B.4. CRL Extensions

B.4.1. About CRL Extensions

Since its initial publication, the X.509 standard for CRL formats has been amended to include additional information within a CRL. This information is added through CRL extensions.
The extensions defined by ANSI X9 and ISO/IEC/ITU for X.509 CRLs [X.509] [X9.55] allow additional attributes to be associated with CRLs. The Internet X.509 Public Key Infrastructure Certificate and CRL Profile, available at RFC 5280, recommends a set of extensions to be used in CRLs. These extensions are called standard CRL extensions.
The standard also allows custom extensions to be created and included in CRLs. These extensions are called private, proprietary, or custom CRL extensions and carry information unique to an organization or business. Applications may not able to validate CRLs that contain private critical extensions, so it is not recommended that custom extensions be used in a general context.

NOTE

Abstract Syntax Notation One (ASN.1) and Distinguished Encoding Rules (DER) standards are specified in the CCITT Recommendations X.208 and X.209. For a quick summary of ASN.1 and DER, see A Layman's Guide to a Subset of ASN.1, BER, and DER, which is available at RSA Laboratories' web site, http://www.rsa.com.

B.4.1.1. Structure of CRL Extensions

A CRL extension consists of the following parts:
  • The object identifier (OID) for the extension. This identifier uniquely identifies the extension. It also determines the ASN.1 type of value in the value field and how the value is interpreted. When an extension appears in a CRL, the OID appears as the extension ID field (extnID) and the corresponding ASN.1 encoded structure appears as the value of the octet string (extnValue); examples are shown in Example B.3, “Sample Pretty-Print Certificate Extensions”.
  • A flag or Boolean field called critical.
    The true or false value assigned to this field indicates whether the extension is critical or noncritical to the CRL.
    • If the extension is critical and the CRL is sent to an application that does not understand the extension based on the extension's ID, the application must reject the CRL.
    • If the extension is not critical and the CRL is sent to an application that does not understand the extension based on the extension's ID, the application can ignore the extension and accept the CRL.
  • An octet string containing the DER encoding of the value of the extension.
The application receiving the CRL checks the extension ID to determine if it can recognize the ID. If it can, it uses the extension ID to determine the type of value used.

B.4.1.2. Sample CRL and CRL Entry Extensions

The following is an example of an X.509 CRL version 2 extension. The Certificate System can display CRLs in readable pretty-print format, as shown here. As shown in the example, CRL extensions appear in sequence and only one instance of a particular extension may appear per CRL; for example, a CRL may contain only one Authority Key Identifier extension. However, CRL-entry extensions appear in appropriate entries in the CRL.
Certificate Revocation List: 
    Data: 
        Version:  v2 
        Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5 
        Issuer: CN=Certificate Authority,O=Example Domain 
        This Update: Wednesday, July 29, 2009 8:59:48 AM GMT-08:00 
        Next Update: Friday, July 31, 2009 8:59:48 AM GMT-08:00 
        Revoked Certificates: 1-3 of 3 
            Serial Number: 0x11 
            Revocation Date: Thursday, July 23, 2009 10:07:15 AM GMT-08:00 
            Extensions: 
                Identifier: Revocation Reason - 2.5.29.21 
                    Critical: no 
                    Reason: Privilege_Withdrawn 
            Serial Number: 0x1A 
            Revocation Date: Wednesday, July 29, 2009 8:50:11 AM GMT-08:00 
            Extensions: 
                Identifier: Revocation Reason - 2.5.29.21 
                    Critical: no 
                    Reason: Certificate_Hold 
                Identifier: Invalidity Date - 2.5.29.24 
                    Critical: no 
                    Invalidity Date: Sun Jul 26 23:00:00 GMT-08:00 2009 
            Serial Number: 0x19 
            Revocation Date: Wednesday, July 29, 2009 8:50:49 AM GMT-08:00 
            Extensions: 
                Identifier: Revocation Reason - 2.5.29.21 
                    Critical: no 
                    Reason: Key_Compromise 
                Identifier: Invalidity Date - 2.5.29.24 
                    Critical: no 
                    Invalidity Date: Fri Jul 24 23:00:00 GMT-08:00 2009 
    Extensions: 
        Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 
            Critical: no 
            Access Description: 
                Method #0: ocsp 
                Location #0: URIName: http://example.com:9180/ca/ocsp 
        Identifier: Issuer Alternative Name - 2.5.29.18 
            Critical: no 
            Issuer Names: 
                DNSName: example.com 
        Identifier: Authority Key Identifier - 2.5.29.35 
            Critical: no 
            Key Identifier: 
                50:52:0C:AA:22:AC:8A:71:E3:91:0C:C5:77:21:46:9C: 
                0F:F8:30:60 
        Identifier: Freshest CRL - 2.5.29.46 
            Critical: no 
            Number of Points: 1 
            Point 0 
                Distribution Point: [URIName: http://server.example.com:9180/ca/ee/ca/getCRL?op=getDeltaCRL&crlIssuingPoint=MasterCRL] 
        Identifier: CRL Number - 2.5.29.20 
            Critical: no 
            Number: 39 
        Identifier: Issuing Distribution Point - 2.5.29.28 
            Critical: yes 
            Distribution Point: 
                Full Name: 
                    URIName: http://example.com:9180/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL 
            Only Contains User Certificates: no 
            Only Contains CA Certificates: no 
            Indirect CRL: no 
    Signature: 
        Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5 
        Signature: 
            47:D2:CD:C9:E5:F5:9D:56:0A:97:31:F5:D5:F2:51:EB: 
            1F:CF:FA:9E:63:D4:80:13:85:E5:D8:27:F0:69:67:B5: 
            89:4F:59:5E:69:E4:39:93:61:F2:E3:83:51:0B:68:26: 
            CD:99:C4:A2:6C:2B:06:43:35:36:38:07:34:E4:93:80: 
            99:2F:79:FB:76:E8:3D:4C:15:5A:79:4E:E5:3F:7E:FC: 
            D8:78:0D:1D:59:A0:4C:14:42:B7:22:92:89:38:3A:4C: 
            4A:3A:06:DE:13:74:0E:E9:63:74:D0:2F:46:A1:03:37: 
            92:F0:93:D9:AA:F8:13:C5:06:25:02:B0:FD:3B:41:E7: 
            62:6F:67:A3:9F:F5:FA:03:41:DA:8D:FD:EA:2F:E3:2B: 
            3E:F8:E9:CC:3B:9F:E4:ED:73:F2:9E:B9:54:14:C1:34: 
            68:A7:33:8F:AF:38:85:82:40:A2:06:97:3C:B4:88:43: 
            7B:AF:5D:87:C4:47:63:4A:11:65:E3:75:55:4D:98:97: 
            C2:2E:62:08:A4:04:35:5A:FE:0A:5A:6E:F1:DE:8E:15: 
            27:1E:0F:87:33:14:16:2E:57:F7:DC:77:BE:D2:75:AB: 
            A9:7C:42:1F:84:6D:40:EC:E7:ED:84:F8:14:16:28:33: 
            FD:11:CD:C5:FC:49:B7:7B:39:57:B3:E6:36:E5:CD:B6
A delta CRL is a subset of the CRL which contains only the changes since the last CRL was published. Any CRL which contains the delta CRL indicator extension is a delta CRL.
ertificate Revocation List: 
    Data: 
        Version:  v2 
        Signature Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5 
        Issuer: CN=Certificate Authority,O=SjcRedhat Domain 
        This Update: Wednesday, July 29, 2009 9:02:28 AM GMT-08:00 
        Next Update: Thursday, July 30, 2009 9:02:28 AM GMT-08:00 
        Revoked Certificates: 
            Serial Number: 0x1A 
            Revocation Date: Wednesday, July 29, 2009 9:00:48 AM GMT-08:00 
            Extensions: 
                Identifier: Revocation Reason - 2.5.29.21 
                    Critical: no 
                    Reason: Remove_from_CRL 
            Serial Number: 0x17 
            Revocation Date: Wednesday, July 29, 2009 9:02:16 AM GMT-08:00 
            Extensions: 
                Identifier: Revocation Reason - 2.5.29.21 
                    Critical: no 
                    Reason: Certificate_Hold 
                Identifier: Invalidity Date - 2.5.29.24 
                    Critical: no 
                    Invalidity Date: Mon Jul 27 23:00:00 GMT-08:00 2009 
    Extensions: 
        Identifier: Authority Info Access: - 1.3.6.1.5.5.7.1.1 
            Critical: no 
            Access Description: 
                Method #0: ocsp 
                Location #0: URIName: http://server.example.com:9180/ca/ocsp
        Identifier: Delta CRL Indicator - 2.5.29.27    
            Critical: yes 
            Base CRL Number: 39 
        Identifier: Issuer Alternative Name - 2.5.29.18 
            Critical: no 
            Issuer Names: 
                DNSName: a-f8.sjc.redhat.com 
        Identifier: Authority Key Identifier - 2.5.29.35 
            Critical: no 
            Key Identifier: 
                50:52:0C:AA:22:AC:8A:71:E3:91:0C:C5:77:21:46:9C: 
                0F:F8:30:60 
        Identifier: CRL Number - 2.5.29.20 
            Critical: no 
            Number: 41 
        Identifier: Issuing Distribution Point - 2.5.29.28 
            Critical: yes 
            Distribution Point: 
                Full Name: 
                    URIName: http://server.example.com:9180/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL 
            Only Contains User Certificates: no 
            Only Contains CA Certificates: no 
            Indirect CRL: no 
    Signature: 
        Algorithm: SHA1withRSA - 1.2.840.113549.1.1.5 
        Signature: 
            68:28:DA:90:D5:39:CB:6D:BE:42:04:77:C9:E4:09:60: 
            C1:97:A6:99:AB:A0:5B:A2:F3:8B:5E:4E:D6:05:70:B0: 
            87:1F:D7:0E:4B:C6:B2:DE:8B:92:D8:7C:3B:36:1C:79: 
            96:2A:64:E6:7A:25:1D:E7:40:62:48:7A:24:C9:9D:11: 
            A6:7F:BB:6B:03:A0:9C:1D:BC:1C:EE:9A:4B:A6:48:2C: 
            3B:5E:2B:B1:70:3C:C3:42:96:28:26:AB:82:18:F2:E9: 
            F2:55:48:A8:7E:7F:FE:D4:3D:0B:EA:A2:2F:4E:E6:C3: 
            C3:C1:6A:E5:C6:85:5B:42:B1:70:2A:C6:E1:D9:0C:AF: 
            DA:01:22:FF:80:6E:2E:A7:E5:34:DC:AF:E6:C2:B5:B3: 
            1B:FC:28:36:8A:91:4A:22:E7:03:A5:ED:4E:62:0C:D9: 
            7F:81:BB:80:99:B8:61:2A:02:C6:9C:41:2E:01:82:21: 
            80:82:69:52:BD:B2:AA:DB:0F:80:0A:7E:2A:F3:15:32: 
            69:D2:40:0D:39:59:93:75:A2:ED:24:70:FB:EE:19:C0: 
            BE:A2:14:36:D0:AC:E8:E2:EE:23:83:DD:BC:DF:38:1A: 
            9E:37:AF:E3:50:D9:47:9D:22:7C:36:35:BF:13:2C:16: 
            A2:79:CF:05:41:88:8E:B6:A2:4E:B3:48:6D:69:C6:38

B.4.2. Standard X.509 v3 CRL Extensions Reference

In addition to certificate extensions, the X.509 proposed standard defines extensions to CRLs, which provide methods for associating additional attributes with Internet CRLs. These are one of two kinds: extensions to the CRL itself and extensions to individual certificate entries in the CRL.

B.4.2.1. Extensions for CRLs

The following CRL descriptions are defined as part of the Internet X.509 v3 Public Key Infrastructure proposed standard.
B.4.2.1.1. authorityInfoAccess
The Authority Information Access extension identifies how delta CRL information is obtained. The freshestCRL extension is placed in the full CRL to indicate where to find the latest delta CRL.
OID
1.3.6.1.5.5.7.1.1
Criticality
PKIX requires that this extension must not be critical.
Parameters
 

Table B.32. Authority Infomation Access Configuration Parameters

Parameter Description
enable Specifies whether the rule is enabled or disabled. The default is to have this extension disabled.
critical Sets whether the extension is marked as critical; the default is noncritical.
numberOfAccessDescriptions
Indicates the number of access descriptions, from 0 to any positive integer; the default is 0.
When setting this parameter to an integer other than 0, set the number, and then click OK to close the window. Re-open the edit window for the rule, and the fields to set the points will be present.
accessMethodn The only accepted value for this parameter is caIssuers. The caIssuers method is used when the information available lists certificates that can be used to verify the signature on the CRL. No other method should be used when the AIA extension is included in a CRL.
accessLocationTypen Specifies the type of access location for the n access description. The options are either DirectoryName or URI.
accessLocationn
If accessLocationType is set to DirectoryName, the value must be a string in the form of an X.500 name, similar to the subject name in a certificate. For example, CN=CACentral,OU=Research Dept,O=Example Corporation,C=US.
If accessLocationType is set to URI, the name must be a URI; the URI must be an absolute pathname and must specify the host. For example, http://testCA.example.com/get/crls/here/.

B.4.2.1.2. authorityKeyIdentifier
The Authority Key Identifier extension for a CRL identifies the public key corresponding to the private key used to sign the CRL. For details, see the discussion under certificate extensions at Section B.3.2, “authorityKeyIdentifier”.
The PKIX standard recommends that the CA must include this extension in all CRLs it issues because a CA's public key can change, for example, when the key gets updated, or the CA may have multiple signing keys because of multiple concurrent key pairs or key changeover. In these cases, the CA ends up with more than one key pair. When verifying a signature on a certificate, other applications need to know which key was used in the signature.
OID
2.5.29.35
Parameters
 

Table B.33. AuthorityKeyIdentifierExt Configuration Parameters

Parameter Description
enable Specifies whether the rule is enabled or disabled. The default is to have this extension disabled.
critical Sets whether the extension is marked as critical; the default is noncritical.

B.4.2.1.3. CRLNumber
The CRLNumber extension specifies a sequential number for each CRL issued by a CA. It allows users to easily determine when a particular CRL supersedes another CRL. PKIX requires that all CRLs have this extension.
OID
2.5.29.20
Criticality
This extension must not be critical.
Parameters
 

Table B.34. CRLNumber Configuration Parameters

Parameter Description
enable Specifies whether the rule is enabled, which is the default.
critical Sets whether the extension is marked as critical; the default is noncritical.

B.4.2.1.4. deltaCRLIndicator
The deltaCRLIndicator extension generates a delta CRL, a list only of certificates that have been revoked since the last CRL; it also includes a reference to the base CRL. This updates the local database while ignoring unchanged information already in the local database. This can significantly improve processing time for applications that store revocation information in a format other than the CRL structure.
OID
2.5.29.27
Criticality
PKIX requires that this extension be critical if it exists.
Parameters
 

Table B.35. DeltaCRL Configuration Parameters

Parameter Description
enable Sets whether the rule is enabled. By default, it is disabled.
critical Sets whether the extension is critical or noncritical. By default, this is critical.

B.4.2.1.5. FreshestCRL
The freshestCRL extension identifies how delta CRL information is obtained. The freshestCRL extension is placed in the full CRL to indicate where to find the latest delta CRL.
OID
2.5.29.27
Criticality
PKIX requires that this extension must be noncritical.
Parameters
 

Table B.36. FreshestCRL Configuration Parameters

Parameter Description
enable Sets whether the extension rule is enabled. By default, this is disabled.
critical Marks the extension as critical or noncritical. The default is noncritical.
numPoints Indicates the number of issuing points for the delta CRL, from 0 to any positive integer; the default is 0. When setting this to an integer other than 0, set the number, and then click OK to close the window. Re-open the edit window for the rule, and the fields to set these points will be present.
pointTypen Specifies the type of issuing point for the n issuing point. For each number specified in numPoints, there is an equal number of pointType parameters. The options are either DirectoryName or URIName.
pointNamen
If pointType is set to directoryName, the value must be a string in the form of an X.500 name, similar to the subject name in a certificate. For example, CN=CACentral,OU=Research Dept,O=Example Corporation,C=US.
If pointType is set to URIName, the name must be a URI; the URI must be an absolute pathname and must specify the host. For example, http://testCA.example.com/get/crls/here/.

B.4.2.1.6. issuerAltName
The Issuer Alternative Name extension allows additional identities to be associated with the issuer of the CRL, like binding attributes such as a mail address, a DNS name, an IP address (both IPv4 and IPv6), and a uniform resource indicator (URI), with the issuer of the CRL. For details, see the discussion under certificate extensions at Section B.3.7, “issuerAltName Extension”.
OID
2.5.29.18
Parameters
 

Table B.37. IssuerAlternativeName Configuration Parameters

Parameter Description
enable Sets whether the extension rule is enabled; by default, this is disabled.
critical Sets whether the extension is critical; by default, this is noncritical.
numNames Sets the total number of alternative names or identities permitted in the extension. Each name has a set of configuration parameters, nameType and name, which must have appropriate values or the rule returns an error. Change the total number of identities by changing the value specified in this field; there is no limit on the total number of identities that can be included in the extension. Each set of configuration parameters is distinguished by an integer derived from the value of this field. For example, if the numNames parameter is set to 2, the derived integers are 0 and 1.
nameTypen
Specifies the general-name type; this can be any of the following:
  • rfc822Name if the name is an Internet mail address.
  • directoryName if the name is an X.500 directory name.
  • dNSName if the name is a DNS name.
  • ediPartyName if the name is a EDI party name.
  • URL if the name is a URI (default).
  • iPAddress if the name is an IP address. An IPv4 address must be in the format n.n.n.n or n.n.n.n,m.m.m.m. For example, 128.21.39.40 or 128.21.39.40,255.255.255.00. An IPv6 address uses a 128-bit namespace, with the IPv6 address separated by colons and the netmask separated by periods. For example, 0:0:0:0:0:0:13.1.68.3, FF01::43, 0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:255.255.255.0, and FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000.
  • OID if the name is an object identifier.
  • otherName if the name is in any other name form; this supports PrintableString, IA5String, UTF8String, BMPString, Any, and KerberosName.
namen
Specifies the general-name value; the allowed values depend on the name type specified in the nameType field.
  • For rfc822Name, the value must be a valid Internet mail address in the local-part@domain format.
  • For directoryName, the value must be a string X.500 name, similar to the subject name in a certificate. For example, CN=CACentral,OU=Research Dept,O=Example Corporation,C=US.
  • For dNSName, the value must be a valid domain name in the DNS format. For example, testCA.example.com.
  • For ediPartyName, the name must be an IA5String. For example, Example Corporation.
  • For URL, the value must be a non-relative URI. For example, http://testCA.example.com.
  • For iPAddress, the value must be a valid IP address specified in dot-separated numeric component notation. It can be the IP address or the IP address including the netmask. An IPv4 address must be in the format n.n.n.n or n.n.n.n,m.m.m.m. For example, 128.21.39.40 or 128.21.39.40,255.255.255.00. An IPv6 address uses a 128-bit namespace, with the IPv6 address separated by colons and the netmask separated by periods. For example, 0:0:0:0:0:0:13.1.68.3, FF01::43, 0:0:0:0:0:0:13.1.68.3,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:255.255.255.0, and FF01::43,FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FF00:0000.
  • For OID, the value must be a unique, valid OID specified in the dot-separated numeric component notation. For example, 1.2.3.4.55.6.5.99. Although custom OIDs can be used to evaluate and test the server, in a production environment, comply with the ISO rules for defining OIDs and for registering subtrees of IDs.
  • For otherName, the names can be any other format; this supports PrintableString, IA5String, UTF8String, BMPString, Any, and KerberosName. PrintableString, IA5String, UTF8String, BMPString, and Any set a string to a base-64 encoded file specifying the subtree, such as /var/lib/pki-ca/othername.txt. KerberosName has the format Realm|NameType|NameStrings, such as realm1|0|userID1,userID2. The name must be the absolute path to the file that contains the general name in its base-64 encoded format. For example, /var/lib/pki-ca/extn/ian/othername.txt.

B.4.2.1.7. issuingDistributionPoint
The Issuing Distribution Point CRL extension identifies the CRL distribution point for a particular CRL and indicates what kinds of revocation it covers, such as revocation of end-entity certificates only, CA certificates only, or revoked certificates that have a limited set of reason codes.
PKIX Part I does not require this extension.
OID
2.5.29.28
Criticality
PKIX requires that this extension be critical if it exists.
Parameters
 

Table B.38. IssuingDistributionPoint Configuration Parameters

Parameter Description
enable Sets whether the extension is enabled; the default is disabled.
critical Marks the extension as critical, the default, or noncritical.
pointType
Specifies the type of the issuing distribution point from the following:
  • directoryName specifies that the type is an X.500 directory name.
  • URIName specifies that the type is a uniform resource indicator.
pointName
Gives the name of the issuing distribution point. The name of the distribution point depends on the value specified for the pointType parameter.
  • For directoryName, the name must be an X.500 name. For example, cn=CRLCentral,ou=Research Dept,o=Example Corporation,c=US.
  • For URIName, the name must be a URI that is an absolute pathname and specifies the host. For example, http://testCA.example.com/get/crls/here/.

NOTE

The CRL may be stored in the directory entry corresponding to the CRL issuing point, which may be different than the directory entry of the CA.
onlySomeReasons
Specifies the reason codes associated with the distribution point.
Permissible values are a combination of reason codes (unspecified, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold, and removeFromCRL) separated by commas. Leave the field blank if the distribution point contains revoked certificates with all reason codes (default).
onlyContainsCACerts Specifies that the distribution point contains user certificates only if set. By default, this is not set, which means the distribution point contains all types of certificates.
indirectCRL Specifies that the distribution point contains an indirect CRL; by default, this is not selected.

B.4.2.2. CRL Entry Extensions

The sections that follow lists the CRL entry extension types that are defined as part of the Internet X.509 v3 Public Key Infrastructure proposed standard. All of these extensions are noncritical.
B.4.2.2.1. certificateIssuer
The Certificate Issuer extension identifies the certificate issuer associated with an entry in an indirect CRL.
This extension is used only with indirect CRLs, which are not supported by the Certificate System.
OID
2.5.29.29
B.4.2.2.2. invalidityDate
The Invalidity Date extension provides the date on which the private key was compromised or that the certificate otherwise became invalid.
OID
2.5.29.24
Parameters
 

Table B.39. InvalidityDate Configuration Parameters

Parameter Description
enable Sets whether the extension rule is enabled or disabled. By default, this is enabled.
critical Marks the extension as critical or noncritical; by default, this is noncritical.

B.4.2.2.3. CRLReason
The Reason Code extension identifies the reason for certificate revocation.
OID
2.5.29.21
Parameters
 

Table B.40. CRLReason Configuration Parameters

Parameter Description
enable Sets whether the extension rule is enabled or disabled. By default, this is enabled.
critical Marks the extension as critical or noncritical. By default, this is noncritical.

B.4.3. Netscape-Defined Certificate Extensions Reference

Netscape defined certain certificate extensions for its products. Some of the extensions are now obsolete, and others have been superseded by the extensions defined in the X.509 proposed standard. All Netscape extensions should be tagged as noncritical, so that their presence in a certificate does not make that certificate incompatible with other clients.

B.4.3.1. netscape-cert-type

The Netscape Certificate Type extension can be used to limit the purposes for which a certificate can be used. It has been replaced by the X.509 v3 extensions Section B.3.6, “extKeyUsage” and Section B.3.3, “basicConstraints”.
If the extension exists in a certificate, it limits the certificate to the uses specified in it. If the extension is not present, the certificate can be used for all applications, except for object signing.
The value is a bit-string, where the individual bit positions, when set, certify the certificate for particular uses as follows:
  • bit 0: SSL Client certificate
  • bit 1: SSL Server certificate
  • bit 2: S/MIME certificate
  • bit 5: SSL CA certificate
  • bit 6: S/MIME CA certificate
OID
2.16.840.1.113730.1

B.4.3.2. netscape-comment

The value of this extension is an IA5String. It is a comment that can be displayed to the user when the certificate is viewed.
OID
2.16.840.1.113730.13