epd-prod.thurmed.ch

- thurmed AG -

Issued by SwissSign RSA TLS OV ICA 2022 - 1

About this certificate

This digital certificate with serial number 3b:52:64:81:79:ae:42:45:de:28:19:98:f7:a2:4e:79:94:97:0a:22 was issued on by SwissSign AG.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

thurmed AG

Organization: thurmed AG
State / Province: TG
Locality: Frauenfeld
Country: CH

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 3b:52:64:81:79:ae:42:45:de:28:19:98:f7:a2:4e:79:94:97:0a:22
Serial Number (int): 338667871871645943170978952070959137249012681250
Serial Number lenght: 158 bits, 20 octets

SubjectKeyId: e4:b8:b5:00:de:fe:0c:37:cf:a4:49:0e:ac:20:48:a7:90:50:db:e7
AuthorityKeyId: 7c:6f:0a:6f:13:0f:d9:8c:24:6f:26:34:f3:5c:6b:43:6d:b7:23:b6

Fingerprint (sha1): f8:fa:22:18:ce:6b:72:40:6c:67:cd:83:d4:65:c3:c8:ac:2a:49:e2
Fingerprint (sha256): 4b:44:b8:86:7b:f9:fd:dd:44:4b:07:82:6f:c6:08:9a:40:06:2a:68:01:0e:e1:e8:47:fb:b8:f6:8a:15:f0:db

Issuing Certificate URL: http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34

Check the revocation status for certificate epd-prod.thurmed.ch

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for epd-prod.thurmed.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

epd-prod.thurmed.ch

Other certificates including the domain name thurmed.ch

(limited to 100 certificates)
am.thurmed.ch
af.thurmed.ch
epd-prod.thurmed.ch
am.thurmed.ch
af.thurmed.ch
af.thurmed.ch
af.thurmed.ch
aft.thurmed.ch
epd-prod.thurmed.ch
epd-prod.thurmed.ch
expe.stgag.ch
epd-test.thurmed.ch
af.thurmed.ch
aft.thurmed.ch
stgag.ch
expe.stgag.ch
af.thurmed.ch
amt.thurmed.ch
epd-prod.thurmed.ch
amt.thurmed.ch
epd-test.thurmed.ch
stgag.ch

Certificate

The complete raw certificate details for epd-prod.thurmed.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIwjCCBqqgAwIBAgIUO1JkgXmuQkXeKBmY96JOeZSXCiIwDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgT1YgSUNBIDIwMjIgLSAxMB4XDTI0MDUyNDEx
MDYwOFoXDTI1MDUyNDExMDYwOFowYjELMAkGA1UEBhMCQ0gxCzAJBgNVBAgMAlRH
MRMwEQYDVQQHDApGcmF1ZW5mZWxkMRMwEQYDVQQKDAp0aHVybWVkIEFHMRwwGgYD
VQQDExNlcGQtcHJvZC50aHVybWVkLmNoMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAzB97KI2nHZ9eaDbi8IIR6vyIXf+CcY4+E9GvhthyNUabzX6KomNE
zcOQM6p9LUXnp2mik5TvQZACBqzHhcB8qySrBvN8zHhnlt/LnEU8W2ush8NFLU3S
gY87/ds6ZkzeFGU8pM7jll1NoEbiNkU7731IxfaELMaEqS7Ic9bppvyjK8VjoLMz
fj9IEmFwhtBe/xEpZb8kSn/RtQBPGiVqpFMgVlh22lvwpeKzlkmeo95PESkgwAZV
pguAaSlqnIFvqR1Zp9zqb8tNhkjsRxt+NbXoQAfF17lzMh0uD26I6bpUORF7iW6S
lvOxJqWm016ENwzoZJgFs40k5o/RVpCayQIDAQABo4IEgDCCBHwwgbIGCCsGAQUF
BwEBBIGlMIGiMEwGCCsGAQUFBzAChkBodHRwOi8vYWlhLnN3aXNzc2lnbi5jaC9h
aXItMGYyYmY5YTUtZGQzNy00OGM5LWE4NWItMTJhY2RjYjhiZTQ1MFIGCCsGAQUF
BzABhkZodHRwOi8vb2NzcC5zd2lzc3NpZ24uY2gvc2lnbi9vY3MtYWFjY2NlZDUt
NjZlOC00MDY5LTliMWItZmQyOWFiNzNlZmVjMG8GA1UdIARoMGYwCAYGZ4EMAQIC
MAgGBgQAj3oBBzBQBghghXQBWQIBAjBEMEIGCCsGAQUFBwIBFjZodHRwczovL3Jl
cG9zaXRvcnkuc3dpc3NzaWduLmNvbS9Td2lzc1NpZ25fQ1BTX1RMUy5wZGYwUQYD
VR0fBEowSDBGoESgQoZAaHR0cDovL2NybC5zd2lzc3NpZ24uY2gvY2RwLTk2YjYy
ZjVhLTZiNzMtNGRhNC04N2Y3LWNlNDAwMmMxY2QzNDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQDAgWgMB4GA1UdEQQXMBWCE2VwZC1w
cm9kLnRodXJtZWQuY2gwHQYDVR0OBBYEFOS4tQDe/gw3z6RJDqwgSKeQUNvnMB8G
A1UdIwQYMBaAFHxvCm8TD9mMJG8mNPNca0NttyO2MIICcAYKKwYBBAHWeQIEAgSC
AmAEggJcAloAdwAo4oE4/YMhRemp1qp1N22Dd6iFErPAf3JBSCHcvemMZgAAAY+q
R5fxAAAEAwBIMEYCIQCnkGBoLUKR+GfXp6kOu58QMjJPS00yBInxOFM32V9UtgIh
AKRVuuwS6k+WMWSENY9yV522CkjEr2W7Ma7GNHYT14pBAHcA4JKz/AwdyOdoNh/e
YbmWTQpSeBmKctZyxLBNpW1vVAQAAAGPqkeUzgAABAMASDBGAiEA0y3gNo/lOwv6
ti2dmWIBhmc99lpPKhiCuQPII79eRCQCIQDqKjmt4ODJqKXsVLcV6jSqqoDHTaA7
57glGkQK6Ho95gB2AM8RVu7VLnyv84db2Wkum+kacWdKsBfsrAHSW3fOzDsIAAAB
j6pHk64AAAQDAEcwRQIhAJD4wy6CL9QcV/dbmaW/vWEJTuyahxFdSQneu2265e/7
AiBQyo9LPwcuV9PcOeH6uPJ7UtJOG0wKmd0NlAQYUQptnQB2AMz7D2qFcQll/pWb
U87psnwi6YVcDZeNtql+VMD+TA2wAAABj6pHlQQAAAQDAEcwRQIhAJNGPkLkItG2
ROwvDRgYgR3r6nqOZg686a5erK7oK7TOAiBeeYWuy9ra7kAm0fmj16up14K7WetR
dUoSHmr2ei7IGgB2AE51oydcmhDDOFts1N8/Uusd8OCOG41pwLH6ZLFimjnfAAAB
j6pHk/EAAAQDAEcwRQIhAISQuutofRxLFyDqpd6jp/5VPEAIxiAW/KLyPTzwrq12
AiBBBo6J3tbkP5PLauHOPW1Vicle2iVTQJCcZ1R3PXumUDANBgkqhkiG9w0BAQsF
AAOCAgEAQyz/xNo8B6a83Y9YGO/w4zutzR8IejJ5xvkWNAP8ZT7dvO/amwL3DPS3
GxKf5mc9Jn+Jt/A/yhrlXMfw6z2MMQPIKcDPlbYIdZ2HdgbbTEvinPm6hixIciO2
LuGUzcP4d0G90/hlzy/A8Fnw+41fdOZ7uhLLFWp1KExJU7B7ImsgyUnkpNLl4ugm
4yONtCL1evI8kIdZsqxTxNYvwDlw6VtiC5HrGKg0NmgeGIDS/1Q7bietE+aQ5Mns
n+icJksc9YWo6En158O9chQZy1IX53BmC6Gy1SAkKr9JChH0vVQPqfMckqtFzzvL
wiadIPxyCg5CbiJASCCagnZ6gk8+yvsDNb59PeT/S1SIeJ1pvF77TanaoXzfYeFB
VAE0OovdZO6002pAZFC+Dymx1xYg49azREcUfUAIz2j0Pufi04gT/dX6svEAlxYa
aCuV3mGYSojfW+bGwBwME74x6UUdzKhL4Ymi5GPz1/p8XFs+kaTXht2NbbKnCqwm
LM7BIyyJPZKF2FR1TJGbrZjFOzE7dsrDJe3ls6LtiCEIuParsn5lhHuDklqliUjH
Jj4VGqJBxG1sChyrY/yrmLlDFLBl/4cJYBXrHqzHuBsSFL9RFlaCvnsGRZetksuD
drlBdLQWr3wdPJ5yuv+oKrEDFsMsyvM3ph5K1edUk2tlfVlL79E=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzB97KI2nHZ9eaDbi8IIR
6vyIXf+CcY4+E9GvhthyNUabzX6KomNEzcOQM6p9LUXnp2mik5TvQZACBqzHhcB8
qySrBvN8zHhnlt/LnEU8W2ush8NFLU3SgY87/ds6ZkzeFGU8pM7jll1NoEbiNkU7
731IxfaELMaEqS7Ic9bppvyjK8VjoLMzfj9IEmFwhtBe/xEpZb8kSn/RtQBPGiVq
pFMgVlh22lvwpeKzlkmeo95PESkgwAZVpguAaSlqnIFvqR1Zp9zqb8tNhkjsRxt+
NbXoQAfF17lzMh0uD26I6bpUORF7iW6SlvOxJqWm016ENwzoZJgFs40k5o/RVpCa
yQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 338667871871645943170978952070959137249012681250
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS OV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-05-24 11:06:08 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-05-24 11:06:08 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'TG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Frauenfeld'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'thurmed AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'epd-prod.thurmed.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 25768138115928046621735146958877736553970048672304805404847350797226037981708436948362240059635165997628807762468958230205617946869347840067990148033081994162358433216485161571820746376661996179729517317827641721907161304998827416650140137550559183683088084865675517337372801705004617128548732336683602521945703732071061536198001984816772953415605872853960434377714133045633167419530926112471208757614443712882105789020543134346036949109682255267932902682643939193873405480849558264105982278880953701702145140202783386211560662365880174351325833346729726357421471448724177241950041881404812048283277931990358500088521
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (23 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'epd-prod.thurmed.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e4b8b500defe0c37cfa4490eac2048a79050dbe7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 7c6f0a6f130fd98c246f2634f35c6b436db723b6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (608 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (604 bytes)
							025a00770028e28138fd832145e9a9d6aa75376d8377a88512b3c07f72414821dcbde98c660000018faa4797f10000040300483046022100a79060682d4291f867d7a7a90ebb9f1032324f4b4d320489f1385337d95f54b6022100a455baec12ea4f96316484358f72579db60a48c4af65bb31aec6347613d78a41007700e092b3fc0c1dc8e768361fde61b9964d0a5278198a72d672c4b04da56d6f54040000018faa4794ce0000040300483046022100d32de0368fe53b0bfab62d9d99620186673df65a4f2a1882b903c823bf5e4424022100ea2a39ade0e0c9a8a5ec54b715ea34aaaa80c74da03be7b8251a440ae87a3de6007600cf1156eed52e7caff3875bd9692e9be91a71674ab017ecac01d25b77cecc3b080000018faa4793ae000004030047304502210090f8c32e822fd41c57f75b99a5bfbd61094eec9a87115d4909debb6dbae5effb022050ca8f4b3f072e57d3dc39e1fab8f27b52d24e1b4c0a99dd0d940418510a6d9d007600ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000018faa479504000004030047304502210093463e42e422d1b644ec2f0d1818811debea7a8e660ebce9ae5eacaee82bb4ce02205e7985aecbdadaee4026d1f9a3d7aba9d782bb59eb51754a121e6af67a2ec81a0076004e75a3275c9a10c3385b6cd4df3f52eb1df0e08e1b8d69c0b1fa64b1629a39df0000018faa4793f100000403004730450221008490baeb687d1c4b1720eaa5dea3a7fe553c4008c62016fca2f23d3cf0aead76022041068e89ded6e43f93cb6ae1ce3d6d5589c95eda255340909c6754773d7ba650
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00432cffc4da3c07a6bcdd8f5818eff0e33badcd1f087a3279c6f9163403fc653eddbcefda9b02f70cf4b71b129fe6673d267f89b7f03fca1ae55cc7f0eb3d8c3103c829c0cf95b608759d877606db4c4be29cf9ba862c487223b62ee194cdc3f87741bdd3f865cf2fc0f059f0fb8d5f74e67bba12cb156a75284c4953b07b226b20c949e4a4d2e5e2e826e3238db422f57af23c908759b2ac53c4d62fc03970e95b620b91eb18a83436681e1880d2ff543b6e27ad13e690e4c9ec9fe89c264b1cf585a8e849f5e7c3bd721419cb5217e770660ba1b2d520242abf490a11f4bd540fa9f31c92ab45cf3bcbc2269d20fc720a0e426e224048209a82767a824f3ecafb0335be7d3de4ff4b5488789d69bc5efb4da9daa17cdf61e1415401343a8bdd64eeb4d36a406450be0f29b1d71620e3d6b34447147d4008cf68f43ee7e2d38813fdd5fab2f10097161a682b95de61984a88df5be6c6c01c0c13be31e9451dcca84be189a2e463f3d7fa7c5c5b3e91a4d786dd8d6db2a70aac262ccec1232c893d9285d854754c919bad98c53b313b76cac325ede5b3a2ed882108b8f6abb27e65847b83925aa58948c7263e151aa241c46d6c0a1cab63fcab98b94314b065ff87096015eb1eacc7b81b1214bf51165682be7b064597ad92cb8376b94174b416af7c1d3c9e72baffa82ab10316c32ccaf337a61e4ad5e754936b657d594befd1