-- X.509 AuthorityKeyIdentifier -- rfc5280 section 4.2.1.1 AuthorityKeyIdentifier ::= SEQUENCE { keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL, authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL, authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL } KeyIdentifier ::= OCTET STRING ({ x509_akid_note_kid }) CertificateSerialNumber ::= INTEGER ({ x509_akid_note_serial }) GeneralNames ::= SEQUENCE OF GeneralName GeneralName ::= CHOICE { otherName [0] IMPLICIT OtherName, rfc822Name [1] IMPLICIT IA5String, dNSName [2] IMPLICIT IA5String, x400Address [3] ANY, directoryName [4] Name ({ x509_akid_note_name }), ediPartyName [5] IMPLICIT EDIPartyName, uniformResourceIdentifier [6] IMPLICIT IA5String, iPAddress [7] IMPLICIT OCTET STRING, registeredID [8] IMPLICIT OBJECT IDENTIFIER } Name ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeValueAssertion AttributeValueAssertion ::= SEQUENCE { attributeType OBJECT IDENTIFIER ({ x509_note_OID }), attributeValue ANY ({ x509_extract_name_segment }) } OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] ANY } EDIPartyName ::= SEQUENCE { nameAssigner [0] ANY OPTIONAL, partyName [1] ANY }