OV SSL/TLS Certificate for www.kida-bmel.de Issued to Johann Heinrich von Thünen-Institut

Certificate is witin its validity period

Issued by GEANT Vereniging (GEANT OV RSA CA 4)

About the www.kida-bmel.de OV SSL/TLS Certificate

This certificate with serial number ad:f3:8e:90:28:c6:65:ae:79:6a:c3:96:b6:74:60:34 for www.kida-bmel.de was issued on by GEANT Vereniging.

With 2 subject alternative names, this certificate can be used to secure multiple FQDNs. This OV SSL/TLS Certificate is currently within its validity period but we haven't checked the revocation status of this certificate, you can do this simply on revocationcheck.com. We have found some issues with the compliance of this certificate, they are be shown below. We hope this OV SSL/TLS Certificate review for www.kida-bmel.de provides you with the detailed information you were looking for.


We have identified some issues with this certificate:
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

GEANT Vereniging

Organization: GEANT Vereniging
Country: NL

This X.509 certificate will expire on

Certificate Details

Serial Number (hex): ad:f3:8e:90:28:c6:65:ae:79:6a:c3:96:b6:74:60:34
Serial Number (int): 231221062931052777599991104279917387828
Serial Number Length: 128 bits, 16 octets

Subject Key Identifier: aa:f7:12:67:13:ef:53:10:04:13:71:4b:29:a2:4f:5f:fd:58:e5:71
Authority Key Identifier: 6f:1d:35:49:10:6c:32:fa:59:a0:9e:bc:8a:e8:1f:95:be:71:7a:0c

Fingerprint (SHA-1): 6e:7b:a9:92:4b:f6:12:03:14:1c:3c:3d:46:27:d6:24:d1:83:a9:7b
Fingerprint (SHA-256): 21:4f:39:b2:04:f0:14:0e:16:33:be:d2:f1:82:a5:5e:36:58:aa:eb:57:58:ad:bd:0c:ca:55:b5:81:63:04:60

Issuing Certificate URL: http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt

Revocation Information

OCSP Server: http://GEANT.ocsp.sectigo.com
CRL Distribution Point: http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl

Check the revocation status for certificate www.kida-bmel.de
2
DNS Names
0
Email Addresses
0
IP Addresses

Advanced Certificate Properties

Technical details of the X.509 certificate for www.kida-bmel.de

Public Key Algorithm
RSA
Key Size
4096
Signature Algorithm
SHA384 with RSA
Key Usage
Digital Signature
Key Encipherment
Extended Key Usages
Server Authentication
Client Authentication
Extensions
10
CA Certificate
This is not a CA certificate

Subject Alternative Names

X.509 Certificate

The complete raw X.509 certificate details for www.kida-bmel.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIIcDCCBligAwIBAgIRAK3zjpAoxmWueWrDlrZ0YDQwDQYJKoZIhvcNAQEMBQAw
RDELMAkGA1UEBhMCTkwxGTAXBgNVBAoTEEdFQU5UIFZlcmVuaWdpbmcxGjAYBgNV
BAMTEUdFQU5UIE9WIFJTQSBDQSA0MB4XDTI0MTEyODAwMDAwMFoXDTI1MTEyODIz
NTk1OVowbzELMAkGA1UEBhMCREUxFjAUBgNVBAgTDU5pZWRlcnNhY2hzZW4xLTAr
BgNVBAoMJEpvaGFubiBIZWlucmljaCB2b24gVGjDvG5lbi1JbnN0aXR1dDEZMBcG
A1UEAxMQd3d3LmtpZGEtYm1lbC5kZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
AgoCggIBAKAFLGoRuOkphaY2+61ER2r6bntRL+/7fKlP0LSe8pgJHJLZunjnlg76
wfsxxkE6U7W2x/PGFKTzbRlml+v/MEQljq7j5v+Q/umLCCX3Ec/oxqO6YkGA0CU8
nGVty2380mnK5z1KuMQjv/GBZB0DzB/VAU5BAQKdvUIzNhWYNeOD5YPl7EBejpC/
IDupbMxHXa895vZBEJfuoU+i1XphL0+q42g9u3aDGnPQPFBCnlLNvV8f6ayq9Njx
/kTWegs/z/1YMPyNah+5V8aXaw4ZBnM3wz3EV05ORvOfRSaWkxu7kzod9zKLr/ph
JbKBlkZ+6GlmENG6wOzkBYAJlwW9PUh3foBcgY0C8XApzTnvVTjAgU9575WaQ/92
273raD11wQpDP4otiF3pXrxtpNxUKg56QL5Ga/rh2CId5B2jw5atTF0NCSIqjJLA
1rSDNHYK5BdrbMpWvqiA9BnFhUoOv8jy7txi89KkqDGy1CgtfGcLSw+PqCm8d6DC
ufn804yYSlq6KORRchaMjkmMQN6dBZMwMNJm0CnsPHKmWyY9y4fHYgL6tkK1bKjw
dh+u30Vvnxb+G8UXqgx/EJkgvAVEHkHi6o75SyDXxUV6DFMUpsOExEK06xhpm/Gv
e1Rj5Oc4oRKku8H+X8UyFe6eOhYKq72fSk1Qm/TH8Yp3V6wttO6BAgMBAAGjggMw
MIIDLDAfBgNVHSMEGDAWgBRvHTVJEGwy+lmgnryK6B+VvnF6DDAdBgNVHQ4EFgQU
qvcSZxPvUxAEE3FLKaJPX/1Y5XEwDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQC
MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEkGA1UdIARCMEAwNAYL
KwYBBAGyMQECAk8wJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9D
UFMwCAYGZ4EMAQICMD8GA1UdHwQ4MDYwNKAyoDCGLmh0dHA6Ly9HRUFOVC5jcmwu
c2VjdGlnby5jb20vR0VBTlRPVlJTQUNBNC5jcmwwdQYIKwYBBQUHAQEEaTBnMDoG
CCsGAQUFBzAChi5odHRwOi8vR0VBTlQuY3J0LnNlY3RpZ28uY29tL0dFQU5UT1ZS
U0FDQTQuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vR0VBTlQub2NzcC5zZWN0aWdv
LmNvbTCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHYA3dzKNJXX4RYF55Uy+sef
+D0cUN/bADoUEnYKLKy7yCoAAAGTcqsznAAABAMARzBFAiAtr5NL6b8pkhLZMf0a
4/yi+2/ho6Z8LAvTlZxK2iGVOgIhAO3BOum6xr8PwIpfz5LcaBhDugmCnp3r5c07
gif/fnbhAHYAzPsPaoVxCWX+lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGTcqsz
mwAABAMARzBFAiEAoWXSToifCkyUpruOhBbs6uMMwGDwgzI7aS38DMHk6GICIHy/
B5+y9dMhCX1HF9V2JtQYoycNRZq+cM1SjYGi0EAeAHUAEvFONL1TckyEBhnDjz96
E/jntWKHiJxtMAWE6+WGJjoAAAGTcqszggAABAMARjBEAiAioLesE3/YkiexKgki
Zj0fYXEicQsPTDVH0pVsPNKo2AIgTbCNvwzzQAur/0WZOZOmYc8StNj2rxYar+nW
7NAMNuowKQYDVR0RBCIwIIIQd3d3LmtpZGEtYm1lbC5kZYIMa2lkYS1ibWVsLmRl
MA0GCSqGSIb3DQEBDAUAA4ICAQAIIn12k5i35d2iHI8s+ee+qElG1GyQbyJ+8jDV
1NqJQLPtpLsmgJZiz0temyvWxc1RVUMGQ+euxh6FLrx9FK/7gpMbYLhJ48SIaNE1
XGtHRnvwvL0ELTD9nTc8DH5d7Sf2yLgpTmu0+8BX1+nB4sg76UavPnLAl0+FbFIG
kSHqKzQLw8vfLuPuXT80OBGLxkyKUqNGBnOMU8dfTgPLhY0FT1ViuBsQOTgzVucu
aO1w1asjCYoOookYTYW1HkItFFA2KJePkgz0jWQ894TBukf6ywLQhsZKtZBmpN+R
v1p08dJpqODx4lXuepUkliqjxpih0V6d+yXYH3aV3uCoNqkvU1neuA2tqVQquJiK
uATZ23tWN16jWp2JoiUkKrSKJ20H8L+lg5v/sGp87HQUOfHliOVy5cQ7uvNDr8dv
2vRrMfsCK0nAE0+msVkgE4Ev/Z7rOxUi/fjyzodhc10FVGV/uzcegD/+oj+57/CV
i1W70Hf+jtZp4mAv5yHzfuu+uVUQTe61xNZnJ6b7IWKG4kwvp6f+QaZCORP9UF38
Sa794VhEIVMxbvLTXJlvADlojet7LV2unPuresMTAY3kjoZBCssoHKMVpMUx5M59
7PioKRH1uUx6xT/6/m5sEkRzT3iJXuobzTxRUAZYjb1R/0vpm/j255oW8vRtcmSK
/Sp72A==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoAUsahG46SmFpjb7rURH
avpue1Ev7/t8qU/QtJ7ymAkcktm6eOeWDvrB+zHGQTpTtbbH88YUpPNtGWaX6/8w
RCWOruPm/5D+6YsIJfcRz+jGo7piQYDQJTycZW3LbfzSacrnPUq4xCO/8YFkHQPM
H9UBTkEBAp29QjM2FZg144Plg+XsQF6OkL8gO6lszEddrz3m9kEQl+6hT6LVemEv
T6rjaD27doMac9A8UEKeUs29Xx/prKr02PH+RNZ6Cz/P/Vgw/I1qH7lXxpdrDhkG
czfDPcRXTk5G859FJpaTG7uTOh33Mouv+mElsoGWRn7oaWYQ0brA7OQFgAmXBb09
SHd+gFyBjQLxcCnNOe9VOMCBT3nvlZpD/3bbvetoPXXBCkM/ii2IXelevG2k3FQq
DnpAvkZr+uHYIh3kHaPDlq1MXQ0JIiqMksDWtIM0dgrkF2tsyla+qID0GcWFSg6/
yPLu3GLz0qSoMbLUKC18ZwtLD4+oKbx3oMK5+fzTjJhKWroo5FFyFoyOSYxA3p0F
kzAw0mbQKew8cqZbJj3Lh8diAvq2QrVsqPB2H67fRW+fFv4bxReqDH8QmSC8BUQe
QeLqjvlLINfFRXoMUxSmw4TEQrTrGGmb8a97VGPk5zihEqS7wf5fxTIV7p46Fgqr
vZ9KTVCb9MfxindXrC207oECAwEAAQ==
-----END PUBLIC KEY-----

ASN.1 Decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 231221062931052777599991104279917387828
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12
 . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'NL'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT Vereniging'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GEANT OV RSA CA 4'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-11-28 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2025-11-28 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'Niedersachsen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Johann Heinrich von Thünen-Institut'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'www.kida-bmel.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL []
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (4208 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 652825496242670112393702524213943343556901301097344334014362937505815278797339503598486663198923159109928038401912902877938857566961152065589965983918848821704211289769522857789270799475844517829938214687189345838916429077793940684967252340295204417050535201125982709273708752616120669367837692748552595302262196446126730782059912889003305153954707097948876247042958540997655754966322720711593359587279753051962074822472591002685390604545665021652133236275836251261270237877294473957817382074639083398468648338975691360721153948116152206950401801480457953561433358065197956577979609656731847350633240812263555988819430540457868436133253543422918115679124372594198865442912531897259591898575061211001046766371672355014555449035549344837280886606318871729837632651227978494801000705339634886046474848359534100635857713668546979591490460779359844562700407209311124224418908313443430626999561977704279576526540868643972776317839788501579594619465569897408005793019430629891218133285128519920783826113261886269314405105995390783445554988080780042918603359546650923638341608952818940722038022963145028548849320615026608789275621774605375313406224758715977770133885818468450587207499538017545353231965700236694114733201769826396924120723073
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6f1d3549106c32fa59a09ebc8ae81f95be717a0c
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							aaf7126713ef53100413714b29a24f5ffd58e571
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (66 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.6449.1.2.2.79
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://sectigo.com/CPS'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (56 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crl.sectigo.com/GEANTOVRSACA4.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (105 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.crt.sectigo.com/GEANTOVRSACA4.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://GEANT.ocsp.sectigo.com'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							0167007600dddcca3495d7e11605e79532fac79ff83d1c50dfdb003a1412760a2cacbbc82a0000019372ab339c000004030047304502202daf934be9bf299212d931fd1ae3fca2fb6fe1a3a67c2c0bd3959c4ada21953a022100edc13ae9bac6bf0fc08a5fcf92dc681843ba09829e9debe5cd3b8227ff7e76e1007600ccfb0f6a85710965fe959b53cee9b27c22e9855c0d978db6a97e54c0fe4c0db00000019372ab339b0000040300473045022100a165d24e889f0a4c94a6bb8e8416eceae30cc060f083323b692dfc0cc1e4e86202207cbf079fb2f5d321097d4717d57626d418a3270d459abe70cd528d81a2d0401e00750012f14e34bd53724c840619c38f3f7a13f8e7b56287889c6d300584ebe586263a0000019372ab33820000040300463044022022a0b7ac137fd89227b12a0922663d1f617122710b0f4c3547d2956c3cd2a8d802204db08dbf0cf3400babff45993993a661cf12b4d8f6af161aafe9d6ecd00c36ea
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.kida-bmel.de'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'kida-bmel.de'
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.12
 . . . . . . . . [c:0|t:5|false] NULL []
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		0008227d769398b7e5dda21c8f2cf9e7bea84946d46c906f227ef230d5d4da8940b3eda4bb26809662cf4b5e9b2bd6c5cd5155430643e7aec61e852ebc7d14affb82931b60b849e3c48868d1355c6b47467bf0bcbd042d30fd9d373c0c7e5ded27f6c8b8294e6bb4fbc057d7e9c1e2c83be946af3e72c0974f856c52069121ea2b340bc3cbdf2ee3ee5d3f3438118bc64c8a52a34606738c53c75f4e03cb858d054f5562b81b1039383356e72e68ed70d5ab23098a0ea289184d85b51e422d14503628978f920cf48d643cf784c1ba47facb02d086c64ab59066a4df91bf5a74f1d269a8e0f1e255ee7a9524962aa3c698a1d15e9dfb25d81f7695dee0a836a92f5359deb80dada9542ab8988ab804d9db7b56375ea35a9d89a225242ab48a276d07f0bfa5839bffb06a7cec741439f1e588e572e5c43bbaf343afc76fdaf46b31fb022b49c0134fa6b1592013812ffd9eeb3b1522fdf8f2ce8761735d0554657fbb371e803ffea23fb9eff0958b55bbd077fe8ed669e2602fe721f37eebbeb955104deeb5c4d66727a6fb216286e24c2fa7a7fe41a6423913fd505dfc49aefde158442153316ef2d35c996f0039688deb7b2d5dae9cfbab7ac313018de48e86410acb281ca315a4c531e4ce7decf8a82911f5b94c7ac53ffafe6e6c1244734f78895eea1bcd3c515006588dbd51ff4be99bf8f6e79a16f2f46d72648afd2a7bd8