*.smtp.rzone.de

- Strato AG -

Issued by Telekom Security ServerID OV Class 2 CA

About this certificate

This digital certificate with serial number 11:24:2a:7a:9a:af:e2:2a:f9:cb:2a:e2:7c:b2:2a:2a was issued on by Deutsche Telekom Security GmbH.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Strato AG

Organization: Strato AG
State / Province: Berlin
Locality: Berlin
Country: DE

Deutsche Telekom Security GmbH

Organization: Deutsche Telekom Security GmbH
Country: DE

This certificate will expire on

Certificate Details

Serial Number (hex): 11:24:2a:7a:9a:af:e2:2a:f9:cb:2a:e2:7c:b2:2a:2a
Serial Number (int): 22784660190163325322906417902302407210
Serial Number lenght: 125 bits, 16 octets

SubjectKeyId: 6d:d8:47:d2:de:f9:9b:ff:50:23:a2:88:4c:51:3f:97:c5:1f:b9:24
AuthorityKeyId: 1c:05:93:b1:7f:a8:34:30:8c:52:e0:96:40:a0:72:a3:10:5d:e0:ff

Fingerprint (sha1): 40:51:22:5a:3b:d1:fc:ac:ac:12:88:8a:eb:8c:3f:8f:c7:67:cf:b8
Fingerprint (sha256): 4b:19:72:1c:55:93:42:8b:64:37:b6:dc:58:09:58:9d:9a:33:f5:6f:d6:3f:84:43:35:c6:4d:71:b6:95:0a:31

Issuing Certificate URL: http://crt.serverid.telesec.de/crt/Telekom_Security_ServerID_OV_Class_2_CA.crt

Revocation information

OCSP Server: http://ocsp.serverid.telesec.de/ocspr
CRL Distribution Point: http://crl.serverid.telesec.de/rl/Telekom_Security_ServerID_OV_Class_2_CA.crl

Check the revocation status for certificate *.smtp.rzone.de

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.smtp.rzone.de

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.smtp.rzone.de
smtp.rzone.de

Other certificates including the domain name rzone.de

(limited to 100 certificates)
smtpin.test.rzone.de
*.stg.rzone.de
smtpin.rzone.de
wopi-thole.stg.rzone.de
wopi-dev.stg.rzone.de
*.s4.stg.rzone.de
smtpin.rzone.de
*.rzone.de
robot.prov.rzone.de
wopi.stg.rzone.de
test1.rzone.de
*.auth.test.rzone.de
test1.rzone.de
smtp.rzone.de
wopi-dev.stg.rzone.de
wopi.stg.rzone.de
robot.prov.rzone.de
*.rzone.de
wopi-dev.stg.rzone.de
imap.test.strato.de
*.stg.rzone.de
test3.rzone.de
wopi-dev.stg.rzone.de
smtpin.test.rzone.de
wopi-dev.stg.rzone.de
wopi-dev.stg.rzone.de
test1.rzone.de
test1.rzone.de
smtpin.rzone.de
*.smtp.rzone.de
relay.rzone.de
wild.stg.rzone.de
wopi-thole.stg.rzone.de
*.ox.rzone.de
*.ox.rzone.de
imap.test.strato.de
*.stg.rzone.de
*.s4.stg.rzone.de
wopi.stg.rzone.de
test1.rzone.de
wopi-thole.stg.rzone.de
smtpin.rzone.de
imap.test.strato.de
smtpin.rzone.de
wopi.stg.rzone.de
smtp.rzone.de
relay.rzone.de
smtp.rzone.de
*.s4.stg.rzone.de
wopi.stg.rzone.de
imap.test.strato.de
*.smtp.rzone.de
*.ox.rzone.de
smtp.test.rzone.de
*.stg.rzone.de
*.ox.rzone.de
*.rzone.de
smtp.rzone.de
*.s4.stg.rzone.de
*.smtp.rzone.de
wopi.stg.rzone.de
wopi-dev.stg.rzone.de
*.stg.rzone.de
wopi-dev.stg.rzone.de
*.rzone.de
test1.rzone.de
wopi.stg.rzone.de
robot.prov.rzone.de
imap.test.strato.de
wopi.stg.rzone.de
wopi-dev.stg.rzone.de
robot.prov.rzone.de
smtp.rzone.de
test1.rzone.de
*.s4.stg.rzone.de
wopi.stg.rzone.de
*.ox.rzone.de
test2.rzone.de
smtpin.rzone.de
wopi-dev.stg.rzone.de
smtpin.rzone.de
*.auth.test.rzone.de
smtp.rzone.de
wild.rzone.de
*.test.rzone.de
ox-test.rzone.de
wopi.stg.rzone.de
*.rzone.de
*.test.rzone.de
wopi-dev.stg.rzone.de
*.auth.rzone.de
test2.rzone.de
*.rzone.de
*.rzone.de
*.ox.rzone.de
test1.rzone.de
ox-test.rzone.de
*.smtp.rzone.de
openstack-demo.rzone.de
wopi.stg.rzone.de

Certificate

The complete raw certificate details for *.smtp.rzone.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIF6TCCBFGgAwIBAgIQESQqepqv4ir5yyrifLIqKjANBgkqhkiG9w0BAQsFADBo
MQswCQYDVQQGEwJERTEnMCUGA1UECgweRGV1dHNjaGUgVGVsZWtvbSBTZWN1cml0
eSBHbWJIMTAwLgYDVQQDDCdUZWxla29tIFNlY3VyaXR5IFNlcnZlcklEIE9WIENs
YXNzIDIgQ0EwHhcNMjQwMjA5MTA1ODEzWhcNMjUwMjEzMjM1OTU5WjBdMQswCQYD
VQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQHEwZCZXJsaW4xEjAQBgNV
BAoTCVN0cmF0byBBRzEYMBYGA1UEAwwPKi5zbXRwLnJ6b25lLmRlMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx4FY2OrrH2MCvdjeGtpX2YtURpvsfEq
Q1Iq4VMSpLbiAaNm/RwrQhuPo15Si3QEgzamv+d3sqc+KzyhTRVHRgpCYqGgtYwI
JAAPvl4gIBPdKQVJXVUSfJRV3g3+Y4wYD6s2jlGF7eqmSiJbYBEVvC44vgsVqeMZ
kmkJQ17tP5atkWkmRqUbSzEq12WxOjZ/BPIdHEhIs9PYUptNqr2hdb5jIDORu1ok
PM3vILR46UsjZS6s1DxOCy3NuWH5HF9Vhlzg1VhTg6wQB5CDv+dGqbNUT00tBY25
sRbg1MuIvKTHE9WC5Qp7MLWCIb5HsioTYHzTBsncJTUqfFl8q7hdJQIDAQABo4IC
GDCCAhQwHwYDVR0jBBgwFoAUHAWTsX+oNDCMUuCWQKByoxBd4P8wDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAdBgNVHQ4EFgQU
bdhH0t75m/9QI6KITFE/l8UfuSQwUwYDVR0gBEwwSjBIBgZngQwBAgIwPjA8Bggr
BgEFBQcCARYwaHR0cDovL2RvY3Muc2VydmVyaWQudGVsZXNlYy5kZS9jcHMvc2Vy
dmVyaWQuaHRtMF4GA1UdHwRXMFUwU6BRoE+GTWh0dHA6Ly9jcmwuc2VydmVyaWQu
dGVsZXNlYy5kZS9ybC9UZWxla29tX1NlY3VyaXR5X1NlcnZlcklEX09WX0NsYXNz
XzJfQ0EuY3JsMIGfBggrBgEFBQcBAQSBkjCBjzAxBggrBgEFBQcwAYYlaHR0cDov
L29jc3Auc2VydmVyaWQudGVsZXNlYy5kZS9vY3NwcjBaBggrBgEFBQcwAoZOaHR0
cDovL2NydC5zZXJ2ZXJpZC50ZWxlc2VjLmRlL2NydC9UZWxla29tX1NlY3VyaXR5
X1NlcnZlcklEX09WX0NsYXNzXzJfQ0EuY3J0MAwGA1UdEwEB/wQCMAAwKQYDVR0R
BCIwIIIPKi5zbXRwLnJ6b25lLmRlgg1zbXRwLnJ6b25lLmRlMBMGCisGAQQB1nkC
BAMBAf8EAgUAMA0GCSqGSIb3DQEBCwUAA4IBgQBdDrn5tXj1EyB2hJ7mBOgelTcw
u+8yQqQSBZbfXWUqE4bdtieMhxr+R/+Etnz1HGLetcXd/Q3Y5W9IazPkY/N6VIR9
R7GeiGuE6zI3QYNH7kccYqr0XFxq9fSQNdWxk2k3LunXn9jFxPEnRWv3Tb8Dzchq
/AXMRjgpfaB5JFtyPW+7XVz1eM6W1ij8IrjLyAtGXv+3sIrO4BZmg13OH9Uxsqeg
UWEt1/Sq3yHT+6liVXHBQ3SgiiBBYZ6xW6Fczixb+mJb39heHpglUDoBDRUxN0dZ
bZqt8Tm7/EKwv+BpG8Mm82mYh/8zVVkYtQQV6EHb9wNmwD5lD06jUJVqa3xMewDz
F5duTSo+43bXQf+nMjnWSkHBiTsMI+VlmACwGUBjTTFVSq3jW4RTh/N6Ntf7mXHT
j8vk//+KKPhAw+3Ah63P1dq2LJwT1mgDoWcpijKb6pjk+YKs7UZrk24FGqXcxfew
6balatzaNMhJW688ZphQSmlXyxYL6ZOAIMSi0SE=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtx4FY2OrrH2MCvdjeGtp
X2YtURpvsfEqQ1Iq4VMSpLbiAaNm/RwrQhuPo15Si3QEgzamv+d3sqc+KzyhTRVH
RgpCYqGgtYwIJAAPvl4gIBPdKQVJXVUSfJRV3g3+Y4wYD6s2jlGF7eqmSiJbYBEV
vC44vgsVqeMZkmkJQ17tP5atkWkmRqUbSzEq12WxOjZ/BPIdHEhIs9PYUptNqr2h
db5jIDORu1okPM3vILR46UsjZS6s1DxOCy3NuWH5HF9Vhlzg1VhTg6wQB5CDv+dG
qbNUT00tBY25sRbg1MuIvKTHE9WC5Qp7MLWCIb5HsioTYHzTBsncJTUqfFl8q7hd
JQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 22784660190163325322906417902302407210
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Deutsche Telekom Security GmbH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Telekom Security ServerID OV Class 2 CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-02-09 10:58:13 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-02-13 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Berlin'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Berlin'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Strato AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.smtp.rzone.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23116413739214349252447535288087081812715477157936148177366475894666822308468318392805162237587204055217603727837609115121412854800190191048591118860319849709850397469098526162801926121552715529161528734745852635146402272426385774725589190805668667742372346873140095698929750438475083518283227474410221823804810431020282208263093342714576169156887990475422558707965326490669463442825911978949420017158304954307329858426126954904162988673997939902778031759157616216026733570362726632979271478803191347566596537946482353248433974254828737954873377538695197075104384776704298132711412258682596009449552601862249689668901
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 1c0593b17fa834308c52e09640a072a3105de0ff
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							6dd847d2def99bff5023a2884c513f97c51fb924
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (76 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://docs.serverid.telesec.de/cps/serverid.htm'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.serverid.telesec.de/rl/Telekom_Security_ServerID_OV_Class_2_CA.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (146 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.serverid.telesec.de/ocspr'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.serverid.telesec.de/crt/Telekom_Security_ServerID_OV_Class_2_CA.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.smtp.rzone.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'smtp.rzone.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (3072 bits)
		005d0eb9f9b578f5132076849ee604e81e953730bbef3242a4120596df5d652a1386ddb6278c871afe47ff84b67cf51c62deb5c5ddfd0dd8e56f486b33e463f37a54847d47b19e886b84eb3237418347ee471c62aaf45c5c6af5f49035d5b19369372ee9d79fd8c5c4f127456bf74dbf03cdc86afc05cc4638297da079245b723d6fbb5d5cf578ce96d628fc22b8cbc80b465effb7b08acee01666835dce1fd531b2a7a051612dd7f4aadf21d3fba9625571c14374a08a2041619eb15ba15cce2c5bfa625bdfd85e1e9825503a010d15313747596d9aadf139bbfc42b0bfe0691bc326f3699887ff33555918b50415e841dbf70366c03e650f4ea350956a6b7c4c7b00f317976e4d2a3ee376d741ffa73239d64a41c1893b0c23e5659800b01940634d31554aade35b845387f37a36d7fb9971d38fcbe4ffff8a28f840c3edc087adcfd5dab62c9c13d66803a167298a329bea98e4f982aced466b936e051aa5dcc5f7b0e9b6a56adcda34c8495baf3c6698504a6957cb160be9938020c4a2d121