Certificate ::= SEQUENCE { tbsCertificate TBSCertificate ({ x509_note_tbs_certificate }), signatureAlgorithm AlgorithmIdentifier, signature BIT STRING ({ x509_note_signature }) } TBSCertificate ::= SEQUENCE { version [ 0 ] Version DEFAULT, serialNumber CertificateSerialNumber ({ x509_note_serial }), signature AlgorithmIdentifier ({ x509_note_pkey_algo }), issuer Name ({ x509_note_issuer }), validity Validity, subject Name ({ x509_note_subject }), subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [ 1 ] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueID [ 2 ] IMPLICIT UniqueIdentifier OPTIONAL, extensions [ 3 ] Extensions OPTIONAL } Version ::= INTEGER CertificateSerialNumber ::= INTEGER AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER ({ x509_note_OID }), parameters ANY OPTIONAL } Name ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeValueAssertion AttributeValueAssertion ::= SEQUENCE { attributeType OBJECT IDENTIFIER ({ x509_note_OID }), attributeValue ANY ({ x509_extract_name_segment }) } Validity ::= SEQUENCE { notBefore Time ({ x509_note_not_before }), notAfter Time ({ x509_note_not_after }) } Time ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime } SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING ({ x509_extract_key_data }) } UniqueIdentifier ::= BIT STRING Extensions ::= SEQUENCE OF Extension Extension ::= SEQUENCE { extnid OBJECT IDENTIFIER ({ x509_note_OID }), critical BOOLEAN DEFAULT, extnValue OCTET STRING ({ x509_process_extension }) }