imito.stgag.ch

- thurmed AG -

Issued by SwissSign RSA TLS OV ICA 2022 - 1

About this certificate

This digital certificate with serial number 32:13:ff:49:4e:cb:49:87:c3:e8:c9:cb:0b:32:34:99:30:1c:41:c7 was issued on by SwissSign AG.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

thurmed AG

Organization: thurmed AG
State / Province: TG
Locality: Frauenfeld
Country: CH

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 32:13:ff:49:4e:cb:49:87:c3:e8:c9:cb:0b:32:34:99:30:1c:41:c7
Serial Number (int): 285895491278224753448589109196985750474947576263
Serial Number lenght: 158 bits, 20 octets

SubjectKeyId: e8:c5:61:82:96:af:27:58:c1:29:84:61:98:02:cd:7b:e2:7e:4f:47
AuthorityKeyId: 7c:6f:0a:6f:13:0f:d9:8c:24:6f:26:34:f3:5c:6b:43:6d:b7:23:b6

Fingerprint (sha1): 57:1a:55:44:c6:2e:51:d0:0a:8b:db:6e:6a:f5:a5:34:3c:d8:4d:7a
Fingerprint (sha256): 52:ba:1d:65:7b:89:3c:df:57:e1:24:18:e6:94:e3:c1:61:8c:82:ec:64:07:4a:7d:2d:28:1c:c9:8e:89:69:b4

Issuing Certificate URL: http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34

Check the revocation status for certificate imito.stgag.ch

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for imito.stgag.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

imito.stgag.ch

Other certificates including the domain name stgag.ch

(limited to 100 certificates)
imito-test.stgag.ch
af.stgag.ch
www.stgag.ch
pol.swiss
pol.swiss
pol.swiss
rekrutierung.stgag.ch
pol.swiss
pol.swiss
stgag.ch
imito-test.stgag.ch
pol.swiss
imito.stgag.ch
imito-test.stgag.ch
pol.swiss
pol.swiss
www.stgag.ch
mail.stgag.ch
pol.swiss
www.stgag.ch
stgag.ch
www.stgag.ch
www.stgag.ch
stg-xapf.stgag.ch
stg-xapf.stgag.ch
am.stgag.ch
nova-sc.stgag.ch
stgag.ch
*.stgag.ch
stgag.ch
stgag.ch
jobportal.stgag.ch
pol.swiss
www.stgag.ch
imito.stgag.ch
imito.stgag.ch
www.stgag.ch
stg-xapf.stgag.ch
jobportal.stgag.ch
imito-test.stgag.ch
pol.swiss
expe.stgag.ch
*.stgag.ch
*.stgag.ch
*.stgag.ch
stgag.ch
*.stgag.ch
imito.stgag.ch
imito-test.stgag.ch
pol.swiss
imito-test.stgag.ch
imito.stgag.ch
pol.swiss
jobportal.stgag.ch
jobportal.stgag.ch
stg-xapf.stgag.ch
stgag.ch
pol.swiss
jobportal.stgag.ch
stg-xapf.stgag.ch
expe.stgag.ch
www.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
pol.swiss
pol.swiss
imito.stgag.ch
stg-wifi-gast.stgag.ch
*.stgag.ch
imito.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
pol.swiss
pol.swiss
pol.swiss
imito-test.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
nova-sc.stgag.ch
imito-test.stgag.ch
*.stgag.ch
*.stgag.ch
stgag.ch
rekrutierung.stgag.ch
imito.stgag.ch
pol.swiss
stg-wifi-gast.stgag.ch
stgag.ch
jobportal.stgag.ch
af.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
jobportal.stgag.ch
am.stgag.ch
stgag.ch
stg-xapf.stgag.ch

Certificate

The complete raw certificate details for imito.stgag.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGWTCCBEGgAwIBAgIUMhP/SU7LSYfD6MnLCzI0mTAcQccwDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgT1YgSUNBIDIwMjIgLSAxMB4XDTIzMDgwOTA5
NTQ0N1oXDTI0MDgwOTA5NTQ0N1owXTELMAkGA1UEBhMCQ0gxCzAJBgNVBAgMAlRH
MRMwEQYDVQQHDApGcmF1ZW5mZWxkMRMwEQYDVQQKDAp0aHVybWVkIEFHMRcwFQYD
VQQDEw5pbWl0by5zdGdhZy5jaDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAO2ezki0yR24GrRnKH/6ooqfynJy4u/k33tzpphloMl52S3iIrYM4DMrMbAG
YDMOrHlDTk3c4B1LALBcFAoMJ3uqealOcSM80bmci7d5d2wjMmuQTGLr69kWv+KG
Jb65kzarwdR7ECrcURAcWfRsEy3Ne1pbhhXFWN1772WMZ995UvlO3zu+rvi/CdGW
QrjzODptFbPV87iqknhoD9zs2On36/iWWgdJ0KEPsRxZUCb06mbYQ4+xqwt62PE+
IH+WG3jtRK4IZZyTiTUGI7Pb6+r7KyxM5wfPV0CSYuHhb7Lt8ULK99uLNRLxdGBY
Bqp8EeGNrQT5h5J/H+cC5QTUA5MCAwEAAaOCAhwwggIYMIGyBggrBgEFBQcBAQSB
pTCBojBMBggrBgEFBQcwAoZAaHR0cDovL2FpYS5zd2lzc3NpZ24uY2gvYWlyLTBm
MmJmOWE1LWRkMzctNDhjOS1hODViLTEyYWNkY2I4YmU0NTBSBggrBgEFBQcwAYZG
aHR0cDovL29jc3Auc3dpc3NzaWduLmNoL3NpZ24vb2NzLWFhY2NjZWQ1LTY2ZTgt
NDA2OS05YjFiLWZkMjlhYjczZWZlYzBvBgNVHSAEaDBmMAgGBmeBDAECAjAIBgYE
AI96AQcwUAYIYIV0AVkCAQIwRDBCBggrBgEFBQcCARY2aHR0cHM6Ly9yZXBvc2l0
b3J5LnN3aXNzc2lnbi5jb20vU3dpc3NTaWduX0NQU19UTFMucGRmMFEGA1UdHwRK
MEgwRqBEoEKGQGh0dHA6Ly9jcmwuc3dpc3NzaWduLmNoL2NkcC05NmI2MmY1YS02
YjczLTRkYTQtODdmNy1jZTQwMDJjMWNkMzQwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIFoDAZBgNVHREEEjAQgg5pbWl0by5zdGdh
Zy5jaDAdBgNVHQ4EFgQU6MVhgpavJ1jBKYRhmALNe+J+T0cwHwYDVR0jBBgwFoAU
fG8KbxMP2YwkbyY081xrQ223I7YwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZI
hvcNAQELBQADggIBAAq3BQmXvylzLnWYOXxsVfR64O5TIrIvQy8uNfvghN2GjFL1
ZqMAmFNJo/LLSUE2u9zxBZlLY8ZlwSi783cFM+za9ojWxt5v/3TeuWmUJPvureuJ
uHiJY434zE3BtqoHhPrL54VLt7lmoVvjtAbwl8O0K+Up7Bs4eiiqQ/H/6B+iUinG
RGIinXQEIeIDRHKvxLMH5D27OfQRN5TiKAQlMJdYVmwUzYNQi8P30E9IHyyPE0rX
tLibWmFgX+MAsvnrIdv/EzLssFOo58yFZNwz2HZFvQbeK3KgDb0u2Og3VPjQMNhO
mWPlJcUEvzdO6V1qFvOS6mQ7+UpR/g+IVPCGTJ3DTU++j0Vp6HRc2uHwgFCYv9F6
VmiSTh8ep6/j9di9PoDdK+z/8bTE7mw09QvXrJnZMsK/3MG2tRRuKGRu4XA2uW4I
ZTRJxywAzfCv6wh4z+vEiQC8lmRZY+StauTkao6xnDQXzAW1pwcPAkxEzB2xrl2V
eS71yQpy9JnelsxjcihJoZW7noc4PGE60IK0yONBNI8j5IpKb2JMBBqExkCcSOGN
ybTj1vPTqcOmfV/MvEpaMSN8MnQPa3OskC4rTweB8lsjTmHMpoZ9cidM0lXN4rlM
6Q/bjFQfBEr6DS3HeD/3GhqpXRXDrA3cB5k9aqyrPv/KcnWt3Gil6N17e2ZM
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Z7OSLTJHbgatGcof/qi
ip/KcnLi7+Tfe3OmmGWgyXnZLeIitgzgMysxsAZgMw6seUNOTdzgHUsAsFwUCgwn
e6p5qU5xIzzRuZyLt3l3bCMya5BMYuvr2Ra/4oYlvrmTNqvB1HsQKtxREBxZ9GwT
Lc17WluGFcVY3XvvZYxn33lS+U7fO76u+L8J0ZZCuPM4Om0Vs9XzuKqSeGgP3OzY
6ffr+JZaB0nQoQ+xHFlQJvTqZthDj7GrC3rY8T4gf5YbeO1ErghlnJOJNQYjs9vr
6vsrLEznB89XQJJi4eFvsu3xQsr324s1EvF0YFgGqnwR4Y2tBPmHkn8f5wLlBNQD
kwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 285895491278224753448589109196985750474947576263
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS OV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-08-09 09:54:47 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-08-09 09:54:47 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'TG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Frauenfeld'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'thurmed AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'imito.stgag.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29996788334067260585356737453613994584402400952957567940894517364766222933455862571551002192216261110707947966274821107948843764957284646562088903290864931873554853865379400604586910972793331720303693562467352412043315795127407095046252760931814843258577804349986501942439527675043577550544218406814627315315537831154764373895768038883524899607465533446260404698995929270638340417492825819054757055183416865339377796068940042842173915389052255921483757451210805607772265680705550108940424119413483634618169100822965228780231331061696485646075272718416735667123442399655301653605919915323618004492380841991665213506451
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (18 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'imito.stgag.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e8c5618296af2758c12984619802cd7be27e4f47
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 7c6f0a6f130fd98c246f2634f35c6b436db723b6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		000ab7050997bf29732e7598397c6c55f47ae0ee5322b22f432f2e35fbe084dd868c52f566a300985349a3f2cb494136bbdcf105994b63c665c128bbf3770533ecdaf688d6c6de6fff74deb9699424fbeeadeb89b87889638df8cc4dc1b6aa0784facbe7854bb7b966a15be3b406f097c3b42be529ec1b387a28aa43f1ffe81fa25229c64462229d740421e2034472afc4b307e43dbb39f4113794e2280425309758566c14cd83508bc3f7d04f481f2c8f134ad7b4b89b5a61605fe300b2f9eb21dbff1332ecb053a8e7cc8564dc33d87645bd06de2b72a00dbd2ed8e83754f8d030d84e9963e525c504bf374ee95d6a16f392ea643bf94a51fe0f8854f0864c9dc34d4fbe8f4569e8745cdae1f0805098bfd17a5668924e1f1ea7afe3f5d8bd3e80dd2becfff1b4c4ee6c34f50bd7ac99d932c2bfdcc1b6b5146e28646ee17036b96e08653449c72c00cdf0afeb0878cfebc48900bc96645963e4ad6ae4e46a8eb19c3417cc05b5a7070f024c44cc1db1ae5d95792ef5c90a72f499de96cc63722849a195bb9e87383c613ad082b4c8e341348f23e48a4a6f624c041a84c6409c48e18dc9b4e3d6f3d3a9c3a67d5fccbc4a5a31237c32740f6b73ac902e2b4f0781f25b234e61cca6867d72274cd255cde2b94ce90fdb8c541f044afa0d2dc7783ff71a1aa95d15c3ac0ddc07993d6aacab3effca7275addc68a5e8dd7b7b664c