gbav.bronckhorst.nl

- Gemeente Bronckhorst -

Issued by KPN BV PKIoverheid Organisatie Server CA - G3

About this certificate

This digital certificate with serial number 36:5d:6b:c9:51:ee:b6:24 was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Gemeente Bronckhorst

Company registration number: 00000001813647290000
Organization: Gemeente Bronckhorst
Organization unit: Systeembeheer
State / Province: Gelderland
Locality: Hengelo
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 36:5d:6b:c9:51:ee:b6:24
Serial Number (int): 3917405763289396772
Serial Number lenght: 62 bits, 8 octets

SubjectKeyId: ce:31:79:28:f5:1c:85:c9:e8:8f:44:0a:69:87:f4:cd:f1:12:71:d8
AuthorityKeyId: c3:9a:a6:7b:5e:74:2b:82:b6:c6:72:fd:74:4e:85:d2:97:cd:fd:18

Fingerprint (sha1): c0:88:a9:c5:a2:8d:41:7e:b2:df:3a:e6:6e:9c:6c:4b:f3:1e:a7:6c
Fingerprint (sha256): 58:1f:b2:80:45:91:21:9f:ab:26:93:d8:b7:dc:26:e6:21:2c:4e:eb:fa:2e:b8:35:31:4c:36:c2:d7:6f:7d:b5

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer

Revocation information

OCSP Server: http://g3ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl

Check the revocation status for certificate gbav.bronckhorst.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for gbav.bronckhorst.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

gbav.bronckhorst.nl

Other certificates including the domain name bronckhorst.nl

(limited to 100 certificates)
meldingen.bronckhorst.nl
*.bronckhorst.nl
extranet.bronckhorst.nl
digikoppeling.bronckhorst.nl
duo.bronckhorst.nl
exchange.bronckhorst.nl
simsite.bronckhorst.nl
exchange.bronckhorst.nl
bronckhorst.nl
mijn.bronckhorst.nl
duo.bronckhorst.nl
mijninkomen.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
sync.bronckhorst.nl
extranet.bronckhorst.nl
intranet.bronckhorst.nl
mohis.bronckhorst.nl
certdurp.bronckhorst.nl
intranet.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
thuiswerken2.bronckhorst.nl
personeelshandboek.bronckhorst.nl
bronckhorst.nl
iparticipatie.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
brk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
secure.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
duo.bronckhorst.nl
felix.bronckhorst.nl
simsite.bronckhorst.nl
personeelshandboek.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
webmail.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
waarmerk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enserinck.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
afspraken.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
begraafplaatsreservering.bronckhorst.nl
test-ipa.bronckhorst.nl
intranet.bronckhorst.nl
ibzpink.bronckhorst.nl
intranet.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
exchange.bronckhorst.nl
wkpb.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
secure.bronckhorst.nl
waarmerk.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
digikoppeling.bronckhorst.nl
g-rooster.bronckhorst.nl
extranet.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
mijn.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
cloudadapter.bronckhorst.nl
www.bronckhorst.nl
exchange.bronckhorst.nl
afspraken.bronckhorst.nl
izaaksuite.bronckhorst.nl
simcms.bronckhorst.nl
wkpb.bronckhorst.nl
www.bronckhorst.nl
mdm-sentry.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
thuiswerken.bronckhorst.nl
mijninkomen.bronckhorst.nl
www.bronckhorst.nl
bronckhorst.nl
www.bronckhorst.nl

Certificate

The complete raw certificate details for gbav.bronckhorst.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIII4zCCBsugAwIBAgIINl1ryVHutiQwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMRcwFQYDVQRhDA5OVFJOTC0yNzEyNDcw
MTE2MDQGA1UEAwwtS1BOIEJWIFBLSW92ZXJoZWlkIE9yZ2FuaXNhdGllIFNlcnZl
ciBDQSAtIEczMB4XDTE4MDcxNzA5MTAwMVoXDTIwMDgyNjA5MTAwMVowgagxCzAJ
BgNVBAYTAk5MMRMwEQYDVQQIDApHZWxkZXJsYW5kMRAwDgYDVQQHDAdIZW5nZWxv
MR0wGwYDVQQKDBRHZW1lZW50ZSBCcm9uY2tob3JzdDEWMBQGA1UECwwNU3lzdGVl
bWJlaGVlcjEdMBsGA1UEBRMUMDAwMDAwMDE4MTM2NDcyOTAwMDAxHDAaBgNVBAMM
E2diYXYuYnJvbmNraG9yc3QubmwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCIj8/3ofob0TlFSlzfR3dts+rcOKnMBcsDNtDkfqfvGyDW8A9iBKzYMydP
hHSltvFBT4tnrEYBkY1n+w4+YNz1ZCVw/CJsTZ5JD1ZuCzAyX2cOv9zzjIra+wXk
FHRDakXMvdAXWe0PukdZza7+z/Z9u7waKliW3khG3Y7o1iI4aixIWgFXQod3FyHY
x/Fir98yhPUG/UhNTu6fXD7yP7ehHQbLvvgB8SckWgmFr7fCRKR33a8EzzTTdG3j
4fx9FDb1mOau16GAIU5GcKPimc2/cAIQEwW/Sjk+P/yV77LGvYWbNpo35Wm1+HOE
m8dWPvpCUZkPYEOp1xbmxcRZZLYTAgMBAAGjggRFMIIEQTCBlAYIKwYBBQUHAQEE
gYcwgYQwWAYIKwYBBQUHMAKGTGh0dHA6Ly9jZXJ0Lm1hbmFnZWRwa2kuY29tL0NB
Y2VydHMvS1BOQlZQS0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy5jZXIw
KAYIKwYBBQUHMAGGHGh0dHA6Ly9nM29jc3AubWFuYWdlZHBraS5jb20wHQYDVR0O
BBYEFM4xeSj1HIXJ6I9ECmmH9M3xEnHYMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgw
FoAUw5qme150K4K2xnL9dE6F0pfN/RgwgbEGA1UdIASBqTCBpjCBmQYKYIQQAYdr
AQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZpY2FhdC5rcG4uY29t
L3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBkaXQgY2VydGlmaWNh
YXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZhbiB0b2VwYXNzaW5n
LjAIBgZngQwBAgIwXgYDVR0fBFcwVTBToFGgT4ZNaHR0cDovL2NybC5tYW5hZ2Vk
cGtpLmNvbS9LUE5CVlBLSW92ZXJoZWlkT3JnYW5pc2F0aWVTZXJ2ZXJDQUczL0xh
dGVzdENSTC5jcmwwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMC
BggrBgEFBQcDATAeBgNVHREEFzAVghNnYmF2LmJyb25ja2hvcnN0Lm5sMIIB9QYK
KwYBBAHWeQIEAgSCAeUEggHhAd8AdQDuS723dc5guuFCaR+r4Z5mow9+X7By2IMA
xHuJeqj9ywAAAWSngQnwAAAEAwBGMEQCIEN2pNJw0EWTV/Zb5UwiQg+PtyySYj0j
r9OO+XSec8HsAiBACRkLhjAkIF4x7BVh3f4Ub254MUEJzUH0CtRpQu77AQB2AFWB
1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABZKeBCywAAAQDAEcwRQIg
Rtm90u7hIaPP6pSXzoHRQGX6FzSFhQBGb5AIpHjE3EgCIQC3TxCj0XTpN2WUAjJW
96FZCEx8dx++KsK48if6C6lwogB2ALvZ37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCW
ZDaOHtGFAAABZKeBDJ8AAAQDAEcwRQIgEoBAeC2sc+GhXYxR10od4/2KmNvE0w2s
ttKVQIeAlxUCIQD9uCGlzO58QufzUnNl2vY0qczeHQo69yvfksdrk620+wB2AKS5
CZC0GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZKeBDPIAAAQDAEcwRQIg
HPS5vrO8pdWJVUlIuFDGK4pJqT1E21Ii6I2gFEDhhloCIQDhytJch8siOZMDsqUZ
Q4DkGTE7Ub2lVumfD+59p1L1jzANBgkqhkiG9w0BAQsFAAOCAgEAIAv0ke26Oaj5
VvQl5W7imOCOMVILBAjkA/cjwEgcbpKqEHLwqCBpfBQRjRkpb3dgmgVnbsVoMvsV
35FHRjVLh/+p0aYKcMU9lP+fA6VVYon3f3342FujL7ne/xdr5g/jyzl/4tNu3tSh
Qo+1P0iUsNpe25iVxkoXChRZ6RJTrV4UuGQXC2GQidRqCNfDhJyeXZAjIfAIslMp
AdQivAH0JoBo1LdaxAkwu/EJvyGRpZmIVJ9MPcwiypGH6ixkZTN3BtZtYZkmBE+L
1LuNa7NwvyW5UFLFISVI0omaN4q7P792THemaJs+1p2B5hkAzYDI5nw5tbEUPCd5
UtNQk25qOCs4Mm6ABROs1o8+ZLmvffZiQk5D1OiJoLIdCO/WEbx31nx+ddqt4QPp
SDfkekAgOC7ysRf3CYBCSz2ty/6SjF0FFkaQdlBa5YsR+d6HWdBwV8xEPMZVt1Mo
3i2M1ps2oS6j4f6YfcjkZTB+jfKzWhAAX2su6T3payo0Xs1tLscKf3GywNO/gNxe
XMF59N3bq8EtkC7X5SM0xzmq5M0pM8D97bKOkAsWj2Om2USr6SGFR3e6YKvAJ7n6
+L0eNa5gT2Mm5xQ2Viqlsdp3Nt7x1PrwG1kNDUAIe7KdECdZJBwmiN4bmWBESupk
sYWOmyFdGwrAzpqx2bvviUS+M/MLfdU=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiI/P96H6G9E5RUpc30d3
bbPq3DipzAXLAzbQ5H6n7xsg1vAPYgSs2DMnT4R0pbbxQU+LZ6xGAZGNZ/sOPmDc
9WQlcPwibE2eSQ9WbgswMl9nDr/c84yK2vsF5BR0Q2pFzL3QF1ntD7pHWc2u/s/2
fbu8GipYlt5IRt2O6NYiOGosSFoBV0KHdxch2MfxYq/fMoT1Bv1ITU7un1w+8j+3
oR0Gy774AfEnJFoJha+3wkSkd92vBM8003Rt4+H8fRQ29ZjmrtehgCFORnCj4pnN
v3ACEBMFv0o5Pj/8le+yxr2FmzaaN+VptfhzhJvHVj76QlGZD2BDqdcW5sXEWWS2
EwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3917405763289396772
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.97
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'NTRNL-27124701'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN BV PKIoverheid Organisatie Server CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-07-17 09:10:01 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-08-26 09:10:01 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gelderland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Hengelo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gemeente Bronckhorst'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Systeembeheer'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000001813647290000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'gbav.bronckhorst.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 17239325999272707836875025030200721765570920979554767463451694773468209443304186575140554002718400233965620355358672190368728474730910647767074088093908724741352573929358654700474308434700774322809128042944123673133722121204195170995227133119625575358730441169155721634651916810574825244241252148199023616874227640149612161736476221499252701375907287622459965771626157455159598932094819688472606088072804915891903676275694257421267048161402526348264778730546619563188239699129587877725750918476489272111356825249292857257660864608845634060095966637836848373995819115835130245889538843730673697626288553631231139690003
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g3ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							ce317928f51c85c9e88f440a6987f4cdf11271d8
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c39aa67b5e742b82b6c672fd744e85d297cdfd18
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (23 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'gbav.bronckhorst.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (485 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (481 bytes)
							01df007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000164a78109f0000004030046304402204376a4d270d0459357f65be54c22420f8fb72c92623d23afd38ef9749e73c1ec02204009190b863024205e31ec1561ddfe146f6e78314109cd41f40ad46942eefb010076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000164a7810b2c0000040300473045022046d9bdd2eee121a3cfea9497ce81d14065fa1734858500466f9008a478c4dc48022100b74f10a3d174e9376594023256f7a159084c7c771fbe2ac2b8f227fa0ba970a2007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000164a7810c9f00000403004730450220128040782dac73e1a15d8c51d74a1de3fd8a98dbc4d30dacb6d2954087809715022100fdb821a5ccee7c42e7f3527365daf634a9ccde1d0a3af72bdf92c76b93adb4fb007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000164a7810cf2000004030047304502201cf4b9beb3bca5d589554948b850c62b8a49a93d44db5222e88da01440e1865a022100e1cad25c87cb22399303b2a5194380e419313b51bda556e99f0fee7da752f58f
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00200bf491edba39a8f956f425e56ee298e08e31520b0408e403f723c0481c6e92aa1072f0a820697c14118d19296f77609a05676ec56832fb15df914746354b87ffa9d1a60a70c53d94ff9f03a5556289f77f7df8d85ba32fb9deff176be60fe3cb397fe2d36eded4a1428fb53f4894b0da5edb9895c64a170a1459e91253ad5e14b864170b619089d46a08d7c3849c9e5d902321f008b2532901d422bc01f4268068d4b75ac40930bbf109bf2191a59988549f4c3dcc22ca9187ea2c6465337706d66d619926044f8bd4bb8d6bb370bf25b95052c5212548d2899a378abb3fbf764c77a6689b3ed69d81e61900cd80c8e67c39b5b1143c277952d350936e6a382b38326e800513acd68f3e64b9af7df662424e43d4e889a0b21d08efd611bc77d67c7e75daade103e94837e47a4020382ef2b117f70980424b3dadcbfe928c5d0516469076505ae58b11f9de8759d07057cc443cc655b75328de2d8cd69b36a12ea3e1fe987dc8e465307e8df2b35a10005f6b2ee93de96b2a345ecd6d2ec70a7f71b2c0d3bf80dc5e5cc179f4dddbabc12d902ed7e52334c739aae4cd2933c0fdedb28e900b168f63a6d944abe921854777ba60abc027b9faf8bd1e35ae604f6326e71436562aa5b1da7736def1d4faf01b590d0d40087bb29d102759241c2688de1b9960444aea64b1858e9b215d1b0ac0ce9ab1d9bbef8944be33f30b7dd5