A Certificate Revocation List (CRL) is a ByteStringcontaining the DER encoded form (see X690) of an X.509 v3 CRL. The CRL is issued by certifying authority and contains the serial numbers of the Certificatesissued by that authority which are no longer valid. All CRLs shall have the extension defined in Table 43. The extension is defined completely in RFC 5280.

Table 46– Certificate Revocation List Extensions

Extension

Description

authorityKeyIdentifier

Provides more information about the key used to sign the CRL.