waarmerk.bronckhorst.nl

- Gemeente Bronckhorst -

Issued by KPN BV PKIoverheid Organisatie Server CA - G3

About this certificate

This digital certificate with serial number 35:b0:4c:ef:87:b5:43:d4 was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Gemeente Bronckhorst

Company registration number: 00000001813647290000
Organization: Gemeente Bronckhorst
State / Province: Gelderland
Locality: Bronckhorst
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 35:b0:4c:ef:87:b5:43:d4
Serial Number (int): 3868676671568954324
Serial Number lenght: 62 bits, 8 octets

SubjectKeyId: fe:0d:a9:78:3a:08:aa:02:7b:ae:29:10:ff:e7:b6:51:ed:ca:05:d1
AuthorityKeyId: c3:9a:a6:7b:5e:74:2b:82:b6:c6:72:fd:74:4e:85:d2:97:cd:fd:18

Fingerprint (sha1): 5a:a9:2d:8b:4c:d3:40:29:4e:7c:92:e6:f5:2d:f9:f0:7f:3b:09:08
Fingerprint (sha256): 85:52:a9:1f:3f:60:e5:d0:b4:31:88:d2:a0:ec:4c:e3:b9:41:fa:44:98:f9:87:15:1a:6c:73:64:19:1f:76:cc

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer

Revocation information

OCSP Server: http://g3ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl

Check the revocation status for certificate waarmerk.bronckhorst.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for waarmerk.bronckhorst.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

waarmerk.bronckhorst.nl

Other certificates including the domain name bronckhorst.nl

(limited to 100 certificates)
meldingen.bronckhorst.nl
*.bronckhorst.nl
extranet.bronckhorst.nl
digikoppeling.bronckhorst.nl
duo.bronckhorst.nl
exchange.bronckhorst.nl
simsite.bronckhorst.nl
exchange.bronckhorst.nl
bronckhorst.nl
mijn.bronckhorst.nl
duo.bronckhorst.nl
mijninkomen.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
sync.bronckhorst.nl
extranet.bronckhorst.nl
intranet.bronckhorst.nl
mohis.bronckhorst.nl
certdurp.bronckhorst.nl
intranet.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
thuiswerken2.bronckhorst.nl
personeelshandboek.bronckhorst.nl
bronckhorst.nl
iparticipatie.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
brk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
secure.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
duo.bronckhorst.nl
felix.bronckhorst.nl
simsite.bronckhorst.nl
personeelshandboek.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
webmail.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
waarmerk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enserinck.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
afspraken.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
begraafplaatsreservering.bronckhorst.nl
test-ipa.bronckhorst.nl
intranet.bronckhorst.nl
ibzpink.bronckhorst.nl
intranet.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
exchange.bronckhorst.nl
wkpb.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
secure.bronckhorst.nl
waarmerk.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
digikoppeling.bronckhorst.nl
g-rooster.bronckhorst.nl
extranet.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
mijn.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
cloudadapter.bronckhorst.nl
www.bronckhorst.nl
exchange.bronckhorst.nl
afspraken.bronckhorst.nl
izaaksuite.bronckhorst.nl
simcms.bronckhorst.nl
wkpb.bronckhorst.nl
www.bronckhorst.nl
mdm-sentry.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
thuiswerken.bronckhorst.nl
mijninkomen.bronckhorst.nl
www.bronckhorst.nl
bronckhorst.nl
www.bronckhorst.nl

Certificate

The complete raw certificate details for waarmerk.bronckhorst.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIII2jCCBsKgAwIBAgIINbBM74e1Q9QwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMRcwFQYDVQRhDA5OVFJOTC0yNzEyNDcw
MTE2MDQGA1UEAwwtS1BOIEJWIFBLSW92ZXJoZWlkIE9yZ2FuaXNhdGllIFNlcnZl
ciBDQSAtIEczMB4XDTE5MDExNTEyMTAxM1oXDTIxMDExNDEyMTAxM1owgZgxCzAJ
BgNVBAYTAk5MMRMwEQYDVQQIDApHZWxkZXJsYW5kMRQwEgYDVQQHDAtCcm9uY2to
b3JzdDEdMBsGA1UECgwUR2VtZWVudGUgQnJvbmNraG9yc3QxHTAbBgNVBAUTFDAw
MDAwMDAxODEzNjQ3MjkwMDAwMSAwHgYDVQQDDBd3YWFybWVyay5icm9uY2tob3Jz
dC5ubDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN/N6zHzyiwDGExU
qg9rPOL/afMeURALOwIMcc+VBfi0zRyyaQmGMhu+ZMb04Ta5vfHYABgyizLMMly2
2GY/j3W12DMrDfS7ASp9FBnRAhk/TO9vOaku5MraYclAINEZwHUN7m57fy7utK7N
g6Xp4/Wt1gVHusAHFOk3imXS7lQCDZO0QeQbY30snaOFuekjQMHyRkot2ByDmFfV
FPHOWGQog0noLdiJgqjnwmHZnv3QcoodISNRp/aHJObsekQ/pQqP7c84dK8t34Oq
rjmXsL1QPECZGbMq70DcIAultMF8TuEKj7N2hSlnPfeqTgLdoBwVExgs9OzJ9l7k
IrbrnGcCAwEAAaOCBEwwggRIMIGUBggrBgEFBQcBAQSBhzCBhDBYBggrBgEFBQcw
AoZMaHR0cDovL2NlcnQubWFuYWdlZHBraS5jb20vQ0FjZXJ0cy9LUE5CVlBLSW92
ZXJoZWlkT3JnYW5pc2F0aWVTZXJ2ZXJDQUczLmNlcjAoBggrBgEFBQcwAYYcaHR0
cDovL2czb2NzcC5tYW5hZ2VkcGtpLmNvbTAdBgNVHQ4EFgQU/g2peDoIqgJ7rikQ
/+e2Ue3KBdEwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTDmqZ7XnQrgrbGcv10
ToXSl839GDCBsQYDVR0gBIGpMIGmMIGZBgpghBABh2sBAgUGMIGKMDcGCCsGAQUF
BwIBFitodHRwczovL2NlcnRpZmljYWF0Lmtwbi5jb20vcGtpb3ZlcmhlaWQvY3Bz
ME8GCCsGAQUFBwICMEMMQU9wIGRpdCBjZXJ0aWZpY2FhdCBpcyBoZXQgQ1BTIFBL
SW92ZXJoZWlkIHZhbiBLUE4gdmFuIHRvZXBhc3NpbmcuMAgGBmeBDAECAjBeBgNV
HR8EVzBVMFOgUaBPhk1odHRwOi8vY3JsLm1hbmFnZWRwa2kuY29tL0tQTkJWUEtJ
b3ZlcmhlaWRPcmdhbmlzYXRpZVNlcnZlckNBRzMvTGF0ZXN0Q1JMLmNybDAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMCIGA1Ud
EQQbMBmCF3dhYXJtZXJrLmJyb25ja2hvcnN0Lm5sMIIB+AYKKwYBBAHWeQIEAgSC
AegEggHkAeIAdwBVgdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWhR
a1xJAAAEAwBIMEYCIQCBnlhoUFIsjZhe6h0RY7h9ncfa8BJZkBr6/aZ6FQa7xgIh
APvRTOXiPq3aCD4nMz6WJiMoxrPJGv+q4cfhqzSm6vwOAHYAu9nfvB+KcbWTlCOX
qpJ7RzhXlQqrUugakJZkNo4e0YUAAAFoUWtbygAABAMARzBFAiBjTbn6/bETPCXk
dJEDEeJ6PtF7pHDZxMt1GJ50ET2QFwIhAOhzbCzDdE5ECupQ5DjoJidVQ3Gbary/
WlCMlZy1phgXAHcApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFo
UWtbxgAABAMASDBGAiEAtfOgZYcc6SOlRuWdacKQHordV01eWEhlhtfUbQzHobkC
IQCboNKKTMxljrEsJWtRKVP/9X7RAAL+VGODjcfegkL0WQB2AO5Lvbd1zmC64UJp
H6vhnmajD35fsHLYgwDEe4l6qP3LAAABaFFrW8YAAAQDAEcwRQIhAKS4ShejEen9
KMkd5e/eIGeUvZ42rwrQvlvnPewnIwf5AiBK/ItYKc3R0HG5c9Nob/BoSJjYgYqs
DrMu+8M8HZMKYjANBgkqhkiG9w0BAQsFAAOCAgEAYFPbFZQvHPJ2B8wT+Wx4kehc
PC94E2mOe9X2Oq29YbSvedTlF0Mc1irBX495rApE10UN7E4DD6OxgxTXubZ5Deek
wQEJVeUm5u43+nTziFKXb+agYneybR7cN4hgrtaMMozsSLxZLOVatKS5z7sx960i
sILepctYuSOo6x2L99ASyI272t7GzgvFO37Ujwknm32fsAsXaG1NIhVUZa9p9Nai
IQ/mR27bkF7YfEnMawxJ8GWd8UBTeKhUDk2N1rvNIwsCiRehqICabuXSNMClQ5WI
legW4FJmLogYqtWgWkbDXJfuYAfAllTKoZBr/NFjYMYWei3MCvfBf1PANmhUZ4ZH
XpbOPvtEcrNVOXGkzRlc8H6fZ4uh01btMXPxr/yvwSf21FX4B2KcA8fyyaYxGj73
rKHXkrESeQTkVoYtdzZGHUjT3RKSQQQm0y7lP+IQuG8xe5tpYl4bUqpETcv1oXx/
Z8z7qJxvIubOojnv8F3kpqrI6BUP6yFP/zuiIGprp00yeNJ6M66iOy28TBseOCw3
8xXMhxzHS6Mst3YrfJLcS7tLHdxR8DU95BShKdBgjTwuAvFV11FclQNXpTTIFcLR
J+p6lYTbNhw99h3lsmqeP0LrGt+vdvaW8vNKg5i0lm8qPjZ6HADy7dGa5CQ43MFQ
ockCXwZzq6DGVjHsh5w=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA383rMfPKLAMYTFSqD2s8
4v9p8x5REAs7Agxxz5UF+LTNHLJpCYYyG75kxvThNrm98dgAGDKLMswyXLbYZj+P
dbXYMysN9LsBKn0UGdECGT9M7285qS7kytphyUAg0RnAdQ3ubnt/Lu60rs2Dpenj
9a3WBUe6wAcU6TeKZdLuVAINk7RB5BtjfSydo4W56SNAwfJGSi3YHIOYV9UU8c5Y
ZCiDSegt2ImCqOfCYdme/dByih0hI1Gn9ock5ux6RD+lCo/tzzh0ry3fg6quOZew
vVA8QJkZsyrvQNwgC6W0wXxO4QqPs3aFKWc996pOAt2gHBUTGCz07Mn2XuQituuc
ZwIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 3868676671568954324
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.97
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'NTRNL-27124701'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN BV PKIoverheid Organisatie Server CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-01-15 12:10:13 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-01-14 12:10:13 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gelderland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Bronckhorst'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gemeente Bronckhorst'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000001813647290000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'waarmerk.bronckhorst.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28252684318202019597177516223508764289915160120128367904558139410275171872341756089559864897257351483671275641813363749570414814994310557308756123420447459310512888195617035235959727892810027151821104653509144794972467777276189721056892888787483090033768953718465604210967285877045973366427206326337865984921389442978713927598189272378333812016644170463947615557981463187439803618909846586260425326895868408107393715052014255601445393101419855523643087662307599667003063258759022748260351566521870468199898403031078877078760473990693268309123249936728543914661488685907999638268182324192910104290348200886284329917543
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g3ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							fe0da9783a08aa027bae2910ffe7b651edca05d1
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c39aa67b5e742b82b6c672fd744e85d297cdfd18
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'waarmerk.bronckhorst.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (488 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (484 bytes)
							01e20077005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000168516b5c490000040300483046022100819e586850522c8d985eea1d1163b87d9dc7daf01259901afafda67a1506bbc6022100fbd14ce5e23eadda083e27333e96262328c6b3c91affaae1c7e1ab34a6eafc0e007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000168516b5bca00000403004730450220634db9fafdb1133c25e474910311e27a3ed17ba470d9c4cb75189e74113d9017022100e8736c2cc3744e440aea50e438e826275543719b6abcbf5a508c959cb5a61817007700a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000168516b5bc60000040300483046022100b5f3a065871ce923a546e59d69c2901e8add574d5e58486586d7d46d0cc7a1b90221009ba0d28a4ccc658eb12c256b512953fff57ed10002fe5463838dc7de8242f459007600ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000168516b5bc60000040300473045022100a4b84a17a311e9fd28c91de5efde206794bd9e36af0ad0be5be73dec272307f902204afc8b5829cdd1d071b973d3686ff0684898d8818aac0eb32efbc33c1d930a62
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		006053db15942f1cf27607cc13f96c7891e85c3c2f7813698e7bd5f63aadbd61b4af79d4e517431cd62ac15f8f79ac0a44d7450dec4e030fa3b18314d7b9b6790de7a4c1010955e526e6ee37fa74f38852976fe6a06277b26d1edc378860aed68c328cec48bc592ce55ab4a4b9cfbb31f7ad22b082dea5cb58b923a8eb1d8bf7d012c88dbbdadec6ce0bc53b7ed48f09279b7d9fb00b17686d4d22155465af69f4d6a2210fe6476edb905ed87c49cc6b0c49f0659df1405378a8540e4d8dd6bbcd230b028917a1a8809a6ee5d234c0a543958895e816e052662e8818aad5a05a46c35c97ee6007c09654caa1906bfcd16360c6167a2dcc0af7c17f53c03668546786475e96ce3efb4472b3553971a4cd195cf07e9f678ba1d356ed3173f1affcafc127f6d455f807629c03c7f2c9a6311a3ef7aca1d792b1127904e456862d7736461d48d3dd1292410426d32ee53fe210b86f317b9b69625e1b52aa444dcbf5a17c7f67ccfba89c6f22e6cea239eff05de4a6aac8e8150feb214fff3ba2206a6ba74d3278d27a33aea23b2dbc4c1b1e382c37f315cc871cc74ba32cb7762b7c92dc4bbb4b1ddc51f0353de414a129d0608d3c2e02f155d7515c950357a534c815c2d127ea7a9584db361c3df61de5b26a9e3f42eb1adfaf76f696f2f34a8398b4966f2a3e367a1c00f2edd19ae42438dcc150a1c9025f0673aba0c65631ec879c