cl.tst.hvaweb.formist.nl

- Stichting Hogeschool van Amsterdam -

Issued by GEANT OV RSA CA 4

About this certificate

This digital certificate with serial number c1:78:70:85:dc:d4:f8:46:a6:87:00:da:33:19:c3:3c was issued on by GEANT Vereniging.

With 12 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Stichting Hogeschool van Amsterdam

Organization: Stichting Hogeschool van Amsterdam
State / Province: Noord-Holland
Country: NL

GEANT Vereniging

Organization: GEANT Vereniging
Country: NL

This certificate will expire on

Certificate Details

Serial Number (hex): c1:78:70:85:dc:d4:f8:46:a6:87:00:da:33:19:c3:3c
Serial Number (int): 257166361045078333054716418232585667388
Serial Number lenght: 128 bits, 16 octets

SubjectKeyId: 18:c0:0d:70:6e:8e:fb:85:01:21:eb:59:6a:93:2b:f9:d5:f7:6a:82
AuthorityKeyId: 6f:1d:35:49:10:6c:32:fa:59:a0:9e:bc:8a:e8:1f:95:be:71:7a:0c

Fingerprint (sha1): ea:55:76:bf:91:17:88:e3:62:d9:30:1a:31:2b:d8:d1:56:a9:5a:71
Fingerprint (sha256): a9:42:0d:2a:53:cb:55:e5:78:05:97:0b:88:71:91:b0:9c:59:35:d6:55:88:2a:50:8d:aa:8a:99:d6:7c:08:33

Issuing Certificate URL: http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt

Revocation information

OCSP Server: http://GEANT.ocsp.sectigo.com
CRL Distribution Point: http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl

Check the revocation status for certificate cl.tst.hvaweb.formist.nl

12

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for cl.tst.hvaweb.formist.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA384 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

cl.tst.hvaweb.formist.nl
cms-tst.cms.hva.nl
cms.tst.hvaweb.formist.nl
graphql-tst.cms.hva.nl
graphql.tst.hvaweb.formist.nl
storybook-tst.cms.hva.nl
storybook.tst.hvaweb.formist.nl
test-tst.amsterdamuas.com
test-tst.cms.hva.nl
www-tst.amsterdamuas.com
www-tst.cms.hva.nl
www.tst.hvaweb.formist.nl

Other certificates including the domain name formist.nl

(limited to 100 certificates)
cl.acc.hvaweb.formist.nl
discovery.canvas-acc.awsuva.formist.nl
cl.tst.hvaweb.formist.nl
cl.trn.hvaweb.formist.nl
cl.acc.hvaweb.formist.nl
cl.trn.hvaweb.formist.nl
cl.tst.hvaweb.formist.nl
discovery.canvas-prd.awsuva.formist.nl
cl.tst.hvaweb.formist.nl
cl.acc.hvaweb.formist.nl
discovery.canvas-acc.awsuva.formist.nl
cl.prd.hvaweb.formist.nl
cl.prd.hvaweb.formist.nl
cl.acc.hvaweb.formist.nl

Certificate

The complete raw certificate details for cl.tst.hvaweb.formist.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIkDCCBnigAwIBAgIRAMF4cIXc1PhGpocA2jMZwzwwDQYJKoZIhvcNAQEMBQAw
RDELMAkGA1UEBhMCTkwxGTAXBgNVBAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNV
BAMTEUdFQU5UIE9WIFJTQSBDQSA0MB4XDTIzMTAyNDAwMDAwMFoXDTI0MTAyMzIz
NTk1OVowdTELMAkGA1UEBhMCTkwxFjAUBgNVBAgTDU5vb3JkLUhvbGxhbmQxKzAp
BgNVBAoTIlN0aWNodGluZyBIb2dlc2Nob29sIHZhbiBBbXN0ZXJkYW0xITAfBgNV
BAMTGGNsLnRzdC5odmF3ZWIuZm9ybWlzdC5ubDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAO+bY2jPyR9L8fX72u6T/f9/n8qRzg2MSDksEofxb4as+gsD
aM67Y00ra+XXqaRoVaaYEOCbDetDnIsqXvs++0Tef3udLrX6VBNum1GNMCxmge8a
Z/JkJHAeocYP68JstO2e55O3PQmc5OD77iozDVNXcPSZ0hqRtzpItKg5EbaOHL5l
35aQG2hGtztRs+cBkS7CIlFW1yhCnDm3ZkLBGp0qsNLx/D+NZG1jyRjq3CGOlPBp
VNM1QQR0pm0ZH75vH0z8c0OS3vVb4LZ8mIYQkZ+lUTqD/M7GXOqCIO9YKYN6/if5
auO8wt3SpVYR/WzyTrlsW78VBRY7YvQ+WLIRiwUCAwEAAaOCBEowggRGMB8GA1Ud
IwQYMBaAFG8dNUkQbDL6WaCevIroH5W+cXoMMB0GA1UdDgQWBBQYwA1wbo77hQEh
61lqkyv51fdqgjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQIC
TzAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwB
AgIwPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDovL0dFQU5ULmNybC5zZWN0aWdvLmNv
bS9HRUFOVE9WUlNBQ0E0LmNybDB1BggrBgEFBQcBAQRpMGcwOgYIKwYBBQUHMAKG
Lmh0dHA6Ly9HRUFOVC5jcnQuc2VjdGlnby5jb20vR0VBTlRPVlJTQUNBNC5jcnQw
KQYIKwYBBQUHMAGGHWh0dHA6Ly9HRUFOVC5vY3NwLnNlY3RpZ28uY29tMIIBfQYK
KwYBBAHWeQIEAgSCAW0EggFpAWcAdgB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIK
n+ZnTFo6dAAAAYthqp3NAAAEAwBHMEUCIAxFzP+7yBCA3T4KIPMEOuWyCSj3cpLS
4ZeLa+SIIzJqAiEAqKvRZjwHThzCCXDcbNsX43PTfCpc/yeKaut7an9KfXkAdgDa
tr9rP7W2Ip+bwrtca+hwkXFsu1GEhTS9pD0wSNf7qwAAAYthqp4oAAAEAwBHMEUC
IQCWfgmQ8puzbsRZgcZJofFg8pHU3I5RLM00oJ0rGophGgIgVdgm0DmFP+UR+p2O
mHzTh/OcGe+Ef/w2XE/rZE/erPQAdQDuzdBk1dsazsVct520zROiModGfLzs3sNR
SFlGcR+1mwAAAYthqp31AAAEAwBGMEQCIGjyScTJVJnGDG29tANu67rdL2W8eKUm
V1ibQuBtKBiQAiBZZ5j8et2JNR9pHUM3LfWQYQrh46DM4giufvbUOfcHszCCAUEG
A1UdEQSCATgwggE0ghhjbC50c3QuaHZhd2ViLmZvcm1pc3QubmyCEmNtcy10c3Qu
Y21zLmh2YS5ubIIZY21zLnRzdC5odmF3ZWIuZm9ybWlzdC5ubIIWZ3JhcGhxbC10
c3QuY21zLmh2YS5ubIIdZ3JhcGhxbC50c3QuaHZhd2ViLmZvcm1pc3QubmyCGHN0
b3J5Ym9vay10c3QuY21zLmh2YS5ubIIfc3Rvcnlib29rLnRzdC5odmF3ZWIuZm9y
bWlzdC5ubIIZdGVzdC10c3QuYW1zdGVyZGFtdWFzLmNvbYITdGVzdC10c3QuY21z
Lmh2YS5ubIIYd3d3LXRzdC5hbXN0ZXJkYW11YXMuY29tghJ3d3ctdHN0LmNtcy5o
dmEubmyCGXd3dy50c3QuaHZhd2ViLmZvcm1pc3QubmwwDQYJKoZIhvcNAQEMBQAD
ggIBAEwrN6h+8RBQ5V4qRjoqijV1vIFOnqiKPLd6vhifmuc/w5COMzvUzlKzIASV
lM0Eckj+kGQH0sjpWSfa2e8MpAInbTrU9ukTiMzyVt2DiHeeqCfxUcOtxqfPrKS6
5qmWDea7bIR5E6UBDKYzx6EreRMQWwi9B9NlBrEkrN2SlXJ4J7mSbEyHA/IFoeiP
6cAraABPpaaKFGw2QvfyNK3NI9Q86J6KMS+by8Hy0LIMJrkUQkamLK3F+QCwHL2S
ZFGkVy8ItUSjJEq8t9DZq+X3lK3881wsbWMEQkh+m00z3zC7rB0ig6SHcg7STyCi
7saB4o7CWZdzYadFfIoSDNTkIiRHlX6jChxiphb3NqeZF9D9JadrTUb4LCYtf3g1
wntteISP0zn+b6kOYFelYkR8ryH62L0C3+edX5ByFrLA8GoVf/PGhYU1YCxHA+LO
EJLrzjo/UL1OgSJ7o0IoFoEt+p7o/ezYz0p5uYbKMDhFYx7InN73ddaavO/zdN7E
Grh9mLyGlByDT7GgKkL/1Mh7JskHcXGrx+Y3HMYKpnQelmL+fCB+FlnyVmHxzRWx
fbXz+sugUWbG+ReoL6T1jnyZxaIHQeQ9MIXbtd4dPRq9AO0yxk3EB1279ReoI0sT
Ddqte0WGCmhfBoDUCXNSPxaZGVlOavTXzXhprgUxG3qcitux
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75tjaM/JH0vx9fva7pP9
/3+fypHODYxIOSwSh/Fvhqz6CwNozrtjTStr5deppGhVppgQ4JsN60Ociype+z77
RN5/e50utfpUE26bUY0wLGaB7xpn8mQkcB6hxg/rwmy07Z7nk7c9CZzk4PvuKjMN
U1dw9JnSGpG3Oki0qDkRto4cvmXflpAbaEa3O1Gz5wGRLsIiUVbXKEKcObdmQsEa
nSqw0vH8P41kbWPJGOrcIY6U8GlU0zVBBHSmbRkfvm8fTPxzQ5Le9VvgtnyYhhCR
n6VROoP8zsZc6oIg71gpg3r+J/lq47zC3dKlVhH9bPJOuWxbvxUFFjti9D5YshGL
BQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 257166361045078333054716418232585667388
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT Vereniging'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT OV RSA CA 4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-10-24 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-10-23 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Noord-Holland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Stichting Hogeschool van Amsterdam'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'cl.tst.hvaweb.formist.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 30247579722364725804141848280121307350345242194010152625318375016788492052625394509632852239808510892770850265518894011280390224805641157296923677056978600564958171250559599708459325826802277153512337699823010857751841748343378154684694249712091950878672209267412340095771800267314817734207741167002281090406722011420293571154130671174137333697374354361706697107104018833868458144037830712377626967170371254321479396795192000315267361585232499574448218439129570892822303047248679019684708572804580739041027441149442631003194674657905224051820692713047671210904074719683924027001485066949349507456166774872007328762629
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f1d3549106c32fa59a09ebc8ae81f95be717a0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							18c00d706e8efb850121eb596a932bf9d5f76a82
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.79
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							016700760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018b61aa9dcd000004030047304502200c45ccffbbc81080dd3e0a20f3043ae5b20928f77292d2e1978b6be48823326a022100a8abd1663c074e1cc20970dc6cdb17e373d37c2a5cff278a6aeb7b6a7f4a7d79007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018b61aa9e280000040300473045022100967e0990f29bb36ec45981c649a1f160f291d4dc8e512ccd34a09d2b1a8a611a022055d826d039853fe511fa9d8e987cd387f39c19ef847ffc365c4feb644fdeacf4007500eecdd064d5db1acec55cb79db4cd13a23287467cbcecdec351485946711fb59b0000018b61aa9df50000040300463044022068f249c4c95499c60c6dbdb4036eebbadd2f65bc78a52657589b42e06d2818900220596798fc7add89351f691d43372df590610ae1e3a0cce208ae7ef6d439f707b3
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (312 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cl.tst.hvaweb.formist.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms-tst.cms.hva.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'cms.tst.hvaweb.formist.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'graphql-tst.cms.hva.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'graphql.tst.hvaweb.formist.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'storybook-tst.cms.hva.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'storybook.tst.hvaweb.formist.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test-tst.amsterdamuas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'test-tst.cms.hva.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-tst.amsterdamuas.com'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www-tst.cms.hva.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.tst.hvaweb.formist.nl'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12 (sha384WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		004c2b37a87ef11050e55e2a463a2a8a3575bc814e9ea88a3cb77abe189f9ae73fc3908e333bd4ce52b320049594cd047248fe906407d2c8e95927dad9ef0ca402276d3ad4f6e91388ccf256dd8388779ea827f151c3adc6a7cfaca4bae6a9960de6bb6c847913a5010ca633c7a12b7913105b08bd07d36506b124acdd9295727827b9926c4c8703f205a1e88fe9c02b68004fa5a68a146c3642f7f234adcd23d43ce89e8a312f9bcbc1f2d0b20c26b9144246a62cadc5f900b01cbd926451a4572f08b544a3244abcb7d0d9abe5f794adfcf35c2c6d630442487e9b4d33df30bbac1d2283a487720ed24f20a2eec681e28ec259977361a7457c8a120cd4e4222447957ea30a1c62a616f736a79917d0fd25a76b4d46f82c262d7f7835c27b6d78848fd339fe6fa90e6057a562447caf21fad8bd02dfe79d5f907216b2c0f06a157ff3c6858535602c4703e2ce1092ebce3a3f50bd4e81227ba3422816812dfa9ee8fdecd8cf4a79b986ca303845631ec89cdef775d69abceff374dec41ab87d98bc86941c834fb1a02a42ffd4c87b26c9077171abc7e6371cc60aa6741e9662fe7c207e1659f25661f1cd15b17db5f3facba05166c6f917a82fa4f58e7c99c5a20741e43d3085dbb5de1d3d1abd00ed32c64dc4075dbbf517a8234b130ddaad7b45860a685f0680d40973523f169919594e6af4d7cd7869ae05311b7a9c8adbb1