationAccess extension should contain the HTTP URL of the issuing CA’s certificate (BRs: 7.1.2.3)

KPN IT Solutions

Company registration number: 00000003529595970000
Organization: KPN IT Solutions
Organization unit: Enterprise Service Desk
State / Province: Limburg
Locality: Maastricht
Country: NL

KPN Corporate Market BV

Organization: KPN Corporate Market BV
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 18:ff:0d:a7:00:e5:69:ff:ac:d2:80:48:4f:94:7f:a2
Serial Number (int): 33225784500469693926371882604170608546
Serial Number lenght: 125 bits, 16 octets

SubjectKeyId: cf:0f:23:58:a8:3b:16:2a:e3:27:ac:d9:4f:42:ff:3d:ba:c8:4b:d3
AuthorityKeyId: 26:d0:65:13:f1:ee:7a:6f:61:08:28:de:4d:98:07:12:48:78:b4:ef

Fingerprint (sha1): 34:e6:5b:d0:61:e2:d4:55:ab:d5:9e:81:43:64:b6:54:dd:77:26:eb
Fingerprint (sha256): 37:09:3d:eb:e0:bd:4d:4b:af:1d:a6:20:26:5a:3c:38:38:69:17:6d:65:93:49:11:bd:13:b7:58:6d:62:05:ff


Revocation information

OCSP Server: http://ocsp3.managedpki.com
CRL Distribution Point: http://cert.managedpki.com/crl/KPNCorporateMarketCSPOrganisatieCAG2/LatestCRL.crl

Check the revocation status for certificate ideedock.kpnnet.org

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ideedock.kpnnet.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Key Agreement

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ideedock.kpnnet.org

Other certificates including the domain name kpnnet.org

(limited to 100 certificates)
sentrymail.acc.kpnnet.org
bi.kpnnet.org
bi4dev.kpnnet.org
extselfsvc.kpnnet.org
bi.kpnnet.org
bprchatbot-acc.kpnnet.org
teamkpn-mobile.kpnnet.org
sharekpn.kpnnet.org
get-it.kpnnet.org
teamkpn-acc.kpnnet.org
ts.kpnnet.org
kpn-internal-wireless.kpnnet.org
kitnlams73s001.kpnnet.org
uat-sharekpn.kpnnet.org
wem-comet.kpnnet.org
KPN-PS02.kpnnet.org
zipsacc.kpnnet.org
cloudmail.kpnnet.org
cloudmail.kpnnet.org
ksp-admin-acc.kpnnet.org
sentryapp.acc.kpnnet.org
w2039.kpnnet.org
ciso-ksp.kpnnet.org
sentryapp.acc.kpnnet.org
bi4prd-web2.kpnnet.org
bi.kpnnet.org
filetrans.kpnnet.org
host-retail.kpnnet.org
TIMESHEET.KPNNET.ORG
sentrymail.kpnnet.org
FILETRANS.KPNNET.ORG
filetrans.kpnnet.org
filetrans.kpnnet.org
w2040.kpnnet.org
retailactueel-retail.kpnnet.org
iamportal.kpnnet.org
iamportaltst.kpnnet.org
password.kpnnet.org
KPN-PS02.kpnnet.org
mailercdn-teamkpn.kpnnet.org
teamkpn.kpnnet.org
teamkpn-acc.kpnnet.org
get-it.kpnnet.org
ksp-admin.kpnnet.org
zips.kpnnet.org
Extranet-uat.kpn.com
*.kpnnet.org
ksp-admin-acc.kpnnet.org
ts.kpnnet.org
Voice-of-the-Employee.kpnnet.org
*.kpnnet.org
bealert.kpnnet.org
winkeldossier-retail.kpnnet.org
bealert-acc.kpnnet.org
MAIL5.KPNNET.ORG
bodssnd.kpnnet.org
mail4.kpnnet.org
extranet-uat.kpn.com
wem-staging.kpnnet.org
filetrans.kpnnet.org
teamkpn-stats.kpnnet.org
mail1.kpnnet.org
*.kpnnet.org
teamkpn-chat.kpnnet.org
bisnd2.kpnnet.org
OAPILOT.KPNNET.ORG
portal117.kpnnet.org
KPN-PS02.kpnnet.org
PPScan.kpnnet.org
core.kpnnet.org
bisnd2.kpnnet.org
ksp-admin.kpnnet.org
sharekpn.kpnnet.org
ksp-admin.kpnnet.org
KPN-PS01.kpnnet.org
mail7.kpnnet.org
match.uat.kpnnet.org
teamkpn-mobile.kpnnet.org
extranet.kpn.com
ideedock.kpnnet.org
teamkpn-static.kpnnet.org
W2040.kpnnet.org
vpn.kpnnet.org
bealert.kpnnet.org
PROFINDER-UAT.KPNNET.ORG
bods4uat.kpnnet.org
bisnd2.kpnnet.org
mail2.kpnnet.org
extselfsvc.kpnnet.org
SENTRYAPP.KPNNET.ORG
ksp-admin-acc.kpnnet.org
test-paperlessshop-retail.kpnnet.org
adfs.kpnnet.org
topdesk-innovatie.kpnnet.org
bodsdev.kpnnet.org
uat-sharekpn.kpnnet.org
ws-mijnwerkplek.kpnnet.org
extselfsvc.kpnnet.org
*.kpnnet.org
Voice-of-the-Employee.kpnnet.org

Certificate

The complete raw certificate details for ideedock.kpnnet.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG1jCCBL6gAwIBAgIQGP8NpwDlaf+s0oBIT5R/ojANBgkqhkiG9w0BAQsFADBm
MQswCQYDVQQGEwJOTDEgMB4GA1UECgwXS1BOIENvcnBvcmF0ZSBNYXJrZXQgQlYx
NTAzBgNVBAMMLEtQTiBDb3Jwb3JhdGUgTWFya2V0IENTUCBPcmdhbmlzYXRpZSBD
QSAtIEcyMB4XDTE0MDkxMjAwMDAwMFoXDTE3MDkxMTIzNTk1OVowga8xCzAJBgNV
BAYTAk5MMRAwDgYDVQQIDAdMaW1idXJnMRMwEQYDVQQHDApNYWFzdHJpY2h0MRow
GAYDVQQKDBFLUE4gIElUIFNvbHV0aW9uczEgMB4GA1UECwwXRW50ZXJwcmlzZSBT
ZXJ2aWNlIERlc2sxHTAbBgNVBAUTFDAwMDAwMDAzNTI5NTk1OTcwMDAwMRwwGgYD
VQQDDBNpZGVlZG9jay5rcG5uZXQub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAqpcKz6PNeFjRI5oYAdETjH/ivyXy6SZSBaFD5bMm4HpOI6CQT3SU
k4dElEKCIHUoQFb/oM6CXm/9GdOI/gfmTecpTDCZFODZmHMUNbh2MChNLR21p6kx
XompPpLs9SfdLqFuszfK8ieh+H42j90Hzb11PE0ukNpVQMerY8hcuQSy5/dDx4vY
HxTKakJBg+/N0apInhESz4X88HH1Obkw6/sUVR2Z8k/+5j59AICIc3PZc9ulp3Ny
tGfkwn9f98EqFK1nMy2ArDYKQxMO5+uRu4k96KpMHIBR7LxEWT0LamULHqyYLlOb
LYdog2USo+PeQ5aDZOejVxOKBLDTmplO1wIDAQABo4ICNDCCAjAwDAYDVR0TAQH/
BAIwADBiBgNVHR8EWzBZMFegVaBThlFodHRwOi8vY2VydC5tYW5hZ2VkcGtpLmNv
bS9jcmwvS1BOQ29ycG9yYXRlTWFya2V0Q1NQT3JnYW5pc2F0aWVDQUcyL0xhdGVz
dENSTC5jcmwwDgYDVR0PAQH/BAQDAgOoMIGnBgNVHSAEgZ8wgZwwgZkGCmCEEAGH
awECBQYwgYowNwYIKwYBBQUHAgEWK2h0dHBzOi8vY2VydGlmaWNhYXQua3BuLmNv
bS9wa2lvdmVyaGVpZC9jcHMwTwYIKwYBBQUHAgIwQxpBT3AgZGl0IGNlcnRpZmlj
YWF0IGlzIGhldCBDUFMgUEtJb3ZlcmhlaWQgdmFuIEtQTiB2YW4gdG9lcGFzc2lu
Zy4wHwYDVR0jBBgwFoAUJtBlE/Huem9hCCjeTZgHEkh4tO8wHQYDVR0OBBYEFM8P
I1ioOxYq4yes2U9C/z26yEvTMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjBqBgNVHREEYzBhghNpZGVlZG9jay5rcG5uZXQub3JnoEoGCisGAQQBgjcUAgOg
PAw6Mi4xNi41MjguMS4xMDAzLjEuMy41LjkuMS4xNWE4MGE0ODhmMzdjYzViOTE4
YzQ4ZjYxODRjMTQ4YzA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6
Ly9vY3NwMy5tYW5hZ2VkcGtpLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEAA/cU9Ad/
Oli8kAPCn6PFiG9Yu3vgAayYeA6cpak7C3ASAfat0oSkxCs8JZQonNIHGUNJgTdZ
Ehv0jcBDpMDGLinBdAgE3TLTPktcta4pIlj3wo4s+n3wf4lAxu7ZD4O1TCkO0dMs
Y3VxrwjoQSIzG2PV9LgQQRwWXNZgJgRPuM9caVOkeD+f6OeADMCZvJ2oQ+W0Ucyr
lhKel3T/QEUdRnhUSu59LQN2D4A+G+Uy9O16nb5iC0IhcKaw9TANXCMtm2Cg/e0D
/jWWuU5ZlQb36T99lmlyew5hnkfcRflIQda9BR9zCTTN/WkOAlWzH8RDfVLWVin/
kz93ugmwZa9q1TOjWiKtxmNCJ4CyAOEri4owmexphnSJ0UXKpx3cVH10xb+zwVpj
5TuzYtvT/NsxIk04A6OQuadt7mG9eZ0FI+P7cp101B1/WPGR2qS2iS+byLjzvIAQ
SGQulSZZ2+6AAm4OHbuhNo6vILGXSeVzp+TiuYYjtOKOXiLTKDlQPvhuylCL2/3b
suBwsWjoHByEhktVG6ml7hN3m1MuQmQONVzJiQyI9m5AVXf0o5S/F+HJuwI+rEBx
0OSxlalntqkMXMcPMHxnMQErpiiwqDPmCINrwnO6e0PPL4tD8ChgAlUEiDWISXeT
1xRYIS55y1tItNNvAXap61E6z427Z2g0PuQ=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpcKz6PNeFjRI5oYAdET
jH/ivyXy6SZSBaFD5bMm4HpOI6CQT3SUk4dElEKCIHUoQFb/oM6CXm/9GdOI/gfm
TecpTDCZFODZmHMUNbh2MChNLR21p6kxXompPpLs9SfdLqFuszfK8ieh+H42j90H
zb11PE0ukNpVQMerY8hcuQSy5/dDx4vYHxTKakJBg+/N0apInhESz4X88HH1Obkw
6/sUVR2Z8k/+5j59AICIc3PZc9ulp3NytGfkwn9f98EqFK1nMy2ArDYKQxMO5+uR
u4k96KpMHIBR7LxEWT0LamULHqyYLlObLYdog2USo+PeQ5aDZOejVxOKBLDTmplO
1wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 33225784500469693926371882604170608546
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN Corporate Market BV'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN Corporate Market CSP Organisatie CA - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2014-09-12 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-09-11 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Limburg'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Maastricht'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN  IT Solutions'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Enterprise Service Desk'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000003529595970000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'ideedock.kpnnet.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21534993544224560872892406064408130307682097376398231282244794919348460531191676959369407776092078104925699769411064763625881532516519147251131663266460807018494535794030949461543433641399279477833288704085880670594618121475922516156264708305202360046331115686104033505827870527221433269552936329678863218811718350090688933636282745902545612847662212576694655879577015671489612073853492042309145216049501643919375589447462290992476920359591602267111206111798197498815498605929048328246910686169368934705163476320831637163798053492801993869537553848203608361032263321732570269230952914456815345027473117229286698864343
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (91 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/crl/KPNCorporateMarketCSPOrganisatieCAG2/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (5 bits)
							03a8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (159 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:26|false] VisibleString, ISO646String [79 112 32 100 105 116 32 99 101 114 116 105 102 105 99 97 97 116 32 105 115 32 104 101 116 32 67 80 83 32 80 75 73 111 118 101 114 104 101 105 100 32 118 97 110 32 75 80 78 32 118 97 110 32 116 111 101 112 97 115 115 105 110 103 46]
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 26d06513f1ee7a6f610828de4d9807124878b4ef
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							cf0f2358a83b162ae327acd94f42ff3dbac84bd3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (99 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ideedock.kpnnet.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.3 (universalPrincipalName)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '2.16.528.1.1003.1.3.5.9.1.15a80a488f37cc5b918c48f6184c148c'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (43 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp3.managedpki.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0003f714f4077f3a58bc9003c29fa3c5886f58bb7be001ac98780e9ca5a93b0b701201f6add284a4c42b3c2594289cd207194349813759121bf48dc043a4c0c62e29c1740804dd32d33e4b5cb5ae292258f7c28e2cfa7df07f8940c6eed90f83b54c290ed1d32c637571af08e84122331b63d5f4b810411c165cd66026044fb8cf5c6953a4783f9fe8e7800cc099bc9da843e5b451ccab96129e9774ff40451d4678544aee7d2d03760f803e1be532f4ed7a9dbe620b422170a6b0f5300d5c232d9b60a0fded03fe3596b94e599506f7e93f7d9669727b0e619e47dc45f94841d6bd051f730934cdfd690e0255b31fc4437d52d65629ff933f77ba09b065af6ad533a35a22adc663422780b200e12b8b8a3099ec69867489d145caa71ddc547d74c5bfb3c15a63e53bb362dbd3fcdb31224d3803a390b9a76dee61bd799d0523e3fb729d74d41d7f58f191daa4b6892f9bc8b8f3bc801048642e952659dbee80026e0e1dbba1368eaf20b19749e573a7e4e2b98623b4e28e5e22d32839503ef86eca508bdbfddbb2e070b168e81c1c84864b551ba9a5ee13779b532e42640e355cc9890c88f66e405577f4a394bf17e1c9bb023eac4071d0e4b195a967b6a90c5cc70f307c6731012ba628b0a833e608836bc273ba7b43cf2f8b43f02860025504883588497793d71458212e79cb5b48b4d36f0176a9eb513acf8dbb6768343ee4