mijn.bronckhorst.nl

- Gemeente Bronckhorst -

Issued by KPN BV PKIoverheid Organisatie Server CA - G3

About this certificate

This digital certificate with serial number 2e:f6:29:22:25:6d:d6:8f:86:aa:eb:7c:fa:1e:1e:99:6a:5f:74:fe was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Gemeente Bronckhorst

Company registration number: 00000001813647290000
Organization: Gemeente Bronckhorst
Organization unit: Gegevensbeheer
State / Province: Gelderland
Locality: Hengelo
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 2e:f6:29:22:25:6d:d6:8f:86:aa:eb:7c:fa:1e:1e:99:6a:5f:74:fe
Serial Number (int): 268103141999810576898144899681553886541458142462
Serial Number lenght: 158 bits, 20 octets

SubjectKeyId: d9:08:16:80:23:92:0b:61:08:d2:69:76:ed:60:5c:1c:ba:1d:1f:df
AuthorityKeyId: c3:9a:a6:7b:5e:74:2b:82:b6:c6:72:fd:74:4e:85:d2:97:cd:fd:18

Fingerprint (sha1): 78:ea:83:22:49:d5:90:b2:d6:9b:92:9f:5b:b3:b3:8f:95:40:53:5a
Fingerprint (sha256): 3d:5d:f7:b1:6c:86:84:25:17:d1:17:bf:62:32:f7:42:a3:d4:35:f3:87:5a:b8:e8:31:48:07:02:a4:dc:97:0f

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3-2019.cer

Revocation information

OCSP Server: http://g3ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl

Check the revocation status for certificate mijn.bronckhorst.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mijn.bronckhorst.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

mijn.bronckhorst.nl

Other certificates including the domain name bronckhorst.nl

(limited to 100 certificates)
meldingen.bronckhorst.nl
*.bronckhorst.nl
extranet.bronckhorst.nl
digikoppeling.bronckhorst.nl
duo.bronckhorst.nl
exchange.bronckhorst.nl
simsite.bronckhorst.nl
exchange.bronckhorst.nl
bronckhorst.nl
mijn.bronckhorst.nl
duo.bronckhorst.nl
mijninkomen.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
sync.bronckhorst.nl
extranet.bronckhorst.nl
intranet.bronckhorst.nl
mohis.bronckhorst.nl
certdurp.bronckhorst.nl
intranet.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
thuiswerken2.bronckhorst.nl
personeelshandboek.bronckhorst.nl
bronckhorst.nl
iparticipatie.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
brk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
secure.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
duo.bronckhorst.nl
felix.bronckhorst.nl
simsite.bronckhorst.nl
personeelshandboek.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
webmail.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
waarmerk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enserinck.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
afspraken.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
begraafplaatsreservering.bronckhorst.nl
test-ipa.bronckhorst.nl
intranet.bronckhorst.nl
ibzpink.bronckhorst.nl
intranet.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
exchange.bronckhorst.nl
wkpb.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
secure.bronckhorst.nl
waarmerk.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
digikoppeling.bronckhorst.nl
g-rooster.bronckhorst.nl
extranet.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
mijn.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
cloudadapter.bronckhorst.nl
www.bronckhorst.nl
exchange.bronckhorst.nl
afspraken.bronckhorst.nl
izaaksuite.bronckhorst.nl
simcms.bronckhorst.nl
wkpb.bronckhorst.nl
www.bronckhorst.nl
mdm-sentry.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
thuiswerken.bronckhorst.nl
mijninkomen.bronckhorst.nl
www.bronckhorst.nl
bronckhorst.nl
www.bronckhorst.nl

Certificate

The complete raw certificate details for mijn.bronckhorst.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIAzCCBeugAwIBAgIULvYpIiVt1o+Gqut8+h4emWpfdP4wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMRcwFQYDVQRhDA5O
VFJOTC0yNzEyNDcwMTE2MDQGA1UEAwwtS1BOIEJWIFBLSW92ZXJoZWlkIE9yZ2Fu
aXNhdGllIFNlcnZlciBDQSAtIEczMB4XDTE5MDYyMTA4MTAwMloXDTIwMDYwNzEz
MzAwMlowgakxCzAJBgNVBAYTAk5MMRMwEQYDVQQIDApHZWxkZXJsYW5kMRAwDgYD
VQQHDAdIZW5nZWxvMR0wGwYDVQQKDBRHZW1lZW50ZSBCcm9uY2tob3JzdDEXMBUG
A1UECwwOR2VnZXZlbnNiZWhlZXIxHTAbBgNVBAUTFDAwMDAwMDAxODEzNjQ3Mjkw
MDAwMRwwGgYDVQQDDBNtaWpuLmJyb25ja2hvcnN0Lm5sMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAq7kf+qX4mB/ih0PFUZ62sfzpXzg8VBmbFOMkIo88
dZD+H9oTN4x8zHSAVZ07RLZPLIjA3h6SgylMZTY+Q22lP7x3SPvdbBo/ZgjwSr8/
jnKbOD58tDHria3KYhDWqlFTSwjwNZY3jzQ1WJgCG6/h5hG+QOIOcZAWuk29NFpi
S715HCZf48Yi7i0TZC9lf2PD70V8mXL22g/rq6x7hONZKWE7BaMWTsGRqboBSz58
DTqNlIEfZa9kwsGRbKHSPPo00umdPmgZxi3BE5iA0unt55U7yu7LJLshE0jjZpDV
H3VKGFupToG3KF+Z5PkLhLIm2VNiOsPe3Z+2fq0ZIRYuoQIDAQABo4IDWDCCA1Qw
gZkGCCsGAQUFBwEBBIGMMIGJMF0GCCsGAQUFBzAChlFodHRwOi8vY2VydC5tYW5h
Z2VkcGtpLmNvbS9DQWNlcnRzL0tQTkJWUEtJb3ZlcmhlaWRPcmdhbmlzYXRpZVNl
cnZlckNBRzMtMjAxOS5jZXIwKAYIKwYBBQUHMAGGHGh0dHA6Ly9nM29jc3AubWFu
YWdlZHBraS5jb20wHQYDVR0OBBYEFNkIFoAjkgthCNJpdu1gXBy6HR/fMAwGA1Ud
EwEB/wQCMAAwHwYDVR0jBBgwFoAUw5qme150K4K2xnL9dE6F0pfN/RgwgbEGA1Ud
IASBqTCBpjCBmQYKYIQQAYdrAQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9j
ZXJ0aWZpY2FhdC5rcG4uY29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBD
DEFPcCBkaXQgY2VydGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4g
S1BOIHZhbiB0b2VwYXNzaW5nLjAIBgZngQwBAgIwXgYDVR0fBFcwVTBToFGgT4ZN
aHR0cDovL2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5CVlBLSW92ZXJoZWlkT3JnYW5p
c2F0aWVTZXJ2ZXJDQUczL0xhdGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgWgMB0G
A1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAeBgNVHREEFzAVghNtaWpuLmJy
b25ja2hvcnN0Lm5sMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAVYHUwhaQNgFK
6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAFreRXmBQAABAMARzBFAiAGJ0Mo30W9
dXJGDrz9Qci76IDgNTM2Dun+OlMHzp56fwIhAPD/j/0Pv85WRfJh6ZDBimqlncG2
CNmFKgZuMw0LYD1nAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csA
AAFreRXkhwAABAMARjBEAiBedjCrVxdkAf3+Db844jUxq+HxymRwAiPL3nV/RNxD
bAIgC0XuX5D4FdTwfhwYiFrk8ca2BLh7WNfhOMrwy+m2tzYwDQYJKoZIhvcNAQEL
BQADggIBAKPho72sgzqJywqCLJCYgn5Fwn3S4FA0LVi9IXuSLD0cVaZRo4qPkVTT
4hMcvRNJ1+JGxNPtR/KW/BfJ3P90k+UG6iD1fZB6c4/x/zWaJUCZ9Iwj9E+EhEjl
XdJqBbEZPqps0w15zDs7gyMG/G1IrfM+v2KEGJOCHPKSQENKYdp65FHETktqWmm5
+g3jU6RpZWGuPXP+vltcI2v4kS3HVMruMB0kdboEsfC0EuAEGwwLejPktAVty3a8
PDo5NfqBVfbhkq/pdEw5+l6adawbk9YOYwUxDsECVqINlWfjk9DLPx/8icXwfMFG
IZQ6TO2UZxWV5Sr5n5+GrOD/tMOlatqaH37gAVET8+qkPl7jyCxuga86xwBcDi3p
hyOJ/MxEfkrw4Y40wuMXU6ehcIGTvXnXAPKBNikqv0hT/qTn9e6IXXDjr9E7L7gD
D4j9BMR5sQyoYqEVTnyO0+b/0gXJOAtI0Aojy6OoIZjZXSgb3IqPvGLnP1DE/4II
vW0JvKf//amh1x7SqM6AemcIonudwuzAUdAINslTurGa2Q1YLXOv4JeMgGKb0ola
KNyVAsLGHjbRroSsLstenX7IwcqZj+LuuVON2pfYCZMaVB+eXGj6vAHsfsiHf0rJ
R/QV5AE2oFP7gl6+lU2BYh6ga9/hUzaHOQm24Oybc8fv77oyVLEW
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7kf+qX4mB/ih0PFUZ62
sfzpXzg8VBmbFOMkIo88dZD+H9oTN4x8zHSAVZ07RLZPLIjA3h6SgylMZTY+Q22l
P7x3SPvdbBo/ZgjwSr8/jnKbOD58tDHria3KYhDWqlFTSwjwNZY3jzQ1WJgCG6/h
5hG+QOIOcZAWuk29NFpiS715HCZf48Yi7i0TZC9lf2PD70V8mXL22g/rq6x7hONZ
KWE7BaMWTsGRqboBSz58DTqNlIEfZa9kwsGRbKHSPPo00umdPmgZxi3BE5iA0unt
55U7yu7LJLshE0jjZpDVH3VKGFupToG3KF+Z5PkLhLIm2VNiOsPe3Z+2fq0ZIRYu
oQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 268103141999810576898144899681553886541458142462
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.97
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'NTRNL-27124701'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN BV PKIoverheid Organisatie Server CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-06-21 08:10:02 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-06-07 13:30:02 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gelderland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Hengelo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gemeente Bronckhorst'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gegevensbeheer'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000001813647290000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'mijn.bronckhorst.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21678038648798409394364246930162980112085484774507948218046653597561781235263422381122344417023799666589064108322584257196159584060344078474819031541529762100188102235325593340577291145984839794173758094918634943832740967691144657166998851164470470908922553858026546631119967774313392012752103563619199926561361124385753347068623045657486438577834915908947196318859967783034462620232168166539156467741110090449964649683077227095053346074364162120720446443131441063506630446415232823544584682941203366672461026934919961175910523355963475783333152151073855538937995881199713107957425123081303291404442931090042664660641
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (140 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3-2019.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g3ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d908168023920b6108d26976ed605c1cba1d1fdf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c39aa67b5e742b82b6c672fd744e85d297cdfd18
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (23 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mijn.bronckhorst.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (244 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (241 bytes)
							00ef0076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000016b7915e6050000040300473045022006274328df45bd7572460ebcfd41c8bbe880e03533360ee9fe3a5307ce9e7a7f022100f0ff8ffd0fbfce5645f261e990c18a6aa59dc1b608d9852a066e330d0b603d67007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016b7915e487000004030046304402205e7630ab57176401fdfe0dbf38e23531abe1f1ca64700223cbde757f44dc436c02200b45ee5f90f815d4f07e1c18885ae4f1c6b604b87b58d7e138caf0cbe9b6b736
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00a3e1a3bdac833a89cb0a822c9098827e45c27dd2e050342d58bd217b922c3d1c55a651a38a8f9154d3e2131cbd1349d7e246c4d3ed47f296fc17c9dcff7493e506ea20f57d907a738ff1ff359a254099f48c23f44f848448e55dd26a05b1193eaa6cd30d79cc3b3b832306fc6d48adf33ebf62841893821cf29240434a61da7ae451c44e4b6a5a69b9fa0de353a4696561ae3d73febe5b5c236bf8912dc754caee301d2475ba04b1f0b412e0041b0c0b7a33e4b4056dcb76bc3c3a3935fa8155f6e192afe9744c39fa5e9a75ac1b93d60e6305310ec10256a20d9567e393d0cb3f1ffc89c5f07cc14621943a4ced94671595e52af99f9f86ace0ffb4c3a56ada9a1f7ee0015113f3eaa43e5ee3c82c6e81af3ac7005c0e2de9872389fccc447e4af0e18e34c2e31753a7a1708193bd79d700f28136292abf4853fea4e7f5ee885d70e3afd13b2fb8030f88fd04c479b10ca862a1154e7c8ed3e6ffd205c9380b48d00a23cba3a82198d95d281bdc8a8fbc62e73f50c4ff8208bd6d09bca7fffda9a1d71ed2a8ce807a6708a27b9dc2ecc051d00836c953bab19ad90d582d73afe0978c80629bd2895a28dc9502c2c61e36d1ae84ac2ecb5e9d7ec8c1ca998fe2eeb9538dda97d809931a541f9e5c68fabc01ec7ec8877f4ac947f415e40136a053fb825ebe954d81621ea06bdfe15336873909b6e0ec9b73c7efefba3254b116