1Certificate ::= SEQUENCE {
2	tbsCertificate		TBSCertificate ({ x509_note_tbs_certificate }),
3	signatureAlgorithm	AlgorithmIdentifier,
4	signature		BIT STRING ({ x509_note_signature })
5	}
6
7TBSCertificate ::= SEQUENCE {
8	version           [ 0 ]	Version DEFAULT,
9	serialNumber		CertificateSerialNumber,
10	signature		AlgorithmIdentifier ({ x509_note_pkey_algo }),
11	issuer			Name ({ x509_note_issuer }),
12	validity		Validity,
13	subject			Name ({ x509_note_subject }),
14	subjectPublicKeyInfo	SubjectPublicKeyInfo,
15	issuerUniqueID    [ 1 ]	IMPLICIT UniqueIdentifier OPTIONAL,
16	subjectUniqueID   [ 2 ]	IMPLICIT UniqueIdentifier OPTIONAL,
17	extensions        [ 3 ]	Extensions OPTIONAL
18	}
19
20Version ::= INTEGER
21CertificateSerialNumber ::= INTEGER
22
23AlgorithmIdentifier ::= SEQUENCE {
24	algorithm		OBJECT IDENTIFIER ({ x509_note_OID }),
25	parameters		ANY OPTIONAL
26}
27
28Name ::= SEQUENCE OF RelativeDistinguishedName
29
30RelativeDistinguishedName ::= SET OF AttributeValueAssertion
31
32AttributeValueAssertion ::= SEQUENCE {
33	attributeType		OBJECT IDENTIFIER ({ x509_note_OID }),
34	attributeValue		ANY ({ x509_extract_name_segment })
35	}
36
37Validity ::= SEQUENCE {
38	notBefore		Time ({ x509_note_not_before }),
39	notAfter		Time ({ x509_note_not_after })
40	}
41
42Time ::= CHOICE {
43	utcTime			UTCTime,
44	generalTime		GeneralizedTime
45	}
46
47SubjectPublicKeyInfo ::= SEQUENCE {
48	algorithm		AlgorithmIdentifier,
49	subjectPublicKey	BIT STRING ({ x509_extract_key_data })
50	}
51
52UniqueIdentifier ::= BIT STRING
53
54Extensions ::= SEQUENCE OF Extension
55
56Extension ::= SEQUENCE {
57	extnid			OBJECT IDENTIFIER ({ x509_note_OID }),
58	critical		BOOLEAN DEFAULT,
59	extnValue		OCTET STRING ({ x509_process_extension })
60	}
61