squitxo-tst.gemeentewestland.nl

- Gemeente Westland -

Issued by KPN PKIoverheid Organisatie CA - G2

About this certificate

This digital certificate with serial number 15:ef:78:95:7e:72:d3:8b was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Gemeente Westland

Company registration number: 00000001812579446000
Organization: Gemeente Westland
Organization unit: Bedrijfsvoering
State / Province: Zuid-Holland
Locality: Naaldwijk
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 15:ef:78:95:7e:72:d3:8b
Serial Number (int): 1580614577697248139
Serial Number lenght: 61 bits, 8 octets

SubjectKeyId: 22:f3:34:fa:d6:b1:f6:9c:fd:43:6d:0c:ad:b7:13:e3:fd:7c:9f:d7
AuthorityKeyId: 75:a3:4e:8f:1e:97:dd:6c:88:01:31:ef:72:21:c2:6e:60:94:7d:80

Fingerprint (sha1): 49:c3:6e:83:54:43:31:ae:a5:37:f2:9f:5d:35:0c:b8:31:14:7c:a6
Fingerprint (sha256): 87:7b:ac:59:4f:01:ac:0f:97:4c:b6:11:bc:3b:8f:52:2b:a8:72:83:37:fa:66:5c:ea:e6:8b:6c:5f:af:d2:c4

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNPKIoverheidOrganisatieCAG2.cer

Revocation information

OCSP Server: http://g2ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNPKIoverheidOrganisatieCAG2/LatestCRL.crl

Check the revocation status for certificate squitxo-tst.gemeentewestland.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for squitxo-tst.gemeentewestland.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Email Protection
Server Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

squitxo-tst.gemeentewestland.nl

Other certificates including the domain name gemeentewestland.nl

(limited to 100 certificates)
stratech.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
*.gemeentewestland.nl
gemeentewestland.nl
stratech.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
www.gemeentewestland.nl
afspraak.gemeentewestland.nl
apigateway.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
mobile.gemeentewestland.nl
www.gemeentewestland.nl
squitxo-prd.gemeentewestland.nl
intranet.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
belastingen.gemeentewestland.nl
preproductie.gemeentewestland.nl
stratech.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
loket.gemeentewestland.nl
pvsor.gemeentewestland.nl
belastingen.gemeentewestland.nl
stratech.gemeentewestland.nl
sharefile.gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
squitxo-tst.gemeentewestland.nl
acceptatie.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
belastingen.gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
gemeentewestland.nl
mijn.gemeentewestland.nl
www.gemeentewestland.nl
gemeentewestland.nl
*.gemeentewestland.nl
waarmerk.gemeentewestland.nl
acceptatie-intranet.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
basisregistraties.gemeentewestland.nl
www.gemeentewestland.nl
squitxo-prd.gemeentewestland.nl
waarmerk.gemeentewestland.nl
webmail.gemeentewestland.nl
mijn.gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
stratech.gemeentewestland.nl
loket.gemeentewestland.nl
gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
acceptatie.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
stratech.gemeentewestland.nl
mdm.gemeentewestland.nl
gemeentewestland.nl
www.gemeentewestland.nl
intranet.gemeentewestland.nl
intranet.gemeentewestland.nl
basisregistraties.gemeentewestland.nl
squitxo-tst.gemeentewestland.nl
squitxo-prd.gemeentewestland.nl
legacy.gemeentewestland.nl
gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
oudewebsite.gemeentewestland.nl
gemeentewestland.nl
squitxo-tst.gemeentewestland.nl
belastingbalie.gemeentewestland.nl
preproductie.gemeentewestland.nl
bestemmingsplannen.gemeentewestland.nl
loket.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
westlandbudgetbeheer.gemeentewestland.nl
micollab.gemeentewestland.nl
belastingen.gemeentewestland.nl
sociaalplein.gemeentewestland.nl
apigateway2.gemeentewestland.nl
mijn.gemeentewestland.nl
remote.gemeentewestland.nl
berichtenverkeer.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
edienstenburgerzaken.gemeentewestland.nl
westlandbudgetbeheer.gemeentewestland.nl
loket.gemeentewestland.nl
guestportal.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
intranet.gemeentewestland.nl
loket.gemeentewestland.nl
preproductie.gemeentewestland.nl
loket.gemeentewestland.nl
belastingen.gemeentewestland.nl
*.gemeentewestland.nl
*.gemeentewestland.nl
login.gemeentewestland.nl
belastingen.gemeentewestland.nl
mijn.gemeentewestland.nl
belastingen.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
stratech.gemeentewestland.nl

Certificate

The complete raw certificate details for squitxo-tst.gemeentewestland.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIG2jCCBMKgAwIBAgIIFe94lX5y04swDQYJKoZIhvcNAQELBQAwTjELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMSwwKgYDVQQDDCNLUE4gUEtJb3Zlcmhl
aWQgT3JnYW5pc2F0aWUgQ0EgLSBHMjAeFw0xNzAzMzAxMDI4MzdaFw0xOTAzMzAx
MDI4MzdaMIG3MQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xsYW5kMRIw
EAYDVQQHDAlOYWFsZHdpamsxGjAYBgNVBAoMEUdlbWVlbnRlIFdlc3RsYW5kMRgw
FgYDVQQLDA9CZWRyaWpmc3ZvZXJpbmcxHTAbBgNVBAUTFDAwMDAwMDAxODEyNTc5
NDQ2MDAwMSgwJgYDVQQDDB9zcXVpdHhvLXRzdC5nZW1lZW50ZXdlc3RsYW5kLm5s
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1arG8G5cP1Vke7oQhEBS
69oVV+2VJfqKXNobctFuf1XAMSIN3HjlNN4/a0pBhw4ZV+hBCwi/S89AZr7k2l1R
Dj14NmUXObLmD4tHEouLZ1hJM+IjfF8EeeW76Tmhun4NjUebvbDVE+49rqwbW6T/
ynCN3uQXThcKvtGiqJD+3yyRBlSop+Wz+n4zpYxzsSHvdkKxVj9JDxk1J/xAi7Ft
8j7XRZsmpX8h7xOpQ1Ef/inAMKTrSqdfjb7TtmWQWjiJQQlsEFQWjCpmFd1imlvX
xHhGTSIpLrL0SAEkbltO467t3BNIvhex6UdUKKZoSXTg5CCa8i+tmhCFDXAjSj5X
7QIDAQABo4ICUDCCAkwwgYoGCCsGAQUFBwEBBH4wfDBQBggrBgEFBQcwAoZEaHR0
cDovL2NlcnQubWFuYWdlZHBraS5jb20vQ0FjZXJ0cy9LUE5QS0lvdmVyaGVpZE9y
Z2FuaXNhdGllQ0FHMi5jZXIwKAYIKwYBBQUHMAGGHGh0dHA6Ly9nMm9jc3AubWFu
YWdlZHBraS5jb20wHQYDVR0OBBYEFCLzNPrWsfac/UNtDK23E+P9fJ/XMAwGA1Ud
EwEB/wQCMAAwHwYDVR0jBBgwFoAUdaNOjx6X3WyIATHvciHCbmCUfYAwgbEGA1Ud
IASBqTCBpjCBmQYKYIQQAYdrAQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9j
ZXJ0aWZpY2FhdC5rcG4uY29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBD
DEFPcCBkaXQgY2VydGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4g
S1BOIHZhbiB0b2VwYXNzaW5nLjAIBgZngQwBAgIwVgYDVR0fBE8wTTBLoEmgR4ZF
aHR0cDovL2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5QS0lvdmVyaGVpZE9yZ2FuaXNh
dGllQ0FHMi9MYXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIFoDAnBgNVHSUEIDAe
BggrBgEFBQcDAgYIKwYBBQUHAwQGCCsGAQUFBwMBMCoGA1UdEQQjMCGCH3NxdWl0
eG8tdHN0LmdlbWVlbnRld2VzdGxhbmQubmwwDQYJKoZIhvcNAQELBQADggIBAAZs
8iL1cvXB6OkInjpg2/CFh/ta15gGzAleHkbFJbTE+jjkm0o/9DQyNdHUX/hLK/Nt
LhjwAdL1jJ9ZevNfjFkWyrwdHJGEKv1eu1Tpxx9l2hdU/3YuUWDNCXqYqV3bziMV
rS/zmLfHgWzd4HuatKx437tnHyjpmPQB0YthMad/wSLG4nDnOEsmtk00KhriV0nM
ftDmIjuULYBN+0AjzcUx6m+OzkpL/5K8AxMQhSEMcxVjkqe9ZQLlF+7c2UshB2MK
l1N+vkDmTfK4o7vYDFnlxDwgb1vfQQ9IQANQiC7+w9w259w4OjqZ7c+SGpksZGP+
4j+sHToZuVq3s9y6KAuSkcDh8zOODbHNdZaTTVQ1dp034sEMudXEuBeFLSR1XXIw
ZAlasZbqGXcFOK48uXkx9mWz8HjL+K8+ljD5qIF3LBvQDtWjwtXB1eAQW2B4bH24
HrYEGcqiBHn9MBzQGu/hrzHlDS6SNuo+C3Rh5eR6jmSOJw9NxqgPRzDjFSBktENz
0vYEStJa6JUAui2yYt9t0C71QKQaVl2rslrpizz9DLMTgLRy4Iv0MrkNn5Jk+88A
fsbXWQodfrnXV4anRheB2TVlgxPn+Gi5XPigv+XTibjdxEBB4+0k19oKMlCMQlnO
GgaNG0hfoKHUY37emdk2FA8APwA7iXVtLBR8pSP4
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1arG8G5cP1Vke7oQhEBS
69oVV+2VJfqKXNobctFuf1XAMSIN3HjlNN4/a0pBhw4ZV+hBCwi/S89AZr7k2l1R
Dj14NmUXObLmD4tHEouLZ1hJM+IjfF8EeeW76Tmhun4NjUebvbDVE+49rqwbW6T/
ynCN3uQXThcKvtGiqJD+3yyRBlSop+Wz+n4zpYxzsSHvdkKxVj9JDxk1J/xAi7Ft
8j7XRZsmpX8h7xOpQ1Ef/inAMKTrSqdfjb7TtmWQWjiJQQlsEFQWjCpmFd1imlvX
xHhGTSIpLrL0SAEkbltO467t3BNIvhex6UdUKKZoSXTg5CCa8i+tmhCFDXAjSj5X
7QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 1580614577697248139
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN PKIoverheid Organisatie CA - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2017-03-30 10:28:37 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-03-30 10:28:37 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Zuid-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Naaldwijk'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gemeente Westland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Bedrijfsvoering'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000001812579446000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'squitxo-tst.gemeentewestland.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26972972287505257741213990353733962148667568561654383010499753503628603839163612844889180043221491794652221400279659815972736055046832191264788435486559126306978175336902756169507884092451719252279167835968907259814385445045360590298441561121965197120861628143649118180288677115253659356494873070211359577517395175888909828773964319109502695265118884089266744305301467078380750833627622272022675701902755471889088507126083097239378710936283133340584736295363913457432277481823752254401323374123319653627658852059785005787525671189460875824259681964513430553873489841074932201938293579957341176090920580753050254071789
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNPKIoverheidOrganisatieCAG2.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g2ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							22f334fad6b1f69cfd436d0cadb713e3fd7c9fd7
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 75a34e8f1e97dd6c880131ef7221c26e60947d80
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNPKIoverheidOrganisatieCAG2/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (32 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.4 (emailProtection)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (35 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'squitxo-tst.gemeentewestland.nl'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00066cf222f572f5c1e8e9089e3a60dbf08587fb5ad79806cc095e1e46c525b4c4fa38e49b4a3ff4343235d1d45ff84b2bf36d2e18f001d2f58c9f597af35f8c5916cabc1d1c91842afd5ebb54e9c71f65da1754ff762e5160cd097a98a95ddbce2315ad2ff398b7c7816cdde07b9ab4ac78dfbb671f28e998f401d18b6131a77fc122c6e270e7384b26b64d342a1ae25749cc7ed0e6223b942d804dfb4023cdc531ea6f8ece4a4bff92bc03131085210c73156392a7bd6502e517eedcd94b2107630a97537ebe40e64df2b8a3bbd80c59e5c43c206f5bdf410f48400350882efec3dc36e7dc383a3a99edcf921a992c6463fee23fac1d3a19b95ab7b3dcba280b9291c0e1f3338e0db1cd7596934d5435769d37e2c10cb9d5c4b817852d24755d723064095ab196ea19770538ae3cb97931f665b3f078cbf8af3e9630f9a881772c1bd00ed5a3c2d5c1d5e0105b60786c7db81eb60419caa20479fd301cd01aefe1af31e50d2e9236ea3e0b7461e5e47a8e648e270f4dc6a80f4730e3152064b44373d2f6044ad25ae89500ba2db262df6dd02ef540a41a565dabb25ae98b3cfd0cb31380b472e08bf432b90d9f9264fbcf007ec6d7590a1d7eb9d75786a7461781d935658313e7f868b95cf8a0bfe5d389b8ddc44041e3ed24d7da0a32508c4259ce1a068d1b485fa0a1d4637ede99d936140f003f003b89756d2c147ca523f8