Field/Extension | | Content | Optional/Critical |
Version | Version: 3 (0x2) | | |
Serial Number | containing at least 64 bits of output from a CSPRNG, e.g. | 0x7012ccbbb18d3740 | |
Signature Algorithm | | 1.2.840.113549.1.1.10 RSASSA-PSS | |
| Hash Algorithm: | sha256 | |
| Mask Algorithm: | mgf1 with sha256 | |
Issuer | based on the Distinguished Name (Subject) in the issuer's certificate | ... | |
Validity | Not Before | ... | |
Not After | ... | |
Subject DN | NULL SEQUENCE (NULL-DN) | SEQUENCE {} | |
Subject Public Key Info | Public Key Algorithm and RSA Public-Key | rsaEncryption and 2048 bit | |
X509v3 extensions | Basic Constraints | CA:FALSE | critical |
Key Usage | digitalSignature | critical |
Extended Key Usage | clientAuth, emailProtection | |
Authority Key Identifier | keyID: based on the subject key identifier in the issuer's certificate | |
Subject Key Identifier | 256-bit SHAKE-256 hash of the DER encoding of the subjectPublicKey (pin-shake256-hex) | |
Subject Alternative Name | IA5String (rfc822Name) or/and UTF-8 (otherName) test@example.com | critical |
Field/Extension | | Content | Optional/Critical |
Version | Version: 3 (0x2) | | |
Serial Number | containing at least 64 bits of output from a CSPRNG, e.g. | 0x50007342621b74f0 | |
Signature Algorithm | | 1.2.840.113549.1.1.10 RSASSA-PSS | |
| Hash Algorithm: | sha256 | |
| Mask Algorithm: | mgf1 with sha256 | |
Issuer | based on the Distinguished Name (Subject) in the issuer's certificate | ... | |
Validity | Not Before | ... | |
Not After | ... | |
Subject DN | NULL SEQUENCE (NULL-DN) | SEQUENCE {} | |
Subject Public Key Info | Public Key Algorithm and RSA Public-Key | rsaEncryption and 2048 bit | |
X509v3 extensions | Basic Constraints | CA:FALSE | critical |
Key Usage | keyEncipherment | critical |
Extended Key Usage | emailProtection | |
Authority Key Identifier | keyID: based on the subject key identifier in the issuer's certificate | |
Subject Key Identifier | 256-bit SHAKE-256 hash of the DER encoding of the subjectPublicKey (pin-shake256-hex) | |
Subject Alternative Name | IA5String (rfc822Name) or/and UTF-8 (otherName) test@example.com | critical |