| Field | Subordinate CA Value |
| Version | V3 (2) |
| Serial Number | Must be unique |
| Issuer Signature Algorithm | sha-1WithRSAEncryption {1 2 840 113549 1 1 5} |
| Issuer Distinguished Name | cn=ORC Government ROOT, o=ORC PKI, c=US |
| Validity Period | 6 years from date of issue in UTCT format |
| Subject Distinguished Name | cn=ORC ACES <CA Name>, o=ORC PKI, c=US |
| Subject Public Key Information | 1024 bit RSA key modulus, rsaEncryption {1 2 840 113549 1 1 1} |
| Issuer Unique Identifier | Not Present |
| Subject Unique Identifier | Not Present |
| Issuer’s Signature | sha-1WithRSAEncryption {1 2 840 113549 1 1 5} |
| Extensions | |
| Authority Key Identifier | Octet String (20 byte SHA-1 hash of the binary DER encoding of the ECA Root CA’s public key information) |
| Subject Key Identifier | Octet String (20 byte SHA-1 hash of the binary DER encoding of the ECA public key information) |
| Key Usage | c=yes; digitalSignature, nonRepudiation, keyCertSign, cRLSign |
| Extended Key Usage | Not Present |
| Private Key Usage Period | Not Present |
| Certificate Policies | c=no; { 2 16 840 1 101 3 2 1 1 1 } |
| Policy Mapping | Not Present |
| Subject Alternative Name | Not Present |
| Issuer Alternative Name | Not Present |
| Subject Directory Attributes | Not Present |
| Basic Constraints | c=yes; CA=True |
| Name Constraints | Not Present |
| Policy Constraints | Not Present |
| Authority Information Access | c=no; ocsp= http://eva.orc.com, caIssuers=ldap://aces-ds.orc.com/cn=ORC Government Root, o=ORC PKI, c=US?cacertificate;binary, caIssuers=http://aces.orc.com/ caCerts/ORC Government Root.p7b |
| Subject Information Access | c=no; id-ad-caRepository=ldap://aces-ds.orc.com/ |
| CRL Distribution Points | c=no; always present, {ldap://aces-ds.orc.com/cn= ORC Government Root, o=ORC PKI, c=US?certificaterevocationlist;binary} {http://aces.orc.com/CRLs/ORC Government Root.crl} |
