ps1.platformrijksoverheid.nl

Issued by GeoTrust Global G2 TLS EUR RSA4096 SHA384 2023 CA1

About this certificate

This digital certificate with serial number 0f:5c:5b:74:c5:96:c1:c0:c3:ef:6e:da:1e:11:79:f7 was issued on by DigiCert Ireland Limited.

With 4 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate is currently not expired, we haven't checked the revocation status of this certificate but you can do this simply on revocationcheck.com. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • DV certificate contains a subject common name, this is not recommended. If certificate policy 2.23.140.1.2.1 (CA/B BR domain validated) is included, only country and/or common name is allowed in SubjectDN. (BRs: 7.1.2.7.2)
  • Subscriber certificates use of Subject Key Identifier is NOT RECOMMENDED (BRs v2: 7.1.2.7.6)
  • Subscriber Certificate: commonName is NOT RECOMMENDED. (BRs: 7.1.2.7.1)

Certificate Subject

CN=ps1.platformrijksoverheid.nl

DigiCert Ireland Limited

Organization: DigiCert Ireland Limited
Country: IE

This certificate will expire on

Certificate Details

Serial Number (hex): 0f:5c:5b:74:c5:96:c1:c0:c3:ef:6e:da:1e:11:79:f7
Serial Number (int): 20417966198650526972425505766122813943
Serial Number lenght: 124 bits, 16 octets

SubjectKeyId: 76:04:10:33:26:73:32:8d:81:fa:0f:e2:6e:d3:d0:0e:0a:67:3b:da
AuthorityKeyId: 39:26:d4:ff:2c:75:d8:2a:2f:94:64:05:73:83:71:ca:86:c6:e7:7d

Fingerprint (sha1): 27:53:82:c7:7d:dc:1d:23:0e:e5:e1:bf:21:f1:d2:67:8e:0f:61:78
Fingerprint (sha256): c9:60:a2:57:d9:ad:c2:a4:fd:67:22:d3:aa:a7:6b:2a:c5:42:9e:08:b0:2b:39:3a:d4:e9:77:ad:b0:70:d3:2b

Issuing Certificate URL: http://cacerts.digicert.eu/GeoTrustGlobalG2TLSEURRSA4096SHA3842023CA1.crt

Revocation information

OCSP Server: http://ocsp.digicert.eu
CRL Distribution Point: http://crl.digicert.eu/GeoTrustGlobalG2TLSEURRSA4096SHA3842023CA1.crl

Check the revocation status for certificate ps1.platformrijksoverheid.nl

4

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for ps1.platformrijksoverheid.nl

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

10 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

ps1.platformrijksoverheid.nl
ps2.platformrijksoverheid.nl
ps3.platformrijksoverheid.nl
ps4.platformrijksoverheid.nl

Other certificates including the domain name platformrijksoverheid.nl

(limited to 100 certificates)
platformrijksoverheid.nl
subscribe.platformrijksoverheid.nl
e1.platformrijksoverheid.nl
h1.platformrijksoverheid.nl
elearning.platformrijksoverheid.nl
i1.platformrijksoverheid.nl
h1.platformrijksoverheid.nl
opendata.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
b1.platformrijksoverheid.nl
onderzoek.rijksoverheid.nl
h1.platformrijksoverheid.nl
f1.platformrijksoverheid.nl
g1.platformrijksoverheid.nl
webanalyse.platformrijksoverheid.nl
a-subscribe.platformrijksoverheid.nl
l1.platformrijksoverheid.nl
i1.platformrijksoverheid.nl
l1.platformrijksoverheid.nl
a-subscribe.platformrijksoverheid.nl
subscribe.platformrijksoverheid.nl
k1.platformrijksoverheid.nl
survey-collect.platformrijksoverheid.nl
b1.platformrijksoverheid.nl
k1.platformrijksoverheid.nl
toegang.platformrijksoverheid.nl
a-toegang.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
onderzoek.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
f1.platformrijksoverheid.nl
a-subscribe.platformrijksoverheid.nl
d1.platformrijksoverheid.nl
performance.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
platformrijksoverheid.nl
j1.platformrijksoverheid.nl
subscribe.platformrijksoverheid.nl
d1.platformrijksoverheid.nl
a-api.a-subscribe.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
k1.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
c1.platformrijksoverheid.nl
platformrijksoverheid.nl
j1.platformrijksoverheid.nl
survey.platformrijksoverheid.nl
i1.platformrijksoverheid.nl
e1.platformrijksoverheid.nl
g1.platformrijksoverheid.nl
g1.platformrijksoverheid.nl
survey-cache.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
elearning.platformrijksoverheid.nl
onderzoek.platformrijksoverheid.nl
j1.platformrijksoverheid.nl
artifactory.rijksoverheid.nl
a-cms.platformrijksoverheid.nl
g1.platformrijksoverheid.nl
b2.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
vpn.platformrijksoverheid.nl
e1.platformrijksoverheid.nl
l1.platformrijksoverheid.nl
b2.platformrijksoverheid.nl
f1.platformrijksoverheid.nl
k1.platformrijksoverheid.nl
onderzoek.platformrijksoverheid.nl
c1.platformrijksoverheid.nl
b1.platformrijksoverheid.nl
c-cms.platformrijksoverheid.nl
elearning.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
ps1.platformrijksoverheid.nl
l1.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
e1.platformrijksoverheid.nl
b2.platformrijksoverheid.nl
b2.platformrijksoverheid.nl
b1.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
e1.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
f1.platformrijksoverheid.nl
c1.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
a1.platformrijksoverheid.nl
api.subscribe.platformrijksoverheid.nl
cms.platformrijksoverheid.nl
h1.platformrijksoverheid.nl
i1.platformrijksoverheid.nl
e1.platformrijksoverheid.nl
c1.platformrijksoverheid.nl
j1.platformrijksoverheid.nl
platformrijksoverheid.nl

Certificate

The complete raw certificate details for ps1.platformrijksoverheid.nl in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIHyzCCBbOgAwIBAgIQD1xbdMWWwcDD727aHhF59zANBgkqhkiG9w0BAQsFADBt
MQswCQYDVQQGEwJJRTEhMB8GA1UEChMYRGlnaUNlcnQgSXJlbGFuZCBMaW1pdGVk
MTswOQYDVQQDEzJHZW9UcnVzdCBHbG9iYWwgRzIgVExTIEVVUiBSU0E0MDk2IFNI
QTM4NCAyMDIzIENBMTAeFw0yMzExMjMwMDAwMDBaFw0yNDExMjIyMzU5NTlaMCcx
JTAjBgNVBAMTHHBzMS5wbGF0Zm9ybXJpamtzb3ZlcmhlaWQubmwwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ+6DFR91IOlzwUBPT1erASfqs9eR1cmyT
ymz8MpffT7VYaW8hrOd6BpMzfy3X3NfD/57EsXzzCMwW6wzaLy7OeQ4qnseMR3bm
jIOs94ho8dB8jY2IL3GJCMawnLMh0SsfOET+Wup6bQn81QiCwODguCTk8ZyFNd8F
KrDsQ2l4/1eVKIjma0Q2+StgihXDj3CiTc3hWNKoWAAPb+UWga1B6UgKZwEjKXJZ
8LHKoo/rMf4fNx2Whhsefqf44/D5BrVJ2ExrhZgTKMlIooeMDQt0v334JHoehKZT
r05UoXTzHxoj6kGdgPrSXD760XIzU7kdbi/fnsfd6+gHebFGLJ3TAgMBAAGjggOr
MIIDpzAfBgNVHSMEGDAWgBQ5JtT/LHXYKi+UZAVzg3HKhsbnfTAdBgNVHQ4EFgQU
dgQQMyZzMo2B+g/ibtPQDgpnO9owgYEGA1UdEQR6MHiCHHBzMS5wbGF0Zm9ybXJp
amtzb3ZlcmhlaWQubmyCHHBzMi5wbGF0Zm9ybXJpamtzb3ZlcmhlaWQubmyCHHBz
My5wbGF0Zm9ybXJpamtzb3ZlcmhlaWQubmyCHHBzNC5wbGF0Zm9ybXJpamtzb3Zl
cmhlaWQubmwwPgYDVR0gBDcwNTAzBgZngQwBAgEwKTAnBggrBgEFBQcCARYbaHR0
cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDov
L2NybC5kaWdpY2VydC5ldS9HZW9UcnVzdEdsb2JhbEcyVExTRVVSUlNBNDA5NlNI
QTM4NDIwMjNDQTEuY3JsMIGKBggrBgEFBQcBAQR+MHwwIwYIKwYBBQUHMAGGF2h0
dHA6Ly9vY3NwLmRpZ2ljZXJ0LmV1MFUGCCsGAQUFBzAChklodHRwOi8vY2FjZXJ0
cy5kaWdpY2VydC5ldS9HZW9UcnVzdEdsb2JhbEcyVExTRVVSUlNBNDA5NlNIQTM4
NDIwMjNDQTEuY3J0MAwGA1UdEwEB/wQCMAAwggF9BgorBgEEAdZ5AgQCBIIBbQSC
AWkBZwB2AHb/iD8KtvuVUcJhzPWHujS0pM27KdxoQgqf5mdMWjp0AAABi/ufSb4A
AAQDAEcwRQIgJdaZFZ6lcpNDhpAQowc2+2BPVAjYT3CYPbsgBPVrOJ0CIQCK/4CW
QjtYueAOaB7zbnQpAc8FV58grIUrsReU1QQuvAB2ANq2v2s/tbYin5vCu1xr6HCR
cWy7UYSFNL2kPTBI1/urAAABi/ufSmUAAAQDAEcwRQIhAOfL350fZapfNa/L0RWd
iRe3/rcC3Fydk7lwURwK8OriAiArVlLit0RLX4txcfxp4rnWPgBh5K5cJu3Z8KUo
p86I6AB1AD8XS0/XIkdYlB1lHIS+DRLtkDd/H4Vq68G/KIXs+GRuAAABi/ufSqMA
AAQDAEYwRAIgY0yqbgbdgRIWCPHDNFUzlISyu0BEeMHbzwIlUggSmhkCIHk+kkao
4IvcFiuYaJMNEylAemgcuhdBB8WlB/+4s2itMA0GCSqGSIb3DQEBCwUAA4ICAQCw
2pG3EVy8qyonTde6VRgqub2gC98oQ1JSghd8YEl7xm3IzBmIZCLLhTX92gS+Oz5V
ICaXA2q/v9+pdK+7Pdq4P7SokbtdqlrHnnMUW2bh8s8hCGrfp0Y6qCBo2rqmvRAd
fQtpDv4t0M8KdfCd1KN/jh+JYb1NPU5fwcV3hLNNDVKXmxfpSgX0sKjDSZfKagl5
vDbvi4iPuNa7r9h9dKFyDMy09JmpKhKBETgYmgtbOplIPToJh7r6oe2gqAPJOxjQ
GONp1zaj2TNaYFR0J6rLVR2wPycIfJSvJfslu1wfFi29oeJKbzangpPzrZnsEbET
onPYw/o6RhTEviOFgU1LJjSQ/yxHYXKCPacKBDYLFUUn4vSjRxChP+8j+9SkMywP
/Uw/g3FeM+/Vr5ElKX93uGUedwAj9vXyNngBnxoIKqhOHW9Nv37DRMcdaxhclZgZ
OWNAm1Sy7bGXCNzWvZ1c/rKbsFEJlTAyeu6kX6Lw9myerLEkaAHv2ZF2U7m64qhd
7UinCS69fcTq6vW+rcFRsD4koGTziMMqoFgmOLuRAuZSh6++AYHTCPmEz6zpAHqT
MI1jiSUIKlHa6CawkETt/GsMBSsQa0tVxfrsACVwqUmJ4mOBLh/vCbBBgbcpifYt
/Cm/CDpQsaOVbu/RwlhYfLcJWbTnF495TOwkii/MKg==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0PugxUfdSDpc8FAT09Xq
wEn6rPXkdXJsk8ps/DKX30+1WGlvIaznegaTM38t19zXw/+exLF88wjMFusM2i8u
znkOKp7HjEd25oyDrPeIaPHQfI2NiC9xiQjGsJyzIdErHzhE/lrqem0J/NUIgsDg
4Lgk5PGchTXfBSqw7ENpeP9XlSiI5mtENvkrYIoVw49wok3N4VjSqFgAD2/lFoGt
QelICmcBIylyWfCxyqKP6zH+HzcdloYbHn6n+OPw+Qa1SdhMa4WYEyjJSKKHjA0L
dL99+CR6HoSmU69OVKF08x8aI+pBnYD60lw++tFyM1O5HW4v357H3evoB3mxRiyd
0wIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 20417966198650526972425505766122813943
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'IE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DigiCert Ireland Limited'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'GeoTrust Global G2 TLS EUR RSA4096 SHA384 2023 CA1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-23 00:00:00 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2024-11-22 23:59:59 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'ps1.platformrijksoverheid.nl'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 26381649829416062632932728440137233503001510507434468201569173456627381283596195845712147171318551696439207448978486027078497180104761131820448680351429210189180907646542685512282407089254421266123746722047512721057507267687001117069139313195953378067067341656475579169096733055975831005123364668540191598343471030676238010358896072935683684284487040508061791873764526671864898436468394032976367593082966168837486337969648928696669107650980805008041211578171455914073476977364193429537736384789594881910719837066454446702440221586464248326372094842079101880371977551003552720788355667830897688417454297991856224247251
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 3926d4ff2c75d82a2f946405738371ca86c6e77d
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							760410332673328d81fa0fe26ed3d00e0a673bda
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (122 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ps1.platformrijksoverheid.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ps2.platformrijksoverheid.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ps3.platformrijksoverheid.nl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'ps4.platformrijksoverheid.nl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (55 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'http://www.digicert.com/CPS'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (79 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.digicert.eu/GeoTrustGlobalG2TLSEURRSA4096SHA3842023CA1.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (126 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.digicert.eu'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cacerts.digicert.eu/GeoTrustGlobalG2TLSEURRSA4096SHA3842023CA1.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (365 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (361 bytes)
							016700760076ff883f0ab6fb9551c261ccf587ba34b4a4cdbb29dc68420a9fe6674c5a3a740000018bfb9f49be0000040300473045022025d699159ea5729343869010a30736fb604f5408d84f70983dbb2004f56b389d0221008aff8096423b58b9e00e681ef36e742901cf05579f20ac852bb11794d5042ebc007600dab6bf6b3fb5b6229f9bc2bb5c6be87091716cbb51848534bda43d3048d7fbab0000018bfb9f4a650000040300473045022100e7cbdf9d1f65aa5f35afcbd1159d8917b7feb702dc5c9d93b970511c0af0eae202202b5652e2b7444b5f8b7171fc69e2b9d63e0061e4ae5c26edd9f0a528a7ce88e80075003f174b4fd7224758941d651c84be0d12ed90377f1f856aebc1bf2885ecf8646e0000018bfb9f4aa300000403004630440220634caa6e06dd81121608f1c33455339484b2bb404478c1dbcf02255208129a190220793e9246a8e08bdc162b9868930d1329407a681cba174107c5a507ffb8b368ad
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		00b0da91b7115cbcab2a274dd7ba55182ab9bda00bdf2843525282177c60497bc66dc8cc19886422cb8535fdda04be3b3e55202697036abfbfdfa974afbb3ddab83fb4a891bb5daa5ac79e73145b66e1f2cf21086adfa7463aa82068dabaa6bd101d7d0b690efe2dd0cf0a75f09dd4a37f8e1f8961bd4d3d4e5fc1c57784b34d0d52979b17e94a05f4b0a8c34997ca6a0979bc36ef8b888fb8d6bbafd87d74a1720cccb4f499a92a12811138189a0b5b3a99483d3a0987bafaa1eda0a803c93b18d018e369d736a3d9335a60547427aacb551db03f27087c94af25fb25bb5c1f162dbda1e24a6f36a78293f3ad99ec11b113a273d8c3fa3a4614c4be2385814d4b263490ff2c476172823da70a04360b154527e2f4a34710a13fef23fbd4a4332c0ffd4c3f83715e33efd5af9125297f77b8651e770023f6f5f23678019f1a082aa84e1d6f4dbf7ec344c71d6b185c9598193963409b54b2edb19708dcd6bd9d5cfeb29bb051099530327aeea45fa2f0f66c9eacb1246801efd9917653b9bae2a85ded48a7092ebd7dc4eaeaf5beadc151b03e24a064f388c32aa0582638bb9102e65287afbe0181d308f984cface9007a93308d638925082a51dae826b09044edfc6b0c052b106b4b55c5faec002570a94989e263812e1fef09b04181b72989f62dfc29bf083a50b1a3956eefd1c258587cb70959b4e7178f794cec248a2fcc2a