*.carema.ch

- HRM Systems AG -

Issued by SwissSign Server Gold CA 2014 - G22

About this certificate

This digital certificate with serial number 1f:7f:f6:6c:47:e1:0d:cc:84:05:9a:7d:dd:ce:4c:a1:21:8f:c7:40 was issued on by SwissSign AG.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

HRM Systems AG

Organization: HRM Systems AG
Organization unit: IT Operations
State / Province: Zurich
Locality: Winterthur
Country: CH

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate has expire since

Certificate Details

Serial Number (hex): 1f:7f:f6:6c:47:e1:0d:cc:84:05:9a:7d:dd:ce:4c:a1:21:8f:c7:40
Serial Number (int): 179832375004130989240859779022108797578905634624
Serial Number lenght: 157 bits, 20 octets

SubjectKeyId: 1e:87:aa:82:f4:26:bd:56:b6:ea:2a:33:13:63:91:4f:d9:d3:d6:2b
AuthorityKeyId: e7:f1:e7:fd:2e:53:ad:11:e5:81:1a:57:a4:73:8f:12:7d:98:c8:ae

Fingerprint (sha1): fb:ea:05:5c:a9:01:08:15:cf:0f:d1:eb:8a:67:79:af:f2:4f:eb:b0
Fingerprint (sha256): a4:fc:55:9a:d9:fc:30:4e:c2:f8:95:a8:17:91:db:06:ed:91:95:94:d3:d0:0d:70:2c:a6:a6:98:f3:a1:e6:18

Issuing Certificate URL: http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE

Revocation information

OCSP Server: http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE
CRL Distribution Point: ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint

Check the revocation status for certificate *.carema.ch

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for *.carema.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

*.carema.ch
carema.ch

Other certificates including the domain name carema.ch

(limited to 100 certificates)
*.carema.ch
*.carema.ch
carema.ch
*.carema.ch
carema.ch
*.hrm-systems.ch
*.test.carema.ch
*.carema.ch
*.carema.ch
*.carema.ch
www.carema.ch
*.carema.ch
www.carema.ch

Certificate

The complete raw certificate details for *.carema.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIODCCByCgAwIBAgIUH3/2bEfhDcyEBZp93c5MoSGPx0AwDQYJKoZIhvcNAQEL
BQAwUjELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEsMCoGA1UE
AxMjU3dpc3NTaWduIFNlcnZlciBHb2xkIENBIDIwMTQgLSBHMjIwHhcNMTkwOTIw
MTMwNDU4WhcNMjEwNDIwMTMwNDU4WjB6MQswCQYDVQQGEwJDSDEPMA0GA1UECBMG
WnVyaWNoMRMwEQYDVQQHEwpXaW50ZXJ0aHVyMRcwFQYDVQQKEw5IUk0gU3lzdGVt
cyBBRzEWMBQGA1UECxMNSVQgT3BlcmF0aW9uczEUMBIGA1UEAwwLKi5jYXJlbWEu
Y2gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb5QJd+1BoxJBuu/NK
wJNGwoK0WHZyrRCG/REHjqZcqdsWhTORWp6x3F0Zkw4za5UzVFDeQJ5f/2sSfFsG
ZXb3ZCUdfn/qXRcJHHS0R1ownc/ikZ63zKBJmUBBFl8HRxll4xYSPbdyyl5cdcIm
jNtQYD/v8A5r0sLpc2H5rpRnxX05VONLRU31Qj54Y03EZEuUmGhgPACSEtaVNMqz
9axCMxWd83Cmd7pQyT4YwMjbL10fxOKySKTjCS7eLatU6BWP2LWslHcoVpIqO6UN
xy9Nf/o4IkbwmUhTwVpYXKCka6KheHl+5myqS97DabFTWd5LlPZmQyndU3Z2EMuY
FQvRAgMBAAGjggTcMIIE2DAhBgNVHREEGjAYggsqLmNhcmVtYS5jaIIJY2FyZW1h
LmNoMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwHQYDVR0OBBYEFB6HqoL0Jr1WtuoqMxNjkU/Z09YrMB8GA1UdIwQYMBaAFOfx
5/0uU60R5YEaV6RzjxJ9mMiuMIH/BgNVHR8EgfcwgfQwR6BFoEOGQWh0dHA6Ly9j
cmwuc3dpc3NzaWduLm5ldC9FN0YxRTdGRDJFNTNBRDExRTU4MTFBNTdBNDczOEYx
MjdEOThDOEFFMIGooIGloIGihoGfbGRhcDovL2RpcmVjdG9yeS5zd2lzc3NpZ24u
bmV0L0NOPUU3RjFFN0ZEMkU1M0FEMTFFNTgxMUE1N0E0NzM4RjEyN0Q5OEM4QUUl
MkNPPVN3aXNzU2lnbiUyQ0M9Q0g/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9i
YXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MHMGA1UdIARsMGow
VAYJYIV0AVkBAgELMEcwRQYIKwYBBQUHAgEWOWh0dHA6Ly9yZXBvc2l0b3J5LnN3
aXNzc2lnbi5jb20vU3dpc3NTaWduLUdvbGQtQ1AtQ1BTLnBkZjAIBgYEAI96AQcw
CAYGZ4EMAQICMIHVBggrBgEFBQcBAQSByDCBxTBkBggrBgEFBQcwAoZYaHR0cDov
L3N3aXNzc2lnbi5uZXQvY2dpLWJpbi9hdXRob3JpdHkvZG93bmxvYWQvRTdGMUU3
RkQyRTUzQUQxMUU1ODExQTU3QTQ3MzhGMTI3RDk4QzhBRTBdBggrBgEFBQcwAYZR
aHR0cDovL2dvbGQtc2VydmVyLWcyLm9jc3Auc3dpc3NzaWduLm5ldC9FN0YxRTdG
RDJFNTNBRDExRTU4MTFBNTdBNDczOEYxMjdEOThDOEFFMIIB8wYKKwYBBAHWeQIE
AgSCAeMEggHfAd0AdQBElGUusO7Or8RAB9io/ijA2uaCvtjLMbU/0zOWtbaBqAAA
AW1Oxpi6AAAEAwBGMEQCIAmfupL2i4cFVUN8xpHHY8byQHF8vnxtYISyVH2jf0dR
AiAwwIX7y8JWFynog5p24Pa99iMUPtI9Zgk5lDgleAlHqwB1AG9Tdqwx8DEZ2JkA
pFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABbU7GmaEAAAQDAEYwRAIgH9akwc4bXLiB
hutl+FUQxGF3yrCUavqBVEzNWaW9DbkCIFr/OVusGjGYFim27otPNyaqlcAqWUpj
azOeBDq/fjOPAHYAu9nfvB+KcbWTlCOXqpJ7RzhXlQqrUugakJZkNo4e0YUAAAFt
TsaZowAABAMARzBFAiAYgoniAM3xq0u/WkYWzR6/nYqOoKskCaym2Y0OHiMUegIh
AObgVtSa4lHHAlbotddjHhSupggaE5wHYQVV62Wm0/OuAHUA7ku9t3XOYLrhQmkf
q+GeZqMPfl+wctiDAMR7iXqo/csAAAFtTsaXwAAABAMARjBEAiBThQ5k3CqBWLZ+
5BEg5jXsY5Yf91TuIzQcIZIBQxs8MwIgZfC53fitRnbSSpuSl056hkQBRR0PASEw
s/gsEwC2kUswDQYJKoZIhvcNAQELBQADggEBABrzhspQw3+mLtg9YftY6PFMlEN5
k9bBJZ3rtXbTZskm08eKUUbaS//9G3eV0rOcBm1Ho89C7GXxR587e6Xh5SRoFGhH
WqbJigHQjda7b6uKyWGDhKejKBRWvzWr7p8zjRtdRHXrbazgMHB8wKABX5kadlNU
XO/ki9HHVfuvHRAl9cmoFWfDEnGt4j1bqRilaQIezQeH0q0X8k9LOQBqi+hkyUtc
WPHz1DpaiYO8zikRWwI76gE+2hhdwz2eBX0kOFrZBPHOYu6BWjXkGMHpDlApLddc
uklYInNGRFSW9O+T89ayTt469fosB21G/XwM+K/9ARdZWeWhVdx549/xuyc=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2+UCXftQaMSQbrvzSsCT
RsKCtFh2cq0Qhv0RB46mXKnbFoUzkVqesdxdGZMOM2uVM1RQ3kCeX/9rEnxbBmV2
92QlHX5/6l0XCRx0tEdaMJ3P4pGet8ygSZlAQRZfB0cZZeMWEj23cspeXHXCJozb
UGA/7/AOa9LC6XNh+a6UZ8V9OVTjS0VN9UI+eGNNxGRLlJhoYDwAkhLWlTTKs/Ws
QjMVnfNwpne6UMk+GMDI2y9dH8Tiskik4wku3i2rVOgVj9i1rJR3KFaSKjulDccv
TX/6OCJG8JlIU8FaWFygpGuioXh5fuZsqkvew2mxU1neS5T2ZkMp3VN2dhDLmBUL
0QIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 179832375004130989240859779022108797578905634624
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign Server Gold CA 2014 - G22'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-20 13:04:58 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-04-20 13:04:58 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Zurich'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Winterthur'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'HRM Systems AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IT Operations'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String '*.carema.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 27759117455948209884382313574488692005530001368394313497766970519910155288891405582440394256374097128338371033642766109695544800602722911786992603086268723033483783929515534267229257329666514003616756378997595737145101486154639194666434855352451109472278625255979292458251021733453716084626426434156715124860750842557408564659531956145233003603541503550414433635742687444309765112246785488147117695581603166630251334178932208543083637711940078927058159357307650368039272678083137907260523112488799112608229615277763396044148551779036381018792184847117732766313759318930934652216084399280832702068189746913626387975121
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (26 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String '*.carema.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'carema.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							1e87aa82f426bd56b6ea2a331363914fd9d3d62b
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName e7f1e7fd2e53ad11e5811a57a4738f127d98c8ae
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://directory.swisssign.net/CN=E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (108 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.1.2.1.11
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://repository.swisssign.com/SwissSign-Gold-CP-CPS.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.7
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (200 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://swisssign.net/cgi-bin/authority/download/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://gold-server-g2.ocsp.swisssign.net/E7F1E7FD2E53AD11E5811A57A4738F127D98C8AE'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (483 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (479 bytes)
							01dd0075004494652eb0eeceafc44007d8a8fe28c0dae682bed8cb31b53fd33396b5b681a80000016d4ec698ba00000403004630440220099fba92f68b870555437cc691c763c6f240717cbe7c6d6084b2547da37f4751022030c085fbcbc2561729e8839a76e0f6bdf623143ed23d660939943825780947ab0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d9130000016d4ec699a1000004030046304402201fd6a4c1ce1b5cb88186eb65f85510c46177cab0946afa81544ccd59a5bd0db902205aff395bac1a31981629b6ee8b4f3726aa95c02a594a636b339e043abf7e338f007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed1850000016d4ec699a300000403004730450220188289e200cdf1ab4bbf5a4616cd1ebf9d8a8ea0ab2409aca6d98d0e1e23147a022100e6e056d49ae251c70256e8b5d7631e14aea6081a139c07610555eb65a6d3f3ae007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb0000016d4ec697c00000040300463044022053850e64dc2a8158b67ee41120e635ec63961ff754ee23341c219201431b3c33022065f0b9ddf8ad4676d24a9b92974e7a864401451d0f012130b3f82c1300b6914b
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		001af386ca50c37fa62ed83d61fb58e8f14c94437993d6c1259debb576d366c926d3c78a5146da4bfffd1b7795d2b39c066d47a3cf42ec65f1479f3b7ba5e1e524681468475aa6c98a01d08dd6bb6fab8ac9618384a7a3281456bf35abee9f338d1b5d4475eb6dace030707cc0a0015f991a7653545cefe48bd1c755fbaf1d1025f5c9a81567c31271ade23d5ba918a569021ecd0787d2ad17f24f4b39006a8be864c94b5c58f1f3d43a5a8983bcce29115b023bea013eda185dc33d9e057d24385ad904f1ce62ee815a35e418c1e90e50292dd75cba4958227346445496f4ef93f3d6b24ede3af5fa2c076d46fd7c0cf8affd01175959e5a155dc79e3dff1bb27