diff --git a/src/validator/AuthTokenSignatureValidator.php b/src/validator/AuthTokenSignatureValidator.php
index b3fa1ba..0d0b1aa 100644
--- a/src/validator/AuthTokenSignatureValidator.php
+++ b/src/validator/AuthTokenSignatureValidator.php
@@ -27,6 +27,7 @@
 namespace web_eid\web_eid_authtoken_validation_php\validator;
 
 use GuzzleHttp\Psr7\Uri;
+use phpseclib3\Crypt\RSA;
 use web_eid\web_eid_authtoken_validation_php\exceptions\AuthTokenParseException;
 use web_eid\web_eid_authtoken_validation_php\exceptions\ChallengeNullOrEmptyException;
 use InvalidArgumentException;
@@ -36,6 +37,10 @@
 class AuthTokenSignatureValidator
 {
 
+    private const ECDSA_ALGORITHMS = ['ES256', 'ES384', 'ES512'];
+
+    private const RSASSA_PSS_ALGORITHMS = ['PS256', 'PS384', 'PS512'];
+
     /** Supported subset of JSON Web Signature algorithms as defined in RFC 7518, sections 3.3, 3.4, 3.5.
      * See https://github.com/web-eid/libelectronic-id/blob/main/include/electronic-id/enums.hpp#L176.
      */
@@ -72,10 +77,17 @@ public function validate(string $algorithm, string $signature, $publicKey, strin
         $decodedSignature = base64_decode($signature);
 
         // Note that in case of ECDSA, some eID cards output raw R||S, so we need to trascode it to DER
-        if (in_array($algorithm, ["ES256", "ES384", "ES512"]) && !AsnUtil::isSignatureInAsn1Format($decodedSignature)) {
+        if (in_array($algorithm, self::ECDSA_ALGORITHMS) && !AsnUtil::isSignatureInAsn1Format($decodedSignature)) {
             $decodedSignature = AsnUtil::transcodeSignatureToDER($decodedSignature);
         }
 
+        if (in_array($algorithm, self::RSASSA_PSS_ALGORITHMS)) {
+            $publicKey = openssl_get_publickey($publicKey->withPadding(RSA::SIGNATURE_PSS)->toString('PSS'));
+            if (!$publicKey) {
+                throw new AuthTokenParseException('Could not use PSS padding for RSASSA-PSS algorithm');
+            }
+        }
+
         $hashAlgorithm = $this->hashAlgorithmForName($algorithm);
 
         $originHash = openssl_digest($this->siteOrigin->jsonSerialize(), $hashAlgorithm, true);
diff --git a/src/validator/certvalidators/SubjectCertificatePurposeValidator.php b/src/validator/certvalidators/SubjectCertificatePurposeValidator.php
index 14ce96b..9a94364 100644
--- a/src/validator/certvalidators/SubjectCertificatePurposeValidator.php
+++ b/src/validator/certvalidators/SubjectCertificatePurposeValidator.php
@@ -32,6 +32,9 @@
 final class SubjectCertificatePurposeValidator implements SubjectCertificateValidator
 {
 
+    private const KEY_USAGE = 'id-ce-keyUsage';
+    private const KEY_USAGE_DIGITAL_SIGNATURE = 0;
+    private const EXTENDED_KEY_USAGE = 'id-ce-extKeyUsage';
     // oid 1.3.6.1.5.5.7.3.2
     private const EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION = "id-kp-clientAuth";
     private $logger;
@@ -44,17 +47,28 @@ public function __construct(LoggerInterface $logger = null)
     /**
      * Validates that the purpose of the user certificate from the authentication token contains client authentication.
      *
-     * @copyright 2022 Petr Muzikant pmuzikant@email.cz
-     * 
-     * @param subjectCertificate user certificate to be validated
+     * @param X509 $subjectCertificate user certificate to be validated
      * @throws UserCertificateMissingPurposeException
+     * @throws UserCertificateWrongPurposeException
+     * @copyright 2022 Petr Muzikant pmuzikant@email.cz
+     *
      */
     public function validate(X509 $subjectCertificate): void
     {
-        $usages = $subjectCertificate->getExtension('id-ce-extKeyUsage');
-        if (!$usages || empty($usages)) {
+        $keyUsage = $subjectCertificate->getExtension(self::KEY_USAGE);
+        if (!$keyUsage || empty($keyUsage)) {
             throw new UserCertificateMissingPurposeException();
         }
+        if (!$keyUsage[self::KEY_USAGE_DIGITAL_SIGNATURE]) {
+            throw new UserCertificateWrongPurposeException();
+        }
+        $usages = $subjectCertificate->getExtension(self::EXTENDED_KEY_USAGE);
+        if (!$usages || empty($usages)) {
+            // Digital Signature extension present, but Extended Key Usage extension not present,
+            // assume it is an authentication certificate (e.g. Luxembourg eID).
+            $this->logger?->debug("User certificate has Digital Signature key usage and no Extended Key Usage extension, this means that it can be used for client authentication.");
+            return;
+        }
         // Extended usages must contain TLS Web Client Authentication
         if (!in_array(self::EXTENDED_KEY_USAGE_CLIENT_AUTHENTICATION, $usages)) {
             throw new UserCertificateWrongPurposeException();
@@ -62,4 +76,5 @@ public function validate(X509 $subjectCertificate): void
 
         $this->logger?->debug("User certificate can be used for client authentication.");
     }
+
 }
diff --git a/tests/_resources/DVV TEST Certificates - G5E.crt b/tests/_resources/DVV TEST Certificates - G5E.crt
new file mode 100644
index 0000000..a01b659
Binary files /dev/null and b/tests/_resources/DVV TEST Certificates - G5E.crt differ
diff --git a/tests/_resources/VRK TEST CA for Test Purposes - G4.crt b/tests/_resources/VRK TEST CA for Test Purposes - G4.crt
new file mode 100644
index 0000000..3159602
Binary files /dev/null and b/tests/_resources/VRK TEST CA for Test Purposes - G4.crt differ
diff --git a/tests/_resources/eID TEST EC Citizen CA.cer b/tests/_resources/eID TEST EC Citizen CA.cer
new file mode 100644
index 0000000..06456b7
--- /dev/null
+++ b/tests/_resources/eID TEST EC Citizen CA.cer	
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDKTCCAq+gAwIBAgIIcND8I1qptLUwCgYIKoZIzj0EAwMwKzELMAkGA1UEBhMC
+QkUxHDAaBgNVBAMME2VJRCBURVNUIEVDIFJvb3QgQ0EwIBcNMDcwNDMwMjIwMDIw
+WhgPMjA4NzA0MTAyMjAwMjBaMC4xCzAJBgNVBAYTAkJFMR8wHQYDVQQDDBZlSUQg
+VEVTVCBFQyBDaXRpemVuIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEJAiNoOQf
+Y0r8N6JVPMLedXyRZ7MwppGwQ9ZxFzLjVsbeKuUvqEFR0yKKyEidXc875m4UF5lR
+pf/FSWagg2IXGWrypnRZkgnNVP6s5W2LzKdV09hd6v7O8j/8knfHOj+No4IBmTCC
+AZUwHQYDVR0OBBYEFN2zf+OaGY5ZyRFWAi31+p1v3oRLMB8GA1UdIwQYMBaAFCHA
+clfKHAQEGR3ZjH4+tYPrrBwCMA4GA1UdDwEB/wQEAwIBBjBIBgNVHSAEQTA/MD0G
+BmA4DAEBAjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNj
+YXJkcy5iZS9jZXJ0MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDBCBgNV
+HR8EOzA5MDegNaAzhjFodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNjYXJkcy5iZS9j
+cmwvcm9vdGNhRUMuY3JsMIGBBggrBgEFBQcBAQR1MHMwPgYIKwYBBQUHMAKGMmh0
+dHA6Ly9laWRkZXZjYXJkcy56ZXRlc2NhcmRzLmJlL2NlcnQvcm9vdGNhRUMuY3J0
+MDEGCCsGAQUFBzABhiVodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNjYXJkcy5iZTo4
+ODg4MBIGA1UdEwEB/wQIMAYBAf8CAQAwCgYIKoZIzj0EAwMDaAAwZQIxAOMiiByF
+0aLEA6zUrobMw7aSH5o2u1hGVMe0AL4ezYztRdfxvXVU+m1JosBVBDDjeAIwYJJN
+7bLWw8BVi/lkxRjKL/+zAJP6djGywXI1pVh4HKb0D+tipq5StO+QnM8cnPmg
+-----END CERTIFICATE-----
diff --git a/tests/testutil/AuthTokenValidators.php b/tests/testutil/AuthTokenValidators.php
index 1bcd0b2..893ab88 100644
--- a/tests/testutil/AuthTokenValidators.php
+++ b/tests/testutil/AuthTokenValidators.php
@@ -89,6 +89,27 @@ public static function getAuthTokenValidatorWithDisallowedESTEIDPolicy(): AuthTo
             ->build();
     }
 
+    public static function getAuthTokenValidatorForBelgianIdCard(): AuthTokenValidator
+    {
+        return self::getAuthTokenValidator(
+            "https://47f0-46-131-86-189.ngrok-free.app",
+            ...CertificateLoader::loadCertificatesFromResources(
+            __DIR__ . "/../_resources/eID TEST EC Citizen CA.cer"
+        )
+        );
+    }
+
+    public static function getAuthTokenValidatorForFinnishIdCard(): AuthTokenValidator
+    {
+        return self::getAuthTokenValidator(
+            "https://47f0-46-131-86-189.ngrok-free.app",
+            ...CertificateLoader::loadCertificatesFromResources(
+            __DIR__ . "/../_resources/DVV TEST Certificates - G5E.crt",
+            __DIR__ . "/../_resources/VRK TEST CA for Test Purposes - G4.crt"
+        )
+        );
+    }
+
     public static function getAuthTokenValidatorWithWrongTrustedCertificate(): AuthTokenValidator
     {
         return self::getAuthTokenValidator(
diff --git a/tests/validator/AuthTokenCertificateBelgianIdCardTest.php b/tests/validator/AuthTokenCertificateBelgianIdCardTest.php
new file mode 100644
index 0000000..ec00940
--- /dev/null
+++ b/tests/validator/AuthTokenCertificateBelgianIdCardTest.php
@@ -0,0 +1,102 @@
+<?php
+
+/*
+ * Copyright (c) 2022-2025 Estonian Information System Authority
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+namespace web_eid\web_eid_authtoken_validation_php\validator;
+
+use DateTime;
+use UnexpectedValueException;
+use web_eid\web_eid_authtoken_validation_php\exceptions\AuthTokenParseException;
+use web_eid\web_eid_authtoken_validation_php\exceptions\CertificateDecodingException;
+use web_eid\web_eid_authtoken_validation_php\exceptions\CertificateExpiredException;
+use web_eid\web_eid_authtoken_validation_php\exceptions\CertificateNotTrustedException;
+use web_eid\web_eid_authtoken_validation_php\exceptions\CertificateNotYetValidException;
+use web_eid\web_eid_authtoken_validation_php\exceptions\UserCertificateDisallowedPolicyException;
+use web_eid\web_eid_authtoken_validation_php\exceptions\UserCertificateMissingPurposeException;
+use web_eid\web_eid_authtoken_validation_php\exceptions\UserCertificateOCSPCheckFailedException;
+use web_eid\web_eid_authtoken_validation_php\exceptions\UserCertificateWrongPurposeException;
+use web_eid\web_eid_authtoken_validation_php\testutil\AbstractTestWithValidator;
+use web_eid\web_eid_authtoken_validation_php\testutil\AuthTokenValidators;
+use web_eid\web_eid_authtoken_validation_php\testutil\Dates;
+
+class AuthTokenCertificateBelgianIdCardTest extends AbstractTestWithValidator
+{
+
+    private const BELGIAN_TEST_ID_CARD_AUTH_TOKEN_ECC =
+        '{' .
+        '  "action": "web-eid:authenticate-success",' .
+        '  "algorithm": "ES384",' .
+        '  "appVersion": "https://web-eid.eu/web-eid-app/releases/2.7.0+965",' .
+        '  "format": "web-eid:1.0",' .
+        '  "signature": "VWCxJ+NrWpNsLJwLbJ1IXuJkkrRsxhfZ1uVmaoY3gBMPrvULaLAp+A1VYGJ2QWobL9FvhMyEQpVlO99ytovux3pX75gHkf3Z0sBjtNqr/QS0ac+qI2hEccFnU0H7deO7",' .
+        '  "unverifiedCertificate": "MIIDQDCCAsegAwIBAgIQEAAAAAAA8evx/gAAAAGKYTAKBggqhkjOPQQDAzAuMQswCQYDVQQGEwJCRTEfMB0GA1UEAwwWZUlEIFRFU1QgRUMgQ2l0aXplbiBDQTAeFw0yMDEwMjIyMjAwMDBaFw0zMDEwMjIyMjAwMDBaMHYxCzAJBgNVBAYTAkJFMScwJQYDVQQDDB5Ob3JhIFNwZWNpbWVuIChBdXRoZW50aWNhdGlvbikxETAPBgNVBAQMCFNwZWNpbWVuMRUwEwYDVQQqDAxOb3JhIEFuZ8OobGUxFDASBgNVBAUTCzAxMDUwMzk5ODY0MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEPybypdwlvczyuKQtJ87s/RmB+hRFaP4BdtR/Sc8jfQTmKUYVn0KDYZPBllh928yMPxU7F+Za3FtFrAPCnDH75IquYsn0oc5olVO7Uas5gn61Y2EA5askyCljNVLA0Gquo4IBYDCCAVwwHwYDVR0jBBgwFoAU3bN/45oZjlnJEVYCLfX6nW/ehEswDgYDVR0PAQH/BAQDAgeAMEkGA1UdIARCMEAwPgYHYDgMAQECAjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNjYXJkcy5iZS9jZXJ0MBMGA1UdJQQMMAoGCCsGAQUFBwMCMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9laWRkZXZjYXJkcy56ZXRlc2NhcmRzLmJlL2NybC9jaXRpemVuY2FFQy5jcmwwgYEGCCsGAQUFBwEBBHUwczA+BggrBgEFBQcwAoYyaHR0cDovL2VpZGRldmNhcmRzLnpldGVzY2FyZHMuYmUvY2VydC9yb290Y2FFQy5jcnQwMQYIKwYBBQUHMAGGJWh0dHA6Ly9laWRkZXZjYXJkcy56ZXRlc2NhcmRzLmJlOjg4ODgwCgYIKoZIzj0EAwMDZwAwZAIwE7uLOjrhXbid+tRKe/5wgE/R3rFVsE6HkpHJg+9+mqlBToLrLWvckmiPRmUot85BAjBNyxy48pVF+azJEnt0Z/hipToVhgJLlMkPFwZiL2+4B3w2WtNeSphEl3gjClos+Wg="' .
+        '}';
+
+    private const BELGIAN_TEST_ID_CARD_AUTH_TOKEN_RSA =
+        '{' .
+        '  "action": "web-eid:authenticate-success",' .
+        '  "algorithm": "RS256",' .
+        '  "appVersion": "https://web-eid.eu/web-eid-app/releases/2.7.0+965",' .
+        '  "format": "web-eid:1.0",' .
+        '  "signature": "KQsMoSj3lWz1H3NZ2LYtV27oIi2LdiBonYVjxZrRUt7qFBmepRRHY+vtM0qOZ0J8i9DwR25hmVi60S2yNAkYMIdYp3g2o8FamSpdz5MZBAGCpxF0yqK74sHN+87qjqj4qMv2rUIKMluhvjuwLSzZHaJzJyels/jdOHTQNgZ8S3ufEoCvLYcVU19TFryoo7ZWKfSB8qTWIv3UdOBTWG7fcU/fOwQmw9YAGrfKTJevTDIwcdLccqKXc1JzDWx6eargAx9Pa3Ehwa1SwB0aTXYVsfO+9awlFzjTXAnCudzKLoYBmNJedmv0MXlxNHSFQ9sNZDVgV4Sb5nQSlXE0st9uoQ==",' .
+        '  "unverifiedCertificate": "MIID7zCCA3WgAwIBAgIQEAAAAAAA8evx/gAAAAHu2TAKBggqhkjOPQQDAzAuMQswCQYDVQQGEwJCRTEfMB0GA1UEAwwWZUlEIFRFU1QgRUMgQ2l0aXplbiBDQTAeFw0yMzA5MjYyMjAwMDBaFw0zMzA5MjYyMjAwMDBaMHYxCzAJBgNVBAYTAkJFMScwJQYDVQQDDB5Ob3JhIFNwZWNpbWVuIChBdXRoZW50aWNhdGlvbikxETAPBgNVBAQMCFNwZWNpbWVuMRUwEwYDVQQqDAxOb3JhIEFuZ8OobGUxFDASBgNVBAUTCzAxMDUwMzk5ODY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/JkeHwt4rQhx/QrpPSCLUd98YxiZRvtKyo1glLiByNvDu7D6Jgg70tj2wlrwn3X0c8Rz/Yy3SgLIPzc92ptvaJG0H52cecRKABzDKwn9Qf/ZwsasDkKnprx0KUbiTaBU9Se1AEim5hyG4naahcfQJo+SwvIMhjIVPk1l1B+fbwRBlYG+LoJXdLSwoYRWArnf+4vx2PXR1nrmfLDw0NrtuNQy637O58DSL2XGd0+jKpQfYCBrqN0B26zA2RU0Uzb0ztEf4VXYH26dmv+bqwpXdPQYPQ7elNFXzFCRnmgJfxt4aKSkGZ2sQFWrKeIRxzVizLFDnfW8TSV5S4tuwYSMwIDAQABo4IBYDCCAVwwHwYDVR0jBBgwFoAU3bN/45oZjlnJEVYCLfX6nW/ehEswDgYDVR0PAQH/BAQDAgeAMEkGA1UdIARCMEAwPgYHYDgMAQECAjAzMDEGCCsGAQUFBwIBFiVodHRwOi8vZWlkZGV2Y2FyZHMuemV0ZXNjYXJkcy5iZS9jZXJ0MBMGA1UdJQQMMAoGCCsGAQUFBwMCMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9laWRkZXZjYXJkcy56ZXRlc2NhcmRzLmJlL2NybC9jaXRpemVuY2FFQy5jcmwwgYEGCCsGAQUFBwEBBHUwczA+BggrBgEFBQcwAoYyaHR0cDovL2VpZGRldmNhcmRzLnpldGVzY2FyZHMuYmUvY2VydC9yb290Y2FFQy5jcnQwMQYIKwYBBQUHMAGGJWh0dHA6Ly9laWRkZXZjYXJkcy56ZXRlc2NhcmRzLmJlOjg4ODgwCgYIKoZIzj0EAwMDaAAwZQIwL3Mp3pSlxfjUQ6zlsAwLHBbs1//7vPiqx//IcyUZYuVXZ00KG8MelmaMNbmzDVxaAjEAnqHxkwV5sSDwQCUbb6Tofaypm+DO6C2LriHS5r+s84x2Eq+s+lAJ1L4WkcgsKxns"' .
+        '}';
+
+    
+    protected function setUp(): void
+    {
+        parent::setUp();
+        // Ensure that the certificates do not expire.
+        $this->mockDate("2024-12-24");
+    }
+
+    protected function tearDown(): void
+    {
+        Dates::resetMockedCertificateValidatorDate();
+    }
+
+    public function testWhenIdCardWithECCSignatureCertificateIsValidatedThenValidationSucceeds(): void
+    {
+        $this->expectNotToPerformAssertions();
+        $validator = AuthTokenValidators::getAuthTokenValidatorForBelgianIdCard();
+        $token = $validator->parse(self::BELGIAN_TEST_ID_CARD_AUTH_TOKEN_ECC);
+
+        $validator->validate($token, 'iMeEwP2cgUINY2XoO/lqEpOUn7z/ysHRqGXkGKC4VXE=');
+    }
+
+    public function testWhenIdCardWithRSASignatureCertificateIsValidatedThenValidationSucceeds(): void
+    {
+        $this->expectNotToPerformAssertions();
+        $validator = AuthTokenValidators::getAuthTokenValidatorForBelgianIdCard();
+        $token = $validator->parse(self::BELGIAN_TEST_ID_CARD_AUTH_TOKEN_RSA);
+
+        $validator->validate($token, 'YPVgYc7Qds0qmK/RilPLffnsIg7IIovM4BAWqGZWwiY=');
+    }
+
+    private function mockDate(string $date)
+    {
+        Dates::setMockedCertificateValidatorDate(new DateTime($date));
+    }
+
+}
diff --git a/tests/validator/AuthTokenCertificateFinnishIdCardTest.php b/tests/validator/AuthTokenCertificateFinnishIdCardTest.php
new file mode 100644
index 0000000..8465755
--- /dev/null
+++ b/tests/validator/AuthTokenCertificateFinnishIdCardTest.php
@@ -0,0 +1,92 @@
+<?php
+
+/*
+ * Copyright (c) 2022-2025 Estonian Information System Authority
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+
+namespace web_eid\web_eid_authtoken_validation_php\validator;
+
+use DateTime;
+use web_eid\web_eid_authtoken_validation_php\testutil\AbstractTestWithValidator;
+use web_eid\web_eid_authtoken_validation_php\testutil\AuthTokenValidators;
+use web_eid\web_eid_authtoken_validation_php\testutil\Dates;
+
+class AuthTokenCertificateFinnishIdCardTest extends AbstractTestWithValidator
+{
+
+    private const FINNISH_TEST_ID_CARD_BACKMAN_JUHANI_AUTH_TOKEN =
+        '{' .
+        '  "action": "web-eid:authenticate-success",' .
+        '  "algorithm": "ES384",' .
+        '  "appVersion": "https://web-eid.eu/web-eid-app/releases/2.7.0+965",' .
+        '  "format": "web-eid:1.0",' .
+        '  "signature": "dUzVVAvN4dLFSKo0De4WQsDMiXpoQVjT8km6RLePeRyhlsA7swaq7XLfGOO1Qw4o5DrWAKBOlElwpJO9GgO6nPhDsco4SVKHSdSKbJMvg0E8qrCo3dUbdT/Y5UhKFPNl",' .
+        '  "unverifiedCertificate": "MIIEOjCCA7+gAwIBAgIEBhwJHTAMBggqhkjOPQQDAwUAMHgxCzAJBgNVBAYTAkZJMSkwJwYDVQQKDCBEaWdpLSBqYSB2YWVzdG90aWV0b3ZpcmFzdG8gVEVTVDEYMBYGA1UECwwPVGVzdGl2YXJtZW50ZWV0MSQwIgYDVQQDDBtEVlYgVEVTVCBDZXJ0aWZpY2F0ZXMgLSBHNUUwHhcNMjMwMTI1MjIwMDAwWhcNMjgwMTIzMjE1OTU5WjB5MQswCQYDVQQGEwJGSTESMBAGA1UEBRMJOTk5MDIwMDE2MQ8wDQYDVQQqDAZKVUhBTkkxGTAXBgNVBAQMEFNQRUNJTUVOLUJBQ0tNQU4xKjAoBgNVBAMMIVNQRUNJTUVOLUJBQ0tNQU4gSlVIQU5JIDk5OTAyMDAxNjB2MBAGByqGSM49AgEGBSuBBAAiA2IABKq3yVI9NYmZwV2Matvk6yXFLLYn087ldhvl1AfCRoV8mTGhmL+y/R4DzaTeTrS9epEUcR9x2697h6DLBUkiOlAcI3nN92RJgNlBOCdvBdNcYgx57njSJHde4Rsm5gmLLqOCAhUwggIRMB8GA1UdIwQYMBaAFBKet+Iox/OUaou9Tcb0wjaXUkIIMB0GA1UdDgQWBBS8olmlfP/C700H4k/wLPrKX513QzAOBgNVHQ8BAf8EBAMCA4gwgc0GA1UdIASBxTCBwjCBvwYKKoF2hAVjCoJgATCBsDAnBggrBgEFBQcCARYbaHR0cDovL3d3dy5maW5laWQuZmkvY3BzOTkvMIGEBggrBgEFBQcCAjB4GnZWYXJtZW5uZXBvbGl0aWlra2Egb24gc2FhdGF2aWxsYSAtIENlcnRpZmlrYXRwb2xpY3kgZmlubnMgLSBDZXJ0aWZpY2F0ZSBwb2xpY3kgaXMgYXZhaWxhYmxlIGh0dHA6Ly93d3cuZmluZWlkLmZpL2Nwczk5MDAGA1UdEQQpMCeBJVMxSnVoYW5pMDQ5LlNQRUNJTUVOLUJhY2ttYW5AdGVzdGkuZmkwDwYDVR0TAQH/BAUwAwEBADA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vcHJveHkuZmluZWlkLmZpL2NybC9kdnZ0cDVlYy5jcmwwcgYIKwYBBQUHAQEEZjBkMDIGCCsGAQUFBzAChiZodHRwOi8vcHJveHkuZmluZWlkLmZpL2NhL2R2dnRwNWVjLmNydDAuBggrBgEFBQcwAYYiaHR0cDovL29jc3B0ZXN0LmZpbmVpZC5maS9kdnZ0cDVlYzAMBggqhkjOPQQDAwUAA2cAMGQCMClSh2MQZVYZyKfgmntQxuVUtQvIIqs8aOdsKpla4wt/IU6hMbGEAfIv4AzLXLsS5QIwUcjlY8BCj4+x84ihAqqHNIle6kyKek/Tj994SjQBmUadtyUSDvg8O5MppKvgJCNV"' .
+        '}';
+
+    private const FINNISH_TEST_ID_CARD_BABAFO_VELI_AUTH_TOKEN =
+        '{' .
+        '  "action": "web-eid:authenticate-success",' .
+        '  "algorithm": "PS256",' .
+        '  "appVersion": "https://web-eid.eu/web-eid-app/releases/2.7.0+965",' .
+        '  "format": "web-eid:1.0",' .
+        '  "signature": "TFJ+l/NyDIMzoRyJxXprA88kBZXTvQ1gu2vUWhf4sz468acq46WWllIVs9/nIwBRMt3cPnDwKT21EkgIBc/bhBO+7SlWcRAov0N9Nja0pebJAfYKyY0VONN9T4/LRnCg3NVFZequuk+6roV1vVPhySmOz29w/HM5F5tENbxkgn5uw3q7H44qUVE/s01vhmiCHpz98HGm01jX4p6Pm1IxQ5lcx+2wSYvm0t1G973pz+SXmJBE0rGOS8v+bmP15mIiIyGYeUFIvgw9cWsLhgyhYZwymm+Isfa/wAKbtmxT1bI2a7xIR+XDrG4xrwqOETaYUzshOfgvD5JViY+GLianbA==",' .
+        '  "unverifiedCertificate": "MIIGfDCCBGSgAwIBAgIEBgzM/jANBgkqhkiG9w0BAQ0FADB5MQswCQYDVQQGEwJGSTEjMCEGA1UECgwaVmFlc3RvcmVraXN0ZXJpa2Vza3VzIFRFU1QxGDAWBgNVBAsMD1Rlc3RpdmFybWVudGVldDErMCkGA1UEAwwiVlJLIFRFU1QgQ0EgZm9yIFRlc3QgUHVycG9zZXMgLSBHNDAeFw0yMDA2MDgwNjUwMjhaFw0yNTA1MjIyMDU5NTlaMHUxCzAJBgNVBAYTAkZJMRIwEAYDVQQFEwk5OTkwMTExMkgxDTALBgNVBCoMBFZFTEkxGTAXBgNVBAQMEFNQRUNJTUVOLUJBQkFGw5YxKDAmBgNVBAMMH1NQRUNJTUVOLUJBQkFGw5YgVkVMSSA5OTkwMTExMkgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqIgAEE3XvFvRruqDKdQacfCstkNMNZSKC0lj/zTpJbzF4SzoQAw9RJnZ2TAZEFQ+K7RhQpc7vIcdSEtFT4Qvqak2z79r8wO82c8IkeWmo412FgUzUNJcXA0fYcPQsYuociefQvGINrWWWMdHFZYvMlMgRL9VSgEjxN0JZ/+5sZW6IjFfy0VvKWH2jkDPA/eoX7boMzPx+sNlAIjvsZYgup313l1QYWwHQe3MjhJHcEKY+fXWI0zxiFFFJretr1atso2jqUc0vl0zaZImttj8h0DC6IlcieizT3HEf/yAjxMrnUYmAPexLQGspAk2J7UO8DGV/5z8rwfa5YPDgrcJtAgMBAAGjggIOMIICCjAfBgNVHSMEGDAWgBQ9mqO1+BUR7xHK68dcTZOAssc/wTAdBgNVHQ4EFgQUDWLtdQXSHmoD5CAjnCoFSKiLHnswDgYDVR0PAQH/BAQDAgSwMIHOBgNVHSAEgcYwgcMwgcAGCiqBdoQFYwqBSgEwgbEwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZmluZWlkLmZpL2Nwczk5LzCBhQYIKwYBBQUHAgIweRp3VmFybWVubmVwb2xpdGlpa2thIG9uIHNhYXRhdmlsbGEgLSBDZXJ0aWZpa2F0IHBvbGljeSBmaW5ucyAtIENlcnRpZmljYXRlIHBvbGljeSBpcyBhdmFpbGFibGUgaHR0cDovL3d3dy5maW5laWQuZmkvY3BzOTkwLQYDVR0RBCYwJIEiZzR2ZWxpMTEyLnNwZWNpbWVuLWJhYmFmb0B0ZXN0aS5maTAPBgNVHRMBAf8EBTADAQEAMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly9wcm94eS5maW5laWQuZmkvY3JsL3Zya3RwNGMuY3JsMG4GCCsGAQUFBwEBBGIwYDAwBggrBgEFBQcwAoYkaHR0cDovL3Byb3h5LmZpbmVpZC5maS9jYS92cmt0cDQuY3J0MCwGCCsGAQUFBzABhiBodHRwOi8vb2NzcHRlc3QuZmluZWlkLmZpL3Zya3RwNDANBgkqhkiG9w0BAQ0FAAOCAgEAkj0Hm/egBQ2LTpzP+DexrRJZcnGbqqg2zoh0uK6Gt+Pc2Z1phe6/kyCh/WdbJcGqz4z8NZNFsse74VjyZupwDeX7VW/763XikOYoOMiLmdmC2EBMbTb1cjzEoyc/+VrfH2tqO6qJXf0LjaXdE9t6tGfbjH2XiJNuzLQCfnfc6kUrAfQCH1xkaaEBFHicpYVfkGxt2urDjeeG8caxFFiZrxMvWTy/zYub8ZMqked11JUgs5t0ycP8+zfSlehBDAhsv954JvfE7VZG+YpP3XXVUp/2rZzlOnXnjCqd0VsLSLNG5wzvjZ0+da2HDsdKtYrWAfjfueFLUbu9jJ+xIokYFOGxMM0frfQBms7Yk6UK1P7fdrcJRtbZVdEIEtDsx7sjPt892omX0ORmsVYUv2NZNqZaGKWNwQFCOL7W+1WQVpLpUBYEy9XKV5GYhzKj0BnfZJoGSWNhMavhJVanl5cjCCT4Md2MlV3yo2Wjrn7YY82IwpVK4nPPIK+rlG6agwIllQfejWrgEK+//rdnOrm/W+ryucfRS8Y6kIw+7IIiqpJsCb/vyny4wkfobdykidpnsiHS10dkaQ01fhN2GrdHcsVXviZCPvM5YTOht4tb+M0qNPdzs1ROgmWL+glH8N7dKn2m3XLBsuROGajGFMdkN9xkdlQ6KO8WJqT46o9RH6c="' .
+        '}';
+
+    
+    protected function setUp(): void
+    {
+        parent::setUp();
+        // Ensure that the certificates do not expire.
+        $this->mockDate("2024-12-24");
+    }
+
+    protected function tearDown(): void
+    {
+        Dates::resetMockedCertificateValidatorDate();
+    }
+
+    public function testWhenIdCardSignatureCertificateWithG5ERootCertificateIsValidatedThenValidationSucceeds(): void
+    {
+        $this->expectNotToPerformAssertions();
+        $validator = AuthTokenValidators::getAuthTokenValidatorForFinnishIdCard();
+        $token = $validator->parse(self::FINNISH_TEST_ID_CARD_BACKMAN_JUHANI_AUTH_TOKEN);
+
+        $validator->validate($token, 'x9qZDRO/ao2zprt3Z0bkW4CvvE/gALFtUIf3tcC0XxY=');
+    }
+
+    public function testWhenIdCardSignatureCertificateWithG4RootCertificateIsValidatedThenValidationSucceeds(): void
+    {
+        $this->expectNotToPerformAssertions();
+        $validator = AuthTokenValidators::getAuthTokenValidatorForFinnishIdCard();
+        $token = $validator->parse(self::FINNISH_TEST_ID_CARD_BABAFO_VELI_AUTH_TOKEN);
+
+        $validator->validate($token, 'ZqlDATkQRqh7LkqEbspBc2qDjot29oiNLlITdLgiVIo=');
+    }
+
+    private function mockDate(string $date)
+    {
+        Dates::setMockedCertificateValidatorDate(new DateTime($date));
+    }
+
+}
diff --git a/tests/validator/AuthTokenCertificateTest.php b/tests/validator/AuthTokenCertificateTest.php
index 4ae445e..2750390 100644
--- a/tests/validator/AuthTokenCertificateTest.php
+++ b/tests/validator/AuthTokenCertificateTest.php
@@ -49,7 +49,7 @@ class AuthTokenCertificateTest extends AbstractTestWithValidator
         '"signature":"arx164xRiwhIQDINe0J+ZxJWZFOQTx0PBtOaWaxAe7gofEIHRIbV1w0sOCYBJnvmvMem9hU4nc2+iJx2x8poYck4Z6eI3GwtiksIec3XQ9ZIk1n/XchXnmPn3GYV+HzJ",' .
         '"format":"web-eid:1"}';
 
-    private const MISSING_PURPOSE_CERT = 'MIICxjCCAa6gAwIBAgIJANTbd26vS6fmMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNVBAMTCndlYi1laWQuZXUwHhcNMjAwOTI0MTIyNDMzWhcNMzAwOTIyMTIyNDMzWjAVMRMwEQYDVQQDEwp3ZWItZWlkLmV1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAza5qBFu5fvs47rx3o9yzBVfIxHjMotID8ppkwWVen/uFxlqsRVi+XnWkggW+K8X45inAnBAVi1rIw7GQNdacSHglyvQfwM64AallmD0+K+QgbqxcO9fvRvlAeISENBc2bGgqTIytPEON5ZmazzbOZjqY3M1QcPlPZOeUm6M9ZcZFhsxpiB4gwZUic9tnCz9eujd6k6DzNVfSRaJcpGA5hJ9aKH4vXS3x7anewna+USEXkRb4Il5zSlZR0i1yrVA1YNOxCG/+GgWvXfvXwdQ0z9BpGwNEyc0mRDNx+umaTukz9t+7/qTcB2JLTuiwM9Gqg5sDDnzPlcZSa7GnIU0MLQIDAQABoxkwFzAVBgNVHREEDjAMggp3ZWItZWlkLmV1MA0GCSqGSIb3DQEBBQUAA4IBAQAYGkBhTlet47uw3JYunYo6dj4nGWSGV4x6LYjCp5QlAmGd28HpC1RFB3ba+inwW8SP69kEOcB0sJQAZ/tV90oCATNsy/Whg/TtiHISL2pr1dyBoKDRWbgTp8jjzcp2Bj9nL14aqpj1t4K1lcoYETX41yVmyyJu6VFs80M5T3yikm2giAhszjChnjyoT2kaEKoua9EUK9SS27pVltgbbvtmeTp3ZPHtBfiDOATL6E03RZ5WfMLRefI796a+RcznnudzQHhMSwcjLpMDgIWpUU4OU7RiwrU+S3MrvgzCjkWh2MGu/OGLB+d3JZoW+eCvigoshmAsbJCMLbh4N78BCPqk';
+    private const MISSING_KEY_USAGE_CERT = 'MIICxjCCAa6gAwIBAgIJANTbd26vS6fmMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNVBAMTCndlYi1laWQuZXUwHhcNMjAwOTI0MTIyNDMzWhcNMzAwOTIyMTIyNDMzWjAVMRMwEQYDVQQDEwp3ZWItZWlkLmV1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAza5qBFu5fvs47rx3o9yzBVfIxHjMotID8ppkwWVen/uFxlqsRVi+XnWkggW+K8X45inAnBAVi1rIw7GQNdacSHglyvQfwM64AallmD0+K+QgbqxcO9fvRvlAeISENBc2bGgqTIytPEON5ZmazzbOZjqY3M1QcPlPZOeUm6M9ZcZFhsxpiB4gwZUic9tnCz9eujd6k6DzNVfSRaJcpGA5hJ9aKH4vXS3x7anewna+USEXkRb4Il5zSlZR0i1yrVA1YNOxCG/+GgWvXfvXwdQ0z9BpGwNEyc0mRDNx+umaTukz9t+7/qTcB2JLTuiwM9Gqg5sDDnzPlcZSa7GnIU0MLQIDAQABoxkwFzAVBgNVHREEDjAMggp3ZWItZWlkLmV1MA0GCSqGSIb3DQEBBQUAA4IBAQAYGkBhTlet47uw3JYunYo6dj4nGWSGV4x6LYjCp5QlAmGd28HpC1RFB3ba+inwW8SP69kEOcB0sJQAZ/tV90oCATNsy/Whg/TtiHISL2pr1dyBoKDRWbgTp8jjzcp2Bj9nL14aqpj1t4K1lcoYETX41yVmyyJu6VFs80M5T3yikm2giAhszjChnjyoT2kaEKoua9EUK9SS27pVltgbbvtmeTp3ZPHtBfiDOATL6E03RZ5WfMLRefI796a+RcznnudzQHhMSwcjLpMDgIWpUU4OU7RiwrU+S3MrvgzCjkWh2MGu/OGLB+d3JZoW+eCvigoshmAsbJCMLbh4N78BCPqk';
     private const WRONG_PURPOSE_CERT = 'MIIEBDCCA2WgAwIBAgIQGIgoZxFL7VZbyFH7MAVEkTAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTE4MTAxODA5MjcyM1oXDTIzMTAxNzIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT3SZB34CUGYhQyLsLd9b2ihv35q7NT47Id9ugLIdgg3NSFDccH6rV16D2m8DKfuD2mn3V6QdaaZnbWF4YdDK1W0C9kLNsB70ob//y39pugMftepmQpJcBGPqug81tf5jujggHDMIIBvzAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDiDBHBgNVHSAEQDA+MDIGCysGAQQBg5EhAQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAIBgYEAI96AQIwHwYDVR0RBBgwFoEUMzgwMDEwODU3MThAZWVzdGkuZWUwHQYDVR0OBBYEFPhJx7ro54+N8r2ByiZXzZyWBbjFMGEGCCsGAQUFBwEDBFUwUzBRBgYEAI5GAQUwRzBFFj9odHRwczovL3NrLmVlL2VuL3JlcG9zaXRvcnkvY29uZGl0aW9ucy1mb3ItdXNlLW9mLWNlcnRpZmljYXRlcy8TAkVOMCAGA1UdJQEB/wQWMBQGCCsG/wUFBwMCBggrBgEFBQcDBDAfBgNVHSMEGDAWgBTAhJkpxE6fOwI09pnhClYACCk+ezBzBggrBgEFBQcBAQRnMGUwLAYIKwYBBQUHMAGGIGh0dHA6Ly9haWEuZGVtby5zay5lZS9lc3RlaWQyMDE4MDUGCCsGAQUFBzAChilodHRwOi8vYy5zay5lZS9UZXN0X29mX0VTVEVJRDIwMTguZGVyLmNydDAKBggqhkjOPQQDBAOBjAAwgYgCQgFi5XSCFGgsc8SKLWwMBWS0nu/20FjEqh6OGvsI4iPctNDkinsxcYgARdfqPsNnDX+KjALKPEKZCLKRixGL2kPLMgJCAQFXP9gstThxlj/1Q5YFb7KWhPWFiKgQEi9JdvxJQNXLkWV9onEh96mRFgv4IJJpGazuoSMZtzNpyBxmM0dwnxOf';
     private const WRONG_POLICY_CERT = 'MIIEATCCA2OgAwIBAgIQOWkBWXNDJm1byFd3XsWkvjAKBggqhkjOPQQDBDBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4XDTE4MTAxODA5NTA0N1oXDTIzMTAxNzIxNTk1OVowfzELMAkGA1UEBhMCRUUxKjAoBgNVBAMMIUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEQMA4GA1UEBAwHSsOVRU9SRzEWMBQGA1UEKgwNSkFBSy1LUklTVEpBTjEaMBgGA1UEBRMRUE5PRUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAR5k1lXzvSeI9O/1s1pZvjhEW8nItJoG0EBFxmLEY6S7ki1vF2Q3TEDx6dNztI1Xtx96cs8r4zYTwdiQoDg7k3diUuR9nTWGxQEMO1FDo4Y9fAmiPGWT++GuOVoZQY3XxijggHBMIIBvTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDiDBFBgNVHSAEPjA8MDAGCSsGAQQBzh8BAzAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwCAYGBACPegECMB8GA1UdEQQYMBaBFDM4MDAxMDg1NzE4QGVlc3RpLmVlMB0GA1UdDgQWBBTkLL00CRAVTDEpocmV+W4m2CbmwDBhBggrBgEFBQcBAwRVMFMwUQYGBACORgEFMEcwRRY/aHR0cHM6Ly9zay5lZS9lbi9yZXBvc2l0b3J5L2NvbmRpdGlvbnMtZm9yLXVzZS1vZi1jZXJ0aWZpY2F0ZXMvEwJFTjAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUwISZKcROnzsCNPaZ4QpWAAgpPnswcwYIKwYBBQUHAQEEZzBlMCwGCCsGAQUFBzABhiBodHRwOi8vYWlhLmRlbW8uc2suZWUvZXN0ZWlkMjAxODA1BggrBgEFBQcwAoYpaHR0cDovL2Muc2suZWUvVGVzdF9vZl9FU1RFSUQyMDE4LmRlci5jcnQwCgYIKoZIzj0EAwQDgYsAMIGHAkIB9VLJjHbS2bYudRatkEeMFJAMKbJ4bAVdh0KlFxWASexF5ywpGl43WSpB6QAXzNEBMe1FIWiOIud44iexNWO1jgACQQ1+M+taZ4hyWqSNW5DCIiUP7Yu4WvH3SUjEqQHbOQshyMh5EM1pVcvOn/ZgOxLt6ETv9avnhVMw2zTd1b8u4EFk';
 
@@ -125,9 +125,9 @@ public function testWhenCertificateFieldIsNotCertificateThenParsingFails(): void
         $this->validator->validate($token, self::VALID_CHALLENGE_NONCE);
     }
 
-    public function testWhenCertificatePurposeIsMissingThenValidationFails(): void
+    public function testWhenCertificateKeyUsageIsMissingThenValidationFails(): void
     {
-        $token = $this->replaceTokenField(self::AUTH_TOKEN, "unverifiedCertificate", self::MISSING_PURPOSE_CERT);
+        $token = $this->replaceTokenField(self::AUTH_TOKEN, "unverifiedCertificate", self::MISSING_KEY_USAGE_CERT);
 
         $this->expectException(UserCertificateMissingPurposeException::class);
         $this->validator->validate($token, self::VALID_CHALLENGE_NONCE);
@@ -171,7 +171,7 @@ public function testWhenUsingNewMobileIdCertificateThenValidationFails(): void
     {
         $token = $this->replaceTokenField(self::AUTH_TOKEN, "unverifiedCertificate", self::NEW_MOBILE_ID_CERT);
 
-        $this->expectException(UserCertificateMissingPurposeException::class);
+        $this->expectException(UserCertificateDisallowedPolicyException::class);
         $this->validator->validate($token, self::VALID_CHALLENGE_NONCE);
     }