rhin.karlsruhe.de

Issued by AlphaSSL CA - SHA256 - G2

About this certificate

This digital certificate with serial number 60:f3:ca:c8:ed:2f:7f:db:a4:75:7e:2c was issued on by GlobalSign nv-sa.

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=rhin.karlsruhe.de,OU=Domain Control Validated,C=DE

GlobalSign nv-sa

Organization: GlobalSign nv-sa
Country: BE

This certificate has expire since

Certificate Details

Serial Number (hex): 60:f3:ca:c8:ed:2f:7f:db:a4:75:7e:2c
Serial Number (int): 30005287541484855589504122412
Serial Number lenght: 95 bits, 12 octets

SubjectKeyId: c0:4a:b8:85:7d:42:a9:9e:00:13:f1:9e:49:67:02:85:a2:98:ad:60
AuthorityKeyId: f5:cd:d5:3c:08:50:f9:6a:4f:3a:b7:97:da:56:83:e6:69:d2:68:f7

Fingerprint (sha1): dd:81:74:c0:a0:ea:03:3d:98:f4:fd:a0:a3:c6:ea:7f:d1:1c:e7:78
Fingerprint (sha256): 52:94:da:4d:3d:50:10:f4:58:29:e9:f4:a2:99:d1:54:72:25:ad:8f:18:6d:ac:84:f0:e9:9a:e6:23:10:31:fb

Issuing Certificate URL: http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt

Revocation information

OCSP Server: http://ocsp2.globalsign.com/gsalphasha2g2
CRL Distribution Point: http://crl2.alphassl.com/gs/gsalphasha2g2.crl

Check the revocation status for certificate rhin.karlsruhe.de

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for rhin.karlsruhe.de

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

rhin.karlsruhe.de

Other certificates including the domain name karlsruhe.de

(limited to 100 certificates)
m.karlsruhe.de
matrix-seg.karlsruhe.de
www1.karlsruhe.de
*.hhs.karlsruhe.de
presse.karlsruhe.de
matrix-seg.karlsruhe.de
lernfabrik.karlsruhe.de
www.carl-benz-schule.de
*.cbs.karlsruhe.de
moodle.cbs.karlsruhe.de
wettbewerbe.karlsruhe.de
www.carl-benz-schule.de
wes.karlsruhe.de
www.karlsruhe.de
www.karlsruhe.de
wes.karlsruhe.de
www.mgg.karlsruhe.de
owncloud.mgg.karlsruhe.de
ces.karlsruhe.de
*.hms.karlsruhe.de
web1.karlsruhe.de
*.karlsruhe.de
www.staatstheater.karlsruhe.de
www1.karlsruhe.de
dienste.karlsruhe.de
kita.karlsruhe.de
*.staatstheater.karlsruhe.de
wes.karlsruhe.de
mail2.karlsruhe.de
transparenz.karlsruhe.de
otv.karlsruhe.de
*.list.karlsruhe.de
hms.karlsruhe.de
moodle.cbs.karlsruhe.de
moodle.ess.karlsruhe.de
kita.karlsruhe.de
ces.karlsruhe.de
*.ces.karlsruhe.de
*.karlsruhe.de
*.staatstheater.karlsruhe.de
wes.karlsruhe.de
kita.karlsruhe.de
formulare.karlsruhe.de
bekrujzq.web.belwue.de
wes.karlsruhe.de
cloud.mgg.karlsruhe.de
www.karlsruhe.de
huebsch.karlsruhe.de
cloud.mgg.karlsruhe.de
kalender.karlsruhe.de
cloud.staatstheater.karlsruhe.de
groupwise.hhs.karlsruhe.de
*.karlsruhe.de
*.cbs.karlsruhe.de
filr.ces.karlsruhe.de
geodaten.karlsruhe.de
web1.karlsruhe.de
ess.karlsruhe.de
*.staatstheater.karlsruhe.de
lernfabrik.karlsruhe.de
lernfabrik.karlsruhe.de
matrix-seg.karlsruhe.de
opac.karlsruhe.de
wes.karlsruhe.de
otv.karlsruhe.de
cloud.mgg.karlsruhe.de
*.karlsruhe.de
rhin.karlsruhe.de
moodlex.hhs.karlsruhe.de
lernfabrik.karlsruhe.de
otv.karlsruhe.de
www.staatstheater.karlsruhe.de
moodle.hhs.karlsruhe.de
*.karlsruhe.de
web3.karlsruhe.de
wettbewerbe.karlsruhe.de
moodlex.hhs.karlsruhe.de
dienste.karlsruhe.de
*.hhs.karlsruhe.de
opac.karlsruhe.de
formulare.karlsruhe.de
moodle.ess.karlsruhe.de
wes.karlsruhe.de
lernfabrik.karlsruhe.de
as.staatstheater.karlsruhe.de
matrix-seg2.karlsruhe.de
dienste.karlsruhe.de
moodle.cbs.karlsruhe.de
opac.karlsruhe.de
matrix-mdm.karlsruhe.de
outlook.vbk-online.de
*.hms.karlsruhe.de
*.hhs.karlsruhe.de
wes.karlsruhe.de
kalender.karlsruhe.de
*.karlsruhe.de
*.hhs.karlsruhe.de
www.staatstheater.karlsruhe.de
heimstiftung.karlsruhe.de
formulare.karlsruhe.de

Certificate

The complete raw certificate details for rhin.karlsruhe.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHUjCCBjqgAwIBAgIMYPPKyO0vf9ukdX4sMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSIwIAYDVQQDExlB
bHBoYVNTTCBDQSAtIFNIQTI1NiAtIEcyMB4XDTE2MTIwODE0NDEzNFoXDTE5MTIw
OTE0NDEzNFowTDELMAkGA1UEBhMCREUxITAfBgNVBAsTGERvbWFpbiBDb250cm9s
IFZhbGlkYXRlZDEaMBgGA1UEAxMRcmhpbi5rYXJsc3J1aGUuZGUwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC95GEh22lccVVn17lzcipz3D1OcetIjLrr
sOHp5C96yl397a2ewb/WteeGNfWRUoSbVONABfWatc4i1c0QPF5Agy5vUGXoQS6o
j7tCc2qgdDDwqIGEJ7Mz2eWScvWt73hkMdZnQT03vhb3HWJ6joCEDuV8E+Is4b66
0Rhv4SsVbkXjlMVNVPtySjI+CE7P+MsCZN51rvgDOUclo97MBkvbUrknIuzhPWtL
g3HJVcJg60US5BKVs+kx9mdgQFmSr1S5+7/K8W9n/Zn2o9of5AwmwBNZe1LpwVh1
HRO1Vls3erBGLF8cUNfW0WVJYzvpyCfMTaoQt7IjbZbGNA9cbXVTAgMBAAGjggQy
MIIELjAOBgNVHQ8BAf8EBAMCBaAwgYkGCCsGAQUFBwEBBH0wezBCBggrBgEFBQcw
AoY2aHR0cDovL3NlY3VyZTIuYWxwaGFzc2wuY29tL2NhY2VydC9nc2FscGhhc2hh
MmcycjEuY3J0MDUGCCsGAQUFBzABhilodHRwOi8vb2NzcDIuZ2xvYmFsc2lnbi5j
b20vZ3NhbHBoYXNoYTJnMjBXBgNVHSAEUDBOMEIGCisGAQQBoDIBCgowNDAyBggr
BgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20vcmVwb3NpdG9yeS8w
CAYGZ4EMAQIBMAkGA1UdEwQCMAAwPgYDVR0fBDcwNTAzoDGgL4YtaHR0cDovL2Ny
bDIuYWxwaGFzc2wuY29tL2dzL2dzYWxwaGFzaGEyZzIuY3JsMBwGA1UdEQQVMBOC
EXJoaW4ua2FybHNydWhlLmRlMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD
AjAdBgNVHQ4EFgQUwEq4hX1CqZ4AE/GeSWcChaKYrWAwHwYDVR0jBBgwFoAU9c3V
PAhQ+WpPOreX2laD5mnSaPcwggJtBgorBgEEAdZ5AgQCBIICXQSCAlkCVwB2AFYU
Bpov18Ls0/XhvUSyPsdGdrm8mRFcwO+UmFXWidDdAAABWN7h5+oAAAQDAEcwRQIg
dvBUBgMeJHSzVAw2I7C2tFh9Y2AVnpxc3nJURpm5xSoCIQDBIbINkQ0XJut4R1Af
imfjaB9Lzy713SsIU0Bsa0x7sQB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyIjT0R
xM227L7MAAABWN7h6HQAAAQDAEYwRAIgHojQqXuNoWW2Uvx/0K9n4mvr7hD4pmJE
3xZVWXCsuqACIBtxG1cBryQNXk/Gjnm6gNQcmJ+XchKucPHhHCou/4r5AHYApLkJ
kLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFY3uHolwAABAMARzBFAiA3
xW07mrHwa29qsu2Md5KVhAWCI2v+54h39jQjdoubWwIhAPLIFDmfE9fMpj9yAreh
dxFKVYGjznF6fHfj5Oq6TgzIAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZk
No4e0YUAAAFY3uHpRgAABAMARzBFAiBMbjO1iNdYw+48z2nvFFQz0Zd6mNDTniXc
aZYXFvDLVgIhAII4hBZrmUn/xdcymlD/+mNXjMIKDt59iau+jEbvzTkSAHYA7ku9
t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFY3uHrjgAABAMARzBFAiBM
VTreYzp4qMQ29dAKvdDQREYKhu0sKI/NnyCHy/J/WwIhAJBAuEhMdGqmjzpHSMZp
3DLXNqG/MLobQH3ud6Pcy5frMA0GCSqGSIb3DQEBCwUAA4IBAQBKPlKCF3wDS/dm
ss5rM+/DKLKgz/GkO+B+6E04JsfnkFNPPfgkRfnfwXdZu6SLQ3G00R0kIpPkWfED
I10X2xzsO4U++sA2v/iMvdiPPjOgmA0ipNiQmwQ+1DBOKU98SvEgOD1o4bt6U/Ra
q1VEDcsVWXhxMc59nvTA+NnaVc8gPZQRgKH9aIJuDW5GQt8sZLjDo6gl/ivPfWej
ANR+HAQSl7dVf2psMtsbXdf4t3cqyukEcfaG86VRYEGUBw4Enyqf4R/out8uealM
mIHGhmHHYpze1I9Y3gVauDGaU0NRQWrdydXmFOxobINe4JOzr8svc/X5cr4X4hKT
BDvOy5PG
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAveRhIdtpXHFVZ9e5c3Iq
c9w9TnHrSIy667Dh6eQvespd/e2tnsG/1rXnhjX1kVKEm1TjQAX1mrXOItXNEDxe
QIMub1Bl6EEuqI+7QnNqoHQw8KiBhCezM9nlknL1re94ZDHWZ0E9N74W9x1ieo6A
hA7lfBPiLOG+utEYb+ErFW5F45TFTVT7ckoyPghOz/jLAmTeda74AzlHJaPezAZL
21K5JyLs4T1rS4NxyVXCYOtFEuQSlbPpMfZnYEBZkq9Uufu/yvFvZ/2Z9qPaH+QM
JsATWXtS6cFYdR0TtVZbN3qwRixfHFDX1tFlSWM76cgnzE2qELeyI22WxjQPXG11
UwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 30005287541484855589504122412
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'BE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GlobalSign nv-sa'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'AlphaSSL CA - SHA256 - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2016-12-08 14:41:34 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-12-09 14:41:34 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Domain Control Validated'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'rhin.karlsruhe.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 23971657729335007250670050130380963452430047703266387796292252806972839917059470603762512301682695820101933365883840212837708686426517703277056827342348856518894102268431580859086127416888139787256309161579598224444157907257467583595123561211643743597457228446716280127676697089384056285703572303445923759185862634235170193587006910792997170045833264667111507748153020126508438118729321227619734347503834253745166543936445513785771828016384194721754861846845608678979230085235254304541082838494606061972813267845538088521481610612698921630535800965011450087530613583847200613206897329105697529418083734125080380011859
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (125 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp2.globalsign.com/gsalphasha2g2'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.4146.1.10.10 (Domain Validation Certificates Policy - AlphaSSL)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://www.globalsign.com/repository/'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl2.alphassl.com/gs/gsalphasha2g2.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (21 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'rhin.karlsruhe.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							c04ab8857d42a99e0013f19e49670285a298ad60
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f5cdd53c0850f96a4f3ab797da5683e669d268f7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (605 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (601 bytes)
							02570076005614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd00000158dee1e7ea0000040300473045022076f05406031e2474b3540c3623b0b6b4587d6360159e9c5cde72544699b9c52a022100c121b20d910d1726eb7847501f8a67e3681f4bcf2ef5dd2b0853406c6b4c7bb1007500ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc00000158dee1e874000004030046304402201e88d0a97b8da165b652fc7fd0af67e26bebee10f8a66244df16555970acbaa002201b711b5701af240d5e4fc68e79ba80d41c989f977212ae70f1e11c2a2eff8af9007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000158dee1e8970000040300473045022037c56d3b9ab1f06b6f6ab2ed8c779295840582236bfee78877f63423768b9b5b022100f2c814399f13d7cca63f7202b7a177114a5581a3ce717a7c77e3e4eaba4e0cc8007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000158dee1e946000004030047304502204c6e33b588d758c3ee3ccf69ef145433d1977a98d0d39e25dc69961716f0cb56022100823884166b9949ffc5d7329a50fffa63578cc20a0ede7d89abbe8c46efcd3912007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000158dee1eb8e000004030047304502204c553ade633a78a8c436f5d00abdd0d044460a86ed2c288fcd9f2087cbf27f5b0221009040b8484c746aa68f3a4748c669dc32d736a1bf30ba1b407dee77a3dccb97eb
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		004a3e5282177c034bf766b2ce6b33efc328b2a0cff1a43be07ee84d3826c7e790534f3df82445f9dfc17759bba48b4371b4d11d242293e459f103235d17db1cec3b853efac036bff88cbdd88f3e33a0980d22a4d8909b043ed4304e294f7c4af120383d68e1bb7a53f45aab55440dcb1559787131ce7d9ef4c0f8d9da55cf203d941180a1fd68826e0d6e4642df2c64b8c3a3a825fe2bcf7d67a300d47e1c041297b7557f6a6c32db1b5dd7f8b7772acae90471f686f3a551604194070e049f2a9fe11fe8badf2e79a94c9881c68661c7629cded48f58de055ab8319a534351416addc9d5e614ec686c835ee093b3afcb2f73f5f972be17e21293043bcecb93c6