tmpHEADmaster

12 files changed, 3441 insertions, 0 deletions

diff --git a/PKIX-CommonTypes-2009.asn1 b/PKIX-CommonTypes-2009.asn1
new file mode 100644
index 0000000..2ce9113
--- /dev/null
+++ b/PKIX-CommonTypes-2009.asn1
@@ -0,0 +1,166 @@
+PKIX-CommonTypes-2009
+    {iso(1) identified-organization(3) dod(6) internet(1) security(5)
+    mechanisms(5) pkix(7) id-mod(0) id-mod-pkixCommon-02(57)}
+
+DEFINITIONS EXPLICIT TAGS ::=
+BEGIN
+
+--  ATTRIBUTE
+--
+--  Describe the set of data associated with an attribute of some type
+--
+--  &id is an OID identifying the attribute
+--  &Type is the ASN.1 type structure for the attribute; not all
+--      attributes have a data structure, so this field is optional
+--  &minCount contains the minimum number of times the attribute can
+--      occur in an AttributeSet
+--  &maxCount contains the maximum number of times the attribute can
+--      appear in an AttributeSet
+--      Note: this cannot be automatically enforced as the field
+--      cannot be defaulted to MAX.
+--  &equality-match contains information about how matching should be
+--      done
+--
+--  Currently we are using two different prefixes for attributes.
+--
+--  at- for certificate attributes
+--  aa- for CMS attributes
+--
+
+ATTRIBUTE ::= CLASS {
+    &id             OBJECT IDENTIFIER UNIQUE,
+    &Type           OPTIONAL,
+    &equality-match MATCHING-RULE OPTIONAL,
+    &minCount       INTEGER DEFAULT 1,
+    &maxCount       INTEGER OPTIONAL
+} WITH SYNTAX {
+    [TYPE &Type]
+    [EQUALITY MATCHING RULE &equality-match]
+    [COUNTS [MIN &minCount] [MAX &maxCount]]
+    IDENTIFIED BY &id
+}
+
+-- Specification of MATCHING-RULE information object class
+--
+
+MATCHING-RULE ::= CLASS {
+  &ParentMatchingRules   MATCHING-RULE OPTIONAL,
+  &AssertionType         OPTIONAL,
+  &uniqueMatchIndicator  ATTRIBUTE OPTIONAL,
+  &id                    OBJECT IDENTIFIER UNIQUE
+}
+WITH SYNTAX {
+  [PARENT &ParentMatchingRules]
+  [SYNTAX &AssertionType]
+  [UNIQUE-MATCH-INDICATOR &uniqueMatchIndicator]
+  ID &id
+}
+
+--  AttributeSet
+--
+--  Used when a set of attributes is to occur.
+--
+--  type contains the identifier of the attribute
+--  values contains a set of values where the structure of the ASN.1
+--      is defined by the attribute
+--
+--  The parameter contains the set of objects describing
+--      those attributes that can occur in this location.
+--
+
+AttributeSet{ATTRIBUTE:AttrSet} ::= SEQUENCE {
+    type      ATTRIBUTE.&id({AttrSet}),
+    values    SET SIZE (1..MAX) OF ATTRIBUTE.
+                  &Type({AttrSet}{@type})
+}
+
+--  SingleAttribute
+--
+--  Used for a single valued attribute
+--
+--  The parameter contains the set of objects describing the
+--      attributes that can occur in this location
+--
+
+SingleAttribute{ATTRIBUTE:AttrSet} ::= SEQUENCE {
+    type      ATTRIBUTE.&id({AttrSet}),
+    value     ATTRIBUTE.&Type({AttrSet}{@type})
+}
+
+--  EXTENSION
+--
+--  This class definition is used to describe the association of
+--      object identifier and ASN.1 type structure for extensions
+--
+--  All extensions are prefixed with ext-
+--
+--  &id contains the object identifier for the extension
+--  &ExtnType specifies the ASN.1 type structure for the extension
+--  &Critical contains the set of legal values for the critical field.
+--      This is normally {TRUE|FALSE} but in some instances may be
+--      restricted to just one of these values.
+--
+
+EXTENSION ::= CLASS {
+    &id  OBJECT IDENTIFIER UNIQUE,
+    &ExtnType,
+    &Critical    BOOLEAN DEFAULT {TRUE | FALSE }
+} WITH SYNTAX {
+    SYNTAX &ExtnType IDENTIFIED BY &id
+    [CRITICALITY &Critical]
+}
+
+--  Extensions
+--
+--  Used for a sequence of extensions.
+--
+--  The parameter contains the set of legal extensions that can
+--  occur in this sequence.
+--
+
+Extensions{EXTENSION:ExtensionSet} ::=
+    SEQUENCE SIZE (1..MAX) OF Extension{{ExtensionSet}}
+
+--  Extension
+--
+--  Used for a single extension
+--
+--  The parameter contains the set of legal extensions that can
+--      occur in this extension.
+--
+--  The restriction on the critical field has been commented out
+--  the authors are not completely sure it is correct.
+--  The restriction could be done using custom code rather than
+--  compiler-generated code, however.
+--
+
+Extension{EXTENSION:ExtensionSet} ::= SEQUENCE {
+    extnID      EXTENSION.&id({ExtensionSet}),
+    critical    BOOLEAN
+--                     (EXTENSION.&Critical({ExtensionSet}{@extnID}))
+                     DEFAULT FALSE,
+    extnValue   OCTET STRING (CONTAINING
+                EXTENSION.&ExtnType({ExtensionSet}{@extnID}))
+                --  contains the DER encoding of the ASN.1 value
+                --  corresponding to the extension type identified
+                --  by extnID
+}
+
+--  Security Category
+--
+--  Security categories are used both for specifying clearances and
+--  for labeling objects.  We move this here from RFC 3281 so that
+--  they will use a common single object class to express this
+--  information.
+--
+
+SECURITY-CATEGORY ::= TYPE-IDENTIFIER
+
+SecurityCategory{SECURITY-CATEGORY:Supported} ::= SEQUENCE {
+    type      [0]  IMPLICIT SECURITY-CATEGORY.
+            &id({Supported}),
+    value     [1]  EXPLICIT SECURITY-CATEGORY.
+            &Type({Supported}{@type})
+}
+
+END
diff --git a/PKIX1Explicit88-noany.asn b/PKIX1Explicit88-noany.asn
new file mode 100644
index 0000000..e4d3248
--- /dev/null
+++ b/PKIX1Explicit88-noany.asn
@@ -0,0 +1,619 @@
+PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+  security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+-- IMPORTS NONE --
+
+-- UNIVERSAL Types defined in 1993 and 1998 ASN.1
+-- and required by this specification
+
+-- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
+        -- UniversalString is defined in ASN.1:1993
+
+-- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
+      -- BMPString is the subtype of UniversalString and models
+      -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
+
+-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+      -- The content of this type conforms to RFC 2279.
+
+-- PKIX specific OIDs
+
+id-pkix  OBJECT IDENTIFIER  ::=
+         { iso(1) identified-organization(3) dod(6) internet(1)
+                    security(5) mechanisms(5) pkix(7) }
+
+-- PKIX arcs
+
+id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
+        -- arc for private certificate extensions
+id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
+        -- arc for policy qualifier types
+id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+        -- arc for extended key purpose OIDS
+id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+        -- arc for access descriptors
+
+-- policyQualifierIds for Internet policy qualifiers
+
+id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
+      -- OID for CPS qualifier
+id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
+      -- OID for user notice qualifier
+
+-- access descriptor definitions
+
+id-ad-ocsp         OBJECT IDENTIFIER ::= { id-ad 1 }
+id-ad-caIssuers    OBJECT IDENTIFIER ::= { id-ad 2 }
+id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
+id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }
+
+-- attribute data types
+
+Attribute       ::=     SEQUENCE {
+      type              AttributeType,
+      values    SET OF AttributeValue }
+            -- at least one value is required
+
+AttributeType           ::=  OBJECT IDENTIFIER
+
+AttributeValue          ::=  OCTET STRING--ANY
+
+AttributeTypeAndValue           ::=     SEQUENCE {
+        type    AttributeType,
+        value   AttributeValue }
+
+-- suggested naming attributes: Definition of the following
+--   information object set may be augmented to meet local
+--   requirements.  Note that deleting members of the set may
+--   prevent interoperability with conforming implementations.
+-- presented in pairs: the AttributeType followed by the
+--   type definition for the corresponding AttributeValue
+--Arc for standard naming attributes
+id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
+
+-- Naming attributes of type X520name
+
+id-at-name              AttributeType ::= { id-at 41 }
+id-at-surname           AttributeType ::= { id-at 4 }
+id-at-givenName         AttributeType ::= { id-at 42 }
+id-at-initials          AttributeType ::= { id-at 43 }
+id-at-generationQualifier AttributeType ::= { id-at 44 }
+
+X520name ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-name)),
+      printableString   PrintableString (SIZE (1..ub-name)),
+      universalString   UniversalString (SIZE (1..ub-name)),
+      utf8String        UTF8String      (SIZE (1..ub-name)),
+      bmpString         BMPString       (SIZE (1..ub-name)) }
+
+-- Naming attributes of type X520CommonName
+
+id-at-commonName        AttributeType ::= { id-at 3 }
+
+X520CommonName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-common-name)),
+      printableString   PrintableString (SIZE (1..ub-common-name)),
+      universalString   UniversalString (SIZE (1..ub-common-name)),
+      utf8String        UTF8String      (SIZE (1..ub-common-name)),
+      bmpString         BMPString       (SIZE (1..ub-common-name)) }
+
+-- Naming attributes of type X520LocalityName
+
+id-at-localityName      AttributeType ::= { id-at 7 }
+
+X520LocalityName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-locality-name)),
+      printableString   PrintableString (SIZE (1..ub-locality-name)),
+      universalString   UniversalString (SIZE (1..ub-locality-name)),
+      utf8String        UTF8String      (SIZE (1..ub-locality-name)),
+      bmpString         BMPString       (SIZE (1..ub-locality-name)) }
+
+-- Naming attributes of type X520StateOrProvinceName
+
+id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
+
+X520StateOrProvinceName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-state-name)),
+      printableString   PrintableString (SIZE (1..ub-state-name)),
+      universalString   UniversalString (SIZE (1..ub-state-name)),
+      utf8String        UTF8String      (SIZE (1..ub-state-name)),
+      bmpString         BMPString       (SIZE(1..ub-state-name)) }
+
+-- Naming attributes of type X520OrganizationName
+
+id-at-organizationName  AttributeType ::= { id-at 10 }
+
+X520OrganizationName ::= CHOICE {
+      teletexString     TeletexString
+                          (SIZE (1..ub-organization-name)),
+      printableString   PrintableString
+                          (SIZE (1..ub-organization-name)),
+      universalString   UniversalString
+                          (SIZE (1..ub-organization-name)),
+      utf8String        UTF8String
+                          (SIZE (1..ub-organization-name)),
+      bmpString         BMPString
+                          (SIZE (1..ub-organization-name))  }
+
+-- Naming attributes of type X520OrganizationalUnitName
+
+id-at-organizationalUnitName AttributeType ::= { id-at 11 }
+
+X520OrganizationalUnitName ::= CHOICE {
+      teletexString     TeletexString
+                          (SIZE (1..ub-organizational-unit-name)),
+      printableString   PrintableString
+                          (SIZE (1..ub-organizational-unit-name)),
+      universalString   UniversalString
+                          (SIZE (1..ub-organizational-unit-name)),
+      utf8String        UTF8String
+                          (SIZE (1..ub-organizational-unit-name)),
+      bmpString         BMPString
+                          (SIZE (1..ub-organizational-unit-name)) }
+
+-- Naming attributes of type X520Title
+
+id-at-title             AttributeType ::= { id-at 12 }
+
+X520Title ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-title)),
+      printableString   PrintableString (SIZE (1..ub-title)),
+      universalString   UniversalString (SIZE (1..ub-title)),
+      utf8String        UTF8String      (SIZE (1..ub-title)),
+      bmpString         BMPString       (SIZE (1..ub-title)) }
+
+-- Naming attributes of type X520dnQualifier
+
+id-at-dnQualifier       AttributeType ::= { id-at 46 }
+
+X520dnQualifier ::=     PrintableString
+
+-- Naming attributes of type X520countryName (digraph from IS 3166)
+
+id-at-countryName       AttributeType ::= { id-at 6 }
+
+X520countryName ::=     PrintableString (SIZE (2))
+
+-- Naming attributes of type X520SerialNumber
+
+id-at-serialNumber      AttributeType ::= { id-at 5 }
+
+X520SerialNumber ::=    PrintableString (SIZE (1..ub-serial-number))
+
+-- Naming attributes of type X520Pseudonym
+
+id-at-pseudonym         AttributeType ::= { id-at 65 }
+
+X520Pseudonym ::= CHOICE {
+   teletexString     TeletexString   (SIZE (1..ub-pseudonym)),
+   printableString   PrintableString (SIZE (1..ub-pseudonym)),
+   universalString   UniversalString (SIZE (1..ub-pseudonym)),
+   utf8String        UTF8String      (SIZE (1..ub-pseudonym)),
+   bmpString         BMPString       (SIZE (1..ub-pseudonym)) }
+
+-- Naming attributes of type DomainComponent (from RFC 2247)
+
+id-domainComponent      AttributeType ::=
+                          { 0 9 2342 19200300 100 1 25 }
+
+DomainComponent ::=     IA5String
+
+-- Legacy attributes
+
+pkcs-9 OBJECT IDENTIFIER ::=
+       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
+
+id-emailAddress          AttributeType ::= { pkcs-9 1 }
+
+EmailAddress ::=         IA5String (SIZE (1..ub-emailaddress-length))
+
+-- naming data types --
+
+Name ::= CHOICE { -- only one possibility for now --
+      rdnSequence  RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+DistinguishedName ::=   RDNSequence
+
+RelativeDistinguishedName  ::=
+                    SET SIZE (1 .. MAX) OF AttributeTypeAndValue
+
+-- Directory string type --
+
+DirectoryString ::= CHOICE {
+      teletexString             TeletexString   (SIZE (1..MAX)),
+      printableString           PrintableString (SIZE (1..MAX)),
+      universalString           UniversalString (SIZE (1..MAX)),
+      utf8String              UTF8String      (SIZE (1..MAX)),
+      bmpString               BMPString       (SIZE (1..MAX)) }
+
+-- certificate and CRL specific structures begin here
+
+Certificate  ::=  SEQUENCE  {
+     tbsCertificate       TBSCertificate,
+     signatureAlgorithm   AlgorithmIdentifier,
+     signature            BIT STRING  }
+
+TBSCertificate  ::=  SEQUENCE  {
+     version         [0]  Version DEFAULT v1,
+     serialNumber         CertificateSerialNumber,
+     signature            AlgorithmIdentifier,
+     issuer               Name,
+     validity             Validity,
+     subject              Name,
+     subjectPublicKeyInfo SubjectPublicKeyInfo,
+     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+                          -- If present, version MUST be v2 or v3
+     subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+                          -- If present, version MUST be v2 or v3
+     extensions      [3]  Extensions OPTIONAL
+                          -- If present, version MUST be v3 --  }
+
+Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+
+CertificateSerialNumber  ::=  INTEGER
+
+Validity ::= SEQUENCE {
+     notBefore      Time,
+     notAfter       Time  }
+
+Time ::= CHOICE {
+     utcTime        UTCTime,
+     generalTime    GeneralizedTime }
+
+UniqueIdentifier  ::=  BIT STRING
+
+SubjectPublicKeyInfo  ::=  SEQUENCE  {
+     algorithm            AlgorithmIdentifier,
+     subjectPublicKey     BIT STRING  }
+
+Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+
+Extension  ::=  SEQUENCE  {
+     extnID      OBJECT IDENTIFIER,
+     critical    BOOLEAN DEFAULT FALSE,
+     extnValue   OCTET STRING  }
+
+-- CRL structures
+
+CertificateList  ::=  SEQUENCE  {
+     tbsCertList          TBSCertList,
+     signatureAlgorithm   AlgorithmIdentifier,
+     signature            BIT STRING  }
+
+TBSCertList  ::=  SEQUENCE  {
+     version                 Version OPTIONAL,
+                                  -- if present, MUST be v2
+     signature               AlgorithmIdentifier,
+     issuer                  Name,
+     thisUpdate              Time,
+     nextUpdate              Time OPTIONAL,
+     revokedCertificates     SEQUENCE OF SEQUENCE  {
+          userCertificate         CertificateSerialNumber,
+          revocationDate          Time,
+          crlEntryExtensions      Extensions OPTIONAL
+                                         -- if present, MUST be v2
+                               }  OPTIONAL,
+     crlExtensions           [0] Extensions OPTIONAL }
+                                         -- if present, MUST be v2
+
+-- Version, Time, CertificateSerialNumber, and Extensions were
+-- defined earlier for use in the certificate structure
+
+AlgorithmIdentifier  ::=  SEQUENCE  {
+     algorithm               OBJECT IDENTIFIER,
+     parameters              OCTET STRING}--ANY DEFINED BY algorithm OPTIONAL  }
+                                -- contains a value of the type
+                                -- registered for use with the
+                                -- algorithm object identifier value
+
+-- X.400 address syntax starts here
+
+ORAddress ::= SEQUENCE {
+   built-in-standard-attributes BuiltInStandardAttributes,
+   built-in-domain-defined-attributes
+                   BuiltInDomainDefinedAttributes OPTIONAL,
+   -- see also teletex-domain-defined-attributes
+   extension-attributes ExtensionAttributes OPTIONAL }
+
+-- Built-in Standard Attributes
+
+BuiltInStandardAttributes ::= SEQUENCE {
+   country-name                  CountryName OPTIONAL,
+   administration-domain-name    AdministrationDomainName OPTIONAL,
+   network-address           [0] IMPLICIT NetworkAddress OPTIONAL,
+     -- see also extended-network-address
+   terminal-identifier       [1] IMPLICIT TerminalIdentifier OPTIONAL,
+   private-domain-name       [2] PrivateDomainName OPTIONAL,
+   organization-name         [3] IMPLICIT OrganizationName OPTIONAL,
+     -- see also teletex-organization-name
+   numeric-user-identifier   [4] IMPLICIT NumericUserIdentifier
+                                 OPTIONAL,
+   personal-name             [5] IMPLICIT PersonalName OPTIONAL,
+     -- see also teletex-personal-name
+   organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
+                                 OPTIONAL }
+     -- see also teletex-organizational-unit-names
+
+CountryName ::= [APPLICATION 1] CHOICE {
+   x121-dcc-code         NumericString
+                           (SIZE (ub-country-name-numeric-length)),
+   iso-3166-alpha2-code  PrintableString
+                           (SIZE (ub-country-name-alpha-length)) }
+
+AdministrationDomainName ::= [APPLICATION 2] CHOICE {
+   numeric   NumericString   (SIZE (0..ub-domain-name-length)),
+   printable PrintableString (SIZE (0..ub-domain-name-length)) }
+
+NetworkAddress ::= X121Address  -- see also extended-network-address
+
+X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
+
+TerminalIdentifier ::= PrintableString (SIZE
+(1..ub-terminal-id-length))
+
+PrivateDomainName ::= CHOICE {
+   numeric   NumericString   (SIZE (1..ub-domain-name-length)),
+   printable PrintableString (SIZE (1..ub-domain-name-length)) }
+
+OrganizationName ::= PrintableString
+                            (SIZE (1..ub-organization-name-length))
+  -- see also teletex-organization-name
+
+NumericUserIdentifier ::= NumericString
+                            (SIZE (1..ub-numeric-user-id-length))
+
+PersonalName ::= SET {
+   surname     [0] IMPLICIT PrintableString
+                    (SIZE (1..ub-surname-length)),
+   given-name  [1] IMPLICIT PrintableString
+                    (SIZE (1..ub-given-name-length)) OPTIONAL,
+   initials    [2] IMPLICIT PrintableString
+                    (SIZE (1..ub-initials-length)) OPTIONAL,
+   generation-qualifier [3] IMPLICIT PrintableString
+                    (SIZE (1..ub-generation-qualifier-length))
+                    OPTIONAL }
+  -- see also teletex-personal-name
+
+OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
+                             OF OrganizationalUnitName
+  -- see also teletex-organizational-unit-names
+
+OrganizationalUnitName ::= PrintableString (SIZE
+                    (1..ub-organizational-unit-name-length))
+
+-- Built-in Domain-defined Attributes
+
+BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
+                    (1..ub-domain-defined-attributes) OF
+                    BuiltInDomainDefinedAttribute
+
+BuiltInDomainDefinedAttribute ::= SEQUENCE {
+   type PrintableString (SIZE
+                   (1..ub-domain-defined-attribute-type-length)),
+   value PrintableString (SIZE
+                   (1..ub-domain-defined-attribute-value-length)) }
+
+-- Extension Attributes
+
+ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
+               ExtensionAttribute
+
+ExtensionAttribute ::=  SEQUENCE {
+   extension-attribute-type [0] IMPLICIT INTEGER
+                   (0..ub-extension-attributes),
+   extension-attribute-value [1]
+                   OCTET STRING}--ANY DEFINED BY extension-attribute-type }
+
+-- Extension types and attribute values
+
+common-name INTEGER ::= 1
+
+CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
+
+teletex-common-name INTEGER ::= 2
+
+TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
+
+teletex-organization-name INTEGER ::= 3
+
+TeletexOrganizationName ::=
+                TeletexString (SIZE (1..ub-organization-name-length))
+
+teletex-personal-name INTEGER ::= 4
+
+TeletexPersonalName ::= SET {
+   surname     [0] IMPLICIT TeletexString
+                    (SIZE (1..ub-surname-length)),
+   given-name  [1] IMPLICIT TeletexString
+                    (SIZE (1..ub-given-name-length)) OPTIONAL,
+   initials    [2] IMPLICIT TeletexString
+                    (SIZE (1..ub-initials-length)) OPTIONAL,
+   generation-qualifier [3] IMPLICIT TeletexString
+                    (SIZE (1..ub-generation-qualifier-length))
+                    OPTIONAL }
+
+teletex-organizational-unit-names INTEGER ::= 5
+
+TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
+      (1..ub-organizational-units) OF TeletexOrganizationalUnitName
+
+TeletexOrganizationalUnitName ::= TeletexString
+                  (SIZE (1..ub-organizational-unit-name-length))
+
+pds-name INTEGER ::= 7
+
+PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
+
+physical-delivery-country-name INTEGER ::= 8
+
+PhysicalDeliveryCountryName ::= CHOICE {
+   x121-dcc-code NumericString (SIZE
+(ub-country-name-numeric-length)),
+   iso-3166-alpha2-code PrintableString
+                  (SIZE (ub-country-name-alpha-length)) }
+
+postal-code INTEGER ::= 9
+
+PostalCode ::= CHOICE {
+   numeric-code NumericString (SIZE (1..ub-postal-code-length)),
+   printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
+
+physical-delivery-office-name INTEGER ::= 10
+
+PhysicalDeliveryOfficeName ::= PDSParameter
+
+physical-delivery-office-number INTEGER ::= 11
+
+PhysicalDeliveryOfficeNumber ::= PDSParameter
+
+extension-OR-address-components INTEGER ::= 12
+
+ExtensionORAddressComponents ::= PDSParameter
+
+physical-delivery-personal-name INTEGER ::= 13
+
+PhysicalDeliveryPersonalName ::= PDSParameter
+
+physical-delivery-organization-name INTEGER ::= 14
+
+PhysicalDeliveryOrganizationName ::= PDSParameter
+
+extension-physical-delivery-address-components INTEGER ::= 15
+
+ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
+
+unformatted-postal-address INTEGER ::= 16
+
+UnformattedPostalAddress ::= SET {
+   printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines)
+         OF PrintableString (SIZE (1..ub-pds-parameter-length))
+         OPTIONAL,
+   teletex-string TeletexString
+         (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
+
+street-address INTEGER ::= 17
+
+StreetAddress ::= PDSParameter
+
+post-office-box-address INTEGER ::= 18
+
+PostOfficeBoxAddress ::= PDSParameter
+
+poste-restante-address INTEGER ::= 19
+
+PosteRestanteAddress ::= PDSParameter
+
+unique-postal-name INTEGER ::= 20
+
+UniquePostalName ::= PDSParameter
+
+local-postal-attributes INTEGER ::= 21
+
+LocalPostalAttributes ::= PDSParameter
+
+PDSParameter ::= SET {
+   printable-string PrintableString
+                (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
+   teletex-string TeletexString
+                (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
+
+extended-network-address INTEGER ::= 22
+
+ExtendedNetworkAddress ::= CHOICE {
+   e163-4-address SEQUENCE {
+      number      [0] IMPLICIT NumericString
+                       (SIZE (1..ub-e163-4-number-length)),
+      sub-address [1] IMPLICIT NumericString
+                       (SIZE (1..ub-e163-4-sub-address-length))
+                       OPTIONAL },
+   psap-address [0] IMPLICIT PresentationAddress }
+
+PresentationAddress ::= SEQUENCE {
+    pSelector     [0] EXPLICIT OCTET STRING OPTIONAL,
+    sSelector     [1] EXPLICIT OCTET STRING OPTIONAL,
+    tSelector     [2] EXPLICIT OCTET STRING OPTIONAL,
+    nAddresses    [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
+
+terminal-type  INTEGER ::= 23
+
+TerminalType ::= INTEGER {
+   telex (3),
+   teletex (4),
+   g3-facsimile (5),
+   g4-facsimile (6),
+   ia5-terminal (7),
+   videotex (8) } (0..ub-integer-options)
+
+-- Extension Domain-defined Attributes
+
+teletex-domain-defined-attributes INTEGER ::= 6
+
+TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
+   (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
+
+TeletexDomainDefinedAttribute ::= SEQUENCE {
+        type TeletexString
+               (SIZE (1..ub-domain-defined-attribute-type-length)),
+        value TeletexString
+               (SIZE (1..ub-domain-defined-attribute-value-length)) }
+
+--  specifications of Upper Bounds MUST be regarded as mandatory
+--  from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
+--  Upper Bounds
+
+-- Upper Bounds
+ub-name INTEGER ::= 32768
+ub-common-name INTEGER ::= 64
+ub-locality-name INTEGER ::= 128
+ub-state-name INTEGER ::= 128
+ub-organization-name INTEGER ::= 64
+ub-organizational-unit-name INTEGER ::= 64
+ub-title INTEGER ::= 64
+ub-serial-number INTEGER ::= 64
+ub-match INTEGER ::= 128
+ub-emailaddress-length INTEGER ::= 128
+ub-common-name-length INTEGER ::= 64
+ub-country-name-alpha-length INTEGER ::= 2
+ub-country-name-numeric-length INTEGER ::= 3
+ub-domain-defined-attributes INTEGER ::= 4
+ub-domain-defined-attribute-type-length INTEGER ::= 8
+ub-domain-defined-attribute-value-length INTEGER ::= 128
+ub-domain-name-length INTEGER ::= 16
+ub-extension-attributes INTEGER ::= 256
+ub-e163-4-number-length INTEGER ::= 15
+ub-e163-4-sub-address-length INTEGER ::= 40
+ub-generation-qualifier-length INTEGER ::= 3
+ub-given-name-length INTEGER ::= 16
+ub-initials-length INTEGER ::= 5
+ub-integer-options INTEGER ::= 256
+ub-numeric-user-id-length INTEGER ::= 32
+ub-organization-name-length INTEGER ::= 64
+ub-organizational-unit-name-length INTEGER ::= 32
+ub-organizational-units INTEGER ::= 4
+ub-pds-name-length INTEGER ::= 16
+ub-pds-parameter-length INTEGER ::= 30
+ub-pds-physical-address-lines INTEGER ::= 6
+ub-postal-code-length INTEGER ::= 16
+ub-pseudonym INTEGER ::= 128
+ub-surname-length INTEGER ::= 40
+ub-terminal-id-length INTEGER ::= 24
+ub-unformatted-address-length INTEGER ::= 180
+ub-x121-address-length INTEGER ::= 16
+
+-- Note - upper bounds on string types, such as TeletexString, are
+-- measured in characters.  Excepting PrintableString or IA5String, a
+-- significantly greater number of octets will be required to hold
+-- such a value.  As a minimum, 16 octets, or twice the specified
+-- upper bound, whichever is the larger, should be allowed for
+-- TeletexString.  For UTF8String or UniversalString at least four
+-- times the upper bound should be allowed.
+
+END
diff --git a/PKIX1Explicit88.asn b/PKIX1Explicit88.asn
new file mode 100644
index 0000000..9b8068f
--- /dev/null
+++ b/PKIX1Explicit88.asn
@@ -0,0 +1,619 @@
+PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+  security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) }
+
+DEFINITIONS EXPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+-- IMPORTS NONE --
+
+-- UNIVERSAL Types defined in 1993 and 1998 ASN.1
+-- and required by this specification
+
+-- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING
+        -- UniversalString is defined in ASN.1:1993
+
+-- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING
+      -- BMPString is the subtype of UniversalString and models
+      -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1
+
+-- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING
+      -- The content of this type conforms to RFC 2279.
+
+-- PKIX specific OIDs
+
+id-pkix  OBJECT IDENTIFIER  ::=
+         { iso(1) identified-organization(3) dod(6) internet(1)
+                    security(5) mechanisms(5) pkix(7) }
+
+-- PKIX arcs
+
+id-pe OBJECT IDENTIFIER  ::=  { id-pkix 1 }
+        -- arc for private certificate extensions
+id-qt OBJECT IDENTIFIER ::= { id-pkix 2 }
+        -- arc for policy qualifier types
+id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+        -- arc for extended key purpose OIDS
+id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
+        -- arc for access descriptors
+
+-- policyQualifierIds for Internet policy qualifiers
+
+id-qt-cps      OBJECT IDENTIFIER ::=  { id-qt 1 }
+      -- OID for CPS qualifier
+id-qt-unotice  OBJECT IDENTIFIER ::=  { id-qt 2 }
+      -- OID for user notice qualifier
+
+-- access descriptor definitions
+
+id-ad-ocsp         OBJECT IDENTIFIER ::= { id-ad 1 }
+id-ad-caIssuers    OBJECT IDENTIFIER ::= { id-ad 2 }
+id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 }
+id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 }
+
+-- attribute data types
+
+Attribute       ::=     SEQUENCE {
+      type              AttributeType,
+      values    SET OF AttributeValue }
+            -- at least one value is required
+
+AttributeType           ::=  OBJECT IDENTIFIER
+
+AttributeValue          ::=  ANY
+
+AttributeTypeAndValue           ::=     SEQUENCE {
+        type    AttributeType,
+        value   AttributeValue }
+
+-- suggested naming attributes: Definition of the following
+--   information object set may be augmented to meet local
+--   requirements.  Note that deleting members of the set may
+--   prevent interoperability with conforming implementations.
+-- presented in pairs: the AttributeType followed by the
+--   type definition for the corresponding AttributeValue
+--Arc for standard naming attributes
+id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 }
+
+-- Naming attributes of type X520name
+
+id-at-name              AttributeType ::= { id-at 41 }
+id-at-surname           AttributeType ::= { id-at 4 }
+id-at-givenName         AttributeType ::= { id-at 42 }
+id-at-initials          AttributeType ::= { id-at 43 }
+id-at-generationQualifier AttributeType ::= { id-at 44 }
+
+X520name ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-name)),
+      printableString   PrintableString (SIZE (1..ub-name)),
+      universalString   UniversalString (SIZE (1..ub-name)),
+      utf8String        UTF8String      (SIZE (1..ub-name)),
+      bmpString         BMPString       (SIZE (1..ub-name)) }
+
+-- Naming attributes of type X520CommonName
+
+id-at-commonName        AttributeType ::= { id-at 3 }
+
+X520CommonName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-common-name)),
+      printableString   PrintableString (SIZE (1..ub-common-name)),
+      universalString   UniversalString (SIZE (1..ub-common-name)),
+      utf8String        UTF8String      (SIZE (1..ub-common-name)),
+      bmpString         BMPString       (SIZE (1..ub-common-name)) }
+
+-- Naming attributes of type X520LocalityName
+
+id-at-localityName      AttributeType ::= { id-at 7 }
+
+X520LocalityName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-locality-name)),
+      printableString   PrintableString (SIZE (1..ub-locality-name)),
+      universalString   UniversalString (SIZE (1..ub-locality-name)),
+      utf8String        UTF8String      (SIZE (1..ub-locality-name)),
+      bmpString         BMPString       (SIZE (1..ub-locality-name)) }
+
+-- Naming attributes of type X520StateOrProvinceName
+
+id-at-stateOrProvinceName AttributeType ::= { id-at 8 }
+
+X520StateOrProvinceName ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-state-name)),
+      printableString   PrintableString (SIZE (1..ub-state-name)),
+      universalString   UniversalString (SIZE (1..ub-state-name)),
+      utf8String        UTF8String      (SIZE (1..ub-state-name)),
+      bmpString         BMPString       (SIZE(1..ub-state-name)) }
+
+-- Naming attributes of type X520OrganizationName
+
+id-at-organizationName  AttributeType ::= { id-at 10 }
+
+X520OrganizationName ::= CHOICE {
+      teletexString     TeletexString
+                          (SIZE (1..ub-organization-name)),
+      printableString   PrintableString
+                          (SIZE (1..ub-organization-name)),
+      universalString   UniversalString
+                          (SIZE (1..ub-organization-name)),
+      utf8String        UTF8String
+                          (SIZE (1..ub-organization-name)),
+      bmpString         BMPString
+                          (SIZE (1..ub-organization-name))  }
+
+-- Naming attributes of type X520OrganizationalUnitName
+
+id-at-organizationalUnitName AttributeType ::= { id-at 11 }
+
+X520OrganizationalUnitName ::= CHOICE {
+      teletexString     TeletexString
+                          (SIZE (1..ub-organizational-unit-name)),
+      printableString   PrintableString
+                          (SIZE (1..ub-organizational-unit-name)),
+      universalString   UniversalString
+                          (SIZE (1..ub-organizational-unit-name)),
+      utf8String        UTF8String
+                          (SIZE (1..ub-organizational-unit-name)),
+      bmpString         BMPString
+                          (SIZE (1..ub-organizational-unit-name)) }
+
+-- Naming attributes of type X520Title
+
+id-at-title             AttributeType ::= { id-at 12 }
+
+X520Title ::= CHOICE {
+      teletexString     TeletexString   (SIZE (1..ub-title)),
+      printableString   PrintableString (SIZE (1..ub-title)),
+      universalString   UniversalString (SIZE (1..ub-title)),
+      utf8String        UTF8String      (SIZE (1..ub-title)),
+      bmpString         BMPString       (SIZE (1..ub-title)) }
+
+-- Naming attributes of type X520dnQualifier
+
+id-at-dnQualifier       AttributeType ::= { id-at 46 }
+
+X520dnQualifier ::=     PrintableString
+
+-- Naming attributes of type X520countryName (digraph from IS 3166)
+
+id-at-countryName       AttributeType ::= { id-at 6 }
+
+X520countryName ::=     PrintableString (SIZE (2))
+
+-- Naming attributes of type X520SerialNumber
+
+id-at-serialNumber      AttributeType ::= { id-at 5 }
+
+X520SerialNumber ::=    PrintableString (SIZE (1..ub-serial-number))
+
+-- Naming attributes of type X520Pseudonym
+
+id-at-pseudonym         AttributeType ::= { id-at 65 }
+
+X520Pseudonym ::= CHOICE {
+   teletexString     TeletexString   (SIZE (1..ub-pseudonym)),
+   printableString   PrintableString (SIZE (1..ub-pseudonym)),
+   universalString   UniversalString (SIZE (1..ub-pseudonym)),
+   utf8String        UTF8String      (SIZE (1..ub-pseudonym)),
+   bmpString         BMPString       (SIZE (1..ub-pseudonym)) }
+
+-- Naming attributes of type DomainComponent (from RFC 2247)
+
+id-domainComponent      AttributeType ::=
+                          { 0 9 2342 19200300 100 1 25 }
+
+DomainComponent ::=     IA5String
+
+-- Legacy attributes
+
+pkcs-9 OBJECT IDENTIFIER ::=
+       { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 }
+
+id-emailAddress          AttributeType ::= { pkcs-9 1 }
+
+EmailAddress ::=         IA5String (SIZE (1..ub-emailaddress-length))
+
+-- naming data types --
+
+Name ::= CHOICE { -- only one possibility for now --
+      rdnSequence  RDNSequence }
+
+RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
+
+DistinguishedName ::=   RDNSequence
+
+RelativeDistinguishedName  ::=
+                    SET SIZE (1 .. MAX) OF AttributeTypeAndValue
+
+-- Directory string type --
+
+DirectoryString ::= CHOICE {
+      teletexString             TeletexString   (SIZE (1..MAX)),
+      printableString           PrintableString (SIZE (1..MAX)),
+      universalString           UniversalString (SIZE (1..MAX)),
+      utf8String              UTF8String      (SIZE (1..MAX)),
+      bmpString               BMPString       (SIZE (1..MAX)) }
+
+-- certificate and CRL specific structures begin here
+
+Certificate  ::=  SEQUENCE  {
+     tbsCertificate       TBSCertificate,
+     signatureAlgorithm   AlgorithmIdentifier,
+     signature            BIT STRING  }
+
+TBSCertificate  ::=  SEQUENCE  {
+     version         [0]  Version DEFAULT v1,
+     serialNumber         CertificateSerialNumber,
+     signature            AlgorithmIdentifier,
+     issuer               Name,
+     validity             Validity,
+     subject              Name,
+     subjectPublicKeyInfo SubjectPublicKeyInfo,
+     issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+                          -- If present, version MUST be v2 or v3
+     subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+                          -- If present, version MUST be v2 or v3
+     extensions      [3]  Extensions OPTIONAL
+                          -- If present, version MUST be v3 --  }
+
+Version  ::=  INTEGER  {  v1(0), v2(1), v3(2)  }
+
+CertificateSerialNumber  ::=  INTEGER
+
+Validity ::= SEQUENCE {
+     notBefore      Time,
+     notAfter       Time  }
+
+Time ::= CHOICE {
+     utcTime        UTCTime,
+     generalTime    GeneralizedTime }
+
+UniqueIdentifier  ::=  BIT STRING
+
+SubjectPublicKeyInfo  ::=  SEQUENCE  {
+     algorithm            AlgorithmIdentifier,
+     subjectPublicKey     BIT STRING  }
+
+Extensions  ::=  SEQUENCE SIZE (1..MAX) OF Extension
+
+Extension  ::=  SEQUENCE  {
+     extnID      OBJECT IDENTIFIER,
+     critical    BOOLEAN DEFAULT FALSE,
+     extnValue   OCTET STRING  }
+
+-- CRL structures
+
+CertificateList  ::=  SEQUENCE  {
+     tbsCertList          TBSCertList,
+     signatureAlgorithm   AlgorithmIdentifier,
+     signature            BIT STRING  }
+
+TBSCertList  ::=  SEQUENCE  {
+     version                 Version OPTIONAL,
+                                  -- if present, MUST be v2
+     signature               AlgorithmIdentifier,
+     issuer                  Name,
+     thisUpdate              Time,
+     nextUpdate              Time OPTIONAL,
+     revokedCertificates     SEQUENCE OF SEQUENCE  {
+          userCertificate         CertificateSerialNumber,
+          revocationDate          Time,
+          crlEntryExtensions      Extensions OPTIONAL
+                                         -- if present, MUST be v2
+                               }  OPTIONAL,
+     crlExtensions           [0] Extensions OPTIONAL }
+                                         -- if present, MUST be v2
+
+-- Version, Time, CertificateSerialNumber, and Extensions were
+-- defined earlier for use in the certificate structure
+
+AlgorithmIdentifier  ::=  SEQUENCE  {
+     algorithm               OBJECT IDENTIFIER,
+     parameters              ANY DEFINED BY algorithm OPTIONAL  }
+                                -- contains a value of the type
+                                -- registered for use with the
+                                -- algorithm object identifier value
+
+-- X.400 address syntax starts here
+
+ORAddress ::= SEQUENCE {
+   built-in-standard-attributes BuiltInStandardAttributes,
+   built-in-domain-defined-attributes
+                   BuiltInDomainDefinedAttributes OPTIONAL,
+   -- see also teletex-domain-defined-attributes
+   extension-attributes ExtensionAttributes OPTIONAL }
+
+-- Built-in Standard Attributes
+
+BuiltInStandardAttributes ::= SEQUENCE {
+   country-name                  CountryName OPTIONAL,
+   administration-domain-name    AdministrationDomainName OPTIONAL,
+   network-address           [0] IMPLICIT NetworkAddress OPTIONAL,
+     -- see also extended-network-address
+   terminal-identifier       [1] IMPLICIT TerminalIdentifier OPTIONAL,
+   private-domain-name       [2] PrivateDomainName OPTIONAL,
+   organization-name         [3] IMPLICIT OrganizationName OPTIONAL,
+     -- see also teletex-organization-name
+   numeric-user-identifier   [4] IMPLICIT NumericUserIdentifier
+                                 OPTIONAL,
+   personal-name             [5] IMPLICIT PersonalName OPTIONAL,
+     -- see also teletex-personal-name
+   organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
+                                 OPTIONAL }
+     -- see also teletex-organizational-unit-names
+
+CountryName ::= [APPLICATION 1] CHOICE {
+   x121-dcc-code         NumericString
+                           (SIZE (ub-country-name-numeric-length)),
+   iso-3166-alpha2-code  PrintableString
+                           (SIZE (ub-country-name-alpha-length)) }
+
+AdministrationDomainName ::= [APPLICATION 2] CHOICE {
+   numeric   NumericString   (SIZE (0..ub-domain-name-length)),
+   printable PrintableString (SIZE (0..ub-domain-name-length)) }
+
+NetworkAddress ::= X121Address  -- see also extended-network-address
+
+X121Address ::= NumericString (SIZE (1..ub-x121-address-length))
+
+TerminalIdentifier ::= PrintableString (SIZE
+(1..ub-terminal-id-length))
+
+PrivateDomainName ::= CHOICE {
+   numeric   NumericString   (SIZE (1..ub-domain-name-length)),
+   printable PrintableString (SIZE (1..ub-domain-name-length)) }
+
+OrganizationName ::= PrintableString
+                            (SIZE (1..ub-organization-name-length))
+  -- see also teletex-organization-name
+
+NumericUserIdentifier ::= NumericString
+                            (SIZE (1..ub-numeric-user-id-length))
+
+PersonalName ::= SET {
+   surname     [0] IMPLICIT PrintableString
+                    (SIZE (1..ub-surname-length)),
+   given-name  [1] IMPLICIT PrintableString
+                    (SIZE (1..ub-given-name-length)) OPTIONAL,
+   initials    [2] IMPLICIT PrintableString
+                    (SIZE (1..ub-initials-length)) OPTIONAL,
+   generation-qualifier [3] IMPLICIT PrintableString
+                    (SIZE (1..ub-generation-qualifier-length))
+                    OPTIONAL }
+  -- see also teletex-personal-name
+
+OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units)
+                             OF OrganizationalUnitName
+  -- see also teletex-organizational-unit-names
+
+OrganizationalUnitName ::= PrintableString (SIZE
+                    (1..ub-organizational-unit-name-length))
+
+-- Built-in Domain-defined Attributes
+
+BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE
+                    (1..ub-domain-defined-attributes) OF
+                    BuiltInDomainDefinedAttribute
+
+BuiltInDomainDefinedAttribute ::= SEQUENCE {
+   type PrintableString (SIZE
+                   (1..ub-domain-defined-attribute-type-length)),
+   value PrintableString (SIZE
+                   (1..ub-domain-defined-attribute-value-length)) }
+
+-- Extension Attributes
+
+ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF
+               ExtensionAttribute
+
+ExtensionAttribute ::=  SEQUENCE {
+   extension-attribute-type [0] IMPLICIT INTEGER
+                   (0..ub-extension-attributes),
+   extension-attribute-value [1]
+                   ANY DEFINED BY extension-attribute-type }
+
+-- Extension types and attribute values
+
+common-name INTEGER ::= 1
+
+CommonName ::= PrintableString (SIZE (1..ub-common-name-length))
+
+teletex-common-name INTEGER ::= 2
+
+TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length))
+
+teletex-organization-name INTEGER ::= 3
+
+TeletexOrganizationName ::=
+                TeletexString (SIZE (1..ub-organization-name-length))
+
+teletex-personal-name INTEGER ::= 4
+
+TeletexPersonalName ::= SET {
+   surname     [0] IMPLICIT TeletexString
+                    (SIZE (1..ub-surname-length)),
+   given-name  [1] IMPLICIT TeletexString
+                    (SIZE (1..ub-given-name-length)) OPTIONAL,
+   initials    [2] IMPLICIT TeletexString
+                    (SIZE (1..ub-initials-length)) OPTIONAL,
+   generation-qualifier [3] IMPLICIT TeletexString
+                    (SIZE (1..ub-generation-qualifier-length))
+                    OPTIONAL }
+
+teletex-organizational-unit-names INTEGER ::= 5
+
+TeletexOrganizationalUnitNames ::= SEQUENCE SIZE
+      (1..ub-organizational-units) OF TeletexOrganizationalUnitName
+
+TeletexOrganizationalUnitName ::= TeletexString
+                  (SIZE (1..ub-organizational-unit-name-length))
+
+pds-name INTEGER ::= 7
+
+PDSName ::= PrintableString (SIZE (1..ub-pds-name-length))
+
+physical-delivery-country-name INTEGER ::= 8
+
+PhysicalDeliveryCountryName ::= CHOICE {
+   x121-dcc-code NumericString (SIZE
+(ub-country-name-numeric-length)),
+   iso-3166-alpha2-code PrintableString
+                  (SIZE (ub-country-name-alpha-length)) }
+
+postal-code INTEGER ::= 9
+
+PostalCode ::= CHOICE {
+   numeric-code NumericString (SIZE (1..ub-postal-code-length)),
+   printable-code PrintableString (SIZE (1..ub-postal-code-length)) }
+
+physical-delivery-office-name INTEGER ::= 10
+
+PhysicalDeliveryOfficeName ::= PDSParameter
+
+physical-delivery-office-number INTEGER ::= 11
+
+PhysicalDeliveryOfficeNumber ::= PDSParameter
+
+extension-OR-address-components INTEGER ::= 12
+
+ExtensionORAddressComponents ::= PDSParameter
+
+physical-delivery-personal-name INTEGER ::= 13
+
+PhysicalDeliveryPersonalName ::= PDSParameter
+
+physical-delivery-organization-name INTEGER ::= 14
+
+PhysicalDeliveryOrganizationName ::= PDSParameter
+
+extension-physical-delivery-address-components INTEGER ::= 15
+
+ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter
+
+unformatted-postal-address INTEGER ::= 16
+
+UnformattedPostalAddress ::= SET {
+   printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines)
+         OF PrintableString (SIZE (1..ub-pds-parameter-length))
+         OPTIONAL,
+   teletex-string TeletexString
+         (SIZE (1..ub-unformatted-address-length)) OPTIONAL }
+
+street-address INTEGER ::= 17
+
+StreetAddress ::= PDSParameter
+
+post-office-box-address INTEGER ::= 18
+
+PostOfficeBoxAddress ::= PDSParameter
+
+poste-restante-address INTEGER ::= 19
+
+PosteRestanteAddress ::= PDSParameter
+
+unique-postal-name INTEGER ::= 20
+
+UniquePostalName ::= PDSParameter
+
+local-postal-attributes INTEGER ::= 21
+
+LocalPostalAttributes ::= PDSParameter
+
+PDSParameter ::= SET {
+   printable-string PrintableString
+                (SIZE(1..ub-pds-parameter-length)) OPTIONAL,
+   teletex-string TeletexString
+                (SIZE(1..ub-pds-parameter-length)) OPTIONAL }
+
+extended-network-address INTEGER ::= 22
+
+ExtendedNetworkAddress ::= CHOICE {
+   e163-4-address SEQUENCE {
+      number      [0] IMPLICIT NumericString
+                       (SIZE (1..ub-e163-4-number-length)),
+      sub-address [1] IMPLICIT NumericString
+                       (SIZE (1..ub-e163-4-sub-address-length))
+                       OPTIONAL },
+   psap-address [0] IMPLICIT PresentationAddress }
+
+PresentationAddress ::= SEQUENCE {
+    pSelector     [0] EXPLICIT OCTET STRING OPTIONAL,
+    sSelector     [1] EXPLICIT OCTET STRING OPTIONAL,
+    tSelector     [2] EXPLICIT OCTET STRING OPTIONAL,
+    nAddresses    [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING }
+
+terminal-type  INTEGER ::= 23
+
+TerminalType ::= INTEGER {
+   telex (3),
+   teletex (4),
+   g3-facsimile (5),
+   g4-facsimile (6),
+   ia5-terminal (7),
+   videotex (8) } (0..ub-integer-options)
+
+-- Extension Domain-defined Attributes
+
+teletex-domain-defined-attributes INTEGER ::= 6
+
+TeletexDomainDefinedAttributes ::= SEQUENCE SIZE
+   (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute
+
+TeletexDomainDefinedAttribute ::= SEQUENCE {
+        type TeletexString
+               (SIZE (1..ub-domain-defined-attribute-type-length)),
+        value TeletexString
+               (SIZE (1..ub-domain-defined-attribute-value-length)) }
+
+--  specifications of Upper Bounds MUST be regarded as mandatory
+--  from Annex B of ITU-T X.411 Reference Definition of MTS Parameter
+--  Upper Bounds
+
+-- Upper Bounds
+ub-name INTEGER ::= 32768
+ub-common-name INTEGER ::= 64
+ub-locality-name INTEGER ::= 128
+ub-state-name INTEGER ::= 128
+ub-organization-name INTEGER ::= 64
+ub-organizational-unit-name INTEGER ::= 64
+ub-title INTEGER ::= 64
+ub-serial-number INTEGER ::= 64
+ub-match INTEGER ::= 128
+ub-emailaddress-length INTEGER ::= 128
+ub-common-name-length INTEGER ::= 64
+ub-country-name-alpha-length INTEGER ::= 2
+ub-country-name-numeric-length INTEGER ::= 3
+ub-domain-defined-attributes INTEGER ::= 4
+ub-domain-defined-attribute-type-length INTEGER ::= 8
+ub-domain-defined-attribute-value-length INTEGER ::= 128
+ub-domain-name-length INTEGER ::= 16
+ub-extension-attributes INTEGER ::= 256
+ub-e163-4-number-length INTEGER ::= 15
+ub-e163-4-sub-address-length INTEGER ::= 40
+ub-generation-qualifier-length INTEGER ::= 3
+ub-given-name-length INTEGER ::= 16
+ub-initials-length INTEGER ::= 5
+ub-integer-options INTEGER ::= 256
+ub-numeric-user-id-length INTEGER ::= 32
+ub-organization-name-length INTEGER ::= 64
+ub-organizational-unit-name-length INTEGER ::= 32
+ub-organizational-units INTEGER ::= 4
+ub-pds-name-length INTEGER ::= 16
+ub-pds-parameter-length INTEGER ::= 30
+ub-pds-physical-address-lines INTEGER ::= 6
+ub-postal-code-length INTEGER ::= 16
+ub-pseudonym INTEGER ::= 128
+ub-surname-length INTEGER ::= 40
+ub-terminal-id-length INTEGER ::= 24
+ub-unformatted-address-length INTEGER ::= 180
+ub-x121-address-length INTEGER ::= 16
+
+-- Note - upper bounds on string types, such as TeletexString, are
+-- measured in characters.  Excepting PrintableString or IA5String, a
+-- significantly greater number of octets will be required to hold
+-- such a value.  As a minimum, 16 octets, or twice the specified
+-- upper bound, whichever is the larger, should be allowed for
+-- TeletexString.  For UTF8String or UniversalString at least four
+-- times the upper bound should be allowed.
+
+END
diff --git a/PKIX1Implicit88-noany.asn b/PKIX1Implicit88-noany.asn
new file mode 100644
index 0000000..aca40ca
--- /dev/null
+++ b/PKIX1Implicit88-noany.asn
@@ -0,0 +1,348 @@
+PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+  security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+IMPORTS
+      id-pe, id-kp, id-qt-unotice, id-qt-cps,
+      -- delete following line if "new" types are supported --
+      /*BMPString, UTF8String,  -- end "new" types --*/
+      ORAddress, Name, RelativeDistinguishedName,
+      CertificateSerialNumber, Attribute, DirectoryString
+      FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+            dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+            id-mod(0) id-pkix1-explicit(18) };
+
+
+-- ISO arc for standard certificate and CRL extensions
+
+id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29}
+
+-- authority key identifier OID and syntax
+
+id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+
+AuthorityKeyIdentifier ::= SEQUENCE {
+    keyIdentifier             [0] KeyIdentifier            OPTIONAL,
+    authorityCertIssuer       [1] GeneralNames             OPTIONAL,
+    authorityCertSerialNumber [2] CertificateSerialNumber  OPTIONAL }
+    -- authorityCertIssuer and authorityCertSerialNumber MUST both
+    -- be present or both be absent
+
+KeyIdentifier ::= OCTET STRING
+
+-- subject key identifier OID and syntax
+
+id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
+
+SubjectKeyIdentifier ::= KeyIdentifier
+
+-- key usage extension OID and syntax
+
+id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
+
+KeyUsage ::= BIT STRING {
+     digitalSignature        (0),
+     nonRepudiation          (1),
+     keyEncipherment         (2),
+     dataEncipherment        (3),
+     keyAgreement            (4),
+     keyCertSign             (5),
+     cRLSign                 (6),
+     encipherOnly            (7),
+     decipherOnly            (8) }
+
+-- private key usage period extension OID and syntax
+
+id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
+
+PrivateKeyUsagePeriod ::= SEQUENCE {
+     notBefore       [0]     GeneralizedTime OPTIONAL,
+     notAfter        [1]     GeneralizedTime OPTIONAL }
+     -- either notBefore or notAfter MUST be present
+
+-- certificate policies extension OID and syntax
+
+id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
+
+anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
+
+CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+
+PolicyInformation ::= SEQUENCE {
+     policyIdentifier   CertPolicyId,
+     policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+             PolicyQualifierInfo OPTIONAL }
+
+CertPolicyId ::= OBJECT IDENTIFIER
+
+PolicyQualifierInfo ::= SEQUENCE {
+       policyQualifierId  PolicyQualifierId,
+       qualifier        OCTET STRING}--ANY DEFINED BY policyQualifierId }
+
+-- Implementations that recognize additional policy qualifiers MUST
+-- augment the following definition for PolicyQualifierId
+
+PolicyQualifierId ::=
+    OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
+
+-- CPS pointer qualifier
+
+CPSuri ::= IA5String
+
+-- user notice qualifier
+
+UserNotice ::= SEQUENCE {
+     noticeRef        NoticeReference OPTIONAL,
+     explicitText     DisplayText OPTIONAL}
+
+NoticeReference ::= SEQUENCE {
+     organization     DisplayText,
+     noticeNumbers    SEQUENCE OF INTEGER }
+
+DisplayText ::= CHOICE {
+     ia5String        IA5String      (SIZE (1..200)),
+     visibleString    VisibleString  (SIZE (1..200)),
+     bmpString        BMPString      (SIZE (1..200)),
+     utf8String       UTF8String     (SIZE (1..200)) }
+
+-- policy mapping extension OID and syntax
+
+id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 }
+
+PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+     issuerDomainPolicy      CertPolicyId,
+     subjectDomainPolicy     CertPolicyId }
+
+-- subject alternative name extension OID and syntax
+
+id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
+
+SubjectAltName ::= GeneralNames
+
+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+GeneralName ::= CHOICE {
+     otherName                       [0]     AnotherName,
+     rfc822Name                      [1]     IA5String,
+     dNSName                         [2]     IA5String,
+     x400Address                     [3]     ORAddress,
+     directoryName                   [4]     Name,
+     ediPartyName                    [5]     EDIPartyName,
+     uniformResourceIdentifier       [6]     IA5String,
+     iPAddress                       [7]     OCTET STRING,
+     registeredID                    [8]     OBJECT IDENTIFIER }
+
+-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
+-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
+
+AnotherName ::= SEQUENCE {
+     type-id    OBJECT IDENTIFIER,
+     value      [0] EXPLICIT OCTET STRING}--ANY DEFINED BY type-id }
+
+EDIPartyName ::= SEQUENCE {
+     nameAssigner            [0]     DirectoryString OPTIONAL,
+     partyName               [1]     DirectoryString }
+
+-- issuer alternative name extension OID and syntax
+
+id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
+
+IssuerAltName ::= GeneralNames
+
+id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 }
+
+SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
+
+-- basic constraints extension OID and syntax
+
+id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
+
+BasicConstraints ::= SEQUENCE {
+     cA                      BOOLEAN DEFAULT FALSE,
+     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
+
+-- name constraints extension OID and syntax
+
+id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 }
+
+NameConstraints ::= SEQUENCE {
+     permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
+     excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
+
+GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
+
+GeneralSubtree ::= SEQUENCE {
+     base                    GeneralName,
+     minimum         [0]     BaseDistance DEFAULT 0,
+     maximum         [1]     BaseDistance OPTIONAL }
+
+BaseDistance ::= INTEGER (0..MAX)
+
+-- policy constraints extension OID and syntax
+
+id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 }
+
+PolicyConstraints ::= SEQUENCE {
+     requireExplicitPolicy           [0] SkipCerts OPTIONAL,
+     inhibitPolicyMapping            [1] SkipCerts OPTIONAL }
+
+SkipCerts ::= INTEGER (0..MAX)
+
+-- CRL distribution points extension OID and syntax
+
+id-ce-cRLDistributionPoints     OBJECT IDENTIFIER  ::=  {id-ce 31}
+
+CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+
+DistributionPoint ::= SEQUENCE {
+     distributionPoint       [0]     DistributionPointName OPTIONAL,
+     reasons                 [1]     ReasonFlags OPTIONAL,
+     cRLIssuer               [2]     GeneralNames OPTIONAL }
+
+DistributionPointName ::= CHOICE {
+     fullName                [0]     GeneralNames,
+     nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
+
+ReasonFlags ::= BIT STRING {
+     unused                  (0),
+     keyCompromise           (1),
+     cACompromise            (2),
+     affiliationChanged      (3),
+     superseded              (4),
+     cessationOfOperation    (5),
+     certificateHold         (6),
+     privilegeWithdrawn      (7),
+     aACompromise            (8) }
+
+-- extended key usage extension OID and syntax
+
+id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
+
+ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+
+KeyPurposeId ::= OBJECT IDENTIFIER
+
+-- permit unspecified key uses
+
+anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
+
+-- extended key purpose OIDs
+
+id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
+id-kp-clientAuth             OBJECT IDENTIFIER ::= { id-kp 2 }
+id-kp-codeSigning            OBJECT IDENTIFIER ::= { id-kp 3 }
+id-kp-emailProtection        OBJECT IDENTIFIER ::= { id-kp 4 }
+id-kp-timeStamping           OBJECT IDENTIFIER ::= { id-kp 8 }
+id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+
+-- inhibit any policy OID and syntax
+
+id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 }
+
+InhibitAnyPolicy ::= SkipCerts
+
+-- freshest (delta)CRL extension OID and syntax
+
+id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 }
+
+FreshestCRL ::= CRLDistributionPoints
+
+-- authority info access
+
+id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+
+AuthorityInfoAccessSyntax  ::=
+        SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+AccessDescription  ::=  SEQUENCE {
+        accessMethod          OBJECT IDENTIFIER,
+        accessLocation        GeneralName  }
+
+-- subject info access
+
+id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
+
+SubjectInfoAccessSyntax  ::=
+        SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+-- CRL number extension OID and syntax
+
+id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+
+CRLNumber ::= INTEGER (0..MAX)
+
+-- issuing distribution point extension OID and syntax
+
+id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
+
+IssuingDistributionPoint ::= SEQUENCE {
+     distributionPoint          [0] DistributionPointName OPTIONAL,
+     onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
+     onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
+     onlySomeReasons            [3] ReasonFlags OPTIONAL,
+     indirectCRL                [4] BOOLEAN DEFAULT FALSE,
+     onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
+
+id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
+
+BaseCRLNumber ::= CRLNumber
+
+-- CRL reasons extension OID and syntax
+
+id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+
+CRLReason ::= ENUMERATED {
+     unspecified             (0),
+     keyCompromise           (1),
+     cACompromise            (2),
+     affiliationChanged      (3),
+     superseded              (4),
+     cessationOfOperation    (5),
+     certificateHold         (6),
+     removeFromCRL           (8),
+     privilegeWithdrawn      (9),
+     aACompromise           (10) }
+
+-- certificate issuer CRL entry extension OID and syntax
+
+id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
+
+CertificateIssuer ::= GeneralNames
+
+-- hold instruction extension OID and syntax
+
+id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
+
+HoldInstructionCode ::= OBJECT IDENTIFIER
+
+-- ANSI x9 holdinstructions
+
+-- ANSI x9 arc holdinstruction arc
+
+holdInstruction OBJECT IDENTIFIER ::=
+          {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
+
+-- ANSI X9 holdinstructions referenced by this standard
+
+id-holdinstruction-none OBJECT IDENTIFIER  ::=
+                {holdInstruction 1} -- deprecated
+
+id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
+                {holdInstruction 2}
+
+id-holdinstruction-reject OBJECT IDENTIFIER ::=
+                {holdInstruction 3}
+
+-- invalidity date CRL entry extension OID and syntax
+
+id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
+
+InvalidityDate ::=  GeneralizedTime
+
+END
diff --git a/PKIX1Implicit88.asn b/PKIX1Implicit88.asn
new file mode 100644
index 0000000..ce6a579
--- /dev/null
+++ b/PKIX1Implicit88.asn
@@ -0,0 +1,348 @@
+PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+  security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+IMPORTS
+      id-pe, id-kp, id-qt-unotice, id-qt-cps,
+      -- delete following line if "new" types are supported --
+      BMPString, UTF8String,  -- end "new" types --
+      ORAddress, Name, RelativeDistinguishedName,
+      CertificateSerialNumber, Attribute, DirectoryString
+      FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+            dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+            id-mod(0) id-pkix1-explicit(18) };
+
+
+-- ISO arc for standard certificate and CRL extensions
+
+id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29}
+
+-- authority key identifier OID and syntax
+
+id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+
+AuthorityKeyIdentifier ::= SEQUENCE {
+    keyIdentifier             [0] KeyIdentifier            OPTIONAL,
+    authorityCertIssuer       [1] GeneralNames             OPTIONAL,
+    authorityCertSerialNumber [2] CertificateSerialNumber  OPTIONAL }
+    -- authorityCertIssuer and authorityCertSerialNumber MUST both
+    -- be present or both be absent
+
+KeyIdentifier ::= OCTET STRING
+
+-- subject key identifier OID and syntax
+
+id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
+
+SubjectKeyIdentifier ::= KeyIdentifier
+
+-- key usage extension OID and syntax
+
+id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
+
+KeyUsage ::= BIT STRING {
+     digitalSignature        (0),
+     nonRepudiation          (1),
+     keyEncipherment         (2),
+     dataEncipherment        (3),
+     keyAgreement            (4),
+     keyCertSign             (5),
+     cRLSign                 (6),
+     encipherOnly            (7),
+     decipherOnly            (8) }
+
+-- private key usage period extension OID and syntax
+
+id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
+
+PrivateKeyUsagePeriod ::= SEQUENCE {
+     notBefore       [0]     GeneralizedTime OPTIONAL,
+     notAfter        [1]     GeneralizedTime OPTIONAL }
+     -- either notBefore or notAfter MUST be present
+
+-- certificate policies extension OID and syntax
+
+id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
+
+anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
+
+CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+
+PolicyInformation ::= SEQUENCE {
+     policyIdentifier   CertPolicyId,
+     policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+             PolicyQualifierInfo OPTIONAL }
+
+CertPolicyId ::= OBJECT IDENTIFIER
+
+PolicyQualifierInfo ::= SEQUENCE {
+       policyQualifierId  PolicyQualifierId,
+       qualifier        ANY DEFINED BY policyQualifierId }
+
+-- Implementations that recognize additional policy qualifiers MUST
+-- augment the following definition for PolicyQualifierId
+
+PolicyQualifierId ::=
+    OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
+
+-- CPS pointer qualifier
+
+CPSuri ::= IA5String
+
+-- user notice qualifier
+
+UserNotice ::= SEQUENCE {
+     noticeRef        NoticeReference OPTIONAL,
+     explicitText     DisplayText OPTIONAL}
+
+NoticeReference ::= SEQUENCE {
+     organization     DisplayText,
+     noticeNumbers    SEQUENCE OF INTEGER }
+
+DisplayText ::= CHOICE {
+     ia5String        IA5String      (SIZE (1..200)),
+     visibleString    VisibleString  (SIZE (1..200)),
+     bmpString        BMPString      (SIZE (1..200)),
+     utf8String       UTF8String     (SIZE (1..200)) }
+
+-- policy mapping extension OID and syntax
+
+id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 }
+
+PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+     issuerDomainPolicy      CertPolicyId,
+     subjectDomainPolicy     CertPolicyId }
+
+-- subject alternative name extension OID and syntax
+
+id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
+
+SubjectAltName ::= GeneralNames
+
+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+GeneralName ::= CHOICE {
+     otherName                       [0]     AnotherName,
+     rfc822Name                      [1]     IA5String,
+     dNSName                         [2]     IA5String,
+     x400Address                     [3]     ORAddress,
+     directoryName                   [4]     Name,
+     ediPartyName                    [5]     EDIPartyName,
+     uniformResourceIdentifier       [6]     IA5String,
+     iPAddress                       [7]     OCTET STRING,
+     registeredID                    [8]     OBJECT IDENTIFIER }
+
+-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
+-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
+
+AnotherName ::= SEQUENCE {
+     type-id    OBJECT IDENTIFIER,
+     value      [0] EXPLICIT ANY DEFINED BY type-id }
+
+EDIPartyName ::= SEQUENCE {
+     nameAssigner            [0]     DirectoryString OPTIONAL,
+     partyName               [1]     DirectoryString }
+
+-- issuer alternative name extension OID and syntax
+
+id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
+
+IssuerAltName ::= GeneralNames
+
+id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 }
+
+SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
+
+-- basic constraints extension OID and syntax
+
+id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
+
+BasicConstraints ::= SEQUENCE {
+     cA                      BOOLEAN DEFAULT FALSE,
+     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
+
+-- name constraints extension OID and syntax
+
+id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 }
+
+NameConstraints ::= SEQUENCE {
+     permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
+     excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
+
+GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
+
+GeneralSubtree ::= SEQUENCE {
+     base                    GeneralName,
+     minimum         [0]     BaseDistance DEFAULT 0,
+     maximum         [1]     BaseDistance OPTIONAL }
+
+BaseDistance ::= INTEGER (0..MAX)
+
+-- policy constraints extension OID and syntax
+
+id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 }
+
+PolicyConstraints ::= SEQUENCE {
+     requireExplicitPolicy           [0] SkipCerts OPTIONAL,
+     inhibitPolicyMapping            [1] SkipCerts OPTIONAL }
+
+SkipCerts ::= INTEGER (0..MAX)
+
+-- CRL distribution points extension OID and syntax
+
+id-ce-cRLDistributionPoints     OBJECT IDENTIFIER  ::=  {id-ce 31}
+
+CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+
+DistributionPoint ::= SEQUENCE {
+     distributionPoint       [0]     DistributionPointName OPTIONAL,
+     reasons                 [1]     ReasonFlags OPTIONAL,
+     cRLIssuer               [2]     GeneralNames OPTIONAL }
+
+DistributionPointName ::= CHOICE {
+     fullName                [0]     GeneralNames,
+     nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
+
+ReasonFlags ::= BIT STRING {
+     unused                  (0),
+     keyCompromise           (1),
+     cACompromise            (2),
+     affiliationChanged      (3),
+     superseded              (4),
+     cessationOfOperation    (5),
+     certificateHold         (6),
+     privilegeWithdrawn      (7),
+     aACompromise            (8) }
+
+-- extended key usage extension OID and syntax
+
+id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
+
+ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+
+KeyPurposeId ::= OBJECT IDENTIFIER
+
+-- permit unspecified key uses
+
+anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
+
+-- extended key purpose OIDs
+
+id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
+id-kp-clientAuth             OBJECT IDENTIFIER ::= { id-kp 2 }
+id-kp-codeSigning            OBJECT IDENTIFIER ::= { id-kp 3 }
+id-kp-emailProtection        OBJECT IDENTIFIER ::= { id-kp 4 }
+id-kp-timeStamping           OBJECT IDENTIFIER ::= { id-kp 8 }
+id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+
+-- inhibit any policy OID and syntax
+
+id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 }
+
+InhibitAnyPolicy ::= SkipCerts
+
+-- freshest (delta)CRL extension OID and syntax
+
+id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 }
+
+FreshestCRL ::= CRLDistributionPoints
+
+-- authority info access
+
+id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+
+AuthorityInfoAccessSyntax  ::=
+        SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+AccessDescription  ::=  SEQUENCE {
+        accessMethod          OBJECT IDENTIFIER,
+        accessLocation        GeneralName  }
+
+-- subject info access
+
+id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
+
+SubjectInfoAccessSyntax  ::=
+        SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+-- CRL number extension OID and syntax
+
+id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+
+CRLNumber ::= INTEGER (0..MAX)
+
+-- issuing distribution point extension OID and syntax
+
+id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
+
+IssuingDistributionPoint ::= SEQUENCE {
+     distributionPoint          [0] DistributionPointName OPTIONAL,
+     onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
+     onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
+     onlySomeReasons            [3] ReasonFlags OPTIONAL,
+     indirectCRL                [4] BOOLEAN DEFAULT FALSE,
+     onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
+
+id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
+
+BaseCRLNumber ::= CRLNumber
+
+-- CRL reasons extension OID and syntax
+
+id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+
+CRLReason ::= ENUMERATED {
+     unspecified             (0),
+     keyCompromise           (1),
+     cACompromise            (2),
+     affiliationChanged      (3),
+     superseded              (4),
+     cessationOfOperation    (5),
+     certificateHold         (6),
+     removeFromCRL           (8),
+     privilegeWithdrawn      (9),
+     aACompromise           (10) }
+
+-- certificate issuer CRL entry extension OID and syntax
+
+id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
+
+CertificateIssuer ::= GeneralNames
+
+-- hold instruction extension OID and syntax
+
+id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
+
+HoldInstructionCode ::= OBJECT IDENTIFIER
+
+-- ANSI x9 holdinstructions
+
+-- ANSI x9 arc holdinstruction arc
+
+holdInstruction OBJECT IDENTIFIER ::=
+          {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
+
+-- ANSI X9 holdinstructions referenced by this standard
+
+id-holdinstruction-none OBJECT IDENTIFIER  ::=
+                {holdInstruction 1} -- deprecated
+
+id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
+                {holdInstruction 2}
+
+id-holdinstruction-reject OBJECT IDENTIFIER ::=
+                {holdInstruction 3}
+
+-- invalidity date CRL entry extension OID and syntax
+
+id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
+
+InvalidityDate ::=  GeneralizedTime
+
+END
diff --git a/a.rb b/a.rb
new file mode 100644
index 0000000..53e06c8
--- /dev/null
+++ b/a.rb
@@ -0,0 +1,53 @@
+require_relative "lib/asn1kit"
+
+src = <<EOF
+UNYA-2017-02-27 { 9 8 7 6 5 4 3 2 1 0 }
+DEFINITIONS EXPLICIT TAGS ::=
+BEGIN
+
+a INTEGER ::= 123
+
+Sequence1 ::= SEQUENCE {
+  int1   [12] IMPLICIT INTEGER DEFAULT a,
+  int2   [PRIVATE 23] EXPLICIT INTEGER,
+  int3 CC DEFAULT a,
+  int4 CC DEFAULT tt,
+  int5 CC DEFAULT 5
+}
+
+CC ::= INTEGER { a(1) }
+tt CC ::= a
+
+id-pkix  OBJECT IDENTIFIER  ::=
+         { iso(1) identified-organization(3) dod(6) internet(1)
+                    security(5) mechanisms(5) pkix(7) }
+id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+
+A ::= SEQUENCE {}
+B ::= A
+C ::= B
+
+Extension  ::=  SEQUENCE  {
+     extnID      OBJECT IDENTIFIER,
+     critical    BOOLEAN DEFAULT FALSE,
+     extnValue   OCTET STRING  }
+
+END
+EOF
+
+#src = File.read("PKIX-CommonTypes-2009.asn1")
+src = File.read("PKIX1Explicit88-noany.asn")
+#src = File.read("PKIX1Implicit88-noany.asn")
+
+puts src
+mod = ASN1Kit.parse(src)
+pp mod
+
+pp cert = mod["Certificate"]
+if cert
+  pem = File.read("/etc/ssl/certs/thawte_Primary_Root_CA.pem")
+  b64 = pem.lines[1..-2].join
+  p der = b64.unpack1("m")
+  pp cert.from_ber(der)
+end
diff --git a/bnf.txt b/bnf.txt
new file mode 100644
index 0000000..3f7ca2d
--- /dev/null
+++ b/bnf.txt
@@ -0,0 +1,630 @@
+ModuleDefinition ::=
+  ModuleIdentifier
+  DEFINITIONS
+  EncodingReferenceDefault
+  TagDefault
+  ExtensionDefault
+  "::="
+  BEGIN
+  ModuleBody
+  EncodingControlSections
+  END
+ModuleIdentifier ::=
+  modulereference
+  DefinitiveIdentification
+DefinitiveIdentification ::=
+  | DefinitiveOID
+  | DefinitiveOIDandIRI
+  | empty
+DefinitiveOID ::=
+  "{" DefinitiveObjIdComponentList "}"
+DefinitiveOIDandIRI ::=
+  DefinitiveOID
+  IRIValue
+DefinitiveObjIdComponentList ::=
+  DefinitiveObjIdComponent
+  | DefinitiveObjIdComponent DefinitiveObjIdComponentList
+DefinitiveObjIdComponent ::=
+  NameForm
+  | DefinitiveNumberForm
+  | DefinitiveNameAndNumberForm
+DefinitiveNumberForm ::= number
+DefinitiveNameAndNumberForm ::= identifier "(" DefinitiveNumberForm ")"
+EncodingReferenceDefault ::=
+  encodingreference INSTRUCTIONS
+  | empty
+TagDefault ::=
+  EXPLICIT TAGS
+  | IMPLICIT TAGS
+  | AUTOMATIC TAGS
+  | empty
+ExtensionDefault ::=
+  EXTENSIBILITY IMPLIED
+  | empty
+ModuleBody ::=
+  Exports Imports AssignmentList
+  | empty
+Exports ::=
+  EXPORTS SymbolsExported ";"
+  | EXPORTS ALL ";"
+  | empty
+SymbolsExported ::=
+  SymbolList
+  | empty
+Imports ::=
+  IMPORTS SymbolsImported ";"
+  | empty
+SymbolsImported ::=
+  SymbolsFromModuleList
+  | empty
+SymbolsFromModuleList ::=
+  SymbolsFromModule
+  | SymbolsFromModuleList SymbolsFromModule
+SymbolsFromModule ::=
+  SymbolList FROM GlobalModuleReference
+GlobalModuleReference ::=
+  modulereference AssignedIdentifier
+AssignedIdentifier ::=
+  ObjectIdentifierValue
+  | DefinedValue
+  | empty
+SymbolList ::=
+  Symbol
+  | SymbolList "," Symbol
+Symbol ::=
+  Reference
+  | ParameterizedReference
+Reference ::=
+  typereference
+  | valuereference
+  | objectclassreference
+  | objectreference
+  | objectsetreference
+AssignmentList ::=
+  Assignment
+  | AssignmentList Assignment
+Assignment ::=
+  TypeAssignment
+  | ValueAssignment
+  | ValueSetTypeAssignment
+  | ObjectClassAssignment
+  | ObjectAssignment
+  | ObjectSetAssignment
+  | ParameterizedAssignment
+DefinedType ::=
+  ExternalTypeReference
+  | typereference
+  | ParameterizedType
+  | ParameterizedValueSetType
+DefinedValue ::=
+  ExternalValueReference
+  | valuereference
+  | ParameterizedValue
+NonParameterizedTypeName ::=
+  ExternalTypeReference
+  | typereference
+  | xmlasn1typename
+ExternalTypeReference ::=
+  modulereference
+  "."
+  typereference
+ExternalValueReference ::=
+  modulereference
+  "."
+  valuereference
+AbsoluteReference ::=
+  "@" ModuleIdentifier
+  "."
+  ItemSpec
+ItemSpec ::=
+  typereference
+  | ItemId "." ComponentId
+ItemId ::= ItemSpec
+ComponentId ::=
+  identifier
+  | number
+  | "*"
+TypeAssignment ::=
+  typereference
+  "::="
+  Type
+ValueAssignment ::=
+  valuereference
+  Type
+  "::="
+  Value
+ValueSetTypeAssignment ::=
+  typereference
+  Type
+  "::="
+  ValueSet
+ValueSet ::= "{" ElementSetSpecs "}"
+Type ::= BuiltinType | ReferencedType | ConstrainedType
+BuiltinType ::=
+  BitStringType
+  | BooleanType
+  | CharacterStringType
+  | ChoiceType
+  | DateType
+  | DateTimeType
+  | DurationType
+  | EmbeddedPDVType
+  | EnumeratedType
+  | ExternalType
+  | InstanceOfType
+  | IntegerType
+  | IRIType
+  | NullType
+  | ObjectClassFieldType
+  | ObjectIdentifierType
+  | OctetStringType
+  | RealType
+  | RelativeIRIType
+  | RelativeOIDType
+  | SequenceType
+  | SequenceOfType
+  | SetType
+  | SetOfType
+  | PrefixedType
+  | TimeType
+  | TimeOfDayType
+ReferencedType ::=
+  DefinedType
+  | UsefulType
+  | SelectionType
+  | TypeFromObject
+  | ValueSetFromObjects
+NamedType ::= identifier Type
+Value ::=
+  BuiltinValue
+  | ReferencedValue
+  | ObjectClassFieldValue
+BuiltinValue ::=
+  BitStringValue
+  | BooleanValue
+  | CharacterStringValue
+  | ChoiceValue
+  | EmbeddedPDVValue
+  | EnumeratedValue
+  | ExternalValue
+  | InstanceOfValue
+  | IntegerValue
+  | IRIValue
+  | NullValue
+  | ObjectIdentifierValue
+  | OctetStringValue
+  | RealValue
+  | RelativeIRIValue
+  | RelativeOIDValue
+  | SequenceValue
+  | SequenceOfValue
+  | SetValue
+  | SetOfValue
+  | PrefixedValue
+  | TimeValue
+ReferencedValue ::=
+  DefinedValue
+  | ValueFromObject
+NamedValue ::= identifier Value
+BooleanType ::=BOOLEAN
+BooleanValue::= TRUE | FALSE
+EmptyElementBoolean ::=
+  "<" & "true" "/>"
+  | "<" & "false" "/>"
+TextBoolean ::=
+  extended-true
+  | extended-false
+IntegerType ::=
+  INTEGER
+  | INTEGER "{" NamedNumberList "}"
+NamedNumberList ::=
+  NamedNumber
+  | NamedNumberList "," NamedNumber
+NamedNumber ::=
+  identifier "(" SignedNumber ")"
+  | identifier "(" DefinedValue ")"
+SignedNumber ::=
+  number
+  | "-" number
+IntegerValue ::=
+  SignedNumber
+  | identifier
+EmptyElementInteger ::=
+  | "<" & identifier "/>"
+TextInteger ::=
+  identifier
+EnumeratedType ::=
+  ENUMERATED "{" Enumerations "}"
+Enumerations ::=
+  RootEnumeration
+  | RootEnumeration "," "..." ExceptionSpec
+  | RootEnumeration "," "..." ExceptionSpec "," AdditionalEnumeration
+RootEnumeration ::= Enumeration
+AdditionalEnumeration ::= Enumeration
+Enumeration ::= EnumerationItem | EnumerationItem "," Enumeration
+EnumerationItem ::= identifier | NamedNumber
+EnumeratedValue ::= identifier
+EmptyElementEnumerated ::= "<" & identifier "/>"
+TextEnumerated ::= identifier
+RealType ::= REAL
+RealValue ::=
+  NumericRealValue
+  | SpecialRealValue
+NumericRealValue ::=
+  realnumber
+  | "-" realnumber
+  | SequenceValue
+SpecialRealValue ::=
+  PLUS-INFINITY
+  | MINUS-INFINITY
+  | NOT-A-NUMBER
+EmptyElementReal ::=
+  "<" & PLUS-INFINITY "/>"
+  | "<" & MINUS-INFINITY "/>"
+  | "<" & NOT-A-NUMBER "/>"
+TextReal ::=
+  "INF"
+  | "-" & "INF"
+  | "NaN"
+BitStringType ::=
+  BIT STRING
+  | BIT STRING "{" NamedBitList "}"
+NamedBitList ::=
+  NamedBit
+  | NamedBitList "," NamedBit
+NamedBit ::=
+  identifier "(" number ")"
+  | identifier "(" DefinedValue ")"
+BitStringValue ::=
+  bstring
+  | hstring
+  | "{" IdentifierList "}"
+  | "{" "}"
+  | CONTAINING Value
+IdentifierList ::=
+  identifier
+  | IdentifierList "," identifier
+EmptyElementList ::=
+  "<" & identifier "/>"
+  | EmptyElementList "<" & identifier "/>"
+TextList ::=
+  identifier
+  | TextList identifier
+OctetStringType ::= OCTET STRING
+OctetStringValue ::=
+  bstring
+  | hstring
+  | CONTAINING Value
+NullType ::= NULL
+NullValue ::= NULL
+SequenceType ::=
+  SEQUENCE "{" "}"
+  | SEQUENCE "{" ExtensionAndException OptionalExtensionMarker "}"
+  | SEQUENCE "{" ComponentTypeLists "}"
+ExtensionAndException ::= "..." | "..." ExceptionSpec
+OptionalExtensionMarker ::= "," "..." | empty
+ComponentTypeLists ::=
+  RootComponentTypeList
+  | RootComponentTypeList "," ExtensionAndException ExtensionAdditions
+  OptionalExtensionMarker
+  | RootComponentTypeList "," ExtensionAndException ExtensionAdditions
+  ExtensionEndMarker "," RootComponentTypeList
+  | ExtensionAndException ExtensionAdditions ExensionEndMarker ","
+  RootComponentTypeList
+  | ExtensionAndException ExtensionAdditions OptionalExtensionMarker
+RootComponentTypeList ::= ComponentTypeList
+ExtensionEndMarker ::= "," "..."
+ExtensionAdditions ::=
+  "," ExtensionAdditionList
+  | empty
+ExtensionAdditionList ::=
+  ExtensionAddition
+  | ExtensionAdditionList "," ExtensionAddition
+ExtensionAddition ::=
+  ComponentType
+  | ExtensionAdditionGroup
+ExtensionAdditionGroup ::= "[[" VersionNumber ComponentTypeList "]]"
+VersionNumber ::= empty | number ":"
+ComponentTypeList ::=
+  ComponentType
+  | ComponentTypeList "," ComponentType
+ComponentType ::=
+  NamedType
+  | NamedType OPTIONAL
+  | NamedType DEFAULT Value
+  | COMPONENTS OF Type
+SequenceValue ::=
+  "{" ComponentValueList "}"
+  | "{" "}"
+ComponentValueList ::=
+  NamedValue
+  | ComponentValueList "," NamedValue
+SequenceOfType ::= SEQUENCE OF Type | SEQUENCE OF NamedType
+SequenceOfValue ::=
+  "{" ValueList "}"
+  | "{" NamedValueList "}"
+  | "{" "}"
+ValueList ::=
+  Value
+  | ValueList "," Value
+NamedValueList ::=
+  NamedValue
+  | NamedValueList "," NamedValue
+SetType ::=
+  SET "{" "}"
+  | SET "{" ExtensionAndException OptionalExtensionMarker "}"
+  | SET "{" ComponentTypeLists "}"
+SetValue ::=
+  "{" ComponentValueList "}"
+  | "{" "}"
+SetOfType ::=
+  SET OF Type
+  | SET OF NamedType
+SetOfValue ::=
+  "{" ValueList "}"
+  | "{" NamedValueList "}"
+  | "{" "}"
+ChoiceType ::= CHOICE "{" AlternativeTypeLists "}"
+AlternativeTypeLists ::=
+  RootAlternativeTypeList
+  | RootAlternativeTypeList ","
+  ExtensionAndException ExtensionAdditionAlternatives
+  OptionalExtensionMarker
+RootAlternativeTypeList ::= AlternativeTypeList
+ExtensionAdditionAlternatives ::=
+  "," ExtensionAdditionAlternativesList
+  | empty
+ExtensionAdditionAlternativesList ::=
+  ExtensionAdditionAlternative
+  | ExtensionAdditionAlternativesList "," ExtensionAdditionAlternative
+ExtensionAdditionAlternative ::=
+  ExtensionAdditionAlternativesGroup
+  | NamedType
+ExtensionAdditionAlternativesGroup ::=
+  "[[" VersionNumber AlternativeTypeList "]]"
+AlternativeTypeList ::=
+  NamedType
+  | AlternativeTypeList "," NamedType
+ChoiceValue ::= identifier ":" Value
+SelectionType ::= identifier "<" Type
+PrefixedType ::=
+  TaggedType
+  | EncodingPrefixedType
+PrefixedValue ::= Value
+EncodingPrefixedType ::=
+  EncodingPrefix Type
+EncodingPrefix ::=
+  "[" EncodingReference EncodingInstruction "]"
+TaggedType ::=
+  Tag Type
+  | Tag IMPLICIT Type
+  | Tag EXPLICIT Type
+Tag ::= "[" EncodingReference Class ClassNumber "]"
+EncodingReference ::=
+encodingreference ":"
+  | empty
+ClassNumber ::=
+  number
+  | DefinedValue
+Class ::=
+  UNIVERSAL
+  | APPLICATION
+  | PRIVATE
+  | empty
+EncodingPrefixedType ::=
+  EncodingPrefix Type
+EncodingPrefix ::=
+  "[" EncodingReference EncodingInstruction "]"
+ObjectIdentifierType ::=
+  OBJECT IDENTIFIER
+ObjectIdentifierValue ::=
+  "{" ObjIdComponentsList "}"
+  | "{" DefinedValue ObjIdComponentsList "}"
+ObjIdComponentsList ::=
+  ObjIdComponents
+  | ObjIdComponents ObjIdComponentsList
+ObjIdComponents ::=
+  NameForm
+  | NumberForm
+  | NameAndNumberForm
+  | DefinedValue
+NameForm ::= identifier
+NumberForm ::= number | DefinedValue
+NameAndNumberForm ::=
+  identifier "(" NumberForm ")"
+RelativeOIDType ::= RELATIVE-OID
+RelativeOIDValue ::=
+  "{" RelativeOIDComponentsList "}"
+RelativeOIDComponentsList ::=
+  RelativeOIDComponents
+  | RelativeOIDComponents RelativeOIDComponentsList
+RelativeOIDComponents ::=
+  NumberForm
+  | NameAndNumberForm
+  | DefinedValue
+IRIType ::= OID-IRI
+IRIValue ::=
+  """
+  FirstArcIdentifier
+  SubsequentArcIdentifier
+  """
+FirstArcIdentifier ::=
+  "/" ArcIdentifier
+SubsequentArcIdentifier ::=
+  "/" ArcIdentifier SubsequentArcIdentifier
+  | empty
+ArcIdentifier ::=
+  integerUnicodeLabel
+  | non-integerUnicodeLabel
+RelativeIRIType ::= RELATIVE-OID-IRI
+RelativeIRIValue ::=
+  """
+  FirstRelativeArcIdentifier
+  SubsequentArcIdentifier
+  """
+FirstRelativeArcIdentifier ::=
+  ArcIdentifier
+EmbeddedPDVType ::= EMBEDDED PDV
+EmbeddedPDVValue ::= SequenceValue
+ExternalType ::= EXTERNAL
+ExternalValue ::= SequenceValue
+TimeType ::= TIME
+TimeValue ::= tstring
+DateType ::= DATE
+TimeOfDayType ::= TIME-OF-DAY
+DateTimeType ::= DATE-TIME
+DurationType ::= DURATION
+CharacterStringType ::=
+  RestrictedCharacterStringType
+  | UnrestrictedCharacterStringType
+CharacterStringValue ::=
+  RestrictedCharacterStringValue
+  | UnrestrictedCharacterStringValue
+RestrictedCharacterStringType ::=
+  BMPString
+  | GeneralString
+  | GraphicString
+  | IA5String
+  | ISO646String
+  | NumericString
+  | PrintableString
+  | TeletexString
+  | T61String
+  | UniversalString
+  | UTF8String
+  | VideotexString
+  | VisibleString
+RestrictedCharacterStringValue ::=
+  cstring
+  | CharacterStringList
+  | Quadruple
+  | Tuple
+CharacterStringList ::= "{" CharSyms "}"
+CharSyms ::=
+  CharsDefn
+  | CharSyms "," CharsDefn
+CharsDefn ::=
+  cstring
+  | Quadruple
+  | Tuple
+  | DefinedValue
+Quadruple ::= "{" Group "," Plane "," Row "," Cell "}"
+Group ::= number
+Plane ::= number
+Row ::= number
+Cell ::= number
+Tuple ::= "{" TableColumn "," TableRow "}"
+TableColumn ::= number
+TableRow ::= number
+UnrestrictedCharacterStringType ::= CHARACTER STRING
+UnrestrictedCharacterStringValue ::= SequenceValue
+UsefulType ::= typereference
+he following character string types are defined in 41.1:
+  UTF8String GraphicString
+  NumericString VisibleString
+  PrintableString ISO646String
+  TeletexString GeneralString
+  T61String UniversalString
+  VideotexString BMPString
+  IA5String
+he following useful types are defined in clauses 46 to 48:
+  GeneralizedTime
+  UTCTime
+  ObjectDescriptor
+he following productions are used in clauses 49 to 51:
+ConstrainedType ::=
+  Type Constraint
+  | TypeWithConstraint
+TypeWithConstraint ::=
+  SET Constraint OF Type
+  | SET SizeConstraint OF Type
+  | SEQUENCE Constraint OF Type
+  | SEQUENCE SizeConstraint OF Type
+  | SET Constraint OF NamedType
+  | SET SizeConstraint OF NamedType
+  | SEQUENCE Constraint OF NamedType
+  | SEQUENCE SizeConstraint OF NamedType
+Constraint ::= "(" ConstraintSpec ExceptionSpec ")"
+ConstraintSpec ::= SubtypeConstraint
+  | GeneralConstraint
+SubtypeConstraint ::= ElementSetSpecs
+ElementSetSpecs ::=
+  RootElementSetSpec
+  | RootElementSetSpec "," "..."
+  | RootElementSetSpec "," "..." "," AdditionalElementSetSpec
+RootElementSetSpec ::= ElementSetSpec
+AdditionalElementSetSpec ::= ElementSetSpec
+ElementSetSpec ::= Unions
+  | ALL Exclusions
+Unions ::= Intersections
+  | UElems UnionMark Intersections
+UElems ::= Unions
+Intersections ::= IntersectionElements
+  | IElems IntersectionMark IntersectionElements
+IElems ::= Intersections
+IntersectionElements ::= Elements | Elems Exclusions
+Elems ::= Elements
+Exclusions ::= EXCEPT Elements
+UnionMark ::= "|" | UNION
+IntersectionMark ::= "^" | INTERSECTION
+Elements ::=
+  SubtypeElements
+  | ObjectSetElements
+  | "(" ElementSetSpec ")"
+SubtypeElements ::=
+  SingleValue
+  | ContainedSubtype
+  | ValueRange
+  | PermittedAlphabet
+  | SizeConstraint
+  | TypeConstraint
+  | InnerTypeConstraints
+  | PatternConstraint
+  | PropertySettings
+  | DurationRange
+  | TimePointRange
+  | RecurrenceRange
+SingleValue ::= Value
+ContainedSubtype ::= Includes Type
+Includes ::= INCLUDES | empty
+ValueRange ::= LowerEndpoint ".." UpperEndpoint
+LowerEndpoint ::= LowerEndValue | LowerEndValue "<"
+UpperEndpoint ::= UpperEndValue | "<" UpperEndValue
+LowerEndValue ::= Value | MIN
+UpperEndValue ::= Value | MAX
+SizeConstraint ::= SIZE Constraint
+TypeConstraint ::= Type
+PermittedAlphabet ::= FROM Constraint
+InnerTypeConstraints ::=
+  WITH COMPONENT SingleTypeConstraint
+  | WITH COMPONENTS MultipleTypeConstraints
+SingleTypeConstraint::= Constraint
+MultipleTypeConstraints ::=
+  FullSpecification
+  | PartialSpecification
+FullSpecification ::= "{" TypeConstraints "}"
+PartialSpecification ::= "{" "..." "," TypeConstraints "}"
+TypeConstraints ::=
+  NamedConstraint
+  | NamedConstraint "," TypeConstraints
+NamedConstraint ::=
+  identifier ComponentConstraint
+ComponentConstraint ::= ValueConstraint PresenceConstraint
+ValueConstraint ::= Constraint | empty
+PresenceConstraint ::= PRESENT | ABSENT | OPTIONAL | empty
+PatternConstraint ::= PATTERN Value
+PropertySettings ::= SETTINGS simplestring
+PropertySettingsList ::=
+  PropertyAndSettingPair
+  | PropertySettingsList PropertyAndSettingPair
+PropertyAndSettingPair ::= PropertyName "=" SettingName
+PropertyName ::= psname
+SettingName ::= psname
+DurationRange ::= ValueRange
+TimePointRange ::= ValueRange
+RecurrenceRange ::= ValueRange
+ExceptionSpec ::= "!" ExceptionIdentification | empty
+ExceptionIdentification ::=
+  SignedNumber
+  | DefinedValue
+| Type ":" Value
diff --git a/old b/old
new file mode 100644
index 0000000..d196a34
--- /dev/null
+++ b/old
@@ -0,0 +1,202 @@
+UNYA-2017-02-27 { 9 8 7 6 5 4 3 2 1 0 }
+DEFINITIONS EXPLICIT TAGS ::=
+BEGIN
+
+a INTEGER ::= 123
+
+Sequence1 ::= SEQUENCE {
+  int1   [12] IMPLICIT INTEGER DEFAULT a,
+  int2   [PRIVATE 23] EXPLICIT INTEGER,
+  int3 CC DEFAULT a,
+  int4 CC DEFAULT tt,
+  int5 CC DEFAULT 5
+}
+
+CC ::= INTEGER { a(1) }
+tt CC ::= a
+
+id-pkix  OBJECT IDENTIFIER  ::=
+         { iso(1) identified-organization(3) dod(6) internet(1)
+                    security(5) mechanisms(5) pkix(7) }
+id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
+id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+
+A ::= SEQUENCE {}
+B ::= A
+C ::= B
+
+Extension  ::=  SEQUENCE  {
+     extnID      OBJECT IDENTIFIER,
+     critical    BOOLEAN DEFAULT FALSE,
+     extnValue   OCTET STRING  }
+
+END
+[:kTYPEREFERENCE, "UNYA-2017-02-27"]
+["{", "{"]
+[:kNUMBER, 9]
+[:kNUMBER, 8]
+[:kNUMBER, 7]
+[:kNUMBER, 6]
+[:kNUMBER, 5]
+[:kNUMBER, 4]
+[:kNUMBER, 3]
+[:kNUMBER, 2]
+[:kNUMBER, 1]
+[:kNUMBER, 0]
+["}", "}"]
+[:DEFINITIONS, "DEFINITIONS"]
+[:EXPLICIT, "EXPLICIT"]
+[:TAGS, "TAGS"]
+["::=", "::="]
+[:BEGIN, "BEGIN"]
+[:kIDENTIFIER, "a"]
+[:INTEGER, "INTEGER"]
+["::=", "::="]
+[:kNUMBER, 123]
+[:kTYPEREFERENCE, "Sequence1"]
+["::=", "::="]
+[:SEQUENCE, "SEQUENCE"]
+["{", "{"]
+[:kIDENTIFIER, "int1"]
+["[", "["]
+[:kNUMBER, 12]
+["]", "]"]
+[:IMPLICIT, "IMPLICIT"]
+[:INTEGER, "INTEGER"]
+[:DEFAULT, "DEFAULT"]
+[:kIDENTIFIER, "a"]
+[",", ","]
+[:kIDENTIFIER, "int2"]
+["[", "["]
+[:PRIVATE, "PRIVATE"]
+[:kNUMBER, 23]
+["]", "]"]
+[:EXPLICIT, "EXPLICIT"]
+[:INTEGER, "INTEGER"]
+[",", ","]
+[:kIDENTIFIER, "int3"]
+[:kTYPEREFERENCE, "CC"]
+[:DEFAULT, "DEFAULT"]
+[:kIDENTIFIER, "a"]
+[",", ","]
+[:kIDENTIFIER, "int4"]
+[:kTYPEREFERENCE, "CC"]
+[:DEFAULT, "DEFAULT"]
+[:kIDENTIFIER, "tt"]
+[",", ","]
+[:kIDENTIFIER, "int5"]
+[:kTYPEREFERENCE, "CC"]
+[:DEFAULT, "DEFAULT"]
+[:kNUMBER, 5]
+["}", "}"]
+[:kTYPEREFERENCE, "CC"]
+["::=", "::="]
+[:INTEGER, "INTEGER"]
+["{", "{"]
+[:kIDENTIFIER, "a"]
+["(", "("]
+[:kNUMBER, 1]
+[")", ")"]
+["}", "}"]
+[:kIDENTIFIER, "tt"]
+[:kTYPEREFERENCE, "CC"]
+["::=", "::="]
+[:kIDENTIFIER, "a"]
+[:kIDENTIFIER, "id-pkix"]
+[:OBJECT, "OBJECT"]
+[:IDENTIFIER, "IDENTIFIER"]
+["::=", "::="]
+["{", "{"]
+[:kIDENTIFIER, "iso"]
+["(", "("]
+[:kNUMBER, 1]
+[")", ")"]
+[:kIDENTIFIER, "identified-organization"]
+["(", "("]
+[:kNUMBER, 3]
+[")", ")"]
+[:kIDENTIFIER, "dod"]
+["(", "("]
+[:kNUMBER, 6]
+[")", ")"]
+[:kIDENTIFIER, "internet"]
+["(", "("]
+[:kNUMBER, 1]
+[")", ")"]
+[:kIDENTIFIER, "security"]
+["(", "("]
+[:kNUMBER, 5]
+[")", ")"]
+[:kIDENTIFIER, "mechanisms"]
+["(", "("]
+[:kNUMBER, 5]
+[")", ")"]
+[:kIDENTIFIER, "pkix"]
+["(", "("]
+[:kNUMBER, 7]
+[")", ")"]
+["}", "}"]
+[:kIDENTIFIER, "id-kp"]
+[:OBJECT, "OBJECT"]
+[:IDENTIFIER, "IDENTIFIER"]
+["::=", "::="]
+["{", "{"]
+[:kIDENTIFIER, "id-pkix"]
+[:kNUMBER, 3]
+["}", "}"]
+[:kIDENTIFIER, "id-kp-OCSPSigning"]
+[:OBJECT, "OBJECT"]
+[:IDENTIFIER, "IDENTIFIER"]
+["::=", "::="]
+["{", "{"]
+[:kIDENTIFIER, "id-kp"]
+[:kNUMBER, 9]
+["}", "}"]
+[:kTYPEREFERENCE, "A"]
+["::=", "::="]
+[:SEQUENCE, "SEQUENCE"]
+["{", "{"]
+["}", "}"]
+[:kTYPEREFERENCE, "B"]
+["::=", "::="]
+[:kTYPEREFERENCE, "A"]
+[:kTYPEREFERENCE, "C"]
+["::=", "::="]
+[:kTYPEREFERENCE, "B"]
+[:kTYPEREFERENCE, "Extension"]
+["::=", "::="]
+[:SEQUENCE, "SEQUENCE"]
+["{", "{"]
+[:kIDENTIFIER, "extnID"]
+[:OBJECT, "OBJECT"]
+[:IDENTIFIER, "IDENTIFIER"]
+[",", ","]
+[:kIDENTIFIER, "critical"]
+[:BOOLEAN, "BOOLEAN"]
+[:DEFAULT, "DEFAULT"]
+[:FALSE, "FALSE"]
+[",", ","]
+[:kIDENTIFIER, "extnValue"]
+[:OCTET, "OCTET"]
+[:STRING, "STRING"]
+["}", "}"]
+[:END, "END"]
+[false, nil]
+#<ASN1Kit::Module:0x0055cea1726210
+ @name="UNYA-2017-02-27",
+ @oid=#<<OBJECT IDENTIFIER> { 9 8 7 6 5 4 3 2 1 0 }>,
+ @symbols=
+  {"Sequence1"=>
+    #<(Sequence1) SEQUENCE { int1 #<[12] INTEGER> DEFAULT {a}, int2 #<[PRIVATE 23] INTEGER>, int3 <CC> DEFAULT #<<CC> 1>, int4 <CC> DEFAULT {tt}, int5 <CC> DEFAULT #<<CC> 5> }>,
+   "CC"=>#<(CC) INTEGER { a(1) }>,
+   "A"=>#<(A) SEQUENCE {  }>,
+   "B"=>#<(B) SEQUENCE {  }>,
+   "C"=>#<(C) SEQUENCE {  }>,
+   "Extension"=>
+    #<(Extension) SEQUENCE { extnID <OBJECT IDENTIFIER>, critical <BOOLEAN> DEFAULT #<<BOOLEAN> false>, extnValue <OCTET STRING> }>,
+   "a"=>#<(a)<INTEGER> 123>,
+   "tt"=>#<(tt)<CC> 1>,
+   "id-pkix"=>#<(id-pkix)<OBJECT IDENTIFIER> { 1 3 6 1 5 5 7 }>,
+   "id-kp"=>#<(id-kp)<OBJECT IDENTIFIER> { 1 3 6 1 5 5 7 3 }>,
+   "id-kp-OCSPSigning"=>
+    #<(id-kp-OCSPSigning)<OBJECT IDENTIFIER> { 1 3 6 1 5 5 7 3 9 }>}>
diff --git a/q.rb b/q.rb
new file mode 100644
index 0000000..c46b30b
--- /dev/null
+++ b/q.rb
@@ -0,0 +1,32 @@
+require "asn1"
+
+# CertID ::= SEQUENCE {
+#     hashAlgorithm      AlgorithmIdentifier,
+#     issuerNameHash     OCTET STRING,
+#     issuerKeyHash      OCTET STRING,
+#     serialNumber       CertificateSerialNumber }
+
+
+# TBSRequest      ::=     SEQUENCE {
+#     version             [0]     EXPLICIT Version DEFAULT v1,
+#     requestorName       [1]     EXPLICIT GeneralName OPTIONAL,
+#     requestList                 SEQUENCE OF Request,
+#     requestExtensions   [2]     EXPLICIT Extensions OPTIONAL }
+#
+# Version  ::=  INTEGER  {  v1(0) }
+
+Version = ASN1Kit::Integer["v1" => 0]
+GeneralName = ASN1Kit::Import
+TBSRequest = ASN1Kit::Sequence(
+  ["version", Version, tagging: :explicit, tag_number: 0],
+  ["requestorName", GeneralName, tagging: :explicit, tag_number: 1],
+  ["requestList", ASN1Kit::SequenceOf(Request)],
+  ["requestExtensions", Extensions, ]
+)
+
+TBSRequest = ASN1Kit::Sequence[
+  ["version", Version.subtype(tagging: :explicit, tag_number: 0), default: Version.new("v1")],
+  ["requestorName", GeneralName, tagging: :explicit, tag_number: 1),
+  ["requestList", ASN1Kit::SequenceOf(Request)],
+  ["requestExtensions", Extensions, explicit: optional: true]
+]
diff --git a/rfc3280-PKIX1Implicit88.asn1 b/rfc3280-PKIX1Implicit88.asn1
new file mode 100644
index 0000000..37c2020
--- /dev/null
+++ b/rfc3280-PKIX1Implicit88.asn1
@@ -0,0 +1,391 @@
+
+-- 
+-- ASN.1 module found by ./crfc2asn1.pl in ./rfc3280.txt at line 5850
+-- 
+
+PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1)
+  security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) }
+
+DEFINITIONS IMPLICIT TAGS ::=
+
+BEGIN
+
+-- EXPORTS ALL --
+
+IMPORTS
+      id-pe, id-kp, id-qt-unotice, id-qt-cps,
+      -- delete following line if "new" types are supported --
+/* Legacy constructs deleted by ./crfc2asn1.pl:
+      BMPString, UTF8String,  -- end "new" types --
+ */
+      ORAddress, Name, RelativeDistinguishedName,
+      CertificateSerialNumber, Attribute, DirectoryString
+      FROM PKIX1Explicit88 { iso(1) identified-organization(3)
+            dod(6) internet(1) security(5) mechanisms(5) pkix(7)
+            id-mod(0) id-pkix1-explicit(18) };
+
+
+-- ISO arc for standard certificate and CRL extensions
+
+id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29}
+
+-- authority key identifier OID and syntax
+
+id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 }
+
+
+
+
+
+
+
+
+
+
+AuthorityKeyIdentifier ::= SEQUENCE {
+    keyIdentifier             [0] KeyIdentifier            OPTIONAL,
+    authorityCertIssuer       [1] GeneralNames             OPTIONAL,
+    authorityCertSerialNumber [2] CertificateSerialNumber  OPTIONAL }
+    -- authorityCertIssuer and authorityCertSerialNumber MUST both
+    -- be present or both be absent
+
+KeyIdentifier ::= OCTET STRING
+
+-- subject key identifier OID and syntax
+
+id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 }
+
+SubjectKeyIdentifier ::= KeyIdentifier
+
+-- key usage extension OID and syntax
+
+id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }
+
+KeyUsage ::= BIT STRING {
+     digitalSignature        (0),
+     nonRepudiation          (1),
+     keyEncipherment         (2),
+     dataEncipherment        (3),
+     keyAgreement            (4),
+     keyCertSign             (5),
+     cRLSign                 (6),
+     encipherOnly            (7),
+     decipherOnly            (8) }
+
+-- private key usage period extension OID and syntax
+
+id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::=  { id-ce 16 }
+
+PrivateKeyUsagePeriod ::= SEQUENCE {
+     notBefore       [0]     GeneralizedTime OPTIONAL,
+     notAfter        [1]     GeneralizedTime OPTIONAL }
+     -- either notBefore or notAfter MUST be present
+
+-- certificate policies extension OID and syntax
+
+id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 }
+
+anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 }
+
+CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
+
+PolicyInformation ::= SEQUENCE {
+
+
+
+
+
+     policyIdentifier   CertPolicyId,
+     policyQualifiers   SEQUENCE SIZE (1..MAX) OF
+             PolicyQualifierInfo OPTIONAL }
+
+CertPolicyId ::= OBJECT IDENTIFIER
+
+PolicyQualifierInfo ::= SEQUENCE {
+       policyQualifierId  PolicyQualifierId,
+       qualifier        ANY DEFINED BY policyQualifierId }
+
+-- Implementations that recognize additional policy qualifiers MUST
+-- augment the following definition for PolicyQualifierId
+
+PolicyQualifierId ::=
+    OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )
+
+-- CPS pointer qualifier
+
+CPSuri ::= IA5String
+
+-- user notice qualifier
+
+UserNotice ::= SEQUENCE {
+     noticeRef        NoticeReference OPTIONAL,
+     explicitText     DisplayText OPTIONAL}
+
+NoticeReference ::= SEQUENCE {
+     organization     DisplayText,
+     noticeNumbers    SEQUENCE OF INTEGER }
+
+DisplayText ::= CHOICE {
+     ia5String        IA5String      (SIZE (1..200)),
+     visibleString    VisibleString  (SIZE (1..200)),
+     bmpString        BMPString      (SIZE (1..200)),
+     utf8String       UTF8String     (SIZE (1..200)) }
+
+-- policy mapping extension OID and syntax
+
+id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 }
+
+PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+     issuerDomainPolicy      CertPolicyId,
+     subjectDomainPolicy     CertPolicyId }
+
+-- subject alternative name extension OID and syntax
+
+id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 }
+
+
+
+
+
+
+SubjectAltName ::= GeneralNames
+
+GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
+
+GeneralName ::= CHOICE {
+     otherName                       [0]     AnotherName,
+     rfc822Name                      [1]     IA5String,
+     dNSName                         [2]     IA5String,
+     x400Address                     [3]     ORAddress,
+     directoryName                   [4]     Name,
+     ediPartyName                    [5]     EDIPartyName,
+     uniformResourceIdentifier       [6]     IA5String,
+     iPAddress                       [7]     OCTET STRING,
+     registeredID                    [8]     OBJECT IDENTIFIER }
+
+-- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as
+-- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax
+
+AnotherName ::= SEQUENCE {
+     type-id    OBJECT IDENTIFIER,
+     value      [0] EXPLICIT ANY DEFINED BY type-id }
+
+EDIPartyName ::= SEQUENCE {
+     nameAssigner            [0]     DirectoryString OPTIONAL,
+     partyName               [1]     DirectoryString }
+
+-- issuer alternative name extension OID and syntax
+
+id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 }
+
+IssuerAltName ::= GeneralNames
+
+id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 }
+
+SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute
+
+-- basic constraints extension OID and syntax
+
+id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }
+
+BasicConstraints ::= SEQUENCE {
+     cA                      BOOLEAN DEFAULT FALSE,
+     pathLenConstraint       INTEGER (0..MAX) OPTIONAL }
+
+-- name constraints extension OID and syntax
+
+id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 }
+
+
+
+
+
+
+NameConstraints ::= SEQUENCE {
+     permittedSubtrees       [0]     GeneralSubtrees OPTIONAL,
+     excludedSubtrees        [1]     GeneralSubtrees OPTIONAL }
+
+GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
+
+GeneralSubtree ::= SEQUENCE {
+     base                    GeneralName,
+     minimum         [0]     BaseDistance DEFAULT 0,
+     maximum         [1]     BaseDistance OPTIONAL }
+
+BaseDistance ::= INTEGER (0..MAX)
+
+-- policy constraints extension OID and syntax
+
+id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 }
+
+PolicyConstraints ::= SEQUENCE {
+     requireExplicitPolicy           [0] SkipCerts OPTIONAL,
+     inhibitPolicyMapping            [1] SkipCerts OPTIONAL }
+
+SkipCerts ::= INTEGER (0..MAX)
+
+-- CRL distribution points extension OID and syntax
+
+id-ce-cRLDistributionPoints     OBJECT IDENTIFIER  ::=  {id-ce 31}
+
+CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
+
+DistributionPoint ::= SEQUENCE {
+     distributionPoint       [0]     DistributionPointName OPTIONAL,
+     reasons                 [1]     ReasonFlags OPTIONAL,
+     cRLIssuer               [2]     GeneralNames OPTIONAL }
+
+DistributionPointName ::= CHOICE {
+     fullName                [0]     GeneralNames,
+     nameRelativeToCRLIssuer [1]     RelativeDistinguishedName }
+
+ReasonFlags ::= BIT STRING {
+     unused                  (0),
+     keyCompromise           (1),
+     cACompromise            (2),
+     affiliationChanged      (3),
+     superseded              (4),
+     cessationOfOperation    (5),
+     certificateHold         (6),
+     privilegeWithdrawn      (7),
+     aACompromise            (8) }
+
+
+
+
+
+-- extended key usage extension OID and syntax
+
+id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37}
+
+ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
+
+
+KeyPurposeId ::= OBJECT IDENTIFIER
+
+-- permit unspecified key uses
+
+anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
+
+-- extended key purpose OIDs
+
+id-kp-serverAuth             OBJECT IDENTIFIER ::= { id-kp 1 }
+id-kp-clientAuth             OBJECT IDENTIFIER ::= { id-kp 2 }
+id-kp-codeSigning            OBJECT IDENTIFIER ::= { id-kp 3 }
+id-kp-emailProtection        OBJECT IDENTIFIER ::= { id-kp 4 }
+id-kp-timeStamping           OBJECT IDENTIFIER ::= { id-kp 8 }
+id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+
+-- inhibit any policy OID and syntax
+
+id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 }
+
+InhibitAnyPolicy ::= SkipCerts
+
+-- freshest (delta)CRL extension OID and syntax
+
+id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 }
+
+FreshestCRL ::= CRLDistributionPoints
+
+-- authority info access
+
+id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
+
+AuthorityInfoAccessSyntax  ::=
+        SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+AccessDescription  ::=  SEQUENCE {
+        accessMethod          OBJECT IDENTIFIER,
+        accessLocation        GeneralName  }
+
+-- subject info access
+
+id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 }
+
+
+
+
+
+SubjectInfoAccessSyntax  ::=
+        SEQUENCE SIZE (1..MAX) OF AccessDescription
+
+-- CRL number extension OID and syntax
+
+id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 }
+
+CRLNumber ::= INTEGER (0..MAX)
+
+-- issuing distribution point extension OID and syntax
+
+id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 }
+
+IssuingDistributionPoint ::= SEQUENCE {
+     distributionPoint          [0] DistributionPointName OPTIONAL,
+     onlyContainsUserCerts      [1] BOOLEAN DEFAULT FALSE,
+     onlyContainsCACerts        [2] BOOLEAN DEFAULT FALSE,
+     onlySomeReasons            [3] ReasonFlags OPTIONAL,
+     indirectCRL                [4] BOOLEAN DEFAULT FALSE,
+     onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE }
+
+id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
+
+BaseCRLNumber ::= CRLNumber
+
+-- CRL reasons extension OID and syntax
+
+id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 }
+
+CRLReason ::= ENUMERATED {
+     unspecified             (0),
+     keyCompromise           (1),
+     cACompromise            (2),
+     affiliationChanged      (3),
+     superseded              (4),
+     cessationOfOperation    (5),
+     certificateHold         (6),
+     removeFromCRL           (8),
+     privilegeWithdrawn      (9),
+     aACompromise           (10) }
+
+-- certificate issuer CRL entry extension OID and syntax
+
+id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 }
+
+CertificateIssuer ::= GeneralNames
+
+-- hold instruction extension OID and syntax
+
+
+
+
+
+id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 }
+
+HoldInstructionCode ::= OBJECT IDENTIFIER
+
+-- ANSI x9 holdinstructions
+
+-- ANSI x9 arc holdinstruction arc
+
+holdInstruction OBJECT IDENTIFIER ::=
+          {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2}
+
+-- ANSI X9 holdinstructions referenced by this standard
+
+id-holdinstruction-none OBJECT IDENTIFIER  ::=
+                {holdInstruction 1} -- deprecated
+
+id-holdinstruction-callissuer OBJECT IDENTIFIER ::=
+                {holdInstruction 2}
+
+id-holdinstruction-reject OBJECT IDENTIFIER ::=
+                {holdInstruction 3}
+
+-- invalidity date CRL entry extension OID and syntax
+
+id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 }
+
+InvalidityDate ::=  GeneralizedTime
+
+END
diff --git a/strip-rfc-delimiters.rb b/strip-rfc-delimiters.rb
new file mode 100644
index 0000000..1628d01
--- /dev/null
+++ b/strip-rfc-delimiters.rb
@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+
+while gets
+  next if $_ =~ /^[A-Z].*\[Page \d+\]$/
+  next if $_ =~ /^\x0c$/
+  next if $_ =~ /^RFC \d+ .* \d{4}$/
+
+  print $_
+end
diff --git a/tt.rb b/tt.rb
new file mode 100644
index 0000000..88f9293
--- /dev/null
+++ b/tt.rb
@@ -0,0 +1,24 @@
+class A
+end
+
+class B < A
+end
+
+module M
+  refine(A) {
+    def abc
+      puts "abc in A"
+    end
+  }
+
+  refine(B) {
+    def abc
+      super
+      puts "abc in B"
+    end
+  }
+end
+
+using M
+
+B.new.abc