loket.gemeentewestland.nl

- Gemeente Westland -

Issued by KPN PKIoverheid Organisatie CA - G2

About this certificate

This digital certificate with serial number 1e:84:c9:bc:88:3d:fe:89 was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Gemeente Westland

Company registration number: 00000001812579446000
Organization: Gemeente Westland
Organization unit: Bedrijfsvoering
State / Province: Zuid-Holland
Locality: Naaldwijk
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 1e:84:c9:bc:88:3d:fe:89
Serial Number (int): 2199104329640443529
Serial Number lenght: 61 bits, 8 octets

SubjectKeyId: 9e:f2:cd:cb:43:6b:16:0a:19:a7:cc:4f:e3:d9:8d:e8:8b:01:c8:af
AuthorityKeyId: 75:a3:4e:8f:1e:97:dd:6c:88:01:31:ef:72:21:c2:6e:60:94:7d:80

Fingerprint (sha1): 4a:2a:15:a7:e5:91:58:44:70:01:1b:62:73:e8:54:02:fc:b5:ed:c3
Fingerprint (sha256): 9b:14:74:78:b3:0e:91:e3:e6:15:71:a9:41:97:62:bd:49:8f:51:37:b1:b8:d6:65:d8:a4:4a:49:6a:5f:ea:92

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNPKIoverheidOrganisatieCAG2.cer

Revocation information

OCSP Server: http://g2ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNPKIoverheidOrganisatieCAG2/LatestCRL.crl

Check the revocation status for certificate loket.gemeentewestland.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for loket.gemeentewestland.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

loket.gemeentewestland.nl

Other certificates including the domain name gemeentewestland.nl

(limited to 100 certificates)
stratech.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
*.gemeentewestland.nl
gemeentewestland.nl
stratech.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
www.gemeentewestland.nl
afspraak.gemeentewestland.nl
apigateway.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
mobile.gemeentewestland.nl
www.gemeentewestland.nl
squitxo-prd.gemeentewestland.nl
intranet.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
belastingen.gemeentewestland.nl
preproductie.gemeentewestland.nl
stratech.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
loket.gemeentewestland.nl
pvsor.gemeentewestland.nl
belastingen.gemeentewestland.nl
stratech.gemeentewestland.nl
sharefile.gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
squitxo-tst.gemeentewestland.nl
acceptatie.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
belastingen.gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
gemeentewestland.nl
mijn.gemeentewestland.nl
www.gemeentewestland.nl
gemeentewestland.nl
*.gemeentewestland.nl
waarmerk.gemeentewestland.nl
acceptatie-intranet.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
basisregistraties.gemeentewestland.nl
www.gemeentewestland.nl
squitxo-prd.gemeentewestland.nl
waarmerk.gemeentewestland.nl
webmail.gemeentewestland.nl
mijn.gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
stratech.gemeentewestland.nl
loket.gemeentewestland.nl
gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
acceptatie.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
stratech.gemeentewestland.nl
mdm.gemeentewestland.nl
gemeentewestland.nl
www.gemeentewestland.nl
intranet.gemeentewestland.nl
intranet.gemeentewestland.nl
basisregistraties.gemeentewestland.nl
squitxo-tst.gemeentewestland.nl
squitxo-prd.gemeentewestland.nl
legacy.gemeentewestland.nl
gemeentewestland.nl
digikoppeling-tst.gemeentewestland.nl
oudewebsite.gemeentewestland.nl
gemeentewestland.nl
squitxo-tst.gemeentewestland.nl
belastingbalie.gemeentewestland.nl
preproductie.gemeentewestland.nl
bestemmingsplannen.gemeentewestland.nl
loket.gemeentewestland.nl
digikoppeling.gemeentewestland.nl
westlandbudgetbeheer.gemeentewestland.nl
micollab.gemeentewestland.nl
belastingen.gemeentewestland.nl
sociaalplein.gemeentewestland.nl
apigateway2.gemeentewestland.nl
mijn.gemeentewestland.nl
remote.gemeentewestland.nl
berichtenverkeer.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
edienstenburgerzaken.gemeentewestland.nl
westlandbudgetbeheer.gemeentewestland.nl
loket.gemeentewestland.nl
guestportal.gemeentewestland.nl
huisvuilkalender.gemeentewestland.nl
intranet.gemeentewestland.nl
loket.gemeentewestland.nl
preproductie.gemeentewestland.nl
loket.gemeentewestland.nl
belastingen.gemeentewestland.nl
*.gemeentewestland.nl
*.gemeentewestland.nl
login.gemeentewestland.nl
belastingen.gemeentewestland.nl
mijn.gemeentewestland.nl
belastingen.gemeentewestland.nl
bijmijindebuurt.gemeentewestland.nl
stratech.gemeentewestland.nl

Certificate

The complete raw certificate details for loket.gemeentewestland.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIRTCCBi2gAwIBAgIIHoTJvIg9/okwDQYJKoZIhvcNAQELBQAwTjELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMSwwKgYDVQQDDCNLUE4gUEtJb3Zlcmhl
aWQgT3JnYW5pc2F0aWUgQ0EgLSBHMjAeFw0xODA3MjAxMTEwMTBaFw0xOTA3MjAx
MTEwMTBaMIGxMQswCQYDVQQGEwJOTDEVMBMGA1UECAwMWnVpZC1Ib2xsYW5kMRIw
EAYDVQQHDAlOYWFsZHdpamsxGjAYBgNVBAoMEUdlbWVlbnRlIFdlc3RsYW5kMRgw
FgYDVQQLDA9CZWRyaWpmc3ZvZXJpbmcxHTAbBgNVBAUTFDAwMDAwMDAxODEyNTc5
NDQ2MDAwMSIwIAYDVQQDDBlsb2tldC5nZW1lZW50ZXdlc3RsYW5kLm5sMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3j0l8mvu1vJhZNnVBGSWOgVEVgVg
9zq7njYkxBpvaQcgmQo5LDxQlo2i/cndzN6+FIxfdPdJvLcOrIVD0hk37nvtIFsI
+hENdww7Un0wsBMWt8VdipT0RsNZYHvvJnlitYuBdbm2Cw8XrTKSQLosdU6Yakq9
OX9c1+3lP0WdAxmxB8fE7FdrkfaRmufBgwBBGVdDXUuUzmhdN4eof9xxt7EkaNuX
2tgCC0u2d+qgRa2o/Tr0zq0G9JvVgqRrYdhhTZo5wN8khVSamMVDEbIC9T1P03DB
AN1MTYUugwzI0dhBj4Vy6SS7kGpd7H9Cn3SWeKwh7IKDcIiCQA0pSSnM/wIDAQAB
o4IDwTCCA70wgYoGCCsGAQUFBwEBBH4wfDBQBggrBgEFBQcwAoZEaHR0cDovL2Nl
cnQubWFuYWdlZHBraS5jb20vQ0FjZXJ0cy9LUE5QS0lvdmVyaGVpZE9yZ2FuaXNh
dGllQ0FHMi5jZXIwKAYIKwYBBQUHMAGGHGh0dHA6Ly9nMm9jc3AubWFuYWdlZHBr
aS5jb20wHQYDVR0OBBYEFJ7yzctDaxYKGafMT+PZjeiLAcivMAwGA1UdEwEB/wQC
MAAwHwYDVR0jBBgwFoAUdaNOjx6X3WyIATHvciHCbmCUfYAwgbEGA1UdIASBqTCB
pjCBmQYKYIQQAYdrAQIFBjCBijA3BggrBgEFBQcCARYraHR0cHM6Ly9jZXJ0aWZp
Y2FhdC5rcG4uY29tL3BraW92ZXJoZWlkL2NwczBPBggrBgEFBQcCAjBDDEFPcCBk
aXQgY2VydGlmaWNhYXQgaXMgaGV0IENQUyBQS0lvdmVyaGVpZCB2YW4gS1BOIHZh
biB0b2VwYXNzaW5nLjAIBgZngQwBAgIwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDov
L2NybC5tYW5hZ2VkcGtpLmNvbS9LUE5QS0lvdmVyaGVpZE9yZ2FuaXNhdGllQ0FH
Mi9MYXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAgYIKwYBBQUHAwEwJAYDVR0RBB0wG4IZbG9rZXQuZ2VtZWVudGV3ZXN0bGFu
ZC5ubDCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYAVYHUwhaQNgFK6gubVzxT
8MDkOHhwJQgXL6OqHQcT0wwAAAFkt2IPxAAABAMARzBFAiAZIZnulo3Sw6ZUu1+X
Rfrjl80C9U9BvyQT9R2b8iE61QIhAI50E//8Tdid4pDoTBnkflJgQdFqsW6bxZVZ
PZKAWnGTAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiDAMR7iXqo/csAAAFkt2IP
mwAABAMARjBEAiBOVeTkE8MS1uoXakLL/nKnk3lgCedJ66e/DT6iHBRCPAIgYgd+
qVt/u+WWEoKmzJBqJamuglkKQ9yps7bIqQChvlUAdgCkuQmQtBhYFIe7E6LMZ3AK
PDWYBPkb37jjd80OyA3cEAAAAWS3YhIAAAAEAwBHMEUCIQCe87lL4sw8PuDoJoPk
fgEiXNtv9iPx4j8hslZv2qLp0gIgHwxuoM5znX4P8XWB9n4dsmoY4b9HpgN5ZtvB
7033bqwwDQYJKoZIhvcNAQELBQADggIBAGc1mPZx2e2J7NdTit9SdKPiUHTlHzY7
iWMxwm9guKv+8UKyv37KNAFohVOw2vlJlfDUzZz022JKJcgPUutyyGo30Rfw6Br3
7PRNCaJFkXUFtXp4uK0MzHYOGJ454b4mvot6MhtDLLoOuJgIAVxmE/5DDDNMlD74
0bPxWxwl0ekRu/4Lg8j74RRF78gJqtfH37hYJwnPBmHqa2BmGPOQtlsAU0zcl3xW
jdfutbzzc2iGP+YtDL7sb0MTu3tsyMyvLoCfAAPE3/ZtpJGqQohsUOtLzIpQzp3y
JickG3voumxU5lkrk7UPnfmXY6d7wlgcDaxyoxaZ6/L2Jy7JU2T41ADmKYc7gllj
PFi9Zif7k4SIKTodw7VFayf4EklA6DX5vQLIIjNIdOqG17W5G2LkgvXztq6lAg/B
Vpcl9JmaTjn9OcXNoqEVxvw5oDyp3kMwHiZQpVJHkAoFGE5xZzz0kx9/2W7axUaS
n44gHtaVM0WnsoLlug5d/5Ivmv6lBR37yJh1/5aq1tO5pdvtjZxEX08yx41Wqk/7
CoWl+B1hnT2JqWq17FaVG/ahoe2cMGZ+/M/dQ7w+m68xx082gn8PF9wz6jO6X4Qr
HraM+Uo6OdTluwelxTmKfpCJ5o0Moy8K2b97SiCCec+hJkcXlG3RXAnHRoyFl1v4
A5rWXJdGMiT4
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3j0l8mvu1vJhZNnVBGSW
OgVEVgVg9zq7njYkxBpvaQcgmQo5LDxQlo2i/cndzN6+FIxfdPdJvLcOrIVD0hk3
7nvtIFsI+hENdww7Un0wsBMWt8VdipT0RsNZYHvvJnlitYuBdbm2Cw8XrTKSQLos
dU6Yakq9OX9c1+3lP0WdAxmxB8fE7FdrkfaRmufBgwBBGVdDXUuUzmhdN4eof9xx
t7EkaNuX2tgCC0u2d+qgRa2o/Tr0zq0G9JvVgqRrYdhhTZo5wN8khVSamMVDEbIC
9T1P03DBAN1MTYUugwzI0dhBj4Vy6SS7kGpd7H9Cn3SWeKwh7IKDcIiCQA0pSSnM
/wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 2199104329640443529
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN PKIoverheid Organisatie CA - G2'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-07-20 11:10:10 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-07-20 11:10:10 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Zuid-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Naaldwijk'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gemeente Westland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Bedrijfsvoering'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000001812579446000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'loket.gemeentewestland.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 28055057018660487984326619335216963793996671955583283164920900084866378828523728345114865000305676106795520469616066806305287139684747238406672150894012274604349710921123502275856070698908528929956454326384219167904842790539675174301021525960321855938195662041332015989569942784640941853167608391345805739967302043651851386503350521405577389952532251688861891905849172444938231692505801436834626519951187290029752299524798078873566948812381481743744729407295252556277106727474330823144354373563628791252126760301549949639652998157687197937814606873617241163651504585740473193561036700281743733215687757260568274783487
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNPKIoverheidOrganisatieCAG2.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g2ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							9ef2cdcb436b160a19a7cc4fe3d98de88b01c8af
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 75a34e8f1e97dd6c880131ef7221c26e60947d80
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNPKIoverheidOrganisatieCAG2/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (29 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'loket.gemeentewestland.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							01670076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000164b7620fc400000403004730450220192199ee968dd2c3a654bb5f9745fae397cd02f54f41bf2413f51d9bf2213ad50221008e7413fffc4dd89de290e84c19e47e526041d16ab16e9bc595593d92805a7193007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000164b7620f9b000004030046304402204e55e4e413c312d6ea176a42cbfe72a793796009e749eba7bf0d3ea21c14423c022062077ea95b7fbbe5961282a6cc906a25a9ae82590a43dca9b3b6c8a900a1be55007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000164b762120000000403004730450221009ef3b94be2cc3c3ee0e82683e47e01225cdb6ff623f1e23f21b2566fdaa2e9d202201f0c6ea0ce739d7e0ff17581f67e1db26a18e1bf47a6037966dbc1ef4df76eac
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00673598f671d9ed89ecd7538adf5274a3e25074e51f363b896331c26f60b8abfef142b2bf7eca3401688553b0daf94995f0d4cd9cf4db624a25c80f52eb72c86a37d117f0e81af7ecf44d09a245917505b57a78b8ad0ccc760e189e39e1be26be8b7a321b432cba0eb89808015c6613fe430c334c943ef8d1b3f15b1c25d1e911bbfe0b83c8fbe11445efc809aad7c7dfb8582709cf0661ea6b606618f390b65b00534cdc977c568dd7eeb5bcf37368863fe62d0cbeec6f4313bb7b6cc8ccaf2e809f0003c4dff66da491aa42886c50eb4bcc8a50ce9df22627241b7be8ba6c54e6592b93b50f9df99763a77bc2581c0dac72a31699ebf2f6272ec95364f8d400e629873b8259633c58bd6627fb938488293a1dc3b5456b27f8124940e835f9bd02c822334874ea86d7b5b91b62e482f5f3b6aea5020fc1569725f4999a4e39fd39c5cda2a115c6fc39a03ca9de43301e2650a55247900a05184e71673cf4931f7fd96edac546929f8e201ed6953345a7b282e5ba0e5dff922f9afea5051dfbc89875ff96aad6d3b9a5dbed8d9c445f4f32c78d56aa4ffb0a85a5f81d619d3d89a96ab5ec56951bf6a1a1ed9c30667efccfdd43bc3e9baf31c74f36827f0f17dc33ea33ba5f842b1eb68cf94a3a39d4e5bb07a5c5398a7e9089e68d0ca32f0ad9bf7b4a208279cfa1264717946dd15c09c7468c85975bf8039ad65c97463224f8