www.universiteitleiden.nl

- Universiteit Leiden -

Issued by GEANT OV RSA CA 4

About this certificate

This digital certificate with serial number fd:e1:05:af:1f:bc:2d:37:fb:e0:60:ff:b8:d2:4b:db was issued on by GEANT Vereniging.

With 19 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Universiteit Leiden

Organization: Universiteit Leiden
State / Province: Zuid-Holland
Country: NL

GEANT Vereniging

Organization: GEANT Vereniging
Country: NL

This certificate will expire on

Certificate Details

Serial Number (hex): fd:e1:05:af:1f:bc:2d:37:fb:e0:60:ff:b8:d2:4b:db
Serial Number (int): 337463065013552037213455260284559182811
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 9e:71:fa:03:e6:02:de:a9:54:f1:f9:c4:94:73:01:28:90:b6:37:59
AuthorityKeyId: 6f:1d:35:49:10:6c:32:fa:59:a0:9e:bc:8a:e8:1f:95:be:71:7a:0c

Fingerprint (sha1): 1a:cf:3f:0c:41:3f:a9:00:d4:c1:f3:ef:2c:fd:c6:3b:bc:0e:5e:8f
Fingerprint (sha256): 3c:41:01:85:b5:c1:1f:41:b5:2e:cf:bf:81:7a:0d:9d:cc:29:28:7a:2f:92:76:d6:03:75:ee:03:35:ed:81:22

Issuing Certificate URL: http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt

Revocation information

OCSP Server: http://GEANT.ocsp.sectigo.com
CRL Distribution Point: http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl

Check the revocation status for certificate www.universiteitleiden.nl

19

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.universiteitleiden.nl

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.universiteitleiden.nl
bibliotheek.universiteitleiden.nl
cms.universiteitleiden.nl
library.universiteitleiden.nl
luf.nl
medewerkers.universiteitleiden.nl
organisatiegids.universiteitleiden.nl
researchsupport.universiteitleiden.nl
staff.universiteitleiden.nl
student.universiteitleiden.nl
universiteitleiden.nl
www.bibliotheek.universiteitleiden.nl
www.library.universiteitleiden.nl
www.luf.nl
www.medewerkers.universiteitleiden.nl
www.organisatiegids.universiteitleiden.nl
www.researchsupport.universiteitleiden.nl
www.staff.universiteitleiden.nl
www.student.universiteitleiden.nl

Other certificates including the domain name universiteitleiden.nl

(limited to 100 certificates)
bachelors.universiteitleiden.nl
scharrelaar-p1.leidenuniv.nl
springoffer.universiteitleiden.nl
weblectures-a.leidenuniv.nl
phdcareerplatform.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
form.services.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
studiegids-p.leidenuniv.nl
ooievaar.web.leidenuniv.nl
scharrelaar-p3.leidenuniv.nl
helpdesk.universiteitleiden.nl
depthoffield.universiteitleiden.nl
aqa.universiteitleiden.nl
acquisitions.library.universiteitleiden.nl
cms-a.universiteitleiden.nl
planon-a.universiteitleiden.nl
web.universiteitleiden.nl
grasparkiet.leidenuniv.nl
aqa.universiteitleiden.nl
trail.universiteitleiden.nl
cms.universiteitleiden.nl
depthoffield.universiteitleiden.nl
www.universiteitleiden.nl
masters.universiteitleiden.nl
sapbo-acc.universiteitleiden.nl
planon-t.universiteitleiden.nl
ooievaar.web.leidenuniv.nl
ask-a-librarian.universiteitleiden.nl
scharrelaar-p3.leidenuniv.nl
presto-a.universiteitleiden.nl
grasparkiet.leidenuniv.nl
webpresentations-a.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
mfa.services.universiteitleiden.nl
mysites.universiteitleiden.nl
bachelors.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
mfa-a.services.universiteitleiden.nl
www.jotform3.leidenuniv.nl
finder.library.universiteitleiden.nl
scriptiebeoordeling-law.universiteitleiden.nl
planon.universiteitleiden.nl
redirectservice.universiteitleiden.nl
wiki.cfer.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
tornado-p-https.web.leidenuniv.nl
wbs.universiteitleiden.nl
tdm.universiteitleiden.nl
video.universiteitleiden.nl
planon.universiteitleiden.nl
aqa.universiteitleiden.nl
lu-card-activeren-a.universiteitleiden.nl
studiegids.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
video.universiteitleiden.nl
helpdesk-o.universiteitleiden.nl
mentornetwerk.universiteitleiden.nl
phdcareerplatform.universiteitleiden.nl
planon-a.universiteitleiden.nl
lenteactie.universiteitleiden.nl
aqa.universiteitleiden.nl
acquisitions.library.universiteitleiden.nl
aqa.universiteitleiden.nl
benb.universiteitleiden.nl
aqa.universiteitleiden.nl
aqa.universiteitleiden.nl
topaza-t.leidenuniv.nl
www-r.universiteitleiden.nl
omeroweb.services.universiteitleiden.nl
kokmeeuw.leidenuniv.nl
aqa.universiteitleiden.nl
indonesie.universiteitleiden.nl
gitlab.services.universiteitleiden.nl
scharrelaar-p3.leidenuniv.nl
studyspots.universiteitleiden.nl
mfa-a.services.universiteitleiden.nl
phdcareerplatform.universiteitleiden.nl
grasparkiet.leidenuniv.nl
rooster.universiteitleiden.nl
tornado-p-https.web.leidenuniv.nl
jatos.services.universiteitleiden.nl
webpresentations.universiteitleiden.nl
bookandbyte.universiteitleiden.nl
hop-qa.leidenuniv.nl
brightspacesupport.universiteitleiden.nl
sshgw01.alice.universiteitleiden.nl
numerusfixus.universiteitleiden.nl
weblectures.leidenuniv.nl
aqa.universiteitleiden.nl
account-a.services.universiteitleiden.nl
p-issc-009996.infra.leidenuniv.nl
jatos-t.services.universiteitleiden.nl
finder.library.universiteitleiden.nl
aqa.universiteitleiden.nl
lithium.liacs.nl
scharrelaar-p1.leidenuniv.nl
depthoffield.universiteitleiden.nl
indonesie.universiteitleiden.nl
aqa.universiteitleiden.nl

Certificate

The complete raw certificate details for www.universiteitleiden.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIKqTCCCJGgAwIBAgIRAP3hBa8fvC03++Bg/7jSS9swDQYJKoZIhvcNAQEMBQAw
RDELMAkGA1UEBhMCTkwxGTAXBgNVBAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNV
BAMTEUdFQU5UIE9WIFJTQSBDQSA0MB4XDTIzMTAyNDAwMDAwMFoXDTI0MTAyMzIz
NTk1OVowZjELMAkGA1UEBhMCTkwxFTATBgNVBAgTDFp1aWQtSG9sbGFuZDEcMBoG
A1UEChMTVW5pdmVyc2l0ZWl0IExlaWRlbjEiMCAGA1UEAxMZd3d3LnVuaXZlcnNp
dGVpdGxlaWRlbi5ubDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAN20
Aju6mVaoFoQwMYAiYncjgAN8wnmaRARiFK0m9XvtE0XYRAUyCLmFCjX+Ggm639IS
qIYQt/vU4QrE3vfIot3KqcbnqW/w1Wy9NPtmWZX7ZlNHKxIh/mVb5r8oC7nCE6sf
AquNYhjHs+2JTu9JdPewUuyBaG5R7H/XNLHN0qMiHTKt78oNlcVv0PbKbZvq6VLR
CqQRH5KmZ05KfKZ7wCPcUd/PpwTsrUObKnqJ2AiBr61NBHb++3tx8vCIIKZS8zNQ
ODDYmN/embSzdhpvS2NGkGlUF2Wonf4waFSZkqhYLZ75+KEvwkOOv+nnvdnQSvST
tVww1qsN/t7RhL8cX+cKa+o9iWFFu2z+/tXFolUfMaoOHfa4nMC5hrBupDzbVZj+
7SwhqR+fjD+q5SvWHbsPuUN7mq4QtHpvDl0IsYI23YBYsjRelVetP6JUUgwwDI9A
tB/MnxKaMUrqvM56Bh5eWH6qggVBwP5qVeG4LoUKu7sIz06fiKanyNh74ykc95b1
Wo9I4C3kDGWN+HGFU1pJozViJcv91heKF+yBC03mdZ2fPKjiekxNKgpzeSS+qHbx
fgkaAnk3VD+X/ezsvrHwArj8BNC6zfp0Bh7dp0TJy59Aa6+LxNaq00h6i2H2sYYj
w/RIWr/Y/twEXswX5lDuQhRTQaaWLpwlkjfA9mCBAgMBAAGjggVyMIIFbjAfBgNV
HSMEGDAWgBRvHTVJEGwy+lmgnryK6B+VvnF6DDAdBgNVHQ4EFgQUnnH6A+YC3qlU
8fnElHMBKJC2N1kwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHQYDVR0l
BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYLKwYBBAGyMQEC
Ak8wJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EM
AQICMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9HRUFOVC5jcmwuc2VjdGlnby5j
b20vR0VBTlRPVlJTQUNBNC5jcmwwdQYIKwYBBQUHAQEEaTBnMDoGCCsGAQUFBzAC
hi5odHRwOi8vR0VBTlQuY3J0LnNlY3RpZ28uY29tL0dFQU5UT1ZSU0FDQTQuY3J0
MCkGCCsGAQUFBzABhh1odHRwOi8vR0VBTlQub2NzcC5zZWN0aWdvLmNvbTCCAX4G
CisGAQQB1nkCBAIEggFuBIIBagFoAHYAdv+IPwq2+5VRwmHM9Ye6NLSkzbsp3GhC
Cp/mZ0xaOnQAAAGLYiLGPgAABAMARzBFAiEA6WrUTVZpCp/MhJf0ibgD4av8oPiU
bYuItDMus01K/9ACIHfEEzzKza0pYnZxP31HygYuuECXrtWRApiuo5MJEDSWAHYA
2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGLYiLGmQAABAMARzBF
AiEAgLG5HoQJvuMd0FJiRPneh+cxs9lV5B0nlqe7df1YHlACIDt96LNObEn6z7J8
8GlAOvdWSDyxA4wFg6hLcm4OdMjoAHYA7s3QZNXbGs7FXLedtM0TojKHRny87N7D
UUhZRnEftZsAAAGLYiLGqQAABAMARzBFAiAbLK07bo6+sm56tYYznDr+mgJi+Lks
NGsGYuDnleRsBgIhAIVnuxZWFSwR6Eu9baVTmzFAYxchh29Lfz87JqyRmIDOMIIC
aAYDVR0RBIICXzCCAluCGXd3dy51bml2ZXJzaXRlaXRsZWlkZW4ubmyCIWJpYmxp
b3RoZWVrLnVuaXZlcnNpdGVpdGxlaWRlbi5ubIIZY21zLnVuaXZlcnNpdGVpdGxl
aWRlbi5ubIIdbGlicmFyeS51bml2ZXJzaXRlaXRsZWlkZW4ubmyCBmx1Zi5ubIIh
bWVkZXdlcmtlcnMudW5pdmVyc2l0ZWl0bGVpZGVuLm5sgiVvcmdhbmlzYXRpZWdp
ZHMudW5pdmVyc2l0ZWl0bGVpZGVuLm5sgiVyZXNlYXJjaHN1cHBvcnQudW5pdmVy
c2l0ZWl0bGVpZGVuLm5sghtzdGFmZi51bml2ZXJzaXRlaXRsZWlkZW4ubmyCHXN0
dWRlbnQudW5pdmVyc2l0ZWl0bGVpZGVuLm5sghV1bml2ZXJzaXRlaXRsZWlkZW4u
bmyCJXd3dy5iaWJsaW90aGVlay51bml2ZXJzaXRlaXRsZWlkZW4ubmyCIXd3dy5s
aWJyYXJ5LnVuaXZlcnNpdGVpdGxlaWRlbi5ubIIKd3d3Lmx1Zi5ubIIld3d3Lm1l
ZGV3ZXJrZXJzLnVuaXZlcnNpdGVpdGxlaWRlbi5ubIIpd3d3Lm9yZ2FuaXNhdGll
Z2lkcy51bml2ZXJzaXRlaXRsZWlkZW4ubmyCKXd3dy5yZXNlYXJjaHN1cHBvcnQu
dW5pdmVyc2l0ZWl0bGVpZGVuLm5sgh93d3cuc3RhZmYudW5pdmVyc2l0ZWl0bGVp
ZGVuLm5sgiF3d3cuc3R1ZGVudC51bml2ZXJzaXRlaXRsZWlkZW4ubmwwDQYJKoZI
hvcNAQEMBQADggIBAGONl0oR74yUJY6U15OnfqNh3WQXa9zrRruo0psJayQC+A6i
VlOyGlkmptmsJ8CaJqGs+TWjyz7kwwPMZfd6JXzO8/2fqQ6JitYx/ngHA1fbZiPW
QCDmVmjV1yFlzirW7dd1nkfloi5/m/ShPU+rHD+TditHTm6AdYKCqnE/r77ccvL4
biKvjJ0aV3eqmRrW9Oxuj1+gz4M5Mc0S35RKDzZPbL/6Rbz9s0Y9J0S+atmnkqjZ
ZCDD7O6DLMXirYwGRAj5n8DSauTBy46iO0+ar7/yZ6HIFfY4g4MOGv/6ipb+Fbiz
wP1U/WtuXLS9x9y9CaHnL5k8CAM4W93yZuBS7/ldwOg/ajAQEaiJyIm8K6chuH1W
CofZZpI73Je3IjZ/F1HMgmQTQIF5GbgMBzJnVPyB2IpHfw8T/zTtNF6ByjoZ+51r
i9yKHjaizXNfbkKFBErbMxGBabCiLlQ2Mt0ZYK/n3zQoFkWU0KKju1eIh+zQN+9L
5TKtma59WByk1P9D9iD+Gyi/YtW2yyIEIMK7/pqE008cwEK9MHN3KPp3DYuRe4H8
SHDEq6sKWLHl+KxIHfSyz2HzLbMkN5n01R1hK5nddPGlr/8m8AQKiq/Rx/FDhTPb
JlCA05FJPSK625m2C72zc8gedjXRMTGgZPEmkLi3ssByjpR1wlB2fmeMdHx4
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA3bQCO7qZVqgWhDAxgCJi
dyOAA3zCeZpEBGIUrSb1e+0TRdhEBTIIuYUKNf4aCbrf0hKohhC3+9ThCsTe98ii
3cqpxuepb/DVbL00+2ZZlftmU0crEiH+ZVvmvygLucITqx8Cq41iGMez7YlO70l0
97BS7IFoblHsf9c0sc3SoyIdMq3vyg2VxW/Q9sptm+rpUtEKpBEfkqZnTkp8pnvA
I9xR38+nBOytQ5sqeonYCIGvrU0Edv77e3Hy8IggplLzM1A4MNiY396ZtLN2Gm9L
Y0aQaVQXZaid/jBoVJmSqFgtnvn4oS/CQ46/6ee92dBK9JO1XDDWqw3+3tGEvxxf
5wpr6j2JYUW7bP7+1cWiVR8xqg4d9ricwLmGsG6kPNtVmP7tLCGpH5+MP6rlK9Yd
uw+5Q3uarhC0em8OXQixgjbdgFiyNF6VV60/olRSDDAMj0C0H8yfEpoxSuq8znoG
Hl5YfqqCBUHA/mpV4bguhQq7uwjPTp+IpqfI2HvjKRz3lvVaj0jgLeQMZY34cYVT
WkmjNWIly/3WF4oX7IELTeZ1nZ88qOJ6TE0qCnN5JL6odvF+CRoCeTdUP5f97Oy+
sfACuPwE0LrN+nQGHt2nRMnLn0Brr4vE1qrTSHqLYfaxhiPD9Ehav9j+3ARezBfm
UO5CFFNBppYunCWSN8D2YIECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 337463065013552037213455260284559182811
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT Vereniging'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT OV RSA CA 4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-24 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-23 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Zuid-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Universiteit Leiden'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.universiteitleiden.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 904469977792653729890179810317785092306122925184277050706792024900211110389686195571593216702534239659850468483165042776562093016420736724578989947404060952683791754894405575180426424415910343480910989792387088312371423439436142323456215661623605815935922365177741863386296115346603867963503313401917730023526410669955825012711219519676321266778826605759099691690328193437452235737709514760766627426963839658478203073537337040021702128310180948854226489959599210190951597186167800163396015670998656940270757814038339542303666160306819346564087051292866022706482199619181795599316297032487296559261510199656027049646153086852691164137274040142857638217358915047989437840254142977081262305550426465252034791363704335600478506393358342153126446773904415051849994695290157041893872916828526448147089355210868604797539685349095390050132598874721626867724032581461446680520682896917457929865307920042812442590915409617857273362512114284084962470628704595968647444935290509644769054359358352285493346593500462341120147021439630044575466250357885358935447667717679470888216084346222748864515954321408008575622908483985859767374665862897131122668542391632424880347534753949476716868326181148197141197182239578296592886033799603182582409617537
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f1d3549106c32fa59a09ebc8ae81f95be717a0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							9e71fa03e602dea954f1f9c49473012890b63759
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.79
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (366 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (362 bytes)
							016800760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b6222c63e0000040300473045022100e96ad44d56690a9fcc8497f489b803e1abfca0f8946d8b88b4332eb34d4affd0022077c4133ccacdad296276713f7d47ca062eb84097aed5910298aea39309103496007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b6222c699000004030047304502210080b1b91e8409bee31dd0526244f9de87e731b3d955e41d2796a7bb75fd581e5002203b7de8b34e6c49facfb27cf069403af756483cb1038c0583a84b726e0e74c8e8007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b6222c6a9000004030047304502201b2cad3b6e8ebeb26e7ab586339c3afe9a0262f8b92c346b0662e0e795e46c060221008567bb1656152c11e84bbd6da5539b3140631721876f4b7f3f3b26ac919880ce
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (607 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'bibliotheek.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'library.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'luf.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'medewerkers.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'organisatiegids.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'researchsupport.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'staff.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'student.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.bibliotheek.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.library.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.luf.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.medewerkers.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.organisatiegids.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.researchsupport.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.staff.universiteitleiden.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.student.universiteitleiden.nl'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00638d974a11ef8c94258e94d793a77ea361dd64176bdceb46bba8d29b096b2402f80ea25653b21a5926a6d9ac27c09a26a1acf935a3cb3ee4c303cc65f77a257ccef3fd9fa90e898ad631fe78070357db6623d64020e65668d5d72165ce2ad6edd7759e47e5a22e7f9bf4a13d4fab1c3f93762b474e6e80758282aa713fafbedc72f2f86e22af8c9d1a5777aa991ad6f4ec6e8f5fa0cf833931cd12df944a0f364f6cbffa45bcfdb3463d2744be6ad9a792a8d96420c3ecee832cc5e2ad8c064408f99fc0d26ae4c1cb8ea23b4f9aafbff267a1c815f63883830e1afffa8a96fe15b8b3c0fd54fd6b6e5cb4bdc7dcbd09a1e72f993c0803385bddf266e052eff95dc0e83f6a301011a889c889bc2ba721b87d560a87d966923bdc97b722367f1751cc82641340817919b80c07326754fc81d88a477f0f13ff34ed345e81ca3a19fb9d6b8bdc8a1e36a2cd735f6e4285044adb33118169b0a22e543632dd1960afe7df3428164594d0a2a3bb578887ecd037ef4be532ad99ae7d581ca4d4ff43f620fe1b28bf62d5b6cb220420c2bbfe9a84d34f1cc042bd30737728fa770d8b917b81fc4870c4abab0a58b1e5f8ac481df4b2cf61f32db3243799f4d51d612b99dd74f1a5afff26f0040a8aafd1c7f1438533db265080d391493d22badb99b60bbdb373c81e7635d13131a064f12690b8b7b2c0728e9475c250767e678c747c78