The X.509 certificate format is defined by the following ASN.1 syntax:
Certificate ::= SIGNED SEQUENCE{ version [0] Version DEFAULT v1988, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo} Version ::= INTEGER {v1988(0)} CertificateSerialNumber ::= INTEGER Validity ::= SEQUENCE{ notBefore UTCTime, notAfter UTCTime} SubjectPublicKeyInfo ::= SEQUENCE{ algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING} AlgorithmIdentifier ::= SEQUENCE{ algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL}
The components of this structure are defined by ASN.1 syntax defined in the X.500 Series Recommendations. RFC 1423 provides references for and the values of AlgorithmIdentifiers used by PEM in the subjectPublicKeyInfo and the signature data items. It also describes how a signature is generated and the results represented. Because the certificate is a signed data object, the distinguished encoding rules (see X.509, section 8.7) must be applied prior to signing.