www.gemeentewestland.nl

- Gemeente Westland -

Issued by Getronics CSP Organisatie CA - G2

About this certificate

This digital certificate with serial number 69:6c:a8:bc:b4:b0:01:22:31:90:72:69:4e:d0:4c:8a was issued on by Getronics Nederland BV.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificate with an RSA key contains invalid key usage(s): KeyUsageKeyAgreement Key usage values digitalSignature, nonRepudiation, keyEncipherment, and dataEncipherment may only be present in an end entity certificate with an RSA key (RFC 3279: 2.3.1)

Gemeente Westland

Organization: Gemeente Westland
Organization unit: ICT Afdeling
State / Province: ZH
Locality: Naaldwijk
Country: NL

Getronics Nederland BV

Organization: Getronics Nederland BV
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 69:6c:a8:bc:b4:b0:01:22:31:90:72:69:4e:d0:4c:8a
Serial Number (int): 140133130013765972266329274439573720202
Serial Number lenght: 127 bits, 16 octets

SubjectKeyId: 4c:da:de:a8:94:3f:9a:5e:a5:2d:69:b3:83:02:cc:0d:5a:f2:b8:6a
AuthorityKeyId: 38:b2:85:e6:ad:f8:a6:d0:41:58:5b:78:6f:dc:d5:b8:44:76:c5:7b

Fingerprint (sha1): 9f:85:fc:8c:01:fb:3b:9b:d1:6c:a0:c5:fc:93:48:7f:c2:03:85:28
Fingerprint (sha256): 43:67:68:53:bf:6d:3d:6f:ad:0d:79:84:4f:b1:25:db:dd:74:58:7e:eb:e3:50:69:88:91:db:85:a0:70:39:6d


Revocation information

OCSP Server: http://ocsp2.managedpki.com
CRL Distribution Point: http://cert.managedpki.com/pkioverheid/crl/GetronicsCSPOrganisatieCAG2/LatestCRL.crl

Check the revocation status for certificate www.gemeentewestland.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for www.gemeentewestland.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment
Key Agreement

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

www.gemeentewestland.nl

Other certificates including the domain name gemeentewestland.nl

(limited to 100 certificates)
stratech.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
*.gemeentewestland.nl
gemeentewestland.nl
stratech.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
www.gemeentewestland.nl
afspraak.gemeentewestland.nl
apigateway.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
mobile.gemeentewestland.nl
www.gemeentewestland.nl
squitxo-prd.gemeentewestland.nl
intranet.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
belastingen.gemeentewestland.nl
preproductie.gemeentewestland.nl
stratech.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
loket.gemeentewestland.nl
pvsor.gemeentewestland.nl
belastingen.gemeentewestland.nl
stratech.gemeentewestland.nl
sharefile.gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
squitxo-tst.gemeentewestland.nl
acceptatie.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
belastingen.gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
gemeentewestland.nl
mijn.gemeentewestland.nl
www.gemeentewestland.nl
gemeentewestland.nl
*.gemeentewestland.nl
waarmerk.gemeentewestland.nl
acceptatie-intranet.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
basisregistraties.gemeentewestland.nl
www.gemeentewestland.nl
squitxo-prd.gemeentewestland.nl
waarmerk.gemeentewestland.nl
webmail.gemeentewestland.nl
mijn.gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
stratech.gemeentewestland.nl
loket.gemeentewestland.nl
gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
acceptatie.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
stratech.gemeentewestland.nl
mdm.gemeentewestland.nl
gemeentewestland.nl
www.gemeentewestland.nl
intranet.gemeentewestland.nl
intranet.gemeentewestland.nl
basisregistraties.gemeentewestland.nl
squitxo-tst.gemeentewestland.nl
squitxo-prd.gemeentewestland.nl
legacy.gemeentewestland.nl
gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
oudewebsite.gemeentewestland.nl
gemeentewestland.nl
squitxo-tst.gemeentewestland.nl
belastingbalie.gemeentewestland.nl
preproductie.gemeentewestland.nl
bestemmingsplannen.gemeentewestland.nl
loket.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
westlandbudgetbeheer.gemeentewestland.nl
micollab.gemeentewestland.nl
belastingen.gemeentewestland.nl
sociaalplein.gemeentewestland.nl
apigateway2.gemeentewestland.nl
mijn.gemeentewestland.nl
remote.gemeentewestland.nl
berichtenverkeer.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
edienstenburgerzaken.gemeentewestland.nl
westlandbudgetbeheer.gemeentewestland.nl
loket.gemeentewestland.nl
guestportal.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
intranet.gemeentewestland.nl
loket.gemeentewestland.nl
preproductie.gemeentewestland.nl
loket.gemeentewestland.nl
belastingen.gemeentewestland.nl
*.gemeentewestland.nl
*.gemeentewestland.nl
login.gemeentewestland.nl
belastingen.gemeentewestland.nl
mijn.gemeentewestland.nl
belastingen.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
stratech.gemeentewestland.nl

Certificate

The complete raw certificate details for www.gemeentewestland.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGrDCCBJSgAwIBAgIQaWyovLSwASIxkHJpTtBMijANBgkqhkiG9w0BAQsFADBa
MQswCQYDVQQGEwJOTDEfMB0GA1UECgwWR2V0cm9uaWNzIE5lZGVybGFuZCBCVjEq
MCgGA1UEAwwhR2V0cm9uaWNzIENTUCBPcmdhbmlzYXRpZSBDQSAtIEcyMB4XDTEy
MDEwNTAwMDAwMFoXDTE1MDEwNDIzNTk1OVowgYMxCzAJBgNVBAYTAk5MMQswCQYD
VQQIDAJaSDESMBAGA1UEBwwJTmFhbGR3aWprMRowGAYDVQQKDBFHZW1lZW50ZSBX
ZXN0bGFuZDEVMBMGA1UECwwMSUNUIEFmZGVsaW5nMSAwHgYDVQQDDBd3d3cuZ2Vt
ZWVudGV3ZXN0bGFuZC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AK6UKgYTwAHcd0QgqYt9QhfCUXCt9AttsDd1iIlm5JsCnjAeMjSieOAQeb9JncGS
sO3qFiPrr92k5syEQeEr6XXKn7vkUwG7fIPx4IeiVKrMbZGmlqW8WP+5FF2ffO/b
dJxur8JMYrtnkE69WKX0L/UVvy5uTWEF7mDCwHyBQ2n92h7dxm4rXV1ftCYdx4dm
uKATimpoIc/wf8XRSbs+rh0RvdpEKWcvAIRX1JtDW50gAEFm5ZHwYV+H/SPuAm9H
RWcA8+Ja4OLbFhXGlNctHfcVaAM3OchQkQGbMdYdJjfJzNBqAZLuQvWKAGBx63fi
qpIqQUFOC0T7PB52K5p4GHECAwEAAaOCAkIwggI+MAwGA1UdEwEB/wQCMAAwZQYD
VR0fBF4wXDBaoFigVoZUaHR0cDovL2NlcnQubWFuYWdlZHBraS5jb20vcGtpb3Zl
cmhlaWQvY3JsL0dldHJvbmljc0NTUE9yZ2FuaXNhdGllQ0FHMi9MYXRlc3RDUkwu
Y3JsMA4GA1UdDwEB/wQEAwIDqDCBrgYDVR0gBIGmMIGjMIGgBgpghBABh2sBAgUG
MIGRMDgGCCsGAQUFBwIBFixodHRwczovL3d3dy5wa2kuZ2V0cm9uaWNzLm5sL3Br
aW92ZXJoZWlkL2NwczBVBggrBgEFBQcCAjBJGkdPcCBkaXQgY2VydGlmaWNhYXQg
aXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gR2V0cm9uaWNzIHZhbiB0b2VwYXNz
aW5nLjAfBgNVHSMEGDAWgBQ4soXmrfim0EFYW3hv3NW4RHbFezAdBgNVHQ4EFgQU
TNreqJQ/ml6lLWmzgwLMDVryuGowHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUF
BwMCMG4GA1UdEQRnMGWCF3d3dy5nZW1lZW50ZXdlc3RsYW5kLm5soEoGCisGAQQB
gjcUAgOgPAw6Mi4xNi41MjguMS4xMDAzLjEuMy41LjQuMS42MTI5OTRhY2IwMjUx
YTNiNTAwZmQ5NjYyNTEzYzE5YTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGG
G2h0dHA6Ly9vY3NwMi5tYW5hZ2VkcGtpLmNvbTANBgkqhkiG9w0BAQsFAAOCAgEA
cUUaWJ3N2JYJGpuvQaitfRq/dzbEe4/Jp8feVbRBoe995Tjo6T8DLz9CMMjpsuw/
THTlG0rlhXQmPqtXi8hlBIlF6jHmyASMCYl6G/Iw8aQtU5cQ7QsUcFguBKOvaa9Y
XYySYfb2gdrk8MUM5dk3+tkP1bKmEhfMqutprGozpcjHonM7bxSkKCAAsqqohr6k
xkFiq4Hy00tfLk4lwQKMvusSgEanc8TohpfssXWyI+cvxQ7eyHG2Jv0PkgVn68fZ
XY8yQHMldF4DUi27heohAI1Oni8c5ayYOBw59hCB4oJ+FAR0LbLydB/wDQGjNgLu
mOEtxP7Zf7Ugq+Cxef4WWdkbWScb5Sedb5GD+dDfT85Hhzmp3lB/WtEWKCgvtju2
vIqV4s46Nfn5cMJnP7ZdyQbupatZeGTaIZCKy74g5gSluPDjkRbKF0Z4CsL0mKER
UG4FBrLAJ2QQK4E52eOT742xU9NI+1mIZUFOLA/XRJLFLLU7YG/llqpSa8NcaiJ3
ELQJCvH5rl85xat2jjzeiZOuXTJs4BFCA4aj6xOyvUdyK39UO00KEN4zeReQ40G0
XsFi0lxyLAahKyHpzFl867Ffw6FFH4XwJQeO7QTatyqjaV3Na/yb1LiswvbtOO0D
Gi7ZBItkNyk6vOCTXX4DHAyCkBKv/I60gPwsT3pyMeg=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpQqBhPAAdx3RCCpi31C
F8JRcK30C22wN3WIiWbkmwKeMB4yNKJ44BB5v0mdwZKw7eoWI+uv3aTmzIRB4Svp
dcqfu+RTAbt8g/Hgh6JUqsxtkaaWpbxY/7kUXZ9879t0nG6vwkxiu2eQTr1YpfQv
9RW/Lm5NYQXuYMLAfIFDaf3aHt3GbitdXV+0Jh3Hh2a4oBOKamghz/B/xdFJuz6u
HRG92kQpZy8AhFfUm0NbnSAAQWblkfBhX4f9I+4Cb0dFZwDz4lrg4tsWFcaU1y0d
9xVoAzc5yFCRAZsx1h0mN8nM0GoBku5C9YoAYHHrd+KqkipBQU4LRPs8HnYrmngY
cQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 140133130013765972266329274439573720202
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Getronics Nederland BV'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Getronics CSP Organisatie CA - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2012-01-05 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2015-01-04 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'ZH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Naaldwijk'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gemeente Westland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'ICT Afdeling'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'www.gemeentewestland.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22038527532113552131913995729905996332706391690141540721421700387309540299637057728925930783482133208416098547578876402567405752527704567663242193820848549121801873101351937510168003223654833029614256711977535655416115315147453557364291620507633720694998007926392449390232082179024095141377979070142775306516485168369452218459952396895710232831774462049797261079766452251547431316560830082197797500897883300184998327730381519867994647507660761732873620930953197985967784998709503750340157110239578997980174515733856833916976071991525447099652808355896793430144441766498563032008252244041404970596877666703987116087409
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (94 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/pkioverheid/crl/GetronicsCSPOrganisatieCAG2/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (5 bits)
							03a8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (166 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.pki.getronics.nl/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:26|false] VisibleString, ISO646String [79 112 32 100 105 116 32 99 101 114 116 105 102 105 99 97 97 116 32 105 115 32 104 101 116 32 67 80 83 32 80 75 73 111 118 101 114 104 101 105 100 32 118 97 110 32 71 101 116 114 111 110 105 99 115 32 118 97 110 32 116 111 101 112 97 115 115 105 110 103 46]
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 38b285e6adf8a6d041585b786fdcd5b84476c57b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							4cdadea8943f9a5ea52d69b38302cc0d5af2b86a
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (103 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.gemeentewestland.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2.3 (universalPrincipalName)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '2.16.528.1.1003.1.3.5.4.1.612994acb0251a3b500fd9662513c19a'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (43 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.managedpki.com'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0071451a589dcdd896091a9baf41a8ad7d1abf7736c47b8fc9a7c7de55b441a1ef7de538e8e93f032f3f4230c8e9b2ec3f4c74e51b4ae58574263eab578bc865048945ea31e6c8048c09897a1bf230f1a42d539710ed0b1470582e04a3af69af585d8c9261f6f681dae4f0c50ce5d937fad90fd5b2a61217ccaaeb69ac6a33a5c8c7a2733b6f14a4282000b2aaa886bea4c64162ab81f2d34b5f2e4e25c1028cbeeb128046a773c4e88697ecb175b223e72fc50edec871b626fd0f920567ebc7d95d8f32407325745e03522dbb85ea21008d4e9e2f1ce5ac98381c39f61081e2827e1404742db2f2741ff00d01a33602ee98e12dc4fed97fb520abe0b179fe1659d91b59271be5279d6f9183f9d0df4fce478739a9de507f5ad11628282fb63bb6bc8a95e2ce3a35f9f970c2673fb65dc906eea5ab597864da21908acbbe20e604a5b8f0e39116ca1746780ac2f498a111506e0506b2c02764102b8139d9e393ef8db153d348fb598865414e2c0fd74492c52cb53b606fe596aa526bc35c6a227710b4090af1f9ae5f39c5ab768e3cde8993ae5d326ce011420386a3eb13b2bd47722b7f543b4d0a10de33791790e341b45ec162d25c722c06a12b21e9cc597cebb15fc3a1451f85f025078eed04dab72aa3695dcd6bfc9bd4b8acc2f6ed38ed031a2ed9048b6437293abce0935d7e031c0c829012affc8eb480fc2c4f7a7231e8