mia2.aldi-sued.com

- ALDI International Services GmbH & Co. oHG -

Issued by Trusted Secure Certificate Authority 5

About this certificate

This digital certificate with serial number c1:f9:38:cf:d5:fb:c1:46:e0:90:08:b7:ab:ca:44:08 was issued on by Corporation Service Company.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

ALDI International Services GmbH & Co. oHG

Organization: ALDI International Services GmbH & Co. oHG
Organization unit: International Information Technology
Organization unit: Enterprise SSL
Address: Mintarder Strasse 38-40
Postal code: 45481
State / Province: Nordrhein-Westfalen
Locality: Muelheim an der Ruhr
Country: DE

Corporation Service Company

Organization: Corporation Service Company
State / Province: DE
Locality: Wilmington
Country: US

This certificate has expire since

Certificate Details

Serial Number (hex): c1:f9:38:cf:d5:fb:c1:46:e0:90:08:b7:ab:ca:44:08
Serial Number (int): 257835037385656040693054972738272904200
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 28:97:0e:8d:ea:ae:4f:64:b5:42:fe:91:84:1c:64:5c:2d:79:b9:b9
AuthorityKeyId: f2:bb:55:ee:fc:8f:cf:d0:3f:14:68:1a:95:7e:79:0e:ab:17:30:f4

Fingerprint (sha1): b3:07:b1:d3:ed:cb:65:a1:8c:dc:be:8f:b9:48:9f:6a:66:42:03:9d
Fingerprint (sha256): 52:ec:66:a6:33:54:44:de:11:2f:9f:2d:cc:71:3c:e4:1f:9a:af:23:b0:47:11:21:e4:8c:bf:1e:8c:77:ad:d3

Issuing Certificate URL: http://crt.usertrust.com/TrustedSecureCertificateAuthority5.crt

Revocation information

OCSP Server: http://ocsp.usertrust.com
CRL Distribution Point: http://crl.usertrust.com/TrustedSecureCertificateAuthority5.crl

Check the revocation status for certificate mia2.aldi-sued.com

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mia2.aldi-sued.com

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

mia2.aldi-sued.com
www.mia2.aldi-sued.com

Other certificates including the domain name aldi-sued.com

(limited to 100 certificates)
www.aldi-sued.com
fvs.aldi-sued.com
yourls.k8s-prod.aldi-sued.com
karriere.hofer.at
karriere.hofer.at
videoconference.aldi-sued.com
clarity-dev.aldi-sued.com
mgate02.aldi-sued.com
snow2solman-dev.aldi-sued.com
*.qa.aldi-sued.com
cms806.aldi-sued.com
eid.prod.aldi-sued.com
stsl01.aldi-sued.com
eid.prod.aldi-sued.com
ameportal.aldi-sued.com
cms.aldi-sued.com
testextranet.aldi-sued.com
www.aldi-sued.com
cms807.aldi-sued.com
webinterface-test-ptp.aldi-sued.com
ame.aldi-sued.com
karriere.hofer.at
www.aldi-sued.com
mgate02.aldi-sued.com
www.aldi-sued.com
www.aldi-sued.com
gitlab.k8s-gitlab-test.aldi-sued.com
sft.aldi-sued.com
innovation.aldi-sued.com
karriere.hofer.at
snow2solman-prod.aldi-sued.com
cms806.aldi-sued.com
www.aldi-sued.de
webinterface-ptp.aldi-sued.com
gateway-test.aldi-sued.com
www.aldi-sued.com
mia2.aldi-sued.com
sft.aldi-sued.com
cms-test.aldi-sued.com
www.aldi-sued.com
redmine.aldi-sued.com
stsl01.aldi-sued.com
gateway-test.aldi-sued.com
cms806.aldi-sued.com
mia2.aldi-sued.com
clarity-dev.aldi-sued.com
www.aldi-sued.com
eid.prod.aldi-sued.com
extranet.aldi-sued.com
www.aldi-sued.de
www.aldi-sued.com
confluence.aldi-sued.com
ame.aldi-sued.com
cr-report.aldi-sued.com
www.aldi-sued.com
*.qa.aldi-sued.com
redmine.aldi-sued.com
www.aldi-sued.com
snow2solman-test.aldi-sued.com
www.aldi-sued.com
webmail.aldi-sued.com
clarity.aldi-sued.com
snow2solman-prod.aldi-sued.com
www.aldi-sued.com
sft.aldi-sued.com
cms-test.aldi-sued.com
www.aldi-sued.com
webinterface-test-ptp.aldi-sued.com
videoconference.aldi-sued.com
ameportal.aldi-sued.com
ameportal.aldi-sued.com
eid.qa2.aldi-sued.com
www.aldi-sued.com
www.aldi-sued.com
www.aldi-sued.com
wayback.aldi-sued.com
workspace.aldi-sued.com
karriere.hofer.at
karriere.hofer.at
webmail.aldi-sued.com
cms805.aldi-sued.com
securemail.aldi-sued.com
extranet.aldi-sued.com
www.aldi-sued.com
mgate02.aldi-sued.com
ame.aldi-sued.com
securemail.aldi-sued.com
gateway-test.aldi-sued.com
cms806.aldi-sued.com
*.qa.aldi-sued.com
clarity.aldi-sued.com
redmine.aldi-sued.com
stsl01.aldi-sued.com
redmine.aldi-sued.com
www.aldi-sued.com
wstat.aldi-sued.com
workspace.aldi-sued.com
smasa-mock.k8s-prod02.aldi-sued.com
stsl02.aldi-sued.com
gateway-test.aldi-sued.com

Certificate

The complete raw certificate details for mia2.aldi-sued.com in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHijCCBnKgAwIBAgIRAMH5OM/V+8FG4JAIt6vKRAgwDQYJKoZIhvcNAQELBQAw
gYYxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJERTETMBEGA1UEBxMKV2lsbWluZ3Rv
bjEkMCIGA1UEChMbQ29ycG9yYXRpb24gU2VydmljZSBDb21wYW55MS8wLQYDVQQD
EyZUcnVzdGVkIFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgNTAeFw0xODEx
MjMwMDAwMDBaFw0yMDExMjIyMzU5NTlaMIIBFzELMAkGA1UEBhMCREUxDjAMBgNV
BBETBTQ1NDgxMRwwGgYDVQQIExNOb3JkcmhlaW4tV2VzdGZhbGVuMR0wGwYDVQQH
ExRNdWVsaGVpbSBhbiBkZXIgUnVocjEgMB4GA1UECRMXTWludGFyZGVyIFN0cmFz
c2UgMzgtNDAxNDAyBgNVBAoMK0FMREkgIEludGVybmF0aW9uYWwgU2VydmljZXMg
R21iSCAmIENvLiBvSEcxLTArBgNVBAsTJEludGVybmF0aW9uYWwgSW5mb3JtYXRp
b24gVGVjaG5vbG9neTEXMBUGA1UECxMORW50ZXJwcmlzZSBTU0wxGzAZBgNVBAMT
Em1pYTIuYWxkaS1zdWVkLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAIDH+ZDx10BRi8ru5MKuUO+yju/YYMrhPvGh2MKRxpUOukoyRGYA0rBgHSXh
AzVX7lbeZ1GQ9H9xIfZzwme3F3/tugV6LELOlscBId3hZIhfl4aEqYQt23SbF6Hj
s+/aZkO5TJYlCStHiWLPMVe6db3K247+334QU7yZ+fjsnGpWqtTt7xwtd6Inip4+
0IPEPm/mQfyACMC0cs4XVt+9513sshcwPQueVwYwMIhDmnEol+PYrdDfB+ONP4gb
sLpdJBOt0rXbm7nxvAdtGH96hsbgLivBIDj1MGu8hANfv4AqsuaH7AfaB7JCbTce
5dw0oomHetqMiTYhh/8mbELYV0sCAwEAAaOCA10wggNZMB8GA1UdIwQYMBaAFPK7
Ve78j8/QPxRoGpV+eQ6rFzD0MB0GA1UdDgQWBBQolw6N6q5PZLVC/pGEHGRcLXm5
uTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwSwYDVR0gBEQwQjA2BgsrBgEEAbIxAQICCDAnMCUGCCsG
AQUFBwIBFhlodHRwczovL2Nwcy51c2VydHJ1c3QuY29tMAgGBmeBDAECAjBQBgNV
HR8ESTBHMEWgQ6BBhj9odHRwOi8vY3JsLnVzZXJ0cnVzdC5jb20vVHJ1c3RlZFNl
Y3VyZUNlcnRpZmljYXRlQXV0aG9yaXR5NS5jcmwwgYIGCCsGAQUFBwEBBHYwdDBL
BggrBgEFBQcwAoY/aHR0cDovL2NydC51c2VydHJ1c3QuY29tL1RydXN0ZWRTZWN1
cmVDZXJ0aWZpY2F0ZUF1dGhvcml0eTUuY3J0MCUGCCsGAQUFBzABhhlodHRwOi8v
b2NzcC51c2VydHJ1c3QuY29tMDUGA1UdEQQuMCyCEm1pYTIuYWxkaS1zdWVkLmNv
bYIWd3d3Lm1pYTIuYWxkaS1zdWVkLmNvbTCCAX0GCisGAQQB1nkCBAIEggFtBIIB
aQFnAHUAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFnQKiefQAA
BAMARjBEAiBalx39TUI3M4AJ233tOlCI2eeVG3m9ulhHs3aN9MLNzwIgK6RJlrsx
Yv8MyKORdMtYROj69fOQacd216u6CUrDF+kAdgBep3P531bA57U2SH3QSeAyepGa
DIShEhKEGHWWgXFFWAAAAWdAqJ6OAAAEAwBHMEUCIHkh80Csu4MmEh0Mp4BrxSBl
kJSp7L7AQ1N3fIWWdDbKAiEAqQorknrtB1kD83iwieQuhMGRY7VXugrR9fbNSuJy
v10AdgDwlaRZ8gDRgkAQLS+TiI6tS/4dR+OZ4dA0prCoqo6ycwAAAWdAqJ6gAAAE
AwBHMEUCICFad80RVpx3jU091JeY0ob3H91YkswQdyzKLWGhIBjQAiEAtL8oVO+1
lkXtpI7jq/hTVnZQIN2qHmT6BwLOW8k3uXwwDQYJKoZIhvcNAQELBQADggEBAIuo
nYcg9pG+PLq6UNM5YvuncKEQ8tfjEQ/eDDGtgyOTKWslbllgTOt/p8OmLiDHwI4d
4t0AWYLb/6ozgMSqfY5Ag0sp4bdmBmd4wmWUvVA+BMrdCFfuT5SM/iKj1LgVKgy5
C04wlRM+x4yYqrCdReVKYl62TBIjGAqeJ0beuuR5G1kTYef+idjjrJ00aa0rh5Ab
zlAz2ppPJTbbXxx3FSYefE0vu40RC41/FpJFQiPhpXu0rBzmG6DGTfXK4ZpALcot
6bhsq8WArWF22SUapVjkcGEPT5BE63w+hZsQi0VjIpebdHNqRqoXle1r6BYsNJyN
mS9sczXC8/+TU9RQdAY=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMf5kPHXQFGLyu7kwq5Q
77KO79hgyuE+8aHYwpHGlQ66SjJEZgDSsGAdJeEDNVfuVt5nUZD0f3Eh9nPCZ7cX
f+26BXosQs6WxwEh3eFkiF+XhoSphC3bdJsXoeOz79pmQ7lMliUJK0eJYs8xV7p1
vcrbjv7ffhBTvJn5+Oycalaq1O3vHC13oieKnj7Qg8Q+b+ZB/IAIwLRyzhdW373n
XeyyFzA9C55XBjAwiEOacSiX49it0N8H440/iBuwul0kE63StdubufG8B20Yf3qG
xuAuK8EgOPUwa7yEA1+/gCqy5ofsB9oHskJtNx7l3DSiiYd62oyJNiGH/yZsQthX
SwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 257835037385656040693054972738272904200
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'US'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Wilmington'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Corporation Service Company'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Trusted Secure Certificate Authority 5'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-11-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-11-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.17 (postalCode)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '45481'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Nordrhein-Westfalen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Muelheim an der Ruhr'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.9 (streetAddress)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Mintarder Strasse 38-40'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'ALDI  International Services GmbH & Co. oHG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'International Information Technology'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Enterprise SSL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'mia2.aldi-sued.com'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 16257114318324850885309562428826199485643645482533182130807800142650741808188152679404685944592610692833147768745929929565623639930203511194223675443266869930823471267212113687187703683352757894041300518879475962930891502245945949427419134374242998630178460001235036999354060731089828389960705837891227574507384776719565891357530275139657897888634254100008457585524694146776994075485376176435219205808893304753172112408964587238133177748912404727720700494430808865699638015473215427877501574372381736869121781104245018240391208754778827636410162438270636532842034365528682205237129328104787104829002066753491559798603
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName f2bb55eefc8fcfd03f14681a957e790eab1730f4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							28970e8deaae4f64b542fe91841c645c2d79b9b9
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (68 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.8
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://cps.usertrust.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (73 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.usertrust.com/TrustedSecureCertificateAuthority5.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (118 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crt.usertrust.com/TrustedSecureCertificateAuthority5.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.usertrust.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (46 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mia2.aldi-sued.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.mia2.aldi-sued.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007500bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016740a89e7d000004030046304402205a971dfd4d4237338009db7ded3a5088d9e7951b79bdba5847b3768df4c2cdcf02202ba44996bb3162ff0cc8a39174cb5844e8faf5f39069c776d7abba094ac317e90076005ea773f9df56c0e7b536487dd049e0327a919a0c84a1121284187596817145580000016740a89e8e000004030047304502207921f340acbb8326121d0ca7806bc520659094a9ecbec04353777c85967436ca022100a90a2b927aed075903f378b089e42e84c19163b557ba0ad1f5f6cd4ae272bf5d007600f095a459f200d18240102d2f93888ead4bfe1d47e399e1d034a6b0a8aa8eb2730000016740a89ea000000403004730450220215a77cd11569c778d4d3dd49798d286f71fdd5892cc10772cca2d61a12018d0022100b4bf2854efb59645eda48ee3abf85356765020ddaa1e64fa0702ce5bc937b97c
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		008ba89d8720f691be3cbaba50d33962fba770a110f2d7e3110fde0c31ad832393296b256e59604ceb7fa7c3a62e20c7c08e1de2dd005982dbffaa3380c4aa7d8e40834b29e1b766066778c26594bd503e04cadd0857ee4f948cfe22a3d4b8152a0cb90b4e3095133ec78c98aab09d45e54a625eb64c1223180a9e2746debae4791b591361e7fe89d8e3ac9d3469ad2b87901bce5033da9a4f2536db5f1c7715261e7c4d2fbb8d110b8d7f1692454223e1a57bb4ac1ce61ba0c64df5cae19a402dca2de9b86cabc580ad6176d9251aa558e470610f4f9044eb7c3e859b108b456322979b74736a46aa1795ed6be8162c349c8d992f6c7335c2f3ff9353d4507406