| AuthorityKeyIdentifier |
| { |
| keyIdentifier [0] OCTET_STRING OPTIONAL |
| authorityCertIssuer [1] GeneralNames OPTIONAL |
| authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL |
| } |
| |
| SubjectKeyIdentifier OCTET_STRING |
| |
| KeyUsage |
| { |
| BIT_STRING |
| digitalSignature 0 |
| nonRepudiation 1 |
| keyEncipherment 2 |
| dataEncipherment 3 |
| keyAgreement 4 |
| keyCertSign 5 |
| cRLSign 6 |
| encipherOnly 7 |
| decipherOnly 8 |
| } |
| |
| extKeyUsage |
| { |
| SEQUENCE of OBJECT_IDENTIFIER |
| } |
| |
| privateKeyUsagePeriod |
| { |
| notBefore [0] GeneralizedTime OPTIONAL |
| notAfter [1] GeneralizedTime OPTIONAL |
| } |
| |
| certificatePoliciesSyntax |
| SEQUENCE of PoliciesInformation |
| |
| PoliciesInformation XXX |
| policyMappings XXX |
| supportedAlgorithms XXX |
| |
| subjectAltName |
| GeneralNames sequence of GeneralName |
| |
| GeneralName |
| { |
| otherName [0] INSTANCE OF OTHER-NAME |
| rfc882Name [1] IA5String |
| dNSName [2] IA5String |
| x400Address [3] ORAddress |
| directoryName [4] Name |
| ediPartyName [5] |
| { |
| nameAssigner [0] DirectoryString OPTIONAL |
| partyName [1] DirectoryString |
| } |
| uniformResourceIdentifier [6] IA5String |
| iPAddress [7] OCTET_STRING |
| registeredID [8] OBJECT_IDENTIFIER |
| } |
| |
| issuerAltName |
| GeneralNames sequence of GeneralName |
| |
| subjectDirectoryAttribute SEQUENCE of Attribute |
| |
| basicConstraints |
| { |
| cA BOOLEAN default FALSE |
| pathLenConstraint INTEGER OPTIONAL |
| } |
| |
| nameConstraints |
| { |
| permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL |
| excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL |
| } |
| |
| GeneralSubtree |
| { |
| base GeneralName |
| minimum [0] BaseDistance DEFAULT 0 |
| maximum [1] BaseDistance OPTIONAL |
| } |
| |
| PolicyConstraints |
| { |
| requiredExplicitPolicy [0] SkipCerts OPTIONAL |
| inhibitPolicyMapping [1] SkipCerts OPTIONAL |
| } |
| SkipCerts == INTEGER |
| |