PKIX1 { }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29}
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
AuthorityKeyIdentifier ::= SEQUENCE {
      keyIdentifier             [0] KeyIdentifier            OPTIONAL,
      authorityCertIssuer       [1] GeneralNames             OPTIONAL,
      authorityCertSerialNumber [2] CertificateSerialNumber  OPTIONAL }
    -- authorityCertIssuer and authorityCertSerialNumber shall both
    -- be present or both be absgent
KeyIdentifier ::= OCTET STRING
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
SubjectKeyIdentifier ::= KeyIdentifier
id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
KeyUsage ::= BIT STRING {
     digitalSignature        (0),
     nonRepudiation          (1),
     keyEncipherment         (2),
     dataEncipherment        (3),
     keyAgreement            (4),
     keyCertSign     f present, version shall be v3 --
}
Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
CertificateSerialNumber  ::=  INTEGER
Validity ::= SEQUENCE {
     notBefore      Time,
     notAfter       Time }
Time ::= CHOICE {
     utcTime        UTCTime,
     generalTime    GeneralizedTime }
UniqueIdentifier  ::=  BIT STRING
SubjectPublicKeyInfo  ::=  SEQUENCE  {
     algorithm            AlgorithmIdentifier,
     subjectPublicKey     BIT STRING  }
Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
Extension  ::=  SEQUENCE  {
     extnID      OBJECT IDENTIFIER,
     critical    BOOLEAN DEFAULT FALSE,
     extnValue   OCTET STRING  }
CertificateList  ::=  SEQUENCE  {
     tbsCertList          TBSCertList,
     signatureAlgorithm   AlgorithmIdentifier,
     signature            BIT STRING  }
TBSCertList  ::=  SEQUENCE  {
     version                 Version OPTIONAL,
                                  -- if present, shall be v2
     signature               AlgorithmIdentifier,
     issuer                  Name,
     thisUpdate              Time,
     nextUpdate              Time OPTIONAL,
     revokedCertificates     SEQUENCE OF SEQUENCE  {
          userCertificate         CertificateSerialNumber,
          revocationDate          Time,
          crlEntryExtensions      Extensions OPTIONAL
                                         -- if present, shall be v2
                               }  OPTIONAL,
     crlExtensions           [0] EXPLICIT Extensions OPTIONAL
                                         -- if present, shall be v2 --
}
AlgorithmIdentifier  ::=  SEQUENCE  {
     algorithm               OBJECT IDENTIFIER,
     parameters              ANY DEFINED BY algorithm OPTIONAL  }
                                -- contains a value of the type
                                -- registered for use with the
                                -- algorithm9 20}
pkcs-9-friendlyName ::= BMPString      (SIZE (1..255))
pkcs-8-PrivateKeyInfo ::= SEQUENCE {
  version pkcs-8-Version,
  privateKeyAlgorithm AlgorithmIdentifier,
  privateKey pkcs-8-PrivateKey,
  attributes [0] Attributes OPTIONAL }
pkcs-8-Version ::= IertId
}
pkcs-12-CRLBag ::= SEQUENCE {
	crlId		OBJECT IDENTIFIER,
	crlValue	[0] EXPLICIT ANY DEFINED BY crlId
}
pkcs-12-PKCS12Attribute ::= Attribute
pkcs-7-Data ::= OCTET STRING
pkcs-7-EncryptedData ::= SEQUENCE {
    version INTEGER,
    encryptedContentInfo pkcs-7-EncryptedContentInfo,
    unprotectedAttrs [1] IMPLICIT pkcs-7-UnprotectedAttributes OPTIONAL }
pkcs-7-EncryptedContentInfo ::= SEQUENCE {
    contentType OBJECT IDENTIFIER,
    contentEncryptionAlgorithm pkcs-7-ContentEncryptionAlgorithmIdentifier,
    encryptedContent [0] IMPLICIT OCTET STRING OPTIONAL }
pkcs-7-ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
pkcs-7-UnprotectedAttributes ::= SET SIZE (1..MAX) OF Attribute
id-at-ldap-DC AttributeType ::= { 0 9 2342 19200300 100 1 25 }
ldap-DC ::= IA5String
id-at-ldap-UID AttributeType ::= { 0 9 2342 19200300 100 1 1 }
ldap-UID ::= DirectoryString
id-pda  OBJECT IDENTIFIER ::= { id-pkix 9 }
id-pda-dateOfBirth          AttributeType ::= { id-pda 1 }
DateOfBirth ::=             GeneralizedTime
id-pda-placeOfBirth         AttributeType ::= { id-pda 2 }
PlaceOfBirth ::=            DirectoryString
id-pda-gender               AttributeType ::= { id-pda 3 }
Gender ::=                  PrintableString (SIZE(1))
                            -- "M", "F", "m" or "f"
id-pda-countryOfCitizenship AttributeType ::= { id-pda 4 }
CountryOfCitizenship ::=    PrintableString (SIZE (2))
                            -- ISO 3166 Country Code
id-pda-countryOfResidence   AttributeType ::= { id-pda 5 }
CountryOfResidence ::=      PrintableString (SIZE (2))
                            -- ISO 3166 Country Code
id-pe-proxyCertInfo OBJECT IDENTIFIER ::= { id-pe 14 }
id-ppl-inheritAll OBJECT IDENTIFIER ::= { id-pkix 21 1 }
id-ppl-independent OBJECT IDENTIFIER ::= { id-pkix 21 2 }
ProxyCertInfo ::= SEQUENCE {
	pCPathLenConstraint	INTEGER (0..MAX) OPTIONAL,
	proxyPolicy		ProxyPolicy }
ProxyPolicy ::= SEQUENCE {
	policyLanguage	OBJECT IDENTIFIER,
        policy		OCTET STRING OPTIONAL }
id-on  OBJECT IDENTIFIER ::= { id-pkix 8 }  -- other name forms
id-on-xmppAddr  OBJECT IDENTIFIER ::= { id-on 5 }
XmppAddr ::= UTF8String
BasicOCSPResponse       ::= SEQUENCE {
   tbsResponseData      ResponseData,
   signatureAlgorithm   AlgorithmIdentifier,
   signature            BIT STRING,
   certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
ResponseData ::= SEQUENCE {
   version              [0] EXPLICIT INTEGER DEFAULT 0,
   responderID              ResponderID,
   producedAt               GeneralizedTime,
   responses                SEQUENCE OF SingleResponse,
   responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
ResponderID ::= CHOICE {
   byName   [1] EXPLICIT RDNSequence, --Name
   byKey    [2] EXPLICIT OCTET STRING --SHA-1 hash of responder's public key
}
CertID ::= SEQUENCE {
    hashAlgorithm            AlgorithmIdentifier,
    issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
    issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
    serialNumber       CertificateSerialNumber }
CertStatus ::= CHOICE {
    good                [0]     IMPLICIT NULL,
    revoked             [1]     IMPLICIT RevokedInfo,
    unknown             [2]     IMPLICIT UnknownInfo }
Sin