qgb-ssl-client-gb.lidl.net

- Lidl Stiftung & Co. KG -

Issued by SwissSign RSA TLS OV ICA 2022 - 1

About this certificate

This digital certificate with serial number 72:ba:84:56:9b:c3:f4:36:e1:79:22:9e:0b:c6:7c:1a:c6:5f:bb:91 was issued on by SwissSign AG.

This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Lidl Stiftung & Co. KG

Organization: Lidl Stiftung & Co. KG
State / Province: BW
Locality: Neckarsulm
Country: DE

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate will expire on

Certificate Details

Serial Number (hex): 72:ba:84:56:9b:c3:f4:36:e1:79:22:9e:0b:c6:7c:1a:c6:5f:bb:91
Serial Number (int): 654984414773918739710290147048014659023957638033
Serial Number lenght: 159 bits, 20 octets

SubjectKeyId: dd:18:80:7d:7f:2f:ce:0c:ef:a3:54:3f:ff:d9:e1:61:c8:bb:6b:70
AuthorityKeyId: 7c:6f:0a:6f:13:0f:d9:8c:24:6f:26:34:f3:5c:6b:43:6d:b7:23:b6

Fingerprint (sha1): 1a:9a:87:10:b7:e2:24:4d:a1:b5:3f:40:d8:91:95:75:6c:30:04:fd
Fingerprint (sha256): 59:e3:75:21:12:9e:70:d7:40:c6:64:a8:e7:1f:6e:2d:c1:6b:df:00:ce:0e:94:8d:83:93:61:39:7d:a1:f3:c8

Issuing Certificate URL: http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45

Revocation information

OCSP Server: http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec
CRL Distribution Point: http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34

Check the revocation status for certificate qgb-ssl-client-gb.lidl.net

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for qgb-ssl-client-gb.lidl.net

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

qgb-ssl-client-gb.lidl.net

Other certificates including the domain name lidl.net

(limited to 100 certificates)
cms-esaint.lidl.net
exp1.ucie.lidl.net
lsap29.asp.lidl.net
se1-ucexe-p001.lidl.net
abz-ssl-client-si.lidl.net
exp2.ucie.lidl.net
se1-ucexe-p001.lidl.net
qie-ssl-client-ie.lidl.net
hk-ucexe-p002.lidl.com.hk
lhr.hr.lidl.net
fizz.lidl.net
qdk-ssl-client-dk.lidl.net
l-tas154.asp.lidl.net
se1-ucexe-p001.lidl.net
ps4-ssl-client-eric.lidl.net
fizz.lidl.net
*.retail.lidl.net
qeu-ssl-client-eric.lidl.net
l-as525.asp.lidl.net
wirelessportal.lidl.com
hk-ucexe-p002.lidl.com.hk
se1-ucexe-p001.lidl.net
hgb-ssl-client-gb.lidl.net
heu-ssl-client-eric.lidl.net
exp2.ucie.lidl.net
fizz.lidl.net
se1-ucexe-p002.lidl.net
fizz.lidl.net
l-tas408.asp.lidl.net
fizz.lidl.net
*.sdl-career.lidl.net
heu-ssl-client-eric.lidl.net
qgb-ssl-client-gb.lidl.net
abz-ssl-client-eric.lidl.net
pf3-ssl-client-eric.lidl.net
exp1.ucie.lidl.net
se1-ucexe-p001.lidl.net
qps-ssl-client.lidl.net
se1-ucexe-p001.lidl.net
hsi-ssl-client-si.lidl.net
*.vdc.lidl.net
se1-ucexe-p001.lidl.net
out-uc17.lidl.net
abz-ssl-client-gb.lidl.net
abz-ssl-client-cssz.lidl.net
hcz-ssl-client-cssz.lidl.net
exp1.ucie.lidl.net
ebz-ssl-client-eric.lidl.net
heu-ssl-client-eric.lidl.net
qsi-ssl-client-si.lidl.net
wirelessportal.lidl.com
out-uc17.lidl.net
*.vdc.lidl.net
jss.lidl.net
fmmobile-qs.lidl.net
wirelessportal.lidl.com
pf3-ssl-client-eric.lidl.net
qie-ssl-client-ie.lidl.net
qps-ssl-client.lidl.net
out-uc18.lidl.net
ebz-ssl-client-eric.lidl.net
qeu-ssl-client-eric.lidl.net
heu-ssl-client-eric.lidl.net
ebz-ssl-client-eric.lidl.net
se1-ucexe-p001.lidl.net
wirelessportal.lidl.com
hps-ssl-client.lidl.net
abz-ssl-client-dk.lidl.net
qsi-ssl-client-si.lidl.net
hdk-ssl-client-dk.lidl.net
se1-ucexe-p001.lidl.net
out-uc18.lidl.net
qs4-ssl-client-eric.lidl.net
out-uc18.lidl.net
out-uc18.lidl.net
se1-ucexe-p001.lidl.net
fizz.lidl.net
abz-ssl-client-dk.lidl.net
ebz-ssl-client-dk.lidl.net
hdk-ssl-client-dk.lidl.net
qf3-ssl-client-eric.lidl.net
se1-ucexe-p002.lidl.net
hgb-ssl-client-gb.lidl.net
abz-ssl-client-eric.lidl.net
abz-ssl-client-si.lidl.net
se1-ucexe-p001.lidl.net
es4-ssl-client-eric.lidl.net
qgb-ssl-client-gb.lidl.net
exp2.ucie.lidl.net
*.vdc.lidl.net
jss.lidl.net
abz-ssl-client-eric.lidl.net
ssl-client-eee.lidl.net
se1-ucexe-p002.lidl.net
ebz-ssl-client-si.lidl.net
*.esaint.lidl.net
ssl-client-eee.lidl.net
qde-ssl-client-eric.lidl.net
hk-ucexe-p002.lidl.com.hk
heu-ssl-client-eric.lidl.net

Certificate

The complete raw certificate details for qgb-ssl-client-gb.lidl.net in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIII2jCCBsKgAwIBAgIUcrqEVpvD9DbheSKeC8Z8GsZfu5EwDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgT1YgSUNBIDIwMjIgLSAxMB4XDTIzMTAwMjE0
NTMxMVoXDTI0MTAwMjE0NTMxMVowdTELMAkGA1UEBhMCREUxCzAJBgNVBAgMAkJX
MRMwEQYDVQQHDApOZWNrYXJzdWxtMR8wHQYDVQQKDBZMaWRsIFN0aWZ0dW5nICYg
Q28uIEtHMSMwIQYDVQQDExpxZ2Itc3NsLWNsaWVudC1nYi5saWRsLm5ldDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKadJzG4qn2YsKSqyIWJNo1Mj+UP
kIqGgswr1Itj+QWfP8/Cm9xHp2wn/hwiJg31azT6NfbV6OdhrEqJp1wvScZqDahx
11xxC9dV/Nk/XYoAdhkWJ1U8HmQP8VCPAOgCkfT8qsj814JpSsoGKmJycnk+2x6a
lzfKrmC4Gr9tCkoCz2ANqGn4A384ghpMrlO/exDQprMtR93hseFrZxzZAbXNTb2B
Q9CvJaQGALyE5mt590FTTkyGjvKHe52lEURGiuhu7jFD8SCSYp9dpgxYhvrASzRm
a1jOrMVznAvUBOMXBVumrOTO8uZXgGKEGkroFBp5HHLWS+D9SKu2prsokCsCAwEA
AaOCBIUwggSBMIGyBggrBgEFBQcBAQSBpTCBojBMBggrBgEFBQcwAoZAaHR0cDov
L2FpYS5zd2lzc3NpZ24uY2gvYWlyLTBmMmJmOWE1LWRkMzctNDhjOS1hODViLTEy
YWNkY2I4YmU0NTBSBggrBgEFBQcwAYZGaHR0cDovL29jc3Auc3dpc3NzaWduLmNo
L3NpZ24vb2NzLWFhY2NjZWQ1LTY2ZTgtNDA2OS05YjFiLWZkMjlhYjczZWZlYzBv
BgNVHSAEaDBmMAgGBmeBDAECAjAIBgYEAI96AQcwUAYIYIV0AVkCAQIwRDBCBggr
BgEFBQcCARY2aHR0cHM6Ly9yZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vU3dpc3NT
aWduX0NQU19UTFMucGRmMFEGA1UdHwRKMEgwRqBEoEKGQGh0dHA6Ly9jcmwuc3dp
c3NzaWduLmNoL2NkcC05NmI2MmY1YS02YjczLTRkYTQtODdmNy1jZTQwMDJjMWNk
MzQwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIF
oDAlBgNVHREEHjAcghpxZ2Itc3NsLWNsaWVudC1nYi5saWRsLm5ldDAdBgNVHQ4E
FgQU3RiAfX8vzgzvo1Q//9nhYci7a3AwHwYDVR0jBBgwFoAUfG8KbxMP2YwkbyY0
81xrQ223I7YwggJuBgorBgEEAdZ5AgQCBIICXgSCAloCWAB3AFWB1MIWkDYBSuoL
m1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABivDhAJIAAAQDAEgwRgIhANX4Rcfzuqjz
ws91+y1CLJ1VeW1V5f2651raxCLe3psqAiEAhnk+pUw0fSVNFpAZxuaGjrxGssE9
P1TEQ7jsroJp/aAAdgDatr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAA
AYrw4QH6AAAEAwBHMEUCIQCBiUow5FEv7wiY4YSMXyQo6pluuqZ2Vbnaq7Dxn7ZF
uQIgE02aSglEHOOSdDGP8W+wtZDlSyWfeyNmgVQGY0/AgQoAdQB2/4g/Crb7lVHC
Ycz1h7o0tKTNuyncaEIKn+ZnTFo6dAAAAYrw4QLZAAAEAwBGMEQCIHgrA4YCktnU
sGPPF+t6hNM+nEnyUAWsOKPMiWi85ldFAiBIG8i5CuAAQhs+VhAi7VxEQO9ElijL
IuEBi2RSvRAXoAB2AO7N0GTV2xrOxVy3nbTNE6Iyh0Z8vOzew1FIWUZxH7WbAAAB
ivDhBasAAAQDAEcwRQIhAJEdpPUsXe/5yGB8vi8yakYJDGidlmXxkxs2jHgZki3v
AiBZJT5LAJyOcyf+NMZF9P0W+DM964Ro93vGI1gT8iM0GwB2AIdPtQ3AKdmTHeVz
6fKJno5FM7OS04sKRiV0vw/usvweAAABivDhCXYAAAQDAEcwRQIgGbXZBwPrgwGg
wwT3HQIuA1hYUpKMFi+lyPttAgxdLlECIQDyWvs+XkkWvUBO7O3B8Mwv6+6xxXES
1egYx4kt79GX1TANBgkqhkiG9w0BAQsFAAOCAgEAv0E7f4M6P4GlCED1uDXifrJF
n7lNjKub7YiQ0MH6Asx7/qXhUuCk5U4734V24+Y01MIy5E+Kp3vRsaE/OO+nGcgc
IPx1iMZvQHHeI93uRCcTxMk3mt0x1f2LL0rjlVGVBLCc/SE7RA1hgr/11Q5xb9mO
VmEKomJdp4KTAFtxIid9SQVY54ViTwy/ZdlQ00ks20jgI3lIMcWs/BXiLqiHFnne
S2dqjzAsxF+gUFsSLuLewPIQxxzU9C6oRjEN+YTXpU8fXILNVxWC9JYsVIgPENDa
DPZO1tKBOeIU05+3NXNHasTw7+RE3OyS/EWfP5sy6V7tDqBwcOrd6wfaIgpIGn0t
yVcsbTUxnpsPCoCWEfZoOE34Qoh/M8Jm0ZuSqFGrmG+rDvV2FR7IKCCb+6BGtuZt
tcFEndzDfZgd3Un4pnNTw80d8r6rWXDwntuE2ac/8eAU7HXD9noJ6KeNm+jYJvY2
rPvED6iwVfykAwKbfnsz4w274Sokoiiqsz93/Lsa/mOai0AaHb8EsR3aX37Z/C8W
NzlOjoJzGCuCgpbtuB/J5yw/aXrz7loXiQWLYDLC6jnxbQOs5D+0WJp/tWuZmR7s
hegt/13wpSO9vkquovviTb/h7yTkJdsBoAj6KQB9xKZh/ppYWrbQlGLevkuoJVM4
5ib+tdvsorEvEm2Wz/U=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApp0nMbiqfZiwpKrIhYk2
jUyP5Q+QioaCzCvUi2P5BZ8/z8Kb3EenbCf+HCImDfVrNPo19tXo52GsSomnXC9J
xmoNqHHXXHEL11X82T9digB2GRYnVTweZA/xUI8A6AKR9PyqyPzXgmlKygYqYnJy
eT7bHpqXN8quYLgav20KSgLPYA2oafgDfziCGkyuU797ENCmsy1H3eGx4WtnHNkB
tc1NvYFD0K8lpAYAvITma3n3QVNOTIaO8od7naURREaK6G7uMUPxIJJin12mDFiG
+sBLNGZrWM6sxXOcC9QE4xcFW6as5M7y5leAYoQaSugUGnkcctZL4P1Iq7amuyiQ
KwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 654984414773918739710290147048014659023957638033
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS OV ICA 2022 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-02 14:53:11 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-02 14:53:11 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'BW'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Neckarsulm'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Lidl Stiftung & Co. KG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'qgb-ssl-client-gb.lidl.net'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21033053707459019517076085927084942071442048121101021233456765574937318394123296592505568747260743226206502887923737541006963384762811584547841453978331824191042372798503071386423336734972777145829992165389435037369418974844923165953900960030199831244364153701298646646861258046805383701300691754440918416152417252697988953046247195932443336344595224925893160269347573323355319193911185928136410160055583118631219192639190351423167280495165948613476062363339951605389809830156610866511368648064198371024699781338049938899584171442933077590396582638468274193831234364848983979704964582407075486322599194125412214542379
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (165 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://aia.swisssign.ch/air-0f2bf9a5-dd37-48c9-a85b-12acdcb8be45'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.ch/sign/ocs-aaccced5-66e8-4069-9b1b-fd29ab73efec'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (74 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.ch/cdp-96b62f5a-6b73-4da4-87f7-ce4002c1cd34'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (30 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'qgb-ssl-client-gb.lidl.net'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							dd18807d7f2fce0cefa3543fffd9e161c8bb6b70
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 7c6f0a6f130fd98c246f2634f35c6b436db723b6
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (606 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (602 bytes)
							02580077005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c0000018af0e100920000040300483046022100d5f845c7f3baa8f3c2cf75fb2d422c9d55796d55e5fdbae75adac422dede9b2a02210086793ea54c347d254d169019c6e6868ebc46b2c13d3f54c443b8ecae8269fda0007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018af0e101fa000004030047304502210081894a30e4512fef0898e1848c5f2428ea996ebaa67655b9daabb0f19fb645b90220134d9a4a09441ce39274318ff16fb0b590e54b259f7b2366815406634fc0810a00750076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018af0e102d900000403004630440220782b03860292d9d4b063cf17eb7a84d33e9c49f25005ac38a3cc8968bce657450220481bc8b90ae000421b3e561022ed5c4440ef449628cb22e1018b6452bd1017a0007600eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018af0e105ab0000040300473045022100911da4f52c5deff9c8607cbe2f326a46090c689d9665f1931b368c7819922def022059253e4b009c8e7327fe34c645f4fd16f8333deb8468f77bc6235813f223341b007600874fb50dc029d9931de573e9f2899e8e4533b392d38b0a462574bf0feeb2fc1e0000018af0e109760000040300473045022019b5d90703eb8301a0c304f71d022e03585852928c162fa5c8fb6d020c5d2e51022100f25afb3e5e4916bd404eecedc1f0cc2febeeb1c57112d5e818c7892defd197d5
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00bf413b7f833a3f81a50840f5b835e27eb2459fb94d8cab9bed8890d0c1fa02cc7bfea5e152e0a4e54e3bdf8576e3e634d4c232e44f8aa77bd1b1a13f38efa719c81c20fc7588c66f4071de23ddee442713c4c9379add31d5fd8b2f4ae395519504b09cfd213b440d6182bff5d50e716fd98e56610aa2625da78293005b7122277d490558e785624f0cbf65d950d3492cdb48e023794831c5acfc15e22ea8871679de4b676a8f302cc45fa0505b122ee2dec0f210c71cd4f42ea846310df984d7a54f1f5c82cd571582f4962c54880f10d0da0cf64ed6d28139e214d39fb73573476ac4f0efe444dcec92fc459f3f9b32e95eed0ea07070eaddeb07da220a481a7d2dc9572c6d35319e9b0f0a809611f668384df842887f33c266d19b92a851ab986fab0ef576151ec828209bfba046b6e66db5c1449ddcc37d981ddd49f8a67353c3cd1df2beab5970f09edb84d9a73ff1e014ec75c3f67a09e8a78d9be8d826f636acfbc40fa8b055fca403029b7e7b33e30dbbe12a24a228aab33f77fcbb1afe639a8b401a1dbf04b11dda5f7ed9fc2f1637394e8e8273182b828296edb81fc9e72c3f697af3ee5a1789058b6032c2ea39f16d03ace43fb4589a7fb56b99991eec85e82dff5df0a523bdbe4aaea2fbe24dbfe1ef24e425db01a008fa29007dc4a661fe9a585ab6d09462debe4ba8255338e626feb5dbeca2b12f126d96cff5