stg-xapf.stgag.ch

Issued by SwissSign RSA TLS DV ICA 2022 - 1

About this certificate

This digital certificate with serial number 5f:e2:b2:8a:13:ab:9b:9b:19:df:2f:aa:6b:b5:6e:15:20:ec:3f:24 was issued on by SwissSign AG.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=stg-xapf.stgag.ch

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 5f:e2:b2:8a:13:ab:9b:9b:19:df:2f:aa:6b:b5:6e:15:20:ec:3f:24
Serial Number (int): 547409644615141534790130351348013152762449379108
Serial Number lenght: 159 bits, 20 octets

SubjectKeyId: 7c:b4:08:08:b2:67:c4:ab:bd:44:af:01:74:dc:e9:6a:c4:69:86:cb
AuthorityKeyId: eb:bd:7f:49:93:8c:c9:ee:ec:a2:ba:f7:1c:d2:67:f0:83:b1:ea:de

Fingerprint (sha1): ef:cd:9b:b7:58:99:48:18:b9:55:dc:cb:77:8e:7a:9f:cc:d7:3a:92
Fingerprint (sha256): 38:a7:1f:b7:7b:d5:ce:2b:e8:ea:29:e9:6e:06:de:4f:fe:dd:6d:f4:aa:a6:e4:df:0f:ea:f0:af:b8:3a:ed:2c

Issuing Certificate URL: http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba

Check the revocation status for certificate stg-xapf.stgag.ch

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for stg-xapf.stgag.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

stg-xapf.stgag.ch
stg-xapf-test.stgag.ch

Other certificates including the domain name stgag.ch

(limited to 100 certificates)
imito-test.stgag.ch
af.stgag.ch
www.stgag.ch
pol.swiss
pol.swiss
pol.swiss
rekrutierung.stgag.ch
pol.swiss
pol.swiss
stgag.ch
imito-test.stgag.ch
pol.swiss
imito.stgag.ch
imito-test.stgag.ch
pol.swiss
pol.swiss
www.stgag.ch
mail.stgag.ch
pol.swiss
www.stgag.ch
stgag.ch
www.stgag.ch
www.stgag.ch
stg-xapf.stgag.ch
stg-xapf.stgag.ch
am.stgag.ch
nova-sc.stgag.ch
stgag.ch
*.stgag.ch
stgag.ch
stgag.ch
jobportal.stgag.ch
pol.swiss
www.stgag.ch
imito.stgag.ch
imito.stgag.ch
www.stgag.ch
stg-xapf.stgag.ch
jobportal.stgag.ch
imito-test.stgag.ch
pol.swiss
expe.stgag.ch
*.stgag.ch
*.stgag.ch
*.stgag.ch
stgag.ch
*.stgag.ch
imito.stgag.ch
imito-test.stgag.ch
pol.swiss
imito-test.stgag.ch
imito.stgag.ch
pol.swiss
jobportal.stgag.ch
jobportal.stgag.ch
stg-xapf.stgag.ch
stgag.ch
pol.swiss
jobportal.stgag.ch
stg-xapf.stgag.ch
expe.stgag.ch
www.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
pol.swiss
pol.swiss
imito.stgag.ch
stg-wifi-gast.stgag.ch
*.stgag.ch
imito.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
pol.swiss
pol.swiss
pol.swiss
imito-test.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
nova-sc.stgag.ch
imito-test.stgag.ch
*.stgag.ch
*.stgag.ch
stgag.ch
rekrutierung.stgag.ch
imito.stgag.ch
pol.swiss
stg-wifi-gast.stgag.ch
stgag.ch
jobportal.stgag.ch
af.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
am.stgag.ch
stgag.ch
stg-xapf.stgag.ch

Certificate

The complete raw certificate details for stg-xapf.stgag.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIGTCCBgGgAwIBAgIUX+KyihOrm5sZ3y+qa7VuFSDsPyQwDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgRFYgSUNBIDIwMjIgLSAxMB4XDTI0MDMyNjE0
NTcwMFoXDTI1MDMyNjE0NTcwMFowHDEaMBgGA1UEAxMRc3RnLXhhcGYuc3RnYWcu
Y2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf6iVzPQpbDdiVIaB9
QGcbcopZr5xOjkVNaZWhN9LhkHDjb2+dm5OGiCmdzq5ccQTDykp83Bnr9bi7HtfT
vhyt1LCYEmasF5tjTTJiuxR0qw0l1l7rXGAqIdd5FPzHRWRiCJ1pRjQe1P0C/sL9
tl+MP23be+RBzSCbARVVa6g+flA940qGbc+TbnqzQWv+ORzgxkpqdzYFYwOUQeov
ygtFD+fCGC5ZDYm0erED7Okz+SxYnaKJhpngaSmh8Wk6WZkGJNpz37+k2yv3fdL8
TpZpRXKignotMTIc2EvtPxvKKt9CQxbXmhHUlOMOu0aUQPnKN5v8k/n8+NHCsr7r
M4ppAgMBAAGjggQdMIIEGTCBsgYIKwYBBQUHAQEEgaUwgaIwTAYIKwYBBQUHMAKG
QGh0dHA6Ly9haWEuc3dpc3NzaWduLmNoL2Fpci0xYjg2MzM4NS1mNGE5LTQ3ZmEt
ODhhNS0yYTVhYmZkNGExNjcwUgYIKwYBBQUHMAGGRmh0dHA6Ly9vY3NwLnN3aXNz
c2lnbi5jaC9zaWduL29jcy1hYWNjY2VkNS02NmU4LTQwNjktOWIxYi1mZDI5YWI3
M2VmZWMwbwYDVR0gBGgwZjAIBgZngQwBAgEwCAYGBACPegEGMFAGCGCFdAFZAgEB
MEQwQgYIKwYBBQUHAgEWNmh0dHBzOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24uY29t
L1N3aXNzU2lnbl9DUFNfVExTLnBkZjBRBgNVHR8ESjBIMEagRKBChkBodHRwOi8v
Y3JsLnN3aXNzc2lnbi5jaC9jZHAtNjc5NzIzYjItODY0MS00NjQyLTg1MDAtZjZk
MmZmMzdlNmJhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8B
Af8EBAMCBaAwNAYDVR0RBC0wK4IRc3RnLXhhcGYuc3RnYWcuY2iCFnN0Zy14YXBm
LXRlc3Quc3RnYWcuY2gwHQYDVR0OBBYEFHy0CAiyZ8SrvUSvAXTc6WrEaYbLMB8G
A1UdIwQYMBaAFOu9f0mTjMnu7KK69xzSZ/CDsereMIIB9wYKKwYBBAHWeQIEAgSC
AecEggHjAeEAdwAo4oE4/YMhRemp1qp1N22Dd6iFErPAf3JBSCHcvemMZgAAAY57
Q8ZpAAAEAwBIMEYCIQC1fhdGATyd6GBrOS2jQcape/DPdKdf8jbA9AEyAMR6OwIh
ANx3F2zzFz0DEEMjPqRgmFdQByu79oxF3GAAfemdrcIzAHcAzxFW7tUufK/zh1vZ
aS6b6RpxZ0qwF+ysAdJbd87MOwgAAAGOe0O/fAAABAMASDBGAiEAk40O39liq9Bc
gI2aCTuAZlfzWZgtBffbrPuf/aMuRX0CIQCkkNK7DWlW06vRR0LvmnxHY5NaB+K+
EUC+FEMO6sSK6AB2AMz7D2qFcQll/pWbU87psnwi6YVcDZeNtql+VMD+TA2wAAAB
jntDv+QAAAQDAEcwRQIgL5yAaiImqP6gRfyFsGm3n2LKcPo95DGVLXENEO10b3IC
IQDaiWYmMy7UkD+LhtGEWdsLgIuQ7ynxl9RMV9wDlsUglAB1AE51oydcmhDDOFts
1N8/Uusd8OCOG41pwLH6ZLFimjnfAAABjntDwacAAAQDAEYwRAIgYTSA9pY57Lk9
LKFsXU03f47R87enw0PS7ac+vLqbb7gCICFBA+gcdqh9fLCzGgM2PRMg52nbhpri
z1XSURchF/nNMA0GCSqGSIb3DQEBCwUAA4ICAQBK8Ti6Fhof8av6tMw7eYkuEKHT
JuW5Eid5yYCRNTDCHlV1Z6xRwtJpYtPwQ2Y7320biNyyCNlh5kO8LJOIA+iyjUKY
/ml+EWNMQPj+08O86zWtDZLshhUkiCJ9dHQT66li+J2pCutNuTbu82Ix9f6W77Yn
eFBLnOaEdzGDBAJgZWp87kGselHSk7ohkvJtT0W5hSIb2y4b2lL/ZnTz9YUYbfyH
F+71h5z5Ns1wai5DcqoD6PA124Gku5oTtaAzRB0lfUzhfHqIafshxskDJQUT+T4z
3pM7/92nlMYL4LyrlNom9TaFizW9HbXGsXKtwO1SUGda+pLj6GfNso9JJQCa7VNW
NlZx53q92ce4aTnegtk0292KpOrCOK+ipcunF9jvLbbflDEJTvUJDKC0g+RFW0LF
QaKT2i0fe5Ai2AKLtrNgabnYPw6/QdMO7vdz8Vco4DZu3C2uilMleoS8UYXnVE2O
AaOKmvzgpZ/qi5OxFYF6DJiy2usANoyaxqdhdAGNoe/YudYH2X4+gOaNZdoSLY3Z
/j1eTUTM3gVlW3IYVyEJ9TQN6ltxp9nX+wqlCSDeYgadIDQpgA7awxwdSLyTLwlC
7QQ71IWBM++4IOTXWksoU3PsgABTEdXamP8Ls19CYZsahNlvg75I2BQ2+6abx9qq
a9WkCOeFZ2LDAluXHQ==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+olcz0KWw3YlSGgfUBn
G3KKWa+cTo5FTWmVoTfS4ZBw429vnZuThogpnc6uXHEEw8pKfNwZ6/W4ux7X074c
rdSwmBJmrBebY00yYrsUdKsNJdZe61xgKiHXeRT8x0VkYgidaUY0HtT9Av7C/bZf
jD9t23vkQc0gmwEVVWuoPn5QPeNKhm3Pk256s0Fr/jkc4MZKanc2BWMDlEHqL8oL
RQ/nwhguWQ2JtHqxA+zpM/ksWJ2iiYaZ4GkpofFpOlmZBiTac9+/pNsr933S/E6W
aUVyooJ6LTEyHNhL7T8byirfQkMW15oR1JTjDrtGlED5yjeb/JP5/PjRwrK+6zOK
aQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 547409644615141534790130351348013152762449379108
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS DV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-03-26 14:57:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-03-26 14:57:00 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'stg-xapf.stgag.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28266603846178675041086264563298338311060435320930129032843034648994468419047435972049095573440603891100454940269120545040364534105581350073431081162709186965023407134757692563680521287553949771734539855375285130592858135662973096469471695608799813137234133462036911549897537178310638278352486625360893797198724624597744964853321777104131925105337261958388399323222928757241476484615319190383318441653271006540953263710709599221804043333397430177790520827098609431759260916896388802466184632995556713582601968325643229848808713045144837785184670868143932585222018867392084353561792679317271192883831550616499895110249
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (45 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg-xapf.stgag.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'stg-xapf-test.stgag.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							7cb40808b267c4abbd44af0174dce96ac46986cb
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ebbd7f49938cc9eeeca2baf71cd267f083b1eade
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (487 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (483 bytes)
							01e100770028e28138fd832145e9a9d6aa75376d8377a88512b3c07f72414821dcbde98c660000018e7b43c6690000040300483046022100b57e1746013c9de8606b392da341c6a97bf0cf74a75ff236c0f4013200c47a3b022100dc77176cf3173d031043233ea460985750072bbbf68c45dc60007de99dadc233007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018e7b43bf7c0000040300483046022100938d0edfd962abd05c808d9a093b806657f359982d05f7dbacfb9ffda32e457d022100a490d2bb0d6956d3abd14742ef9a7c4763935a07e2be1140be14430eeac48ae8007600ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000018e7b43bfe4000004030047304502202f9c806a2226a8fea045fc85b069b79f62ca70fa3de431952d710d10ed746f72022100da896626332ed4903f8b86d18459db0b808b90ef29f197d44c57dc0396c520940075004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018e7b43c1a700000403004630440220613480f69639ecb93d2ca16c5d4d377f8ed1f3b7a7c343d2eda73ebcba9b6fb80220214103e81c76a87d7cb0b31a03363d1320e769db869ae2cf55d251172117f9cd
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		004af138ba161a1ff1abfab4cc3b79892e10a1d326e5b9122779c980913530c21e557567ac51c2d26962d3f043663bdf6d1b88dcb208d961e643bc2c938803e8b28d4298fe697e11634c40f8fed3c3bceb35ad0d92ec86152488227d747413eba962f89da90aeb4db936eef36231f5fe96efb62778504b9ce684773183040260656a7cee41ac7a51d293ba2192f26d4f45b985221bdb2e1bda52ff6674f3f585186dfc8717eef5879cf936cd706a2e4372aa03e8f035db81a4bb9a13b5a033441d257d4ce17c7a8869fb21c6c903250513f93e33de933bffdda794c60be0bcab94da26f536858b35bd1db5c6b172adc0ed5250675afa92e3e867cdb28f4925009aed5356365671e77abdd9c7b86939de82d934dbdd8aa4eac238afa2a5cba717d8ef2db6df9431094ef5090ca0b483e4455b42c541a293da2d1f7b9022d8028bb6b36069b9d83f0ebf41d30eeef773f15728e0366edc2dae8a53257a84bc5185e7544d8e01a38a9afce0a59fea8b93b115817a0c98b2daeb00368c9ac6a76174018da1efd8b9d607d97e3e80e68d65da122d8dd9fe3d5e4d44ccde05655b7218572109f5340dea5b71a7d9d7fb0aa50920de62069d203429800edac31c1d48bc932f0942ed043bd4858133efb820e4d75a4b285373ec80005311d5da98ff0bb35f42619b1a84d96f83be48d81436fba69bc7daaa6bd5a408e7856762c3025b971d