AB<- index


Appendix C. Examples

This section contains four examples: three certificates and a CRL. The first two certificates and the CRL comprise a minimal certification path.

Section C.1 contains an annotated hex dump of a "self-signed" certificate issued by a CA whose distinguished name is cn=us,o=gov,ou=nist. The certificate contains a DSA public key with parameters, and is signed by the corresponding DSA private key.

Section C.2 contains an annotated hex dump of an end entity certificate. The end entity certificate contains a DSA public key, and is signed by the private key corresponding to the "self-signed" certificate in section C.1.

Section C.3 contains a dump of an end entity certificate which contains an RSA public key and is signed with RSA and MD5. This certificate is not part of the minimal certification path.

Section C.4 contains an annotated hex dump of a CRL. The CRL is issued by the CA whose distinguished name is cn=us,o=gov,ou=nist and the list of revoked certificates includes the end entity certificate presented in C.2.

The certificates were processed using Peter Gutman's dumpasn1 utility to generate the output. The source for the dumpasn1 utility is available at <http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c>. The binaries for the certificates and CRLs are available at <http://csrc.nist.gov/pki/pkixtools>.

C.1 Certificate

This section contains an annotated hex dump of a 699 byte version 3 certificate. The certificate contains the following information: (a) the serial number is 23 (17 hex); (b) the certificate is signed with DSA and the SHA-1 hash algorithm; (c) the issuer's distinguished name is OU=NIST; O=gov; C=US (d) and the subject's distinguished name is OU=NIST; O=gov; C=US (e) the certificate was issued on June 30, 1997 and will expire on December 31, 1997; (f) the certificate contains a 1024 bit DSA public key with parameters; (g) the certificate contains a subject key identifier extension generated using method (1) of section 4.2.1.2; and (h) the certificate is a CA certificate (as indicated through the basic constraints extension.)

@

  0 30  699: SEQUENCE {
  4 30  635:   SEQUENCE {
  8 A0    3:     [0] {
 10 02    1:       INTEGER 2
          :       }
 13 02    1:     INTEGER 17
 16 30    9:     SEQUENCE {
 18 06    7:       OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
          :       }
 27 30   42:     SEQUENCE {
 29 31   11:       SET {
 31 30    9:         SEQUENCE {
 33 06    3:           OBJECT IDENTIFIER countryName (2 5 4 6)
 38 13    2:           PrintableString 'US'
          :           }
          :         }
 42 31   12:       SET {
 44 30   10:         SEQUENCE {
 46 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
 51 13    3:           PrintableString 'gov'
          :           }
          :         }
 56 31   13:       SET {
 58 30   11:         SEQUENCE {
 60 06    3:           OBJECT IDENTIFIER
          :             organizationalUnitName (2 5 4 11)
 65 13    4:           PrintableString 'NIST'
           :           }
           :         }
           :       }
 71 30   30:     SEQUENCE {
 73 17   13:       UTCTime '970630000000Z'
 88 17   13:       UTCTime '971231000000Z'
           :       }
103 30   42:     SEQUENCE {
105 31   11:       SET {
107 30    9:         SEQUENCE {
109 06    3:           OBJECT IDENTIFIER countryName (2 5 4 6)
114 13    2:           PrintableString 'US'
           :           }
           :         }
118 31   12:       SET {
120 30   10:         SEQUENCE {
122 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
127 13    3:           PrintableString 'gov'
           :           }
           :         }
132 31   13:       SET {
134 30   11:         SEQUENCE {
136 06    3:           OBJECT IDENTIFIER
           :             organizationalUnitName (2 5 4 11)
141 13    4:           PrintableString 'NIST'
           :           }
           :         }
           :       }
147 30  440:     SEQUENCE {
151 30  300:       SEQUENCE {
155 06    7:         OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
164 30  287:         SEQUENCE {
168 02  129:           INTEGER
           :             00 B6 8B 0F 94 2B 9A CE A5 25 C6 F2 ED FC
           :             FB 95 32 AC 01 12 33 B9 E0 1C AD 90 9B BC
           :             48 54 9E F3 94 77 3C 2C 71 35 55 E6 FE 4F
           :             22 CB D5 D8 3E 89 93 33 4D FC BD 4F 41 64
           :             3E A2 98 70 EC 31 B4 50 DE EB F1 98 28 0A
           :             C9 3E 44 B3 FD 22 97 96 83 D0 18 A3 E3 BD
           :             35 5B FF EE A3 21 72 6A 7B 96 DA B9 3F 1E
           :             5A 90 AF 24 D6 20 F0 0D 21 A7 D4 02 B9 1A
           :             FC AC 21 FB 9E 94 9E 4B 42 45 9E 6A B2 48
           :             63 FE 43
300 02   21:           INTEGER
           :             00 B2 0D B0 B1 01 DF 0C 66 24 FC 13 92 BA
           :             55 F7 7D 57 74 81 E5
323 02  129:           INTEGER
           :             00 9A BF 46 B1 F5 3F 44 3D C9 A5 65 FB 91
           :             C0 8E 47 F1 0A C3 01 47 C2 44 42 36 A9 92
           :             81 DE 57 C5 E0 68 86 58 00 7B 1F F9 9B 77
           :             A1 C5 10 A5 80 91 78 51 51 3C F6 FC FC CC
           :             46 C6 81 78 92 84 3D F4 93 3D 0C 38 7E 1A
           :             5B 99 4E AB 14 64 F6 0C 21 22 4E 28 08 9C
           :             92 B9 66 9F 40 E8 95 F6 D5 31 2A EF 39 A2
           :             62 C7 B2 6D 9E 58 C4 3A A8 11 81 84 6D AF
           :             F8 B4 19 B4 C2 11 AE D0 22 3B AA 20 7F EE
           :             1E 57 18
           :           }
           :         }
455 03  133:       BIT STRING 0 unused bits, encapsulates {
459 02  129:           INTEGER
           :             00 B5 9E 1F 49 04 47 D1 DB F5 3A DD CA 04
           :             75 E8 DD 75 F6 9B 8A B1 97 D6 59 69 82 D3
           :             03 4D FD 3B 36 5F 4A F2 D1 4E C1 07 F5 D1
           :             2A D3 78 77 63 56 EA 96 61 4D 42 0B 7A 1D
           :             FB AB 91 A4 CE DE EF 77 C8 E5 EF 20 AE A6
           :             28 48 AF BE 69 C3 6A A5 30 F2 C2 B9 D9 82
           :             2B 7D D9 C4 84 1F DE 0D E8 54 D7 1B 99 2E
           :             B3 D0 88 F6 D6 63 9B A7 E2 0E 82 D4 3B 8A
           :             68 1B 06 56 31 59 0B 49 EB 99 A5 D5 81 41
           :             7B C9 55
           :           }
           :       }
591 A3   50:     [3] {
593 30   48:       SEQUENCE {
595 30   29:         SEQUENCE {
597 06    3:           OBJECT IDENTIFIER
           :             subjectKeyIdentifier (2 5 29 14)
602 04   22:           OCTET STRING, encapsulates {
604 04   20:               OCTET STRING
           :                 86 CA A5 22 81 62 EF AD 0A 89 BC AD 72 41
           :                 2C 29 49 F4 86 56
           :               }
           :           }
626 30   15:         SEQUENCE {
628 06    3:           OBJECT IDENTIFIER basicConstraints (2 5 29 19)
633 01    1:           BOOLEAN TRUE
636 04    5:           OCTET STRING, encapsulates {
638 30    3:               SEQUENCE {
640 01    1:                 BOOLEAN TRUE
           :                 }
           :               }
           :           }
           :         }
           :       }
           :     }
643 30    9:   SEQUENCE {
645 06    7:     OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
           :     }
654 03   47:   BIT STRING 0 unused bits, encapsulates {
657 30   44:       SEQUENCE {
659 02   20:         INTEGER
           :           43 1B CF 29 25 45 C0 4E 52 E7 7D D6 FC B1
           :           66 4C 83 CF 2D 77
681 02   20:         INTEGER
           :           0B 5B 9A 24 11 98 E8 F3 86 90 04 F6 08 A9
           :           E1 8D A5 CC 3A D4
           :         }
           :       }
           :   }

C.2 Certificate

This section contains an annotated hex dump of a 730 byte version 3 certificate. The certificate contains the following information: (a) the serial number is 18 (12 hex); (b) the certificate is signed with DSA and the SHA-1 hash algorithm; (c) the issuer's distinguished name is OU=nist; O=gov; C=US (d) and the subject's distinguished name is CN=Tim Polk; OU=nist; O=gov; C=US (e) the certificate was valid from July 30, 1997 through December 1, 1997; (f) the certificate contains a 1024 bit DSA public key; (g) the certificate is an end entity certificate, as the basic constraints extension is not present; (h) the certificate contains an authority key identifier extension matching the subject key identifier of the certificate in Appendix C.1; and (i) the certificate includes one alternative name - an RFC 822 address of "wpolk@nist.gov".

@

  0 30  699: SEQUENCE {
  4 30  635:   SEQUENCE {
  8 A0    3:     [0] {
 10 02    1:       INTEGER 2
          :       }
 13 02    1:     INTEGER 17
 16 30    9:     SEQUENCE {
 18 06    7:       OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
          :       }
 27 30   42:     SEQUENCE {
 29 31   11:       SET {
 31 30    9:         SEQUENCE {
 33 06    3:           OBJECT IDENTIFIER countryName (2 5 4 6)
 38 13    2:           PrintableString 'US'
          :           }
          :         }
 42 31   12:       SET {
 44 30   10:         SEQUENCE {
 46 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
 51 13    3:           PrintableString 'gov'
          :           }
          :         }
 56 31   13:       SET {
 58 30   11:         SEQUENCE {
 60 06    3:           OBJECT IDENTIFIER
          :             organizationalUnitName (2 5 4 11)
 65 13    4:           PrintableString 'NIST'
           :           }
           :         }
           :       }
 71 30   30:     SEQUENCE {
 73 17   13:       UTCTime '970630000000Z'
 88 17   13:       UTCTime '971231000000Z'
           :       }
103 30   42:     SEQUENCE {
105 31   11:       SET {
107 30    9:         SEQUENCE {
109 06    3:           OBJECT IDENTIFIER countryName (2 5 4 6)
114 13    2:           PrintableString 'US'
           :           }
           :         }
118 31   12:       SET {
120 30   10:         SEQUENCE {
122 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
127 13    3:           PrintableString 'gov'
           :           }
           :         }
132 31   13:       SET {
134 30   11:         SEQUENCE {
136 06    3:           OBJECT IDENTIFIER
           :             organizationalUnitName (2 5 4 11)
141 13    4:           PrintableString 'NIST'
           :           }
           :         }
           :       }
147 30  440:     SEQUENCE {
151 30  300:       SEQUENCE {
155 06    7:         OBJECT IDENTIFIER dsa (1 2 840 10040 4 1)
164 30  287:         SEQUENCE {
168 02  129:           INTEGER
           :             00 B6 8B 0F 94 2B 9A CE A5 25 C6 F2 ED FC
           :             FB 95 32 AC 01 12 33 B9 E0 1C AD 90 9B BC
           :             48 54 9E F3 94 77 3C 2C 71 35 55 E6 FE 4F
           :             22 CB D5 D8 3E 89 93 33 4D FC BD 4F 41 64
           :             3E A2 98 70 EC 31 B4 50 DE EB F1 98 28 0A
           :             C9 3E 44 B3 FD 22 97 96 83 D0 18 A3 E3 BD
           :             35 5B FF EE A3 21 72 6A 7B 96 DA B9 3F 1E
           :             5A 90 AF 24 D6 20 F0 0D 21 A7 D4 02 B9 1A
           :             FC AC 21 FB 9E 94 9E 4B 42 45 9E 6A B2 48
           :             63 FE 43
300 02   21:           INTEGER
           :             00 B2 0D B0 B1 01 DF 0C 66 24 FC 13 92 BA
           :             55 F7 7D 57 74 81 E5
323 02  129:           INTEGER
           :             00 9A BF 46 B1 F5 3F 44 3D C9 A5 65 FB 91
           :             C0 8E 47 F1 0A C3 01 47 C2 44 42 36 A9 92
           :             81 DE 57 C5 E0 68 86 58 00 7B 1F F9 9B 77
           :             A1 C5 10 A5 80 91 78 51 51 3C F6 FC FC CC
           :             46 C6 81 78 92 84 3D F4 93 3D 0C 38 7E 1A
           :             5B 99 4E AB 14 64 F6 0C 21 22 4E 28 08 9C
           :             92 B9 66 9F 40 E8 95 F6 D5 31 2A EF 39 A2
           :             62 C7 B2 6D 9E 58 C4 3A A8 11 81 84 6D AF
           :             F8 B4 19 B4 C2 11 AE D0 22 3B AA 20 7F EE
           :             1E 57 18
           :           }
           :         }
455 03  133:       BIT STRING 0 unused bits, encapsulates {
459 02  129:           INTEGER
           :             00 B5 9E 1F 49 04 47 D1 DB F5 3A DD CA 04
           :             75 E8 DD 75 F6 9B 8A B1 97 D6 59 69 82 D3
           :             03 4D FD 3B 36 5F 4A F2 D1 4E C1 07 F5 D1
           :             2A D3 78 77 63 56 EA 96 61 4D 42 0B 7A 1D
           :             FB AB 91 A4 CE DE EF 77 C8 E5 EF 20 AE A6
           :             28 48 AF BE 69 C3 6A A5 30 F2 C2 B9 D9 82
           :             2B 7D D9 C4 84 1F DE 0D E8 54 D7 1B 99 2E
           :             B3 D0 88 F6 D6 63 9B A7 E2 0E 82 D4 3B 8A
           :             68 1B 06 56 31 59 0B 49 EB 99 A5 D5 81 41
           :             7B C9 55
           :           }
           :       }
591 A3   50:     [3] {
593 30   48:       SEQUENCE {
595 30   29:         SEQUENCE {
597 06    3:           OBJECT IDENTIFIER
           :             subjectKeyIdentifier (2 5 29 14)
602 04   22:           OCTET STRING, encapsulates {
604 04   20:               OCTET STRING
           :                 86 CA A5 22 81 62 EF AD 0A 89 BC AD 72 41
           :                 2C 29 49 F4 86 56
           :               }
           :           }
626 30   15:         SEQUENCE {
628 06    3:           OBJECT IDENTIFIER basicConstraints (2 5 29 19)
633 01    1:           BOOLEAN TRUE
636 04    5:           OCTET STRING, encapsulates {
638 30    3:               SEQUENCE {
640 01    1:                 BOOLEAN TRUE
           :                 }
           :               }
           :           }
           :         }
           :       }
           :     }
643 30    9:   SEQUENCE {
645 06    7:     OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
           :     }
654 03   47:   BIT STRING 0 unused bits, encapsulates {
657 30   44:       SEQUENCE {
659 02   20:         INTEGER
           :           43 1B CF 29 25 45 C0 4E 52 E7 7D D6 FC B1
           :           66 4C 83 CF 2D 77
681 02   20:         INTEGER
           :           0B 5B 9A 24 11 98 E8 F3 86 90 04 F6 08 A9
           :           E1 8D A5 CC 3A D4
           :         }
           :       }
           :   }

C.3 End Entity Certificate Using RSA

This section contains an annotated hex dump of a 654 byte version 3 certificate. The certificate contains the following information: (a) the serial number is 256; (b) the certificate is signed with RSA and the SHA-1 hash algorithm; (c) the issuer's distinguished name is OU=NIST; O=gov; C=US (d) and the subject's distinguished name is CN=Tim Polk; OU=NIST; O=gov; C=US (e) the certificate was issued on May 21, 1996 at 09:58:26 and expired on May 21, 1997 at 09:58:26; (f) the certificate contains a 1024 bit RSA public key; (g) the certificate is an end entity certificate (not a CA certificate); (h) the certificate includes an alternative subject name of "<http://www.itl.nist.gov/div893/staff/polk/index.html>" and an alternative issuer name of "<http://www.nist.gov/>" - both are URLs; (i) the certificate include an authority key identifier extension and a certificate policies extension specifying the policy OID 2.16.840.1.101.3.2.1.48.9; and (j) the certificate includes a critical key usage extension specifying that the public key is intended for verification of digital signatures.

  0 30  654: SEQUENCE {
  4 30  503:   SEQUENCE {
  8 A0    3:     [0] {
 10 02    1:       INTEGER 2
           :       }
 13 02    2:     INTEGER 256
 17 30   13:     SEQUENCE {
 19 06    9:       OBJECT IDENTIFIER
           :         sha1withRSAEncryption (1 2 840 113549 1 1 5)
 30 05    0:       NULL
           :       }
 32 30   42:     SEQUENCE {
 34 31   11:       SET {
 36 30    9:         SEQUENCE {
 38 06    3:           OBJECT IDENTIFIER countryName (2 5 4 6)
 43 13    2:           PrintableString 'US'
           :           }
           :         }
 47 31   12:       SET {
 49 30   10:         SEQUENCE {
 51 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
 56 13    3:           PrintableString 'gov'
           :           }
           :         }
 61 31   13:       SET {
 63 30   11:         SEQUENCE {
 65 06    3:           OBJECT IDENTIFIER
           :             organizationalUnitName (2 5 4 11)
 70 13    4:           PrintableString 'NIST'
           :           }
           :         }
           :       }
 76 30   30:     SEQUENCE {
 78 17   13:       UTCTime '960521095826Z'
 93 17   13:       UTCTime '970521095826Z'
           :       }
108 30   61:     SEQUENCE {
110 31   11:       SET {
112 30    9:         SEQUENCE {
114 06    3:           OBJECT IDENTIFIER countryName (2 5 4 6)
119 13    2:           PrintableString 'US'
           :           }
           :         }
123 31   12:       SET {
125 30   10:         SEQUENCE {
127 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
132 13    3:           PrintableString 'gov'
           :           }
           :         }
137 31   13:       SET {
139 30   11:         SEQUENCE {
141 06    3:           OBJECT IDENTIFIER
           :             organizationalUnitName (2 5 4 11)
146 13    4:           PrintableString 'NIST'
           :           }
           :         }
152 31   17:       SET {
154 30   15:         SEQUENCE {
156 06    3:           OBJECT IDENTIFIER commonName (2 5 4 3)
161 13    8:           PrintableString 'Tim Polk'
           :           }
           :         }
           :       }
171 30  159:     SEQUENCE {
174 30   13:       SEQUENCE {
176 06    9:         OBJECT IDENTIFIER
           :           rsaEncryption (1 2 840 113549 1 1 1)
187 05    0:         NULL
           :         }
189 03  141:       BIT STRING 0 unused bits, encapsulates {
193 30  137:           SEQUENCE {
196 02  129:             INTEGER
           :               00 E1 6A E4 03 30 97 02 3C F4 10 F3 B5 1E
           :               4D 7F 14 7B F6 F5 D0 78 E9 A4 8A F0 A3 75
           :               EC ED B6 56 96 7F 88 99 85 9A F2 3E 68 77
           :               87 EB 9E D1 9F C0 B4 17 DC AB 89 23 A4 1D
           :               7E 16 23 4C 4F A8 4D F5 31 B8 7C AA E3 1A
           :               49 09 F4 4B 26 DB 27 67 30 82 12 01 4A E9
           :               1A B6 C1 0C 53 8B 6C FC 2F 7A 43 EC 33 36
           :               7E 32 B2 7B D5 AA CF 01 14 C6 12 EC 13 F2
           :               2D 14 7A 8B 21 58 14 13 4C 46 A3 9A F2 16
           :               95 FF 23
328 02    3:             INTEGER 65537
           :             }
           :           }
           :       }
333 A3  175:     [3] {
336 30  172:       SEQUENCE {
339 30   63:         SEQUENCE {
341 06    3:           OBJECT IDENTIFIER subjectAltName (2 5 29 17)
346 04   56:           OCTET STRING, encapsulates {
348 30   54:               SEQUENCE {
350 86   52:                 [6]
           :                   'http://www.itl.nist.gov/div893/staff/'
           :                   'polk/index.html'
           :                 }
           :               }
           :           }
404 30   31:         SEQUENCE {
406 06    3:           OBJECT IDENTIFIER issuerAltName (2 5 29 18)
411 04   24:           OCTET STRING, encapsulates {
413 30   22:               SEQUENCE {
415 86   20:                 [6] 'http://www.nist.gov/'
           :                 }
           :               }
           :           }
437 30   31:         SEQUENCE {
439 06    3:           OBJECT IDENTIFIER
           :             authorityKeyIdentifier (2 5 29 35)
444 04   24:           OCTET STRING, encapsulates {
446 30   22:               SEQUENCE {
448 80   20:                 [0]
           :                   08 68 AF 85 33 C8 39 4A 7A F8 82 93 8E
           :                   70 6A 4A 20 84 2C 32
           :                 }
           :               }
           :           }
470 30   23:         SEQUENCE {
472 06    3:           OBJECT IDENTIFIER
           :             certificatePolicies (2 5 29 32)
477 04   16:           OCTET STRING, encapsulates {
479 30   14:               SEQUENCE {
481 30   12:                 SEQUENCE {
483 06   10:                   OBJECT IDENTIFIER
           :                            '2 16 840 1 101 3 2 1 48 9'
           :                   }
           :                 }
           :               }
           :           }
495 30   14:         SEQUENCE {
497 06    3:           OBJECT IDENTIFIER keyUsage (2 5 29 15)
502 01    1:           BOOLEAN TRUE
505 04    4:           OCTET STRING, encapsulates {
507 03    2:               BIT STRING 7 unused bits
           :                 '1'B (bit 0)
           :               }
           :           }
           :         }
           :       }
           :     }
511 30   13:   SEQUENCE {
513 06    9:     OBJECT IDENTIFIER
           :       sha1withRSAEncryption (1 2 840 113549 1 1 5)
524 05    0:     NULL
           :     }
526 03  129:   BIT STRING 0 unused bits
           :     1E 07 77 6E 66 B5 B6 B8 57 F0 03 DC 6F 77
           :     6D AF 55 1D 74 E5 CE 36 81 FC 4B C5 F4 47
           :     82 C4 0A 25 AA 8D D6 7D 3A 89 AB 44 34 39
           :     F6 BD 61 1A 78 85 7A B8 1E 92 A2 22 2F CE
           :     07 1A 08 8E F1 46 03 59 36 4A CB 60 E6 03
           :     40 01 5B 2A 44 D6 E4 7F EB 43 5E 74 0A E6
           :     E4 F9 3E E1 44 BE 1F E7 5F 5B 2C 41 8D 08
           :     BD 26 FE 6A A6 C3 2F B2 3B 41 12 6B C1 06
           :     8A B8 4C 91 59 EB 2F 38 20 2A 67 74 20 0B
           :     77 F3
           :   }

C.4 Certificate Revocation List

This section contains an annotated hex dump of a version 2 CRL with one extension (cRLNumber). The CRL was issued by OU=NIST; O=gov; C=US on August 7, 1997; the next scheduled issuance was September 7, 1997. The CRL includes one revoked certificates: serial number 18 (12 hex), which was revoked on July 31, 1997 due to keyCompromise. The CRL itself is number 18, and it was signed with DSA and SHA-1.

  0 30  203: SEQUENCE {
  3 30  140:   SEQUENCE {
  6 02    1:     INTEGER 1
  9 30    9:     SEQUENCE {
 11 06    7:       OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
           :       }
 20 30   42:     SEQUENCE {
 22 31   11:       SET {
 24 30    9:         SEQUENCE {
 26 06    3:           OBJECT IDENTIFIER countryName (2 5 4 6)
 31 13    2:           PrintableString 'US'
           :           }
           :         }
 35 31   12:       SET {
 37 30   10:         SEQUENCE {
 39 06    3:           OBJECT IDENTIFIER organizationName (2 5 4 10)
 44 13    3:           PrintableString 'gov'
           :           }
           :         }
 49 31   13:       SET {
 51 30   11:         SEQUENCE {
 53 06    3:           OBJECT IDENTIFIER
           :             organizationalUnitName (2 5 4 11)
 58 13    4:           PrintableString 'NIST'
           :           }
           :         }
           :       }
 64 17   13:     UTCTime '970807000000Z'
 79 17   13:     UTCTime '970907000000Z'
 94 30   34:     SEQUENCE {
 96 30   32:       SEQUENCE {
 98 02    1:         INTEGER 18
101 17   13:         UTCTime '970731000000Z'
116 30   12:         SEQUENCE {
118 30   10:           SEQUENCE {
120 06    3:             OBJECT IDENTIFIER cRLReason (2 5 29 21)
125 04    3:             OCTET STRING, encapsulates {
127 0A    1:                 ENUMERATED 1
           :                 }
           :             }
           :           }
           :         }
           :       }
130 A0   14:     [0] {
132 30   12:       SEQUENCE {
134 30   10:         SEQUENCE {
136 06    3:           OBJECT IDENTIFIER cRLNumber (2 5 29 20)
141 04    3:           OCTET STRING, encapsulates {
143 02    1:               INTEGER 12
           :               }
           :           }
           :         }
           :       }
           :     }
146 30    9:   SEQUENCE {
148 06    7:     OBJECT IDENTIFIER dsaWithSha1 (1 2 840 10040 4 3)
           :     }
157 03   47:   BIT STRING 0 unused bits, encapsulates {
160 30   44:       SEQUENCE {
162 02   20:         INTEGER
           :           22 4E 9F 43 BA 95 06 34 F2 BB 5E 65 DB A6
           :           80 05 C0 3A 29 47
184 02   20:         INTEGER
           :           59 1A 57 C9 82 D7 02 21 14 C3 D4 0B 32 1B
           :           96 16 B1 1F 46 5A
           :         }
           :       }
           :   }

@