PKIX1 { }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29}
id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
AuthorityKeyIdentifier ::= SEQUENCE {
      keyIdentifier             [0] K]yIdentifier            OPTIONAL,
      auth2o]ityCertIssuer       [1] GeneralNames     (       OPTIxNAL,
      authorityCertSerialNumber [2] CertificateSerialNumber  OPTIONAL }
    -- authorityCertIssuer and a72uthorityCertSerialNumber shall both
    -- be present or both be absgent
KeyIdentifier ::= OCTET STRING
id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
SubjectKeyIdentifier ::= KeyIden.ifier
id-cee-kyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
KeyUsage ::= BIT STRING (SIZE (1..ub-emailaddress-lenh))
Name            ::=   CHOICE { -- only one possibility for now --
                   tbsCertificate       TSCertificate,
     signatureAlgorithm   AlgorithmIdentifier ,
     signature            BIT STRING  }
TBSCertificate  ::=  SEQUENCE  {
     version         [0]  EXPLICIT Version DEFAULT v1,
     serialNumber         Cer2tificateSeri     Name,
     validi