使用ASN.1语言描述，我们可以将X509Certificate抽象为以下结构：

 Certificate  ::=  SEQUENCE  {
                   tbsCertificate       TBSCertificate,
                   signatureAlgorithm   AlgorithmIdentifier,
                  signature            BIT STRING  
     }

即基本证书域、签名算法、签名值。

其中TBSCertificate的结构为：

  TBSCertificate  ::=  SEQUENCE  {
      version         [0]  EXPLICIT Version DEFAULT v1,
      serialNumber         CertificateSerialNumber,
      signature            AlgorithmIdentifier,
      issuer               Name,
      validity             Validity,
      subject              Name,
      subjectPublicKeyInfo SubjectPublicKeyInfo,
      issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                           -- If present, version must be v2 or v3
      subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                           -- If present, version must be v2 or v3
      extensions      [3]  EXPLICIT Extensions OPTIONAL
                           -- If present, version must be v3
      }

即版本、序列号、签名算法、颁发者、有效期、使用者、主体公钥信息、扩展项。

主体公钥信息：

  SubjectPublicKeyInfo ::= SEQUENCE {
    algorithm AlgorithmIdentifier,
    subjectPublicKey BIT STRING }

算法标识符：

  AlgorithmIdentifier ::= SEQUENCE {
    algorithm OBJECT IDENTIFIER,
    parameters ANY DEFINED BY algorithm OPTIONAL 
    }