1-- X.509 AuthorityKeyIdentifier
2-- rfc5280 section 4.2.1.1
3
4AuthorityKeyIdentifier ::= SEQUENCE {
5	keyIdentifier			[0] IMPLICIT KeyIdentifier		OPTIONAL,
6	authorityCertIssuer		[1] IMPLICIT GeneralNames		OPTIONAL,
7	authorityCertSerialNumber	[2] IMPLICIT CertificateSerialNumber	OPTIONAL
8	}
9
10KeyIdentifier ::= OCTET STRING ({ x509_akid_note_kid })
11
12CertificateSerialNumber ::= INTEGER ({ x509_akid_note_serial })
13
14GeneralNames ::= SEQUENCE OF GeneralName
15
16GeneralName ::= CHOICE {
17	otherName			[0] ANY,
18	rfc822Name			[1] IA5String,
19	dNSName				[2] IA5String,
20	x400Address			[3] ANY,
21	directoryName			[4] Name ({ x509_akid_note_name }),
22	ediPartyName			[5] ANY,
23	uniformResourceIdentifier	[6] IA5String,
24	iPAddress			[7] OCTET STRING,
25	registeredID			[8] OBJECT IDENTIFIER
26	}
27
28Name ::= SEQUENCE OF RelativeDistinguishedName
29
30RelativeDistinguishedName ::= SET OF AttributeValueAssertion
31
32AttributeValueAssertion ::= SEQUENCE {
33	attributeType		OBJECT IDENTIFIER ({ x509_note_OID }),
34	attributeValue		ANY ({ x509_extract_name_segment })
35	}
36