data-test.gemnet.irvn.nl

- Modulaire Gemeenschappelijke regeling Rijk van Nijmegen -

Issued by KPN BV PKIoverheid Organisatie Server CA - G3

About this certificate

This digital certificate with serial number 0e:fa:db:72:f8:06:4d:b3:81:89:04:52:a7:44:e0:11:85:e2:d8:57 was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Modulaire Gemeenschappelijke regeling Rijk van Nijmegen

Company registration number: 00000001854380140000
Organization: Modulaire Gemeenschappelijke regeling Rijk van Nijmegen
State / Province: Gelderland
Locality: Nijmegen
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 0e:fa:db:72:f8:06:4d:b3:81:89:04:52:a7:44:e0:11:85:e2:d8:57
Serial Number (int): 85520173803656566308928515512277195452540180567
Serial Number lenght: 156 bits, 20 octets

SubjectKeyId: f3:cd:35:e3:8d:75:26:59:7f:b1:00:8f:a1:a9:61:66:90:2b:25:04
AuthorityKeyId: c3:9a:a6:7b:5e:74:2b:82:b6:c6:72:fd:74:4e:85:d2:97:cd:fd:18

Fingerprint (sha1): b7:24:26:0f:6c:f9:a6:dc:10:9f:4a:2c:c7:50:ea:24:2b:24:b8:be
Fingerprint (sha256): a6:92:e7:03:bd:64:fd:62:4d:01:b0:4f:b4:16:85:ad:c1:97:88:98:f6:cf:29:f3:a4:c6:5b:a0:41:bd:4e:77

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3-2019.cer

Revocation information

OCSP Server: http://g3ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl

Check the revocation status for certificate data-test.gemnet.irvn.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for data-test.gemnet.irvn.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

data-test.gemnet.irvn.nl

Other certificates including the domain name irvn.nl

(limited to 100 certificates)
irvn.nl
zaaksysteem.data.irvn.nl
data.irvn.nl
govroam.irvn.nl
ftp.ggi.irvn.nl
ciscocloud.irvn.nl
eva.data.irvn.nl
irvn.nl
xs.irvn.nl
zsh.irvn.nl
djuma.data.irvn.nl
dg.irvn.nl
xs.irvn.nl
services.irvn.nl
dg.irvn.nl
mfa.irvn.nl
xs.irvn.nl
ftp.ggi.irvn.nl
support.irvn.nl
oc.irvn.nl
oc.irvn.nl
sts.irvn.nl
wizportaal.data.irvn.nl
webapps.irvn.nl
mfa.irvn.nl
autodiscover.irvn.nl
autodiscover.irvn.nl
samen.irvn.nl
login.irvn.nl
portal.irvn.nl
samen.irvn.nl
ciscocloud.irvn.nl
sts.irvn.nl
logon.irvn.nl
autodiscover.irvn.nl
wachtwoord.irvn.nl
irvn.nl
mfa.irvn.nl
govroam.irvn.nl
data.gemnet.irvn.nl
wizportaal.data.irvn.nl
portal.irvn.nl
ftp.irvn.nl
zaaksysteem.data.irvn.nl
govroam.irvn.nl
djuma.data.irvn.nl
micollab.irvn.nl
xs.irvn.nl
dg.irvn.nl
data-test.gemnet.irvn.nl
irvn.nl
autodiscover.irvn.nl
login.irvn.nl
eva.data.irvn.nl
dgtest.irvn.nl
wachtwoord.irvn.nl
autodiscover.irvn.nl
xs.irvn.nl
samen.irvn.nl
services.irvn.nl
logon.irvn.nl
xs.irvn.nl
webmail.irvn.nl
data-test.irvn.nl
ftp.irvn.nl
dgtest.irvn.nl
myprint.irvn.nl
xs.irvn.nl

Certificate

The complete raw certificate details for data-test.gemnet.irvn.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHJjCCBQ6gAwIBAgIUDvrbcvgGTbOBiQRSp0TgEYXi2FcwDQYJKoZIhvcNAQEL
BQAwcTELMAkGA1UEBhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMRcwFQYDVQRhDA5O
VFJOTC0yNzEyNDcwMTE2MDQGA1UEAwwtS1BOIEJWIFBLSW92ZXJoZWlkIE9yZ2Fu
aXNhdGllIFNlcnZlciBDQSAtIEczMB4XDTE5MDkxNjA4MjAwMloXDTIxMDkxNTA4
MjAwMlowgbkxCzAJBgNVBAYTAk5MMRMwEQYDVQQIDApHZWxkZXJsYW5kMREwDwYD
VQQHDAhOaWptZWdlbjFAMD4GA1UECgw3TW9kdWxhaXJlIEdlbWVlbnNjaGFwcGVs
aWprZSByZWdlbGluZyBSaWprIHZhbiBOaWptZWdlbjEdMBsGA1UEBRMUMDAwMDAw
MDE4NTQzODAxNDAwMDAxITAfBgNVBAMMGGRhdGEtdGVzdC5nZW1uZXQuaXJ2bi5u
bDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLRbBtA2k1bG4ulMgCS
MBfxWqdqeiljH3sT5bQkQnJ++suVJ1Ek3gh5ygH8TJ633iSCS5h3zBD/gqKBzkmZ
1BfV2jXHsBuhKh8mAem+zI2qxs9iGxuKV9Ajq0ow+SehfEqM08wYXoSPEdwozF+d
R6+Rz0vCjXsZCTbaYvMxMgIIFcSMvzpKC5dWSb355LEZ8Us0r2nx3F8+f7dR/Qup
qz9NfGbOSQXLh2ySNoy9ddGkN/YYykVbP78ejKxLBESewpziEXYLtmk4pPWuLHL1
nPUgU1dSLIjXCBuba7Aq4sWyvBvjYURogyMD3so5lUwZmrKnmUyc2bF9Jh6rT7n4
I30CAwEAAaOCAmswggJnMIGZBggrBgEFBQcBAQSBjDCBiTBdBggrBgEFBQcwAoZR
aHR0cDovL2NlcnQubWFuYWdlZHBraS5jb20vQ0FjZXJ0cy9LUE5CVlBLSW92ZXJo
ZWlkT3JnYW5pc2F0aWVTZXJ2ZXJDQUczLTIwMTkuY2VyMCgGCCsGAQUFBzABhhxo
dHRwOi8vZzNvY3NwLm1hbmFnZWRwa2kuY29tMB0GA1UdDgQWBBTzzTXjjXUmWX+x
AI+hqWFmkCslBDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFMOapntedCuCtsZy
/XROhdKXzf0YMIGxBgNVHSAEgakwgaYwgZkGCmCEEAGHawECBQYwgYowNwYIKwYB
BQUHAgEWK2h0dHBzOi8vY2VydGlmaWNhYXQua3BuLmNvbS9wa2lvdmVyaGVpZC9j
cHMwTwYIKwYBBQUHAgIwQwxBT3AgZGl0IGNlcnRpZmljYWF0IGlzIGhldCBDUFMg
UEtJb3ZlcmhlaWQgdmFuIEtQTiB2YW4gdG9lcGFzc2luZy4wCAYGZ4EMAQICMF4G
A1UdHwRXMFUwU6BRoE+GTWh0dHA6Ly9jcmwubWFuYWdlZHBraS5jb20vS1BOQlZQ
S0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy9MYXRlc3RDUkwuY3JsMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwIwYD
VR0RBBwwGoIYZGF0YS10ZXN0LmdlbW5ldC5pcnZuLm5sMBMGCisGAQQB1nkCBAMB
Af8EAgUAMA0GCSqGSIb3DQEBCwUAA4ICAQBW1o+VSMaIUi0pRMzv2IK9p6YiHbgn
e3PB4fUVmgcqShkuPV3YvVW6jJnFLV9yjZU7VzHSrqevr18zbzaMvacxh2ea/WDp
mW55ip/hNhybnsv22Olz8kjyZu/rcKQ7n9XJQ5EJ7NX9vBNFGcoRtsHTwGHLEKIu
YKfSmJVVnsjKoWBY/6xGTsLXB3kPWV96igUqo0UV+/a3IonqUaIYeK2LyjVonjGC
hHA13AAzVnHqJ6fDyFKSaPTtFhNC6Qdk9hAIF5NvKD0jMrzv7HZE73VnWKIrcQVT
souLpAqol0g0EJBXWkee99vM1xLexoL6TjpucweeKSFyAIFA6qHWXrGtHLWLl0aO
m8SaXWp6vzFnSRRIpccSwFkCRT1vBXbEciCyiyBuU2zo5XC+lIKNqovjyKUpDAU7
amJPEfXjp4w6VyVMtB9KhJvWPTZfXDEwH0rsxnf1k7AJE45wLYiWPZjxgYZY8t+I
wReOsomx7GCncwN2OTaAyXp6PqNIpyNs1NFK5rtWVKWape1rhgxBxi6AZVDSuofw
1liYGemELgGnekU7Zf6dIaAAZaXJ2DiowTvx9SyLnAEApcLSgzpzqdf+mGZQ76vy
L8vgfVBk2IcOI8WCPKnl/7x/nSCBDS2281YmmUimtEhMl66lJQUFmaJz/h+hrSpI
0b7T5iJbisTxvw==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstFsG0DaTVsbi6UyAJIw
F/Fap2p6KWMfexPltCRCcn76y5UnUSTeCHnKAfxMnrfeJIJLmHfMEP+CooHOSZnU
F9XaNcewG6EqHyYB6b7MjarGz2IbG4pX0COrSjD5J6F8SozTzBhehI8R3CjMX51H
r5HPS8KNexkJNtpi8zEyAggVxIy/OkoLl1ZJvfnksRnxSzSvafHcXz5/t1H9C6mr
P018Zs5JBcuHbJI2jL110aQ39hjKRVs/vx6MrEsERJ7CnOIRdgu2aTik9a4scvWc
9SBTV1IsiNcIG5trsCrixbK8G+NhRGiDIwPeyjmVTBmasqeZTJzZsX0mHqtPufgj
fQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 85520173803656566308928515512277195452540180567
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.97
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'NTRNL-27124701'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN BV PKIoverheid Organisatie Server CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2019-09-16 08:20:02 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-09-15 08:20:02 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gelderland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Nijmegen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Modulaire Gemeenschappelijke regeling Rijk van Nijmegen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000001854380140000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'data-test.gemnet.irvn.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 22573688264502849237774098015066006560568192861563529831208395804756717202611171262003460373691578251685932757231111848606339854976670219578768969189968483048993136084285066898851182057054856755338610903943647973782944380209361366480641018022301380662548926854191480863172058534045772910589410808916364948915150566096406985235285419889797618206326129264780162014575804320050485901672203616486929257605319355440348579352995996352496741415940088978332721301370053269999086395532399742927853871997251597000899535836955318480133297649325326105526659569421169012807344099299159838106037664128151949797093557703990801081213
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (140 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3-2019.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g3ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							f3cd35e38d7526597fb1008fa1a96166902b2504
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c39aa67b5e742b82b6c672fd744e85d297cdfd18
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (28 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'data-test.gemnet.irvn.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0056d68f9548c688522d2944ccefd882bda7a6221db8277b73c1e1f5159a072a4a192e3d5dd8bd55ba8c99c52d5f728d953b5731d2aea7afaf5f336f368cbda73187679afd60e9996e798a9fe1361c9b9ecbf6d8e973f248f266efeb70a43b9fd5c9439109ecd5fdbc134519ca11b6c1d3c061cb10a22e60a7d29895559ec8caa16058ffac464ec2d707790f595f7a8a052aa34515fbf6b72289ea51a21878ad8bca35689e3182847035dc00335671ea27a7c3c8529268f4ed161342e90764f6100817936f283d2332bcefec7644ef756758a22b710553b28b8ba40aa89748341090575a479ef7dbccd712dec682fa4e3a6e73079e292172008140eaa1d65eb1ad1cb58b97468e9bc49a5d6a7abf3167491448a5c712c05902453d6f0576c47220b28b206e536ce8e570be94828daa8be3c8a5290c053b6a624f11f5e3a78c3a57254cb41f4a849bd63d365f5c31301f4aecc677f593b009138e702d88963d98f1818658f2df88c1178eb289b1ec60a7730376393680c97a7a3ea348a7236cd4d14ae6bb5654a59aa5ed6b860c41c62e806550d2ba87f0d6589819e9842e01a77a453b65fe9d21a00065a5c9d838a8c13bf1f52c8b9c0100a5c2d2833a73a9d7fe986650efabf22fcbe07d5064d8870e23c5823ca9e5ffbc7f9d20810d2db6f356269948a6b4484c97aea525050599a273fe1fa1ad2a48d1bed3e6225b8ac4f1bf