lithium.liacs.nl

- Universiteit Leiden -

Issued by GEANT OV RSA CA 4

About this certificate

This digital certificate with serial number 0a:ce:cc:70:6d:72:ca:cd:cc:63:96:52:65:88:f5:60 was issued on by GEANT Vereniging.

With 10 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Universiteit Leiden

Organization: Universiteit Leiden
State / Province: Zuid-Holland
Country: NL

GEANT Vereniging

Organization: GEANT Vereniging
Country: NL

This certificate will expire on

Certificate Details

Serial Number (hex): 0a:ce:cc:70:6d:72:ca:cd:cc:63:96:52:65:88:f5:60
Serial Number (int): 14366039629693321087190184045583070560
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: f0:b6:40:9f:0f:cd:f9:a8:f8:6d:1e:d2:bb:69:30:a6:d2:93:4e:6d
AuthorityKeyId: 6f:1d:35:49:10:6c:32:fa:59:a0:9e:bc:8a:e8:1f:95:be:71:7a:0c

Fingerprint (sha1): b5:cf:99:1b:ee:3b:7a:61:a6:1a:44:ee:49:13:01:0a:1e:f1:34:d5
Fingerprint (sha256): 3a:3d:f4:c2:48:c2:27:b1:cd:a9:b0:93:d1:c1:80:34:6d:ef:43:c2:11:7e:ec:f8:9b:04:6b:82:64:41:87:0f

Issuing Certificate URL: http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt

Revocation information

OCSP Server: http://GEANT.ocsp.sectigo.com
CRL Distribution Point: http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl

Check the revocation status for certificate lithium.liacs.nl

10

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for lithium.liacs.nl

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

lithium.liacs.nl
ida-society.org
marcospruit.nl
patternsthatmatter.org
tdslab.nl
webserver.liacs.nl
www.ida-society.org
www.marcospruit.nl
www.patternsthatmatter.org
www.tdslab.nl

Other certificates including the domain name liacs.nl

(limited to 100 certificates)
tls.automattic.com
deleidscheflesch.nl
tls.automattic.com
deleidscheflesch.nl
git.liacs.nl
deleidscheflesch.nl
git.liacs.nl
deleidscheflesch.nl
basilisk.liacs.nl
deleidscheflesch.nl
naco.liacs.nl
deleidscheflesch.nl
bio-imaging.liacs.nl
deleidscheflesch.nl
erumpent.liacs.nl
erumpent.liacs.nl
tornado-p-https.web.leidenuniv.nl
keep.leidenuniv.nl
tornado-p-https.web.leidenuniv.nl
tornado-p-https.web.leidenuniv.nl
deleidscheflesch.nl
deleidscheflesch.nl
basilisk.liacs.nl
elaborant.com
deleidscheflesch.nl
deleidscheflesch.nl
naco.liacs.nl
iohanalyzer.liacs.nl
lcm.liacs.nl
git.liacs.nl
deleidscheflesch.nl
tornado-p-https.web.leidenuniv.nl
deleidscheflesch.nl
tls.automattic.com
git.liacs.nl
basilisk.liacs.nl
deleidscheflesch.nl
computingfrontiers.org
ada.liacs.leidenuniv.nl
basilisk.liacs.nl
basilisk.liacs.nl
tls.automattic.com
tornado-p-https.web.leidenuniv.nl
cyttron.org
tls.automattic.com
lcm.liacs.nl
elaborant.com
keep.leidenuniv.nl
deleidscheflesch.nl
deleidscheflesch.nl
tls.automattic.com
press.liacs.nl
git.liacs.nl
deleidscheflesch.nl
cf19.liacs.nl
lithium.liacs.nl
bio-imaging.liacs.nl
tls.automattic.com
bio-imaging.liacs.nl
lithium.liacs.nl
deleidscheflesch.nl
deleidscheflesch.nl
deleidscheflesch.nl
tls.automattic.com
cml.liacs.nl
bio-imaging.liacs.nl
bio-imaging.liacs.nl
bio-imaging.liacs.nl
deleidscheflesch.nl
basilisk.liacs.nl
deleidscheflesch.nl
deleidscheflesch.nl
basilisk.liacs.nl
deleidscheflesch.nl
naco.liacs.nl
deleidscheflesch.nl
deleidscheflesch.nl
keep.leidenuniv.nl
tls.automattic.com
erumpent.liacs.nl
git.liacs.nl
git.liacs.nl
erumpent.liacs.nl
deleidscheflesch.nl
elaborant.com
deleidscheflesch.nl
naco.liacs.nl
git.liacs.nl
cml.liacs.nl
keep.leidenuniv.nl
lcm.liacs.nl
naco.liacs.nl
bio-imaging.liacs.nl
press.liacs.nl
press.liacs.nl
deleidscheflesch.nl
theory.liacs.nl
deleidscheflesch.nl
bio-imaging.liacs.nl
erumpent.liacs.nl

Certificate

The complete raw certificate details for lithium.liacs.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJADCCBuigAwIBAgIQCs7McG1yys3MY5ZSZYj1YDANBgkqhkiG9w0BAQwFADBE
MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE
AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjQwNTI3MDAwMDAwWhcNMjUwNTI3MjM1
OTU5WjBdMQswCQYDVQQGEwJOTDEVMBMGA1UECBMMWnVpZC1Ib2xsYW5kMRwwGgYD
VQQKExNVbml2ZXJzaXRlaXQgTGVpZGVuMRkwFwYDVQQDExBsaXRoaXVtLmxpYWNz
Lm5sMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwu9qyq6/gg8wmrtT
TsJsfpgmv95eiB+plZOJBOxXRRVVzYWTZriuxV3DvG1Mk+jBaTaiSfKLohIhuecf
4eQP2NWJu22VMqSeaYlNfyxISytBexnpbzAtyweIOAhJvllBVFpfB8of/YhKEkEw
SE/7M2az55+qsCNV+i65AQGibRYZQCu/ORRMK5ST/g9JGZmJPGyy6Zc9B+KEVZ6/
ATWNsd73tZkMBQ5XbDXKzZEHOrGXVbqtZupYw0BKZf+pf4hZJRzWwPWBtLRuTh+m
rgjX2f/alfbuNuUV3MZeOZ3bKCGiCPU38AXcfxSWzA134gn5xHtheE1kTSDA/VlF
pxxjfoZ6Cu9ekvmlLRy65q+ENV+/CTY83ZkNOoaaO7SEdxVAGBamjqf6Mp/9vy7w
Fz+X5S+u4VtvGm0IeMwFFGe/NLhEfLyPR2+6kYTQdJ3ybdiltUh4k/kRplQF06dz
BqyoDmxvNhomqpZFakDaNU/jdWRtWM3UnLAXEybSFIkyrZBU1JfeovsqkpuxrCaC
/Kw+CaODbXVM+lrf/byhEHfh7SEN9FCJul6f2CTA+2ynnUKrLqxfQgndns6qfXsu
86GhEk69wZgOWubFiJgjIYlqb39u+zVUhgHKIM5qVtP75dDlxGVu5wePq5FQm6T+
7t0JciNiX6ane/StHoGqyKVDDi8CAwEAAaOCA9MwggPPMB8GA1UdIwQYMBaAFG8d
NUkQbDL6WaCevIroH5W+cXoMMB0GA1UdDgQWBBTwtkCfD835qPhtHtK7aTCm0pNO
bTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICTzAlMCMGCCsG
AQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgIwPwYDVR0f
BDgwNjA0oDKgMIYuaHR0cDovL0dFQU5ULmNybC5zZWN0aWdvLmNvbS9HRUFOVE9W
UlNBQ0E0LmNybDB1BggrBgEFBQcBAQRpMGcwOgYIKwYBBQUHMAKGLmh0dHA6Ly9H
RUFOVC5jcnQuc2VjdGlnby5jb20vR0VBTlRPVlJTQUNBNC5jcnQwKQYIKwYBBQUH
MAGGHWh0dHA6Ly9HRUFOVC5vY3NwLnNlY3RpZ28uY29tMIIBfwYKKwYBBAHWeQIE
AgSCAW8EggFrAWkAdwDPEVbu1S58r/OHW9lpLpvpGnFnSrAX7KwB0lt3zsw7CAAA
AY+6DIFzAAAEAwBIMEYCIQCmV8uVPKpMSqOOMvzcqqSdFkdAGCZdYFu+WZE3xB+H
dAIhAOzi1hoeeWVnV8uHezfxxY9B7uyvjpef81MyCeID/OFnAHYAouMK5EXvva2b
fjjtR2d3U9eCW4SU1yteGyzEuVCkR+cAAAGPugyBMQAABAMARzBFAiB9//CN1tvF
t/KXHhLavE+Gfj1rRFKHCsv3HnP3oDbdjgIhAJIgo5aPwqSdKMotL2QcJXpCmtBI
FZ0u8C3ltr0vca24AHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8A
AAGPugyBKwAABAMARzBFAiBoTA7KVskgr/HS31bhEgHoy6CenX1v0LUXvV2L3Gxz
mQIhAMRB1tkayvWAtCMdhVq12NpRpZCWo8BAYXNdJOyUk23EMIHJBgNVHREEgcEw
gb6CEGxpdGhpdW0ubGlhY3MubmyCD2lkYS1zb2NpZXR5Lm9yZ4IObWFyY29zcHJ1
aXQubmyCFnBhdHRlcm5zdGhhdG1hdHRlci5vcmeCCXRkc2xhYi5ubIISd2Vic2Vy
dmVyLmxpYWNzLm5sghN3d3cuaWRhLXNvY2lldHkub3JnghJ3d3cubWFyY29zcHJ1
aXQubmyCGnd3dy5wYXR0ZXJuc3RoYXRtYXR0ZXIub3Jngg13d3cudGRzbGFiLm5s
MA0GCSqGSIb3DQEBDAUAA4ICAQAny9jwRkRjZPOsX9fwpnheoms+D/9WTVG8rKDu
X4+h1iCSY6aDC8CcAqm/9GgHfwgQQLsd3hGvjGwqyQhK66FQtL406mDvxFp6i1lT
7R31jV9ef8qEHp6CUJNC12BmbzRe3ghiRadpZW2E6MnwHQ2KGReXEJxS93J0LEAu
307klVd+gb5K+14OIjMJocG2P813Xpi1BB2vJJgnEvkqHqbHzjdUMXDURVfl4P8a
0L2PUA9PSCckQu77mm1Fg1C4unjCa7ovqcQqdK8QPTYRD210SMaboBwwXrijXjR4
k6oub9L0Tmjf1GDe577hHdF6sqVYut5yDRmti6Zd1QMHgnbbYkEzDmgSQ3MsLlCn
Bjxoe6+7KfsJHl75tfNCQKE0XG5y1ah0/0Hq09WgrA0jh7R7qid03+2/r2lBXczU
BCebWW8xfCdjdadS1FySPiffDcUwjFWoqSvcGPw+9KHxNceCIKBbFCIPMvzRVzFe
d+T6kRCsI9W4VJ3OcbRu57/J7ZmPy1ZPti6gH3l6W5lKNkfNfOWQKyJ5QlWiyiu3
MOKZ8WDsD28L16q62md3rC/ixYS9bQ+Wvbgz5M4kdvHo0BPds1trRofazMMsHhNe
DHUuvGRjEdVxnIb+NNv5I3KvMnzhjkOJWyS+WWcvWzTa7fYRzUyDdu900T7MJF2u
Y0cquA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwu9qyq6/gg8wmrtTTsJs
fpgmv95eiB+plZOJBOxXRRVVzYWTZriuxV3DvG1Mk+jBaTaiSfKLohIhuecf4eQP
2NWJu22VMqSeaYlNfyxISytBexnpbzAtyweIOAhJvllBVFpfB8of/YhKEkEwSE/7
M2az55+qsCNV+i65AQGibRYZQCu/ORRMK5ST/g9JGZmJPGyy6Zc9B+KEVZ6/ATWN
sd73tZkMBQ5XbDXKzZEHOrGXVbqtZupYw0BKZf+pf4hZJRzWwPWBtLRuTh+mrgjX
2f/alfbuNuUV3MZeOZ3bKCGiCPU38AXcfxSWzA134gn5xHtheE1kTSDA/VlFpxxj
foZ6Cu9ekvmlLRy65q+ENV+/CTY83ZkNOoaaO7SEdxVAGBamjqf6Mp/9vy7wFz+X
5S+u4VtvGm0IeMwFFGe/NLhEfLyPR2+6kYTQdJ3ybdiltUh4k/kRplQF06dzBqyo
DmxvNhomqpZFakDaNU/jdWRtWM3UnLAXEybSFIkyrZBU1JfeovsqkpuxrCaC/Kw+
CaODbXVM+lrf/byhEHfh7SEN9FCJul6f2CTA+2ynnUKrLqxfQgndns6qfXsu86Gh
Ek69wZgOWubFiJgjIYlqb39u+zVUhgHKIM5qVtP75dDlxGVu5wePq5FQm6T+7t0J
ciNiX6ane/StHoGqyKVDDi8CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 14366039629693321087190184045583070560
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT Vereniging'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT OV RSA CA 4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-27 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-27 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Zuid-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Universiteit Leiden'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'lithium.liacs.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 795266327230896756178036084296805329431075651561306668937048845636207850322296817077424999303531371338706718630302413484246369952342443612246513342937695708376680279817343331451840408775297462248247373490625304310378731059622332897146550502588147554674642972516179454521968889918102853743359530201305784628748707266968970596854326224339116948036384415396280253888372097135902471206920847944139000546920307653646198658054983516222441900744788708985209766028059983009523125358229807700365723940540217862742895653868058594812293304106193063140292053662021351773531922293597339818211579476577714542859610871121106640304600560944465809535445073089022578181822808884145614578387153287699489769632237814739811006501006111483643208109095905461550947474401482944393519117406884189326889184591034160171787565006788996277523993135297216154718867973612892427296044966558166353905352378815301223423846460164085660477942105692351287049889154890361419210411908393378110385500242409298537187892980789981398186238280004796135631797504360148703946098761125078269434327735659004642705575581876353317656010529689180482211540047127238265750192400574741119166814140992137675282746276270364989123119503052672048205867251549586424122554482860817945112809007
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f1d3549106c32fa59a09ebc8ae81f95be717a0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f0b6409f0fcdf9a8f86d1ed2bb6930a6d2934e6d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.79
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (367 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (363 bytes)
							0169007700cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018fba0c81730000040300483046022100a657cb953caa4c4aa38e32fcdcaaa49d16474018265d605bbe599137c41f8774022100ece2d61a1e79656757cb877b37f1c58f41eeecaf8e979ff3533209e203fce167007600a2e30ae445efbdad9b7e38ed47677753d7825b8494d72b5e1b2cc4b950a447e70000018fba0c8131000004030047304502207dfff08dd6dbc5b7f2971e12dabc4f867e3d6b4452870acbf71e73f7a036dd8e0221009220a3968fc2a49d28ca2d2f641c257a429ad048159d2ef02de5b6bd2f71adb80076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018fba0c812b00000403004730450220684c0eca56c920aff1d2df56e11201e8cba09e9d7d6fd0b517bd5d8bdc6c7399022100c441d6d91acaf580b4231d855ab5d8da51a59096a3c04061735d24ec94936dc4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (193 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'lithium.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ida-society.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'marcospruit.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'patternsthatmatter.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'tdslab.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'webserver.liacs.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.ida-society.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.marcospruit.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.patternsthatmatter.org'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tdslab.nl'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0027cbd8f046446364f3ac5fd7f0a6785ea26b3e0fff564d51bcaca0ee5f8fa1d6209263a6830bc09c02a9bff468077f081040bb1dde11af8c6c2ac9084aeba150b4be34ea60efc45a7a8b5953ed1df58d5f5e7fca841e9e82509342d760666f345ede086245a769656d84e8c9f01d0d8a191797109c52f772742c402edf4ee495577e81be4afb5e0e223309a1c1b63fcd775e98b5041daf24982712f92a1ea6c7ce37543170d44557e5e0ff1ad0bd8f500f4f48272442eefb9a6d458350b8ba78c26bba2fa9c42a74af103d36110f6d7448c69ba01c305eb8a35e347893aa2e6fd2f44e68dfd460dee7bee11dd17ab2a558bade720d19ad8ba65dd503078276db6241330e681243732c2e50a7063c687bafbb29fb091e5ef9b5f34240a1345c6e72d5a874ff41ead3d5a0ac0d2387b47baa2774dfedbfaf69415dccd404279b596f317c276375a752d45c923e27df0dc5308c55a8a92bdc18fc3ef4a1f135c78220a05b14220f32fcd157315e77e4fa9110ac23d5b8549dce71b46ee7bfc9ed998fcb564fb62ea01f797a5b994a3647cd7ce5902b22794255a2ca2bb730e299f160ec0f6f0bd7aabada6777ac2fe2c584bd6d0f96bdb833e4ce2476f1e8d013ddb35b6b4687daccc32c1e135e0c752ebc646311d5719c86fe34dbf92372af327ce18e43895b24be59672f5b34daedf611cd4c8376ef74d13ecc245dae63472ab8