---------------------------------------------------------------------------- -- X509.ASN -- -- ASN.1 definitions for X509 v3 certificates ---------------------------------------------------------------------------- --#comment "Copyright (C) Microsoft Corporation, 1996-1999. All rights reserved."-- --#comment "ASN.1 definitions for X509 v3 certificates"-- --#SS.basic lenptr-- -- set of and sequence of w/o size constraint --#SS.sized lenptr-- -- set of and sequence of w/ size constraint X509 DEFINITIONS EXPLICIT TAGS ::= BEGIN HUGEINTEGER ::= INTEGER --#intx-- -- tag 0x02 BITSTRING ::= BIT STRING --#lenptr-- --#nomemcpy-- -- tag 0x03 OCTETSTRING ::= OCTET STRING --#lenptr-- --#nomemcpy-- -- tag 0x04 NOCOPYANY ::= ANY --#nomemcpy-- NUMERICSTRING ::= NumericString --#lenptr-- -- tag 0x12 (18) PRINTABLESTRING ::= PrintableString --#lenptr-- -- tag 0x13 (19) TELETEXSTRING ::= TeletexString --#lenptr-- -- tag 0x14 (20) T61STRING ::= T61String --#lenptr-- -- tag 0x14 (20) VIDEOTEXSTRING ::= VideotexString --#lenptr-- -- tag 0x15 (21) IA5STRING ::= IA5String --#lenptr-- -- tag 0x16 (22) GRAPHICSTRING ::= GraphicString --#lenptr-- -- tag 0x19 (25) VISIBLESTRING ::= VisibleString --#lenptr-- -- tag 0x1A (26) ISO646STRING ::= ISO646String --#lenptr-- -- tag 0x1A (26) GENERALSTRING ::= GeneralString --#lenptr-- -- tag 0x1B (27) UNIVERSALSTRING ::= UniversalString --#lenptr-- -- tag 0x1C (28) BMPSTRING ::= BMPString --#lenptr-- -- tag 0x1E (30) UTF8STRING ::= UTF8String --#lenptr-- -- tag 0x0C (12) EncodedObjectID ::= OBJECT IDENTIFIER --#public-- --#oid packed-- -------------------------------------------- -- Choice of Any string -------------------------------------------- AnyString ::= CHOICE { octetString OCTETSTRING, -- tag 0x04 (04) numericString NUMERICSTRING, -- tag 0x12 (18) printableString PRINTABLESTRING, -- tag 0x13 (19) teletexString TELETEXSTRING, -- tag 0x14 (20) (t61String) videotexString VIDEOTEXSTRING, -- tag 0x15 (21) ia5String IA5STRING, -- tag 0x16 (22) graphicString GRAPHICSTRING, -- tag 0x19 (25) visibleString VISIBLESTRING, -- tag 0x1A (26) (iso646String) generalString GENERALSTRING, -- tag 0x1B (27) universalString UNIVERSALSTRING, -- tag 0x1C (28) bmpString BMPSTRING, -- tag 0x1E (30) utf8String UTF8STRING -- tag 0x0C (12) } --#public-- -------------------------------------------- -- Encoded Bits -------------------------------------------- Bits ::= BITSTRING --#public-- -------------------------------------------- -- Algorithm Identifier -------------------------------------------- AlgorithmIdentifier ::= SEQUENCE { algorithm EncodedObjectID, parameters NOCOPYANY OPTIONAL } -------------------------------------------- -- Name, Attributes -------------------------------------------- Name ::= SEQUENCE --#public-- OF RelativeDistinguishedName RelativeDistinguishedName ::= SET OF AttributeTypeValue AttributeTypeValue ::= SEQUENCE { type EncodedObjectID, value NOCOPYANY } Attribute ::= SEQUENCE { type EncodedObjectID, values AttributeSetValue } --#public-- AttributeSetValue ::= SET OF NOCOPYANY Attributes ::= SET --#public-- OF Attribute -------------------------------------------- -- From PKCS #1: ASN.1 representation for public key -------------------------------------------- RSAPublicKey ::= SEQUENCE { modulus HUGEINTEGER, -- n publicExponent INTEGER (0..4294967295) -- e } --#public-- -------------------------------------------- -- DSS Public Key Parameters -------------------------------------------- DSSParameters ::= SEQUENCE { p HUGEINTEGER, q HUGEINTEGER, g HUGEINTEGER } --#public-- -------------------------------------------- -- DSS Signature -------------------------------------------- DSSSignature ::= SEQUENCE { r HUGEINTEGER, s HUGEINTEGER } --#public-- -------------------------------------------- -- DH Public Key Parameters -------------------------------------------- DHParameters ::= SEQUENCE { p HUGEINTEGER, g HUGEINTEGER, privateValueLength HUGEINTEGER OPTIONAL } --#public-- -------------------------------------------- -- X942 DH Public Key Parameters -------------------------------------------- X942DhParameters ::= SEQUENCE { p HUGEINTEGER, g HUGEINTEGER, q HUGEINTEGER, j HUGEINTEGER OPTIONAL, validationParams X942DhValidationParams OPTIONAL } --#public-- X942DhValidationParams ::= SEQUENCE { seed BITSTRING, pgenCounter INTEGER (0..4294967295) } -------------------------------------------- -- X942 DH OtherInfo -------------------------------------------- X942DhOtherInfo ::= SEQUENCE { keyInfo X942DhKeySpecificInfo, pubInfo [0] EXPLICIT OCTETSTRING OPTIONAL, keyLength [2] EXPLICIT OCTETSTRING -- SIZE (4..4) } ---- X942DhKeySpecificInfo ::= SEQUENCE { algorithm EncodedObjectID, counter OCTETSTRING -- SIZE (4..4) } -------------------------------------------- -- RC2 CBC Parameters -------------------------------------------- RC2CBCParameters ::= SEQUENCE { version INTEGER, iv OCTETSTRING OPTIONAL } --#public-- -------------------------------------------- -- SMIME Capabilities -------------------------------------------- SMIMECapability ::= SEQUENCE { capabilityID EncodedObjectID, smimeParameters NOCOPYANY OPTIONAL } SMIMECapabilities ::= SEQUENCE --#public-- OF SMIMECapability -------------------------------------------- -- Subject Public Key Info -------------------------------------------- SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BITSTRING } --#public-- -------------------------------------------- -- Choice of Time: UTCTime before 2005, GeneralizedTime -- starting in 2005. -------------------------------------------- ChoiceOfTime ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime } --#public-- -------------------------------------------- -- X509 Certificate -------------------------------------------- CertificateToBeSigned ::= SEQUENCE { version [0] CertificateVersion DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer NOCOPYANY, -- really Name validity Validity, subject NOCOPYANY, -- really Name subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueIdentifier [1] IMPLICIT UniqueIdentifier OPTIONAL, subjectUniqueIdentifier [2] IMPLICIT UniqueIdentifier OPTIONAL, extensions [3] Extensions OPTIONAL } --#public-- CertificateVersion ::= INTEGER {v1(0), v2(1), v3(2)} CertificateSerialNumber ::= HUGEINTEGER Validity ::= SEQUENCE { notBefore ChoiceOfTime, notAfter ChoiceOfTime } UniqueIdentifier ::= BITSTRING Extensions ::= SEQUENCE --#public-- OF Extension Extension ::= SEQUENCE { extnId EncodedObjectID, critical BOOLEAN DEFAULT FALSE, extnValue OCTETSTRING } -------------------------------------------- -- Signed Content: Cert, CRL or Cert Request -------------------------------------------- SignedContent ::= SEQUENCE { toBeSigned NOCOPYANY, algorithm AlgorithmIdentifier, signature BITSTRING } --#public-- -------------------------------------------- -- CRLs -------------------------------------------- CertificateRevocationListToBeSigned ::= SEQUENCE { version CRLVersion OPTIONAL, -- if present, must be v2 signature AlgorithmIdentifier, issuer NOCOPYANY, -- really Name thisUpdate ChoiceOfTime, nextUpdate ChoiceOfTime OPTIONAL, revokedCertificates RevokedCertificates OPTIONAL, crlExtensions [0] Extensions OPTIONAL } --#public-- CRLVersion ::= INTEGER {v1(0), v2(1)} RevokedCertificates ::= SEQUENCE OF CRLEntry CRLEntry ::= SEQUENCE{ userCertificate CertificateSerialNumber, revocationDate ChoiceOfTime, crlEntryExtensions Extensions OPTIONAL } -------------------------------------------- -- Certificate Request -------------------------------------------- CertificationRequestInfo ::= SEQUENCE { version CertificationRequestInfoVersion, subject NOCOPYANY, -- really Name subjectPublicKeyInfo SubjectPublicKeyInfo, attributes [0] IMPLICIT Attributes } --#public-- -------------------------------------------- -- Certificate Request (some have interpretted attributes -- as being optional) -------------------------------------------- CertificationRequestInfoDecode ::= SEQUENCE { version CertificationRequestInfoVersion, subject NOCOPYANY, -- really Name subjectPublicKeyInfo SubjectPublicKeyInfo, attributes [0] IMPLICIT Attributes OPTIONAL } --#public-- CertificationRequestInfoVersion ::= INTEGER -------------------------------------------- -- Netscape's Keygen Request -------------------------------------------- KeygenRequestInfo ::= SEQUENCE { subjectPublicKeyInfo SubjectPublicKeyInfo, challenge IA5STRING } --#public-- -------------------------------------------- -- X509 Extensions -------------------------------------------- -------------------------------------------- -- Authority Key Identifier -- -- A CA may have more than one certificate. -- This extension is used to identify which -- CA certificate must be used. Non-Critical -- -- Because Name has a CHOICE, [1] needs to be EXPLICIT. -------------------------------------------- AuthorityKeyId ::= SEQUENCE { keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL, certIssuer [1] EXPLICIT NOCOPYANY OPTIONAL, -- really Name certSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL } --#public-- KeyIdentifier ::= OCTETSTRING -------------------------------------------- -- Key Attributes -- -- Certificates are either used for Signature verification -- or date encryption. One certificate cannot be used to do both -- The primary use if this extension is to provide an identifier -- for the intended use of that key. -------------------------------------------- KeyAttributes ::= SEQUENCE { keyIdentifier KeyIdentifier OPTIONAL, intendedKeyUsage KeyUsage OPTIONAL, privateKeyUsagePeriod PrivateKeyValidity OPTIONAL } --#public-- KeyUsage ::= BITSTRING PrivateKeyValidity ::= SEQUENCE { notBefore [0] IMPLICIT GeneralizedTime OPTIONAL, notAfter [1] IMPLICIT GeneralizedTime OPTIONAL } -------------------------------------------- -- Key Usage Restriction -- -- This extension indicates a restriction imposed as to the purposes -- for which, and the policies under which the certified public key may -- be used -------------------------------------------- KeyUsageRestriction ::= SEQUENCE { certPolicySet CertPolicySet OPTIONAL, restrictedKeyUsage KeyUsage OPTIONAL } --#public-- CertPolicySet ::= SEQUENCE OF CertPolicyId CertPolicyId ::= SEQUENCE OF CertPolicyElementId CertPolicyElementId ::= EncodedObjectID -------------------------------------------- -- AltNames -- -- This extension contains one or more alternative names -- using any variety of name forms that are bound by the -- CA to the certified public key. -- -- Because Name has a CHOICE, [4] needs to be EXPLICIT. -------------------------------------------- AltNames ::= SEQUENCE --#public-- OF GeneralName GeneralNames ::= AltNames GeneralName ::= CHOICE { otherName [0] IMPLICIT OtherName, rfc822Name [1] IMPLICIT IA5STRING, dNSName [2] IMPLICIT IA5STRING, x400Address [3] IMPLICIT SeqOfAny, directoryName [4] EXPLICIT NOCOPYANY, -- really Name ediPartyName [5] IMPLICIT SeqOfAny, uniformResourceLocator [6] IMPLICIT IA5STRING, iPAddress [7] IMPLICIT OCTETSTRING, registeredID [8] IMPLICIT EncodedObjectID } OtherName ::= SEQUENCE { type EncodedObjectID, value [0] EXPLICIT NOCOPYANY } -- Because AnyString has a CHOICE, [0], [1] need to be EXPLICIT. EDIPartyName ::= SEQUENCE { nameAssigner [0] EXPLICIT NOCOPYANY OPTIONAL, partyName [1] EXPLICIT NOCOPYANY } -------------------------------------------- -- Basic Constraints Extension -- -- This extension indicates whether the certified subject may act -- as a CA, an end entity or both -------------------------------------------- BasicConstraints ::= SEQUENCE { subjectType SubjectType, pathLenConstraint INTEGER OPTIONAL, subtreesConstraint SubtreesConstraint OPTIONAL } --#public-- SubjectType ::= BITSTRING SubtreesConstraint ::= SEQUENCE OF NOCOPYANY -- really OF Name -------------------------------------------- -- Basic Constraints #2 Extension (Added for S/MIME) (2.5.29.19) -- -- This extension serves to delimit the role and position of an -- issuing authority or end-user certificate plays in a chain of -- certificates. -------------------------------------------- BasicConstraints2 ::= SEQUENCE { cA BOOLEAN DEFAULT FALSE, pathLenConstraint INTEGER OPTIONAL } --#public-- -------------------------------------------- -- Key Usage Extension (Added for S/MIME) (2.5.29.15) -- -- This extension serves to limit the technical purposes for which a -- public key listed in a valid certificate may be used. -------------------------------------------- -- KeyUsageExtension ::= Bits -------------------------------------------- -- Certificate Policies Extension (Added for S/MIME) (2.5.29.32) -- -- This extension limits a certificate to the practices required by -- relying parties. -------------------------------------------- CertificatePolicies ::= SEQUENCE --#public-- OF PolicyInformation PolicyInformation ::= SEQUENCE { policyIdentifier EncodedObjectID, policyQualifiers PolicyQualifiers OPTIONAL } PolicyQualifiers ::= SEQUENCE OF PolicyQualifierInfo PolicyQualifierInfo ::= SEQUENCE { policyQualifierId EncodedObjectID, qualifier NOCOPYANY OPTIONAL } UserNotice ::= SEQUENCE { noticeRef NoticeReference OPTIONAL, explicitText DisplayText OPTIONAL } --#public-- NoticeReference ::= SEQUENCE { organization IA5String, noticeNumbers SEQUENCE OF INTEGER } DisplayText ::= CHOICE { theVisibleString VisibleString, theBMPString BMPString } -- This is to support the old definition of policies and qualifiers CertificatePolicies95 ::= SEQUENCE --#public-- OF PolicyQualifiers VerisignQualifier1 ::= SEQUENCE { practicesReference IA5String OPTIONAL, noticeId [0] EXPLICIT EncodedObjectID OPTIONAL, nsiNoticeId [1] EXPLICIT EncodedObjectID OPTIONAL, cpsURLs CpsURLs OPTIONAL } --#public-- CpsURLs ::= SEQUENCE OF SEQUENCE { url IA5String, digestAlgorithmId AlgorithmIdentifier OPTIONAL, digest OCTETSTRING OPTIONAL } -------------------------------------------- -- Authority Key Identifier #2 (2.5.29.35) -- -- A CA may have more than one certificate. -- This extension is used to identify which -- CA certificate must be used. Non-Critical -------------------------------------------- AuthorityKeyId2 ::= SEQUENCE { keyIdentifier [0] IMPLICIT KeyIdentifier OPTIONAL, authorityCertIssuer [1] IMPLICIT GeneralNames OPTIONAL, authorityCertSerialNumber [2] IMPLICIT CertificateSerialNumber OPTIONAL } --#public-- -------------------------------------------- -- Authority Information Access certificate Extension -- -- The authority information access extension indicates how to access CA -- information and services for the issuer of the certificate in which -- the extension appears. This extension may be -- included in subject or CA certificates and may be critical or non- -- critical. -------------------------------------------- AccessDescription ::= SEQUENCE { accessMethod EncodedObjectID, accessLocation GeneralName } AuthorityInfoAccess ::= SEQUENCE --#public-- OF AccessDescription -------------------------------------------- -- CRL Distribution Points Extension -------------------------------------------- CRLDistributionPoints ::= SEQUENCE --#public-- OF DistributionPoint DistributionPoint ::= SEQUENCE { distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL, reasons [1] IMPLICIT ReasonFlags OPTIONAL, cRLIssuer [2] IMPLICIT GeneralNames OPTIONAL } DistributionPointName ::= CHOICE { fullName [0] IMPLICIT GeneralNames, nameRelativeToCRLIssuer [1] IMPLICIT RelativeDistinguishedName } ReasonFlags ::= BITSTRING -------------------------------------------- -- Some predefined basic types used as extensions -------------------------------------------- IntegerType ::= INTEGER --#public-- HugeIntegerType ::= HUGEINTEGER --#public-- OctetStringType ::= OCTETSTRING --#public-- -- with -noconstraints OSS encode/decode allows any enumerated value EnumeratedType ::= ENUMERATED { dummyEnumerated0 (0) } --#public-- UtcTime ::= UTCTime --#public-- ContentInfo ::= SEQUENCE { contentType ContentType, content [0] EXPLICIT NOCOPYANY OPTIONAL } --#public-- ContentType ::= EncodedObjectID ContentInfoSeqOfAny ::= SEQUENCE { contentType ContentType, contentSeqOfAny [0] EXPLICIT SeqOfAny OPTIONAL } --#public-- SeqOfAny ::= SEQUENCE --#public-- OF NOCOPYANY TimeStampRequest ::= SEQUENCE { timeStampAlgorithm EncodedObjectID, attributesTS Attributes OPTIONAL, content ContentInfo } --#public-- ContentInfoOTS ::= SEQUENCE { contentTypeOTS ContentType, contentOTS [0] EXPLICIT OCTETSTRING OPTIONAL } --#public-- TimeStampRequestOTS ::= SEQUENCE { timeStampAlgorithmOTS EncodedObjectID, attributesOTS Attributes OPTIONAL, contentOTS ContentInfoOTS } --#public-- -------------------------------------------- -- Enhanced Key Usage Extension (2.5.29.32) -------------------------------------------- EnhancedKeyUsage ::= SEQUENCE --#public-- OF UsageIdentifier UsageIdentifier ::= EncodedObjectID -------------------------------------------- -- Certificate Trust List (CTL) -------------------------------------------- CertificateTrustList ::= SEQUENCE { version CTLVersion DEFAULT v1, subjectUsage SubjectUsage, listIdentifier ListIdentifier OPTIONAL, sequenceNumber HUGEINTEGER OPTIONAL, ctlThisUpdate ChoiceOfTime, ctlNextUpdate ChoiceOfTime OPTIONAL, subjectAlgorithm AlgorithmIdentifier, trustedSubjects TrustedSubjects OPTIONAL, ctlExtensions [0] EXPLICIT Extensions OPTIONAL } --#public-- CTLVersion ::= INTEGER {v1(0)} SubjectUsage ::= EnhancedKeyUsage ListIdentifier ::= OCTETSTRING TrustedSubjects ::= SEQUENCE OF TrustedSubject TrustedSubject ::= SEQUENCE{ subjectIdentifier SubjectIdentifier, subjectAttributes Attributes OPTIONAL } SubjectIdentifier ::= OCTETSTRING ----------------------------------------------------------------------- -- Enrollment Name Value Pair Authenticated Attributes in RA PKCS7s ----------------------------------------------------------------------- EnrollmentNameValuePair ::= SEQUENCE { name BMPSTRING, value BMPSTRING } --#public-- ----------------------------------------------------------------------- -- PKCS10 Attribute to decribe the CSP Provider used ----------------------------------------------------------------------- CSPProvider ::= SEQUENCE { keySpec INTEGER, cspName BMPSTRING, signature BITSTRING } --#public-- ----------------------------------------------------------------------- -- CertificatePair Attribute ----------------------------------------------------------------------- CertificatePair ::= SEQUENCE { forward [0] EXPLICIT NOCOPYANY OPTIONAL, reverse [1] EXPLICIT NOCOPYANY OPTIONAL } --#public-- -------------------------------------------- -- Name Constraints Extension -------------------------------------------- NameConstraints ::= SEQUENCE { permittedSubtrees [0] IMPLICIT GeneralSubtrees OPTIONAL, excludedSubtrees [1] IMPLICIT GeneralSubtrees OPTIONAL } --#public-- GeneralSubtrees ::= SEQUENCE OF GeneralSubtree GeneralSubtree ::= SEQUENCE { base GeneralName, minimum [0] IMPLICIT BaseDistance DEFAULT 0, maximum [1] IMPLICIT BaseDistance OPTIONAL } BaseDistance ::= INTEGER (0..4294967295) -------------------------------------------- -- CRL Issuing Distribution Point Extension -------------------------------------------- IssuingDistributionPoint ::= SEQUENCE { issuingDistributionPoint [0] EXPLICIT DistributionPointName OPTIONAL, onlyContainsUserCerts [1] IMPLICIT BOOLEAN DEFAULT FALSE, onlyContainsCACerts [2] IMPLICIT BOOLEAN DEFAULT FALSE, onlySomeReasons [3] IMPLICIT ReasonFlags OPTIONAL, indirectCRL [4] IMPLICIT BOOLEAN DEFAULT FALSE } --#public-- -------------------------------------------- -- Cross Cert Distribution Points Extension -------------------------------------------- CrossCertDistPoints ::= SEQUENCE { syncDeltaTime INTEGER (0..4294967295) OPTIONAL, crossCertDistPointNames CrossCertDistPointNames } --#public-- CrossCertDistPointNames ::= SEQUENCE OF GeneralNames -------------------------------------------- -- Policy Mappings Extension -------------------------------------------- PolicyMappings ::= SEQUENCE --#public-- OF PolicyMapping PolicyMapping ::= SEQUENCE { issuerDomainPolicy EncodedObjectID, subjectDomainPolicy EncodedObjectID } -------------------------------------------- -- Policy Constraints Extension -------------------------------------------- PolicyConstraints ::= SEQUENCE { requireExplicitPolicy [0] IMPLICIT SkipCerts OPTIONAL, inhibitPolicyMapping [1] IMPLICIT SkipCerts OPTIONAL } --#public-- SkipCerts ::= INTEGER (0..4294967295) -------------------------------------------- -- CMC Data Structures -------------------------------------------- CmcData ::= SEQUENCE { controlSequence ControlSequence, reqSequence ReqSequence, cmsSequence CmsSequence, otherMsgSequence OtherMsgSequence } --#public-- CmcResponseBody ::= SEQUENCE { controlSequence ControlSequence, cmsSequence CmsSequence, otherMsgSequence OtherMsgSequence } --#public-- ControlSequence ::= SEQUENCE OF TaggedAttribute ReqSequence ::= SEQUENCE OF TaggedRequest CmsSequence ::= SEQUENCE OF TaggedContentInfo OtherMsgSequence ::= SEQUENCE OF TaggedOtherMsg BodyPartID ::= INTEGER (0..4294967295) BodyPartIDSequence ::= SEQUENCE OF BodyPartID TaggedAttribute ::= SEQUENCE { bodyPartID BodyPartID, type EncodedObjectID, values AttributeSetValue } TaggedRequest ::= CHOICE { tcr [0] IMPLICIT TaggedCertificationRequest } TaggedCertificationRequest ::= SEQUENCE { bodyPartID BodyPartID, certificationRequest NOCOPYANY } TaggedContentInfo ::= SEQUENCE { bodyPartID BodyPartID, contentInfo NOCOPYANY } TaggedOtherMsg ::= SEQUENCE { bodyPartID BodyPartID, otherMsgType EncodedObjectID, otherMsgValue NOCOPYANY } CmcStatusInfo ::= SEQUENCE { cmcStatus INTEGER (0..4294967295), bodyList BodyPartIDSequence, statusString UTF8STRING OPTIONAL, otherInfo CHOICE { failInfo INTEGER (0..4294967295), pendInfo PendInfo } OPTIONAL } --#public-- PendInfo ::= SEQUENCE { pendToken OCTETSTRING, pendTime GeneralizedTime } CmcAddExtensions ::= SEQUENCE { pkiDataReference BodyPartID, certReferences BodyPartIDSequence, extensions Extensions } --#public-- CmcAddAttributes ::= SEQUENCE { pkiDataReference BodyPartID, certReferences BodyPartIDSequence, attributes Attributes } --#public-- -------------------------------------------- -- Certificate Template -------------------------------------------- CertificateTemplate ::= SEQUENCE { templateID EncodedObjectID, templateMajorVersion TemplateVersion, templateMinorVersion TemplateVersion OPTIONAL } --#public-- TemplateVersion ::= INTEGER (0..4294967295) END