A Certificate Revocation List (CRL) is a ByteString containing the DER encoded form (see X690) of an X.509 v3 CRL. The CRL is issued by certifying authority and contains the serial numbers of the Certificates issued by that authority which are no longer valid. All CRLs shall have the extension defined in Table 43. The extension is defined completely in RFC 5280.
Table 46 – Certificate Revocation List Extensions
|authorityKeyIdentifier||Provides more information about the key used to sign the CRL.|