sonrail.empa.ch

Issued by SwissSign RSA TLS DV ICA 2021 - 1

About this certificate

This digital certificate with serial number 12:8d:ca:ce:d4:9e:d3:76:42:f5:8b:aa:f1:c9:a9:e5:53:49:c1:1c was issued on by SwissSign AG.

With 2 subject alternative names this certificate can be used to secure multiple fqdn's. This certificate has already expired and will cause a warning or error message in the browser it's still listed on this site to allow you to look back on previously issued certificates. If we have found any compliance issues with this certificate they will be shown below. I hope this certificate review is providing you the detailed information in a simple form you where looking for.


We have idenified some issues with this certificate:
  • Subscriber Certificate: commonName is deprecated. (BRs: 7.1.4.2.2)

Certificate Subject

CN=sonrail.empa.ch

SwissSign AG

Organization: SwissSign AG
Country: CH

This certificate has expire since

Certificate Details

Serial Number (hex): 12:8d:ca:ce:d4:9e:d3:76:42:f5:8b:aa:f1:c9:a9:e5:53:49:c1:1c
Serial Number (int): 105923906010368737550422289602566528972377145628
Serial Number lenght: 157 bits, 20 octets

SubjectKeyId: cf:85:16:83:88:2a:41:39:77:ab:0f:aa:3b:9f:96:77:19:bd:9e:a4
AuthorityKeyId: 3c:9e:52:79:03:63:6f:4f:9c:81:1b:d3:28:70:0c:24:5a:ea:a5:87

Fingerprint (sha1): b9:9a:e9:5c:b4:c1:ff:91:31:ba:b5:21:81:f0:2c:bd:b4:ac:3f:0b
Fingerprint (sha256): e9:28:a0:fe:36:ce:c1:92:19:82:a6:d1:f3:cb:1d:ee:60:35:4e:48:ee:ef:b9:eb:ac:7d:a7:5f:6f:62:12:46

Issuing Certificate URL: http://swisssign.net/cgi-bin/authority/download/3C9E527903636F4F9C811BD328700C245AEAA587

Revocation information

OCSP Server: http://ocsp.swisssign.net/3C9E527903636F4F9C811BD328700C245AEAA587
CRL Distribution Point: http://crl.swisssign.net/3C9E527903636F4F9C811BD328700C245AEAA587
CRL Distribution Point: ldap://directory.swisssign.net/CN=3C9E527903636F4F9C811BD328700C245AEAA587%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint

Check the revocation status for certificate sonrail.empa.ch

2

DNS Names

0

Email Addresses

0

IP Addresses

Advanced Certificate Properties

Tehnical certificate details for sonrail.empa.ch

Public Key Algorithm

RSA

Key Size

2048

Signature Algorithm

SHA256 with RSA

Key Usage

Digital Signature
Key Encipherment

Extended Key Usages

Server Authentication
Client Authentication

Extensions

9 extensions
No unhandled critical extensions

CA Certificate

This is not a CA certificate

Subject Alternative Names

sonrail.empa.ch
www.sonrail.empa.ch

Other certificates including the domain name empa.ch

(limited to 100 certificates)
certest-win.empa.ch
sonrail.empa.ch
certest-win.empa.ch
events.empa.ch
events.empa.ch
sonroad18.empa.ch
sontram.empa.ch
sonrail.empa.ch
sip.empa.ch
sonroad18.empa.ch
sbc.empa.ch
sonrail.empa.ch
events.empa.ch
sonroad18.empa.ch
test2.empa.ch
events.empa.ch
events.empa.ch
*.empa.ch
sonrail.empa.ch
*.empa.ch
*.empa.ch
*.empa.ch
certest-win.empa.ch
sonroad18.empa.ch
*.empa.ch
sontram.empa.ch
certest-win.empa.ch
*.empa.ch
sip.empa.ch
*.empa.ch
sontram.empa.ch
sip.empa.ch
events.empa.ch
adobesync.empa.ch
*.empa.ch
*.empa.ch
certest-win.empa.ch
sonroad18.empa.ch
events.empa.ch
test.empa.ch
*.empa.ch
sontram.empa.ch
test2.empa.ch
sip.empa.ch
certest-win.empa.ch
*.empa.ch
adobesync.empa.ch
sontram.empa.ch
sbc.empa.ch
sonrail.empa.ch
*.empa.ch
*.empa.ch
sonroad18.empa.ch
test.empa.ch
sonrail.empa.ch
sontram.empa.ch
sonroad18.empa.ch

Certificate

The complete raw certificate details for sonrail.empa.ch in PEM and ASN.1 format.

Certificate (PEM)

-----BEGIN CERTIFICATE-----
MIIJwzCCB6ugAwIBAgIUEo3KztSe03ZC9Yuq8cmp5VNJwRwwDQYJKoZIhvcNAQEL
BQAwUDELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEqMCgGA1UE
AxMhU3dpc3NTaWduIFJTQSBUTFMgRFYgSUNBIDIwMjEgLSAxMB4XDTIyMTEyODA3
MDExNloXDTIzMTEyODA3MDExNlowGjEYMBYGA1UEAxMPc29ucmFpbC5lbXBhLmNo
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zMCnvKNbYM91SHJgBnn
nPvAgZ7iFoay3gvYLJCjO7LZWtsdNWfTWsbZvoJYvlzVNTK0qMPKVA2IWtUFhd4Z
BIhzHHKGOWP8I8GWtq+GcNkwrZ64VLUuk5Z+Vuh33Sa6U78hI5H4/mkqjyOO4KKk
M3SpGYV/XBhEcrhKxxsiyu9ZhvFd6RhR+jU8mNtZ7Feid4xvIX2AMDBp616oxuDz
mVXOrmQS/YLvfXsniZTFvY5T+yK7+cXxbYzTMyWBE3vZ3TyNkI+zYSRxb0xgbid5
UEK//cuu3Wjp9AblFMFXWA3FQU4mgtzzSO8pOPsNq0xhjMEfupiNYGUEydQgyVr3
YQIDAQABo4IFyTCCBcUwLwYDVR0RBCgwJoIPc29ucmFpbC5lbXBhLmNoghN3d3cu
c29ucmFpbC5lbXBhLmNoMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFM+FFoOIKkE5d6sPqjuflncZvZ6kMB8G
A1UdIwQYMBaAFDyeUnkDY29PnIEb0yhwDCRa6qWHMIH/BgNVHR8EgfcwgfQwR6BF
oEOGQWh0dHA6Ly9jcmwuc3dpc3NzaWduLm5ldC8zQzlFNTI3OTAzNjM2RjRGOUM4
MTFCRDMyODcwMEMyNDVBRUFBNTg3MIGooIGloIGihoGfbGRhcDovL2RpcmVjdG9y
eS5zd2lzc3NpZ24ubmV0L0NOPTNDOUU1Mjc5MDM2MzZGNEY5QzgxMUJEMzI4NzAw
QzI0NUFFQUE1ODclMkNPPVN3aXNzU2lnbiUyQ0M9Q0g/Y2VydGlmaWNhdGVSZXZv
Y2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50
MG8GA1UdIARoMGYwUAYIYIV0AVkCAQEwRDBCBggrBgEFBQcCARY2aHR0cHM6Ly9y
ZXBvc2l0b3J5LnN3aXNzc2lnbi5jb20vU3dpc3NTaWduX0NQU19UTFMucGRmMAgG
BgQAj3oBBjAIBgZngQwBAgEwgcYGCCsGAQUFBwEBBIG5MIG2MGQGCCsGAQUFBzAC
hlhodHRwOi8vc3dpc3NzaWduLm5ldC9jZ2ktYmluL2F1dGhvcml0eS9kb3dubG9h
ZC8zQzlFNTI3OTAzNjM2RjRGOUM4MTFCRDMyODcwMEMyNDVBRUFBNTg3ME4GCCsG
AQUFBzABhkJodHRwOi8vb2NzcC5zd2lzc3NpZ24ubmV0LzNDOUU1Mjc5MDM2MzZG
NEY5QzgxMUJEMzI4NzAwQzI0NUFFQUE1ODcwggLlBgorBgEEAdZ5AgQCBIIC1QSC
AtECzwB2AFWB1MIWkDYBSuoLm1c8U/DA5Dh4cCUIFy+jqh0HE9MMAAABhL0KRi8A
AAQDAEcwRQIgCwUFnXKMfK14U8+bLtTb7XcJNDOay1qQJJ5+wIxPb3kCIQDs5WN9
4qtdTTSF08VjPKJHJV7k8HDlEK16FpIdEYlxCwB1AG9Tdqwx8DEZ2JkApFEV/3cV
HBHZAsEAKQaNsgiaN9kTAAABhL0KRRQAAAQDAEYwRAIgHLylBQkoVXKQJpJJF7Ve
inZc3GV8+zbIZFpu1qNvSVUCICWbWijzHijpkPmGcHmwTHRVFSIchwPSypHwwkmi
e7PSAHcAejKMVNi3LbYg6jjgUh7phBZwMhOFTTvSK8E6V6NS61IAAAGEvQpE2wAA
BAMASDBGAiEAhHf1N59IDz4sUV/pQq4iMHhj3zfgdbSzy6IQOpylcLACIQCT08VA
10dg3Ho+w/CyLDHTK5tASJdF7hNUTDhrUQUTqQB2AK33vvp8/xDIi509nB4+GGq0
Zyldz7EMJMqFhjTr3IKKAAABhL0KRiMAAAQDAEcwRQIgHmyFesw/dFJ31oHwHbzV
+MOclGh6vNTEgoE+m+F9FT8CIQDpVWERRDJvVe7RlPixScW33Dq9ukDzb2oSS9Ei
yB+OmAB1ALNzdwfhhFD4Y4bWBancEQlKeS2xZwwLh9zwAw55NqWaAAABhL0KRokA
AAQDAEYwRAIgXf0oZXq5zdB9OdNTSpi9C2jU2K0omWLYgpOzpc1/5rQCIA97jQ6d
E5WjrdWIrbuDRly8oKjY6X+U1r4ReVpD5Cv6AHYA6D7Q2j71BjUy51covIlryQPT
y9ERa+zraeF3fW0GvW4AAAGEvQpFCgAABAMARzBFAiBaNzMeX4vycCFXoW4CRcCS
tGXNwPK22XKH1kraUXmgVQIhALzL+1/GfK0N2OI2Mk5hXdfy1aynkmwTNjDbBLtP
eeu/MA0GCSqGSIb3DQEBCwUAA4ICAQB7EeRUBj9Y2YCToq9eTMnSE6RILiAmfVFl
OQD9rrvzA0CroyZaX8j0hz22EhVcx48Opo3Swkfd1OgMN8vnimwauMw4G9vBf7MH
ltoTlzBGpi/2Us1a8NrUGNUVG3mwJVYdQtlJa/5yax7sykN4FffYUarHfphx+Egv
QYfeB1lVIQt3bizlU4UGV2k6cPfI15nxqnnBYbyH96r+agSJS8CrokDTIN7HBknZ
HDa2j71dsYHufd8XmFgY+udX5O7WC2a/7jb3lgUJofGj4BIwLNVwmHO1/I0vTPfi
fPeXKs52oUYQSCJWbRYTHA4LOJRNIWRw4HruZhXycAzg6zcm6C4IFEejJm6jhTgM
qGQzliZID0/TyC3euNk+7pnWtaH1/DGY69R8qsafAwTqywpd80YMCiDrkMJXc67b
b7UDPeT5Mpqw0bQ9A6Aq82hFAvJCLGrYppnCSdvHrGqd3B1iKZ7khBcJZ0dVUe5u
rwM2XPtd+KsG8/Ndy9vEqgv0soZauP247MN3hr2H7dzehndYZCLavmE9lyX55z5R
lMdJF+bX7AL5m+UbmM6cVrWDREj96A4/29LG8Aje2AWuzQ0OLpU723fN/da1h0Hp
nrBewasQJmKnb5kcxPiu0Qy6LYv9y/Z8WIKMM/tYL29yvfBLzlAdlNVPvuyA31GQ
djRB1YURlA==
-----END CERTIFICATE-----

Public Key (PEM)

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6zMCnvKNbYM91SHJgBnn
nPvAgZ7iFoay3gvYLJCjO7LZWtsdNWfTWsbZvoJYvlzVNTK0qMPKVA2IWtUFhd4Z
BIhzHHKGOWP8I8GWtq+GcNkwrZ64VLUuk5Z+Vuh33Sa6U78hI5H4/mkqjyOO4KKk
M3SpGYV/XBhEcrhKxxsiyu9ZhvFd6RhR+jU8mNtZ7Feid4xvIX2AMDBp616oxuDz
mVXOrmQS/YLvfXsniZTFvY5T+yK7+cXxbYzTMyWBE3vZ3TyNkI+zYSRxb0xgbid5
UEK//cuu3Wjp9AblFMFXWA3FQU4mgtzzSO8pOPsNq0xhjMEfupiNYGUEydQgyVr3
YQIDAQAB
-----END PUBLIC KEY-----

ASN.1 decoded

 [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . [c:0|t:2|false] INTEGER 2
 . . . . . . . . [c:0|t:2|false] INTEGER 105923906010368737550422289602566528972377145628
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.6 (countryName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'CH'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.10 (organizationName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign AG'
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'SwissSign RSA TLS DV ICA 2021 - 1'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2022-11-28 07:01:16 +0000 UTC
 . . . . . . . . . . . . [c:0|t:23|false] UTCTime 2023-11-28 07:01:16 +0000 UTC
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:17|true] SET, SET OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.4.3 (commonName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:19|false] PrintableString 'sonrail.empa.ch'
 . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.1 (rsaEncryption)
 . . . . . . . . . . . . . . . . [c:0|t:5|false] NULL 
 . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (2160 bits)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 29691155752811217713642461625604034160385722002234299331176568787067160213970135129139623757993690434037925635155058947432243259277631730422903690972461453621055336487514300530823551032754091225730745872664095652464758036292462768364257405142726202154461307356253009317730282693267705341565751958877104315822657377035898311107136601539702242578003698248053344272629818719124840504040435505395117033783834932779607265561260161879789559743645488557623586142277774205365408313763823411899259225236498990912118242881842042510177152986477622895321649621875473439717602742138670004470269853221180652436661076854617235191649
 . . . . . . . . . . . . . . . . . . . . [c:0|t:2|false] INTEGER 65537

 . . . . . . . . [c:2|t:3|true] ORAddress 
 . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.17 (subjectAltName)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (40 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'sonrail.empa.ch'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:2|false] IA5String 'www.sonrail.empa.ch'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.15 (keyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:1|false] BOOLEAN true
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (4 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:3|false] BIT STRING (3 bits)
							05a0
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.37 (extKeyUsage)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.1 (serverAuth)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.3.2 (clientAuth)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.14 (subjectKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (22 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (20 bytes)
							cf851683882a413977ab0faa3b9f967719bd9ea4
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.35 (authorityKeyIdentifier)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (24 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|false] OtherName 3c9e527903636f4f9c811bd328700c245aeaa587
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.31 (cRLDistributionPoints)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (247 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://crl.swisssign.net/3C9E527903636F4F9C811BD328700C245AEAA587'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:0|true] OtherName 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'ldap://directory.swisssign.net/CN=3C9E527903636F4F9C811BD328700C245AEAA587%2CO=SwissSign%2CC=CH?certificateRevocationList?base?objectClass=cRLDistributionPoint'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.5.29.32 (certificatePolicies)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (104 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.16.756.1.89.2.1.1
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.2.1 (cps)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:22|false] IA5String 'https://repository.swisssign.com/SwissSign_CPS_TLS.pdf'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 0.4.0.2042.1.6
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 2.23.140.1.2.1 (Domain Validation Certificates Policy)
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.1.1 (authorityInfoAccess)
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (185 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.2 (caIssuers)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://swisssign.net/cgi-bin/authority/download/3C9E527903636F4F9C811BD328700C245AEAA587'
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.5.5.7.48.1 (ocsp)
 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [c:2|t:6|false] IA5String 'http://ocsp.swisssign.net/3C9E527903636F4F9C811BD328700C245AEAA587'
 . . . . . . . . . . . . . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . . . . . . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.3.6.1.4.1.11129.2.4.2
 . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (725 bytes)
 . . . . . . . . . . . . . . . . . . . . . . . . [c:0|t:4|false] OCTET STRING (721 bytes)
							02cf0076005581d4c2169036014aea0b9b573c53f0c0e43878702508172fa3aa1d0713d30c00000184bd0a462f000004030047304502200b05059d728c7cad7853cf9b2ed4dbed770934339acb5a90249e7ec08c4f6f79022100ece5637de2ab5d4d3485d3c5633ca247255ee4f070e510ad7a16921d1189710b0075006f5376ac31f03119d89900a45115ff77151c11d902c10029068db2089a37d91300000184bd0a4514000004030046304402201cbca505092855729026924917b55e8a765cdc657cfb36c8645a6ed6a36f49550220259b5a28f31e28e990f9867079b04c745515221c8703d2ca91f0c249a27bb3d20077007a328c54d8b72db620ea38e0521ee98416703213854d3bd22bc13a57a352eb5200000184bd0a44db00000403004830460221008477f5379f480f3e2c515fe942ae22307863df37e075b4b3cba2103a9ca570b002210093d3c540d74760dc7a3ec3f0b22c31d32b9b40489745ee13544c386b510513a9007600adf7befa7cff10c88b9d3d9c1e3e186ab467295dcfb10c24ca858634ebdc828a00000184bd0a4623000004030047304502201e6c857acc3f745277d681f01dbcd5f8c39c94687abcd4c482813e9be17d153f022100e955611144326f55eed194f8b149c5b7dc3abdba40f36f6a124bd122c81f8e98007500b3737707e18450f86386d605a9dc11094a792db1670c0b87dcf0030e7936a59a00000184bd0a4689000004030046304402205dfd28657ab9cdd07d39d3534a98bd0b68d4d8ad289962d88293b3a5cd7fe6b402200f7b8d0e9d1395a3add588adbb83465cbca0a8d8e97f94d6be11795a43e42bfa007600e83ed0da3ef5063532e75728bc896bc903d3cbd1116beceb69e1777d6d06bd6e00000184bd0a450a000004030047304502205a37331e5f8bf2702157a16e0245c092b465cdc0f2b6d97287d64ada5179a055022100bccbfb5fc67cad0dd8e236324e615dd7f2d5aca7926c133630db04bb4f79ebbf
 . . . . [c:0|t:16|true] SEQUENCE, SEQUENCE OF 
 . . . . . . . . [c:0|t:6|false] OBJECT IDENTIFIER 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
 . . . . . . . . [c:0|t:5|false] NULL 
 . . . . [c:0|t:3|false] BIT STRING (4096 bits)
		007b11e454063f58d98093a2af5e4cc9d213a4482e20267d51653900fdaebbf30340aba3265a5fc8f4873db612155cc78f0ea68dd2c247ddd4e80c37cbe78a6c1ab8cc381bdbc17fb30796da13973046a62ff652cd5af0dad418d5151b79b025561d42d9496bfe726b1eecca437815f7d851aac77e9871f8482f4187de075955210b776e2ce553850657693a70f7c8d799f1aa79c161bc87f7aafe6a04894bc0aba240d320dec70649d91c36b68fbd5db181ee7ddf17985818fae757e4eed60b66bfee36f7960509a1f1a3e012302cd5709873b5fc8d2f4cf7e27cf7972ace76a146104822566d16131c0e0b38944d216470e07aee6615f2700ce0eb3726e82e081447a3266ea385380ca864339626480f4fd3c82ddeb8d93eee99d6b5a1f5fc3198ebd47caac69f0304eacb0a5df3460c0a20eb90c25773aedb6fb5033de4f9329ab0d1b43d03a02af3684502f2422c6ad8a699c249dbc7ac6a9ddc1d62299ee484170967475551ee6eaf03365cfb5df8ab06f3f35dcbdbc4aa0bf4b2865ab8fdb8ecc37786bd87eddcde8677586422dabe613d9725f9e73e5194c74917e6d7ec02f99be51b98ce9c56b5834448fde80e3fdbd2c6f008ded805aecd0d0e2e953bdb77cdfdd6b58741e99eb05ec1ab102662a76f991cc4f8aed10cba2d8bfdcbf67c58828c33fb582f6f72bdf04bce501d94d54fbeec80df5190763441d5851194