test-ipa.bronckhorst.nl

- Gemeente Bronckhorst -

Issued by KPN BV PKIoverheid Organisatie Server CA - G3

About this certificate

This digital certificate with serial number 6b:df:ed:c2:68:58:8b:63:2c:e1:d7:b7:ed:95:32:fd:9b:88:c9:2e was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Gemeente Bronckhorst

Company registration number: 00000001813647290000
Organization: Gemeente Bronckhorst
Organization unit: Participatie
State / Province: Gelderland
Locality: Hengelo
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 6b:df:ed:c2:68:58:8b:63:2c:e1:d7:b7:ed:95:32:fd:9b:88:c9:2e
Serial Number (int): 615855790422667628691621701408925516040619215150
Serial Number lenght: 159 bits, 20 octets

SubjectKeyId: 04:1d:b7:a0:03:dc:25:01:35:ff:bd:f6:39:8c:61:ad:a3:d7:77:b0
AuthorityKeyId: c3:9a:a6:7b:5e:74:2b:82:b6:c6:72:fd:74:4e:85:d2:97:cd:fd:18

Fingerprint (sha1): 3e:39:f2:57:02:90:a8:82:da:0a:1a:56:0a:fe:b1:a6:4e:19:48:c5
Fingerprint (sha256): 74:ba:d4:63:0e:13:3e:e2:f2:47:f4:f9:d5:d5:1d:bf:d6:ff:f5:79:cf:1d:a9:19:3d:9b:e0:5d:3a:d5:6e:75

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3-2019.cer

Revocation information

OCSP Server: http://g3ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl

Check the revocation status for certificate test-ipa.bronckhorst.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for test-ipa.bronckhorst.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

test-ipa.bronckhorst.nl

Other certificates including the domain name bronckhorst.nl

(limited to 100 certificates)
meldingen.bronckhorst.nl
*.bronckhorst.nl
extranet.bronckhorst.nl
digikoppeling.bronckhorst.nl
duo.bronckhorst.nl
exchange.bronckhorst.nl
simsite.bronckhorst.nl
exchange.bronckhorst.nl
bronckhorst.nl
mijn.bronckhorst.nl
duo.bronckhorst.nl
mijninkomen.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
sync.bronckhorst.nl
extranet.bronckhorst.nl
intranet.bronckhorst.nl
mohis.bronckhorst.nl
certdurp.bronckhorst.nl
intranet.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
thuiswerken2.bronckhorst.nl
personeelshandboek.bronckhorst.nl
bronckhorst.nl
iparticipatie.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
brk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
secure.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
duo.bronckhorst.nl
felix.bronckhorst.nl
simsite.bronckhorst.nl
personeelshandboek.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
webmail.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
waarmerk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enserinck.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
afspraken.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
begraafplaatsreservering.bronckhorst.nl
test-ipa.bronckhorst.nl
intranet.bronckhorst.nl
ibzpink.bronckhorst.nl
intranet.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
exchange.bronckhorst.nl
wkpb.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
secure.bronckhorst.nl
waarmerk.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
digikoppeling.bronckhorst.nl
g-rooster.bronckhorst.nl
extranet.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
mijn.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
cloudadapter.bronckhorst.nl
www.bronckhorst.nl
exchange.bronckhorst.nl
afspraken.bronckhorst.nl
izaaksuite.bronckhorst.nl
simcms.bronckhorst.nl
wkpb.bronckhorst.nl
www.bronckhorst.nl
mdm-sentry.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
thuiswerken.bronckhorst.nl
mijninkomen.bronckhorst.nl
www.bronckhorst.nl
bronckhorst.nl
www.bronckhorst.nl

Certificate

The complete raw certificate details for test-ipa.bronckhorst.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHFzCCBP+gAwIBAgIUa9/twmhYi2Ms4de37ZUy/ZuIyS4wDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMRcwFQYDVQRhDA5O
VFJOTC0yNzEyNDcwMTE2MDQGA1UEAwwtS1BOIEJWIFBLSW92ZXJoZWlkIE9yZ2Fu
aXNhdGllIFNlcnZlciBDQSAtIEczMB4XDTE5MDkyNTEyNTAwOVoXDTIxMDkyNDEy
NTAwOVowgasxCzAJBgNVBAYTAk5MMRMwEQYDVQQIDApHZWxkZXJsYW5kMRAwDgYD
VQQHDAdIZW5nZWxvMR0wGwYDVQQKDBRHZW1lZW50ZSBCcm9uY2tob3JzdDEVMBMG
A1UECwwMUGFydGljaXBhdGllMR0wGwYDVQQFExQwMDAwMDAwMTgxMzY0NzI5MDAw
MDEgMB4GA1UEAwwXdGVzdC1pcGEuYnJvbmNraG9yc3QubmwwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQDDfxvKJvfRr5umuXg89RyqnKr6yQUgXvxD/ZZ0
X0Kkr4jilEK/IALWDyosxbVWb7OtOIV/T8RFIIXafx/8q44bwYLgcv6XaZZY3RzR
m2Gx3TpgaAINZVNgAua53jnLuINxX6TTfRUECpEGzikTYC6g8Dtkv3b2s/YoJjfv
9JRlSs6LKQP8sJ6vvH+kzD8wjTvETq4qijCpMTJG3XRLdML/cninYlOQFIlro6/Z
gs1cMj5yB0dmMz4BPs0wCE51ZbsdnqKNwrt+PUituoua+G4pzYrnGCzVm6P062l4
Mj0tvyxJdmYJ1c1Fhth7OayfGK/zhMsHS8/G+o3gScqI9hPXAgMBAAGjggJqMIIC
ZjCBmQYIKwYBBQUHAQEEgYwwgYkwXQYIKwYBBQUHMAKGUWh0dHA6Ly9jZXJ0Lm1h
bmFnZWRwa2kuY29tL0NBY2VydHMvS1BOQlZQS0lvdmVyaGVpZE9yZ2FuaXNhdGll
U2VydmVyQ0FHMy0yMDE5LmNlcjAoBggrBgEFBQcwAYYcaHR0cDovL2czb2NzcC5t
YW5hZ2VkcGtpLmNvbTAdBgNVHQ4EFgQUBB23oAPcJQE1/732OYxhraPXd7AwDAYD
VR0TAQH/BAIwADAfBgNVHSMEGDAWgBTDmqZ7XnQrgrbGcv10ToXSl839GDCBsQYD
VR0gBIGpMIGmMIGZBgpghBABh2sBAgUGMIGKMDcGCCsGAQUFBwIBFitodHRwczov
L2NlcnRpZmljYWF0Lmtwbi5jb20vcGtpb3ZlcmhlaWQvY3BzME8GCCsGAQUFBwIC
MEMMQU9wIGRpdCBjZXJ0aWZpY2FhdCBpcyBoZXQgQ1BTIFBLSW92ZXJoZWlkIHZh
biBLUE4gdmFuIHRvZXBhc3NpbmcuMAgGBmeBDAECAjBeBgNVHR8EVzBVMFOgUaBP
hk1odHRwOi8vY3JsLm1hbmFnZWRwa2kuY29tL0tQTkJWUEtJb3ZlcmhlaWRPcmdh
bmlzYXRpZVNlcnZlckNBRzMvTGF0ZXN0Q1JMLmNybDAOBgNVHQ8BAf8EBAMCBaAw
HQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMCIGA1UdEQQbMBmCF3Rlc3Qt
aXBhLmJyb25ja2hvcnN0Lm5sMBMGCisGAQQB1nkCBAMBAf8EAgUAMA0GCSqGSIb3
DQEBCwUAA4ICAQCkLdx6hzbnjPPNsZofy69rNvwkRzBVB8xur0SWNGkXjIZc/H41
lVj9Co+ja+ukXxeha6T/yR+VUd7LJvmeWwi2zr2e64GxARhihteS8Oh0a5Hz9FVl
Ou2VNYETJJbCmGfxjyzDYhpfrLXijNH6PMGaIPbAW6Y5cDY8EYsZuuXgnpIgzBQC
RTlQzsZi2mHTCIlBtpWzhUYWP4XI21ngv0X1Tcelkk4wIjwXJg20hzs9La0Iwn6X
IdMN2v4MsKdILPeOrErSNvt8AZqEoFv3PRsXUvT2gdZg1O8e5WLVg5sxseZNO+HH
sVwWkr1LLgy6yI4FoDPet8sATcHs8VaYUt3Tz51s57IPQy5I/kX5U9uybs03uokp
NfhJVbdrmRrYfrmsX2no6Z9tZvpstzFu40FCIPucx6pcuL/u0A/7y2qG2XiAG9wf
qAw+ixUztIummMgqResE4NAE4ZJUU0owcGWsj76WY1s+sYu2Xe51pIKt+XwxcKM7
rDkAoXvJ0EAOc40dzvTFcX8sZ+un9xqmgixl1CgSWSqL9WoQLxQ4+lr3gEnjW3qm
dR9gA1FoRnzzOderTx70dZec0ivPaP550SDYp3w7Gu4sK4jW/y/7ffOHpBIAwBQf
MfFEyjgMzxaJHbq416mVMKZukPOXvyuvzGfaA7jd3Av0VPycVtz5KIps/g==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw38byib30a+bprl4PPUc
qpyq+skFIF78Q/2WdF9CpK+I4pRCvyAC1g8qLMW1Vm+zrTiFf0/ERSCF2n8f/KuO
G8GC4HL+l2mWWN0c0Zthsd06YGgCDWVTYALmud45y7iDcV+k030VBAqRBs4pE2Au
oPA7ZL929rP2KCY37/SUZUrOiykD/LCer7x/pMw/MI07xE6uKoowqTEyRt10S3TC
/3J4p2JTkBSJa6Ov2YLNXDI+cgdHZjM+AT7NMAhOdWW7HZ6ijcK7fj1IrbqLmvhu
Kc2K5xgs1Zuj9OtpeDI9Lb8sSXZmCdXNRYbYezmsnxiv84TLB0vPxvqN4EnKiPYT
1wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 615855790422667628691621701408925516040619215150
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.97
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'NTRNL-27124701'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN BV PKIoverheid Organisatie Server CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-25 12:50:09 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-09-24 12:50:09 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gelderland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Hengelo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gemeente Bronckhorst'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Participatie'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000001813647290000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'test-ipa.bronckhorst.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 24679149032136696241382707208574005607361498148888570759178610081315133084027351477097388004907762494795096752793785504191681471063790773160383307101085735396095625018808272806640181571178418116084689963269428318985125662475893298476153400379904531044907946734717742778829490558742994550571032743003730309853688929464526173232043573747643723649853629282495119540912899009434475855576989274411110790733023206270462113230246227602264514696134438332234017622617791934551310837800201657535964349095864418141789186424854783856409309851338364890391483710699213005765485456117459771564118149902754498304242533443218531816407
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (140 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3-2019.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g3ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							041db7a003dc250135ffbdf6398c61ada3d777b0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c39aa67b5e742b82b6c672fd744e85d297cdfd18
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test-ipa.bronckhorst.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00a42ddc7a8736e78cf3cdb19a1fcbaf6b36fc2447305507cc6eaf44963469178c865cfc7e359558fd0a8fa36beba45f17a16ba4ffc91f9551decb26f99e5b08b6cebd9eeb81b101186286d792f0e8746b91f3f455653aed953581132496c29867f18f2cc3621a5facb5e28cd1fa3cc19a20f6c05ba63970363c118b19bae5e09e9220cc1402453950cec662da61d3088941b695b38546163f85c8db59e0bf45f54dc7a5924e30223c17260db4873b3d2dad08c27e9721d30ddafe0cb0a7482cf78eac4ad236fb7c019a84a05bf73d1b1752f4f681d660d4ef1ee562d5839b31b1e64d3be1c7b15c1692bd4b2e0cbac88e05a033deb7cb004dc1ecf1569852ddd3cf9d6ce7b20f432e48fe45f953dbb26ecd37ba892935f84955b76b991ad87eb9ac5f69e8e99f6d66fa6cb7316ee3414220fb9cc7aa5cb8bfeed00ffbcb6a86d978801bdc1fa80c3e8b1533b48ba698c82a45eb04e0d004e19254534a307065ac8fbe96635b3eb18bb65dee75a482adf97c3170a33bac3900a17bc9d0400e738d1dcef4c5717f2c67eba7f71aa6822c65d42812592a8bf56a102f1438fa5af78049e35b7aa6751f60035168467cf339d7ab4f1ef475979cd22bcf68fe79d120d8a77c3b1aee2c2b88d6ff2ffb7df387a41200c0141f31f144ca380ccf16891dbab8d7a99530a66e90f397bf2bafcc67da03b8dddc0bf454fc9c56dcf9288a6cfe