nas.itec.rwth-aachen.de

- RWTH Aachen -

Issued by DFN-Verein Global Issuing CA

About this certificate

This digital certificate with serial number 25:cd:7b:b0:96:c4:6f:43:dc:28:17:e8 was issued on by Verein zur Foerderung eines Deutschen Forschungsnetzes e. V..

This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

RWTH Aachen

Organization: RWTH Aachen
Organization unit: Lehrstuhl fuer Technik und Individuum
State / Province: Nordrhein-Westfalen
Locality: Aachen
Country: DE

Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.

Organization: Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.
Organization unit: DFN-PKI
Country: DE

This certificate has expire since

Certificate Details

Serial Number (hex): 25:cd:7b:b0:96:c4:6f:43:dc:28:17:e8
Serial Number (int): 11699359264979047001245620200
Serial Number lenght: 94 bits, 12 octets

SubjectKeyId: e0:98:75:73:ed:79:9c:a6:e9:0e:85:fc:95:ca:a2:98:71:c1:85:48
AuthorityKeyId: 6b:3a:98:8b:f9:f2:53:89:da:e0:ad:b2:32:1e:09:1f:e8:aa:3b:74

Fingerprint (sha1): 33:57:dd:42:f6:f2:ef:a4:17:4e:26:7c:91:e6:61:cd:94:0f:81:20
Fingerprint (sha256): e8:82:d1:b8:d8:ac:42:04:05:98:87:cc:92:4a:60:0f:fb:02:67:14:4a:68:56:dc:45:84:7b:48:0a:c8:50:db

Issuing Certificate URL: http://cdp1.pca.dfn.de/dfn-ca-global-g2/pub/cacert/cacert.crt
Issuing Certificate URL: http://cdp2.pca.dfn.de/dfn-ca-global-g2/pub/cacert/cacert.crt

Revocation information

OCSP Server: http://ocsp.pca.dfn.de/OCSP-Server/OCSP
CRL Distribution Point: http://cdp1.pca.dfn.de/dfn-ca-global-g2/pub/crl/cacrl.crl
CRL Distribution Point: http://cdp2.pca.dfn.de/dfn-ca-global-g2/pub/crl/cacrl.crl

Check the revocation status for certificate nas.itec.rwth-aachen.de

1

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for nas.itec.rwth-aachen.de

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Client Authentication
Server Authentication

Extensions

11 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

nas.itec.rwth-aachen.de

Other certificates including the domain name rwth-aachen.de

(limited to 100 certificates)
frp.landeco.rwth-aachen.de
vpn.imr.rwth-aachen.de
red.isea.rwth-aachen.de
git.isea.rwth-aachen.de
raum.arch.rwth-aachen.de
asterix.isf.rwth-aachen.de
ds10.isf.rwth-aachen.de
studibv.cms.rwth-aachen.de
zk-itc.key.rwth-aachen.de
sapportal.zhv.rwth-aachen.de
mail.dorf.rwth-aachen.de
www.rwth-aachen.de
msg-medizin.klinikum.rwth-aachen.de
itv.rwth-aachen.de
studiolo.arch.rwth-aachen.de
kaffeekasse.embedded.rwth-aachen.de
mark.tvk.rwth-aachen.de
sbc-2-extdfn.pbx.rwth-aachen.de
metafa.fsmpi.rwth-aachen.de
www.shop.rwth-aachen.de
www.rwth-aachen.de
bl.lfi.rwth-aachen.de
www.hitnet.rwth-aachen.de
admin-test.streaming.rwth-aachen.de
gigamove.rwth-aachen.de
wahlomat.stud.rwth-aachen.de
msg-medizin.klinikum.rwth-aachen.de
messenger.ima.rwth-aachen.de
cloud.halifax.rwth-aachen.de
bas47.itc.rwth-aachen.de
web-std4.itc.rwth-aachen.de
fghw-community.lfi.rwth-aachen.de
www.hitnet.rwth-aachen.de
alu.w2k.metallurgie.rwth-aachen.de
bolm.oc.rwth-aachen.de
bolm.oc.rwth-aachen.de
exam.kbsg.rwth-aachen.de
vpn.meditec.rwth-aachen.de
www.hitnet.rwth-aachen.de
fs22.hpc.itc.rwth-aachen.de
anyvpn.embedded.rwth-aachen.de
vpn2.noc.rwth-aachen.de
ifaic.ika.rwth-aachen.de
lbd.arch.rwth-aachen.de
switch-altbau-og1.isf.rwth-aachen.de
htg.ifht.rwth-aachen.de
igcs-chennai.org
files.lfi.rwth-aachen.de
www.hitnet.rwth-aachen.de
formular-ts.zhv.rwth-aachen.de
wzl-lotus2.wzl.rwth-aachen.de
mail.rwth-aachen.de
ex10-casht01.zhv.rwth-aachen.de
helfer.halifax.rwth-aachen.de
www.water.rwth-aachen.de
fachschaften.rwth-aachen.de
test.sabio.itc.rwth-aachen.de
cucm-sub-22.pbx.rwth-aachen.de
mail.ind.rwth-aachen.de
www.ideal.rwth-aachen.de
vpn.lbz.rwth-aachen.de
www-i2.informatik.rwth-aachen.de
oauth.campus.rwth-aachen.de
vmhost-esxi-smq2-idrac.e3d.rwth-aachen.de
www.fskowi.rwth-aachen.de
www.lfb.rwth-aachen.de
d-mo05.devlef.campus.rwth-aachen.de
noc96.rz.rwth-aachen.de
autodiscover.ad.ibac.rwth-aachen.de
cloud10.dbis.rwth-aachen.de
my.ram.rwth-aachen.de
www.hitnet.rwth-aachen.de
vpn.e3d.rwth-aachen.de
nc19.itv.rwth-aachen.de
otrs.ias.rwth-aachen.de
institut2a.physik.rwth-aachen.de
mail-out-4.itc.rwth-aachen.de
quic.comsys.rwth-aachen.de
reifen-db.ika.rwth-aachen.de
vispa.physik.rwth-aachen.de
malta.informatik.rwth-aachen.de
ansible.automata.rwth-aachen.de
vpn.iwm.rwth-aachen.de
www.rwth-aachen.de
vpn.lbz.rwth-aachen.de
dev.iww.rwth-aachen.de
auger.physik.rwth-aachen.de
vreiff3.arch.rwth-aachen.de
belegi.halifax.rwth-aachen.de
www.embedded.rwth-aachen.de
www.compecon.rwth-aachen.de
calculus.itmc.rwth-aachen.de
vmhost-esxi-bf2-idrac.e3d.rwth-aachen.de
seko-rocket.itc.rwth-aachen.de
mail.rwth-aachen.de
transaction.medien.rwth-aachen.de
boreas.klinikum.rwth-aachen.de
vorreiter.iaw.rwth-aachen.de
backend.i11freunde.rwth-aachen.de
www.rwth-aachen.de

Certificate

The complete raw certificate details for nas.itec.rwth-aachen.de in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIGajCCBVKgAwIBAgIMJc17sJbEb0PcKBfoMA0GCSqGSIb3DQEBCwUAMIGNMQsw
CQYDVQQGEwJERTFFMEMGA1UECgw8VmVyZWluIHp1ciBGb2VyZGVydW5nIGVpbmVz
IERldXRzY2hlbiBGb3JzY2h1bmdzbmV0emVzIGUuIFYuMRAwDgYDVQQLDAdERk4t
UEtJMSUwIwYDVQQDDBxERk4tVmVyZWluIEdsb2JhbCBJc3N1aW5nIENBMB4XDTIx
MTIwNjEyMTIyMFoXDTIzMDEwNjEyMTIyMFowgaQxCzAJBgNVBAYTAkRFMRwwGgYD
VQQIDBNOb3JkcmhlaW4tV2VzdGZhbGVuMQ8wDQYDVQQHDAZBYWNoZW4xFDASBgNV
BAoMC1JXVEggQWFjaGVuMS4wLAYDVQQLDCVMZWhyc3R1aGwgZnVlciBUZWNobmlr
IHVuZCBJbmRpdmlkdXVtMSAwHgYDVQQDDBduYXMuaXRlYy5yd3RoLWFhY2hlbi5k
ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOvqxxaPUrKZmLvTC0Nw
Awq+FDHwT13zSdWQtplJ56/bkDNpVnYvxM2/88YHIEEZD1sxNRPzj0YXdM0zbWAH
0DadvuI7TsELiAllbHZe7pyVfwxQ+kMR+WyWH7wynyHmd/KMnBpzD7N0rZFmlGPm
SoqtbfiC0CLwuPZT66qG+tQYBdU0BXAlC4sdTAin/eZlC3GEi07eIpu/JZM14WgN
2BPtG3siH6dQzkYOvNq5up4GmnYmCfcOg+7YRm+dkBpqMOzJX+J8VGbhNtYh9cEO
9XMcvcmeOt8lqyAG4qPbPvgSxBIwTA607Fl2Kjqs9I6BIKtfWXbxh/pZZPQClaYz
Mc0CAwEAAaOCAq8wggKrMFcGA1UdIARQME4wCAYGZ4EMAQICMA0GCysGAQQBga0h
giweMA8GDSsGAQQBga0hgiwBAQQwEAYOKwYBBAGBrSGCLAEBBAowEAYOKwYBBAGB
rSGCLAIBBAowCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwIGCCsGAQUFBwMBMC8GCSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4A
QwBvAG4AdAByAG8AbABsAGUAcjAdBgNVHQ4EFgQU4Jh1c+15nKbpDoX8lcqimHHB
hUgwHwYDVR0jBBgwFoAUazqYi/nyU4na4K2yMh4JH+iqO3QwIgYDVR0RBBswGYIX
bmFzLml0ZWMucnd0aC1hYWNoZW4uZGUwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0
cDovL2NkcDEucGNhLmRmbi5kZS9kZm4tY2EtZ2xvYmFsLWcyL3B1Yi9jcmwvY2Fj
cmwuY3JsMD+gPaA7hjlodHRwOi8vY2RwMi5wY2EuZGZuLmRlL2Rmbi1jYS1nbG9i
YWwtZzIvcHViL2NybC9jYWNybC5jcmwwgdsGCCsGAQUFBwEBBIHOMIHLMDMGCCsG
AQUFBzABhidodHRwOi8vb2NzcC5wY2EuZGZuLmRlL09DU1AtU2VydmVyL09DU1Aw
SQYIKwYBBQUHMAKGPWh0dHA6Ly9jZHAxLnBjYS5kZm4uZGUvZGZuLWNhLWdsb2Jh
bC1nMi9wdWIvY2FjZXJ0L2NhY2VydC5jcnQwSQYIKwYBBQUHMAKGPWh0dHA6Ly9j
ZHAyLnBjYS5kZm4uZGUvZGZuLWNhLWdsb2JhbC1nMi9wdWIvY2FjZXJ0L2NhY2Vy
dC5jcnQwEwYKKwYBBAHWeQIEAwEB/wQCBQAwDQYJKoZIhvcNAQELBQADggEBAGxV
+HdBkQcQJymzBPh8t8PGq3DFMIrX9ZXHUNhv5q/bqoY6isUFVu2MxbE9rplk+mMR
+1xzD0ewBnRrBQcHPJgKqdoFWkYSKVqMOEYu4kb4ou/QKUb6lJgQ4VYVg/q18m3V
MmQVIj6K9CpYDFvimd3PcRvcHI/8WdeOjYCT6zkTJOwGqlEzH8ckPYB8/eGpuO3N
MYzcqFH2RauvBtrXmmsQBmG9d7ZkRHxZjeMlPPsidzfuHSfbwB2hH1CSi5aM6q9C
07buz4KBHQOF7dXvGy4Zn+SpgeTX64N61F/H/LSncwDgHob9MI1pqzVTKDGKZzy9
Exr7OYHQrZH6Ye0jwBs=
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6+rHFo9SspmYu9MLQ3AD
Cr4UMfBPXfNJ1ZC2mUnnr9uQM2lWdi/Ezb/zxgcgQRkPWzE1E/OPRhd0zTNtYAfQ
Np2+4jtOwQuICWVsdl7unJV/DFD6QxH5bJYfvDKfIeZ38oycGnMPs3StkWaUY+ZK
iq1t+ILQIvC49lPrqob61BgF1TQFcCULix1MCKf95mULcYSLTt4im78lkzXhaA3Y
E+0beyIfp1DORg682rm6ngaadiYJ9w6D7thGb52QGmow7Mlf4nxUZuE21iH1wQ71
cxy9yZ463yWrIAbio9s++BLEEjBMDrTsWXYqOqz0joEgq19ZdvGH+llk9AKVpjMx
zQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 11699359264979047001245620200
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Verein zur Foerderung eines Deutschen Forschungsnetzes e. V.'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'DFN-PKI'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'DFN-Verein Global Issuing CA'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2021-12-06 12:12:20 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-01-06 12:12:20 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'DE'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.8 (stateOrProvinceName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Nordrhein-Westfalen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.7 (localityName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Aachen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'RWTH Aachen'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.11 (organizationalUnitName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'Lehrstuhl fuer Technik und Individuum'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:12|false] UTF8String 'nas.itec.rwth-aachen.de'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29781774859895700795905082982772734049919209030975261198740221662071697211722563926790826989766169668978460275496233396761207555846868582321447898290247913842230208266591365597006437710400999079592929026733212770585174655872142191751690652556103606358598684557198912007662566422052509075179160210112461403406193019271969807730697886245025378752071203045727606873602633449470098847575506832380480805233694863315426709182787316928864695594692551560209876429956430969075851181005248651305048748839141081824845141606184430989465392297241874642655460424132631964745541737327507440853107975608990763699218907760013352317389
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (80 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.2 (Organization Validation Certificates Policy)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.22177.300.30
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.22177.300.1.1.4
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.22177.300.1.1.4.10
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.22177.300.2.1.4.10
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.19 (basicConstraints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.311.20.2 (enrollCerttypeExtension)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (34 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:30|false] BMPString [0 68 0 111 0 109 0 97 0 105 0 110 0 67 0 111 0 110 0 116 0 114 0 111 0 108 0 108 0 101 0 114]
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							e0987573ed799ca6e90e85fc95caa29871c18548
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 6b3a988bf9f25389dae0adb2321e091fe8aa3b74
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (27 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'nas.itec.rwth-aachen.de'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (133 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp1.pca.dfn.de/dfn-ca-global-g2/pub/crl/cacrl.crl'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp2.pca.dfn.de/dfn-ca-global-g2/pub/crl/cacrl.crl'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (206 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.pca.dfn.de/OCSP-Server/OCSP'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp1.pca.dfn.de/dfn-ca-global-g2/pub/cacert/cacert.crt'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://cdp2.pca.dfn.de/dfn-ca-global-g2/pub/cacert/cacert.crt'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.3 (CT Precertificate Poison)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (2 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (2048 bits)
		006c55f877419107102729b304f87cb7c3c6ab70c5308ad7f595c750d86fe6afdbaa863a8ac50556ed8cc5b13dae9964fa6311fb5c730f47b006746b0507073c980aa9da055a4612295a8c38462ee246f8a2efd02946fa949810e1561583fab5f26dd5326415223e8af42a580c5be299ddcf711bdc1c8ffc59d78e8d8093eb391324ec06aa51331fc7243d807cfde1a9b8edcd318cdca851f645abaf06dad79a6b100661bd77b664447c598de3253cfb227737ee1d27dbc01da11f50928b968ceaaf42d3b6eecf82811d0385edd5ef1b2e199fe4a981e4d7eb837ad45fc7fcb4a77300e01e86fd308d69ab355328318a673cbd131afb3981d0ad91fa61ed23c01b