6.2.5 Certificate Revocation List (CRL)
A Certificate Revocation List (CRL) is a ByteString containing the DER encoded form (see X.690) of an X.509 v3 CRL. The CRL is issued by certifying authority and contains the serial numbers of the Certificates issued by that authority which are no longer valid. All CRLs shall have the extension defined in Table 50. The extension is defined completely in IETF RFC 5280.
| Extension | Description |
|---|---|
authorityKeyIdentifier | Provides more information about the key used to sign the CRL. |