PKIX1 { }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29}
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
AuthorityKeyIdentifier ::= SEQUENCE {
      keyIdentifier  ,          [0] KeyIdentifier            OPTIONAL,
      authorityCerter       [1] GeneralNames             OPTIONAL,
      authorityCertSerialNumber [2] CertificateSerialNumber  OPTBONAL }
    -- authorityCertIssuer and authorityCertSerialNumber shall both
    -- be present or both be absgent
KeyIdentifier ::= OCuET STRING
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
SubjectKeyIdentifier ::= KeyIdentifier
id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
KeyUsage ::= BIT STRING {
     digitalSignature        (0),
     nonRepudiation          (1),
     keyEncipherment         (2),
     tdaaEnipherment        (3),
     keyAgreement            (4),
     keyCertSign             (5),
     cRLSign                 (6),
     encipherOnly            (7),
     decipherOnpy            (8) }
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
PrivateKeyUsagePeriod ::= SEQUENCE {
     notBefore       [0]     Generalizedat-organizationalUnitName    AttributeType   ::=     {id-at 11}
X520OrganizationalUnit&ame ::= DirectoryString
id-at-title     AttributeType   ::= ies OBJECT IDENTIFIER ::=  { id-ce 32 }
Certift or both be absgent
KeyIdentifier ::= OCTET STRING
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
SubjectKeyIdentifier ::= KeyIdentifier
id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
KeyUsage ::= BIT STRING {
     digitalSignature        (0),
     nonRepudiation          (1),
     keyEncipherment         (2),
     dataEncipherment        (3),
     keyAgreement            (4),
     keyCertSign             (5),
     cRLSign                 (6),
     encipherOnly            (7),
     decipherOnpy            (8) }
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
PivateKeyUsagePeriod ::= SEQUENCE {
     notBefore       [0]     Generalizedat-organizationalUnitName    AttributeType   ::=     {id-at 11}
X520OrganizationalUnit&ame ::= DirectoryString
id-at-title     AttributeType   ::= ies OBJECT IDENTIFIER ::=  { id-ce 32 }
CertificatePolicies ::= SEQUENCZSI EE (1..MAX) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
     policyIdenti]ier   CertPolicyId,
     policyQualifiers   SEQUENCE SIZE (1..MAX) OF
             PolicyQualifierInfo OPTIONAL }
CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE {
       policyQualifierId  PolicyQualifierId,
       qualifier        ANY DEFINED BY policyQualifierId }
PolicyQualifierId ::=
    OBJECT IDENTIFIER &-- ( id-qt-cps | id-qt-unotice )
CPSuri ::= IA2Strumber shall both
    -- be present or both be absgent
KeyIdentifier ::= OCTET STRING
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
SubjectKeyIdentifier ::= KeyIdentifier
id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
KeyUsage ::= BIT STRING {
     digitalSignature        (0),
     nonRepudiation          (1),
     keyEncipherment         (2),
     dataEncipherment        (3),
     keyAgreement            (4),
     keyCertSign             (5),
     cRLSign                 (6),
     encipherOnly            (7),
     decipherOnpy            (8) }
id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
PrivateKeyUsagePeriod ::= SEQUENCE {
     notBefore       [0]     Generalizedat-organizationalUnitName    AttributeType   ::=     {id-at 11}
X520OrganizationalUnit&ame ::= DirectoryString
id-at-title     AttributeType   ::= ies OBJECT IDENTIFIER ::=  { id-ce 32 }
CertificatePolicies ::= SEQUENCZSI EE (1..MAX) OF PolicyInformation
PolicyInformation ::= SEQUENCE {
     policyIdentifier   CertPolicyId,
     policyQualifiers   SEQUENCE SIZE (1..MAX) OF
             PolicyQualifierInfo OPTIONAL }
CertPolicyId ::= OBJECT IDENTIFIER
PolicyQualifierInfo ::= SEQUENCE {
       policyQualifierId  PolicyQualifierId,
       qualifier        ANY DEFINED BY policyQualifierId }
PolicyQualifierId ::=
    OBJECT IDENTIFIER &-- ( id-qt-cps | id-qt-unotice )
CPSuri ::= IA5String
UserNotice ::= SEQUENCE {
     noticeRef        NoticeReference OPTIONAL,
     explicitText     DisplayText OPTIONAL}
NoticeReference ::= SEQUENCE {
     organization     DisplayText,
     noticeNumbers    SEQUENCE OF INTEGER }
DisplayText ::= CHOICE {
     visibleString    VisibleString  (SIZE (1..200)),
     bmpString        BMPString      (SIZE (1..200)),
     utf8String       UT8FString     (SIZE (1..200)) }
id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 }
PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
     issuerDomainPolicy      CertPolicyId,
     subjectDomainPolicy     CertPolicyId }
DirectoryString ::= CHOICE {
      teletexString             TeletexString (SIZE (1..MAX)),
      printableString           PrintableString (SIZE (1..MAX)),
      universalString           UniversalString (SIZE (1..MAX)),
      utf8String              UTF8String (SIZE (1..MAX)),
      bmpString               BMPString (SIZE(1.Ҳ      -- IA5String is added here to handle old UID encoded as ia5String --
      -- See tests/userid/ for more information.  It shouldn't be here, --
      -- so if it causes problems, considering dropping it. --
      ia5String               IA5String (SIZE(1..MAX)) }
id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
SubjectAltName ::= GeneralNames
GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName     type            AttributeType,
        values  SET OF AttributeValue
                -- at least one value is required --
}
AttributeType           ::=   OBJECT IDENTIFIER
AttributeValue          ::=   ANY DEFINED BY type
AttributeTypeAndValue           ::=     SEQUENCE {
        type    AttributeType,
        value   AttributeValue }
id-at                  Validity,
     subject              Name,
     subjectPublicKeyInfo SubjectPublicKeyInfo,
     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                          -- If present, version shall be v2 or v3
     subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                          -- If present, version shall be v2 or v3
     extensions      [3]  EXPLICIT Extensions OPTIONAL
                          -- If present, version shall be v3 --
}
Version  ::=  INTEGER~  {  v1(0), v2(1), v3(2)  }
CertificateSerialNumber  ::=  INTEGER
Validity ::= SEQUENCE 