#
# format: tab-separated values
#         <feature> <name> <oid> <short name> <description>
#
# if <name> is "" then no constant will be written
#

x509	OID_USERID	0.9.2342.19200300.100.1.1	uid	User ID
x509	OID_DOMAIN_COMPONENT	0.9.2342.19200300.100.1.25	domainComponent	Domain component

x509	OID_SIG_GOST_R3411_94_WITH_R3410_2001	1.2.643.2.2.3	id-GostR3411-94-with-GostR3410-2001	GOST R 3411-94 with GOST R 3410-2001
x509	OID_GOST_R3410_2001	1.2.643.2.2.19	gostR3410-2001	GOST R 34.10-2001

x509	OID_KEY_TYPE_GOST_R3410_2012_256	1.2.643.7.1.1.1.1	gost3410-2012-256	GOST R 34.10-2012 public keys with 256 bits private key length
x509	OID_KEY_TYPE_GOST_R3410_2012_512	1.2.643.7.1.1.1.2	gost3410-2012-512	GOST R 34.10-2012 public keys with 512 bits private key length
x509	OID_SIG_GOST_R3410_2012_256	1.2.643.7.1.1.3.2	id-tc26-signwithdigest-gost3410-12-256	GOST R 34.10-2012 signature algorithm with 256-bit key length and GOST R 34.11-2012 hash function with 256-bit hash code
x509	OID_SIG_GOST_R3410_2012_512	1.2.643.7.1.1.3.3	id-tc26-signwithdigest-gost3410-12-512	GOST R 34.10-2012 signature algorithm with 512-bit key length and GOST R 34.11-2012 hash function with 512-bit hash code

x509	OID_KEY_TYPE_DSA	1.2.840.10040.4.1	id-dsa	DSA subject public key
x509	OID_SIG_DSA_WITH_SHA1	1.2.840.10040.4.3	dsa-with-sha1	DSA signature generated with SHA-1 algorithm

x962	OID_KEY_TYPE_EC_PUBLIC_KEY	1.2.840.10045.2.1	id-ecPublicKey	Elliptic curve public key cryptography

x962	OID_SIG_ECDSA_WITH_SHA224	1.2.840.10045.4.3.1	ecdsa-with-SHA224	Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure Hash Algorithm 224 (SHA224) algorithm
x962	OID_SIG_ECDSA_WITH_SHA256	1.2.840.10045.4.3.2	ecdsa-with-SHA256	Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure Hash Algorithm 256 (SHA256) algorithm
x962	OID_SIG_ECDSA_WITH_SHA384	1.2.840.10045.4.3.3	ecdsa-with-SHA384	Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure Hash Algorithm 384 (SHA384) algorithm
x962	OID_SIG_ECDSA_WITH_SHA512	1.2.840.10045.4.3.4	ecdsa-with-SHA512	Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure Hash Algorithm 512 (SHA512) algorithm

x962	OID_EC_P256	1.2.840.10045.3.1.7	prime256v1	P-256 elliptic curve parameter

pkcs1	OID_PKCS1_RSAENCRYPTION	1.2.840.113549.1.1.1	rsaEncryption	RSAES-PKCS1-v1_5 encryption scheme
pkcs1	OID_PKCS1_MD2WITHRSAENC	1.2.840.113549.1.1.2	md2WithRSAEncryption	MD2 with RSA encryption
pkcs1	OID_PKCS1_MD4WITHRSAENC	1.2.840.113549.1.1.3	md4WithRSAEncryption	MD4 with RSA encryption
pkcs1	OID_PKCS1_MD5WITHRSAENC	1.2.840.113549.1.1.4	md5WithRSAEncryption	MD5 with RSA encryption
pkcs1	OID_PKCS1_SHA1WITHRSA	1.2.840.113549.1.1.5	sha1WithRSAEncryption	SHA1 with RSA encryption

pkcs1	OID_PKCS1_RSASSAPSS	1.2.840.113549.1.1.10	rsassa-pss	RSA Signature Scheme with Probabilistic Signature Scheme (RSASSA-PSS)
pkcs1	OID_PKCS1_SHA256WITHRSA	1.2.840.113549.1.1.11	sha256WithRSAEncryption	SHA256 with RSA encryption
pkcs1	OID_PKCS1_SHA384WITHRSA	1.2.840.113549.1.1.12	sha384WithRSAEncryption	SHA384 with RSA encryption
pkcs1	OID_PKCS1_SHA512WITHRSA	1.2.840.113549.1.1.13	sha512WithRSAEncryption	SHA512 with RSA encryption
pkcs1	OID_PKCS1_SHA224WITHRSA	1.2.840.113549.1.1.14	sha224WithRSAEncryption	SHA224 with RSA encryption

pkcs7	OID_PKCS7_ID_DATA	1.2.840.113549.1.7.1	pkcs7-data	pkcs7-data
pkcs7	OID_PKCS7_ID_SIGNED_DATA	1.2.840.113549.1.7.2	pkcs7-signedData	PKCS#7 Signed Data
pkcs7	OID_PKCS7_ID_ENVELOPED_DATA	1.2.840.113549.1.7.3	pkcs7-envelopedData	PKCS#7 Enveloped Data
pkcs7	OID_PKCS7_ID_SIGNED_ENVELOPED_DATA	1.2.840.113549.1.7.4	pkcs7-signedAndEnvelopedData	PKCS#7 Signed and Enveloped Data
pkcs7	OID_PKCS7_ID_DIGESTED_DATA	1.2.840.113549.1.7.5	pkcs7-digestedData	PKCS#7 Digested Data
pkcs7	OID_PKCS7_ID_ENCRYPTED_DATA	1.2.840.113549.1.7.6	pkcs7-encryptedData	PKCS#7 Encrypted Data

pkcs9	OID_PKCS9_EMAIL_ADDRESS	1.2.840.113549.1.9.1	emailAddress	Email Address attribute for use in signatures
pkcs9	OID_PKCS9_UNSTRUCTURED_NAME	1.2.840.113549.1.9.2	unstructuredName	PKCS#9 unstructuredName
pkcs9	OID_PKCS9_CONTENT_TYPE	1.2.840.113549.1.9.3	contentType	id-contentType
pkcs9	OID_PKCS9_ID_MESSAGE_DIGEST	1.2.840.113549.1.9.4	id-messageDigest	id-messageDigest
pkcs9	OID_PKCS9_SIGNING_TIME	1.2.840.113549.1.9.5	signing-time	id-signingTime

pkcs9	OID_PKCS9_CHALLENGE_PASSWORD	1.2.840.113549.1.9.7	challengePassword	PKCS #9 challenge password (as specified for PKSC#10 in RFC2986)

pkcs9	OID_PKCS9_EXTENSION_REQUEST	1.2.840.113549.1.9.14	extensionRequest	Extension list for Certification Requests
pkcs9	OID_PKCS9_SMIME_CAPABILITIES	1.2.840.113549.1.9.15	smimeCapabilities	aa-smimeCapabilities

pkcs9	OID_PKCS9_FRIENDLY_NAME	1.2.840.113549.1.9.20	friendlyName	PKCS #9 attribute friendlyName (for PKCS #12)

pkcs12	OID_PKCS12	1.2.840.113549.1.12	pkcs-12	Public-Key Cryptography Standard (PKCS) #12
pkcs12	OID_PKCS12_PBEIDS	1.2.840.113549.1.12.1	pkcs-12PbeIds	PKCS #12 Password Based Encryption IDs
pkcs12	OID_PKCS12_PBE_SHA1_128RC4	1.2.840.113549.1.12.1.1	pbeWithSHAAnd128BitRC4	PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC4
pkcs12	OID_PKCS12_PBE_SHA1_40RC4	1.2.840.113549.1.12.1.2	pbeWithSHAAnd40BitRC4	PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC4
pkcs12	OID_PKCS12_PBE_SHA1_3K_3DES_CBC	1.2.840.113549.1.12.1.3	pbeWithSHAAnd3-KeyTripleDES-CBC	PKCS #12 Password Based Encryption With SHA-1 and 3-key Triple DES in CBC mode
pkcs12	OID_PKCS12_PBE_SHA1_2K_3DES_CBC	1.2.840.113549.1.12.1.4	pbeWithSHAAnd2-KeyTripleDES-CBC	PKCS #12 Password Based Encryption With SHA-1 and 2-key Triple DES in CBC mode
pkcs12	OID_PKCS12_PBE_SHA1_128RC2_CBC	1.2.840.113549.1.12.1.5	pbeWithSHAAnd128BitRC2-CBC	PKCS #12 Password Based Encryption With SHA-1 and 128-bit RC2-CBC
pkcs12	OID_PKCS12_PBE_SHA1_40RC2_CBC	1.2.840.113549.1.12.1.6	pbeWithSHAAnd40BitRC2-CBC	PKCS #12 Password Based Encryption With SHA-1 and 40-bit RC2-CBC

x509	OID_SIG_RSA_RIPE_MD160	1.3.36.3.3.1.2	rsaSignatureWithripemd160	RSA signature in combination with hash algorithm RIPEMD-160

x509	OID_SIG_ED25519	1.3.101.112	ed25519	Edwards-curve Digital Signature Algorithm (EdDSA) Ed25519
x509	OID_SIG_ED448	1.3.101.113	ed448	Edwards-curve Digital Signature Algorithm (EdDSA) Ed448

nist-algs	OID_NIST_EC_P384	1.3.132.0.34	secp384r1	P-384 elliptic curve parameter
nist-algs	OID_NIST_EC_P521	1.3.132.0.35	secp521r1	P-521 elliptic curve parameter

kdf	OID_KDF_SHA1_SINGLE	1.3.133.16.840.63.0.2	dhSinglePass-stdDH-sha1kdf-scheme	Single pass Secure Hash Algorithm 1 (SHA1) key derivation

ms-spc	SPC_INDIRECT_DATA_OBJID	1.3.6.1.4.1.311.2.1.4	spcIndirectData	The SPC_INDIRECT_DATA_CONTENT structure is used in Authenticode signatures to store the digest and other attributes of the signed file
ms-spc	SPC_STATEMENT_TYPE_OBJID	1.3.6.1.4.1.311.2.1.11	spcStatementType	spcStatementType
ms-spc	SPC_SP_OPUS_INFO_OBJID	1.3.6.1.4.1.311.2.1.12	spcSpOpusInfo	SpcSpOpusInfo
ms-spc	SPC_PE_IMAGE_DATA	1.3.6.1.4.1.311.2.1.15	spcPEImageData	spcPEImageData
ms-spc	SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID 	1.3.6.1.4.1.311.2.1.21	msCodeInd	MsCodeInd (SPC_INDIVIDUAL_SP_KEY_PURPOSE_OBJID) is a ExtendedKeyUsage for Certificate Extensions which indicates Microsoft Individual Code Signing (authenticode)

ms-spc	MS_CTL	1.3.6.1.4.1.311.10.1	szOID_CTL	MS_CTL

x509	MS_JURISDICTION_LOCALITY	1.3.6.1.4.1.311.60.2.1.1	msJurisdictionLocality	X520LocalityName as specified in RFC 3280
x509	MS_JURISDICTION_STATE_OR_PROVINCE	1.3.6.1.4.1.311.60.2.1.2	msJurisdictionStateOrProvince	X520StateOrProvinceName as specified in RFC 3280
x509	MS_JURISDICTION_COUNTRY	1.3.6.1.4.1.311.60.2.1.3	msJurisdictionCountry	X520countryName as specified in RFC 3280

# Certificate Transparency: https://tools.ietf.org/html/rfc6962#section-3.3
x509	OID_CT_LIST_SCT	1.3.6.1.4.1.11129.2.4.2	ctSCTList	Certificate Transparency Signed Certificate Timestamp List

# PKIX Certificate Extension
# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.1
x509	OID_PKIX_AUTHORITY_INFO_ACCESS	1.3.6.1.5.5.7.1.1	authorityInfoAccess	Certificate Authority Information Access
x509	OID_PKIX_SUBJECT_INFO_ACCESS	1.3.6.1.5.5.7.1.11	subjectInfoAccess	Certificate Subject Information Access

# PKIX Access Descriptor
# https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.48
x509	OID_PKIX_ACCESS_DESCRIPTOR_OCSP	1.3.6.1.5.5.7.48.1	id-ad-ocsp	PKIX Access Descriptor OCSP
x509	OID_PKIX_ACCESS_DESCRIPTOR_CA_ISSUERS	1.3.6.1.5.5.7.48.2	id-ad-caIssuers	PKIX Access Descriptor CA Issuers
x509	OID_PKIX_ACCESS_DESCRIPTOR_TIMESTAMPING	1.3.6.1.5.5.7.48.3	id-ad-timestamping	PKIX Access Descriptor Timestamping
x509	OID_PKIX_ACCESS_DESCRIPTOR_DVCS	1.3.6.1.5.5.7.48.4	id-ad-dvcs	PKIX Access Descriptor DVCS
x509	OID_PKIX_ACCESS_DESCRIPTOR_CA_REPOSITORY	1.3.6.1.5.5.7.48.5	id-ad-caRepository	PKIX Access Descriptor CA Repository
x509	OID_PKIX_ACCESS_DESCRIPTOR_HTTP_CERTS	1.3.6.1.5.5.7.48.6	id-ad-http-certs	PKIX Access Descriptor HTTP Certificates
x509	OID_PKIX_ACCESS_DESCRIPTOR_HTTP_CRLS	1.3.6.1.5.5.7.48.7	id-ad-http-crls	PKIX Access Descriptor HTTP Certificate Revocation Lists
#
x509	OID_PKIX_ACCESS_DESCRIPTOR_RPKI_MANIFEST	1.3.6.1.5.5.7.48.10	id-ad-rpki-manifest	PKIX Access Descriptor RPKI Manifest
x509	OID_PKIX_ACCESS_DESCRIPTOR_SIGNED_OBJECT	1.3.6.1.5.5.7.48.11	id-ad-signed-object	PKIX Access Descriptor Signed Object
x509	OID_PKIX_ACCESS_DESCRIPTOR_CMC	1.3.6.1.5.5.7.48.12	id-ad-cmc	PKIX Access Descriptor CMC
x509	OID_PKIX_ACCESS_DESCRIPTOR_RPKI_NOTIFY	1.3.6.1.5.5.7.48.13	id-ad-rpki-notify	PKIX Access Descriptor RPKI Notify
x509	OID_PKIX_ACCESS_DESCRIPTOR_STIRTNLIST	1.3.6.1.5.5.7.48.14	id-ad-stirTNList	PKIX Access Descriptor STIRTNLIST

nist-algs	OID_MD5_WITH_RSA	1.3.14.3.2.25	md5WithRSASignature	RSA algorithm coupled with the MD5 hashing algorithm (Oddball using ISO/IEC 9796-2 padding rules)
nist-algs	OID_HASH_SHA1	1.3.14.3.2.26	id-SHA1	SHA-1 hash algorithm
nist-algs	OID_SHA1_WITH_RSA	1.3.14.3.2.29	sha1WithRSAEncryption	RSA algorithm that uses the Secure Hash Algorithm 1 (SHA1) (obsolete)

x500	OID_X500	2.5	x500	X.500
x509	OID_X509	2.5.4	x509	X.509
x509	OID_X509_OBJECT_CLASS	2.5.4.0	objectClass	Object classes
x509	OID_X509_ALIASED_ENTRY_NAME	2.5.4.1	aliasedEntryName	Aliased entry/object name
x509	OID_X509_KNOWLEDGE_INFORMATION	2.5.4.2	knowledgeInformation	'knowledgeInformation' attribute type
x509	OID_X509_COMMON_NAME	2.5.4.3	commonName	Common Name
x509	OID_X509_SURNAME	2.5.4.4	surname	Surname
x509	OID_X509_SERIALNUMBER	2.5.4.5	serialNumber	Serial Number
x509	OID_X509_COUNTRY_NAME	2.5.4.6	countryName	Country Name
x509	OID_X509_LOCALITY_NAME	2.5.4.7	localityName	Locality Name
x509	OID_X509_STATE_OR_PROVINCE_NAME	2.5.4.8	stateOrProvinceName	State or Province name
x509	OID_X509_STREET_ADDRESS	2.5.4.9	streetAddress	Street Address
x509	OID_X509_ORGANIZATION_NAME	2.5.4.10	organizationName	Organization Name
x509	OID_X509_ORGANIZATIONAL_UNIT	2.5.4.11	organizationalUnit	Organizational Unit
x509	OID_X509_TITLE	2.5.4.12	title	Title
x509	OID_X509_DESCRIPTION	2.5.4.13	description	Description
x509	OID_X509_SEARCH_GUIDE	2.5.4.14	searchGuide	Search Guide
x509	OID_X509_BUSINESS_CATEGORY	2.5.4.15	businessCategory	Business Category
x509	OID_X509_POSTAL_ADDRESS	2.5.4.16	postalAddress	Postal Address
x509	OID_X509_POSTAL_CODE	2.5.4.17	postalCode	Postal Code
#
x509	OID_X509_NAME	2.5.4.41	name	Name
x509	OID_X509_GIVEN_NAME	2.5.4.42	givenName	Given Name
x509	OID_X509_INITIALS	2.5.4.43	initials	Initials of an individual's name
x509	OID_X509_GENERATION_QUALIFIER	2.5.4.44	generationQualifier	Generation information to qualify an individual's name
x509	OID_X509_UNIQUE_IDENTIFIER	2.5.4.45	uniqueIdentifier	Unique Identifier
x509	OID_X509_DN_QUALIFIER	2.5.4.46	dnQualifier	DN Qualifier
#
# https://www.alvestrand.no/objectid/2.5.29.html
x509	OID_X509_OBSOLETE_AUTHORITY_KEY_IDENTIFIER	2.5.29.1	oldAuthorityKeyIdentifier	X509v3 Authority Key Identifier (obsolete)
x509	OID_X509_OBSOLETE_KEY_ATTRIBUTES	2.5.29.2	oldKeyAttributes	X509v3 Key Attributes (obsolete)
x509	OID_X509_OBSOLETE_CERTIFICATE_POLICIES	2.5.29.3	oldCertificatePolicies	X509v3 Certificate Policies (obsolete)
x509	OID_X509_OBSOLETE_KEY_USAGE	2.5.29.4	oldKeyUsage	X509v3 Key Usage Restriction (obsolete)
x509	OID_X509_OBSOLETE_POLICY_MAPPING	2.5.29.5	oldPolicyMapping	X509v3 Policy Mapping (obsolete)
x509	OID_X509_OBSOLETE_SUBTREES_CONSTRAINT	2.5.29.6	oldSubtreesConstraint	X509v3 Subtrees Constraint (obsolete)
x509	OID_X509_OBSOLETE_SUBJECT_ALT_NAME	2.5.29.7	oldSubjectAltNAme	X509v3 Subject Alternative Name (obsolete)
x509	OID_X509_OBSOLETE_ISSUER_ALT_NAME	2.5.29.8	oldIssuerAltNAme	X509v3 Issuer Alternative Name (obsolete)

x509	OID_X509_EXT_SUBJECT_KEY_IDENTIFIER	2.5.29.14	subjectKeyIdentifier	X509v3 Subject Key Identifier
x509	OID_X509_EXT_KEY_USAGE	2.5.29.15	keyUsage	X509v3 Key Usage
x509	OID_X509_EXT_PRIVATE_KEY_USAGE_PERIOD	2.5.29.16	privateKeyUsagePeriod	X509v3 Private Key Usage Period
x509	OID_X509_EXT_SUBJECT_ALT_NAME	2.5.29.17	subjectAltName	X509v3 Subject Alternative Name
x509	OID_X509_EXT_ISSUER_ALT_NAME	2.5.29.18	issuerAltName	X509v3 Issuer Alternative Name
x509	OID_X509_EXT_BASIC_CONSTRAINTS	2.5.29.19	basicConstraints	X509v3 Basic Constraints
x509	OID_X509_EXT_CRL_NUMBER	2.5.29.20	crlNumber	X509v3 CRL Number
x509	OID_X509_EXT_REASON_CODE	2.5.29.21	reasonCode	X509v3 Reason Code
# no 2.5.29.22
x509	OID_X509_EXT_HOLD_INSTRUCTION_CODE	2.5.29.23	holdInstructionCode	X509v3 Hold Instruction Code
x509	OID_X509_EXT_INVALIDITY_DATE	2.5.29.24	invalidityDate	X509v3 Invalidity Date
# no 2.5.29.25 2.5.29.26
x509	OID_X509_EXT_DELTA_CRL_INDICATOR	2.5.29.27	deltaCRLIndicator	X509v3 Delta CRL Indicator
x509	OID_X509_EXT_ISSUER_DISTRIBUTION_POINT	2.5.29.28	issuerDistributionPoint	X509v3 Issuer Distribution Point
x509	OID_X509_EXT_ISSUER	2.5.29.29	issuer	X509v3 Issuer
x509	OID_X509_EXT_NAME_CONSTRAINTS	2.5.29.30	nameConstraints	X509v3 Name Constraints
x509	OID_X509_EXT_CRL_DISTRIBUTION_POINTS	2.5.29.31	crlDistributionPoints	X509v3 CRL Distribution Points
x509	OID_X509_EXT_CERTIFICATE_POLICIES	2.5.29.32	certificatePolicies	X509v3 Certificate Policies
x509	OID_X509_EXT_POLICY_MAPPINGS	2.5.29.33	policyMappings	X509v3 Policy Mappings
# no 2.5.29.34
x509	OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER	2.5.29.35	authorityKeyIdentifier	X509v3 Authority Key Identifier
x509	OID_X509_EXT_POLICY_CONSTRAINTS	2.5.29.36	policyConstraints	X509v3 Policy Constraints
x509	OID_X509_EXT_EXTENDED_KEY_USAGE	2.5.29.37	extendedKeyUsage	X509v3 Extended Key Usage
#
x509	OID_X509_EXT_FRESHEST_CRL	2.5.29.46	freshestCRL	X509v3 Freshest CRL
#
x509	OID_X509_EXT_INHIBIT_ANY_POLICY	2.5.29.54	inhibitAnyPolicy	X509v3 Inhibit Any-policy

nist-algs	OID_NIST_ENC_AES256_CBC	2.16.840.1.101.3.4.1.42	aes-256-cbc	256-bit Advanced Encryption Standard (AES) algorithm with Cipher-Block Chaining (CBC) mode of operation

nist-algs	OID_NIST_HASH_SHA256	2.16.840.1.101.3.4.2.1	sha256	Secure Hash Algorithm that uses a 256 bit key (SHA256)
nist-algs	OID_NIST_HASH_SHA384	2.16.840.1.101.3.4.2.2	sha384	Secure Hash Algorithm that uses a 384 bit key (SHA384)
nist-algs	OID_NIST_HASH_SHA512	2.16.840.1.101.3.4.2.3	sha512	Secure Hash Algorithm that uses a 512 bit key (SHA512)

x509	OID_X509_EXT_CERT_TYPE	2.16.840.1.113730.1.1	nsCertType	X.509 v3 Certificate Type
x509	OID_X509_EXT_BASE_URL	2.16.840.1.113730.1.2	nsBaseURL	Base URL
x509	OID_X509_EXT_REVOCATION_URL	2.16.840.1.113730.1.3	nsRevocationURL	Revocation URL
x509	OID_X509_EXT_CA_REVOCATION_URL	2.16.840.1.113730.1.4	nsCARevocationURL	CA Revocation URL
x509	OID_X509_EXT_CA_CRL_URL	2.16.840.1.113730.1.5	nsCACRLURL	CA CRL URL
x509	OID_X509_EXT_CA_CERT_URL	2.16.840.1.113730.1.6	nsCACertURL	CA Certificate URL
x509	OID_X509_EXT_RENEWAL_URL	2.16.840.1.113730.1.7	nsRenewalURL	Renewal URL
x509	OID_X509_EXT_CA_POLICY_URL	2.16.840.1.113730.1.8	nsCAPolicyURL	CA Policy URL
x509	OID_X509_EXT_HOMEPAGE_URL	2.16.840.1.113730.1.9	nsHomepageURL	Certificate Homepage URL
x509	OID_X509_EXT_ENTITY_LOGO	2.16.840.1.113730.1.10	nsEntityLogo	Certificate Entity Logo
x509	OID_X509_EXT_USER_PICTURE	2.16.840.1.113730.1.11	nsUserPicture	Certificate User Picture
x509	OID_X509_EXT_SSL_SERVER_NAME	2.16.840.1.113730.1.12	nsSSLServerName	SSL Server Name
x509	OID_X509_EXT_CERT_COMMENT	2.16.840.1.113730.1.13	nsComment	Certificate Comment
