twint.ukb.ch
Issued by SwissSign RSA TLS DV ICA 2022 - 1
About this certificate
This digital certificate with serial number 47:64:56:28:e3:f4:20:db:17:1e:23:7a:87:a8:8f:a9:6a:64:c0:17 was issued on by SwissSign AG.
This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
- Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
- Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)
Certificate Subject
CN=twint.ukb.ch
SwissSign AG
Organization:
SwissSign AG
Country:
CH
This certificate will expire on
Certificate Details
Serial Number (hex): 47:64:56:28:e3:f4:20:db:17:1e:23:7a:87:a8:8f:a9:6a:64:c0:17Serial Number (int): 407575924819232818625344834452716386884167974935
Serial Number lenght: 159 bits, 20 octets
SubjectKeyId: 48:fd:c0:cb:de:c5:b2:72:03:cf:7e:67:e1:2c:51:51:33:5c:38:ab
AuthorityKeyId: eb:bd:7f:49:93:8c:c9:ee:ec:a2:ba:f7:1c:d2:67:f0:83:b1:ea:de
Fingerprint (sha1): 5a:b7:01:c9:df:3e:73:ac:ac:fd:e7:e2:57:42:65:10:80:d5:b5:2c
Fingerprint (sha256): 4e:bb:68:49:72:d7:bb:1d:86:eb:a7:81:6a:d9:b9:e6:3c:b2:f3:36:d3:68:b5:92:8d:5b:55:b7:33:5d:f9:24
Issuing Certificate URL: http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167
Revocation information
OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efecCRL Distribution Point: http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba
Check the revocation status for certificate twint.ukb.ch
1
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for twint.ukb.ch
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
9 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
twint.ukb.ch
Other certificates including the domain name ukb.ch
(limited to 100 certificates)
www.ukb.ch
fintest-wwwsec.ukb.ch
gast.ukb.ch
fintest-dev-wwwsec.ukb.ch
www.privasphere.com
twint-test.ukb.ch
www.ukb.ch
fintest-e-banking.ukb.ch
ukb00ncs104-e.ukb.ch
satellite-test.ukb.ch
identifikation-test.ukb.ch
gast.ukb.ch
twint-test.ukb.ch
fintest-e-banking.ukb.ch
dialog.sbb.ch
www.privasphere.com
twint-test.ukb.ch
ukbhb01mx01-e.urkb.ch
www.ukb.ch
ot.ukb.ch
ssl.ukb.ch
ot.ukb.ch
ukb00ucc114.ukb.ch
securemail.ukb.ch
eroeffnung-test.ukb.ch
satellite.ukb.ch
www.privasphere.com
ukb00ncs106-e.ukb.ch
securemail.ukb.ch
www.privasphere.com
gast.ukb.ch
www.ukb.ch
autodiscover.ukb.ch
ot.ukb.ch
autodiscover.ukb.ch
eroeffnung-test.ukb.ch
twint.ukb.ch
dialog.sbb.ch
ukb00ucc114.ukb.ch
www.ukb.ch
fintest-dev-wwwsec.ukb.ch
fintest-e-banking.ukb.ch
www.privasphere.com
www.ukb.ch
wwwsec.ukb.ch
www.ukb.ch
ssl.ukb.ch
ukb00ncs104-e.ukb.ch
gast.ukb.ch
wwwsec.ukb.ch
ukb00ucc114.ukb.ch
www.ukb.ch
eroeffnung.ukb.ch
wwwsec.ukb.ch
wwwsec.urkb.ch
ukb00ucc114.ukb.ch
twint.ukb.ch
www.privasphere.com
www.ukb.ch
identifikation-test.ukb.ch
twint-test.ukb.ch
www.privasphere.com
dialog.sbb.ch
gast.ukb.ch
dialog.sbb.ch
ukbhb01mx01-e.urkb.ch
ukb00ucc114.ukb.ch
fintest-dev-wwwsec.ukb.ch
ssl.ukb.ch
identifikation.ukb.ch
satellite-test.ukb.ch
fintest-dev-wwwsec.ukb.ch
fintest-wwwsec.ukb.ch
wwwsec.ukb.ch
www.privasphere.com
ssl.ukb.ch
autodiscover.ukb.ch
www.ukb.ch
gast.ukb.ch
twint-test.ukb.ch
www.privasphere.com
ukbhb01mx01-e.urkb.ch
identifikation-test.ukb.ch
autodiscover.ukb.ch
fintest-e-banking.ukb.ch
twint.ukb.ch
wwwsec.ukb.ch
ukbhb01mx01-e.urkb.ch
zukunftsbild.ukb.ch
zukunftsbild.ukb.ch
eroeffnung.ukb.ch
www.ukb.ch
fintest-wwwsec.ukb.ch
ukb00ucc114.ukb.ch
identifikation-test.ukb.ch
ssl.ukb.ch
ukbhb01mx01-e.urkb.ch
www.ukb.ch
ukb00ncs106-e.ukb.ch
ukb00ucc114.ukb.ch
fintest-wwwsec.ukb.ch
gast.ukb.ch
fintest-dev-wwwsec.ukb.ch
www.privasphere.com
twint-test.ukb.ch
www.ukb.ch
fintest-e-banking.ukb.ch
ukb00ncs104-e.ukb.ch
satellite-test.ukb.ch
identifikation-test.ukb.ch
gast.ukb.ch
twint-test.ukb.ch
fintest-e-banking.ukb.ch
dialog.sbb.ch
www.privasphere.com
twint-test.ukb.ch
ukbhb01mx01-e.urkb.ch
www.ukb.ch
ot.ukb.ch
ssl.ukb.ch
ot.ukb.ch
ukb00ucc114.ukb.ch
securemail.ukb.ch
eroeffnung-test.ukb.ch
satellite.ukb.ch
www.privasphere.com
ukb00ncs106-e.ukb.ch
securemail.ukb.ch
www.privasphere.com
gast.ukb.ch
www.ukb.ch
autodiscover.ukb.ch
ot.ukb.ch
autodiscover.ukb.ch
eroeffnung-test.ukb.ch
twint.ukb.ch
dialog.sbb.ch
ukb00ucc114.ukb.ch
www.ukb.ch
fintest-dev-wwwsec.ukb.ch
fintest-e-banking.ukb.ch
www.privasphere.com
www.ukb.ch
wwwsec.ukb.ch
www.ukb.ch
ssl.ukb.ch
ukb00ncs104-e.ukb.ch
gast.ukb.ch
wwwsec.ukb.ch
ukb00ucc114.ukb.ch
www.ukb.ch
eroeffnung.ukb.ch
wwwsec.ukb.ch
wwwsec.urkb.ch
ukb00ucc114.ukb.ch
twint.ukb.ch
www.privasphere.com
www.ukb.ch
identifikation-test.ukb.ch
twint-test.ukb.ch
www.privasphere.com
dialog.sbb.ch
gast.ukb.ch
dialog.sbb.ch
ukbhb01mx01-e.urkb.ch
ukb00ucc114.ukb.ch
fintest-dev-wwwsec.ukb.ch
ssl.ukb.ch
identifikation.ukb.ch
satellite-test.ukb.ch
fintest-dev-wwwsec.ukb.ch
fintest-wwwsec.ukb.ch
wwwsec.ukb.ch
www.privasphere.com
ssl.ukb.ch
autodiscover.ukb.ch
www.ukb.ch
gast.ukb.ch
twint-test.ukb.ch
www.privasphere.com
ukbhb01mx01-e.urkb.ch
identifikation-test.ukb.ch
autodiscover.ukb.ch
fintest-e-banking.ukb.ch
twint.ukb.ch
wwwsec.ukb.ch
ukbhb01mx01-e.urkb.ch
zukunftsbild.ukb.ch
zukunftsbild.ukb.ch
eroeffnung.ukb.ch
www.ukb.ch
fintest-wwwsec.ukb.ch
ukb00ucc114.ukb.ch
identifikation-test.ukb.ch
ssl.ukb.ch
ukbhb01mx01-e.urkb.ch
www.ukb.ch
ukb00ncs106-e.ukb.ch
ukb00ucc114.ukb.ch
Certificate
The complete raw certificate details for twint.ukb.ch in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIGETCCA/mgAwIBAgIUR2RWKOP0INsXHiN6h6iPqWpkwBcwDQYJKoZIhvcNAQEL BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE AxMhU3dpc3NTaWduIFJTQSBUTFMgRFYgSUNBIDIwMjIgLSAxMB4XDTI0MDYxNDEx Mzg0OFoXDTI1MDYxNDExMzg0OFowFzEVMBMGA1UEAxMMdHdpbnQudWtiLmNoMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbRg4RMJSel3WBGwDWxeUysB cNct5YiyHamg2zJhg08zbh0nC5SiJC4t9kCXQp5mmAXoIKUhUTxo4NXFpaRsbXW9 QpYKoIy41J0Q/nefil+c9rHvAfThBjlb56XcHbaKzaM9Klwcd3+uWWt59c3LWLKV 2jVJxMvu1ll0MadKdC3keM105LrZRaNCBdkmPbhOWQZID4G+KZzA36XsnPXmNZHQ suW6MBywW4qqKawlKHQMZ8tL32Q6UMcdmvHDyLlzTw1SlNQh/MtSsjXBLM6FQm7s MbOXEukCxRzgwKKHEgHgg45rpbo2xWX7lYBhippIvf7pMwDTOdToNoa4aRce9QID AQABo4ICGjCCAhYwgbIGCCsGAQUFBwEBBIGlMIGiMEwGCCsGAQUFBzAChkBodHRw Oi8vYWlhLnN3aXNzc2lnbi5jaC9haXItMWI4NjMzODUtZjRhOS00N2ZhLTg4YTUt MmE1YWJmZDRhMTY3MFIGCCsGAQUFBzABhkZodHRwOi8vb2NzcC5zd2lzc3NpZ24u Y2gvc2lnbi9vY3MtYWFjY2NlZDUtNjZlOC00MDY5LTliMWItZmQyOWFiNzNlZmVj MG8GA1UdIARoMGYwCAYGZ4EMAQIBMAgGBgQAj3oBBjBQBghghXQBWQIBATBEMEIG CCsGAQUFBwIBFjZodHRwczovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS9Td2lz c1NpZ25fQ1BTX1RMUy5wZGYwUQYDVR0fBEowSDBGoESgQoZAaHR0cDovL2NybC5z d2lzc3NpZ24uY2gvY2RwLTY3OTcyM2IyLTg2NDEtNDY0Mi04NTAwLWY2ZDJmZjM3 ZTZiYTAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDgYDVR0PAQH/BAQD AgWgMBcGA1UdEQQQMA6CDHR3aW50LnVrYi5jaDAdBgNVHQ4EFgQUSP3Ay97FsnID z35n4SxRUTNcOKswHwYDVR0jBBgwFoAU671/SZOMye7sorr3HNJn8IOx6t4wEwYK KwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggIBAH2x+OZ8r4sVJVqQ 8PP3PPc4nlQwAq/PYzH4C8sbPMA3es0vJJeq4sHeNR5tvt/s75aMcIZdZHDrPr0V SLBMXnGRFdbassjcp2967kuYeo0ClzFZiXjJ2UWofRbaQeZzJqWE5Fr5N7Aln67z 1WR0cmpKnNYyIJl7FnsUC8oeQMCbcvjOoUXO/JBuUJJh6ptuKeDb1MOlv3zjdOwV Mpvry95xIhOgDCVLWRRAL6UMZGqMafv/q0Y7X5BTcK7wMSMERupYAoeF7rVIBdcB qyvJIDe/d3ygH2Q46ChI4uuc2CXdZC/itGdkeR8TfdipTfIdmqMLyKhPrVU73o8x UE/xng5/M2pKXXa7r4UXZKEunHfRrmXVIuiCM53ghA/siaYmEAknDLCPQEOA0cbL 1F+0SlRRrz+MC8xmTICxmXdNfJIqmmoeJkPNtJm+WesfYObB45p4kB0Rw+6l6Wc1 MYp21GSRYqyHCMKHPP4vvuofhGnLadM7eztjbx8BwZtOJHkcbIzaauSwwJetrFEo fM2vsqHdf4EEyfZJmGoTSyK9Tfx0GB896ikAMB9/Y+OPJv+4qRj4iysS/GlnXLen 08JvB0sG8R6qx2BK4Fpo/GHRQC5GTF+WraolDhXN0saBgL0V5HPsa4Gt7S8g94fh 5UsAMhYVoXiuupnVT2Kaf1i8DS7M -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbRg4RMJSel3WBGwDWxe UysBcNct5YiyHamg2zJhg08zbh0nC5SiJC4t9kCXQp5mmAXoIKUhUTxo4NXFpaRs bXW9QpYKoIy41J0Q/nefil+c9rHvAfThBjlb56XcHbaKzaM9Klwcd3+uWWt59c3L WLKV2jVJxMvu1ll0MadKdC3keM105LrZRaNCBdkmPbhOWQZID4G+KZzA36XsnPXm NZHQsuW6MBywW4qqKawlKHQMZ8tL32Q6UMcdmvHDyLlzTw1SlNQh/MtSsjXBLM6F Qm7sMbOXEukCxRzgwKKHEgHgg45rpbo2xWX7lYBhippIvf7pMwDTOdToNoa4aRce 9QIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 407575924819232818625344834452716386884167974935 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS DV ICA 2022 - 1' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-06-14 11:38:48 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-06-14 11:38:48 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'twint.ukb.ch' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22938081119975025984388639978854553999951583142565293287074428333301071339806976739597033589160834801941618939158923694784570474505936420511321190343974798356173963894624903360593623414842062608930224391666214642181255828973611344270675147858826207006792823434231147338124665510298453485062607841781133386622813117013457035663828604088686169018651475378480568526879775325265646070515941362311540115193319241850395799346685327446385181946760018129019249368465506849727727806347153485465548701999301065571951572897631944923196402328223168969159465492192218423852951506360210208319697947690909353757251451550848484056821 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-1b863385-f4a9-47fa-88a5-2a5abfd4a167' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-679723b2-8641-4642-8500-f6d2ff37e6ba' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (16 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'twint.ukb.ch' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 48fdc0cbdec5b27203cf7e67e12c5151335c38ab . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ebbd7f49938cc9eeeca2baf71cd267f083b1eade . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (4096 bits) 007db1f8e67caf8b15255a90f0f3f73cf7389e543002afcf6331f80bcb1b3cc0377acd2f2497aae2c1de351e6dbedfecef968c70865d6470eb3ebd1548b04c5e719115d6dab2c8dca76f7aee4b987a8d029731598978c9d945a87d16da41e67326a584e45af937b0259faef3d56474726a4a9cd63220997b167b140bca1e40c09b72f8cea145cefc906e509261ea9b6e29e0dbd4c3a5bf7ce374ec15329bebcbde712213a00c254b5914402fa50c646a8c69fbffab463b5f905370aef031230446ea58028785eeb54805d701ab2bc92037bf777ca01f6438e82848e2eb9cd825dd642fe2b46764791f137dd8a94df21d9aa30bc8a84fad553bde8f31504ff19e0e7f336a4a5d76bbaf851764a12e9c77d1ae65d522e882339de0840fec89a6261009270cb08f404380d1c6cbd45fb44a5451af3f8c0bcc664c80b199774d7c922a9a6a1e2643cdb499be59eb1f60e6c1e39a78901d11c3eea5e96735318a76d4649162ac8708c2873cfe2fbeea1f8469cb69d33b7b3b636f1f01c19b4e24791c6c8cda6ae4b0c097adac51287ccdafb2a1dd7f8104c9f649986a134b22bd4dfc74181f3dea2900301f7f63e38f26ffb8a918f88b2b12fc69675cb7a7d3c26f074b06f11eaac7604ae05a68fc61d1402e464c5f96adaa250e15cdd2c68180bd15e473ec6b81aded2f20f787e1e54b00321615a178aeba99d54f629a7f58bc0d2ecc