mijn.bronckhorst.nl

- Gemeente Bronckhorst -

Issued by KPN BV PKIoverheid Organisatie Server CA - G3

About this certificate

This digital certificate with serial number 61:1b:eb:7e:27:1d:0f:07 was issued on by KPN B.V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Gemeente Bronckhorst

Company registration number: 00000001813647290000
Organization: Gemeente Bronckhorst
Organization unit: Gegevensbeheer
State / Province: Gelderland
Locality: Hengelo
Country: NL

KPN B.V.

Organization: KPN B.V.
Country: NL

This certificate has expire since

Certificate Details

Serial Number (hex): 61:1b:eb:7e:27:1d:0f:07
Serial Number (int): 6997445373104819975
Serial Number lenght: 63 bits, 8 octets

SubjectKeyId: d9:08:16:80:23:92:0b:61:08:d2:69:76:ed:60:5c:1c:ba:1d:1f:df
AuthorityKeyId: c3:9a:a6:7b:5e:74:2b:82:b6:c6:72:fd:74:4e:85:d2:97:cd:fd:18

Fingerprint (sha1): 2a:97:06:46:c0:63:d5:6f:98:d2:ad:a2:26:5c:30:47:0d:24:bc:cb
Fingerprint (sha256): aa:74:01:27:75:40:ca:09:b5:63:1c:70:a8:ab:00:be:ee:1a:15:52:93:6e:ee:fc:73:19:bc:9e:96:98:86:d0

Issuing Certificate URL: http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer

Revocation information

OCSP Server: http://g3ocsp.managedpki.com
CRL Distribution Point: http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl

Check the revocation status for certificate mijn.bronckhorst.nl

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for mijn.bronckhorst.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

mijn.bronckhorst.nl

Other certificates including the domain name bronckhorst.nl

(limited to 100 certificates)
meldingen.bronckhorst.nl
*.bronckhorst.nl
extranet.bronckhorst.nl
digikoppeling.bronckhorst.nl
duo.bronckhorst.nl
exchange.bronckhorst.nl
simsite.bronckhorst.nl
exchange.bronckhorst.nl
bronckhorst.nl
mijn.bronckhorst.nl
duo.bronckhorst.nl
mijninkomen.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
sync.bronckhorst.nl
extranet.bronckhorst.nl
intranet.bronckhorst.nl
mohis.bronckhorst.nl
certdurp.bronckhorst.nl
intranet.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
thuiswerken2.bronckhorst.nl
personeelshandboek.bronckhorst.nl
bronckhorst.nl
iparticipatie.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
brk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
secure.bronckhorst.nl
mijn.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
duo.bronckhorst.nl
felix.bronckhorst.nl
simsite.bronckhorst.nl
personeelshandboek.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
webmail.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
waarmerk.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enserinck.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
afspraken.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
intranet.bronckhorst.nl
gbav.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
begraafplaatsreservering.bronckhorst.nl
test-ipa.bronckhorst.nl
intranet.bronckhorst.nl
ibzpink.bronckhorst.nl
intranet.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
exchange.bronckhorst.nl
wkpb.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
extranet.bronckhorst.nl
secure.bronckhorst.nl
waarmerk.bronckhorst.nl
kennisbank.bronckhorst.nl
vrijwilligerswerk.bronckhorst.nl
*.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
digikoppeling.bronckhorst.nl
g-rooster.bronckhorst.nl
extranet.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
mijn.bronckhorst.nl
simsite.bronckhorst.nl
enterpriseenrollment.bronckhorst.nl
simsite.bronckhorst.nl
intranet.bronckhorst.nl
cloudadapter.bronckhorst.nl
www.bronckhorst.nl
exchange.bronckhorst.nl
afspraken.bronckhorst.nl
izaaksuite.bronckhorst.nl
simcms.bronckhorst.nl
wkpb.bronckhorst.nl
www.bronckhorst.nl
mdm-sentry.bronckhorst.nl
test-mijninkomen.bronckhorst.nl
thuiswerken.bronckhorst.nl
mijninkomen.bronckhorst.nl
www.bronckhorst.nl
bronckhorst.nl
www.bronckhorst.nl

Certificate

The complete raw certificate details for mijn.bronckhorst.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIII4zCCBsugAwIBAgIIYRvrficdDwcwDQYJKoZIhvcNAQELBQAwcTELMAkGA1UE
BhMCTkwxETAPBgNVBAoMCEtQTiBCLlYuMRcwFQYDVQRhDA5OVFJOTC0yNzEyNDcw
MTE2MDQGA1UEAwwtS1BOIEJWIFBLSW92ZXJoZWlkIE9yZ2FuaXNhdGllIFNlcnZl
ciBDQSAtIEczMB4XDTE4MDYwODExMzAwMloXDTIwMDYwNzExMzAwMlowgakxCzAJ
BgNVBAYTAk5MMRMwEQYDVQQIDApHZWxkZXJsYW5kMRAwDgYDVQQHDAdIZW5nZWxv
MR0wGwYDVQQKDBRHZW1lZW50ZSBCcm9uY2tob3JzdDEXMBUGA1UECwwOR2VnZXZl
bnNiZWhlZXIxHTAbBgNVBAUTFDAwMDAwMDAxODEzNjQ3MjkwMDAwMRwwGgYDVQQD
DBNtaWpuLmJyb25ja2hvcnN0Lm5sMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAq7kf+qX4mB/ih0PFUZ62sfzpXzg8VBmbFOMkIo88dZD+H9oTN4x8zHSA
VZ07RLZPLIjA3h6SgylMZTY+Q22lP7x3SPvdbBo/ZgjwSr8/jnKbOD58tDHria3K
YhDWqlFTSwjwNZY3jzQ1WJgCG6/h5hG+QOIOcZAWuk29NFpiS715HCZf48Yi7i0T
ZC9lf2PD70V8mXL22g/rq6x7hONZKWE7BaMWTsGRqboBSz58DTqNlIEfZa9kwsGR
bKHSPPo00umdPmgZxi3BE5iA0unt55U7yu7LJLshE0jjZpDVH3VKGFupToG3KF+Z
5PkLhLIm2VNiOsPe3Z+2fq0ZIRYuoQIDAQABo4IERDCCBEAwgZQGCCsGAQUFBwEB
BIGHMIGEMFgGCCsGAQUFBzAChkxodHRwOi8vY2VydC5tYW5hZ2VkcGtpLmNvbS9D
QWNlcnRzL0tQTkJWUEtJb3ZlcmhlaWRPcmdhbmlzYXRpZVNlcnZlckNBRzMuY2Vy
MCgGCCsGAQUFBzABhhxodHRwOi8vZzNvY3NwLm1hbmFnZWRwa2kuY29tMB0GA1Ud
DgQWBBTZCBaAI5ILYQjSaXbtYFwcuh0f3zAMBgNVHRMBAf8EAjAAMB8GA1UdIwQY
MBaAFMOapntedCuCtsZy/XROhdKXzf0YMIGxBgNVHSAEgakwgaYwgZkGCmCEEAGH
awECBQYwgYowNwYIKwYBBQUHAgEWK2h0dHBzOi8vY2VydGlmaWNhYXQua3BuLmNv
bS9wa2lvdmVyaGVpZC9jcHMwTwYIKwYBBQUHAgIwQwxBT3AgZGl0IGNlcnRpZmlj
YWF0IGlzIGhldCBDUFMgUEtJb3ZlcmhlaWQgdmFuIEtQTiB2YW4gdG9lcGFzc2lu
Zy4wCAYGZ4EMAQICMF4GA1UdHwRXMFUwU6BRoE+GTWh0dHA6Ly9jcmwubWFuYWdl
ZHBraS5jb20vS1BOQlZQS0lvdmVyaGVpZE9yZ2FuaXNhdGllU2VydmVyQ0FHMy9M
YXRlc3RDUkwuY3JsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD
AgYIKwYBBQUHAwEwHgYDVR0RBBcwFYITbWlqbi5icm9uY2tob3JzdC5ubDCCAfQG
CisGAQQB1nkCBAIEggHkBIIB4AHeAHUA7ku9t3XOYLrhQmkfq+GeZqMPfl+wctiD
AMR7iXqo/csAAAFj3ykxegAABAMARjBEAiBET3dFagYDd532zFKdZm+lNVS1LWIC
XgtEgWMYt2KwWQIgeNhRUyD+v03ug4Jzh8QQ0QIxHd4qXFHDnKkqH3ODk28AdQBV
gdTCFpA2AUrqC5tXPFPwwOQ4eHAlCBcvo6odBxPTDAAAAWPfKTKBAAAEAwBGMEQC
IAD5Jh46QBJKjkBn1W9iZs7VOqQklnrsyirT83OSBIvWAiAjpgclKc6826jUyLUZ
aQt120e6zCI5Lk2/yF+ZqhXUvAB2AKS5CZC0GFgUh7sTosxncAo8NZgE+RvfuON3
zQ7IDdwQAAABY98pM+IAAAQDAEcwRQIgKNOWh6wUBy5kwWZhV95FdPppqJ9UJWHp
P1zVrhb2zBcCIQCFyyF7f9Y+Lx0ZZYrG4NSeIHZPyfyuBlmVUDMcvKA8hwB2ALvZ
37wfinG1k5Qjl6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABY98pM9QAAAQDAEcwRQIh
AMDFqhWs9DnvN6RRR9uYX8tokNdyWwmed+hZj46wORcjAiBmso0Btzl/Z8Y3Uw80
bjec1XJzxKT9fwHi5spvNlno9DANBgkqhkiG9w0BAQsFAAOCAgEAt9kcXhkDhfJx
PQ/YqC+trQCW8P0sY/5DWUpt2c7GjWUwl4KjG1wEf7Hf8Rh7oug3vnP1I0DwdN48
a5wXDiMJi//Talnb5Dwi0znrbZKgomFOraIjz2d98DIbx1pyVFqALTke8CPt9Jdo
NKLqox8X6exqeWvMEtaWvHnfowbHAuOY2xAb2wdyVD1QZ+RLRaQ+RuITi8YurWAP
ZiQ/gCWhI5TCkhuMpUQOzSQyzQGStW4mRvam0i2kH7cQA4lwxK+ssyd5j0nazRhK
uXXFmvgSHf7KrjGiiB/KDQH8FctQxiJU68lHCLU0SDSa049vpubGGhUVnmj8ubOQ
NISjr0vRG9NOcenn0m6Rh6r7Hw/UQOyWC5vRR/9UPFyoTz3x4q0nLcZIFB+bP18k
3FiD/ant4SB/oUYj8zPRlV0P11Llka6z7QzLtzFYAycQ/Y5aWtbix15oeuwGBXzx
jRNhcx9kbma/t51iVABaVn/SKP6oyB6phactJXaZCXALM+UR9tvmcHtJYObf1BuZ
vuBQcMaPxSopV5im2MDui2iyElvIBPMoxOkdkrmP1J1Hi/8zcBg9LzXmfnN8x64g
i7w2sos+eLXO3KSJVOUi2amTvkb//UMXNlK2t3fMjMlGTgNxp7dmWz8WGQAqDJCi
TumM4bvCH5ytvbDIgFNDq/HnxWU7CG0=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7kf+qX4mB/ih0PFUZ62
sfzpXzg8VBmbFOMkIo88dZD+H9oTN4x8zHSAVZ07RLZPLIjA3h6SgylMZTY+Q22l
P7x3SPvdbBo/ZgjwSr8/jnKbOD58tDHria3KYhDWqlFTSwjwNZY3jzQ1WJgCG6/h
5hG+QOIOcZAWuk29NFpiS715HCZf48Yi7i0TZC9lf2PD70V8mXL22g/rq6x7hONZ
KWE7BaMWTsGRqboBSz58DTqNlIEfZa9kwsGRbKHSPPo00umdPmgZxi3BE5iA0unt
55U7yu7LJLshE0jjZpDVH3VKGFupToG3KF+Z5PkLhLIm2VNiOsPe3Z+2fq0ZIRYu
oQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 6997445373104819975
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN B.V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.97
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'NTRNL-27124701'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'KPN BV PKIoverheid Organisatie Server CA - G3'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2018-06-08 11:30:02 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2020-06-07 11:30:02 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gelderland'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Hengelo'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gemeente Bronckhorst'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Gegevensbeheer'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.5 (serialNumber)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString '00000001813647290000'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'mijn.bronckhorst.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 21678038648798409394364246930162980112085484774507948218046653597561781235263422381122344417023799666589064108322584257196159584060344078474819031541529762100188102235325593340577291145984839794173758094918634943832740967691144657166998851164470470908922553858026546631119967774313392012752103563619199926561361124385753347068623045657486438577834915908947196318859967783034462620232168166539156467741110090449964649683077227095053346074364162120720446443131441063506630446415232823544584682941203366672461026934919961175910523355963475783333152151073855538937995881199713107957425123081303291404442931090042664660641
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (135 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cert.managedpki.com/CAcerts/KPNBVPKIoverheidOrganisatieServerCAG3.cer'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://g3ocsp.managedpki.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							d908168023920b6108d26976ed605c1cba1d1fdf
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName c39aa67b5e742b82b6c672fd744e85d297cdfd18
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (169 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.528.1.1003.1.2.5.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://certificaat.kpn.com/pkioverheid/cps'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.2 (unotice)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Op dit certificaat is het CPS PKIoverheid van KPN van toepassing.'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (87 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.managedpki.com/KPNBVPKIoverheidOrganisatieServerCAG3/LatestCRL.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (23 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'mijn.bronckhorst.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (484 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (480 bytes)
							01de007500ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb00000163df29317a00000403004630440220444f77456a0603779df6cc529d666fa53554b52d62025e0b44816318b762b059022078d8515320febf4dee83827387c410d102311dde2a5c51c39ca92a1f7383936f0075005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000163df2932810000040300463044022000f9261e3a40124a8e4067d56f6266ced53aa424967aecca2ad3f37392048bd6022023a6072529cebcdba8d4c8b519690b75db47bacc22392e4dbfc85f99aa15d4bc007600a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc1000000163df2933e20000040300473045022028d39687ac14072e64c1666157de4574fa69a89f542561e93f5cd5ae16f6cc1702210085cb217b7fd63e2f1d19658ac6e0d49e20764fc9fcae06599550331cbca03c87007600bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed18500000163df2933d40000040300473045022100c0c5aa15acf439ef37a45147db985fcb6890d7725b099e77e8598f8eb0391723022066b28d01b7397f67c637530f346e379cd57273c4a4fd7f01e2e6ca6f3659e8f4
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00b7d91c5e190385f2713d0fd8a82fadad0096f0fd2c63fe43594a6dd9cec68d65309782a31b5c047fb1dff1187ba2e837be73f52340f074de3c6b9c170e23098bffd36a59dbe43c22d339eb6d92a0a2614eada223cf677df0321bc75a72545a802d391ef023edf4976834a2eaa31f17e9ec6a796bcc12d696bc79dfa306c702e398db101bdb0772543d5067e44b45a43e46e2138bc62ead600f66243f8025a12394c2921b8ca5440ecd2432cd0192b56e2646f6a6d22da41fb710038970c4afacb327798f49dacd184ab975c59af8121dfecaae31a2881fca0d01fc15cb50c62254ebc94708b53448349ad38f6fa6e6c61a15159e68fcb9b3903484a3af4bd11bd34e71e9e7d26e9187aafb1f0fd440ec960b9bd147ff543c5ca84f3df1e2ad272dc648141f9b3f5f24dc5883fda9ede1207fa14623f333d1955d0fd752e591aeb3ed0ccbb73158032710fd8e5a5ad6e2c75e687aec06057cf18d1361731f646e66bfb79d6254005a567fd228fea8c81ea985a72d25769909700b33e511f6dbe6707b4960e6dfd41b99bee05070c68fc52a295798a6d8c0ee8b68b2125bc804f328c4e91d92b98fd49d478bff3370183d2f35e67e737cc7ae208bbc36b28b3e78b5cedca48954e522d9a993be46fffd43173652b6b777cc8cc9464e0371a7b7665b3f1619002a0c90a24ee98ce1bbc21f9cadbdb0c8805343abf1e7c5653b086d