www.kida-bmel.de
- Johann Heinrich von Thünen-Institut -
Issued by GEANT OV RSA CA 4
About this certificate
This digital certificate with serial number 21:3c:e4:ac:0b:2d:51:2e:8a:a0:c7:70:74:14:ca:65 was issued on by GEANT Vereniging.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Johann Heinrich von Thünen-Institut
Organization:
Johann Heinrich von Thünen-Institut
State / Province:
Niedersachsen
Country: DE
Country: DE
GEANT Vereniging
Organization:
GEANT Vereniging
Country:
NL
This certificate will expire on
Certificate Details
Serial Number (hex): 21:3c:e4:ac:0b:2d:51:2e:8a:a0:c7:70:74:14:ca:65Serial Number (int): 44180699692507018638002185991898843749
Serial Number lenght: 126 bits, 16 octets
SubjectKeyId: aa:f7:12:67:13:ef:53:10:04:13:71:4b:29:a2:4f:5f:fd:58:e5:71
AuthorityKeyId: 6f:1d:35:49:10:6c:32:fa:59:a0:9e:bc:8a:e8:1f:95:be:71:7a:0c
Fingerprint (sha1): 2c:90:0c:d1:a7:82:a3:8b:5e:8e:79:16:42:72:2d:f7:9f:05:f5:74
Fingerprint (sha256): 41:2e:03:af:b9:cb:76:6e:89:d0:e0:a0:bd:48:38:d2:cc:f4:1a:84:78:b0:61:dd:ab:54:27:36:58:3c:9f:ce
Issuing Certificate URL: http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt
Revocation information
OCSP Server: http://GEANT.ocsp.sectigo.comCRL Distribution Point: http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl
Check the revocation status for certificate www.kida-bmel.de
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for www.kida-bmel.de
Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA384 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
www.kida-bmel.de
kida-bmel.de
kida-bmel.de
Other certificates including the domain name kida-bmel.de
(limited to 100 certificates)
Certificate
The complete raw certificate details for www.kida-bmel.de in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIIczCCBlugAwIBAgIQITzkrAstUS6KoMdwdBTKZTANBgkqhkiG9w0BAQwFADBE MQswCQYDVQQGEwJOTDEZMBcGA1UEChMQR0VBTlQgVmVyZW5pZ2luZzEaMBgGA1UE AxMRR0VBTlQgT1YgUlNBIENBIDQwHhcNMjMwNjIwMDAwMDAwWhcNMjQwNjE5MjM1 OTU5WjBvMQswCQYDVQQGEwJERTEWMBQGA1UECBMNTmllZGVyc2FjaHNlbjEtMCsG A1UECgwkSm9oYW5uIEhlaW5yaWNoIHZvbiBUaMO8bmVuLUluc3RpdHV0MRkwFwYD VQQDExB3d3cua2lkYS1ibWVsLmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC CgKCAgEAoAUsahG46SmFpjb7rURHavpue1Ev7/t8qU/QtJ7ymAkcktm6eOeWDvrB +zHGQTpTtbbH88YUpPNtGWaX6/8wRCWOruPm/5D+6YsIJfcRz+jGo7piQYDQJTyc ZW3LbfzSacrnPUq4xCO/8YFkHQPMH9UBTkEBAp29QjM2FZg144Plg+XsQF6OkL8g O6lszEddrz3m9kEQl+6hT6LVemEvT6rjaD27doMac9A8UEKeUs29Xx/prKr02PH+ RNZ6Cz/P/Vgw/I1qH7lXxpdrDhkGczfDPcRXTk5G859FJpaTG7uTOh33Mouv+mEl soGWRn7oaWYQ0brA7OQFgAmXBb09SHd+gFyBjQLxcCnNOe9VOMCBT3nvlZpD/3bb vetoPXXBCkM/ii2IXelevG2k3FQqDnpAvkZr+uHYIh3kHaPDlq1MXQ0JIiqMksDW tIM0dgrkF2tsyla+qID0GcWFSg6/yPLu3GLz0qSoMbLUKC18ZwtLD4+oKbx3oMK5 +fzTjJhKWroo5FFyFoyOSYxA3p0FkzAw0mbQKew8cqZbJj3Lh8diAvq2QrVsqPB2 H67fRW+fFv4bxReqDH8QmSC8BUQeQeLqjvlLINfFRXoMUxSmw4TEQrTrGGmb8a97 VGPk5zihEqS7wf5fxTIV7p46FgqrvZ9KTVCb9MfxindXrC207oECAwEAAaOCAzQw ggMwMB8GA1UdIwQYMBaAFG8dNUkQbDL6WaCevIroH5W+cXoMMB0GA1UdDgQWBBSq 9xJnE+9TEAQTcUspok9f/VjlcTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIw ADAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0Bgsr BgEEAbIxAQICTzAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQ UzAIBgZngQwBAgIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL0dFQU5ULmNybC5z ZWN0aWdvLmNvbS9HRUFOVE9WUlNBQ0E0LmNybDB1BggrBgEFBQcBAQRpMGcwOgYI KwYBBQUHMAKGLmh0dHA6Ly9HRUFOVC5jcnQuc2VjdGlnby5jb20vR0VBTlRPVlJT QUNBNC5jcnQwKQYIKwYBBQUHMAGGHWh0dHA6Ly9HRUFOVC5vY3NwLnNlY3RpZ28u Y29tMIIBgQYKKwYBBAHWeQIEAgSCAXEEggFtAWsAdwB2/4g/Crb7lVHCYcz1h7o0 tKTNuyncaEIKn+ZnTFo6dAAAAYjYJG7cAAAEAwBIMEYCIQCioBiIsXdffft0pHzV HTHVOqaTvs7oTizaRl6fkLkJzAIhAOolV8A4Ji4Fg6eTTSBVUyYP61dX7g4fCi9X ZDmbVXIyAHcA2ra/az+1tiKfm8K7XGvocJFxbLtRhIU0vaQ9MEjX+6sAAAGI2CRv OQAABAMASDBGAiEA3wSDtzCv8AlrVFvXJoCh1Kwyeut7WGPODCQ1H8fPt9MCIQD5 40+LpfQuTv1QvOv/Jik4zWPDqldXocFsfvJyM3Lt4wB3AO7N0GTV2xrOxVy3nbTN E6Iyh0Z8vOzew1FIWUZxH7WbAAABiNgkbwcAAAQDAEgwRgIhALiGDxSEfOiw8+px aESAO2KMD2lTmHTAZxczBFFIpQjGAiEAjGOkBQFs/z8jEB/l+JeV1sej5tPuquK0 JFoAv5SBrrIwKQYDVR0RBCIwIIIQd3d3LmtpZGEtYm1lbC5kZYIMa2lkYS1ibWVs LmRlMA0GCSqGSIb3DQEBDAUAA4ICAQBX3yDSDRtJkHHPr9tp5sl+PHdvsTdmVd9H Aykb4+arPEaG9QN0nxL5+x5kZcnxpTI4o9oP2RkKhaW0YI+zcZg2IDuWK3fFeIhr hJS5onq3iovHIMr4boiI+1894aVmvD597X9Hd1ody4OIFaGHjWRAKIhWwdevfq0b 79cf7yDXNDFuvsoDHEl+g9wQlkFvpoYBluWCvL4+vCLnNSwF5ttMpE6sfIwZS4by UljjPZsYJ0XIQEo1NLIRW7TbVn/DAlL1CDObtl9c0CChbMKQDzuYqO9/EqN081P9 0okk/V4U5WH3jyVjeM5qdnZbVml7jQs4vaX570WB8Sb4XK01FKdcBtJBU4hRAznB P2qAptK+XgE2ZWWHOAgRFeBq83E3JxPffTnTBDC5Rjio71MZqP913yymNotWXPEV apLTIPpeKkm5HUgUA2I3m4pZd43/TI7IjIJAHjP/G6ay+iPDcSlV0j2XgVK96v+v CQKMvjwfB/wOAzA76fombjd44F6dkCtbhQWFkEH7TMDSunAzADjlPVIemkN8s9C9 yGNjMufa3+RW5oto/R96BDigBEyHvvG1HmRqDfg11qIonMx8BbkUidATbJAh39Ct Ibtbqi00WoiT2+dIS7PvweEfe+htgkt1WHQeVB0Pa4Vdh8qRVH4Y286JC/IRvEnL IBRrSaYZmg== -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoAUsahG46SmFpjb7rURH avpue1Ev7/t8qU/QtJ7ymAkcktm6eOeWDvrB+zHGQTpTtbbH88YUpPNtGWaX6/8w RCWOruPm/5D+6YsIJfcRz+jGo7piQYDQJTycZW3LbfzSacrnPUq4xCO/8YFkHQPM H9UBTkEBAp29QjM2FZg144Plg+XsQF6OkL8gO6lszEddrz3m9kEQl+6hT6LVemEv T6rjaD27doMac9A8UEKeUs29Xx/prKr02PH+RNZ6Cz/P/Vgw/I1qH7lXxpdrDhkG czfDPcRXTk5G859FJpaTG7uTOh33Mouv+mElsoGWRn7oaWYQ0brA7OQFgAmXBb09 SHd+gFyBjQLxcCnNOe9VOMCBT3nvlZpD/3bbvetoPXXBCkM/ii2IXelevG2k3FQq DnpAvkZr+uHYIh3kHaPDlq1MXQ0JIiqMksDWtIM0dgrkF2tsyla+qID0GcWFSg6/ yPLu3GLz0qSoMbLUKC18ZwtLD4+oKbx3oMK5+fzTjJhKWroo5FFyFoyOSYxA3p0F kzAw0mbQKew8cqZbJj3Lh8diAvq2QrVsqPB2H67fRW+fFv4bxReqDH8QmSC8BUQe QeLqjvlLINfFRXoMUxSmw4TEQrTrGGmb8a97VGPk5zihEqS7wf5fxTIV7p46Fgqr vZ9KTVCb9MfxindXrC207oECAwEAAQ== -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 44180699692507018638002185991898843749 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT Vereniging' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT OV RSA CA 4' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-06-20 00:00:00 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-19 23:59:59 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Niedersachsen' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Johann Heinrich von Thünen-Institut' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.kida-bmel.de' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 652825496242670112393702524213943343556901301097344334014362937505815278797339503598486663198923159109928038401912902877938857566961152065589965983918848821704211289769522857789270799475844517829938214687189345838916429077793940684967252340295204417050535201125982709273708752616120669367837692748552595302262196446126730782059912889003305153954707097948876247042958540997655754966322720711593359587279753051962074822472591002685390604545665021652133236275836251261270237877294473957817382074639083398468648338975691360721153948116152206950401801480457953561433358065197956577979609656731847350633240812263555988819430540457868436133253543422918115679124372594198865442912531897259591898575061211001046766371672355014555449035549344837280886606318871729837632651227978494801000705339634886046474848359534100635857713668546979591490460779359844562700407209311124224418908313443430626999561977704279576526540868643972776317839788501579594619465569897408005793019430629891218133285128519920783826113261886269314405105995390783445554988080780042918603359546650923638341608952818940722038022963145028548849320615026608789275621774605375313406224758715977770133885818468450587207499538017545353231965700236694114733201769826396924120723073 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f1d3549106c32fa59a09ebc8ae81f95be717a0c . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) aaf7126713ef53100413714b29a24f5ffd58e571 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.79 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.ocsp.sectigo.com' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (369 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes) 016b00770076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a7400000188d8246edc0000040300483046022100a2a01888b1775f7dfb74a47cd51d31d53aa693becee84e2cda465e9f90b909cc022100ea2557c038262e0583a7934d205553260feb5757ee0e1f0a2f5764399b557232007700dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab00000188d8246f390000040300483046022100df0483b730aff0096b545bd72680a1d4ac327aeb7b5863ce0c24351fc7cfb7d3022100f9e34f8ba5f42e4efd50bcebff262938cd63c3aa5757a1c16c7ef2723372ede3007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b00000188d8246f070000040300483046022100b8860f14847ce8b0f3ea716844803b628c0f69539874c0671733045148a508c60221008c63a405016cff3f23101fe5f89795d6c7a3e6d3eeaae2b4245a00bf9481aeb2 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kida-bmel.de' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kida-bmel.de' . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 0057df20d20d1b499071cfafdb69e6c97e3c776fb1376655df4703291be3e6ab3c4686f503749f12f9fb1e6465c9f1a53238a3da0fd9190a85a5b4608fb3719836203b962b77c578886b8494b9a27ab78a8bc720caf86e8888fb5f3de1a566bc3e7ded7f47775a1dcb838815a1878d6440288856c1d7af7ead1befd71fef20d734316ebeca031c497e83dc1096416fa6860196e582bcbe3ebc22e7352c05e6db4ca44eac7c8c194b86f25258e33d9b182745c8404a3534b2115bb4db567fc30252f508339bb65f5cd020a16cc2900f3b98a8ef7f12a374f353fdd28924fd5e14e561f78f256378ce6a76765b56697b8d0b38bda5f9ef4581f126f85cad3514a75c06d2415388510339c13f6a80a6d2be5e013665658738081115e06af371372713df7d39d30430b94638a8ef5319a8ff75df2ca6368b565cf1156a92d320fa5e2a49b91d48140362379b8a59778dff4c8ec88c82401e33ff1ba6b2fa23c3712955d23d978152bdeaffaf09028cbe3c1f07fc0e03303be9fa266e3778e05e9d902b5b8505859041fb4cc0d2ba70330038e53d521e9a437cb3d0bdc8636332e7dadfe456e68b68fd1f7a0438a0044c87bef1b51e646a0df835d6a2289ccc7c05b91489d0136c9021dfd0ad21bb5baa2d345a8893dbe7484bb3efc1e11f7be86d824b7558741e541d0f6b855d87ca91547e18dbce890bf211bc49cb20146b49a6199a