ot.ukb.ch

- Urner Kantonalbank -

Issued by SwissSign RSA TLS EV ICA 2022 - 1

About this certificate

This digital certificate with serial number 3c:0f:b6:7c:ae:62:9a:f4:2d:2d:9b:2e:5c:6a:f5:e8:55:cb:67:37 was issued on by SwissSign AG.

With 3 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Urner Kantonalbank

Company registration number: CHE-108.954.665
Organization: Urner Kantonalbank
Address: Bahnhofplatz 1
Postal code: 6460
State / Province: UR
Locality: Altdorf
Country: CH

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 3c:0f:b6:7c:ae:62:9a:f4:2d:2d:9b:2e:5c:6a:f5:e8:55:cb:67:37
Serial Number (int): 342889854290259068557815174206589082437046462263
Serial Number lenght: 158 bits, 20 octets

SubjectKeyId: 36:cd:d1:fe:8c:74:4f:d5:d7:49:ca:b5:04:a7:59:d0:24:e8:d3:be
AuthorityKeyId: 49:52:df:30:86:92:59:5f:34:9c:25:48:24:ab:c0:eb:d1:06:f2:d6

Fingerprint (sha1): c4:a7:14:c0:15:e8:73:3e:99:ed:c0:85:69:b5:a6:b5:a0:79:d6:09
Fingerprint (sha256): 49:d9:4b:5f:e4:1f:ad:59:08:28:ea:13:87:76:89:bf:6e:ce:41:0e:e3:e6:01:e9:9e:67:95:39:a5:0b:33:a2

Issuing Certificate URL: http://aia.swisssign.ch/air-20350159-813d-4532-b988-8519eca57650

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-9fdd910e-b9ff-4b2f-be38-2e93708c1b36

Check the revocation status for certificate ot.ukb.ch

3

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ot.ukb.ch

Public Key Algorithm

RSA

Key Size

4096

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ot.ukb.ch
b2b.ukb.ch
conf.ukb.ch

Other certificates including the domain name ukb.ch

(limited to 100 certificates)
www.ukb.ch
fintest-wwwsec.ukb.ch
gast.ukb.ch
fintest-dev-wwwsec.ukb.ch
www.privasphere.com
twint-test.ukb.ch
www.ukb.ch
fintest-e-banking.ukb.ch
ukb00ncs104-e.ukb.ch
satellite-test.ukb.ch
identifikation-test.ukb.ch
gast.ukb.ch
twint-test.ukb.ch
fintest-e-banking.ukb.ch
dialog.sbb.ch
www.privasphere.com
ukbhb01mx01-e.urkb.ch
www.ukb.ch
ot.ukb.ch
ssl.ukb.ch
ot.ukb.ch
ukb00ucc114.ukb.ch
securemail.ukb.ch
eroeffnung-test.ukb.ch
satellite.ukb.ch
www.privasphere.com
ukb00ncs106-e.ukb.ch
securemail.ukb.ch
www.privasphere.com
gast.ukb.ch
www.ukb.ch
autodiscover.ukb.ch
ot.ukb.ch
autodiscover.ukb.ch
eroeffnung-test.ukb.ch
dialog.sbb.ch
ukb00ucc114.ukb.ch
www.ukb.ch
fintest-dev-wwwsec.ukb.ch
fintest-e-banking.ukb.ch
www.privasphere.com
www.ukb.ch
wwwsec.ukb.ch
www.ukb.ch
ssl.ukb.ch
ukb00ncs104-e.ukb.ch
gast.ukb.ch
wwwsec.ukb.ch
ukb00ucc114.ukb.ch
www.ukb.ch
eroeffnung.ukb.ch
wwwsec.ukb.ch
wwwsec.urkb.ch
ukb00ucc114.ukb.ch
twint.ukb.ch
www.privasphere.com
www.ukb.ch
identifikation-test.ukb.ch
twint-test.ukb.ch
www.privasphere.com
dialog.sbb.ch
gast.ukb.ch
dialog.sbb.ch
ukbhb01mx01-e.urkb.ch
ukb00ucc114.ukb.ch
fintest-dev-wwwsec.ukb.ch
ssl.ukb.ch
identifikation.ukb.ch
satellite-test.ukb.ch
fintest-dev-wwwsec.ukb.ch
fintest-wwwsec.ukb.ch
wwwsec.ukb.ch
www.privasphere.com
ssl.ukb.ch
autodiscover.ukb.ch
www.ukb.ch
gast.ukb.ch
www.privasphere.com
ukbhb01mx01-e.urkb.ch
identifikation-test.ukb.ch
autodiscover.ukb.ch
fintest-e-banking.ukb.ch
twint.ukb.ch
wwwsec.ukb.ch
ukbhb01mx01-e.urkb.ch
zukunftsbild.ukb.ch
zukunftsbild.ukb.ch
eroeffnung.ukb.ch
www.ukb.ch
fintest-wwwsec.ukb.ch
ukb00ucc114.ukb.ch
identifikation-test.ukb.ch
ssl.ukb.ch
ukbhb01mx01-e.urkb.ch
www.ukb.ch
ukb00ncs106-e.ukb.ch
ukb00ucc114.ukb.ch
ukb00ncs106-e.ukb.ch
www.privasphere.com
satellite.ukb.ch

Certificate

The complete raw certificate details for ot.ukb.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIKVjCCCD6gAwIBAgIUPA+2fK5imvQtLZsuXGr16FXLZzcwDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgRVYgSUNBIDIwMjIgLSAxMB4XDTIzMDgxNzA2
NTAyOVoXDTI0MDgxNzA2NTAyOVowgegxEzARBgsrBgEEAYI3PAIBAxMCQ0gxEzAR
BgsrBgEEAYI3PAIBAgwCVVIxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9u
MQswCQYDVQQGEwJDSDELMAkGA1UECAwCVVIxEDAOBgNVBAcMB0FsdGRvcmYxDTAL
BgNVBBETBDY0NjAxFzAVBgNVBAkMDkJhaG5ob2ZwbGF0eiAxMRswGQYDVQQKDBJV
cm5lciBLYW50b25hbGJhbmsxGDAWBgNVBAUTD0NIRS0xMDguOTU0LjY2NTESMBAG
A1UEAxMJb3QudWtiLmNoMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
q4zSW+EjTR6rRoI71ClLoeUh1Dwn4+jAWYehz7o5GYeo9Ex96Q4IeXSAS59YVS67
C0tzP/HWyU984/VOSPKhfSHGxQlY7QW3a0g2cvhxFbtMA8K5hLO++7iCjEcgI9F0
vW/2bRFQ8ymnBRI6V6XG+7jOS712GPPZ4EqXBRwgpgHfF76I3hxca0SPZEJ0KNE1
gXK98u6hPWgiYJ6egZttCh1gSx9h1PWJmEqRmkzgGaWpdPx9Y/aXRF5SfnbHkHYG
U+OPwIpXy8eOjVdGNWzLhk+WNhxb4s8A+LvEpLN9ssy6E1hJTHaq0fadDBUqjHAj
4plh7hK/WbsNkvECJ++PuxJv8u357qPCDFH33W39bRXE+rExoL+WTxQJlV/FIRiV
mP0UowgLEdlTMJeGEyB5nqN3C/xamtci+ekLXtxL6EiTqAGB4MSgsDVKprhczcSW
LVk2Uak9Qq3Q6z8uKBQeZ6sgW9hzxXgNgCXKlsczoVHszQWVVMWlIZoAXWCwc6Uy
wQLTPQR0XjEUvL8hU+H4+Lgw3Pe7GhKuEMM8q2C5IHQJIdBYSH9a1+RnSnmdsgA6
L+DGSKQuFaZJAZ9N8u0jjIwGHlnwt+YmIo/8/Gyzac4GgqjqdG4sSgIkRFusV86G
VuXukcpa2FY3ccnhLn0bxA6xb159eQjvi41xM0niVA0CAwEAAaOCBI0wggSJMIGy
BggrBgEFBQcBAQSBpTCBojBMBggrBgEFBQcwAoZAaHR0cDovL2FpYS5zd2lzc3Np
Z24uY2gvYWlyLTIwMzUwMTU5LTgxM2QtNDUzMi1iOTg4LTg1MTllY2E1NzY1MDBS
BggrBgEFBQcwAYZGaHR0cDovL29jc3Auc3dpc3NzaWduLmNoL3NpZ24vb2NzLWFh
Y2NjZWQ1LTY2ZTgtNDA2OS05YjFiLWZkMjlhYjczZWZlYzBuBgNVHSAEZzBlMAcG
BWeBDAEBMAgGBgQAj3oBBDBQBghghXQBWQIBAzBEMEIGCCsGAQUFBwIBFjZodHRw
czovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS9Td2lzc1NpZ25fQ1BTX1RMUy5w
ZGYwUQYDVR0fBEowSDBGoESgQoZAaHR0cDovL2NybC5zd2lzc3NpZ24uY2gvY2Rw
LTlmZGQ5MTBlLWI5ZmYtNGIyZi1iZTM4LTJlOTM3MDhjMWIzNjAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMC0GA1UdEQQmMCSC
CW90LnVrYi5jaIIKYjJiLnVrYi5jaIILY29uZi51a2IuY2gwHQYDVR0OBBYEFDbN
0f6MdE/V10nKtQSnWdAk6NO+MB8GA1UdIwQYMBaAFElS3zCGkllfNJwlSCSrwOvR
BvLWMIICbwYKKwYBBAHWeQIEAgSCAl8EggJbAlkAdQBVgdTCFpA2AUrqC5tXPFPw
wOQ4eHAlCBcvo6odBxPTDAAAAYoCQoyTAAAEAwBGMEQCIFFUMfekNwY2CPcnQOab
jswdPez+UDmaEc31jeKgKtejAiAwHMdq114+2LDw9R8t4HCmvUakKOYhe7MkbPCX
YTg1fAB3ANq2v2s/tbYin5vCu1xr6HCRcWy7UYSFNL2kPTBI1/urAAABigJCkGIA
AAQDAEgwRgIhAPe3aJddtUZrZtmos/rsvFZ4vyf1Q1Yw1F7hXATCsEp4AiEAmC5E
oAIaM0ns+CVp58YYD12QL1u4tW9COmFAcXiG5oAAdgB2/4g/Crb7lVHCYcz1h7o0
tKTNuyncaEIKn+ZnTFo6dAAAAYoCQpGnAAAEAwBHMEUCIQCdPBoX4GiyWVx8VgYu
XwQ8anxbd5d+6yrAat024eYlhwIgCHgl+sSKJVXKhG243BRrevXKgto37kSoAawV
1c3L4lYAdwDuzdBk1dsazsVct520zROiModGfLzs3sNRSFlGcR+1mwAAAYoCQpR+
AAAEAwBIMEYCIQCqdWgSJ8ISWFgix/qxkvRMH+TwpSCEzZXMjfdzyr92owIhAMI2
DNbb3GkzG6pB8ITeSIcdsl4GiJBQM3J7MMHl/lEHAHYAh0+1DcAp2ZMd5XPp8ome
jkUzs5LTiwpGJXS/D+6y/B4AAAGKAkKcUwAABAMARzBFAiEAvYkeFK7FC1dQenPe
iqUTerDmEqGXA4wHCiuoF134fqwCIAoj/hv+N+O4qNT0z7XgUyaf8lvLy4X/RsJT
OivbbouJMA0GCSqGSIb3DQEBCwUAA4ICAQB3hoyrEyPNnSZPWsw9FKt8rWJEJdEr
dMjlX7SzKOZ2Y7bDvu20eZ6A0kHRyu4W31psdHrs1IidvX8tHbvV5vwp3ett2rDd
y3c4XeepmjwCU5soPdsO9bwkVwb0gU6bp8PyRsMn4O+BBGzerBynX57Id4NMmGs8
QaAZa7WHDdiHuygPBxinj1Q67/bFxC75/m5Bp9PYGu0aSKBKypwQsLxfk3q3DU8B
wHh+PFzd8iEAYDEtpGSiljaxiX92oPr4XlPAp3i6nDc4MFv+o1eaSZ1/9eNBFHqs
2/IOM9S8zoONMzEnigevxI2dF8W3ZV+3pOsDQo3iR0MeBe/EqGSJqj9rse9x3lLU
tGm9Dw39m+SngUgAlWmQmFHsH96MSni9Levi1XJJyUc9HQEy+AK0G8tMuyA3r0sN
BvUc1WRIRMSrhJlXA1QReKdm+2HNz3GZG94mshDQvIfqR/kVQIstVyGaFWwkOReP
WDJdEymts7m6E7sE9Gs6ylnotSB/b1mIt9wilhqakE4WQ/IWMXi72hVqsoSg2t+z
NVefSb4r7sbCgKSSFkGbXon5ACdGKQKykf7COz1G3LP9wtpXr4fHunRzJfMrW9V5
Ob+9JGcwBehMLQ/IDxKMzkDZw3VI5ndVXOPJG4gqcaxfBuLficXku935QClsQcs2
fD4ZOq1AaBcvtw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAq4zSW+EjTR6rRoI71ClL
oeUh1Dwn4+jAWYehz7o5GYeo9Ex96Q4IeXSAS59YVS67C0tzP/HWyU984/VOSPKh
fSHGxQlY7QW3a0g2cvhxFbtMA8K5hLO++7iCjEcgI9F0vW/2bRFQ8ymnBRI6V6XG
+7jOS712GPPZ4EqXBRwgpgHfF76I3hxca0SPZEJ0KNE1gXK98u6hPWgiYJ6egZtt
Ch1gSx9h1PWJmEqRmkzgGaWpdPx9Y/aXRF5SfnbHkHYGU+OPwIpXy8eOjVdGNWzL
hk+WNhxb4s8A+LvEpLN9ssy6E1hJTHaq0fadDBUqjHAj4plh7hK/WbsNkvECJ++P
uxJv8u357qPCDFH33W39bRXE+rExoL+WTxQJlV/FIRiVmP0UowgLEdlTMJeGEyB5
nqN3C/xamtci+ekLXtxL6EiTqAGB4MSgsDVKprhczcSWLVk2Uak9Qq3Q6z8uKBQe
Z6sgW9hzxXgNgCXKlsczoVHszQWVVMWlIZoAXWCwc6UywQLTPQR0XjEUvL8hU+H4
+Lgw3Pe7GhKuEMM8q2C5IHQJIdBYSH9a1+RnSnmdsgA6L+DGSKQuFaZJAZ9N8u0j
jIwGHlnwt+YmIo/8/Gyzac4GgqjqdG4sSgIkRFusV86GVuXukcpa2FY3ccnhLn0b
xA6xb159eQjvi41xM0niVA0CAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 342889854290259068557815174206589082437046462263
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS EV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-08-17 06:50:29 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-08-17 06:50:29 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3 (jurisdictionOfIncorporationC)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2 (jurisdictionOfIncorporationSP)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'UR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.15 (businessCategory)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Private Organization'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'UR'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Altdorf'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '6460'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Bahnhofplatz 1'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Urner Kantonalbank'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CHE-108.954.665'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ot.ukb.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 699863285913012656138619060011101347185353999969051716425351191966419836126662817008582476345188386519542029956962851277360180639022427524038650388124375389080022434743900269644045946512662313977844747596190259629989896096857658052191070200830029932636158670829655029702633965450176780364353807659806515732396582125273440521040305548618263482166213331828032497861428800868434981240721340767275863062187821050851643139830212967465384240422225948566610218190751388898363024035907939075861146739125486634276481595252575218877200711826185616177884385891667396830115392870586321433987798856191152119930826061367091218761551911089140799638699950103673725367071997153410565967627073818101802602523560808964746504476286930580065839271571216085703716108209988470709129876815334595798830306182708927372910810231260556146589140851985166575542114191099445172798331313191742439019511300921023423661515917741461625780146709567270003935387802020256119218353158451131158318623059550314535422235430608089263563555995027682502691349866852218577165178874172480619071945070049610439886332724979177045249674406346094227244000313130297287227110003791774439248097819597882410707510805533087248603222277093290456219824543808882282354686137451058785903858701
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-20350159-813d-4532-b988-8519eca57650'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (103 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.3
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-9fdd910e-b9ff-4b2f-be38-2e93708c1b36'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (38 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ot.ukb.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'b2b.ukb.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'conf.ukb.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							36cdd1fe8c744fd5d749cab504a759d024e8d3be
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 4952df308692595f349c254824abc0ebd106f2d6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (607 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (603 bytes)
							02590075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000018a02428c9300000403004630440220515431f7a437063608f72740e69b8ecc1d3decfe50399a11cdf58de2a02ad7a30220301cc76ad75e3ed8b0f0f51f2de070a6bd46a428e6217bb3246cf0976138357c007700dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018a024290620000040300483046022100f7b768975db5466b66d9a8b3faecbc5678bf27f5435630d45ee15c04c2b04a78022100982e44a0021a3349ecf82569e7c6180f5d902f5bb8b56f423a6140717886e68000760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018a024291a700000403004730450221009d3c1a17e068b2595c7c56062e5f043c6a7c5b77977eeb2ac06add36e1e625870220087825fac48a2555ca846db8dc146b7af5ca82da37ee44a801ac15d5cdcbe256007700eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018a0242947e0000040300483046022100aa75681227c212585822c7fab192f44c1fe4f0a52084cd95cc8df773cabf76a3022100c2360cd6dbdc69331baa41f084de48871db25e0688905033727b30c1e5fe5107007600874fb50dc029d9931de573e9f2899e8e4533b392d38b0a462574bf0feeb2fc1e0000018a02429c530000040300473045022100bd891e14aec50b57507a73de8aa5137ab0e612a197038c070a2ba8175df87eac02200a23fe1bfe37e3b8a8d4f4cfb5e053269ff25bcbcb85ff46c2533a2bdb6e8b89
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0077868cab1323cd9d264f5acc3d14ab7cad624425d12b74c8e55fb4b328e67663b6c3beedb4799e80d241d1caee16df5a6c747aecd4889dbd7f2d1dbbd5e6fc29ddeb6ddab0ddcb77385de7a99a3c02539b283ddb0ef5bc245706f4814e9ba7c3f246c327e0ef81046cdeac1ca75f9ec877834c986b3c41a0196bb5870dd887bb280f0718a78f543aeff6c5c42ef9fe6e41a7d3d81aed1a48a04aca9c10b0bc5f937ab70d4f01c0787e3c5cddf2210060312da464a29636b1897f76a0faf85e53c0a778ba9c3738305bfea3579a499d7ff5e341147aacdbf20e33d4bcce838d3331278a07afc48d9d17c5b7655fb7a4eb03428de247431e05efc4a86489aa3f6bb1ef71de52d4b469bd0f0dfd9be4a78148009569909851ec1fde8c4a78bd2debe2d57249c9473d1d0132f802b41bcb4cbb2037af4b0d06f51cd5644844c4ab84995703541178a766fb61cdcf71991bde26b210d0bc87ea47f915408b2d57219a156c2439178f58325d1329adb3b9ba13bb04f46b3aca59e8b5207f6f5988b7dc22961a9a904e1643f2163178bbda156ab284a0dadfb335579f49be2beec6c280a49216419b5e89f90027462902b291fec23b3d46dcb3fdc2da57af87c7ba747325f32b5bd57939bfbd24673005e84c2d0fc80f128cce40d9c37548e677555ce3c91b882a71ac5f06e2df89c5e4bbddf940296c41cb367c3e193aad4068172fb7