*.adrz.nl
Issued by GlobalSign Domain Validation CA - SHA256 - G2
About this certificate
This digital certificate with serial number 07:67:5b:e8:78:ad:2a:74:86:97:29:e9 was issued on by GlobalSign nv-sa.
With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.
We have idenified some issues with this certificate:
- Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)
Certificate Subject
CN=*.adrz.nl,OU=Domain Control Validated
GlobalSign nv-sa
Organization:
GlobalSign nv-sa
Country:
BE
This certificate has expire since
Certificate Details
Serial Number (hex): 07:67:5b:e8:78:ad:2a:74:86:97:29:e9Serial Number (int): 2291348451859941659883547113
Serial Number lenght: 91 bits, 12 octets
SubjectKeyId: 82:ed:a8:46:68:39:b8:07:00:7b:53:5c:45:45:db:ae:26:e3:3e:3b
AuthorityKeyId: ea:4e:7c:d4:80:2d:e5:15:81:86:26:8c:82:6d:c0:98:a4:cf:97:0f
Fingerprint (sha1): b1:b1:c8:2e:1e:86:68:c7:73:b5:33:a2:f6:d2:8d:1b:6a:c5:68:36
Fingerprint (sha256): 4e:bc:30:ac:2e:03:9f:ef:b3:2a:b9:a1:32:34:17:3f:10:a9:91:16:c5:62:28:5c:c6:78:91:88:d1:47:3a:f3
Issuing Certificate URL: http://secure.globalsign.com/cacert/gsdomainvalsha2g2r1.crt
Revocation information
OCSP Server: http://ocsp2.globalsign.com/gsdomainvalsha2g2CRL Distribution Point: http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl
Check the revocation status for certificate *.adrz.nl
2
DNS Names
0
Email Addresses
0
IP Addresses
Advanced Certificate Properties
Tehnical certificate details for *.adrz.nl
Public Key Algorithm
RSA
Key Size
2048
Signature Algorithm
SHA256 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10 extensions
No
unhandled critical extensions
CA Certificate
This is not a CA certificate
Subject Alternative Names
*.adrz.nl
adrz.nl
adrz.nl
Other certificates including the domain name adrz.nl
(limited to 100 certificates)
portal.adrz.nl
veiligmailen.adrz.nl
rooster.adrz.nl
mijnacc.adrz.nl
*.adrz.nl
access01.adrz.nl
rooster.adrz.nl
zorgdomein.adrz.nl
sign-zorgplatform.adrz.nl
sip.adrz.nl
adrz.nl
mijn.adrz.nl
ml.adrz.nl
roostertest.adrz.nl
zorgplatform.adrz.nl
*.adrz.nl
*.adrz.nl
*.adrz.nl
zorgportaal.adrz.nl
siamacc.adrz.nl
webmail.adrz.nl
*.adrz.nl
*.adrz.nl
mail.adrz.nl
webmail.adrz.nl
*.adrz.nl
rooster.adrz.nl
roostertest.adrz.nl
www.adrz.nl
*.adrz.nl
webmail.adrz.nl
zorgportaal.adrz.nl
webmail.adrz.nl
webmail.adrz.nl
www.adrz.nl
webmail.adrz.nl
www.adrz.nl
www.adrz.nl
mail.adrz.nl
www.adrz.nl
acceptatie-sign-zorgplatform.adrz.nl
www.adrz.nl
www.adrz.nl
webmail.adrz.nl
zorgportaalacc.adrz.nl
token.adrz.nl
webmail.adrz.nl
webmail.adrz.nl
oos.adrz.nl
veiligmailen.adrz.nl
acceptatie-zorgplatform.adrz.nl
veiligmailen.adrz.nl
rooster.adrz.nl
mijnacc.adrz.nl
*.adrz.nl
access01.adrz.nl
rooster.adrz.nl
zorgdomein.adrz.nl
sign-zorgplatform.adrz.nl
sip.adrz.nl
adrz.nl
mijn.adrz.nl
ml.adrz.nl
roostertest.adrz.nl
zorgplatform.adrz.nl
*.adrz.nl
*.adrz.nl
*.adrz.nl
zorgportaal.adrz.nl
siamacc.adrz.nl
webmail.adrz.nl
*.adrz.nl
*.adrz.nl
mail.adrz.nl
webmail.adrz.nl
*.adrz.nl
rooster.adrz.nl
roostertest.adrz.nl
www.adrz.nl
*.adrz.nl
webmail.adrz.nl
zorgportaal.adrz.nl
webmail.adrz.nl
webmail.adrz.nl
www.adrz.nl
webmail.adrz.nl
www.adrz.nl
www.adrz.nl
mail.adrz.nl
www.adrz.nl
acceptatie-sign-zorgplatform.adrz.nl
www.adrz.nl
www.adrz.nl
webmail.adrz.nl
zorgportaalacc.adrz.nl
token.adrz.nl
webmail.adrz.nl
webmail.adrz.nl
oos.adrz.nl
veiligmailen.adrz.nl
acceptatie-zorgplatform.adrz.nl
Certificate
The complete raw certificate details for *.adrz.nl in PEM and ASN.1 format.
Certificate (PEM)
-----BEGIN CERTIFICATE----- MIIFBTCCA+2gAwIBAgIMB2db6HitKnSGlynpMA0GCSqGSIb3DQEBCwUAMGAxCzAJ BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTYwNAYDVQQDEy1H bG9iYWxTaWduIERvbWFpbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0gRzIwHhcN MTYxMTI5MTE0OTEyWhcNMjAwMTE4MDc1NTUzWjA3MSEwHwYDVQQLExhEb21haW4g Q29udHJvbCBWYWxpZGF0ZWQxEjAQBgNVBAMMCSouYWRyei5ubDCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBALZSNAt47rwDC0thS88GFbZXtIMB7dVYcTj9 r/LQuIEdu74G9Ryo6BNV76TrY6RTZsX0F8qCts5osw1ljn7EXEba8DPee3BEaidp Y06Lya4ZyXRwLZSCD7r2P7VsHkBxOx1nC9b5Afrr8jNdfDxE7xc4h3U5yxX7aGri r6Lphvi/x9Bf8iMhPHE7XY4Dv9w6i0rpv3+T4yWUBcU1Ny9KZ5WX5mByjj9+OACO I9EhxSlVAf0EWIzI0++s3zoVlSBVF3iEkhFIUBdgRNBghDxE+9u44ldv7z/C4/Ey njOgBdESGlxlS/nO641fdveYqbmIf4pG82yO38kK3R0plffdHw8CAwEAAaOCAeYw ggHiMA4GA1UdDwEB/wQEAwIFoDCBlAYIKwYBBQUHAQEEgYcwgYQwRwYIKwYBBQUH MAKGO2h0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dzZG9tYWlu dmFsc2hhMmcycjEuY3J0MDkGCCsGAQUFBzABhi1odHRwOi8vb2NzcDIuZ2xvYmFs c2lnbi5jb20vZ3Nkb21haW52YWxzaGEyZzIwVgYDVR0gBE8wTTBBBgkrBgEEAaAy AQowNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVw b3NpdG9yeS8wCAYGZ4EMAQIBMAkGA1UdEwQCMAAwQwYDVR0fBDwwOjA4oDagNIYy aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9ncy9nc2RvbWFpbnZhbHNoYTJnMi5j cmwwHQYDVR0RBBYwFIIJKi5hZHJ6Lm5sggdhZHJ6Lm5sMB0GA1UdJQQWMBQGCCsG AQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUgu2oRmg5uAcAe1NcRUXbribjPjsw HwYDVR0jBBgwFoAU6k581IAt5RWBhiaMgm3AmKTPlw8wEwYKKwYBBAHWeQIEAwEB /wQCBQAwDQYJKoZIhvcNAQELBQADggEBAIDiOIaukVvO7FLK8bfCbyVdvda4xdCz YUgEpAFc1FyhFYZ/qbHptXsDJ1NG/kLJuwuScrNGkJv9yGaN75O+twvJRor1B+A/ vz5imnvJjoQetvOVfUNEYIEQws1k1N4DvQ4wLmw1lkmuxCajpT0qiX/IV6SdEOFi 1Sy4lMIKaWdcc7t0pR6EbALW2bLJNbmaQ6IIXunk7Oyl03w6c9HX7Crjarq2uDHa lTUWc47tLiEjhZxDl11D/JaXxRXsXPmDTe2Wgo9eyRp1Tr01kDNgiJfZdWWXQBtj /Pumo+9Ch3kIQtcVJHcUNiK3PFBh3OI3Z/89Olx5CTOOx1z+Nvur0tU= -----END CERTIFICATE-----
Public Key (PEM)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtlI0C3juvAMLS2FLzwYV tle0gwHt1VhxOP2v8tC4gR27vgb1HKjoE1XvpOtjpFNmxfQXyoK2zmizDWWOfsRc RtrwM957cERqJ2ljTovJrhnJdHAtlIIPuvY/tWweQHE7HWcL1vkB+uvyM118PETv FziHdTnLFftoauKvoumG+L/H0F/yIyE8cTtdjgO/3DqLSum/f5PjJZQFxTU3L0pn lZfmYHKOP344AI4j0SHFKVUB/QRYjMjT76zfOhWVIFUXeISSEUhQF2BE0GCEPET7 27jiV2/vP8Lj8TKeM6AF0RIaXGVL+c7rjV9295ipuYh/ikbzbI7fyQrdHSmV990f DwIDAQAB -----END PUBLIC KEY-----
ASN.1 decoded
[c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2 . . . . . . . . [c:0|t:2|false] INTEGER 2291348451859941659883547113 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign Domain Validation CA - SHA256 - G2' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-11-29 11:49:12 +0000 UTC . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-01-18 07:55:53 +0000 UTC . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName) . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Control Validated' . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName) . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.adrz.nl' . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption) . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23015907461875548203957661598172597971308569920259471767521362713298427417987809695491742941312639149814694123175259824307110046617942131309825710777348658786723214934078109462382193051219674760015075755930183436569992675790257968716991429481836271228058784703702420374659017323419008875547542917911143511397631423617217715419184764493322841879259288826218979857298741611542251637378007960319493956345494136021002026662099070952340859237138102853520131109073251410806788812191972005639375055245330044617863633755212842004213426614809236146479936270893398155266758341491366741326137466635057770950931008469355120631567 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537 . . . . . . . . [c:2|t:3|true] ORAddress . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits) 05a0 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure.globalsign.com/cacert/gsdomainvalsha2g2r1.crt' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsdomainvalsha2g2' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.10 (globalsignDVPolicy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (60 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.globalsign.com/gs/gsdomainvalsha2g2.crl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.adrz.nl' . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'adrz.nl' . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth) . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth) . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes) 82eda8466839b807007b535c4545dbae26e33e3b . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier) . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName ea4e7cd4802de5158186268c826dc098a4cf970f . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison) . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes) . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) . . . . . . . . [c:0|t:5|false] NULL . . . . [c:0|t:3|false] BIT STRING (2048 bits) 0080e23886ae915bceec52caf1b7c26f255dbdd6b8c5d0b3614804a4015cd45ca115867fa9b1e9b57b03275346fe42c9bb0b9272b346909bfdc8668def93beb70bc9468af507e03fbf3e629a7bc98e841eb6f3957d4344608110c2cd64d4de03bd0e302e6c359649aec426a3a53d2a897fc857a49d10e162d52cb894c20a69675c73bb74a51e846c02d6d9b2c935b99a43a2085ee9e4ececa5d37c3a73d1d7ec2ae36abab6b831da953516738eed2e2123859c43975d43fc9697c515ec5cf9834ded96828f5ec91a754ebd359033608897d9756597401b63fcfba6a3ef4287790842d7152477143622b73c5061dce23767ff3d3a5c7909338ec75cfe36fbabd2d5