lithium.liacs.nl

- Universiteit Leiden -

Issued by GEANT OV RSA CA 4

About this certificate

This digital certificate with serial number 89:99:b6:68:65:41:36:19:46:e8:db:60:e4:25:c4:17 was issued on by GEANT Vereniging.

With 58 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Universiteit Leiden

Organization: Universiteit Leiden
State / Province: Zuid-Holland
Country: NL

GEANT Vereniging

Organization: GEANT Vereniging
Country: NL

This certificate will expire on

Certificate Details

Serial Number (hex): 89:99:b6:68:65:41:36:19:46:e8:db:60:e4:25:c4:17
Serial Number (int): 182902356511502890946794055952664740887
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: ea:09:4e:e4:55:4f:10:fb:1f:04:57:b9:5b:c4:e4:a7:76:0e:e7:a7
AuthorityKeyId: 6f:1d:35:49:10:6c:32:fa:59:a0:9e:bc:8a:e8:1f:95:be:71:7a:0c

Fingerprint (sha1): e9:75:4e:83:d1:b9:1d:e2:8d:1a:4a:09:66:3b:56:ec:31:94:e7:88
Fingerprint (sha256): 37:99:f4:bb:72:02:25:05:65:27:6b:82:33:f4:c6:39:99:21:c4:27:5a:24:35:75:8e:29:db:8c:aa:53:49:15

Issuing Certificate URL: http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt

Revocation information

OCSP Server: http://GEANT.ocsp.sectigo.com
CRL Distribution Point: http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl

Check the revocation status for certificate lithium.liacs.nl

58

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for lithium.liacs.nl

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

lithium.liacs.nl
ac.liacs.nl
acs.liacs.nl
artemisia.liacs.nl
bnaic.liacs.leidenuniv.nl
bnaic.liacs.nl
cai.liacs.nl
cil.liacs.nl
cil.universiteitleiden.nl
cns.liacs.nl
compass.liacs.leidenuniv.nl
compass.liacs.nl
csmaster.liacs.nl
daedalus.liacs.nl
dale.liacs.leidenuniv.nl
dale.liacs.nl
datamining.liacs.nl
eda.liacs.leidenuniv.nl
eda.liacs.nl
edu.liacs.nl
evolve2013.liacs.nl
gameresearch.leiden.edu
hms.liacs.leidenuniv.nl
hms.liacs.nl
ifm23.liacs.nl
infrawatch.liacs.nl
ledap.liacs.nl
liacs.leidenuniv.nl
locs.liacs.nl
lps.liacs.nl
mista.liacs.leidenuniv.nl
mista.liacs.nl
moda.liacs.leidenuniv.nl
moda.liacs.nl
mps.liacs.leidenuniv.nl
mps.liacs.nl
nacowiki.liacs.leidenuniv.nl
nacowiki.liacs.nl
oceans.liacs.nl
perl.liacs.nl
read-urban.liacs.nl
rsewiki.liacs.nl
star.liacs.nl
theory.liacs.nl
theses.liacs.leidenuniv.nl
theses.liacs.nl
thesis.liacs.nl
tmr.liacs.nl
types2021.liacs.nl
types21.liacs.nl
univercity.liacs.nl
views.liacs.nl
webserver.liacs.nl
wmc7.liacs.nl
www.dale.liacs.nl
www.datamining.liacs.nl
www.liacs.leidenuniv.nl
www.liacs.nl

Other certificates including the domain name liacs.nl

(limited to 100 certificates)
tls.automattic.com
deleidscheflesch.nl
tls.automattic.com
deleidscheflesch.nl
git.liacs.nl
deleidscheflesch.nl
git.liacs.nl
deleidscheflesch.nl
basilisk.liacs.nl
deleidscheflesch.nl
naco.liacs.nl
deleidscheflesch.nl
bio-imaging.liacs.nl
deleidscheflesch.nl
erumpent.liacs.nl
erumpent.liacs.nl
tornado-p-https.web.leidenuniv.nl
keep.leidenuniv.nl
tornado-p-https.web.leidenuniv.nl
tornado-p-https.web.leidenuniv.nl
deleidscheflesch.nl
deleidscheflesch.nl
basilisk.liacs.nl
elaborant.com
deleidscheflesch.nl
deleidscheflesch.nl
naco.liacs.nl
iohanalyzer.liacs.nl
lcm.liacs.nl
git.liacs.nl
deleidscheflesch.nl
tornado-p-https.web.leidenuniv.nl
deleidscheflesch.nl
tls.automattic.com
git.liacs.nl
basilisk.liacs.nl
deleidscheflesch.nl
computingfrontiers.org
ada.liacs.leidenuniv.nl
basilisk.liacs.nl
basilisk.liacs.nl
tls.automattic.com
tornado-p-https.web.leidenuniv.nl
cyttron.org
tls.automattic.com
lcm.liacs.nl
elaborant.com
keep.leidenuniv.nl
deleidscheflesch.nl
deleidscheflesch.nl
tls.automattic.com
press.liacs.nl
git.liacs.nl
deleidscheflesch.nl
cf19.liacs.nl
lithium.liacs.nl
bio-imaging.liacs.nl
tls.automattic.com
bio-imaging.liacs.nl
lithium.liacs.nl
deleidscheflesch.nl
deleidscheflesch.nl
deleidscheflesch.nl
tls.automattic.com
cml.liacs.nl
bio-imaging.liacs.nl
bio-imaging.liacs.nl
bio-imaging.liacs.nl
deleidscheflesch.nl
basilisk.liacs.nl
deleidscheflesch.nl
deleidscheflesch.nl
basilisk.liacs.nl
deleidscheflesch.nl
naco.liacs.nl
deleidscheflesch.nl
deleidscheflesch.nl
keep.leidenuniv.nl
tls.automattic.com
erumpent.liacs.nl
git.liacs.nl
git.liacs.nl
erumpent.liacs.nl
deleidscheflesch.nl
elaborant.com
deleidscheflesch.nl
naco.liacs.nl
git.liacs.nl
cml.liacs.nl
keep.leidenuniv.nl
lcm.liacs.nl
naco.liacs.nl
bio-imaging.liacs.nl
press.liacs.nl
press.liacs.nl
deleidscheflesch.nl
theory.liacs.nl
deleidscheflesch.nl
bio-imaging.liacs.nl
erumpent.liacs.nl

Certificate

The complete raw certificate details for lithium.liacs.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIMmjCCCoKgAwIBAgIRAImZtmhlQTYZRujbYOQlxBcwDQYJKoZIhvcNAQEMBQAw
RDELMAkGA1UEBhMCTkwxGTAXBgNVBAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNV
BAMTEUdFQU5UIE9WIFJTQSBDQSA0MB4XDTI0MDIwMjAwMDAwMFoXDTI1MDIwMTIz
NTk1OVowXTELMAkGA1UEBhMCTkwxFTATBgNVBAgTDFp1aWQtSG9sbGFuZDEcMBoG
A1UEChMTVW5pdmVyc2l0ZWl0IExlaWRlbjEZMBcGA1UEAxMQbGl0aGl1bS5saWFj
cy5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOXBSk1DzUar+85G
ma3klHeJPikfozHUM1MZOibhlFQkcyv2gdpGEMYbGZbcOYd9NujvLnl0ZyAksgNA
zWptC1TQd3SUscDoULs9f37A0h49lL3mjALqyi95wjgOjfP8yJWhEmfwvGwgZsh4
6fUeboQ+cbstl9H/EzIFgHUciqNp6NvkQc7Or5W3LwNHLqdeP5O7MCpI0QeX+tKO
VU7cikq2smCNVrnlrX9QEPppbTFGvZ3fpIShRuKp2GWkvdBdjSGV6Wej7UmFTCjD
wSNfENT7qF3XQkYLTHa1i9R2agSUzzoFY9ruSliwC2mhvSOq7kG+EiSvRs1KxRDQ
ocbK98hWEEapZKe50U1ilDuvfBg+8KiPEuPG8T4fV4De/JO5CbI/qcImtQTWSV0h
MqNRAnjAsxa/eQKdgDmhheR9jL19kCtqxwbYb9DAgXPwrGpjmmTJq97PrFFRGYY3
lmJJCh2TRBPpZ/6i2TJVPtATvanNnWyd0hH1bCOy+SEm3tMgc6/lNASBsb5/aKdo
PGFKYlUzHCeq3YHHlAp3LpZn/esBRAxftepnEtVonuVK8oeoBSTYuBoQFuJEax78
RhPTzsLjayTvlfNImj97GpS954SQRmyxVkLAsuSYXMEEq5ddbdsVIfTdUTcMwGrf
95PI3zpi6tE64O9XeFfpe0OiSgzpAgMBAAGjggdsMIIHaDAfBgNVHSMEGDAWgBRv
HTVJEGwy+lmgnryK6B+VvnF6DDAdBgNVHQ4EFgQU6glO5FVPEPsfBFe5W8Tkp3YO
56cwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0lBBYwFAYIKwYB
BQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQECAk8wJTAjBggr
BgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQICMD8GA1Ud
HwQ4MDYwNKAyoDCGLmh0dHA6Ly9HRUFOVC5jcmwuc2VjdGlnby5jb20vR0VBTlRP
VlJTQUNBNC5jcmwwdQYIKwYBBQUHAQEEaTBnMDoGCCsGAQUFBzAChi5odHRwOi8v
R0VBTlQuY3J0LnNlY3RpZ28uY29tL0dFQU5UT1ZSU0FDQTQuY3J0MCkGCCsGAQUF
BzABhh1odHRwOi8vR0VBTlQub2NzcC5zZWN0aWdvLmNvbTCCAX4GCisGAQQB1nkC
BAIEggFuBIIBagFoAHcAzxFW7tUufK/zh1vZaS6b6RpxZ0qwF+ysAdJbd87MOwgA
AAGNaSx7OwAABAMASDBGAiEA5dGfSapLEd4G9u7WmK8BArpGgdb4PI2aqctWszvj
0sECIQCd8dBIm6qgGd9jo7rY31PyA6Eg7q1IFQmi9ev0yJZw9wB1AKLjCuRF772t
m3447Udnd1PXgluElNcrXhssxLlQpEfnAAABjWkseywAAAQDAEYwRAIgJ4JA5+Lc
ptueiV9IUR/X0z1DJRaojww5UW/3rHA97SkCIGJqrd2m9OFSSTuNgwPE5T3GAUjX
4hEFY3OZTBJKxPkYAHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8A
AAGNaSx6wwAABAMARzBFAiA0npGuWEBNR7bM4j5AYVrJmlU40WP2WhgD55yub9ie
8QIhAKyGOiKNDIxhldMqz8G7x0FDFQwi1B4Wo0740RzX5UzbMIIEYgYDVR0RBIIE
WTCCBFWCEGxpdGhpdW0ubGlhY3MubmyCC2FjLmxpYWNzLm5sggxhY3MubGlhY3Mu
bmyCEmFydGVtaXNpYS5saWFjcy5ubIIZYm5haWMubGlhY3MubGVpZGVudW5pdi5u
bIIOYm5haWMubGlhY3MubmyCDGNhaS5saWFjcy5ubIIMY2lsLmxpYWNzLm5sghlj
aWwudW5pdmVyc2l0ZWl0bGVpZGVuLm5sggxjbnMubGlhY3MubmyCG2NvbXBhc3Mu
bGlhY3MubGVpZGVudW5pdi5ubIIQY29tcGFzcy5saWFjcy5ubIIRY3NtYXN0ZXIu
bGlhY3MubmyCEWRhZWRhbHVzLmxpYWNzLm5sghhkYWxlLmxpYWNzLmxlaWRlbnVu
aXYubmyCDWRhbGUubGlhY3MubmyCE2RhdGFtaW5pbmcubGlhY3MubmyCF2VkYS5s
aWFjcy5sZWlkZW51bml2Lm5sggxlZGEubGlhY3MubmyCDGVkdS5saWFjcy5ubIIT
ZXZvbHZlMjAxMy5saWFjcy5ubIIXZ2FtZXJlc2VhcmNoLmxlaWRlbi5lZHWCF2ht
cy5saWFjcy5sZWlkZW51bml2Lm5sggxobXMubGlhY3MubmyCDmlmbTIzLmxpYWNz
Lm5sghNpbmZyYXdhdGNoLmxpYWNzLm5sgg5sZWRhcC5saWFjcy5ubIITbGlhY3Mu
bGVpZGVudW5pdi5ubIINbG9jcy5saWFjcy5ubIIMbHBzLmxpYWNzLm5sghltaXN0
YS5saWFjcy5sZWlkZW51bml2Lm5sgg5taXN0YS5saWFjcy5ubIIYbW9kYS5saWFj
cy5sZWlkZW51bml2Lm5sgg1tb2RhLmxpYWNzLm5sghdtcHMubGlhY3MubGVpZGVu
dW5pdi5ubIIMbXBzLmxpYWNzLm5sghxuYWNvd2lraS5saWFjcy5sZWlkZW51bml2
Lm5sghFuYWNvd2lraS5saWFjcy5ubIIPb2NlYW5zLmxpYWNzLm5sgg1wZXJsLmxp
YWNzLm5sghNyZWFkLXVyYmFuLmxpYWNzLm5sghByc2V3aWtpLmxpYWNzLm5sgg1z
dGFyLmxpYWNzLm5sgg90aGVvcnkubGlhY3MubmyCGnRoZXNlcy5saWFjcy5sZWlk
ZW51bml2Lm5sgg90aGVzZXMubGlhY3MubmyCD3RoZXNpcy5saWFjcy5ubIIMdG1y
LmxpYWNzLm5sghJ0eXBlczIwMjEubGlhY3MubmyCEHR5cGVzMjEubGlhY3MubmyC
E3VuaXZlcmNpdHkubGlhY3MubmyCDnZpZXdzLmxpYWNzLm5sghJ3ZWJzZXJ2ZXIu
bGlhY3MubmyCDXdtYzcubGlhY3MubmyCEXd3dy5kYWxlLmxpYWNzLm5sghd3d3cu
ZGF0YW1pbmluZy5saWFjcy5ubIIXd3d3LmxpYWNzLmxlaWRlbnVuaXYubmyCDHd3
dy5saWFjcy5ubDANBgkqhkiG9w0BAQwFAAOCAgEAboFVkInmg8WgE5vdSpiiGZql
gY8cSm0UizcLyuBPX1u8TQn9tsLWevnezBWLfPYskOLFM7SulT27f3GbHATIn2HC
bH8dorFPMzKX11/QUNEtdRgp/DuSvtE3sfu4tbGBf2TaoGFuBkz3i87vdREH2lTG
+tyl8b/5ho+AA1A2T3H4lWsu8fhaRCOTLDqsytjHVx7a966gXhSnrAEmiV1oRM/9
rtuDQS8tH9CNOzYqiM1bbjKWVVlJHf3m/VHBtg8FeZj9/gZ5B7hO9xHRtlX/orbv
1euNxZgoosGAje6z2ezUjZ5VqMgm8sff9S1AWvJlO16a692SD+ZVTUpBvuPTTmC3
d47F38DZlfhyCg1+z2IvaCdou+E/78aaHXZrcWA54YL/1UFQkji64L6Z8jUsviu3
5mYTgeS+SFWsCn7LrjNixxWpYwqEBO86IG+V5+qmJsgAdmO5T8+y1GhpZUtq2M8R
eHdn7gcG5x7PS9WDNjG5aTqwQejZpS53yjTej6O8XLTuFksK+JzbyyXvVoHBmIr5
0lzKew0dgNEfOs68ecD27a2NybUJo1HX1p0mx7/KVrv508AAhJDhSO8X2+a3Oul4
yxN2CTepnkZ47BYLiLzdaKOEcWVL3JdjyZ0l2PIDmh6bgJANYa9bFEOBrVWzeu0T
ChZu0Y9nsjgnKvvvFs0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5cFKTUPNRqv7zkaZreSU
d4k+KR+jMdQzUxk6JuGUVCRzK/aB2kYQxhsZltw5h3026O8ueXRnICSyA0DNam0L
VNB3dJSxwOhQuz1/fsDSHj2UveaMAurKL3nCOA6N8/zIlaESZ/C8bCBmyHjp9R5u
hD5xuy2X0f8TMgWAdRyKo2no2+RBzs6vlbcvA0cup14/k7swKkjRB5f60o5VTtyK
SrayYI1WueWtf1AQ+mltMUa9nd+khKFG4qnYZaS90F2NIZXpZ6PtSYVMKMPBI18Q
1PuoXddCRgtMdrWL1HZqBJTPOgVj2u5KWLALaaG9I6ruQb4SJK9GzUrFENChxsr3
yFYQRqlkp7nRTWKUO698GD7wqI8S48bxPh9XgN78k7kJsj+pwia1BNZJXSEyo1EC
eMCzFr95Ap2AOaGF5H2MvX2QK2rHBthv0MCBc/CsamOaZMmr3s+sUVEZhjeWYkkK
HZNEE+ln/qLZMlU+0BO9qc2dbJ3SEfVsI7L5ISbe0yBzr+U0BIGxvn9op2g8YUpi
VTMcJ6rdgceUCnculmf96wFEDF+16mcS1Wie5Uryh6gFJNi4GhAW4kRrHvxGE9PO
wuNrJO+V80iaP3salL3nhJBGbLFWQsCy5JhcwQSrl11t2xUh9N1RNwzAat/3k8jf
OmLq0Trg71d4V+l7Q6JKDOkCAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 182902356511502890946794055952664740887
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT Vereniging'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT OV RSA CA 4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-02 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-01 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Zuid-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Universiteit Leiden'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'lithium.liacs.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 937318786057122216937677424647779394478803699988790703311535454235397937915478691326931001878322542695499905774634649538687367826048424115726273273692186585180278971802850349083337507948536900969610864185473768265089240034180910108396739794163575649663597286438579567016915661137238438341596015024909148181391783808247690302892854143236347974182138541886764579718077377818099571891019031580337443727640130329895896565608289552716299302371036671515038490191503959473781494285105378263476726267575100624613076373342155682253302918546687916006100849475438049645431129549598158758605200313598035300570171766024375239714338773205995634247958402913927141697774483812057400712637996627060346372269611822622196840284967760717412877562491447451759561778065144437835646953168987954053191658157423994771867679259677163988690134691392703474668090284372354054261282358918987834020361288288239597581230929290209329209716165200996381358131888016384792828091213020275250977253931300660882501556606108133621927657278078283562348571442743434809443081607841172328351776289702151810959894163304426629794494319965650352414348789816289694778054982234017174728682827708262024279814253506478111698174731048999123879671416672328178076418642154196460878040297
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f1d3549106c32fa59a09ebc8ae81f95be717a0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ea094ee4554f10fb1f0457b95bc4e4a7760ee7a7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.79
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							0168007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018d692c7b3b0000040300483046022100e5d19f49aa4b11de06f6eed698af0102ba4681d6f83c8d9aa9cb56b33be3d2c10221009df1d0489baaa019df63a3bad8df53f203a120eead481509a2f5ebf4c89670f7007500a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018d692c7b2c00000403004630440220278240e7e2dca6db9e895f48511fd7d33d432516a88f0c39516ff7ac703ded290220626aaddda6f4e152493b8d8303c4e53dc60148d7e211056373994c124ac4f9180076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018d692c7ac300000403004730450220349e91ae58404d47b6cce23e40615ac99a5538d163f65a1803e79cae6fd89ef1022100ac863a228d0c8c6195d32acfc1bbc74143150c22d41e16a34ef8d11cd7e54cdb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (1113 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lithium.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ac.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'acs.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'artemisia.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bnaic.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bnaic.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cai.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cil.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cil.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cns.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'compass.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'compass.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'csmaster.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'daedalus.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dale.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'dale.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'datamining.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eda.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'eda.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'edu.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'evolve2013.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gameresearch.leiden.edu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hms.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'hms.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ifm23.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'infrawatch.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ledap.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'locs.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lps.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mista.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mista.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'moda.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'moda.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mps.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mps.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nacowiki.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nacowiki.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'oceans.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'perl.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'read-urban.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rsewiki.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'star.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'theory.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'theses.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'theses.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'thesis.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tmr.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'types2021.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'types21.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'univercity.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'views.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webserver.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'wmc7.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.dale.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.datamining.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.liacs.leidenuniv.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.liacs.nl'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		006e81559089e683c5a0139bdd4a98a2199aa5818f1c4a6d148b370bcae04f5f5bbc4d09fdb6c2d67af9decc158b7cf62c90e2c533b4ae953dbb7f719b1c04c89f61c26c7f1da2b14f333297d75fd050d12d751829fc3b92bed137b1fbb8b5b1817f64daa0616e064cf78bceef751107da54c6fadca5f1bff9868f800350364f71f8956b2ef1f85a4423932c3aaccad8c7571edaf7aea05e14a7ac0126895d6844cffdaedb83412f2d1fd08d3b362a88cd5b6e32965559491dfde6fd51c1b60f057998fdfe067907b84ef711d1b655ffa2b6efd5eb8dc59828a2c1808deeb3d9ecd48d9e55a8c826f2c7dff52d405af2653b5e9aebdd920fe6554d4a41bee3d34e60b7778ec5dfc0d995f8720a0d7ecf622f682768bbe13fefc69a1d766b716039e182ffd541509238bae0be99f2352cbe2bb7e6661381e4be4855ac0a7ecbae3362c715a9630a8404ef3a206f95e7eaa626c8007663b94fcfb2d46869654b6ad8cf11787767ee0706e71ecf4bd5833631b9693ab041e8d9a52e77ca34de8fa3bc5cb4ee164b0af89cdbcb25ef5681c1988af9d25cca7b0d1d80d11f3acebc79c0f6edad8dc9b509a351d7d69d26c7bfca56bbf9d3c0008490e148ef17dbe6b73ae978cb13760937a99e4678ec160b88bcdd68a38471654bdc9763c99d25d8f2039a1e9b80900d61af5b144381ad55b37aed130a166ed18f67b238272afbef16cd