topdesk-innovatie.kpnnet.org

- Koninklijke KPN N.V. -

Issued by KPN PKIoverheid Organisatie CA - G2

About this certificate

This digital certificate with serial number 5a:80:0c:28:da:f6:c6:60 was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
  • When the id-ad-caIssuers accessMethod is used, at least one instance SHOULD specify an accessLocation that is an HTTP or LDAP URI (RFC 5280: 4.2.2.1)
  • Subscriber certificates authorityInformationAccess extension should contain the HTTP URL of the issuing CA’s certificate (BRs: 7.1.2.3)

Koninklijke KPN N.V.

Company registration number: 00000003020452000000
Organization: Koninklijke KPN N.V.
State / Province: Zuid-Holland
Locality: 's-Gravenhage
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 5a:80:0c:28:da:f6:c6:60
Serial Number (int): 6521225630044309088
Serial Number lenght: 63 bits, 8 octets

SubjectKeyId: e3:26:67:16:d9:88:6e:03:10:1d:56:96:64:cf:6a:cc:d6:6c:6b:9c
AuthorityKeyId: 75:a3:4e:8f:1e:97:dd:6c:88:01:31:ef:72:21:c2:6e:60:94:7d:80

Fingerprint (sha1): a3:3e:1d:31:c4:3a:53:b7:cd:60:12:39:d5:3c:d4:69:e8:c0:ff:bd
Fingerprint (sha256): 42:8c:f2:82:8e:dd:0f:ae:ed:9b:fa:60:9a:1c:4c:2c:b3:75:4f:02:25:17:b6:57:38:9b:75:26:54:37:d6:28

Issuing Certificate URL: https://cert.managedpki.com/CAcerts/KPNPKIoverheidOrganisatieCAG2.cer

Revocation information

OCSP Server: http://g2ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNPKIoverheidOrganisatieCAG2/LatestCRL.crl

Check the revocation status for certificate topdesk-innovatie.kpnnet.org

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for topdesk-innovatie.kpnnet.org

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication
Email Protection

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

topdesk-innovatie.kpnnet.org

Other certificates including the domain name kpnnet.org

(limited to 100 certificates)
sentrymail.acc.kpnnet.org
bi.kpnnet.org
bi4dev.kpnnet.org
extselfsvc.kpnnet.org
bi.kpnnet.org
bprchatbot-acc.kpnnet.org
teamkpn-mobile.kpnnet.org
sharekpn.kpnnet.org
get-it.kpnnet.org
teamkpn-acc.kpnnet.org
ts.kpnnet.org
kpn-internal-wireless.kpnnet.org
kitnlams73s001.kpnnet.org
uat-sharekpn.kpnnet.org
wem-comet.kpnnet.org
KPN-PS02.kpnnet.org
zipsacc.kpnnet.org
cloudmail.kpnnet.org
cloudmail.kpnnet.org
ksp-admin-acc.kpnnet.org
sentryapp.acc.kpnnet.org
w2039.kpnnet.org
ciso-ksp.kpnnet.org
sentryapp.acc.kpnnet.org
bi4prd-web2.kpnnet.org
bi.kpnnet.org
filetrans.kpnnet.org
host-retail.kpnnet.org
TIMESHEET.KPNNET.ORG
sentrymail.kpnnet.org
FILETRANS.KPNNET.ORG
filetrans.kpnnet.org
filetrans.kpnnet.org
w2040.kpnnet.org
retailactueel-retail.kpnnet.org
iamportal.kpnnet.org
iamportaltst.kpnnet.org
password.kpnnet.org
KPN-PS02.kpnnet.org
mailercdn-teamkpn.kpnnet.org
teamkpn.kpnnet.org
teamkpn-acc.kpnnet.org
get-it.kpnnet.org
ksp-admin.kpnnet.org
zips.kpnnet.org
Extranet-uat.kpn.com
*.kpnnet.org
ksp-admin-acc.kpnnet.org
ts.kpnnet.org
Voice-of-the-Employee.kpnnet.org
*.kpnnet.org
bealert.kpnnet.org
winkeldossier-retail.kpnnet.org
bealert-acc.kpnnet.org
MAIL5.KPNNET.ORG
bodssnd.kpnnet.org
mail4.kpnnet.org
extranet-uat.kpn.com
wem-staging.kpnnet.org
filetrans.kpnnet.org
teamkpn-stats.kpnnet.org
mail1.kpnnet.org
*.kpnnet.org
teamkpn-chat.kpnnet.org
bisnd2.kpnnet.org
OAPILOT.KPNNET.ORG
portal117.kpnnet.org
KPN-PS02.kpnnet.org
PPScan.kpnnet.org
core.kpnnet.org
bisnd2.kpnnet.org
ksp-admin.kpnnet.org
sharekpn.kpnnet.org
ksp-admin.kpnnet.org
KPN-PS01.kpnnet.org
mail7.kpnnet.org
match.uat.kpnnet.org
teamkpn-mobile.kpnnet.org
extranet.kpn.com
ideedock.kpnnet.org
teamkpn-static.kpnnet.org
W2040.kpnnet.org
vpn.kpnnet.org
bealert.kpnnet.org
PROFINDER-UAT.KPNNET.ORG
bods4uat.kpnnet.org
bisnd2.kpnnet.org
mail2.kpnnet.org
extselfsvc.kpnnet.org
SENTRYAPP.KPNNET.ORG
ksp-admin-acc.kpnnet.org
test-paperlessshop-retail.kpnnet.org
adfs.kpnnet.org
topdesk-innovatie.kpnnet.org
bodsdev.kpnnet.org
uat-sharekpn.kpnnet.org
ws-mijnwerkplek.kpnnet.org
extselfsvc.kpnnet.org
*.kpnnet.org
Voice-of-the-Employee.kpnnet.org

Certificate

The complete raw certificate details for topdesk-innovatie.kpnnet.org in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGwjCCBKqgAwIBAgIIWoAMKNr2xmAwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMSwwKgYDVQQDDCNLUE4gUEtJb3Zlcmhl
aWQgT3JnYW5pc2F0aWUgQ0EgLSBHMjAeFw0xNjEwMTExMjUwMDlaFw0xOTEwMTEx
MjUwMDlaMIGhMQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xsYW5kMRYw
FAYDVQQHDA0ncy1HcmF2ZW5oYWdlMR0wGwYDVQQKDBRLb25pbmtsaWprZSBLUE4g
Ti5WLjEdMBsGA1UEBRMUMDAwMDAwMDMwMjA0NTIwMDAwMDAxJTAjBgNVBAMMHHRv
cGRlc2staW5ub3ZhdGllLmtwbm5ldC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQCiALgzD4k6UirwipusjjUpXFZtGTB/Zdjx/yTZXZBQQyDA06oL
gkKoAahK/6vWhu4vxS/AV0j7OOyG9ePErdhJIOS6FCNhp6PGV9LTTQ23/WCiVgN9
jeIRblt3IXX7rY6wmHLL12QLxVEIpfHFHEIWDv57Hkn68JOJP+Qg08q8IonglMfU
EOSi+LDm8/RBn87RUGbFc1rbgGviV3JIO8NTsdkgUEoWaMvHzOWCOwsw04MMg47O
aYurBsRmFsYL0m1kCgn7dHQIn8NMm4eDxkYEKXZRnddXFRJq7MJv/f1nW1BT/qog
2QayQ3i2ccKHBbQF6KBfA+eJH1Qkv9pPhUaNAgMBAAGjggJOMIICSjCBiwYIKwYB
BQUHAQEEfzB9MFEGCCsGAQUFBzAChkVodHRwczovL2NlcnQubWFuYWdlZHBraS5j
b20vQ0FjZXJ0cy9LUE5QS0lvdmVyaGVpZE9yZ2FuaXNhdGllQ0FHMi5jZXIwKAYI
KwYBBQUHMAGGHGh0dHA6Ly9nMm9jc3AubWFuYWdlZHBraS5jb20wHQYDVR0OBBYE
FOMmZxbZiG4DEB1WlmTPaszWbGucMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAU
daNOjx6X3WyIATHvciHCbmCUfYAwgbEGA1UdIASBqTCBpjCBmQYKYIQQAYdrAQIF
BjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZpY2FhdC5rcG4uY29tL3Br
aW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBkaXQgY2VydGlmaWNhYXQg
aXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZhbiB0b2VwYXNzaW5nLjAI
BgZngQwBAgIwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5tYW5hZ2VkcGtp
LmNvbS9LUE5QS0lvdmVyaGVpZE9yZ2FuaXNhdGllQ0FHMi9MYXRlc3RDUkwuY3Js
MA4GA1UdDwEB/wQEAwIFoDAnBgNVHSUEIDAeBggrBgEFBQcDAQYIKwYBBQUHAwIG
CCsGAQUFBwMEMCcGA1UdEQQgMB6CHHRvcGRlc2staW5ub3ZhdGllLmtwbm5ldC5v
cmcwDQYJKoZIhvcNAQELBQADggIBAHndP0QZuFtte9BauPVAB67Z2ROWejVpakYg
69sBl9a4jTworxiUvi0KrAVagxavpF3kQiA54oEzprVNRWTeA6gS+YKeM5/55xpX
rhL5dmbhksokuRfCSZATipCb+iX3eLn4wUgZBKh/mOHLdAcCWDQGIu8fkxrzcuLW
UrKPt4zUWF7knbcu/PnZ2Wu8y16ZEuN0QQYBy8QiaW8HUQ+ugG4aUxZ7Bx58/syL
Qr9Shi/v1io8inxconEwAKy0C5zgihA0x4eAMqFtNQOz4uCMt+SBjKJLJaEp+KGm
xG4ztZwTlKhu+/pS6dXlhgje2YnrhoEm0UI6+vcdPBSN2ope2hOCGNPP7W2WW2kE
KAwdQdFxMwZCGMXQki2mFPkf3ZtqJ2g8xkff5pdofDomOh6bya25n1haA96Nwv2s
gHF2CYubBdIVNTHDVDy/B5Ev+XSBusQHfsZ6Iiql79ols9kYLBHvLs9A63IIFiAo
Hf4om8EmCElO26b0CKOSImDt++JcRCaVoeomAbTMOzLyPbSnNT8HO3p7wgYzZHzy
9MJnMbCMjKEbpkzEYB3XjMYFzCt//WOL6/2zOW/FGPtLsfDWqeVPbb/UnyFDHi0L
gb/jKw5TRt9NHrj/lJnKjTD9ROYDUcfbbW4bN0pM+VoPrNHlSiIdF/H/0jsK3DLh
w8WcXM/a
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogC4Mw+JOlIq8IqbrI41
KVxWbRkwf2XY8f8k2V2QUEMgwNOqC4JCqAGoSv+r1obuL8UvwFdI+zjshvXjxK3Y
SSDkuhQjYaejxlfS000Nt/1golYDfY3iEW5bdyF1+62OsJhyy9dkC8VRCKXxxRxC
Fg7+ex5J+vCTiT/kINPKvCKJ4JTH1BDkoviw5vP0QZ/O0VBmxXNa24Br4ldySDvD
U7HZIFBKFmjLx8zlgjsLMNODDIOOzmmLqwbEZhbGC9JtZAoJ+3R0CJ/DTJuHg8ZG
BCl2UZ3XVxUSauzCb/39Z1tQU/6qINkGskN4tnHChwW0BeigXwPniR9UJL/aT4VG
jQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6521225630044309088
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN PKIoverheid Organisatie CA - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-10-11 12:50:09 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-10-11 12:50:09 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Zuid-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String ''s-Gravenhage'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Koninklijke KPN N.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000003020452000000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'topdesk-innovatie.kpnnet.org'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 20450960217536733666089701275381132985356962711165734314963318961557623849453102492838192232702009719884834203343862908062749584073364939174946593338663004788893655167706245720099727428477266535832270141620210330860240272581349189517739295001730872533569540679608336772498534987076312505946381441992653289138032581277630556491158731887946802917630951672522336130073679749849274641718921258060620022256487757824504499236576396824656300874978145294681529556159369924233723740709914077413374500443370757673232510872490134967329098476512631334851355956849432927884165741519005077431372035084801864179962381067470118405773
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (127 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'https://cert.managedpki.com/CAcerts/KPNPKIoverheidOrganisatieCAG2.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g2ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e3266716d9886e03101d569664cf6accd66c6b9c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 75a34e8f1e97dd6c880131ef7221c26e60947d80
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNPKIoverheidOrganisatieCAG2/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.4 (emailProtection)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'topdesk-innovatie.kpnnet.org'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0079dd3f4419b85b6d7bd05ab8f54007aed9d913967a35696a4620ebdb0197d6b88d3c28af1894be2d0aac055a8316afa45de4422039e28133a6b54d4564de03a812f9829e339ff9e71a57ae12f97666e192ca24b917c24990138a909bfa25f778b9f8c1481904a87f98e1cb74070258340622ef1f931af372e2d652b28fb78cd4585ee49db72efcf9d9d96bbccb5e9912e374410601cbc422696f07510fae806e1a53167b071e7cfecc8b42bf52862fefd62a3c8a7c5ca2713000acb40b9ce08a1034c7878032a16d3503b3e2e08cb7e4818ca24b25a129f8a1a6c46e33b59c1394a86efbfa52e9d5e58608ded989eb868126d1423afaf71d3c148dda8a5eda138218d3cfed6d965b6904280c1d41d17133064218c5d0922da614f91fdd9b6a27683cc647dfe697687c3a263a1e9bc9adb99f585a03de8dc2fdac807176098b9b05d2153531c3543cbf07912ff97481bac4077ec67a222aa5efda25b3d9182c11ef2ecf40eb72081620281dfe289bc12608494edba6f408a3922260edfbe25c442695a1ea2601b4cc3b32f23db4a7353f073b7a7bc20633647cf2f4c26731b08c8ca11ba64cc4601dd78cc605cc2b7ffd638bebfdb3396fc518fb4bb1f0d6a9e54f6dbfd49f21431e2d0b81bfe32b0e5346df4d1eb8ff9499ca8d30fd44e60351c7db6d6e1b374a4cf95a0facd1e54a221d17f1ffd23b0adc32e1c3c59c5ccfda