AttributeCertificateVersion1-2009 {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) modules(0) id-mod-v1AttrCert-02(49)} DEFINITIONS EXPLICIT TAGS ::= BEGIN IMPORTS SIGNATURE-ALGORITHM, ALGORITHM, AlgorithmIdentifier{} FROM AlgorithmInformation-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-algorithmInformation-02(58)} AttributeSet{}, Extensions{}, EXTENSION, ATTRIBUTE FROM PKIX-CommonTypes-2009 {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57) } CertificateSerialNumber, UniqueIdentifier, SIGNED{} FROM PKIX1Explicit-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-explicit-02(51) } GeneralNames FROM PKIX1Implicit-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-pkix1-implicit-02(59) } AttCertValidityPeriod, IssuerSerial FROM PKIXAttributeCertificate-2009 { iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) id-mod-attribute-cert-02(47) } ; -- Definition extracted from X.509-1997 [X.509-97], but -- different type names are used to avoid collisions. AttributeCertificateV1 ::= SIGNED{AttributeCertificateInfoV1} AttributeCertificateInfoV1 ::= SEQUENCE { version AttCertVersionV1 DEFAULT v1, subject CHOICE { baseCertificateID [0] IssuerSerial, -- associated with a Public Key Certificate subjectName [1] GeneralNames }, -- associated with a name issuer GeneralNames, signature AlgorithmIdentifier{SIGNATURE-ALGORITHM, {...}}, serialNumber CertificateSerialNumber, attCertValidityPeriod AttCertValidityPeriod, attributes SEQUENCE OF AttributeSet{{AttrList}}, issuerUniqueID UniqueIdentifier OPTIONAL, extensions Extensions{{AttributeCertExtensionsV1}} OPTIONAL } AttCertVersionV1 ::= INTEGER { v1(0) } AttrList ATTRIBUTE ::= {...} AttributeCertExtensionsV1 EXTENSION ::= {...} END