2.5.29.31 - CRL Distribution Points

OID value: 2.5.29.31

OID description:
id-ce-CRLDistributionPoints

This extension field shall be used only as a certificate extension and may be used in both CA-certificates and end-entity certificates. This field identifies the CRL distribution point or points to which a certificate user should refer to ascertain if the certificate has been revoked. A certificate user can obtain a CRL from an applicable distribution point or it can obtain a current complete CRL from the CA directory entry.

This extension may, at the option of the certificate issuer, be either critical or non-critical.

cRLDistributionPoints EXTENSION ::= {
	SYNTAX CRLDistPointSyntax
	IDENTIFIED BY id-ce-cRLDistributionPoints
}

CRLDistPointSyntax ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint

DistributionPoint ::= SEQUENCE {
	distributionPoint [0] DistributionPointName OPTIONAL,
	reasons		  [1] ReasonFlags OPTIONAL,
	cRLIssuer	  [2] GeneralNames OPTIONAL
}

DistributionPointName ::= CHOICE {
	fullname	[0] GeneralNames,
	nameRelativeToCRLIssuer [1] RelativeDistinguishedName
}

ReasonFlags ::= BIT STRING {
	unused(0),
	keyCompromise(1),
	cACompromise(2)
	affiliationChanged(3),
	superseded(4),
	cessationOfOperation(5),
	certificateHold(6)
}

Superior references

• 2.5.29 - certificateExtension (id-ce)
• 2.5 - X.500 Directory Services
• 2 - ISO/ITU-T jointly assigned OIDs
• Top of OID tree