diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100755
index 0000000000000000000000000000000000000000..8bce5d01f0b8cf898e9f63ecf4969f7173f52e59
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,19 @@
+include:
+ - project: 'forge-tools/asn2md'
+ file: '/gitlab-ci/base.yml'
+
+variables:
+ ASN1_SRC: '*.asn sec_ts103097/*.asn ieee1609.2/Ieee1609Dot2.asn ieee1609.2/Ieee1609Dot2BaseTypes.asn'
+ GIT_SUBMODULE_STRATEGY: normal
+
+validate:
+ extends: .validate
+ only:
+ changes:
+ - '*.asn'
+
+documentation:
+ extends: .documentation
+ only:
+ changes:
+ - '*.asn'
diff --git a/.gitmodules b/.gitmodules
new file mode 100755
index 0000000000000000000000000000000000000000..a7c5f9b798c7aa47952bbe6688d8c4d081d5f161
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,7 @@
+[submodule "sec_ts103097"]
+ path = sec_ts103097
+ url = https://forge.etsi.org/rep/ITS/asn1/sec_ts103097.git
+ branch = release2
+[submodule "ieee1609.2"]
+ path = ieee1609.2
+ url = https://forge.etsi.org/rep/ITS/asn1/ieee1609.2.git
diff --git a/EtsiTs103759.asn b/EtsiTs103759.asn
new file mode 100755
index 0000000000000000000000000000000000000000..f8accee4ddf998f7029edb4718cf27a968efb948
--- /dev/null
+++ b/EtsiTs103759.asn
@@ -0,0 +1,156 @@
+EtsiTs103759 {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) ts(103759) general(1) core(1) major-version-1(1)
+ minor-version-2 (2)}
+
+DEFINITIONS AUTOMATIC TAGS ::= BEGIN
+
+EXPORTS ALL;
+
+IMPORTS
+ EtsiTs103097Data-SignedAndEncrypted-Unicast
+FROM EtsiTs103097Module {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) secHeaders(103097) core(1) major-version-3(3)
+ minor-version-1(1)}
+WITH SUCCESSORS
+
+ Psid,
+ ThreeDLocation,
+ Time64,
+ Uint8
+FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
+ standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
+ base(1) base-types(2) major-version-2(2) minor-version-4(4)}
+WITH SUCCESSORS
+
+ AsrAppAgnostic
+FROM EtsiTs103759AsrAppAgnostic {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119)
+ major-version-1(1) minor-version-0(0)}
+WITH SUCCESSORS
+
+ AsrCam
+FROM EtsiTs103759AsrCam {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36)
+ major-version-1(1) minor-version-0(0)}
+WITH SUCCESSORS
+
+ AsrDenm
+FROM EtsiTs103759AsrDenm {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37)
+ major-version-1(1) minor-version-0(0)}
+WITH SUCCESSORS
+
+ AsrBsm
+FROM SaeJ3287AsrBsm {joint-iso-itu-t (2) country (16) us (840) organization (1)
+ sae (114566) v2x-communications (1) technical-committees (1) v2x-security (4)
+ technical-reports (1) misbehavior-reporting (1) asn1-module (1)
+ aid-specific(2) bsm(32) version-1 (1) version-minor-0 (0)}
+WITH SUCCESSORS
+;
+
+/**
+ * @brief This data type is the general PDU for a misbehaviour report from an
+ * ITS-S to the MA responsible for reports of that type. AID-specific modules
+ * (EtsiTs103759AsrAppAgnostic, EtsiTs103759AsrCam, EtsiTs103759AsrDenm,
+ * SaeJ3287AsrBsm) have been imported using WITH SUCCESSORS to enable importing
+ * one or more of those modules with minor-version greater than 0 without
+ * requiring any change in the import statements. At least one of these
+ * AID-specific modules shall have minor-version greater than 0.
+ *
+ * @param version: contains the version number of this PDU definition. For this
+ * version of this data type it shall be equal to 2.
+ *
+ * @param generationTime: contains information on when this PDU was generated.
+ *
+ * @param observationLocation: is the location at which the last observation of
+ * a V2X PDU was made before the decision was taken to generate a report.
+ *
+ * @param report: contains the AID-specific misbehaviour report.
+ */
+EtsiTs103759Data ::= SEQUENCE {
+ version Uint8,
+ generationTime Time64,
+ observationLocation ThreeDLocation,
+ report AidSpecificReport
+}
+
+/**
+ * @brief This structure is the SPDU used to send a signed and encrypted
+ * EtsiTs103759Data to the MA. For the signature to be valid the signing
+ * certificate shall conform to the authorization ticket profile given in
+ * clause 7.2.1 of ETSI TS 103 097 v2.1.1, where the appPermissions field in
+ * the authorization ticket allows signing misbehaviour reports. The signed
+ * EtsiTs103759Data shall be encrypted to the MA using the encryptionKey in
+ * the MA's certificate.
+ */
+EtsiTs103759Data-SignedAndEncrypted-Unicast ::=
+ EtsiTs103097Data-SignedAndEncrypted-Unicast {
+ EtsiTs103759Data
+}
+
+/**
+ * @brief This data type is the whole report on issues detected for a specific
+ * ITS-AID. This ITS-AID may identify an individual application, or may identify
+ * cross-application or non-application-specific misbehaviour cases.
+ *
+ * @param aid: contains the respective ITS-AID.
+ *
+ * @param content: contains the report contents, e.g., AsrCam. This will be a
+ * TemplateAsr instantiated with AID-specific Information Object Sets.
+ */
+AidSpecificReport ::= SEQUENCE {
+ aid C-ASR.&aid ({SetAsr}),
+ content C-ASR.&Content ({SetAsr}{@.aid})
+}
+
+/**
+ * @brief This data type defines the IOC for AidSpecificReport.
+ *
+ * @param aid: contains the globally unique reference identifier of an
+ * AID-specific misbehaviour report.
+ *
+ * @param Content: contains the open type of the PDU identified by aid. This
+ * will be a TemplateAsr instantiated with AID-specific Information Object
+ * Sets.
+ */
+C-ASR ::= CLASS {
+ &aid Psid UNIQUE,
+ &Content
+} WITH SYNTAX {&Content IDENTIFIED BY &aid}
+
+/**
+ * @brief This data type defines the IOS for AidSpecificReport. See the ASN.1
+ * modules where each set is defined for a description of that set.
+ */
+SetAsr C-ASR ::= {
+ {AsrAppAgnostic IDENTIFIED BY c-AsrAppAgnostic} |
+ {AsrCam IDENTIFIED BY c-AsrCam} |
+ {AsrDenm IDENTIFIED BY c-AsrDenm},
+ ...,
+ {AsrBsm IDENTIFIED BY c-AsrBsm}
+}
+
+/**
+ * @brief This data type contains the ITS-AID of the unknown service.
+ *
+ * @note This value is used for suspicious observations that are not
+ * or cannot be linked to a specific application.
+ */
+c-AsrAppAgnostic Psid ::= 270549119
+
+/**
+ * @brief This data type contains the ITS-AID of the CA service.
+ */
+c-AsrCam Psid ::= 36
+
+/**
+ * @brief This data type contains the ITS-AID of the DEN service.
+ */
+c-AsrDenm Psid ::= 37
+
+/**
+ * @brief This data type contains the ITS-AID of the BSM.
+ */
+c-AsrBsm Psid ::= 32
+
+END
\ No newline at end of file
diff --git a/EtsiTs103759AsrAppAgnostic.asn b/EtsiTs103759AsrAppAgnostic.asn
new file mode 100755
index 0000000000000000000000000000000000000000..59af4dfc14620b9c44c8ca0ac74b7ca89456a18f
--- /dev/null
+++ b/EtsiTs103759AsrAppAgnostic.asn
@@ -0,0 +1,14 @@
+EtsiTs103759AsrAppAgnostic {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119)
+ major-version-1(1) minor-version-0(0)}
+
+DEFINITIONS AUTOMATIC TAGS ::= BEGIN
+
+EXPORTS ALL;
+
+/**
+ * @brief This data type is defined as NULL for this version of the standard.
+ */
+AsrAppAgnostic ::= NULL
+
+END
\ No newline at end of file
diff --git a/EtsiTs103759AsrCam.asn b/EtsiTs103759AsrCam.asn
new file mode 100755
index 0000000000000000000000000000000000000000..d406aa334b44cdf868f7ac5aa666542fed30cd56
--- /dev/null
+++ b/EtsiTs103759AsrCam.asn
@@ -0,0 +1,221 @@
+EtsiTs103759AsrCam {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36)
+ major-version-1(1) minor-version-1(1)}
+
+DEFINITIONS AUTOMATIC TAGS ::= BEGIN
+
+EXPORTS ALL;
+
+IMPORTS
+ C-ASR-EV,
+ C-ASR-OBS-BY-TGT,
+ C-ASR-SINGLE-OBS,
+ MbSingleObservation,
+ TemplateAsr
+FROM EtsiTs103759BaseTypes {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1)
+ minor-version-1 (1)}
+WITH SUCCESSORS
+
+ obs-Beacon-IntervalTooSmall,
+ obs-Static-Change,
+ obs-Security-MessageIdIncWithHeaderInfo,
+ obs-Security-HeaderIncWithSecurityProfile,
+ obs-Security-HeaderPsidIncWithCertificate,
+ obs-Security-MessageIncWithSsp,
+ obs-Security-HeaderTimeOutsideCertificateValidity,
+ obs-Security-MessageLocationOutsideCertificateValidity,
+ obs-Security-HeaderLocationOutsideCertificateValidity,
+ obs-Position-ChangeTooLarge,
+ obs-Speed-ValueTooLarge-VehicleType,
+ obs-Speed-ValueTooLarge-DriveDirectionReverse,
+ obs-Speed-ChangeTooLarge,
+ obs-LongAcc-ValueTooLarge
+FROM EtsiTs103759MbrCommonObservations {itu-t(0) identified-organization(4)
+ etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2)
+ major-version-1(1) minor-version-1(1)}
+WITH SUCCESSORS
+
+ Uint8
+FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
+ standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
+ base(1) base-types(2) major-version-2(2) minor-version-4(4)}
+WITH SUCCESSORS
+;
+
+/**
+ * @brief This data type is for reporting CAM issues.
+ */
+AsrCam ::= TemplateAsr {{SetMbObsTgtsCam}, {SetMbEvCam}}
+
+
+/* Identify target classes for CAM */
+IdCamTgt ::= Uint8
+
+c-CamTgt-BeaconCommon IdCamTgt ::= 0
+c-CamTgt-StaticCommon IdCamTgt ::= 1
+c-CamTgt-SecurityCommon IdCamTgt ::= 2
+c-CamTgt-PositionCommon IdCamTgt ::= 3
+c-CamTgt-SpeedCommon IdCamTgt ::= 4
+c-CamTgt-LongAccCommon IdCamTgt ::= 5
+
+SetMbObsCamBeacon C-ASR-SINGLE-OBS ::= {
+ obs-Beacon-IntervalTooSmall,
+ ...
+}
+
+SetMbObsCamStatic C-ASR-SINGLE-OBS ::= {
+ obs-Static-Change,
+ ...
+}
+
+SetMbObsCamSecurity C-ASR-SINGLE-OBS ::= {
+ obs-Security-MessageIdIncWithHeaderInfo |
+ obs-Security-HeaderIncWithSecurityProfile |
+ obs-Security-HeaderPsidIncWithCertificate |
+ obs-Security-MessageIncWithSsp |
+ obs-Security-HeaderTimeOutsideCertificateValidity |
+ obs-Security-MessageLocationOutsideCertificateValidity |
+ obs-Security-HeaderLocationOutsideCertificateValidity,
+ ...
+}
+
+SetMbObsCamPosition C-ASR-SINGLE-OBS ::= {
+ obs-Position-ChangeTooLarge,
+ ...
+}
+
+SetMbObsCamSpeed C-ASR-SINGLE-OBS ::= {
+ obs-Speed-ValueTooLarge-VehicleType |
+ obs-Speed-ValueTooLarge-DriveDirectionReverse |
+ obs-Speed-ChangeTooLarge,
+ ...
+}
+
+SetMbObsCamLongAcc C-ASR-SINGLE-OBS ::= {
+ obs-LongAcc-ValueTooLarge,
+ ...
+}
+
+
+
+/**
+ * @brief This is a complete set of observations for CAM. Application-specific
+ * trigger conditions and other relevant information are specified below.
+ *
+ * @param SetMbObsCamBeacon:
+ * - `Beacon-IntervalTooSmall`: The difference between the generation
+ * time of two consecutive CAMs is less than 80% of the value specified in TS
+ * 103 900 v2.0.0 section 6.1.3. The difference is calculated as the difference
+ * between the two values of generationDeltaTime. The two CAMs presented
+ * shall have the difference in the generationTime from the security
+ * headerInfo be less than 65,535 milliseconds, and the generationTime in the
+ * second CAM greater than the generationTime in the first. If the
+ * generationDeltaTime value in the second CAM is less than the
+ * generationDeltaTime in the first, 65,536 milliseconds shall be added to
+ * the value in the second for purposes of determining the difference between
+ * the two generationDeltaTime values.
+ *
+ * @param SetMbObsCamStatic:
+ * - `Static-Change`: Any change in the values of one or more of the
+ * following fields: performanceClass, specialTransportType, stationType,
+ * vehicleLength, vehicleRole, vehicleWidth.
+ * - `Semantics of the BIT STRING`: performanceClass(0),
+ * specialTransportType(1), stationType(2), vehicleLength(3), vehicleRole(4),
+ * vehicleWidth(5).
+ *
+ *
+ * @param SetMbObsCamSecurity:
+ * - `Security-MessageIdIncWithHeaderInfo`: The messageID is inconsistent
+ * with the security headerInfo, e.g., messageId = cam(2) but psid in the
+ * security headerInfo is not equal to 36, the PSID value of CAM.
+ *
+ * - `Security-HeaderIncWithSecurityProfile`: The security headerInfo is
+ * inconsistent with the security profile specified in ETSI TS 103 097 V2.1.1
+ * (2021-10), e.g., generationTime is absent in the security headerInfo but
+ * is required to be present in the security profile.
+ *
+ * - `Security-HeaderPsidIncWithCertificate`: The psid in the security
+ * headerInfo is not contained in the appPermissions of the certificate, e.g.,
+ * psid in the security headerInfo is equal to 36, but the appPermissions in the
+ * certificate does not include the value 36.
+ *
+ * - `Security-MessageIncWithSsp`: The message payload is inconsistent
+ * with the SSP in the certificate, as specified in TS 103 900 v2.0.0,e.g.,
+ * publicTransportContainer is present in the specialVehicleContainer but the
+ * relevant SSP in the certificate does not permit publicTransportContainer.
+ *
+ * - `Security-HeaderTimeOutsideCertificateValidity`: The generationTime
+ * in the security headerInfo is outside the validityPeriod in the certificate.
+ *
+ * - `Security-MessageLocationOutsideCertificateValidity`: The
+ * referencePosition in the message is outside the region in the certificate.
+ *
+ * - `Security-HeaderLocationOutsideCertificateValidity`: The
+ * generationLocation in the security headerInfo is outside the region in the
+ * certificate.
+ *
+ * @param SetMbObsEtsiOnlyPosition:
+ * - `Position-ChangeTooLarge`: The speed calculated from the change in
+ * referencePosition of two consecutive CAMs meets the trigger conditions of
+ * Speed-ValueTooLarge-VehicleType.
+ *
+ * @param SetMbObsEtsiOnlySpeed:
+ * - `Speed-ValueTooLarge-VehicleType`: The trigger conditions depend on
+ * the stationType as follows:
+ *
+ * - `passengerCar(5)`: The speedValue is greater than 14,000. (Currently, the
+ * fastest car in the world has a top speed that is less than 500 km/h, i.e.,
+ * 13,889 cm/s.)
+ *
+ * - `motorcycle(4), bus(6), lightTruck(7), heavyTruck(8), trailer(9)`: The
+ * speedValue is greater than 8,500. (Currently, the top speed on most popular
+ * cars is less than 300 km/h, i.e., 8,333 cm/s.)
+ *
+ * - `unknown(0), pedestrian(1), cyclist(2), moped(3), specialVehicles(10),
+ * tram(11)` : The speedValue is greater than 3,000. (Currently, non-highway
+ * speed limits are usually well below 100 km/h, i.e., 2,778 cm/s.)
+ *
+ * - `roadSideUnit(15)`: The speedValue is greater than 0. (Road side units
+ * shouldn't be transmitting while being transported.)
+ *
+ * - `Speed-ValueTooLarge-DriveDirectionReverse`: The driveDirection is
+ * backward (1) and the speedValue is greater than 3,000. (Usually, backward
+ * drives are far less than 50m long, and with maximum possible acceleration of
+ * 9 m/s^2 (see trigger conditions for LongAcc-ValueTooLarge), max attainable
+ * speed is sqrt(2*9*50) m/s, i.e., 3,000 cm/s.)
+ *
+ * - `Speed-ChangeTooLarge`: The acceleration calculated from the change
+ * in speedValue of two consecutive CAMs meets the trigger conditions of
+ * LongAcc-ValueTooLarge.
+ *
+ * @param SetMbObsEtsiOnlyLongAcc:
+ * - `LongAcc-ValueTooLarge`: The longitudinalAcceleration is greater
+ * than 90 dm/s^2. (Typical \mu (coefficient of friction between asphalt and
+ * rubber) is 0.9, so maximum possible acceleration is 0.9*9.8 m/s^2, i.e.,
+ * 88.2 dm/s^2.)
+ */
+SetMbObsTgtsCam C-ASR-OBS-BY-TGT ::= {
+ {MbSingleObservation{{SetMbObsCamBeacon}} BY
+ c-CamTgt-BeaconCommon} |
+ {MbSingleObservation{{SetMbObsCamStatic}} BY
+ c-CamTgt-StaticCommon} |
+ {MbSingleObservation{{SetMbObsCamSecurity}} BY
+ c-CamTgt-SecurityCommon} |
+ {MbSingleObservation{{SetMbObsCamPosition}} BY
+ c-CamTgt-PositionCommon} |
+ {MbSingleObservation{{SetMbObsCamSpeed}} BY
+ c-CamTgt-SpeedCommon} |
+ {MbSingleObservation{{SetMbObsCamLongAcc}} BY
+ c-CamTgt-LongAccCommon},
+ ...
+}
+
+/**
+ * @brief This data type defines the IOS for CAM Evidence.
+ */
+SetMbEvCam C-ASR-EV ::= {
+ ...
+}
+
+END
\ No newline at end of file
diff --git a/EtsiTs103759AsrDenm.asn b/EtsiTs103759AsrDenm.asn
new file mode 100755
index 0000000000000000000000000000000000000000..d0b1d562809089a2e80c5f4f11c5c202c4ea1fd7
--- /dev/null
+++ b/EtsiTs103759AsrDenm.asn
@@ -0,0 +1,14 @@
+EtsiTs103759AsrDenm {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37)
+ major-version-1(1) minor-version-0(0)}
+
+DEFINITIONS AUTOMATIC TAGS ::= BEGIN
+
+EXPORTS ALL;
+
+/**
+ * @brief This data type is defined as NULL for version 0 of this file.
+ */
+AsrDenm ::= NULL
+
+END
\ No newline at end of file
diff --git a/EtsiTs103759BaseTypes.asn b/EtsiTs103759BaseTypes.asn
new file mode 100755
index 0000000000000000000000000000000000000000..e52462b1341e69c464fb247921e5c48a5104cc4c
--- /dev/null
+++ b/EtsiTs103759BaseTypes.asn
@@ -0,0 +1,203 @@
+EtsiTs103759BaseTypes {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1)
+ minor-version-1 (1)}
+
+DEFINITIONS AUTOMATIC TAGS ::= BEGIN
+
+EXPORTS ALL;
+
+IMPORTS
+ Opaque,
+ Uint8
+FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
+ standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
+ base(1) base-types(2) major-version-2(2) minor-version-4(4)}
+WITH SUCCESSORS
+
+ Ieee1609Dot2Data,
+ Certificate
+FROM Ieee1609Dot2 {iso(1) identified-organization(3) ieee(111)
+ standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
+ base(1) schema(1) major-version-2(2) minor-version-6(6)}
+WITH SUCCESSORS
+;
+
+/**
+ * @brief This data type contains the template for a report on any ITS PDU.
+ *
+ * @param observations: identifies which detectors were triggered and why. It
+ * can include cross-references to the PDUs and evidence fields. The
+ * observations are drawn from a supplied application-specific observation
+ * Information Object Set.
+ *
+ * @param v2xPduEvidence: contains PDUs that triggered the detectors reported in
+ * the observations field, plus other PDUs sent for the same application (AID)
+ * by the same sender).
+ *
+ * @param nonV2xPduEvidence: is any information that was used by the
+ * detectors other than the V2X PDUs. If the report does not contain any
+ * observations that use other evidence (for example, if the report is simply
+ * that a speed value is implausibly high for any land vehicle, or that two
+ * V2X PDUs appear to show two different senders in the same physical
+ * space) then this field can be length 0. The evidence is drawn from a
+ * supplied application-specific evidence Information Object Set.
+ */
+TemplateAsr {
+ C-ASR-OBS-BY-TGT: ObservationSet, C-ASR-EV: NonV2xPduEvidenceSet
+} ::= SEQUENCE {
+ observations ObservationsByTargetSequence {{ObservationSet}},
+ v2xPduEvidence SEQUENCE (SIZE(1..MAX)) OF V2xPduStream,
+ nonV2xPduEvidence NonV2xPduEvidenceItemSequence {{NonV2xPduEvidenceSet}}
+}
+
+/**
+ * @brief This data type contains all of the observations related to a
+ * particular "target" property, e.g., speed or security.
+ *
+ * @param tgtId: identifies the "target" of the observation, e.g., speed. This
+ * identifier is drawn from an application-specific Information Object Set of
+ * observations by target.
+ *
+ * @param observations: contains all the observations related to that target.
+ * The observations are drawn from the provided Information Object Set.
+ */
+ObservationsByTarget {C-ASR-OBS-BY-TGT: SetAsrObsByTgt} ::= SEQUENCE {
+ tgtId C-ASR-OBS-BY-TGT.&id ({SetAsrObsByTgt}),
+ observations SEQUENCE OF C-ASR-OBS-BY-TGT.&Val ({SetAsrObsByTgt}{@.tgtId})
+}
+
+ObservationsByTargetSequence { C-ASR-OBS-BY-TGT: SetAsrObsByTgt } ::=
+ SEQUENCE (SIZE(1..MAX)) OF ObservationsByTarget {{ SetAsrObsByTgt }}
+
+/**
+ * @brief This is the Information Object Class used to define observations-
+ * -by-target.
+ */
+C-ASR-OBS-BY-TGT ::= C-2ENT
+
+/**
+ * @brief This data type contains a single misbehaviour observation.
+ *
+ * @param obsId: identifies the observation within the set of observations
+ * for that target, e.g., target = speed, observation = "speed higher than
+ * plausible given the physical map". This identifier is drawn from an
+ * application-and-target-specific Information Object Set of single
+ * observations.
+ *
+ * @param obs: contains any parameters relevant to the observation. The
+ * observations are drawn from the provided Information Object Set.
+ */
+MbSingleObservation {C-ASR-SINGLE-OBS: SetMbSingleObs} ::= SEQUENCE {
+ obsId C-ASR-SINGLE-OBS.&id ({SetMbSingleObs}),
+ obs C-ASR-SINGLE-OBS.&Val ({SetMbSingleObs}{@.obsId})
+}
+
+/**
+ * @brief This is the Information Object Class used to define single
+ * observations.
+ */
+C-ASR-SINGLE-OBS ::= C-2ENT
+
+/**
+ * @brief This data type contains PDU stream from a single sender.
+ *
+ * @param id: identifies the type of the PDU, meaning in this case
+ * what protocol headers are included from the stack.
+ *
+ * @param v2xPdus: is the PDU stream, i.e., a series of PDUs for the same AID
+ * sent by the same sender (where "sent by the same sender" means "signed by
+ * the same certificate"). The PDUs are ordered in chronological order of
+ * reception by the reporter. All PDUs in this field are of the same type,
+ * i.e., correspond to the same IdObsPdu. This field will always contain a
+ * "subject PDU", i.e., a PDU that is the subject of the observations.
+ * Additional PDUs may be included depending on which observations appear in
+ * the observations field. A specification of an observation is expected to
+ * include a specification of which PDUs are to be included in this field.
+ *
+ * @param certificate: contains the certificate that signed the PDUs if it is
+ * not explicitly included in one of the PDUs. (There is no need to include
+ * the entire certificate chain from the ITS station up to the Root CA, just
+ * the ITS station certificate is enough, as the MA is expected to have the
+ * rest of the certificates in the chain.) Note that if the sender certificate
+ * changes, PDUs signed by the new certificate and included in this report
+ * will be in a separate V2xPduStream instance within the v2xPduEvidence
+ * field of the TemplateAsr.
+ *
+ * @param subjectPduIndex: identifies which PDU within the v2xPdus sequence
+ * is the "subject PDU", i.e., the PDU associated with the observations.
+ */
+V2xPduStream ::= SEQUENCE {
+ type C-OBS-PDU.&id ({SetObsPdu}),
+ v2xPdus SEQUENCE (SIZE(1..255)) OF C-OBS-PDU.&Val ({SetObsPdu}{@.type}),
+ certificate Certificate OPTIONAL,
+ subjectPduIndex Uint8,
+ ...
+}
+
+/**
+ * @brief This is the Information Object Class used to define different types
+ * of observed PDUs.
+ */
+C-OBS-PDU ::= C-2ENT
+
+/**
+ * @brief This data type contains the IOS for the observed PDU.
+ */
+SetObsPdu C-OBS-PDU ::= {
+ {ObsPduEtsiGn BY c-ObsPdu-etsiGn} |
+ {Ieee1609Dot2Data BY c-ObsPdu-ieee1609Dot2Data},
+ ...
+}
+
+/**
+ * @brief This data type contains the identifier of the type of observed PDU.
+ *
+ * @param c-ObsPdu-etsiGn: is the identifier for ETSI GeoNetworking.
+ *
+ * @param c-ObsPdu-ieee1609Dot2Data: is the identifier for IEEE 1609.2.
+ */
+IdObsPdu ::= Uint8
+c-ObsPdu-etsiGn IdObsPdu ::= 1
+c-ObsPdu-ieee1609Dot2Data IdObsPdu ::= 2
+
+/**
+ * @brief ObsPduEtsiGn shall contain an encoded ETSI geonetworking PDU
+ * according to ETSI TS 103 836-4-1, at GeoNetworking level, i.e. without
+ * Access Layer header.
+ */
+ObsPduEtsiGn ::= Opaque
+
+/**
+ * @brief This data type contains evidence, which may be referenced by one or
+ * more observations.
+ *
+ * @param id: identifies the evidence type.
+ *
+ * @param evidence: contains the evidence.
+ */
+NonV2xPduEvidenceItem {C-ASR-EV: SetMbEv} ::= SEQUENCE {
+ id C-ASR-EV.&id ({SetMbEv}),
+ evidence C-ASR-EV.&Val ({SetMbEv}{@.id})
+}
+
+NonV2xPduEvidenceItemSequence {C-ASR-EV: NonV2xPduEvidenceSet} ::=
+ SEQUENCE (SIZE(0..MAX)) OF NonV2xPduEvidenceItem {{ NonV2xPduEvidenceSet }}
+
+/**
+ * @brief This is the Information Object Class used to define evidence.
+ *
+ * @note No instances of this class are defined in this version of this document.
+ */
+C-ASR-EV ::= C-2ENT
+
+/**
+ * @brief This structures uses single-byte IDs. If we run out of ID space
+ * in future, the Val type associated with ID 255 can also be structured
+ * hierarchically to extend the space.
+ */
+C-2ENT ::= CLASS {
+ &id Uint8,
+ &Val
+} WITH SYNTAX {&Val BY &id}
+
+END
diff --git a/EtsiTs103759CommonObservations.asn b/EtsiTs103759CommonObservations.asn
new file mode 100644
index 0000000000000000000000000000000000000000..58c6215f6b60ceef160bfa28651356d006084169
--- /dev/null
+++ b/EtsiTs103759CommonObservations.asn
@@ -0,0 +1,405 @@
+EtsiTs103759MbrCommonObservations {itu-t(0) identified-organization(4)
+ etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2)
+ major-version-1(1) minor-version-1(1)}
+
+DEFINITIONS AUTOMATIC TAGS ::= BEGIN
+
+EXPORTS ALL;
+
+IMPORTS
+ C-ASR-SINGLE-OBS
+FROM EtsiTs103759BaseTypes {itu-t(0) identified-organization(4) etsi(0)
+ itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1)
+ minor-version-1 (1)}
+WITH SUCCESSORS
+
+ Uint8
+FROM Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111)
+ standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2)
+ base(1) base-types(2) major-version-2(2) minor-version-4(4)}
+WITH SUCCESSORS
+;
+
+/**
+ * @brief Identifier type for observations: synonym for Uint8
+ */
+IdMbObs ::= Uint8
+
+/*
+ * Beacon issues
+ */
+
+/**
+ * @brief This data type is provided for an observation of beacon interval
+ * that is too small. This doesn't apply to repeated PDUs, but only to two
+ * distinct PDUs. The trigger conditions are provided in the
+ * application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU whose interval since the previous
+ * PDU is being flagged as too small. The v2xPdus field in that entry must
+ * contain at least the subject PDU and the PDU that immediately preceded it.
+ * The PDUs may be of any supported type and shall be of type
+ * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+ * report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Beacon-IntervalTooSmall ::= NULL
+
+-- IDs
+c-ObsBeacon-IntervalTooSmall IdMbObs::= 1 -- Class 2
+
+-- Individual Information Objects
+obs-Beacon-IntervalTooSmall C-ASR-SINGLE-OBS ::=
+ {Beacon-IntervalTooSmall BY c-ObsBeacon-IntervalTooSmall}
+
+
+/*
+ * Static field issues
+ */
+
+/**
+ * @brief This data type is provided for an observation of change in static
+ * fields. The semantics of the BIT STRING and trigger conditions are provided
+ * in the application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU whose one or more static fields
+ * since the previous PDU is being flagged as changed. The v2xPdus field in
+ * that entry must contain at least the subject PDU and the PDU that
+ * immediately preceded it. The PDUs may be of any supported type and shall be
+ * of type c-MbObsMsg-ieee1609Dot2Data unless another observation included in
+ * the same report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Static-Change ::= BIT STRING
+
+-- IDs
+c-ObsStatic-Change IdMbObs::= 1
+
+-- Individual Information Objects
+obs-Static-Change C-ASR-SINGLE-OBS ::=
+ {Static-Change BY c-ObsStatic-Change}
+
+
+/*
+ * Security issues
+ */
+
+/**
+ * @brief This data type is provided for an observation, where the messageID
+ * is inconsistent with the psid in the security headerInfo. The trigger
+ * conditions are provided in the application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU for which the messageID is being
+ * flagged as inconsistent with the psid in the security headerInfo. The
+ * v2xPdus field in that entry must contain at least the subject PDU. The
+ * PDU may be of any supported type and shall be of type
+ * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ * same report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Security-MessageIdIncWithHeaderInfo ::= NULL
+
+/**
+ * @brief This data type is provided for an observation, where the security
+ * headerInfo is inconsistent with the security profile for that psid. The
+ * trigger conditions are provided in the application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU for which the security headerInfo
+ * is being flagged as inconsistent with the security profile for that psid.
+ * The v2xPdus field in that entry must contain at least the subject PDU. The
+ * PDU may be of any supported type and shall be of type
+ * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+ * report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Security-HeaderIncWithSecurityProfile ::= NULL
+
+/**
+ * @brief This data type is provided for an observation, where the psid in the
+ * security headerInfo is inconsistent with the psid in the certificate. The
+ * trigger conditions are provided in the application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU for which the psid in the security
+ * headerInfo is being flagged as inconsistent with the psid in the
+ * certificate. The v2xPdus field in that entry must contain at least the
+ * subject PDU. The PDU may be of any supported type and shall be of type
+ * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ * same report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Security-HeaderPsidIncWithCertificate ::= NULL
+
+/**
+ * @brief This data type is provided for an observation, where the message is
+ * is inconsistent with the SSP in the certificate. The trigger conditions are
+ * provided in the application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU whose content is being flagged as
+ * inconsisent with the SSP in the certificate. The v2xPdus field in that
+ * entry must contain at least the subject PDU. The PDU may be of any
+ * supported type and shall be of type c-MbObsMsg-ieee1609Dot2Data unless
+ * another observation included in the same report requires a different PDU
+ * type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Security-MessageIncWithSsp ::= NULL
+
+/**
+ * @brief This data type is provided for an observation, where the
+ * generationTime in the security headerInfo is outside the validity period of
+ * the certificate. The trigger conditions are provided in the
+ * application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU for which the generationTime in the
+ * security headerInfo is being flagged as outside the validity period in the
+ * certificate. The v2xPdus field in that entry must contain at least the
+ * subject PDU. The PDU may be of any supported type and shall be of type
+ * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ * same report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Security-HeaderTimeOutsideCertificateValidity ::= NULL
+
+/**
+ * @brief This data type is provided for an observation, where the location
+ * in the message is outside the validity region in the certificate. The
+ * trigger conditions are provided in the application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU for which the location in the PDU is
+ * being flagged as outside the validity region in the certificate. The
+ * v2xPdus field in that entry must contain at least the subject PDU. The PDU
+ * may be of any supported type and shall be of type
+ * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+ * report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Security-MessageLocationOutsideCertificateValidity ::= NULL
+
+/**
+ * @brief This data type is provided for an observation, where the
+ * generationLocation in the security headerInfo is outside the validity region
+ * in the certificate. The trigger conditions are provided in the
+ * application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU for which the generationLocation in
+ * the security headerInfo is being flagged as outside the validity region in
+ * the certificate. The v2xPdus field in that entry must contain at least the
+ * subject PDU. The PDU may be of any supported type and shall be of type
+ * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+ * report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Security-HeaderLocationOutsideCertificateValidity ::= NULL
+
+-- IDs
+c-ObsSecurity-MessageIdIncWithHeaderInfo IdMbObs ::= 1
+c-ObsSecurity-HeaderIncWithSecurityProfile IdMbObs ::= 2
+c-ObsSecurity-HeaderPsidIncWithCertificate IdMbObs ::= 3
+c-ObsSecurity-MessageIncWithSsp IdMbObs ::= 4
+c-ObsSecurity-HeaderTimeOutsideCertificateValidity IdMbObs ::= 5
+c-ObsSecurity-MessageLocationOutsideCertificateValidity IdMbObs ::= 6
+c-ObsSecurity-HeaderLocationOutsideCertificateValidity IdMbObs ::= 7
+
+-- Individual Information Objects
+obs-Security-MessageIdIncWithHeaderInfo C-ASR-SINGLE-OBS ::= {
+ Security-MessageIdIncWithHeaderInfo BY
+ c-ObsSecurity-MessageIdIncWithHeaderInfo
+}
+
+obs-Security-HeaderIncWithSecurityProfile C-ASR-SINGLE-OBS ::= {
+ Security-HeaderIncWithSecurityProfile BY
+ c-ObsSecurity-HeaderIncWithSecurityProfile
+}
+
+obs-Security-HeaderPsidIncWithCertificate C-ASR-SINGLE-OBS ::= {
+ Security-HeaderPsidIncWithCertificate BY
+ c-ObsSecurity-HeaderPsidIncWithCertificate
+}
+
+obs-Security-MessageIncWithSsp C-ASR-SINGLE-OBS ::= {
+ Security-MessageIncWithSsp BY c-ObsSecurity-MessageIncWithSsp
+}
+
+obs-Security-HeaderTimeOutsideCertificateValidity C-ASR-SINGLE-OBS ::= {
+ Security-HeaderTimeOutsideCertificateValidity BY
+ c-ObsSecurity-HeaderTimeOutsideCertificateValidity
+}
+
+obs-Security-MessageLocationOutsideCertificateValidity
+ C-ASR-SINGLE-OBS ::= {
+ Security-MessageLocationOutsideCertificateValidity BY
+ c-ObsSecurity-MessageLocationOutsideCertificateValidity
+}
+
+obs-Security-HeaderLocationOutsideCertificateValidity
+ C-ASR-SINGLE-OBS ::= {
+ Security-HeaderLocationOutsideCertificateValidity BY
+ c-ObsSecurity-HeaderLocationOutsideCertificateValidity
+}
+
+/*
+ * Position issues
+ */
+
+/**
+ * @brief This data type is provided for an observation of change in position
+ * that is too large. The trigger conditions are provided in the
+ * application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU whose position is being flagged as
+ * inconsistent with the previous PDU. The v2xPdus field in that entry must
+ * contain at least the subject PDU and the PDU that immediately preceded it.
+ * The PDU may be of any supported type and shall be of type
+ * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+ * report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Position-ChangeTooLarge ::= NULL
+
+-- IDs
+c-ObsPosition-ChangeTooLarge IdMbObs ::= 4
+
+-- Individual Information Objects
+
+obs-Position-ChangeTooLarge C-ASR-SINGLE-OBS ::= {
+ Position-ChangeTooLarge BY c-ObsPosition-ChangeTooLarge
+}
+
+
+/*
+ * Speed issues
+ */
+
+/**
+ * @brief This data type is provided for an observation of speed too large
+ * for a given vehicle type. The trigger conditions are provided in the
+ * application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU whose speed is being flagged as too
+ * large for the vehicle type. The v2xPdus field in that entry must contain at
+ * least the subject PDU. The PDU may be of any supported type and shall be of
+ * type c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ * same report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Speed-ValueTooLarge-VehicleType ::= NULL
+
+/**
+ * @brief This data type is provided for an observation of speed too large
+ * for the reverse drive direction. The trigger conditions are provided in
+ * the application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU whose speed is being flagged as too
+ * large for the reverse drive direction. The v2xPdus field in that entry must
+ * contain at least the subject PDU. The PDU may be of any supported type and
+ * shall be of type c-MbObsMsg-ieee1609Dot2Data unless another observation
+ * included in the same report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Speed-ValueTooLarge-DriveDirectionReverse ::= NULL
+
+/**
+ * @brief This data type is provided for an observation of change in speed
+ * that is too large. The trigger conditions are provided in the
+ * application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU whose speed is being flagged as
+ * inconsistent with the speed in the previous PDU. The v2xPdus field in that
+ * entry must contain at least the subject PDU and the PDU that immediately
+ * preceded it. The PDU may be of any supported type and shall be of type
+ * c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ * same report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+Speed-ChangeTooLarge ::= NULL
+
+-- IDs
+c-ObsSpeed-ValueTooLarge-VehicleType IdMbObs::= 3
+c-ObsSpeed-ValueTooLarge-DriveDirectionReverse IdMbObs::= 4
+c-ObsSpeed-ChangeTooLarge IdMbObs::= 5
+
+-- Individual Information Objects
+obs-Speed-ValueTooLarge-VehicleType C-ASR-SINGLE-OBS ::= {
+ Speed-ValueTooLarge-VehicleType BY c-ObsSpeed-ValueTooLarge-VehicleType
+}
+
+obs-Speed-ValueTooLarge-DriveDirectionReverse C-ASR-SINGLE-OBS ::= {
+ Speed-ValueTooLarge-DriveDirectionReverse BY
+ c-ObsSpeed-ValueTooLarge-DriveDirectionReverse
+}
+
+obs-Speed-ChangeTooLarge C-ASR-SINGLE-OBS ::= {
+ Speed-ChangeTooLarge BY c-ObsSpeed-ChangeTooLarge
+}
+
+
+/*
+ * Longitudinal acceleration issues
+ */
+
+/**
+ * @brief This data type is provided for an observation of longitudinal
+ * acceleration that is too large. The trigger conditions are provided in the
+ * application-specific files.
+ * - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ * one entry. The observation applies to the first entry. The subjectPduIndex
+ * in that V2xPduStream points to the PDU whose longitudinal acceleration is
+ * being flagged as too large. The v2xPdus field in that entry must contain at
+ * least the subject PDU. The PDU may be of any supported type and shall be of
+ * type c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ * same report requires a different PDU type.
+ *
+ * - `nonV2xPduEvidence`: No other evidence is required to be included
+ * to support this observation.
+ */
+LongAcc-ValueTooLarge ::= NULL
+
+-- IDs
+c-ObsLongAcc-ValueTooLarge IdMbObs::= 4
+
+-- Individual Information Objects
+
+obs-LongAcc-ValueTooLarge C-ASR-SINGLE-OBS ::= {
+ LongAcc-ValueTooLarge BY c-ObsLongAcc-ValueTooLarge
+}
+
+END
\ No newline at end of file
diff --git a/README.md b/README.md
index 38b9b40dfe38756f5d25685515afddfa764cecf6..2b68c2cdf9a9feba78a042df3d28b22dfb28fd8a 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,18 @@
-# MBMR TS 103 759
+# ASN.1 modules for ETSI ITS Misbehaviour Reporting Service (ETSI TS 103 759)
-ASN.1 modules for TS 103 759: Misbehaviour Reporting service
\ No newline at end of file
+The modules are published as a part of delivery **[ETSI TS 103 759 v2.1.1](https://www.etsi.org/deliver/etsi_ts/103700_103799/103759/02.01.01_60/ts_103759v020101p.pdf)**
+
+## License
+
+The content of this repository and the files contained are released under the BSD-3-Clause license.
+
+See the attached LICENSE file or visit https://forge.etsi.org/legal-matters.
+
+## Dependencies
+
+The module dependens of the following external modules and repositories:
+
+* The **[EtsiTs103097Module](https://forge.etsi.org/rep/ITS/asn1/sec_ts103097)** module from the **[ETSI TS 103 097 v.2.1.1](http://www.etsi.org/deliver/etsi_ts/103000_103099/103097/02.01.01_60/ts_103097v020101p.pdf)** - ITS Security Headers
+* The **[IEEE1609Dot2](https://forge.etsi.org/rep/ITS/asn1/ieee1609.2)** module from the **IEEE Std 1609.2** - WAVE - Security Services for Applications and Management Messages
+
+*NOTE: Please use `--recurse-submodules` option in order to clone the module with all necessary dependencies.*
diff --git a/SaeJ3287AsrBsm.asn b/SaeJ3287AsrBsm.asn
new file mode 100644
index 0000000000000000000000000000000000000000..7577a12cddc91a3f9d17397b4fe3113e2c33d618
--- /dev/null
+++ b/SaeJ3287AsrBsm.asn
@@ -0,0 +1,12 @@
+SaeJ3287AsrBsm {joint-iso-itu-t (2) country (16) us (840) organization (1)
+ sae (114566) v2x-communications (1) technical-committees (1) v2x-security (4)
+ technical-reports (1) misbehavior-reporting (1) asn1-module (1)
+ aid-specific(2) bsm(32) version-1 (1) version-minor-0 (0)}
+
+DEFINITIONS AUTOMATIC TAGS ::= BEGIN
+
+EXPORTS ALL;
+
+AsrBsm ::= NULL
+
+END
diff --git a/docs/EtsiTs103097ExtensionModule.md b/docs/EtsiTs103097ExtensionModule.md
new file mode 100644
index 0000000000000000000000000000000000000000..2d89933b48772d2226b65071080fa2499a42949f
--- /dev/null
+++ b/docs/EtsiTs103097ExtensionModule.md
@@ -0,0 +1,101 @@
+# ASN.1 module EtsiTs103097ExtensionModule
+ OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) extension(2) major-version-1(1) minor-version-1(1)}_
+
+## Imports:
+ * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2 (2) minor-version-3 (3)} WITH SUCCESSORS*
+
+## Data Elements:
+
+### ExtensionModuleVersion
+```asn1
+ExtensionModuleVersion::= INTEGER(1)
+```
+
+### Extension
+
+Fields:
+* id of type [**EXT-TYPE**](#EXT-TYPE) .&extId({ExtensionTypes})
+* content of type [**EXT-TYPE**](#EXT-TYPE) .&ExtContent({ExtensionTypes}{@.id})
+
+```asn1
+Extension {EXT-TYPE : ExtensionTypes} ::= SEQUENCE {
+ id EXT-TYPE.&extId({ExtensionTypes}),
+ content EXT-TYPE.&ExtContent({ExtensionTypes}{@.id})
+}
+```
+
+### EXT-TYPE
+
+Fields:
+* extId of type [**ExtId**](#ExtId)
+```asn1
+EXT-TYPE ::= CLASS {
+ &extId ExtId,
+ &ExtContent
+} WITH SYNTAX {&ExtContent IDENTIFIED BY &extId}
+```
+
+
+### ExtId
+```asn1
+ExtId ::= INTEGER(0..255)
+```
+
+
+### EtsiOriginatingHeaderInfoExtension
+```asn1
+EtsiOriginatingHeaderInfoExtension ::= Extension{{EtsiTs103097HeaderInfoExtensions}}
+```
+
+
+### EtsiTs103097HeaderInfoExtensionId
+```asn1
+EtsiTs103097HeaderInfoExtensionId ::= ExtId
+ etsiTs102941CrlRequestId EtsiTs103097HeaderInfoExtensionId ::= 1
+ etsiTs102941DeltaCtlRequestId EtsiTs103097HeaderInfoExtensionId ::= 2
+```
+
+
+### EtsiTs103097HeaderInfoExtensions
+```asn1
+EtsiTs103097HeaderInfoExtensions EXT-TYPE ::= {
+ { EtsiTs102941CrlRequest IDENTIFIED BY etsiTs102941CrlRequestId } |
+ { EtsiTs102941DeltaCtlRequest IDENTIFIED BY etsiTs102941DeltaCtlRequestId },
+ ...
+}
+```
+
+### EtsiTs102941CrlRequest
+
+Fields:
+* issuerId of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+* lastKnownUpdate of type [**Time32**](Ieee1609Dot2BaseTypes.md#Time32) OPTIONAL
+
+```asn1
+EtsiTs102941CrlRequest::= SEQUENCE {
+ issuerId HashedId8,
+ lastKnownUpdate Time32 OPTIONAL
+}
+```
+
+### EtsiTs102941CtlRequest
+
+Fields:
+* issuerId of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+* lastKnownCtlSequence of type **INTEGER** (0..255) OPTIONAL
+
+```asn1
+EtsiTs102941CtlRequest::= SEQUENCE {
+ issuerId HashedId8,
+ lastKnownCtlSequence INTEGER (0..255) OPTIONAL
+}
+```
+
+
+### EtsiTs102941DeltaCtlRequest
+```asn1
+EtsiTs102941DeltaCtlRequest::= EtsiTs102941CtlRequest
+```
+
+
+
diff --git a/docs/EtsiTs103097Module.md b/docs/EtsiTs103097Module.md
new file mode 100644
index 0000000000000000000000000000000000000000..91d7844954a938d43620a1d84ebbd431cf090167
--- /dev/null
+++ b/docs/EtsiTs103097Module.md
@@ -0,0 +1,151 @@
+# ASN.1 module EtsiTs103097Module
+ OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) core(1) major-version-3(3) minor-version-1(1)}_
+
+## Imports:
+ * **[Ieee1609Dot2](Ieee1609Dot2.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+
+ * **[EtsiTs103097ExtensionModule](EtsiTs103097ExtensionModule.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) extension(2) major-version-1(1) minor-version-1(1)}*
+
+## Data Elements:
+
+### EtsiTs103097Certificate
+```asn1
+EtsiTs103097Certificate::= Certificate (WITH COMPONENTS{...,
+ toBeSigned (WITH COMPONENTS{...,
+ id (WITH COMPONENTS{...,
+ linkageData ABSENT,
+ binaryId ABSENT
+ }),
+ certRequestPermissions ABSENT,
+ canRequestRollover ABSENT
+ })
+})
+```
+
+
+### EtsiTs103097Data
+```asn1
+EtsiTs103097Data::=Ieee1609Dot2Data (WITH COMPONENTS {...,
+ content (WITH COMPONENTS {...,
+ signedData (WITH COMPONENTS {...,
+ tbsData (WITH COMPONENTS {
+ headerInfo (WITH COMPONENTS {...,
+ generationTime PRESENT,
+ p2pcdLearningRequest ABSENT,
+ missingCrlIdentifier ABSENT
+ })
+ }),
+ signer (WITH COMPONENTS {...,
+ certificate ((WITH COMPONENT (EtsiTs103097Certificate))^(SIZE(1)))
+ })
+ }),
+ encryptedData (WITH COMPONENTS {...,
+ recipients (WITH COMPONENT (
+ (WITH COMPONENTS {...,
+ pskRecipInfo ABSENT,
+ symmRecipInfo ABSENT,
+ rekRecipInfo ABSENT
+ })
+ ))
+ }),
+ signedCertificateRequest ABSENT
+ })
+})
+```
+
+
+### EtsiTs103097Data-Unsecured
+```asn1
+EtsiTs103097Data-Unsecured {ToBeSentDataContent} ::= EtsiTs103097Data (WITH COMPONENTS {...,
+ content (WITH COMPONENTS {
+ unsecuredData (CONTAINING ToBeSentDataContent)
+ })
+})
+```
+
+
+### EtsiTs103097Data-Signed
+```asn1
+EtsiTs103097Data-Signed {ToBeSignedDataContent} ::= EtsiTs103097Data (WITH COMPONENTS {...,
+ content (WITH COMPONENTS {
+ signedData (WITH COMPONENTS {...,
+ tbsData (WITH COMPONENTS {
+ payload (WITH COMPONENTS {
+ data (WITH COMPONENTS {...,
+ content (WITH COMPONENTS {
+ unsecuredData (CONTAINING ToBeSignedDataContent)
+ })
+ }) PRESENT
+ })
+ })
+ })
+ })
+})
+```
+
+
+### EtsiTs103097Data-SignedExternalPayload
+```asn1
+EtsiTs103097Data-SignedExternalPayload ::= EtsiTs103097Data (WITH COMPONENTS {...,
+ content (WITH COMPONENTS {
+ signedData (WITH COMPONENTS {...,
+ tbsData (WITH COMPONENTS {
+ payload (WITH COMPONENTS {
+ extDataHash (WITH COMPONENTS {
+ sha256HashedData PRESENT
+ }) PRESENT
+ })
+ })
+ })
+ })
+})
+```
+
+
+### EtsiTs103097Data-Encrypted
+```asn1
+EtsiTs103097Data-Encrypted {ToBeEncryptedDataContent} ::= EtsiTs103097Data (WITH COMPONENTS {...,
+ content (WITH COMPONENTS {
+ encryptedData (WITH COMPONENTS {...,
+ ciphertext (WITH COMPONENTS {...,
+ aes128ccm (WITH COMPONENTS {...,
+ ccmCiphertext (CONSTRAINED BY { ToBeEncryptedDataContent})
+ })
+ })
+ })
+ })
+})
+```
+
+
+### EtsiTs103097Data-SignedAndEncrypted
+```asn1
+EtsiTs103097Data-SignedAndEncrypted {ToBesignedAndEncryptedDataContent} ::= EtsiTs103097Data-Encrypted {EtsiTs103097Data-Signed {ToBesignedAndEncryptedDataContent}}
+```
+
+
+### EtsiTs103097Data-Encrypted-Unicast
+```asn1
+EtsiTs103097Data-Encrypted-Unicast {ToBeEncryptedDataContent} ::= EtsiTs103097Data-Encrypted { EtsiTs103097Data-Unsecured{ToBeEncryptedDataContent}} (WITH COMPONENTS {...,
+ content (WITH COMPONENTS {
+ encryptedData (WITH COMPONENTS {...,
+ recipients (SIZE(1))
+ })
+ })
+})
+```
+
+
+### EtsiTs103097Data-SignedAndEncrypted-Unicast
+```asn1
+EtsiTs103097Data-SignedAndEncrypted-Unicast {ToBesignedAndEncryptedDataContent} ::= EtsiTs103097Data-Encrypted {EtsiTs103097Data-Signed {ToBesignedAndEncryptedDataContent}} (WITH COMPONENTS {...,
+ content (WITH COMPONENTS {
+ encryptedData (WITH COMPONENTS {...,
+ recipients (SIZE(1))
+ })
+ })
+})
+```
+
+
+
diff --git a/docs/EtsiTs103759.html b/docs/EtsiTs103759.html
new file mode 100644
index 0000000000000000000000000000000000000000..0251eb0a488f8f90ed602662ffec486fe92ebd7b
--- /dev/null
+++ b/docs/EtsiTs103759.html
@@ -0,0 +1,1005 @@
+
+
+
+
+ EtsiTs103759
+
+
+ ASN.1 module EtsiTs103759
+ OID: {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) core(1) major-version-1(1) minor-version-1 (1)}
+Imports:
+
+EtsiTs103097Module {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) core(1) major-version-3(3) minor-version-1(1)} WITH SUCCESSORS
+
+Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-3(3)} WITH SUCCESSORS
+
+EtsiTs103759AsrAppAgnostic {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS
+
+EtsiTs103759AsrCam {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS
+
+EtsiTs103759AsrDenm {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS
+
+
+Data Elements:
+EtsiTs103759Data
+ This data type is the general PDU for a misbehaviour report from an
+ ITS-S to the MA responsible for reports of that type. AID-specific modules
+ (EtsiTs103759AsrAppAgnostic, EtsiTs103759AsrCam, EtsiTs103759AsrDenm) have
+ been imported using WITH SUCCESSORS to enable importing one or more of those
+ modules with minor-version greater than 0 without requiring any change in the
+ import statements. At least one of these AID-specific modules shall have
+ minor-version greater than 0.
+Fields:
+
+version Uint8
+contains the version number of this PDU definition. For this
+version of this data type it shall be equal to 2.
+
+generationTime Time64
+contains information on when this PDU was generated.
+
+observationLocation ThreeDLocation
+is the location at which the last observation of
+a V2X PDU was made before the decision was taken to generate a report.
+
+report AidSpecificReport
+contains the AID-specific misbehaviour report.
+
+
+EtsiTs103759Data ::= SEQUENCE {
version Uint8,
generationTime Time64,
observationLocation ThreeDLocation,
report AidSpecificReport
}
+EtsiTs103759Data-SignedAndEncrypted-Unicast
+ This structure is the SPDU used to send a signed and encrypted
+ EtsiTs103759Data to the MA. For the signature to be valid the signing
+ certificate shall conform to the authorization ticket profile given in
+ clause 7.2.1 of ETSI TS 103 097 v2.1.1, where the appPermissions field in
+ the authorization ticket allows signing misbehaviour reports. The signed
+ EtsiTs103759Data shall be encrypted to the MA using the encryptionKey in
+ the MA's certificate.
+EtsiTs103759Data-SignedAndEncrypted-Unicast ::=
EtsiTs103097Data-SignedAndEncrypted-Unicast {
EtsiTs103759Data
}
+AidSpecificReport
+ This data type is the whole report on issues detected for a specific
+ ITS-AID. This ITS-AID may identify an individual application, or may identify
+ cross-application or non-application-specific misbehaviour cases.
+Fields:
+
+aid C-ASR .&aid ({SetAsr})
+contains the respective ITS-AID.
+
+content C-ASR .&Content ({SetAsr}{@.aid})
+contains the report contents, e.g., AsrCam. This will be a
+TemplateAsr instantiated with AID-specific Information Object Sets.
+
+
+AidSpecificReport ::= SEQUENCE {
aid C-ASR.&aid ({SetAsr}),
content C-ASR.&Content ({SetAsr}{@.aid})
}
+C-ASR
+ This data type defines the IOC for AidSpecificReport.
+C-ASR ::= CLASS {
&aid Psid UNIQUE,
&Content
} WITH SYNTAX {&Content IDENTIFIED BY &aid}
+SetAsr
+ This data type defines the IOS for AidSpecificReport. See the ASN.1
+ modules where each set is defined for a description of that set.
+SetAsr C-ASR ::= {
{AsrAppAgnostic IDENTIFIED BY c-AsrAppAgnostic} |
{AsrCam IDENTIFIED BY c-AsrCam} |
{AsrDenm IDENTIFIED BY c-AsrDenm},
...
}
+c-AsrAppAgnostic Psid ::= 270549119
+c-AsrCam Psid ::= 36
+c-AsrDenm Psid ::= 37
+} ::= SEQUENCE {
observations SEQUENCE (SIZE(1..MAX)) OF ObservationsByTarget
{{ObservationSet}},
v2xPduEvidence SEQUENCE (SIZE(1..MAX)) OF V2xPduStream,
nonV2xPduEvidence SEQUENCE (SIZE(0..MAX)) OF NonV2xPduEvidenceItem
{{NonV2xPduEvidenceSet}}
}
+ObservationsByTarget
+ This data type contains all of the observations related to a
+ particular "target" property, e.g., speed or security.
+Fields:
+
+tgtId C-ASR-OBS-BY-TGT .&id ({SetAsrObsByTgt})
+identifies the "target" of the observation, e.g., speed. This
+identifier is drawn from an application-specific Information Object Set of
+observations by target.
+
+observations SEQUENCE OF C-ASR-OBS-BY-TGT.&Val
+contains all the observations related to that target.
+The observations are drawn from the provided Information Object Set.
+
+
+ObservationsByTarget {C-ASR-OBS-BY-TGT: SetAsrObsByTgt} ::= SEQUENCE {
tgtId C-ASR-OBS-BY-TGT.&id ({SetAsrObsByTgt}),
observations SEQUENCE OF C-ASR-OBS-BY-TGT.&Val
({SetAsrObsByTgt}{@.tgtId})
}
+C-ASR-OBS-BY-TGT
+ This is the Information Object Class used to define observations-
+ -by-target.
+C-ASR-OBS-BY-TGT ::= C-2ENT
+MbSingleObservation
+ This data type contains a single misbehaviour observation.
+Fields:
+
+obsId C-ASR-SINGLE-OBS .&id ({SetMbSingleObs})
+identifies the observation within the set of observations
+for that target, e.g., target = speed, observation = "speed higher than
+plausible given the physical map". This identifier is drawn from an
+application-and-target-specific Information Object Set of single
+observations.
+
+obs C-ASR-SINGLE-OBS .&Val ({SetMbSingleObs}{@.obsId})
+contains any parameters relevant to the observation. The
+observations are drawn from the provided Information Object Set.
+
+
+MbSingleObservation {C-ASR-SINGLE-OBS: SetMbSingleObs} ::= SEQUENCE {
obsId C-ASR-SINGLE-OBS.&id ({SetMbSingleObs}),
obs C-ASR-SINGLE-OBS.&Val ({SetMbSingleObs}{@.obsId})
}
+C-ASR-SINGLE-OBS
+ This is the Information Object Class used to define single
+ observations.
+C-ASR-SINGLE-OBS ::= C-2ENT
+V2xPduStream
+ This data type contains PDU stream from a single sender.
+Fields:
+
+type C-OBS-PDU .&id ({SetObsPdu})
+
+v2xPdus SEQUENCE (SIZE(1..255)) OF C-OBS-PDU.&Val
+is the PDU stream, i.e., a series of PDUs for the same AID
+sent by the same sender (where "sent by the same sender" means "signed by
+the same certificate"). The PDUs are ordered in chronological order of
+reception by the reporter. All PDUs in this field are of the same type,
+i.e., correspond to the same IdObsPdu. This field will always contain a
+"subject PDU", i.e., a PDU that is the subject of the observations.
+Additional PDUs may be included depending on which observations appear in
+the observations field. A specification of an observation is expected to
+include a specification of which PDUs are to be included in this field.
+
+certificate EtsiTs103097Certificate OPTIONAL
+contains the certificate that signed the PDUs if it is
+not explicitly included in one of the PDUs. (There is no need to include
+the entire certificate chain from the ITS station up to the Root CA, just
+the ITS station certificate is enough, as the MA is expected to have the
+rest of the certificates in the chain.) Note that if the sender certificate
+changes, PDUs signed by the new certificate and included in this report
+will be in a separate V2xPduStream instance within the v2xPduEvidence
+field of the TemplateAsr.
+
+subjectPduIndex Uint8
+identifies which PDU within the v2xPdus sequence
+is the "subject PDU", i.e., the PDU associated with the observations.
+
+
+V2xPduStream ::= SEQUENCE {
type C-OBS-PDU.&id ({SetObsPdu}),
v2xPdus SEQUENCE (SIZE(1..255)) OF C-OBS-PDU.&Val
({SetObsPdu}{@.type}),
certificate EtsiTs103097Certificate OPTIONAL,
subjectPduIndex Uint8,
...
}
+C-OBS-PDU
+ This is the Information Object Class used to define different types
+ of observed PDUs.
+C-OBS-PDU ::= C-2ENT
+SetObsPdu
+ This data type contains the IOS for the observed PDU.
+SetObsPdu C-OBS-PDU ::= {
{ObsPduEtsiGn BY c-ObsPdu-etsiGn} |
{ObsPduIeee1609Dot2Data BY c-ObsPdu-ieee1609Dot2Data} |
{ObsPduWsmp BY c-ObsPdu-wsmp},
...
}
+IdObsPdu
+ This data type contains the identifier of the type of observed PDU.
+IdObsPdu ::= Uint8
+c-ObsPdu-etsiGn IdObsPdu ::= 1
c-ObsPdu-ieee1609Dot2Data IdObsPdu ::= 2
c-ObsPdu-wsmp IdObsPdu ::= 3
+ObsPduEtsiGn
+ ObsPduEtsiGn contains an ETSI geonetworking PDU, i.e., the first
+ byte of every PDU in the v2xPdus array is the first byte of the
+ geonetworking Basic Header.
+ObsPduEtsiGn ::= Opaque
+ObsPduIeee1609Dot2Data
+ ObsPduIeee1609Dot2Data contains an Ieee1609Dot2Data, i.e., the first
+ byte of every PDU in the v2xPdus array is the version byte of the
+ Ieee1609Dot2Data.
+ObsPduIeee1609Dot2Data ::= Opaque
+ObsPduWsmp
+ ObsPduWsmp contains a WAVE Short Messaging Protocol PDU, i.e., the
+ first byte of every PDU in the v2xPdus array is the first byte of the WSMP
+ N-Header.
+ObsPduWsmp ::= Opaque
+NonV2xPduEvidenceItem
+ This data type contains evidence, which may be referenced by one or
+ more observations.
+Fields:
+
+NonV2xPduEvidenceItem {C-ASR-EV: SetMbEv} ::= SEQUENCE {
id C-ASR-EV.&id ({SetMbEv}),
evidence C-ASR-EV.&Val ({SetMbEv}{@.id})
}
+C-ASR-EV
+ This is the Information Object Class used to define evidence.
+ @note No instances of this class are defined in this version of this document.
+C-ASR-EV ::= C-2ENT
+C-2ENT
+ This structures uses single-byte IDs. If we run out of ID space
+ in future, the Val type associated with ID 255 can also be structured
+ hierarchically to extend the space.
+C-2ENT ::= CLASS {
&id Uint8,
&Val
} WITH SYNTAX {&Val BY &id}
+
diff --git a/docs/EtsiTs103759.md b/docs/EtsiTs103759.md
new file mode 100644
index 0000000000000000000000000000000000000000..dc3c791d10166061f688c271dc4ece0527d2bdf2
--- /dev/null
+++ b/docs/EtsiTs103759.md
@@ -0,0 +1,179 @@
+# ASN.1 module EtsiTs103759
+ OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) core(1) major-version-1(1) minor-version-2 (2)}_
+
+## Imports:
+ * **[EtsiTs103097Module](EtsiTs103097Module.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) core(1) major-version-3(3) minor-version-1(1)} WITH SUCCESSORS*
+
+ * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+
+ * **[EtsiTs103759AsrAppAgnostic](EtsiTs103759AsrAppAgnostic.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS*
+
+ * **[EtsiTs103759AsrCam](EtsiTs103759AsrCam.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS*
+
+ * **[EtsiTs103759AsrDenm](EtsiTs103759AsrDenm.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS*
+
+ * **[SaeJ3287AsrBsm](SaeJ3287AsrBsm.md)** *{joint-iso-itu-t (2) country (16) us (840) organization (1) sae (114566) v2x-communications (1) technical-committees (1) v2x-security (4) technical-reports (1) misbehavior-reporting (1) asn1-module (1) aid-specific(2) bsm(32) version-1 (1) version-minor-0 (0)} WITH SUCCESSORS*
+
+## Data Elements:
+### EtsiTs103759Data
+This data type is the general PDU for a misbehaviour report from an
+ ITS-S to the MA responsible for reports of that type. AID-specific modules
+ (EtsiTs103759AsrAppAgnostic, EtsiTs103759AsrCam, EtsiTs103759AsrDenm,
+ SaeJ3287AsrBsm) have been imported using WITH SUCCESSORS to enable importing
+ one or more of those modules with minor-version greater than 0 without
+ requiring any change in the import statements. At least one of these
+ AID-specific modules shall have minor-version greater than 0.
+
+Fields:
+* version of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8)
+ contains the version number of this PDU definition. For this
+ version of this data type it shall be equal to 2.
+
+
+* generationTime of type [**Time64**](Ieee1609Dot2BaseTypes.md#Time64)
+ contains information on when this PDU was generated.
+
+
+
+* observationLocation of type [**ThreeDLocation**](Ieee1609Dot2BaseTypes.md#ThreeDLocation)
+ is the location at which the last observation of
+ a V2X PDU was made before the decision was taken to generate a report.
+
+
+
+* report of type [**AidSpecificReport**](#AidSpecificReport)
+ contains the AID-specific misbehaviour report.
+
+
+
+
+```asn1
+EtsiTs103759Data ::= SEQUENCE {
+ version Uint8,
+ generationTime Time64,
+ observationLocation ThreeDLocation,
+ report AidSpecificReport
+}
+```
+
+
+### EtsiTs103759Data-SignedAndEncrypted-Unicast
+This structure is the SPDU used to send a signed and encrypted
+ EtsiTs103759Data to the MA. For the signature to be valid the signing
+ certificate shall conform to the authorization ticket profile given in
+ clause 7.2.1 of ETSI TS 103 097 v2.1.1, where the appPermissions field in
+ the authorization ticket allows signing misbehaviour reports. The signed
+ EtsiTs103759Data shall be encrypted to the MA using the encryptionKey in
+ the MA's certificate.
+```asn1
+EtsiTs103759Data-SignedAndEncrypted-Unicast ::=
+ EtsiTs103097Data-SignedAndEncrypted-Unicast {
+ EtsiTs103759Data
+}
+```
+
+### AidSpecificReport
+This data type is the whole report on issues detected for a specific
+ ITS-AID. This ITS-AID may identify an individual application, or may identify
+ cross-application or non-application-specific misbehaviour cases.
+
+Fields:
+* aid of type [**C-ASR**](#C-ASR) .&aid ({SetAsr})
+ contains the respective ITS-AID.
+
+
+* content of type [**C-ASR**](#C-ASR) .&Content ({SetAsr}{@.aid})
+ contains the report contents, e.g., AsrCam. This will be a
+ TemplateAsr instantiated with AID-specific Information Object Sets.
+
+
+
+
+```asn1
+AidSpecificReport ::= SEQUENCE {
+ aid C-ASR.&aid ({SetAsr}),
+ content C-ASR.&Content ({SetAsr}{@.aid})
+}
+```
+
+### C-ASR
+This data type defines the IOC for AidSpecificReport.
+
+Fields:
+* aid of type [**Psid**](Ieee1609Dot2BaseTypes.md#Psid) UNIQUE
+ contains the globally unique reference identifier of an
+ AID-specific misbehaviour report.
+
+
+ contains the open type of the PDU identified by aid. This
+ will be a TemplateAsr instantiated with AID-specific Information Object
+ Sets.
+
+
+
+
+```asn1
+C-ASR ::= CLASS {
+ &aid Psid UNIQUE,
+ &Content
+} WITH SYNTAX {&Content IDENTIFIED BY &aid}
+```
+
+
+### SetAsr
+This data type defines the IOS for AidSpecificReport. See the ASN.1
+ modules where each set is defined for a description of that set.
+```asn1
+SetAsr C-ASR ::= {
+ {AsrAppAgnostic IDENTIFIED BY c-AsrAppAgnostic} |
+ {AsrCam IDENTIFIED BY c-AsrCam} |
+ {AsrDenm IDENTIFIED BY c-AsrDenm},
+ ...,
+ {AsrBsm IDENTIFIED BY c-AsrBsm}
+}
+```
+
+
+>>>
+NOTE: This value is used for suspicious observations that are not
+ or cannot be linked to a specific application.
+>>>
+```asn1
+c-AsrAppAgnostic Psid ::= 270549119
+```
+
+```asn1
+c-AsrCam Psid ::= 36
+```
+
+```asn1
+c-AsrDenm Psid ::= 37
+```
+
+```asn1
+c-AsrBsm Psid ::= 32
+```
+
+
+
+This data type defines the IOC for AidSpecificReport.
+
+ @param aid: contains the globally unique reference identifier of an
+ AID-specific misbehaviour report.
+
+ @param Content: contains the open type of the PDU identified by aid. This
+ will be a TemplateAsr instantiated with AID-specific Information Object
+ Sets.
+ This data type defines the IOS for AidSpecificReport. See the ASN.1
+ modules where each set is defined for a description of that set.
+ This data type contains the ITS-AID of the unknown service.
+
+>>>
+NOTE: This value is used for suspicious observations that are not
+ or cannot be linked to a specific application.
+ This data type contains the ITS-AID of the CA service.
+ This data type contains the ITS-AID of the DEN service.
+ This data type contains the ITS-AID of the BSM.
+>>>
+
+
diff --git a/docs/EtsiTs103759AsrAppAgnostic.html b/docs/EtsiTs103759AsrAppAgnostic.html
new file mode 100644
index 0000000000000000000000000000000000000000..073abfcd881ca95c8e0a07d977ead2326bfe48a0
--- /dev/null
+++ b/docs/EtsiTs103759AsrAppAgnostic.html
@@ -0,0 +1,812 @@
+
+
+
+
+ EtsiTs103759AsrAppAgnostic
+
+
+ ASN.1 module EtsiTs103759AsrAppAgnostic
+ OID: {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119) major-version-1(1) minor-version-0(0)}
+Data Elements:
+AsrAppAgnostic
+ This data type is defined as NULL for this version of the standard.
+AsrAppAgnostic ::= NULL
+
diff --git a/docs/EtsiTs103759AsrAppAgnostic.md b/docs/EtsiTs103759AsrAppAgnostic.md
new file mode 100644
index 0000000000000000000000000000000000000000..6d6e02e5ac0efd54879d584d834b6a1c0ac04f71
--- /dev/null
+++ b/docs/EtsiTs103759AsrAppAgnostic.md
@@ -0,0 +1,13 @@
+# ASN.1 module EtsiTs103759AsrAppAgnostic
+ OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) appAgnostic(270549119) major-version-1(1) minor-version-0(0)}_
+
+## Data Elements:
+
+### AsrAppAgnostic
+This data type is defined as NULL for this version of the standard.
+```asn1
+AsrAppAgnostic ::= NULL
+```
+
+
+
diff --git a/docs/EtsiTs103759AsrCam.html b/docs/EtsiTs103759AsrCam.html
new file mode 100644
index 0000000000000000000000000000000000000000..6e685af4fb2cf346939cac8477d154bb4a03dccf
--- /dev/null
+++ b/docs/EtsiTs103759AsrCam.html
@@ -0,0 +1,886 @@
+
+
+
+
+ EtsiTs103759AsrCam
+
+
+ ASN.1 module EtsiTs103759AsrCam
+ OID: {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36) major-version-1(1) minor-version-1(1)}
+Imports:
+
+EtsiTs103759 {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) core(1) major-version-1(1) minor-version-1 (1)} WITH SUCCESSORS
+
+EtsiTs103759MbrCommonObservations {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2) major-version-1(1) minor-version-1(1)} WITH SUCCESSORS
+
+Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-3(3)} WITH SUCCESSORS
+
+
+Data Elements:
+AsrCam
+ This data type is for reporting CAM issues.
+AsrCam ::= TemplateAsr {{SetMbObsTgtsCam}, {SetMbEvCam}}
+IdCamTgt
+IdCamTgt ::= Uint8
+c-CamTgt-BeaconCommon IdCamTgt ::= 0
c-CamTgt-StaticCommon IdCamTgt ::= 1
c-CamTgt-SecurityCommon IdCamTgt ::= 2
c-CamTgt-PositionCommon IdCamTgt ::= 3
c-CamTgt-SpeedCommon IdCamTgt ::= 4
c-CamTgt-LongAccCommon IdCamTgt ::= 5
+SetMbObsTgtsCam
+ This is a complete set of observations for CAM. Application-specific
+ trigger conditions and other relevant information are specified below.
+
+Security-HeaderIncWithSecurityProfile
: The security headerInfo is
+inconsistent with the security profile specified in ETSI TS 103 097 V2.1.1
+(2021-10), e.g., generationTime is absent in the security headerInfo but
+is required to be present in the security profile.
+
+Security-HeaderPsidIncWithCertificate
: The psid in the security
+headerInfo is not contained in the appPermissions of the certificate, e.g.,
+psid in the security headerInfo is equal to 36, but the appPermissions in the
+certificate does not include the value 36.
+
+Security-MessageIncWithSsp
: The message payload is inconsistent
+with the SSP in the certificate, as specified in ETSI EN 302 637-2 V1.4.1
+(2019-04),e.g., publicTransportContainer is present in the
+specialVehicleContainer but the relevant SSP in the certificate does not
+permit publicTransportContainer.
+
+Security-HeaderTimeOutsideCertificateValidity
: The generationTime
+in the security headerInfo is outside the validityPeriod in the certificate.
+
+Security-MessageLocationOutsideCertificateValidity
: The
+referencePosition in the message is outside the region in the certificate.
+
+Security-HeaderLocationOutsideCertificateValidity
: The
+generationLocation in the security headerInfo is outside the region in the
+certificate.
+
+passengerCar(5)
: The speedValue is greater than 14,000. (Currently, the
+fastest car in the world has a top speed that is less than 500 km/h, i.e.,
+13,889 cm/s.)
+
+motorcycle(4), bus(6), lightTruck(7), heavyTruck(8), trailer(9)
: The
+speedValue is greater than 8,500. (Currently, the top speed on most popular
+cars is less than 300 km/h, i.e., 8,333 cm/s.)
+
+unknown(0), pedestrian(1), cyclist(2), moped(3), specialVehicles(10),
+tram(11)
: The speedValue is greater than 3,000. (Currently, non-highway
+speed limits are usually well below 100 km/h, i.e., 2,778 cm/s.)
+
+roadSideUnit(15)
: The speedValue is greater than 0. (Road side units
+shouldn't be transmitting while being transported.)
+
+
+
+Speed-ValueTooLarge-DriveDirectionReverse
: The driveDirection is
+backward (1) and the speedValue is greater than 3,000. (Usually, backward
+drives are far less than 50m long, and with maximum possible acceleration of
+9 m/s^2 (see trigger conditions for LongAcc-ValueTooLarge), max attainable
+speed is sqrt(2950) m/s, i.e., 3,000 cm/s.)
+
+Speed-ChangeTooLarge
: The acceleration calculated from the change
+in speedValue of two consecutive CAMs meets the trigger conditions of
+LongAcc-ValueTooLarge.
+SetMbObsTgtsCam C-ASR-OBS-BY-TGT ::= {
{MbSingleObservation{{SetMbObsCamBeacon}} BY
c-CamTgt-BeaconCommon} |
{MbSingleObservation{{SetMbObsCamStatic}} BY
c-CamTgt-StaticCommon} |
{MbSingleObservation{{SetMbObsCamSecurity}} BY
c-CamTgt-SecurityCommon} |
{MbSingleObservation{{SetMbObsCamPosition}} BY
c-CamTgt-PositionCommon} |
{MbSingleObservation{{SetMbObsCamSpeed}} BY
c-CamTgt-SpeedCommon} |
{MbSingleObservation{{SetMbObsCamLongAcc}} BY
c-CamTgt-LongAccCommon},
...
}
+
+
+SetMbEvCam
+ This data type defines the IOS for CAM Evidence.
+SetMbEvCam C-ASR-EV ::= {
...
}
+
diff --git a/docs/EtsiTs103759AsrCam.md b/docs/EtsiTs103759AsrCam.md
new file mode 100644
index 0000000000000000000000000000000000000000..b5a217178cdbd951afa4c40a4eaf5c4c8c423ccf
--- /dev/null
+++ b/docs/EtsiTs103759AsrCam.md
@@ -0,0 +1,182 @@
+# ASN.1 module EtsiTs103759AsrCam
+ OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) cam(36) major-version-1(1) minor-version-1(1)}_
+
+## Imports:
+ * **[EtsiTs103759BaseTypes](EtsiTs103759BaseTypes.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1) minor-version-1 (1)} WITH SUCCESSORS*
+
+ * **[EtsiTs103759MbrCommonObservations](EtsiTs103759MbrCommonObservations.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2) major-version-1(1) minor-version-1(1)} WITH SUCCESSORS*
+
+ * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+
+## Data Elements:
+
+### AsrCam
+This data type is for reporting CAM issues.
+```asn1
+AsrCam ::= TemplateAsr {{SetMbObsTgtsCam}, {SetMbEvCam}}
+```
+
+
+### IdCamTgt
+```asn1
+IdCamTgt ::= Uint8
+```
+
+```asn1
+c-CamTgt-BeaconCommon IdCamTgt ::= 0
+c-CamTgt-StaticCommon IdCamTgt ::= 1
+c-CamTgt-SecurityCommon IdCamTgt ::= 2
+c-CamTgt-PositionCommon IdCamTgt ::= 3
+c-CamTgt-SpeedCommon IdCamTgt ::= 4
+c-CamTgt-LongAccCommon IdCamTgt ::= 5
+```
+
+
+### SetMbObsCamBeacon
+```asn1
+SetMbObsCamBeacon C-ASR-SINGLE-OBS ::= {
+ obs-Beacon-IntervalTooSmall,
+ ...
+}
+```
+
+
+### SetMbObsCamStatic
+```asn1
+SetMbObsCamStatic C-ASR-SINGLE-OBS ::= {
+ obs-Static-Change,
+ ...
+}
+```
+
+
+### SetMbObsCamSecurity
+```asn1
+SetMbObsCamSecurity C-ASR-SINGLE-OBS ::= {
+ obs-Security-MessageIdIncWithHeaderInfo |
+ obs-Security-HeaderIncWithSecurityProfile |
+ obs-Security-HeaderPsidIncWithCertificate |
+ obs-Security-MessageIncWithSsp |
+ obs-Security-HeaderTimeOutsideCertificateValidity |
+ obs-Security-MessageLocationOutsideCertificateValidity |
+ obs-Security-HeaderLocationOutsideCertificateValidity,
+ ...
+}
+```
+
+
+### SetMbObsCamPosition
+```asn1
+SetMbObsCamPosition C-ASR-SINGLE-OBS ::= {
+ obs-Position-ChangeTooLarge,
+ ...
+}
+```
+
+
+### SetMbObsCamSpeed
+```asn1
+SetMbObsCamSpeed C-ASR-SINGLE-OBS ::= {
+ obs-Speed-ValueTooLarge-VehicleType |
+ obs-Speed-ValueTooLarge-DriveDirectionReverse |
+ obs-Speed-ChangeTooLarge,
+ ...
+}
+```
+
+
+### SetMbObsCamLongAcc
+```asn1
+SetMbObsCamLongAcc C-ASR-SINGLE-OBS ::= {
+ obs-LongAcc-ValueTooLarge,
+ ...
+}
+```
+
+
+### SetMbObsTgtsCam
+This is a complete set of observations for CAM. Application-specific
+ trigger conditions and other relevant information are specified below.
+- `Security-HeaderIncWithSecurityProfile`: The security headerInfo is
+ inconsistent with the security profile specified in ETSI TS 103 097 V2.1.1
+ (2021-10), e.g., generationTime is absent in the security headerInfo but
+ is required to be present in the security profile.
+
+ - `Security-HeaderPsidIncWithCertificate`: The psid in the security
+ headerInfo is not contained in the appPermissions of the certificate, e.g.,
+ psid in the security headerInfo is equal to 36, but the appPermissions in the
+ certificate does not include the value 36.
+
+ - `Security-MessageIncWithSsp`: The message payload is inconsistent
+ with the SSP in the certificate, as specified in TS 103 900 v2.0.0,e.g.,
+ publicTransportContainer is present in the specialVehicleContainer but the
+ relevant SSP in the certificate does not permit publicTransportContainer.
+
+ - `Security-HeaderTimeOutsideCertificateValidity`: The generationTime
+ in the security headerInfo is outside the validityPeriod in the certificate.
+
+ - `Security-MessageLocationOutsideCertificateValidity`: The
+ referencePosition in the message is outside the region in the certificate.
+
+ - `Security-HeaderLocationOutsideCertificateValidity`: The
+ generationLocation in the security headerInfo is outside the region in the
+ certificate.
+
+
+
+ - `passengerCar(5)`: The speedValue is greater than 14,000. (Currently, the
+ fastest car in the world has a top speed that is less than 500 km/h, i.e.,
+ 13,889 cm/s.)
+
+ - `motorcycle(4), bus(6), lightTruck(7), heavyTruck(8), trailer(9)`: The
+ speedValue is greater than 8,500. (Currently, the top speed on most popular
+ cars is less than 300 km/h, i.e., 8,333 cm/s.)
+
+ - `unknown(0), pedestrian(1), cyclist(2), moped(3), specialVehicles(10),
+ tram(11)` : The speedValue is greater than 3,000. (Currently, non-highway
+ speed limits are usually well below 100 km/h, i.e., 2,778 cm/s.)
+
+ - `roadSideUnit(15)`: The speedValue is greater than 0. (Road side units
+ shouldn't be transmitting while being transported.)
+
+ - `Speed-ValueTooLarge-DriveDirectionReverse`: The driveDirection is
+ backward (1) and the speedValue is greater than 3,000. (Usually, backward
+ drives are far less than 50m long, and with maximum possible acceleration of
+ 9 m/s^2 (see trigger conditions for LongAcc-ValueTooLarge), max attainable
+ speed is sqrt(2*9*50) m/s, i.e., 3,000 cm/s.)
+
+ - `Speed-ChangeTooLarge`: The acceleration calculated from the change
+ in speedValue of two consecutive CAMs meets the trigger conditions of
+ LongAcc-ValueTooLarge.
+```asn1
+SetMbObsTgtsCam C-ASR-OBS-BY-TGT ::= {
+ {MbSingleObservation{{SetMbObsCamBeacon}} BY
+ c-CamTgt-BeaconCommon} |
+ {MbSingleObservation{{SetMbObsCamStatic}} BY
+ c-CamTgt-StaticCommon} |
+ {MbSingleObservation{{SetMbObsCamSecurity}} BY
+ c-CamTgt-SecurityCommon} |
+ {MbSingleObservation{{SetMbObsCamPosition}} BY
+ c-CamTgt-PositionCommon} |
+ {MbSingleObservation{{SetMbObsCamSpeed}} BY
+ c-CamTgt-SpeedCommon} |
+ {MbSingleObservation{{SetMbObsCamLongAcc}} BY
+ c-CamTgt-LongAccCommon},
+ ...
+}
+```
+
+
+### SetMbEvCam
+This data type defines the IOS for CAM Evidence.
+```asn1
+SetMbEvCam C-ASR-EV ::= {
+ ...
+}
+```
+
+
+
+This data type defines the IOS for CAM Evidence.
+
+
diff --git a/docs/EtsiTs103759AsrDenm.html b/docs/EtsiTs103759AsrDenm.html
new file mode 100644
index 0000000000000000000000000000000000000000..150338817540d6b95bec562a9544eb1743bed4ca
--- /dev/null
+++ b/docs/EtsiTs103759AsrDenm.html
@@ -0,0 +1,812 @@
+
+
+
+
+ EtsiTs103759AsrDenm
+
+
+ ASN.1 module EtsiTs103759AsrDenm
+ OID: {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37) major-version-1(1) minor-version-0(0)}
+Data Elements:
+AsrDenm
+ This data type is defined as NULL for version 0 of this file.
+AsrDenm ::= NULL
+
diff --git a/docs/EtsiTs103759AsrDenm.md b/docs/EtsiTs103759AsrDenm.md
new file mode 100644
index 0000000000000000000000000000000000000000..0e37b5a4889ec740f8bb3a61719347649fba3721
--- /dev/null
+++ b/docs/EtsiTs103759AsrDenm.md
@@ -0,0 +1,13 @@
+# ASN.1 module EtsiTs103759AsrDenm
+ OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) aid-specific(2) denm(37) major-version-1(1) minor-version-0(0)}_
+
+## Data Elements:
+
+### AsrDenm
+This data type is defined as NULL for version 0 of this file.
+```asn1
+AsrDenm ::= NULL
+```
+
+
+
diff --git a/docs/EtsiTs103759BaseTypes.md b/docs/EtsiTs103759BaseTypes.md
new file mode 100644
index 0000000000000000000000000000000000000000..eecb9162f5eaafb811f7ec18988c7c3aa6ac624e
--- /dev/null
+++ b/docs/EtsiTs103759BaseTypes.md
@@ -0,0 +1,259 @@
+# ASN.1 module EtsiTs103759BaseTypes
+ OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1) minor-version-1 (1)}_
+
+## Imports:
+ * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+
+ * **[Ieee1609Dot2](Ieee1609Dot2.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2) minor-version-6(6)} WITH SUCCESSORS*
+
+## Data Elements:
+* `observations` identifies which detectors were triggered and why. It
+ can include cross-references to the PDUs and evidence fields. The
+ observations are drawn from a supplied application-specific observation
+ Information Object Set.
+
+* `v2xPduEvidence` contains PDUs that triggered the detectors reported in
+ the observations field, plus other PDUs sent for the same application (AID)
+ by the same sender).
+
+* `nonV2xPduEvidence` is any information that was used by the
+ detectors other than the V2X PDUs. If the report does not contain any
+ observations that use other evidence (for example, if the report is simply
+ that a speed value is implausibly high for any land vehicle, or that two
+ V2X PDUs appear to show two different senders in the same physical
+ space) then this field can be length 0. The evidence is drawn from a
+ supplied application-specific evidence Information Object Set.
+
+
+```asn1
+} ::= SEQUENCE {
+ observations ObservationsByTargetSequence {{ObservationSet}},
+ v2xPduEvidence SEQUENCE (SIZE(1..MAX)) OF V2xPduStream,
+ nonV2xPduEvidence NonV2xPduEvidenceItemSequence {{NonV2xPduEvidenceSet}}
+}
+```
+
+### ObservationsByTarget
+This data type contains all of the observations related to a
+ particular "target" property, e.g., speed or security.
+
+Fields:
+* tgtId of type [**C-ASR-OBS-BY-TGT**](EtsiTs103759BaseTypes.md#C-ASR-OBS-BY-TGT) .&id ({SetAsrObsByTgt})
+ identifies the "target" of the observation, e.g., speed. This
+ identifier is drawn from an application-specific Information Object Set of
+ observations by target.
+
+
+* observations of type **SEQUENCE** OF C-ASR-OBS-BY-TGT.&Val ({SetAsrObsByTgt}{@.tgtId})
+ contains all the observations related to that target.
+ The observations are drawn from the provided Information Object Set.
+
+
+
+
+```asn1
+ObservationsByTarget {C-ASR-OBS-BY-TGT: SetAsrObsByTgt} ::= SEQUENCE {
+ tgtId C-ASR-OBS-BY-TGT.&id ({SetAsrObsByTgt}),
+ observations SEQUENCE OF C-ASR-OBS-BY-TGT.&Val ({SetAsrObsByTgt}{@.tgtId})
+}
+```
+
+
+### ObservationsByTargetSequence
+```asn1
+ObservationsByTargetSequence { C-ASR-OBS-BY-TGT: SetAsrObsByTgt } ::=
+ SEQUENCE (SIZE(1..MAX)) OF ObservationsByTarget {{ SetAsrObsByTgt }}
+```
+
+
+### C-ASR-OBS-BY-TGT
+This is the Information Object Class used to define observations-
+ -by-target.
+```asn1
+C-ASR-OBS-BY-TGT ::= C-2ENT
+```
+
+### MbSingleObservation
+This data type contains a single misbehaviour observation.
+
+Fields:
+* obsId of type [**C-ASR-SINGLE-OBS**](EtsiTs103759BaseTypes.md#C-ASR-SINGLE-OBS) .&id ({SetMbSingleObs})
+ identifies the observation within the set of observations
+ for that target, e.g., target = speed, observation = "speed higher than
+ plausible given the physical map". This identifier is drawn from an
+ application-and-target-specific Information Object Set of single
+ observations.
+
+
+* obs of type [**C-ASR-SINGLE-OBS**](EtsiTs103759BaseTypes.md#C-ASR-SINGLE-OBS) .&Val ({SetMbSingleObs}{@.obsId})
+ contains any parameters relevant to the observation. The
+ observations are drawn from the provided Information Object Set.
+
+
+
+
+```asn1
+MbSingleObservation {C-ASR-SINGLE-OBS: SetMbSingleObs} ::= SEQUENCE {
+ obsId C-ASR-SINGLE-OBS.&id ({SetMbSingleObs}),
+ obs C-ASR-SINGLE-OBS.&Val ({SetMbSingleObs}{@.obsId})
+}
+```
+
+
+### C-ASR-SINGLE-OBS
+This is the Information Object Class used to define single
+ observations.
+```asn1
+C-ASR-SINGLE-OBS ::= C-2ENT
+```
+
+### V2xPduStream
+This data type contains PDU stream from a single sender.
+
+Fields:
+* type of type [**C-OBS-PDU**](#C-OBS-PDU) .&id ({SetObsPdu})
+* v2xPdus of type **SEQUENCE** (SIZE(1..255)) OF C-OBS-PDU.&Val ({SetObsPdu}{@.type})
+ is the PDU stream, i.e., a series of PDUs for the same AID
+ sent by the same sender (where "sent by the same sender" means "signed by
+ the same certificate"). The PDUs are ordered in chronological order of
+ reception by the reporter. All PDUs in this field are of the same type,
+ i.e., correspond to the same IdObsPdu. This field will always contain a
+ "subject PDU", i.e., a PDU that is the subject of the observations.
+ Additional PDUs may be included depending on which observations appear in
+ the observations field. A specification of an observation is expected to
+ include a specification of which PDUs are to be included in this field.
+
+
+
+* certificate of type [**Certificate**](Ieee1609Dot2.md#Certificate) OPTIONAL
+ contains the certificate that signed the PDUs if it is
+ not explicitly included in one of the PDUs. (There is no need to include
+ the entire certificate chain from the ITS station up to the Root CA, just
+ the ITS station certificate is enough, as the MA is expected to have the
+ rest of the certificates in the chain.) Note that if the sender certificate
+ changes, PDUs signed by the new certificate and included in this report
+ will be in a separate V2xPduStream instance within the v2xPduEvidence
+ field of the TemplateAsr.
+
+
+
+* subjectPduIndex of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8)
+ identifies which PDU within the v2xPdus sequence
+ is the "subject PDU", i.e., the PDU associated with the observations.
+
+
+
+
+```asn1
+V2xPduStream ::= SEQUENCE {
+ type C-OBS-PDU.&id ({SetObsPdu}),
+ v2xPdus SEQUENCE (SIZE(1..255)) OF C-OBS-PDU.&Val ({SetObsPdu}{@.type}),
+ certificate Certificate OPTIONAL,
+ subjectPduIndex Uint8,
+ ...
+}
+```
+
+
+### C-OBS-PDU
+This is the Information Object Class used to define different types
+ of observed PDUs.
+```asn1
+C-OBS-PDU ::= C-2ENT
+```
+
+
+### SetObsPdu
+This data type contains the IOS for the observed PDU.
+```asn1
+SetObsPdu C-OBS-PDU ::= {
+ {ObsPduEtsiGn BY c-ObsPdu-etsiGn} |
+ {Ieee1609Dot2Data BY c-ObsPdu-ieee1609Dot2Data},
+ ...
+}
+```
+
+
+### IdObsPdu
+This data type contains the identifier of the type of observed PDU.
+```asn1
+IdObsPdu ::= Uint8
+c-ObsPdu-etsiGn IdObsPdu ::= 1
+c-ObsPdu-ieee1609Dot2Data IdObsPdu ::= 2
+```
+
+
+### ObsPduEtsiGn
+ObsPduEtsiGn shall contain an encoded ETSI geonetworking PDU
+ according to ETSI TS 103 836-4-1, at GeoNetworking level, i.e. without
+ Access Layer header.
+```asn1
+ObsPduEtsiGn ::= Opaque
+```
+
+### NonV2xPduEvidenceItem
+This data type contains evidence, which may be referenced by one or
+ more observations.
+
+Fields:
+* id of type [**C-ASR-EV**](EtsiTs103759BaseTypes.md#C-ASR-EV) .&id ({SetMbEv})
+ identifies the evidence type.
+
+
+* evidence of type [**C-ASR-EV**](EtsiTs103759BaseTypes.md#C-ASR-EV) .&Val ({SetMbEv}{@.id})
+ contains the evidence.
+
+
+
+
+```asn1
+NonV2xPduEvidenceItem {C-ASR-EV: SetMbEv} ::= SEQUENCE {
+ id C-ASR-EV.&id ({SetMbEv}),
+ evidence C-ASR-EV.&Val ({SetMbEv}{@.id})
+}
+```
+
+
+### NonV2xPduEvidenceItemSequence
+```asn1
+NonV2xPduEvidenceItemSequence {C-ASR-EV: NonV2xPduEvidenceSet} ::=
+ SEQUENCE (SIZE(0..MAX)) OF NonV2xPduEvidenceItem {{ NonV2xPduEvidenceSet }}
+```
+
+
+### C-ASR-EV
+This is the Information Object Class used to define evidence.
+
+>>>
+NOTE: No instances of this class are defined in this version of this document.
+>>>
+```asn1
+C-ASR-EV ::= C-2ENT
+```
+
+### C-2ENT
+This structures uses single-byte IDs. If we run out of ID space
+ in future, the Val type associated with ID 255 can also be structured
+ hierarchically to extend the space.
+
+Fields:
+* id of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8)
+```asn1
+C-2ENT ::= CLASS {
+ &id Uint8,
+ &Val
+} WITH SYNTAX {&Val BY &id}
+```
+
+
+
+This is the Information Object Class used to define evidence.
+
+>>>
+NOTE: No instances of this class are defined in this version of this document.
+ This structures uses single-byte IDs. If we run out of ID space
+ in future, the Val type associated with ID 255 can also be structured
+ hierarchically to extend the space.
+>>>
+
+
diff --git a/docs/EtsiTs103759MbrCommonObservations.html b/docs/EtsiTs103759MbrCommonObservations.html
new file mode 100644
index 0000000000000000000000000000000000000000..4fb9d757c64d6e4698624ea086b053d5ab583e4b
--- /dev/null
+++ b/docs/EtsiTs103759MbrCommonObservations.html
@@ -0,0 +1,1141 @@
+
+
+
+
+ EtsiTs103759MbrCommonObservations
+
+
+ ASN.1 module EtsiTs103759MbrCommonObservations
+ OID: {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2) major-version-1(1) minor-version-1(1)}
+Imports:
+
+EtsiTs103759 {itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) core(1) major-version-1(1) minor-version-1 (1)} WITH SUCCESSORS
+
+Ieee1609Dot2BaseTypes {iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-3(3)} WITH SUCCESSORS
+
+
+Data Elements:
+IdMbObs
+ Identifier type for observations: synonym for Uint8
+IdMbObs ::= Uint8
+Beacon-IntervalTooSmall
+ This data type is provided for an observation of beacon interval
+ that is too small. This doesn’t apply to repeated PDUs, but only to two
+ distinct PDUs. The trigger conditions are provided in the
+ application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU whose interval since the previous
+PDU is being flagged as too small. The v2xPdus field in that entry must
+contain at least the subject PDU and the PDU that immediately preceded it.
+The PDUs may be of any supported type and shall be of type
+c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Beacon-IntervalTooSmall ::= NULL
+c-ObsBeacon-IntervalTooSmall IdMbObs::= 1
+obs-Beacon-IntervalTooSmall C-ASR-SINGLE-OBS ::=
{Beacon-IntervalTooSmall BY c-ObsBeacon-IntervalTooSmall}
+SetMbObsCamBeacon
+SetMbObsCamBeacon C-ASR-SINGLE-OBS ::= {
obs-Beacon-IntervalTooSmall,
...
}
+Static-Change
+ This data type is provided for an observation of change in static
+ fields. The semantics of the BIT STRING and trigger conditions are provided
+ in the application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU whose one or more static fields
+since the previous PDU is being flagged as changed. The v2xPdus field in
+that entry must contain at least the subject PDU and the PDU that
+immediately preceded it. The PDUs may be of any supported type and shall be
+of type c-MbObsMsg-ieee1609Dot2Data unless another observation included in
+the same report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Static-Change ::= BIT STRING
+c-ObsStatic-Change IdMbObs::= 1
+obs-Static-Change C-ASR-SINGLE-OBS ::=
{Static-Change BY c-ObsStatic-Change}
+SetMbObsCamStatic
+SetMbObsCamStatic C-ASR-SINGLE-OBS ::= {
obs-Static-Change,
...
}
+
+ This data type is provided for an observation, where the messageID
+ is inconsistent with the psid in the security headerInfo. The trigger
+ conditions are provided in the application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU for which the messageID is being
+flagged as inconsistent with the psid in the security headerInfo. The
+v2xPdus field in that entry must contain at least the subject PDU. The
+PDU may be of any supported type and shall be of type
+c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+same report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Security-MessageIdIncWithHeaderInfo ::= NULL
+
+ This data type is provided for an observation, where the security
+ headerInfo is inconsistent with the security profile for that psid. The
+ trigger conditions are provided in the application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU for which the security headerInfo
+is being flagged as inconsistent with the security profile for that psid.
+The v2xPdus field in that entry must contain at least the subject PDU. The
+PDU may be of any supported type and shall be of type
+c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Security-HeaderIncWithSecurityProfile ::= NULL
+
+ This data type is provided for an observation, where the psid in the
+ security headerInfo is inconsistent with the psid in the certificate. The
+ trigger conditions are provided in the application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU for which the psid in the security
+headerInfo is being flagged as inconsistent with the psid in the
+certificate. The v2xPdus field in that entry must contain at least the
+subject PDU. The PDU may be of any supported type and shall be of type
+c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+same report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Security-HeaderPsidIncWithCertificate ::= NULL
+Security-MessageIncWithSsp
+ This data type is provided for an observation, where the message is
+ is inconsistent with the SSP in the certificate. The trigger conditions are
+ provided in the application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU whose content is being flagged as
+inconsisent with the SSP in the certificate. The v2xPdus field in that
+entry must contain at least the subject PDU. The PDU may be of any
+supported type and shall be of type c-MbObsMsg-ieee1609Dot2Data unless
+another observation included in the same report requires a different PDU
+type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Security-MessageIncWithSsp ::= NULL
+
+ This data type is provided for an observation, where the
+ generationTime in the security headerInfo is outside the validity period of
+ the certificate. The trigger conditions are provided in the
+ application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU for which the generationTime in the
+security headerInfo is being flagged as outside the validity period in the
+certificate. The v2xPdus field in that entry must contain at least the
+subject PDU. The PDU may be of any supported type and shall be of type
+c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+same report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Security-HeaderTimeOutsideCertificateValidity ::= NULL
+Security-MessageLocationOutsideCertificateValidity
+ This data type is provided for an observation, where the location
+ in the message is outside the validity region in the certificate. The
+ trigger conditions are provided in the application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU for which the location in the PDU is
+being flagged as outside the validity region in the certificate. The
+v2xPdus field in that entry must contain at least the subject PDU. The PDU
+may be of any supported type and shall be of type
+c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Security-MessageLocationOutsideCertificateValidity ::= NULL
+
+ This data type is provided for an observation, where the
+ generationLocation in the security headerInfo is outside the validity region
+ in the certificate. The trigger conditions are provided in the
+ application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU for which the generationLocation in
+the security headerInfo is being flagged as outside the validity region in
+the certificate. The v2xPdus field in that entry must contain at least the
+subject PDU. The PDU may be of any supported type and shall be of type
+c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Security-HeaderLocationOutsideCertificateValidity ::= NULL
+c-ObsSecurity-MessageIdIncWithHeaderInfo IdMbObs ::= 1
c-ObsSecurity-HeaderIncWithSecurityProfile IdMbObs ::= 2
c-ObsSecurity-HeaderPsidIncWithCertificate IdMbObs ::= 3
c-ObsSecurity-MessageIncWithSsp IdMbObs ::= 4
c-ObsSecurity-HeaderTimeOutsideCertificateValidity IdMbObs ::= 5
c-ObsSecurity-MessageLocationOutsideCertificateValidity IdMbObs ::= 6
c-ObsSecurity-HeaderLocationOutsideCertificateValidity IdMbObs ::= 7
+obs-Security-MessageIdIncWithHeaderInfo C-ASR-SINGLE-OBS ::= {
Security-MessageIdIncWithHeaderInfo BY
c-ObsSecurity-MessageIdIncWithHeaderInfo
}
+obs-Security-HeaderIncWithSecurityProfile C-ASR-SINGLE-OBS ::= {
Security-HeaderIncWithSecurityProfile BY
c-ObsSecurity-HeaderIncWithSecurityProfile
}
+obs-Security-HeaderPsidIncWithCertificate C-ASR-SINGLE-OBS ::= {
Security-HeaderPsidIncWithCertificate BY
c-ObsSecurity-HeaderPsidIncWithCertificate
}
+obs-Security-MessageIncWithSsp C-ASR-SINGLE-OBS ::= {
Security-MessageIncWithSsp BY c-ObsSecurity-MessageIncWithSsp
}
+obs-Security-HeaderTimeOutsideCertificateValidity C-ASR-SINGLE-OBS ::= {
Security-HeaderTimeOutsideCertificateValidity BY
c-ObsSecurity-HeaderTimeOutsideCertificateValidity
}
+C-ASR-SINGLE-OBS
+Fields:
+
+C-ASR-SINGLE-OBS
+Fields:
+
+SetMbObsCamSecurity
+Values:
+
+- obs-Security-MessageIdIncWithHeaderInfo |
+- obs-Security-HeaderIncWithSecurityProfile |
+- obs-Security-HeaderPsidIncWithCertificate |
+- obs-Security-MessageIncWithSsp |
+- obs-Security-HeaderTimeOutsideCertificateValidity |
+- obs-Security-MessageLocationOutsideCertificateValidity |
SetMbObsCamSecurity C-ASR-SINGLE-OBS ::= {
obs-Security-MessageIdIncWithHeaderInfo |
obs-Security-HeaderIncWithSecurityProfile |
obs-Security-HeaderPsidIncWithCertificate |
obs-Security-MessageIncWithSsp |
obs-Security-HeaderTimeOutsideCertificateValidity |
obs-Security-MessageLocationOutsideCertificateValidity |
obs-Security-HeaderLocationOutsideCertificateValidity,
...
}
+
+
+
+ This data type is provided for an observation of change in position
+ that is too large. The trigger conditions are provided in the
+ application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU whose position is being flagged as
+inconsistent with the previous PDU. The v2xPdus field in that entry must
+contain at least the subject PDU and the PDU that immediately preceded it.
+The PDU may be of any supported type and shall be of type
+c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Position-ChangeTooLarge ::= NULL
+c-ObsPosition-ChangeTooLarge IdMbObs ::= 4
+obs-Position-ChangeTooLarge C-ASR-SINGLE-OBS ::= {
Position-ChangeTooLarge BY c-ObsPosition-ChangeTooLarge
}
+SetMbObsCamPosition
+SetMbObsCamPosition C-ASR-SINGLE-OBS ::= {
obs-Position-ChangeTooLarge,
...
}
+
+ This data type is provided for an observation of speed too large
+ for a given vehicle type. The trigger conditions are provided in the
+ application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU whose speed is being flagged as too
+large for the vehicle type. The v2xPdus field in that entry must contain at
+least the subject PDU. The PDU may be of any supported type and shall be of
+type c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+same report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Speed-ValueTooLarge-VehicleType ::= NULL
+
+ This data type is provided for an observation of speed too large
+ for the reverse drive direction. The trigger conditions are provided in
+ the application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU whose speed is being flagged as too
+large for the reverse drive direction. The v2xPdus field in that entry must
+contain at least the subject PDU. The PDU may be of any supported type and
+shall be of type c-MbObsMsg-ieee1609Dot2Data unless another observation
+included in the same report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Speed-ValueTooLarge-DriveDirectionReverse ::= NULL
+
+ This data type is provided for an observation of change in speed
+ that is too large. The trigger conditions are provided in the
+ application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU whose speed is being flagged as
+inconsistent with the speed in the previous PDU. The v2xPdus field in that
+entry must contain at least the subject PDU and the PDU that immediately
+preceded it. The PDU may be of any supported type and shall be of type
+c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+same report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+Speed-ChangeTooLarge ::= NULL
+c-ObsSpeed-ValueTooLarge-VehicleType IdMbObs::= 3
c-ObsSpeed-ValueTooLarge-DriveDirectionReverse IdMbObs::= 4
c-ObsSpeed-ChangeTooLarge IdMbObs::= 5
+obs-Speed-ValueTooLarge-VehicleType C-ASR-SINGLE-OBS ::= {
Speed-ValueTooLarge-VehicleType BY c-ObsSpeed-ValueTooLarge-VehicleType
}
+obs-Speed-ValueTooLarge-DriveDirectionReverse C-ASR-SINGLE-OBS ::= {
Speed-ValueTooLarge-DriveDirectionReverse BY
c-ObsSpeed-ValueTooLarge-DriveDirectionReverse
}
+obs-Speed-ChangeTooLarge C-ASR-SINGLE-OBS ::= {
Speed-ChangeTooLarge BY c-ObsSpeed-ChangeTooLarge
}
+SetMbObsCamSpeed
+Values:
+
+
+ This data type is provided for an observation of longitudinal
+ acceleration that is too large. The trigger conditions are provided in the
+ application-specific files.
+
+v2xPduEvidence
: The v2xPduEvidence field must contain at least
+one entry. The observation applies to the first entry. The subjectPduIndex
+in that V2xPduStream points to the PDU whose longitudinal acceleration is
+being flagged as too large. The v2xPdus field in that entry must contain at
+least the subject PDU. The PDU may be of any supported type and shall be of
+type c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+same report requires a different PDU type.
+
+nonV2xPduEvidence
: No other evidence is required to be included
+to support this observation.
+
+
+LongAcc-ValueTooLarge ::= NULL
+c-ObsLongAcc-ValueTooLarge IdMbObs::= 4
+obs-LongAcc-ValueTooLarge C-ASR-SINGLE-OBS ::= {
LongAcc-ValueTooLarge BY c-ObsLongAcc-ValueTooLarge
}
+SetMbObsCamLongAcc
+SetMbObsCamLongAcc C-ASR-SINGLE-OBS ::= {
obs-LongAcc-ValueTooLarge,
...
}
+
diff --git a/docs/EtsiTs103759MbrCommonObservations.md b/docs/EtsiTs103759MbrCommonObservations.md
new file mode 100644
index 0000000000000000000000000000000000000000..9707681f2401b28ba9c32fdeed878f4ca1b8943a
--- /dev/null
+++ b/docs/EtsiTs103759MbrCommonObservations.md
@@ -0,0 +1,441 @@
+# ASN.1 module EtsiTs103759MbrCommonObservations
+ OID: _{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) common-observations(2) major-version-1(1) minor-version-1(1)}_
+
+## Imports:
+ * **[EtsiTs103759BaseTypes](EtsiTs103759BaseTypes.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) ts(103759) general(1) base-types(3) major-version-1(1) minor-version-1 (1)} WITH SUCCESSORS*
+
+ * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+
+## Data Elements:
+
+### IdMbObs
+Identifier type for observations: synonym for Uint8
+```asn1
+IdMbObs ::= Uint8
+```
+
+
+### Beacon-IntervalTooSmall
+This data type is provided for an observation of beacon interval
+ that is too small. This doesn't apply to repeated PDUs, but only to two
+ distinct PDUs. The trigger conditions are provided in the
+ application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU whose interval since the previous
+ PDU is being flagged as too small. The v2xPdus field in that entry must
+ contain at least the subject PDU and the PDU that immediately preceded it.
+ The PDUs may be of any supported type and shall be of type
+ c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+ report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Beacon-IntervalTooSmall ::= NULL
+```
+
+```asn1
+c-ObsBeacon-IntervalTooSmall IdMbObs::= 1
+```
+
+```asn1
+obs-Beacon-IntervalTooSmall C-ASR-SINGLE-OBS ::=
+ {Beacon-IntervalTooSmall BY c-ObsBeacon-IntervalTooSmall}
+```
+
+
+### Static-Change
+This data type is provided for an observation of change in static
+ fields. The semantics of the BIT STRING and trigger conditions are provided
+ in the application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU whose one or more static fields
+ since the previous PDU is being flagged as changed. The v2xPdus field in
+ that entry must contain at least the subject PDU and the PDU that
+ immediately preceded it. The PDUs may be of any supported type and shall be
+ of type c-MbObsMsg-ieee1609Dot2Data unless another observation included in
+ the same report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Static-Change ::= BIT STRING
+```
+
+```asn1
+c-ObsStatic-Change IdMbObs::= 1
+```
+
+```asn1
+obs-Static-Change C-ASR-SINGLE-OBS ::=
+ {Static-Change BY c-ObsStatic-Change}
+```
+
+
+### Security-MessageIdIncWithHeaderInfo
+This data type is provided for an observation, where the messageID
+ is inconsistent with the psid in the security headerInfo. The trigger
+ conditions are provided in the application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU for which the messageID is being
+ flagged as inconsistent with the psid in the security headerInfo. The
+ v2xPdus field in that entry must contain at least the subject PDU. The
+ PDU may be of any supported type and shall be of type
+ c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ same report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Security-MessageIdIncWithHeaderInfo ::= NULL
+```
+
+
+### Security-HeaderIncWithSecurityProfile
+This data type is provided for an observation, where the security
+ headerInfo is inconsistent with the security profile for that psid. The
+ trigger conditions are provided in the application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU for which the security headerInfo
+ is being flagged as inconsistent with the security profile for that psid.
+ The v2xPdus field in that entry must contain at least the subject PDU. The
+ PDU may be of any supported type and shall be of type
+ c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+ report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Security-HeaderIncWithSecurityProfile ::= NULL
+```
+
+
+### Security-HeaderPsidIncWithCertificate
+This data type is provided for an observation, where the psid in the
+ security headerInfo is inconsistent with the psid in the certificate. The
+ trigger conditions are provided in the application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU for which the psid in the security
+ headerInfo is being flagged as inconsistent with the psid in the
+ certificate. The v2xPdus field in that entry must contain at least the
+ subject PDU. The PDU may be of any supported type and shall be of type
+ c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ same report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Security-HeaderPsidIncWithCertificate ::= NULL
+```
+
+
+### Security-MessageIncWithSsp
+This data type is provided for an observation, where the message is
+ is inconsistent with the SSP in the certificate. The trigger conditions are
+ provided in the application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU whose content is being flagged as
+ inconsisent with the SSP in the certificate. The v2xPdus field in that
+ entry must contain at least the subject PDU. The PDU may be of any
+ supported type and shall be of type c-MbObsMsg-ieee1609Dot2Data unless
+ another observation included in the same report requires a different PDU
+ type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Security-MessageIncWithSsp ::= NULL
+```
+
+
+### Security-HeaderTimeOutsideCertificateValidity
+This data type is provided for an observation, where the
+ generationTime in the security headerInfo is outside the validity period of
+ the certificate. The trigger conditions are provided in the
+ application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU for which the generationTime in the
+ security headerInfo is being flagged as outside the validity period in the
+ certificate. The v2xPdus field in that entry must contain at least the
+ subject PDU. The PDU may be of any supported type and shall be of type
+ c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ same report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Security-HeaderTimeOutsideCertificateValidity ::= NULL
+```
+
+
+### Security-MessageLocationOutsideCertificateValidity
+This data type is provided for an observation, where the location
+ in the message is outside the validity region in the certificate. The
+ trigger conditions are provided in the application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU for which the location in the PDU is
+ being flagged as outside the validity region in the certificate. The
+ v2xPdus field in that entry must contain at least the subject PDU. The PDU
+ may be of any supported type and shall be of type
+ c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+ report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Security-MessageLocationOutsideCertificateValidity ::= NULL
+```
+
+
+### Security-HeaderLocationOutsideCertificateValidity
+This data type is provided for an observation, where the
+ generationLocation in the security headerInfo is outside the validity region
+ in the certificate. The trigger conditions are provided in the
+ application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU for which the generationLocation in
+ the security headerInfo is being flagged as outside the validity region in
+ the certificate. The v2xPdus field in that entry must contain at least the
+ subject PDU. The PDU may be of any supported type and shall be of type
+ c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+ report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Security-HeaderLocationOutsideCertificateValidity ::= NULL
+```
+
+```asn1
+c-ObsSecurity-MessageIdIncWithHeaderInfo IdMbObs ::= 1
+c-ObsSecurity-HeaderIncWithSecurityProfile IdMbObs ::= 2
+c-ObsSecurity-HeaderPsidIncWithCertificate IdMbObs ::= 3
+c-ObsSecurity-MessageIncWithSsp IdMbObs ::= 4
+c-ObsSecurity-HeaderTimeOutsideCertificateValidity IdMbObs ::= 5
+c-ObsSecurity-MessageLocationOutsideCertificateValidity IdMbObs ::= 6
+c-ObsSecurity-HeaderLocationOutsideCertificateValidity IdMbObs ::= 7
+```
+
+```asn1
+obs-Security-MessageIdIncWithHeaderInfo C-ASR-SINGLE-OBS ::= {
+ Security-MessageIdIncWithHeaderInfo BY
+ c-ObsSecurity-MessageIdIncWithHeaderInfo
+}
+```
+
+```asn1
+obs-Security-HeaderIncWithSecurityProfile C-ASR-SINGLE-OBS ::= {
+ Security-HeaderIncWithSecurityProfile BY
+ c-ObsSecurity-HeaderIncWithSecurityProfile
+}
+```
+
+```asn1
+obs-Security-HeaderPsidIncWithCertificate C-ASR-SINGLE-OBS ::= {
+ Security-HeaderPsidIncWithCertificate BY
+ c-ObsSecurity-HeaderPsidIncWithCertificate
+}
+```
+
+```asn1
+obs-Security-MessageIncWithSsp C-ASR-SINGLE-OBS ::= {
+ Security-MessageIncWithSsp BY c-ObsSecurity-MessageIncWithSsp
+}
+```
+
+```asn1
+obs-Security-HeaderTimeOutsideCertificateValidity C-ASR-SINGLE-OBS ::= {
+ Security-HeaderTimeOutsideCertificateValidity BY
+ c-ObsSecurity-HeaderTimeOutsideCertificateValidity
+}
+```
+
+### C-ASR-SINGLE-OBS
+
+Fields:
+* Security-MessageLocationOutsideCertificateValidity of type [**BY**](#BY)
+```asn1
+C-ASR-SINGLE-OBS ::= {
+ Security-MessageLocationOutsideCertificateValidity BY
+ c-ObsSecurity-MessageLocationOutsideCertificateValidity
+}
+```
+
+### C-ASR-SINGLE-OBS
+
+Fields:
+* Security-HeaderLocationOutsideCertificateValidity of type [**BY**](#BY)
+```asn1
+C-ASR-SINGLE-OBS ::= {
+ Security-HeaderLocationOutsideCertificateValidity BY
+ c-ObsSecurity-HeaderLocationOutsideCertificateValidity
+}
+```
+
+
+### Position-ChangeTooLarge
+This data type is provided for an observation of change in position
+ that is too large. The trigger conditions are provided in the
+ application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU whose position is being flagged as
+ inconsistent with the previous PDU. The v2xPdus field in that entry must
+ contain at least the subject PDU and the PDU that immediately preceded it.
+ The PDU may be of any supported type and shall be of type
+ c-MbObsMsg-ieee1609Dot2Data unless another observation included in the same
+ report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Position-ChangeTooLarge ::= NULL
+```
+
+```asn1
+c-ObsPosition-ChangeTooLarge IdMbObs ::= 4
+```
+
+```asn1
+obs-Position-ChangeTooLarge C-ASR-SINGLE-OBS ::= {
+ Position-ChangeTooLarge BY c-ObsPosition-ChangeTooLarge
+}
+```
+
+
+### Speed-ValueTooLarge-VehicleType
+This data type is provided for an observation of speed too large
+ for a given vehicle type. The trigger conditions are provided in the
+ application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU whose speed is being flagged as too
+ large for the vehicle type. The v2xPdus field in that entry must contain at
+ least the subject PDU. The PDU may be of any supported type and shall be of
+ type c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ same report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Speed-ValueTooLarge-VehicleType ::= NULL
+```
+
+
+### Speed-ValueTooLarge-DriveDirectionReverse
+This data type is provided for an observation of speed too large
+ for the reverse drive direction. The trigger conditions are provided in
+ the application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU whose speed is being flagged as too
+ large for the reverse drive direction. The v2xPdus field in that entry must
+ contain at least the subject PDU. The PDU may be of any supported type and
+ shall be of type c-MbObsMsg-ieee1609Dot2Data unless another observation
+ included in the same report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Speed-ValueTooLarge-DriveDirectionReverse ::= NULL
+```
+
+
+### Speed-ChangeTooLarge
+This data type is provided for an observation of change in speed
+ that is too large. The trigger conditions are provided in the
+ application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU whose speed is being flagged as
+ inconsistent with the speed in the previous PDU. The v2xPdus field in that
+ entry must contain at least the subject PDU and the PDU that immediately
+ preceded it. The PDU may be of any supported type and shall be of type
+ c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ same report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+Speed-ChangeTooLarge ::= NULL
+```
+
+```asn1
+c-ObsSpeed-ValueTooLarge-VehicleType IdMbObs::= 3
+c-ObsSpeed-ValueTooLarge-DriveDirectionReverse IdMbObs::= 4
+c-ObsSpeed-ChangeTooLarge IdMbObs::= 5
+```
+
+```asn1
+obs-Speed-ValueTooLarge-VehicleType C-ASR-SINGLE-OBS ::= {
+ Speed-ValueTooLarge-VehicleType BY c-ObsSpeed-ValueTooLarge-VehicleType
+}
+```
+
+```asn1
+obs-Speed-ValueTooLarge-DriveDirectionReverse C-ASR-SINGLE-OBS ::= {
+ Speed-ValueTooLarge-DriveDirectionReverse BY
+ c-ObsSpeed-ValueTooLarge-DriveDirectionReverse
+}
+```
+
+```asn1
+obs-Speed-ChangeTooLarge C-ASR-SINGLE-OBS ::= {
+ Speed-ChangeTooLarge BY c-ObsSpeed-ChangeTooLarge
+}
+```
+
+
+### LongAcc-ValueTooLarge
+This data type is provided for an observation of longitudinal
+ acceleration that is too large. The trigger conditions are provided in the
+ application-specific files.
+ - `v2xPduEvidence`: The v2xPduEvidence field must contain at least
+ one entry. The observation applies to the first entry. The subjectPduIndex
+ in that V2xPduStream points to the PDU whose longitudinal acceleration is
+ being flagged as too large. The v2xPdus field in that entry must contain at
+ least the subject PDU. The PDU may be of any supported type and shall be of
+ type c-MbObsMsg-ieee1609Dot2Data unless another observation included in the
+ same report requires a different PDU type.
+
+
+ - `nonV2xPduEvidence`: No other evidence is required to be included
+ to support this observation.
+```asn1
+LongAcc-ValueTooLarge ::= NULL
+```
+
+```asn1
+c-ObsLongAcc-ValueTooLarge IdMbObs::= 4
+```
+
+```asn1
+obs-LongAcc-ValueTooLarge C-ASR-SINGLE-OBS ::= {
+ LongAcc-ValueTooLarge BY c-ObsLongAcc-ValueTooLarge
+}
+```
+
+
+
diff --git a/docs/Ieee1609Dot2.md b/docs/Ieee1609Dot2.md
new file mode 100644
index 0000000000000000000000000000000000000000..9f4a789b811dac3c30401312c96c8b2431db271f
--- /dev/null
+++ b/docs/Ieee1609Dot2.md
@@ -0,0 +1,1787 @@
+# ASN.1 module Ieee1609Dot2
+ OID: _{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) schema(1) major-version-2(2) minor-version-6(6)}_
+ @note Section references in this file are to clauses in IEEE Std
+ 1609.2 unless indicated otherwise. Full forms of acronyms and
+ abbreviations used in this file are specified in 3.2.
+
+
+## Imports:
+ * **[Ieee1609Dot2BaseTypes](Ieee1609Dot2BaseTypes.md)** *{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)} WITH SUCCESSORS*
+
+ * **[EtsiTs103097ExtensionModule](EtsiTs103097ExtensionModule.md)** *{itu-t(0) identified-organization(4) etsi(0) itsDomain(5) wg5(5) secHeaders(103097) extension(2) major-version-1(1) minor-version-0(0)} WITH SUCCESSORS*
+
+## Data Elements:
+### Ieee1609Dot2Data
+This data type is used to contain the other data types in this
+ clause. The fields in the Ieee1609Dot2Data have the following meanings:
+
+Fields:
+* protocolVersion of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8) (3)
+ contains the current version of the protocol. The
+ version specified in this standard is version 3, represented by the
+ integer 3. There are no major or minor version numbers.
+
+
+* content of type [**Ieee1609Dot2Content**](#Ieee1609Dot2Content)
+ contains the content in the form of an Ieee1609Dot2Content.
+
+
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2. The canonicalization
+ applies to the Ieee1609Dot2Content.
+>>>
+```asn1
+Ieee1609Dot2Data ::= SEQUENCE {
+ protocolVersion Uint8(3),
+ content Ieee1609Dot2Content
+}
+```
+
+### Ieee1609Dot2Content
+In this structure:
+
+Fields:
+* unsecuredData of type [**Opaque**](Ieee1609Dot2BaseTypes.md#Opaque)
+ indicates that the content is an OCTET STRING to be
+ consumed outside the SDS.
+
+
+* signedData of type [**SignedData**](#SignedData)
+ indicates that the content has been signed according to
+ this standard.
+
+
+
+* encryptedData of type [**EncryptedData**](#EncryptedData)
+ indicates that the content has been encrypted
+ according to this standard.
+
+
+
+* signedCertificateRequest of type [**Opaque**](Ieee1609Dot2BaseTypes.md#Opaque)
+ indicates that the content is a
+ certificate request signed by an IEEE 1609.2 certificate or self-signed.
+
+
+
+* signedX509CertificateRequest of type [**Opaque**](Ieee1609Dot2BaseTypes.md#Opaque)
+ indicates that the content is a
+ certificate request signed by an ITU-T X.509 certificate.
+
+
+
+ ...,
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2 if it is of type signedData.
+ The canonicalization applies to the SignedData.
+>>>
+```asn1
+Ieee1609Dot2Content ::= CHOICE {
+ unsecuredData Opaque,
+ signedData SignedData,
+ encryptedData EncryptedData,
+ signedCertificateRequest Opaque,
+ ...,
+ signedX509CertificateRequest Opaque
+}
+```
+
+### SignedData
+In this structure:
+
+Fields:
+* hashId of type [**HashAlgorithm**](Ieee1609Dot2BaseTypes.md#HashAlgorithm)
+ indicates the hash algorithm to be used to generate the hash
+ of the message for signing and verification.
+
+
+* tbsData of type [**ToBeSignedData**](#ToBeSignedData)
+ contains the data that is hashed as input to the signature.
+
+
+
+* signer of type [**SignerIdentifier**](#SignerIdentifier)
+ determines the keying material and hash algorithm used to
+ sign the data.
+
+
+
+* signature of type [**Signature**](Ieee1609Dot2BaseTypes.md#Signature)
+ contains the digital signature itself, calculated as
+ specified in 5.3.1.
+ - If signer indicates the choice self, then the signature calculation
+ is parameterized as follows:
+ - Data input is equal to the COER encoding of the tbsData field
+ canonicalized according to the encoding considerations given in 6.3.6.
+ - Verification type is equal to self.
+ - Signer identifier input is equal to the empty string.
+ - If signer indicates certificate or digest, then the signature
+ calculation is parameterized as follows:
+ - Data input is equal to the COER encoding of the tbsData field
+ canonicalized according to the encoding considerations given in 6.3.6.
+ - Verification type is equal to certificate.
+ - Signer identifier input equal to the COER-encoding of the
+ Certificate that is to be used to verify the SPDU, canonicalized according
+ to the encoding considerations given in 6.4.3.
+
+
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2. The canonicalization
+ applies to the ToBeSignedData and the Signature.
+>>>
+```asn1
+SignedData ::= SEQUENCE {
+ hashId HashAlgorithm,
+ tbsData ToBeSignedData,
+ signer SignerIdentifier,
+ signature Signature
+}
+```
+
+### ToBeSignedData
+This structure contains the data to be hashed when generating or
+ verifying a signature. See 6.3.4 for the specification of the input to the
+ hash.
+
+Fields:
+* payload of type [**SignedDataPayload**](#SignedDataPayload)
+ contains data that is provided by the entity that invokes
+ the SDS.
+
+
+* headerInfo of type [**HeaderInfo**](#HeaderInfo)
+ contains additional data that is inserted by the SDS.
+ This structure is used as follows to determine the "data input" to the
+ hash operation for signing or verification as specified in 5.3.1.2.2 or
+ 5.3.1.3.
+ - If payload does not contain the field omitted, the data input to the
+ hash operation is the COER encoding of the ToBeSignedData.
+ - If payload field in this ToBeSignedData instance contains the field
+ omitted, the data input to the hash operation is the COER encoding of the
+ ToBeSignedData, concatenated with the hash of the omitted payload. The hash
+ of the omitted payload is calculated with the same hash algorithm that is
+ used to calculate the hash of the data input for signing or verification.
+ The data input to the hash operation is simply the COER enocding of the
+ ToBeSignedData, concatenated with the hash of the omitted payload: there is
+ no additional wrapping or length indication. As noted in 5.2.4.3.4, the
+ means by which the signer and verifier establish the contents of the
+ omitted payload are out of scope for this standard.
+
+
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2. The canonicalization
+ applies to the SignedDataPayload if it is of type data, and to the
+ HeaderInfo.
+>>>
+```asn1
+ToBeSignedData ::= SEQUENCE {
+ payload SignedDataPayload,
+ headerInfo HeaderInfo
+}
+```
+
+### SignedDataPayload
+This structure contains the data payload of a ToBeSignedData. This
+ structure contains at least one of the optional elements, and may contain
+ more than one. See 5.2.4.3.4 for more details.
+ The security profile in Annex C allows an implementation of this standard
+ to state which forms of Signed¬Data¬Payload are supported by that
+ implementation, and also how the signer and verifier are intended to obtain
+ the external data for hashing. The specification of an SDEE that uses
+ external data is expected to be explicit and unambiguous about how this
+ data is obtained and how it is formatted prior to processing by the hash
+ function.
+
+Fields:
+* data of type [**Ieee1609Dot2Data**](Ieee1609Dot2.md#Ieee1609Dot2Data) OPTIONAL
+ contains data that is explicitly transported within the
+ structure.
+
+
+* extDataHash of type [**HashedData**](#HashedData) OPTIONAL
+ contains the hash of data that is not explicitly
+ transported within the structure, and which the creator of the structure
+ wishes to cryptographically bind to the signature.
+
+
+
+* omitted of type **NULL** OPTIONAL
+ indicates that there is external data to be included in the
+ hash calculation for the signature.The mechanism for including the external
+ data in the hash calculation is specified in 6.3.6.
+
+
+
+ ...,
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2. The canonicalization
+ applies to the Ieee1609Dot2Data.
+>>>
+```asn1
+SignedDataPayload ::= SEQUENCE {
+ data Ieee1609Dot2Data OPTIONAL,
+ extDataHash HashedData OPTIONAL,
+ ...,
+ omitted NULL OPTIONAL
+} (WITH COMPONENTS {..., data PRESENT} |
+ WITH COMPONENTS {..., extDataHash PRESENT} |
+ WITH COMPONENTS {..., omitted PRESENT})
+```
+
+### HashedData
+This structure contains the hash of some data with a specified hash
+ algorithm. See 5.3.3 for specification of the permitted hash algorithms.
+
+Fields:
+* sha256HashedData of type [**HashedId32**](Ieee1609Dot2BaseTypes.md#HashedId32)
+ indicates data hashed with SHA-256.
+
+
+* sha384HashedData of type [**HashedId48**](Ieee1609Dot2BaseTypes.md#HashedId48)
+ indicates data hashed with SHA-384.
+
+
+
+ ...,
+* sm3HashedData of type [**HashedId32**](Ieee1609Dot2BaseTypes.md#HashedId32)
+ indicates data hashed with SM3.
+
+
+
+
+>>>
+NOTE: Critical information fields: If present, this is a critical
+ information field as defined in 5.2.6. An implementation that does not
+ recognize the indicated CHOICE for this type when verifying a signed SPDU
+ shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2,
+ that is, it is invalid in the sense that its validity cannot be established.
+>>>
+```asn1
+HashedData::= CHOICE {
+ sha256HashedData HashedId32,
+ ...,
+ sha384HashedData HashedId48,
+ sm3HashedData HashedId32
+}
+```
+
+### HeaderInfo
+This structure contains information that is used to establish
+ validity by the criteria of 5.2.
+
+Fields:
+* psid of type [**Psid**](Ieee1609Dot2BaseTypes.md#Psid)
+ indicates the application area with which the sender is
+ claiming the payload is to be associated.
+
+
+* generationTime of type [**Time64**](Ieee1609Dot2BaseTypes.md#Time64) OPTIONAL
+ indicates the time at which the structure was
+ generated. See 5.2.5.2.2 and 5.2.5.2.3 for discussion of the use of this
+ field.
+
+
+
+* expiryTime of type [**Time64**](Ieee1609Dot2BaseTypes.md#Time64) OPTIONAL
+ if present, contains the time after which the data
+ is no longer considered relevant. If both generationTime and
+ expiryTime are present, the signed SPDU is invalid if generationTime is
+ not strictly earlier than expiryTime.
+
+
+
+* generationLocation of type [**ThreeDLocation**](Ieee1609Dot2BaseTypes.md#ThreeDLocation) OPTIONAL
+ if present, contains the location at which the
+ signature was generated.
+
+
+
+* p2pcdLearningRequest of type [**HashedId3**](Ieee1609Dot2BaseTypes.md#HashedId3) OPTIONAL
+ if present, is used by the SDS to request
+ certificates for which it has seen identifiers and does not know the
+ entire certificate. A specification of this peer-to-peer certificate
+ distribution (P2PCD) mechanism is given in Clause 8. This field is used
+ for the separate-certificate-pdu flavor of P2PCD and shall only be present
+ if inlineP2pcdRequest is not present. The HashedId3 is calculated with the
+ whole-certificate hash algorithm, determined as described in 6.4.3,
+ applied to the COER-encoded certificate, canonicalized as defined in the
+ definition of Certificate.
+
+
+
+* missingCrlIdentifier of type [**MissingCrlIdentifier**](#MissingCrlIdentifier) OPTIONAL
+ if present, is used by the SDS to request
+ CRLs which it knows to have been issued and have not received. This is
+ provided for future use and the associated mechanism is not defined in
+ this version of this standard.
+
+
+
+* encryptionKey of type [**EncryptionKey**](Ieee1609Dot2BaseTypes.md#EncryptionKey) OPTIONAL
+ if present, is used to provide a key that is to
+ be used to encrypt at least one response to this SPDU. The SDEE
+ specification is expected to specify which response SPDUs are to be
+ encrypted with this key. One possible use of this key to encrypt a
+ response is specified in 6.3.35, 6.3.37, and 6.3.34. An encryptionKey
+ field of type symmetric should only be used if the SignedData containing
+ this field is securely encrypted by some means.
+
+
+
+* inlineP2pcdRequest of type [**SequenceOfHashedId3**](Ieee1609Dot2BaseTypes.md#SequenceOfHashedId3) OPTIONAL
+ if present, is used by the SDS to request
+ unknown certificates per the inline peer-to-peer certificate distribution
+ mechanism is given in Clause 8. This field shall only be present if
+ p2pcdLearningRequest is not present. The HashedId3 is calculated with the
+ whole-certificate hash algorithm, determined as described in 6.4.3, applied
+ to the COER-encoded certificate, canonicalized as defined in the definition
+ of Certificate.
+
+
+
+ ...,
+* requestedCertificate of type [**Certificate**](Ieee1609Dot2.md#Certificate) OPTIONAL
+ if present, is used by the SDS to provide
+ certificates per the "inline" version of the peer-to-peer certificate
+ distribution mechanism given in Clause 8.
+
+
+
+* pduFunctionalType of type [**PduFunctionalType**](#PduFunctionalType) OPTIONAL
+ if present, is used to indicate that the SPDU is
+ to be consumed by a process other than an application process as defined
+ in ISO 21177 [B14a]. See 6.3.23b for more details.
+
+
+
+* contributedExtensions of type [**ContributedExtensionBlocks**](#ContributedExtensionBlocks) OPTIONAL
+ if present, is used to contain additional
+ extensions defined using the ContributedExtensionBlocks structure.
+
+
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2. The canonicalization
+ applies to the EncryptionKey. If encryptionKey is present, and indicates
+ the choice public, and contains a BasePublicEncryptionKey that is an
+ elliptic curve point (i.e., of type EccP256CurvePoint or
+ EccP384CurvePoint), then the elliptic curve point is encoded in compressed
+ form, i.e., such that the choice indicated within the Ecc*CurvePoint is
+ compressed-y-0 or compressed-y-1.
+ The canonicalization does not apply to any fields after the extension
+ marker, including any fields in contributedExtensions.
+>>>
+```asn1
+HeaderInfo ::= SEQUENCE {
+ psid Psid,
+ generationTime Time64 OPTIONAL,
+ expiryTime Time64 OPTIONAL,
+ generationLocation ThreeDLocation OPTIONAL,
+ p2pcdLearningRequest HashedId3 OPTIONAL,
+ missingCrlIdentifier MissingCrlIdentifier OPTIONAL,
+ encryptionKey EncryptionKey OPTIONAL,
+ ...,
+ inlineP2pcdRequest SequenceOfHashedId3 OPTIONAL,
+ requestedCertificate Certificate OPTIONAL,
+ pduFunctionalType PduFunctionalType OPTIONAL,
+ contributedExtensions ContributedExtensionBlocks OPTIONAL
+}
+```
+
+### MissingCrlIdentifier
+This structure may be used to request a CRL that the SSME knows to
+ have been issued and has not yet received. It is provided for future use
+ and its use is not defined in this version of this standard.
+
+Fields:
+* cracaId of type [**HashedId3**](Ieee1609Dot2BaseTypes.md#HashedId3)
+ is the HashedId3 of the CRACA, as defined in 5.1.3. The
+ HashedId3 is calculated with the whole-certificate hash algorithm,
+ determined as described in 6.4.3, applied to the COER-encoded certificate,
+ canonicalized as defined in the definition of Certificate.
+
+
+* crlSeries of type [**CrlSeries**](Ieee1609Dot2BaseTypes.md#CrlSeries)
+ is the requested CRL Series value. See 5.1.3 for more
+ information.
+
+
+
+
+```asn1
+MissingCrlIdentifier ::= SEQUENCE {
+ cracaId HashedId3,
+ crlSeries CrlSeries,
+ ...
+}
+```
+
+
+### PduFunctionalType
+This data structure identifies the functional entity that is
+ intended to consume an SPDU, for the case where that functional entity is
+ not an application process, and are instead security support services for an
+ application process. Further details and the intended use of this field are
+ defined in ISO 21177 [B20].
+```asn1
+PduFunctionalType ::= INTEGER (0..255)
+```
+
+```asn1
+tlsHandshake PduFunctionalType ::= 1
+iso21177ExtendedAuth PduFunctionalType ::= 2
+iso21177SessionExtension PduFunctionalType ::= 3
+```
+
+
+### ContributedExtensionBlocks
+This type is used for clarity of definitions.
+```asn1
+ContributedExtensionBlocks ::= SEQUENCE (SIZE(1..MAX)) OF
+ ContributedExtensionBlock
+```
+
+### ContributedExtensionBlock
+This data structure defines the format of an extension block
+ provided by an identified contributor by using the temnplate provided
+ in the class IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION constraint
+ to the objects in the set Ieee1609Dot2HeaderInfoContributedExtensions.
+
+Fields:
+* contributorId of type [**IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION**](#IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION) .&id({
+ Ieee1609Dot2HeaderInfoContributedExtensions
+ })
+ uniquely identifies the contributor.
+
+
+* extns of type **SEQUENCE** (SIZE(1..MAX)) OF
+ contains a list of extensions from that contributor.
+ Extensions are expected and not required to follow the format specified
+ in 6.5.
+
+
+
+
+```asn1
+ContributedExtensionBlock ::= SEQUENCE {
+ contributorId IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION.&id({
+ Ieee1609Dot2HeaderInfoContributedExtensions
+ }),
+ extns SEQUENCE (SIZE(1..MAX)) OF
+ IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION.&Extn({
+ Ieee1609Dot2HeaderInfoContributedExtensions
+ }{@.contributorId})
+}
+```
+
+### IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION
+This Information Object Class defines the class that provides a
+ template for defining extension blocks.
+
+Fields:
+* id of type [**HeaderInfoContributorId**](#HeaderInfoContributorId) UNIQUE
+```asn1
+IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= CLASS {
+ &id HeaderInfoContributorId UNIQUE,
+ &Extn
+} WITH SYNTAX {&Extn IDENTIFIED BY &id}
+```
+
+
+### Ieee1609Dot2HeaderInfoContributedExtensions
+This structure is an ASN.1 Information Object Set listing the
+ defined contributed extension types and the associated
+ HeaderInfoContributorId values. In this version of this standard two
+ extension types are defined: Ieee1609ContributedHeaderInfoExtension and
+ EtsiOriginatingHeaderInfoExtension.
+```asn1
+Ieee1609Dot2HeaderInfoContributedExtensions
+ IEEE1609DOT2-HEADERINFO-CONTRIBUTED-EXTENSION ::= {
+ {Ieee1609ContributedHeaderInfoExtension IDENTIFIED BY
+ ieee1609HeaderInfoContributorId} |
+ {EtsiOriginatingHeaderInfoExtension IDENTIFIED BY
+ etsiHeaderInfoContributorId},
+ ...
+}
+```
+
+
+### HeaderInfoContributorId
+This is an integer used to identify a HeaderInfo extension
+ contributing organization. In this version of this standard two values are
+ defined:
+ - ieee1609OriginatingExtensionId indicating extensions originating with
+ IEEE 1609.
+ - etsiOriginatingExtensionId indicating extensions originating with
+ ETSI TC ITS.
+```asn1
+HeaderInfoContributorId ::= INTEGER (0..255)
+```
+
+```asn1
+ieee1609HeaderInfoContributorId HeaderInfoContributorId ::= 1
+etsiHeaderInfoContributorId HeaderInfoContributorId ::= 2
+```
+
+### SignerIdentifier
+This structure allows the recipient of data to determine which
+ keying material to use to authenticate the data. It also indicates the
+ verification type to be used to generate the hash for verification, as
+ specified in 5.3.1.
+
+Fields:
+* digest of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+ If the choice indicated is digest:
+ - The structure contains the HashedId8 of the relevant certificate. The
+ HashedId8 is calculated with the whole-certificate hash algorithm,
+ determined as described in 6.4.3.
+ - The verification type is certificate and the certificate data
+ passed to the hash function as specified in 5.3.1 is the authorization
+ certificate.
+
+
+* certificate of type [**SequenceOfCertificate**](#SequenceOfCertificate)
+ If the choice indicated is certificate:
+ - The structure contains one or more Certificate structures, in order
+ such that the first certificate is the authorization certificate and each
+ subsequent certificate is the issuer of the one before it.
+ - The verification type is certificate and the certificate data
+ passed to the hash function as specified in 5.3.1 is the authorization
+ certificate.
+
+
+
+* self of type **NULL**
+ If the choice indicated is self:
+ - The structure does not contain any data beyond the indication that
+ the choice value is self.
+ - The verification type is self-signed.
+
+
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2. The canonicalization
+ applies to every Certificate in the certificate field.
+>>>
+```asn1
+SignerIdentifier ::= CHOICE {
+ digest HashedId8,
+ certificate SequenceOfCertificate,
+ self NULL,
+ ...
+}
+```
+
+
+### Countersignature
+This data structure is used to perform a countersignature over an
+ already-signed SPDU. This is the profile of an Ieee1609Dot2Data containing
+ a signedData. The tbsData within content is composed of a payload
+ containing the hash (extDataHash) of the externally generated, pre-signed
+ SPDU over which the countersignature is performed.
+```asn1
+Countersignature ::= Ieee1609Dot2Data (WITH COMPONENTS {...,
+ content (WITH COMPONENTS {...,
+ signedData (WITH COMPONENTS {...,
+ tbsData (WITH COMPONENTS {...,
+ payload (WITH COMPONENTS {...,
+ data ABSENT,
+ extDataHash PRESENT
+ }),
+ headerInfo(WITH COMPONENTS {...,
+ generationTime PRESENT,
+ expiryTime ABSENT,
+ generationLocation ABSENT,
+ p2pcdLearningRequest ABSENT,
+ missingCrlIdentifier ABSENT,
+ encryptionKey ABSENT
+ })
+ })
+ })
+ })
+})
+```
+
+### EncryptedData
+This data structure encodes data that has been encrypted to one or
+ more recipients using the recipients public or symmetric keys as
+ specified in 5.3.4.
+
+Fields:
+* recipients of type [**SequenceOfRecipientInfo**](#SequenceOfRecipientInfo)
+ contains one or more RecipientInfos. These entries may
+ be more than one RecipientInfo, and more than one type of RecipientInfo,
+ as long as all entries are indicating or containing the same data encryption
+ key.
+
+
+* ciphertext of type [**SymmetricCiphertext**](#SymmetricCiphertext)
+ contains the encrypted data. This is the encryption of
+ an encoded Ieee1609Dot2Data structure as specified in 5.3.4.2.
+
+
+
+
+>>>
+NOTE: If the plaintext is raw data, i.e., it has not been output from a
+ previous operation of the SDS, then it is trivial to encapsulate it in an
+ Ieee1609Dot2Data of type unsecuredData as noted in 4.2.2.2.2. For example,
+ '03 80 08 01 23 45 67 89 AB CD EF' is the C-OER encoding of '01 23 45 67
+ 89 AB CD EF' encapsulated in an Ieee1609Dot2Data of type unsecuredData.
+ The first byte of the encoding 03 is the protocolVersion, the second byte
+ 80 indicates the choice unsecuredData, and the third byte 08 is the length
+ of the raw data '01 23 45 67 89 AB CD EF'.
+>>>
+```asn1
+EncryptedData ::= SEQUENCE {
+ recipients SequenceOfRecipientInfo,
+ ciphertext SymmetricCiphertext
+}
+```
+
+### RecipientInfo
+This data structure is used to transfer the data encryption key to
+ an individual recipient of an EncryptedData. The option pskRecipInfo is
+ selected if the EncryptedData was encrypted using the static encryption
+ key approach specified in 5.3.4. The other options are selected if the
+ EncryptedData was encrypted using the ephemeral encryption key approach
+ specified in 5.3.4. The meanings of the choices are:
+
+
+ See Annex C.7 for guidance on when it may be appropriate to use
+ each of these approaches.
+
+Fields:
+* pskRecipInfo of type [**PreSharedKeyRecipientInfo**](#PreSharedKeyRecipientInfo)
+ The data was encrypted directly using a pre-shared
+ symmetric key.
+
+
+* symmRecipInfo of type [**SymmRecipientInfo**](#SymmRecipientInfo)
+ The data was encrypted with a data encryption key,
+ and the data encryption key was encrypted using a symmetric key.
+
+
+
+* certRecipInfo of type [**PKRecipientInfo**](#PKRecipientInfo)
+ The data was encrypted with a data encryption key,
+ the data encryption key was encrypted using a public key encryption scheme,
+ where the public encryption key was obtained from a certificate. In this
+ case, the parameter P1 to ECIES as defined in 5.3.5 is the hash of the
+ certificate, calculated with the whole-certificate hash algorithm,
+ determined as described in 6.4.3, applied to the COER-encoded certificate,
+ canonicalized as defined in the definition of Certificate.
+
+
+
+* signedDataRecipInfo of type [**PKRecipientInfo**](#PKRecipientInfo)
+ The data was encrypted with a data encryption
+ key, the data encryption key was encrypted using a public key encryption
+ scheme, where the public encryption key was obtained as the public response
+ encryption key from a SignedData. In this case, if ECIES is the encryption
+ algorithm, then the parameter P1 to ECIES as defined in 5.3.5 is the
+ SHA-256 hash of the Ieee1609Dot2Data of type signedData containing the
+ response encryption key, canonicalized as defined in the definition of
+ Ieee1609Dot2Data.
+
+
+
+* rekRecipInfo of type [**PKRecipientInfo**](#PKRecipientInfo)
+ The data was encrypted with a data encryption key,
+ the data encryption key was encrypted using a public key encryption scheme,
+ where the public encryption key was not obtained from a Signed-Data or a
+ certificate. In this case, the SDEE specification is expected to specify
+ how the public key is obtained, and if ECIES is the encryption algorithm,
+ then the parameter P1 to ECIES as defined in 5.3.5 is the hash of the
+ empty string.
+
+
+
+
+>>>
+NOTE: The material input to encryption is the bytes of the encryption key
+ with no headers, encapsulation, or length indication. Contrast this to
+ encryption of data, where the data is encapsulated in an Ieee1609Dot2Data.
+>>>
+```asn1
+RecipientInfo ::= CHOICE {
+ pskRecipInfo PreSharedKeyRecipientInfo,
+ symmRecipInfo SymmRecipientInfo,
+ certRecipInfo PKRecipientInfo,
+ signedDataRecipInfo PKRecipientInfo,
+ rekRecipInfo PKRecipientInfo
+}
+```
+
+
+### SequenceOfRecipientInfo
+This type is used for clarity of definitions.
+```asn1
+SequenceOfRecipientInfo ::= SEQUENCE OF RecipientInfo
+```
+
+
+### PreSharedKeyRecipientInfo
+This data structure is used to indicate a symmetric key that may
+ be used directly to decrypt a SymmetricCiphertext. It consists of the
+ low-order 8 bytes of the hash of the COER encoding of a
+ SymmetricEncryptionKey structure containing the symmetric key in question.
+ The HashedId8 is calculated with the hash algorithm determined as
+ specified in 5.3.9.3. The symmetric key may be established by any
+ appropriate means agreed by the two parties to the exchange.
+```asn1
+PreSharedKeyRecipientInfo ::= HashedId8
+```
+
+### SymmRecipientInfo
+This data structure contains the following fields:
+
+Fields:
+* recipientId of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+ contains the hash of the symmetric key encryption key
+ that may be used to decrypt the data encryption key. It consists of the
+ low-order 8 bytes of the hash of the COER encoding of a
+ SymmetricEncryptionKey structure containing the symmetric key in question.
+ The HashedId8 is calculated with the hash algorithm determined as
+ specified in 5.3.9.4. The symmetric key may be established by any
+ appropriate means agreed by the two parties to the exchange.
+
+
+* encKey of type [**SymmetricCiphertext**](#SymmetricCiphertext)
+ contains the encrypted data encryption key within a
+ SymmetricCiphertext, where the data encryption key is input to the data
+ encryption key encryption process with no headers, encapsulation, or
+ length indication.
+
+
+
+
+```asn1
+SymmRecipientInfo ::= SEQUENCE {
+ recipientId HashedId8,
+ encKey SymmetricCiphertext
+}
+```
+
+### PKRecipientInfo
+This data structure contains the following fields:
+
+Fields:
+* recipientId of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+ contains the hash of the container for the encryption
+ public key as specified in the definition of RecipientInfo. Specifically,
+ depending on the choice indicated by the containing RecipientInfo structure:
+ - If the containing RecipientInfo structure indicates certRecipInfo,
+ this field contains the HashedId8 of the certificate. The HashedId8 is
+ calculated with the whole-certificate hash algorithm, determined as
+ described in 6.4.3, applied to the COER-encoded certificate, canonicalized
+ as defined in the definition of Certificate.
+ - If the containing RecipientInfo structure indicates
+ signedDataRecipInfo, this field contains the HashedId8 of the
+ Ieee1609Dot2Data of type signedData that contained the encryption key,
+ with that Ieee¬¬1609¬Dot2¬¬Data canonicalized per 6.3.4. The HashedId8 is
+ calculated with the hash algorithm determined as specified in 5.3.9.5.
+ - If the containing RecipientInfo structure indicates rekRecipInfo, this
+ field contains the HashedId8 of the COER encoding of a PublicEncryptionKey
+ structure containing the response encryption key. The HashedId8 is
+ calculated with the hash algorithm determined as specified in 5.3.9.5.
+
+
+* encKey of type [**EncryptedDataEncryptionKey**](#EncryptedDataEncryptionKey)
+ contains the encrypted data encryption key, where the data
+ encryption key is input to the data encryption key encryption process with
+ no headers, encapsulation, or length indication.
+
+
+
+
+```asn1
+PKRecipientInfo ::= SEQUENCE {
+ recipientId HashedId8,
+ encKey EncryptedDataEncryptionKey
+}
+```
+
+### EncryptedDataEncryptionKey
+This data structure contains an encrypted data encryption key,
+ where the data encryption key is input to the data encryption key
+ encryption process with no headers, encapsulation, or length indication.
+
+
+ Critical information fields: If present and applicable to
+ the receiving SDEE, this is a critical information field as defined in
+ 5.2.6. If an implementation receives an encrypted SPDU and determines that
+ one or more RecipientInfo fields are relevant to it, and if all of those
+ RecipientInfos contain an EncryptedDataEncryptionKey such that the
+ implementation does not recognize the indicated CHOICE, the implementation
+ shall indicate that the encrypted SPDU is not decryptable.
+
+Fields:
+* eciesNistP256 of type [**EciesP256EncryptedKey**](Ieee1609Dot2BaseTypes.md#EciesP256EncryptedKey)
+* eciesBrainpoolP256r1 of type [**EciesP256EncryptedKey**](Ieee1609Dot2BaseTypes.md#EciesP256EncryptedKey)
+
+* ecencSm2256 of type [**EcencP256EncryptedKey**](Ieee1609Dot2BaseTypes.md#EcencP256EncryptedKey)
+
+ ...,
+```asn1
+EncryptedDataEncryptionKey ::= CHOICE {
+ eciesNistP256 EciesP256EncryptedKey,
+ eciesBrainpoolP256r1 EciesP256EncryptedKey,
+ ...,
+ ecencSm2256 EcencP256EncryptedKey
+}
+```
+
+### SymmetricCiphertext
+This data structure encapsulates a ciphertext generated with an
+ approved symmetric algorithm.
+
+Fields:
+* aes128ccm of type [**One28BitCcmCiphertext**](#One28BitCcmCiphertext)
+* sm4Ccm of type [**One28BitCcmCiphertext**](#One28BitCcmCiphertext)
+
+ ...,
+
+>>>
+NOTE: Critical information fields: If present, this is a critical
+ information field as defined in 5.2.6. An implementation that does not
+ recognize the indicated CHOICE value for this type in an encrypted SPDU
+ shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2,
+ that is, it is invalid in the sense that its validity cannot be established.
+>>>
+```asn1
+SymmetricCiphertext ::= CHOICE {
+ aes128ccm One28BitCcmCiphertext,
+ ...,
+ sm4Ccm One28BitCcmCiphertext
+}
+```
+
+### One28BitCcmCiphertext
+This data structure encapsulates an encrypted ciphertext for any
+ symmetric algorithm with 128-bit blocks in CCM mode. The ciphertext is
+ 16 bytes longer than the corresponding plaintext due to the inclusion of
+ the message authentication code (MAC). The plaintext resulting from a
+ correct decryption of the ciphertext is either a COER-encoded
+ Ieee1609Dot2Data structure (see 6.3.41), or a 16-byte symmetric key
+ (see 6.3.44).
+
+
+ The ciphertext is 16 bytes longer than the corresponding plaintext.
+
+ The plaintext resulting from a correct decryption of the
+ ciphertext is a COER-encoded Ieee1609Dot2Data structure.
+
+Fields:
+* nonce of type **OCTET STRING** (SIZE (12))
+ contains the nonce N as specified in 5.3.8.
+
+
+* ccmCiphertext of type [**Opaque**](Ieee1609Dot2BaseTypes.md#Opaque)
+ contains the ciphertext C as specified in 5.3.8.
+
+
+
+
+>>>
+NOTE: In the name of this structure, "One28" indicates that the
+ symmetric cipher block size is 128 bits. It happens to also be the case
+ that the keys used for both AES-128-CCM and SM4-CCM are also 128 bits long.
+ This is, however, not what One28 refers to. Since the cipher is used in
+ counter mode, i.e., as a stream cipher, the fact that that block size is 128
+ bits affects only the size of the MAC and does not affect the size of the
+ raw ciphertext.
+>>>
+```asn1
+One28BitCcmCiphertext ::= SEQUENCE {
+ nonce OCTET STRING (SIZE (12)),
+ ccmCiphertext Opaque
+}
+```
+
+
+### Aes128CcmCiphertext
+This type is defined only for backwards compatibility.
+```asn1
+Aes128CcmCiphertext ::= One28BitCcmCiphertext
+```
+
+
+### TestCertificate
+This structure is a profile of the structure CertificateBase which
+ specifies the valid combinations of fields to transmit implicit and
+ explicit certificates.
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2. The canonicalization
+ applies to the CertificateBase.
+>>>
+```asn1
+TestCertificate ::= Certificate
+```
+
+
+### SequenceOfCertificate
+This type is used for clarity of definitions.
+```asn1
+SequenceOfCertificate ::= SEQUENCE OF Certificate
+```
+
+### CertificateBase
+The fields in this structure have the following meaning:
+
+Fields:
+* version of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8) (3)
+ contains the version of the certificate format. In this
+ version of the data structures, this field is set to 3.
+
+
+* type of type [**CertificateType**](#CertificateType)
+ states whether the certificate is implicit or explicit. This
+ field is set to explicit for explicit certificates and to implicit for
+ implicit certificates. See ExplicitCertificate and ImplicitCertificate for
+ more details.
+
+
+
+* issuer of type [**IssuerIdentifier**](#IssuerIdentifier)
+ identifies the issuer of the certificate.
+
+
+
+* toBeSigned of type [**ToBeSignedCertificate**](#ToBeSignedCertificate)
+ is the certificate contents. This field is an input to
+ the hash when generating or verifying signatures for an explicit
+ certificate, or generating or verifying the public key from the
+ reconstruction value for an implicit certificate. The details of how this
+ field are encoded are given in the description of the
+ ToBeSignedCertificate type.
+
+
+
+* signature of type [**Signature**](Ieee1609Dot2BaseTypes.md#Signature) OPTIONAL
+ is included in an ExplicitCertificate. It is the
+ signature, calculated by the signer identified in the issuer field, over
+ the hash of toBeSigned. The hash is calculated as specified in 5.3.1, where:
+ - Data input is the encoding of toBeSigned following the COER.
+ - Signer identifier input depends on the verification type, which in
+ turn depends on the choice indicated by issuer. If the choice indicated by
+ issuer is self, the verification type is self-signed and the signer
+ identifier input is the empty string. If the choice indicated by issuer is
+ not self, the verification type is certificate and the signer identifier
+ input is the canonicalized COER encoding of the certificate indicated by
+ issuer. The canonicalization is carried out as specified in the
+ Canonicalization section of this subclause.
+
+
+
+
+>>>
+NOTE: Whole-certificate hash: If the entirety of a certificate is hashed
+ to calculate a HashedId3, HashedId8, or HashedId10, the algorithm used for
+ this purpose is known as the whole-certificate hash. The method used to
+ determine the whole-certificate hash algorithm is specified in 5.3.9.2.
+>>>
+```asn1
+CertificateBase ::= SEQUENCE {
+ version Uint8(3),
+ type CertificateType,
+ issuer IssuerIdentifier,
+ toBeSigned ToBeSignedCertificate,
+ signature Signature OPTIONAL
+}
+```
+
+
+### CertificateType
+This enumerated type indicates whether a certificate is explicit or
+ implicit.
+
+>>>
+NOTE: Critical information fields: If present, this is a critical
+ information field as defined in 5.2.5. An implementation that does not
+ recognize the indicated CHOICE for this type when verifying a signed SPDU
+ shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2,
+ that is, it is invalid in the sense that its validity cannot be
+ established.
+>>>
+```asn1
+CertificateType ::= ENUMERATED {
+ explicit,
+ implicit,
+ ...
+}
+```
+
+
+### ImplicitCertificate
+This is a profile of the CertificateBase structure providing all
+ the fields necessary for an implicit certificate, and no others.
+```asn1
+ImplicitCertificate ::= CertificateBase (WITH COMPONENTS {...,
+ type(implicit),
+ toBeSigned(WITH COMPONENTS {...,
+ verifyKeyIndicator(WITH COMPONENTS {reconstructionValue})
+ }),
+ signature ABSENT
+})
+```
+
+
+### ExplicitCertificate
+This is a profile of the CertificateBase structure providing all
+ the fields necessary for an explicit certificate, and no others.
+```asn1
+ExplicitCertificate ::= CertificateBase (WITH COMPONENTS {...,
+ type(explicit),
+ toBeSigned (WITH COMPONENTS {...,
+ verifyKeyIndicator(WITH COMPONENTS {verificationKey})
+ }),
+ signature PRESENT
+})
+```
+
+### IssuerIdentifier
+This structure allows the recipient of a certificate to determine
+ which keying material to use to authenticate the certificate.
+
+
+ If the choice indicated is sha256AndDigest, sha384AndDigest, or
+ sm3AndDigest:
+ - The structure contains the HashedId8 of the issuing certificate. The
+ HashedId8 is calculated with the whole-certificate hash algorithm,
+ determined as described in 6.4.3, applied to the COER-encoded certificate,
+ canonicalized as defined in the definition of Certificate.
+ - The hash algorithm to be used to generate the hash of the certificate
+ for verification is SHA-256 (in the case of sha256AndDigest), SM3 (in the
+ case of sm3AndDigest) or SHA-384 (in the case of sha384AndDigest).
+ - The certificate is to be verified with the public key of the
+ indicated issuing certificate.
+
+ If the choice indicated is self:
+ - The structure indicates what hash algorithm is to be used to generate
+ the hash of the certificate for verification.
+ - The certificate is to be verified with the public key indicated by
+ the verifyKeyIndicator field in theToBeSignedCertificate.
+
+Fields:
+* sha256AndDigest of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+* self of type [**HashAlgorithm**](Ieee1609Dot2BaseTypes.md#HashAlgorithm)
+
+* sha384AndDigest of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+
+ ...,
+* sm3AndDigest of type [**HashedId8**](Ieee1609Dot2BaseTypes.md#HashedId8)
+
+
+>>>
+NOTE: Critical information fields: If present, this is a critical
+ information field as defined in 5.2.5. An implementation that does not
+ recognize the indicated CHOICE for this type when verifying a signed SPDU
+ shall indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2,
+ that is, it is invalid in the sense that its validity cannot be
+ established.
+>>>
+```asn1
+IssuerIdentifier ::= CHOICE {
+ sha256AndDigest HashedId8,
+ self HashAlgorithm,
+ ...,
+ sha384AndDigest HashedId8,
+ sm3AndDigest HashedId8
+}
+```
+
+### ToBeSignedCertificate
+The fields in the ToBeSignedCertificate structure have the
+ following meaning:
+
+
+ For both implicit and explicit certificates, when the certificate
+ is hashed to create or recover the public key (in the case of an implicit
+ certificate) or to generate or verify the signature (in the case of an
+ explicit certificate), the hash is Hash (Data input) || Hash (
+ Signer identifier input), where:
+ - Data input is the COER encoding of toBeSigned, canonicalized
+ as described above.
+ - Signer identifier input depends on the verification type,
+ which in turn depends on the choice indicated by issuer. If the choice
+ indicated by issuer is self, the verification type is self-signed and the
+ signer identifier input is the empty string. If the choice indicated by
+ issuer is not self, the verification type is certificate and the signer
+ identifier input is the COER encoding of the canonicalization per 6.4.3 of
+ the certificate indicated by issuer.
+
+ In other words, for implicit certificates, the value H (CertU) in SEC 4,
+ section 3, is for purposes of this standard taken to be H [H
+ (canonicalized ToBeSignedCertificate from the subordinate certificate) ||
+ H (entirety of issuer Certificate)]. See 5.3.2 for further discussion,
+ including material differences between this standard and SEC 4 regarding
+ how the hash function output is converted from a bit string to an integer.
+
+Fields:
+* id of type [**CertificateId**](#CertificateId)
+ contains information that is used to identify the certificate
+ holder if necessary.
+
+
+* cracaId of type [**HashedId3**](Ieee1609Dot2BaseTypes.md#HashedId3)
+ identifies the Certificate Revocation Authorization CA
+ (CRACA) responsible for certificate revocation lists (CRLs) on which this
+ certificate might appear. Use of the cracaId is specified in 5.1.3. The
+ HashedId3 is calculated with the whole-certificate hash algorithm,
+ determined as described in 6.4.3, applied to the COER-encoded certificate,
+ canonicalized as defined in the definition of Certificate.
+
+
+
+* crlSeries of type [**CrlSeries**](Ieee1609Dot2BaseTypes.md#CrlSeries)
+ represents the CRL series relevant to a particular
+ Certificate Revocation Authorization CA (CRACA) on which the certificate
+ might appear. Use of this field is specified in 5.1.3.
+
+
+
+* validityPeriod of type [**ValidityPeriod**](Ieee1609Dot2BaseTypes.md#ValidityPeriod)
+ contains the validity period of the certificate.
+
+
+
+* region of type [**GeographicRegion**](Ieee1609Dot2BaseTypes.md#GeographicRegion) OPTIONAL
+ if present, indicates the validity region of the
+ certificate. If it is omitted the validity region is indicated as follows:
+ - If enclosing certificate is self-signed, i.e., the choice indicated
+ by the issuer field in the enclosing certificate structure is self, the
+ certificate is valid worldwide.
+ - Otherwise, the certificate has the same validity region as the
+ certificate that issued it.
+
+
+
+* assuranceLevel of type [**SubjectAssurance**](Ieee1609Dot2BaseTypes.md#SubjectAssurance) OPTIONAL
+ indicates the assurance level of the certificate
+ holder.
+
+
+
+* appPermissions of type [**SequenceOfPsidSsp**](Ieee1609Dot2BaseTypes.md#SequenceOfPsidSsp) OPTIONAL
+ indicates the permissions that the certificate
+ holder has to sign application data with this certificate. A valid
+ instance of appPermissions contains any particular Psid value in at most
+ one entry.
+
+
+
+* certIssuePermissions of type [**SequenceOfPsidGroupPermissions**](#SequenceOfPsidGroupPermissions) OPTIONAL
+ indicates the permissions that the certificate
+ holder has to sign certificates with this certificate. A valid instance of
+ this array contains no more than one entry whose psidSspRange field
+ indicates all. If the array has multiple entries and one entry has its
+ psidSspRange field indicate all, then the entry indicating all specifies
+ the permissions for all PSIDs other than the ones explicitly specified in
+ the other entries. See the description of PsidGroupPermissions for further
+ discussion.
+
+
+
+* certRequestPermissions of type [**SequenceOfPsidGroupPermissions**](#SequenceOfPsidGroupPermissions) OPTIONAL
+ indicates the permissions that the
+ certificate holder can request in its certificate. A valid instance of this
+ array contains no more than one entry whose psidSspRange field indicates
+ all. If the array has multiple entries and one entry has its psidSspRange
+ field indicate all, then the entry indicating all specifies the permissions
+ for all PSIDs other than the ones explicitly specified in the other entries.
+ See the description of PsidGroupPermissions for further discussion.
+
+
+
+* canRequestRollover of type **NULL** OPTIONAL
+ indicates that the certificate may be used to
+ sign a request for another certificate with the same permissions. This
+ field is provided for future use and its use is not defined in this
+ version of this standard.
+
+
+
+* encryptionKey of type [**PublicEncryptionKey**](Ieee1609Dot2BaseTypes.md#PublicEncryptionKey) OPTIONAL
+ contains a public key for encryption for which the
+ certificate holder holds the corresponding private key.
+
+
+
+* verifyKeyIndicator of type [**VerificationKeyIndicator**](#VerificationKeyIndicator)
+ contains material that may be used to recover
+ the public key that may be used to verify data signed by this certificate.
+
+
+
+* flags of type **BIT STRING** {usesCubk (0)} (SIZE (8)) OPTIONAL
+ indicates additional yes/no properties of the certificate
+ holder. The only bit with defined semantics in this string in this version
+ of this standard is usesCubk. If set, the usesCubk bit indicates that the
+ certificate holder supports the compact unified butterfly key response.
+ Further material about the compact unified butterfly key response can be
+ found in IEEE Std 1609.2.1.
+
+
+
+ ...,
+* appExtensions of type [**SequenceOfAppExtensions**](#SequenceOfAppExtensions)
+ indicates additional permissions that may be applied
+ to application activities that the certificate holder is carrying out.
+
+
+
+* certIssueExtensions of type [**SequenceOfCertIssueExtensions**](#SequenceOfCertIssueExtensions)
+ indicates additional permissions to issue
+ certificates containing endEntityExtensions.
+
+
+
+* certRequestExtension of type [**SequenceOfCertRequestExtensions**](#SequenceOfCertRequestExtensions)
+
+If the PublicEncryptionKey contains a BasePublicEncryptionKey that is an
+ elliptic curve point (i.e., of type EccP256CurvePoint or EccP384CurvePoint),
+ then the elliptic curve point is encoded in compressed form, i.e., such
+ that the choice indicated within the Ecc*CurvePoint is compressed-y-0 or
+ compressed-y-1.
+
+>>>
+NOTE: Critical information fields:
+ - If present, appPermissions is a critical information field as defined
+ in 5.2.6. If an implementation of verification does not support the number
+ of PsidSsp in the appPermissions field of a certificate that signed a
+ signed SPDU, that implementation shall indicate that the signed SPDU is
+ invalid in the sense of 4.2.2.3.2, that is, it is invalid in the sense
+ that its validity cannot be established.. A conformant implementation
+ shall support appPermissions fields containing at least eight entries.
+ It may be the case that an implementation of verification does not support
+ the number of entries in the appPermissions field and the appPermissions
+ field is not relevant to the verification: this will occur, for example,
+ if the certificate in question is a CA certificate and so the
+ certIssuePermissions field is relevant to the verification and the
+ appPermissions field is not. In this case, whether the implementation
+ indicates that the signed SPDU is valid (because it could validate all
+ relevant fields) or invalid (because it could not parse the entire
+ certificate) is implementation-specific.
+ - If present, certIssuePermissions is a critical information field as
+ defined in 5.2.6. If an implementation of verification does not support
+ the number of PsidGroupPermissions in the certIssuePermissions field of a
+ CA certificate in the chain of a signed SPDU, the implementation shall
+ indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, that
+ is, it is invalid in the sense that its validity cannot be established.
+ A conformant implementation shall support certIssuePermissions fields
+ containing at least eight entries.
+ It may be the case that an implementation of verification does not support
+ the number of entries in the certIssuePermissions field and the
+ certIssuePermissions field is not relevant to the verification: this will
+ occur, for example, if the certificate in question is the signing
+ certificate for the SPDU and so the appPermissions field is relevant to
+ the verification and the certIssuePermissions field is not. In this case,
+ whether the implementation indicates that the signed SPDU is valid
+ (because it could validate all relevant fields) or invalid (because it
+ could not parse the entire certificate) is implementation-specific.
+ - If present, certRequestPermissions is a critical information field as
+ defined in 5.2.6. If an implementaiton of verification of a certificate
+ request does not support the number of PsidGroupPermissions in
+ certRequestPermissions, the implementation shall indicate that the signed
+ SPDU is invalid in the sense of 4.2.2.3.2, that is, it is invalid in the
+ sense that its validity cannot be established. A conformant implementation
+ shall support certRequestPermissions fields containing at least eight
+ entries.
+ It may be the case that an implementation of verification does not support
+ the number of entries in the certRequestPermissions field and the
+ certRequestPermissions field is not relevant to the verification: this will
+ occur, for example, if the certificate in question is the signing
+ certificate for the SPDU and so the appPermissions field is relevant to
+ the verification and the certRequestPermissions field is not. In this
+ case, whether the implementation indicates that the signed SPDU is valid
+ (because it could validate all relevant fields) or invalid (because it
+ could not parse the entire certificate) is implementation-specific.
+>>>
+```asn1
+ToBeSignedCertificate ::= SEQUENCE {
+ id CertificateId,
+ cracaId HashedId3,
+ crlSeries CrlSeries,
+ validityPeriod ValidityPeriod,
+ region GeographicRegion OPTIONAL,
+ assuranceLevel SubjectAssurance OPTIONAL,
+ appPermissions SequenceOfPsidSsp OPTIONAL,
+ certIssuePermissions SequenceOfPsidGroupPermissions OPTIONAL,
+ certRequestPermissions SequenceOfPsidGroupPermissions OPTIONAL,
+ canRequestRollover NULL OPTIONAL,
+ encryptionKey PublicEncryptionKey OPTIONAL,
+ verifyKeyIndicator VerificationKeyIndicator,
+ ...,
+ flags BIT STRING {usesCubk (0)} (SIZE (8)) OPTIONAL,
+ appExtensions SequenceOfAppExtensions,
+ certIssueExtensions SequenceOfCertIssueExtensions,
+ certRequestExtension SequenceOfCertRequestExtensions
+}
+(WITH COMPONENTS { ..., appPermissions PRESENT} |
+ WITH COMPONENTS { ..., certIssuePermissions PRESENT} |
+ WITH COMPONENTS { ..., certRequestPermissions PRESENT})
+```
+
+### CertificateId
+This structure contains information that is used to identify the
+ certificate holder if necessary.
+
+Fields:
+* linkageData of type [**LinkageData**](#LinkageData)
+ is used to identify the certificate for revocation
+ purposes in the case of certificates that appear on linked certificate
+ CRLs. See 5.1.3 and 7.3 for further discussion.
+
+
+* name of type [**Hostname**](Ieee1609Dot2BaseTypes.md#Hostname)
+ is used to identify the certificate holder in the case of
+ non-anonymous certificates. The contents of this field are a matter of
+ policy and are expected to be human-readable.
+
+
+
+* binaryId of type **OCTET STRING** (SIZE(1..64))
+ supports identifiers that are not human-readable.
+
+
+
+* none of type **NULL**
+ indicates that the certificate does not include an identifier.
+
+
+
+
+>>>
+NOTE: Critical information fields:
+ - If present, this is a critical information field as defined in 5.2.6.
+ An implementation that does not recognize the choice indicated in this
+ field shall reject a signed SPDU as invalid.
+>>>
+```asn1
+CertificateId ::= CHOICE {
+ linkageData LinkageData,
+ name Hostname,
+ binaryId OCTET STRING(SIZE(1..64)),
+ none NULL,
+ ...
+}
+```
+
+### LinkageData
+This structure contains information that is matched against
+ information obtained from a linkage ID-based CRL to determine whether the
+ containing certificate has been revoked. See 5.1.3.4 and 7.3 for details
+ of use.
+
+Fields:
+* iCert of type [**IValue**](Ieee1609Dot2BaseTypes.md#IValue)
+* linkage-value of type [**LinkageValue**](Ieee1609Dot2BaseTypes.md#LinkageValue)
+
+* group-linkage-value of type [**GroupLinkageValue**](Ieee1609Dot2BaseTypes.md#GroupLinkageValue) OPTIONAL
+
+```asn1
+LinkageData ::= SEQUENCE {
+ iCert IValue,
+ linkage-value LinkageValue,
+ group-linkage-value GroupLinkageValue OPTIONAL
+}
+```
+
+### PsidGroupPermissions
+This type indicates which type of permissions may appear in
+ end-entity certificates the chain of whose permissions passes through the
+ PsidGroupPermissions field containing this value. If app is indicated, the
+ end-entity certificate may contain an appPermissions field. If enroll is
+ indicated, the end-entity certificate may contain a certRequestPermissions
+ field.
+
+This structure states the permissions that a certificate holder has
+ with respect to issuing and requesting certificates for a particular set
+ of PSIDs. For examples, see D.5.3 and D.5.4.
+
+Fields:
+* subjectPermissions of type [**SubjectPermissions**](#SubjectPermissions)
+ indicates PSIDs and SSP Ranges covered by this
+ field.
+
+
+* minChainLength of type **INTEGER** DEFAULT 1
+ and chainLengthRange indicate how long the
+ certificate chain from this certificate to the end-entity certificate is
+ permitted to be. As specified in 5.1.2.1, the length of the certificate
+ chain is the number of certificates "below" this certificate in the chain,
+ down to and including the end-entity certificate. The length is permitted
+ to be (a) greater than or equal to minChainLength certificates and (b)
+ less than or equal to minChainLength + chainLengthRange certificates. A
+ value of 0 for minChainLength is not permitted when this type appears in
+ the certIssuePermissions field of a ToBeSignedCertificate; a certificate
+ that has a value of 0 for this field is invalid. The value -1 for
+ chainLengthRange is a special case: if the value of chainLengthRange is -1
+ it indicates that the certificate chain may be any length equal to or
+ greater than minChainLength. See the examples below for further discussion.
+
+
+
+* chainLengthRange of type **INTEGER** DEFAULT 0
+
+* eeType of type [**EndEntityType**](#EndEntityType) DEFAULT {app}
+ takes one or more of the values app and enroll and indicates
+ the type of certificates or requests that this instance of
+ PsidGroupPermissions in the certificate is entitled to authorize.
+ Different instances of PsidGroupPermissions within a ToBeSignedCertificate
+ may have different values for eeType.
+ - If this field indicates app, the chain is allowed to end in an
+ authorization certificate, i.e., a certficate in which these permissions
+ appear in an appPermissions field (in other words, if the field does not
+ indicate app and the chain ends in an authorization certificate, the
+ chain shall be considered invalid).
+ - If this field indicates enroll, the chain is allowed to end in an
+ enrollment certificate, i.e., a certificate in which these permissions
+ appear in a certReqPermissions permissions field (in other words, if the
+ field does not indicate enroll and the chain ends in an enrollment
+ certificate, the chain shall be considered invalid).
+
+
+
+
+```asn1
+PsidGroupPermissions ::= SEQUENCE {
+ subjectPermissions SubjectPermissions,
+ minChainLength INTEGER DEFAULT 1,
+ chainLengthRange INTEGER DEFAULT 0,
+ eeType EndEntityType DEFAULT {app}
+}
+```
+
+
+### SequenceOfPsidGroupPermissions
+This type is used for clarity of definitions.
+```asn1
+SequenceOfPsidGroupPermissions ::= SEQUENCE OF PsidGroupPermissions
+```
+
+### SubjectPermissions
+This indicates the PSIDs and associated SSPs for which certificate
+ issuance or request permissions are granted by a PsidGroupPermissions
+ structure. If this takes the value explicit, the enclosing
+ PsidGroupPermissions structure grants certificate issuance or request
+ permissions for the indicated PSIDs and SSP Ranges. If this takes the
+ value all, the enclosing PsidGroupPermissions structure grants certificate
+ issuance or request permissions for all PSIDs not indicated by other
+ PsidGroupPermissions in the same certIssuePermissions or
+ certRequestPermissions field.
+
+Fields:
+* explicit of type [**SequenceOfPsidSspRange**](Ieee1609Dot2BaseTypes.md#SequenceOfPsidSspRange)
+* all of type **NULL**
+
+
+>>>
+NOTE: Critical information fields:
+ - If present, this is a critical information field as defined in 5.2.6.
+ An implementation that does not recognize the indicated CHOICE when
+ verifying a signed SPDU shall indicate that the signed SPDU is
+ invalidin the sense of 4.2.2.3.2, that is, it is invalid in the sense that
+ its validity cannot be established.
+ - If present, explicit is a critical information field as defined in
+ 5.2.6. An implementation that does not support the number of PsidSspRange
+ in explicit when verifying a signed SPDU shall indicate that the signed
+ SPDU is invalid in the sense of 4.2.2.3.2, that is, it is invalid in the
+ sense that its validity cannot be established. A conformant implementation
+ shall support explicit fields containing at least eight entries.
+>>>
+```asn1
+SubjectPermissions ::= CHOICE {
+ explicit SequenceOfPsidSspRange,
+ all NULL,
+ ...
+}
+```
+
+### VerificationKeyIndicator
+The contents of this field depend on whether the certificate is an
+ implicit or an explicit certificate.
+
+Fields:
+* verificationKey of type [**PublicVerificationKey**](Ieee1609Dot2BaseTypes.md#PublicVerificationKey)
+ is included in explicit certificates. It contains
+ the public key to be used to verify signatures generated by the holder of
+ the Certificate.
+
+
+* reconstructionValue of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+ is included in implicit certificates. It
+ contains the reconstruction value, which is used to recover the public key
+ as specified in SEC 4 and 5.3.2.
+
+
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2. The canonicalization
+ applies to the PublicVerificationKey and to the EccP256CurvePoint. The
+ EccP256CurvePoint is encoded in compressed form, i.e., such that the
+ choice indicated within the EccP256CurvePoint is compressed-y-0 or
+ compressed-y-1.
+>>>
+```asn1
+VerificationKeyIndicator ::= CHOICE {
+ verificationKey PublicVerificationKey,
+ reconstructionValue EccP256CurvePoint,
+ ...
+}
+```
+
+
+### Ieee1609HeaderInfoExtensionId
+This structure uses the parameterized type Extension to define an
+ Ieee1609ContributedHeaderInfoExtension as an open Extension Content field
+ identified by an extension identifier. The extension identifier value is
+ unique to extensions defined by ETSI and need not be unique among all
+ extension identifier values defined by all contributing organizations.
+
+This is an integer used to identify an
+ Ieee1609ContributedHeaderInfoExtension.
+```asn1
+Ieee1609HeaderInfoExtensionId ::= ExtId
+```
+
+```asn1
+p2pcd8ByteLearningRequestId Ieee1609HeaderInfoExtensionId ::= 1
+```
+
+
+### Ieee1609HeaderInfoExtensions
+This is the ASN.1 Information Object Class that associates IEEE
+ 1609 HeaderInfo contributed extensions with the appropriate
+ Ieee1609HeaderInfoExtensionId value.
+```asn1
+Ieee1609HeaderInfoExtensions EXT-TYPE ::= {
+ {HashedId8 IDENTIFIED BY p2pcd8ByteLearningRequestId},
+ ...
+}
+```
+
+
+### SequenceOfAppExtensions
+This structure contains any AppExtensions that apply to the
+ certificate holder. As specified in 5.2.4.2.3, each individual
+ AppExtension type is associated with consistency conditions, specific to
+ that extension, that govern its consistency with SPDUs signed by the
+ certificate holder and with the CertIssueExtensions in the CA certificates
+ in that certificate holders chain. Those consistency conditions are
+ specified for each individual AppExtension below.
+```asn1
+SequenceOfAppExtensions ::= SEQUENCE (SIZE(1..MAX)) OF AppExtension
+```
+
+### AppExtension
+This structure contains an individual AppExtension. AppExtensions
+ specified in this standard are drawn from the ASN.1 Information Object Set
+ SetCertExtensions. This set, and its use in the AppExtension type, is
+ structured so that each AppExtension is associated with a
+ CertIssueExtension and a CertRequestExtension and all are identified by
+ the same id value. In this structure:
+
+Fields:
+* id of type [**CERT-EXT-TYPE**](Ieee1609Dot2BaseTypes.md#CERT-EXT-TYPE) .&id({SetCertExtensions})
+ identifies the extension type.
+
+
+* content of type [**CERT-EXT-TYPE**](Ieee1609Dot2BaseTypes.md#CERT-EXT-TYPE) .&App({SetCertExtensions}{@.id})
+ provides the content of the extension.
+
+
+
+
+```asn1
+AppExtension ::= SEQUENCE {
+ id CERT-EXT-TYPE.&id({SetCertExtensions}),
+ content CERT-EXT-TYPE.&App({SetCertExtensions}{@.id})
+}
+```
+
+
+### SequenceOfCertIssueExtensions
+This field contains any CertIssueExtensions that apply to the
+ certificate holder. As specified in 5.2.4.2.3, each individual
+ CertIssueExtension type is associated with consistency conditions,
+ specific to that extension, that govern its consistency with
+ AppExtensions in certificates issued by the certificate holder and with
+ the CertIssueExtensions in the CA certificates in that certificate
+ holders chain. Those consistency conditions are specified for each
+ individual CertIssueExtension below.
+```asn1
+SequenceOfCertIssueExtensions ::=
+ SEQUENCE (SIZE(1..MAX)) OF CertIssueExtension
+```
+
+### CertIssueExtension
+This field contains an individual CertIssueExtension.
+ CertIssueExtensions specified in this standard are drawn from the ASN.1
+ Information Object Set SetCertExtensions. This set, and its use in the
+ CertIssueExtension type, is structured so that each CertIssueExtension
+ is associated with a AppExtension and a CertRequestExtension and all are
+ identified by the same id value. In this structure:
+
+Fields:
+* id of type [**CERT-EXT-TYPE**](Ieee1609Dot2BaseTypes.md#CERT-EXT-TYPE) .&id({SetCertExtensions})
+ identifies the extension type.
+
+
+* permissions of type [**CHOICE**](#CHOICE) {
+ specific CERT-EXT-TYPE.&Issue({SetCertExtensions}{@.id})
+ indicates the permissions. Within this field.
+ - all indicates that the certificate is entitled to issue all values of
+ the extension.
+ - specific is used to specify which values of the extension may be
+ issued in the case where all does not apply.
+
+
+
+
+* all of type **NULL**
+
+```asn1
+CertIssueExtension ::= SEQUENCE {
+ id CERT-EXT-TYPE.&id({SetCertExtensions}),
+ permissions CHOICE {
+ specific CERT-EXT-TYPE.&Issue({SetCertExtensions}{@.id}),
+ all NULL
+ }
+}
+```
+
+
+### SequenceOfCertRequestExtensions
+This field contains any CertRequestExtensions that apply to the
+ certificate holder. As specified in 5.2.4.2.3, each individual
+ CertRequestExtension type is associated with consistency conditions,
+ specific to that extension, that govern its consistency with
+ AppExtensions in certificates issued by the certificate holder and with
+ the CertRequestExtensions in the CA certificates in that certificate
+ holders chain. Those consistency conditions are specified for each
+ individual CertRequestExtension below.
+```asn1
+SequenceOfCertRequestExtensions ::= SEQUENCE (SIZE(1..MAX)) OF CertRequestExtension
+```
+
+### CertRequestExtension
+This field contains an individual CertRequestExtension.
+ CertRequestExtensions specified in this standard are drawn from the
+ ASN.1 Information Object Set SetCertExtensions. This set, and its use in
+ the CertRequestExtension type, is structured so that each
+ CertRequestExtension is associated with a AppExtension and a
+ CertRequestExtension and all are identified by the same id value. In this
+ structure:
+
+Fields:
+* id of type [**CERT-EXT-TYPE**](Ieee1609Dot2BaseTypes.md#CERT-EXT-TYPE) .&id({SetCertExtensions})
+ identifies the extension type.
+
+
+* permissions of type [**CHOICE**](#CHOICE) {
+ content CERT-EXT-TYPE.&Req({SetCertExtensions}{@.id})
+ indicates the permissions. Within this field.
+ - all indicates that the certificate is entitled to issue all values of
+ the extension.
+ - specific is used to specify which values of the extension may be
+ issued in the case where all does not apply.
+
+
+
+
+* all of type **NULL**
+
+```asn1
+CertRequestExtension ::= SEQUENCE {
+ id CERT-EXT-TYPE.&id({SetCertExtensions}),
+ permissions CHOICE {
+ content CERT-EXT-TYPE.&Req({SetCertExtensions}{@.id}),
+ all NULL
+ }
+}
+```
+
+
+### OperatingOrganizationId
+This type is the AppExtension used to identify an operating
+ organization. The associated CertIssueExtension and CertRequestExtension
+ are both of type OperatingOrganizationId.
+ To determine consistency between this type and an SPDU, the SDEE
+ specification for that SPDU is required to specify how the SPDU can be
+ used to determine an OBJECT IDENTIFIER (for example, by including the
+ full OBJECT IDENTIFIER in the SPDU, or by including a RELATIVE-OID with
+ clear instructions about how a full OBJECT IDENTIFIER can be obtained from
+ the RELATIVE-OID). The SPDU is then consistent with this type if the
+ OBJECT IDENTIFIER determined from the SPDU is identical to the OBJECT
+ IDENTIFIER contained in this field.
+ This AppExtension does not have consistency conditions with a
+ corresponding CertIssueExtension. It can appear in a certificate issued
+ by any CA.
+```asn1
+OperatingOrganizationId ::= OBJECT IDENTIFIER
+```
+
+```asn1
+certExtId-OperatingOrganization ExtId ::= 1
+```
+
+```asn1
+instanceOperatingOrganizationCertExtensions CERT-EXT-TYPE ::= {
+ ID certExtId-OperatingOrganization
+ APP OperatingOrganizationId
+ ISSUE NULL
+ REQUEST NULL
+}
+```
+
+
+### SetCertExtensions
+This Information Object Set is a collection of Information Objects
+ used to contain the AppExtension, CertIssueExtension, and
+ CertRequestExtension types associated with a specific use of certificate
+ extensions. In this version of this standard it only has a single entry
+ instanceOperatingOrganizationCertExtensions.
+```asn1
+SetCertExtensions CERT-EXT-TYPE ::= {
+ instanceOperatingOrganizationCertExtensions,
+ ...
+}
+```
+
+
+
+This Information Object is an instance of the Information Object
+ Class CERT-EXT-TYPE. It is defined to bind together the AppExtension,
+ CertIssueExtension, and CertRequestExtension types associated with the
+ use of an operating organization identifier, and to assocaute them all
+ with the extension identifier value certExtId-OperatingOrganization.
+ This Information Object Set is a collection of Information Objects
+ used to contain the AppExtension, CertIssueExtension, and
+ CertRequestExtension types associated with a specific use of certificate
+ extensions. In this version of this standard it only has a single entry
+ instanceOperatingOrganizationCertExtensions.
+
+
diff --git a/docs/Ieee1609Dot2BaseTypes.md b/docs/Ieee1609Dot2BaseTypes.md
new file mode 100644
index 0000000000000000000000000000000000000000..4cbd3bc62430bdf233f4b674bffa66b1b1615767
--- /dev/null
+++ b/docs/Ieee1609Dot2BaseTypes.md
@@ -0,0 +1,1726 @@
+# ASN.1 module Ieee1609Dot2BaseTypes
+ OID: _{iso(1) identified-organization(3) ieee(111) standards-association-numbered-series-standards(2) wave-stds(1609) dot2(2) base(1) base-types(2) major-version-2(2) minor-version-4(4)}_
+ @note Section references in this file are to clauses in IEEE Std
+ 1609.2 unless indicated otherwise. Full forms of acronyms and
+ abbreviations used in this file are specified in 3.2.
+
+
+## Data Elements:
+
+### Uint3
+This atomic type is used in the definition of other data structures.
+ It is for non-negative integers up to 7, i.e., (hex)07.
+```asn1
+Uint3 ::= INTEGER (0..7)
+```
+
+
+### Uint8
+This atomic type is used in the definition of other data structures.
+ It is for non-negative integers up to 255, i.e., (hex)ff.
+```asn1
+Uint8 ::= INTEGER (0..255)
+```
+
+
+### Uint16
+This atomic type is used in the definition of other data structures.
+ It is for non-negative integers up to 65,535, i.e., (hex)ff ff.
+```asn1
+Uint16 ::= INTEGER (0..65535)
+```
+
+
+### Uint32
+This atomic type is used in the definition of other data structures.
+ It is for non-negative integers up to 4,294,967,295, i.e.,
+ (hex)ff ff ff ff.
+```asn1
+Uint32 ::= INTEGER (0..4294967295)
+```
+
+
+### Uint64
+This atomic type is used in the definition of other data structures.
+ It is for non-negative integers up to 18,446,744,073,709,551,615, i.e.,
+ (hex)ff ff ff ff ff ff ff ff.
+```asn1
+Uint64 ::= INTEGER (0..18446744073709551615)
+```
+
+
+### SequenceOfUint8
+This type is used for clarity of definitions.
+```asn1
+SequenceOfUint8 ::= SEQUENCE OF Uint8
+```
+
+
+### SequenceOfUint16
+This type is used for clarity of definitions.
+```asn1
+SequenceOfUint16 ::= SEQUENCE OF Uint16
+```
+
+
+### Opaque
+This is a synonym for ASN.1 OCTET STRING, and is used in the
+ definition of other data structures.
+```asn1
+Opaque ::= OCTET STRING
+```
+
+
+### HashedId3
+This type contains the truncated hash of another data structure.
+ The HashedId3 for a given data structure is calculated by calculating the
+ hash of the encoded data structure and taking the low-order three bytes of
+ the hash output. The low-order three bytes are the last three bytes of the
+ 32-byte hash when represented in network byte order. If the data structure
+ is subject to canonicalization it is canonicalized before hashing. See
+ Example below.
+
+
+ The hash algorithm to be used to calculate a HashedId3 within a
+ structure depends on the context. In this standard, for each structure
+ that includes a HashedId3 field, the corresponding text indicates how the
+ hash algorithm is determined. See also the discussion in 5.3.9.
+
+ Example: Consider the SHA-256 hash of the empty string:
+
+ SHA-256("") =
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+
+ The HashedId3 derived from this hash corresponds to the following:
+
+ HashedId3 = 52b855.
+```asn1
+HashedId3 ::= OCTET STRING (SIZE(3))
+```
+
+
+### SequenceOfHashedId3
+This type is used for clarity of definitions.
+```asn1
+SequenceOfHashedId3 ::= SEQUENCE OF HashedId3
+```
+
+
+### HashedId8
+This type contains the truncated hash of another data structure.
+ The HashedId8 for a given data structure is calculated by calculating the
+ hash of the encoded data structure and taking the low-order eight bytes of
+ the hash output. The low-order eight bytes are the last eight bytes of the
+ hash when represented in network byte order. If the data structure
+ is subject to canonicalization it is canonicalized before hashing. See
+ Example below.
+
+
+ The hash algorithm to be used to calculate a HashedId8 within a
+ structure depends on the context. In this standard, for each structure
+ that includes a HashedId8 field, the corresponding text indicates how the
+ hash algorithm is determined. See also the discussion in 5.3.9.
+
+ Example: Consider the SHA-256 hash of the empty string:
+
+ SHA-256("") =
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+
+ The HashedId8 derived from this hash corresponds to the following:
+
+ HashedId8 = a495991b7852b855.
+```asn1
+HashedId8 ::= OCTET STRING (SIZE(8))
+```
+
+
+### HashedId10
+This type contains the truncated hash of another data structure.
+ The HashedId10 for a given data structure is calculated by calculating the
+ hash of the encoded data structure and taking the low-order ten bytes of
+ the hash output. The low-order ten bytes are the last ten bytes of the
+ hash when represented in network byte order. If the data structure
+ is subject to canonicalization it is canonicalized before hashing. See
+ Example below.
+
+
+ The hash algorithm to be used to calculate a HashedId10 within a
+ structure depends on the context. In this standard, for each structure
+ that includes a HashedId10 field, the corresponding text indicates how the
+ hash algorithm is determined. See also the discussion in 5.3.9.
+
+ Example: Consider the SHA-256 hash of the empty string:
+
+ SHA-256("") =
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+
+ The HashedId10 derived from this hash corresponds to the following:
+
+ HashedId10 = 934ca495991b7852b855.
+```asn1
+HashedId10 ::= OCTET STRING (SIZE(10))
+```
+
+
+### HashedId32
+This data structure contains the truncated hash of another data
+ structure. The HashedId32 for a given data structure is calculated by
+ calculating the hash of the encoded data structure and taking the
+ low-order 32 bytes of the hash output. The low-order 32 bytes are the last
+ 32 bytes of the hash when represented in network byte order. If the data
+ structure is subject to canonicalization it is canonicalized before
+ hashing. See Example below.
+
+
+ The hash algorithm to be used to calculate a HashedId32 within a
+ structure depends on the context. In this standard, for each structure
+ that includes a HashedId32 field, the corresponding text indicates how the
+ hash algorithm is determined. See also the discussion in 5.3.9.
+
+ Example: Consider the SHA-256 hash of the empty string:
+
+ SHA-256("") =
+ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+
+ The HashedId32 derived from this hash corresponds to the following:
+
+ HashedId32 = e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b8
+ 55.
+```asn1
+HashedId32 ::= OCTET STRING (SIZE(32))
+```
+
+
+### HashedId48
+This data structure contains the truncated hash of another data
+ structure. The HashedId48 for a given data structure is calculated by
+ calculating the hash of the encoded data structure and taking the
+ low-order 48 bytes of the hash output. The low-order 48 bytes are the last
+ 48 bytes of the hash when represented in network byte order. If the data
+ structure is subject to canonicalization it is canonicalized before
+ hashing. See Example below.
+
+
+ The hash algorithm to be used to calculate a HashedId48 within a
+ structure depends on the context. In this standard, for each structure
+ that includes a HashedId48 field, the corresponding text indicates how the
+ hash algorithm is determined. See also the discussion in 5.3.9.
+
+ Example: Consider the SHA-384 hash of the empty string:
+
+ SHA-384("") = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6
+ e1da274edebfe76f65fbd51ad2f14898b95b
+
+ The HashedId48 derived from this hash corresponds to the following:
+
+ HashedId48 = 38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e
+ 1da274edebfe76f65fbd51ad2f14898b95b.
+```asn1
+HashedId48 ::= OCTET STRING(SIZE(48))
+```
+
+
+### Time32
+This type gives the number of (TAI) seconds since 00:00:00 UTC, 1
+ January, 2004.
+```asn1
+Time32 ::= Uint32
+```
+
+
+### Time64
+This data structure is a 64-bit integer giving an estimate of the
+ number of (TAI) microseconds since 00:00:00 UTC, 1 January, 2004.
+```asn1
+Time64 ::= Uint64
+```
+
+### ValidityPeriod
+This type gives the validity period of a certificate. The start of
+ the validity period is given by start and the end is given by
+ start + duration.
+
+Fields:
+* start of type [**Time32**](Ieee1609Dot2BaseTypes.md#Time32)
+* duration of type [**Duration**](#Duration)
+
+```asn1
+ValidityPeriod ::= SEQUENCE {
+ start Time32,
+ duration Duration
+}
+```
+
+### Duration
+This structure represents the duration of validity of a
+ certificate. The Uint16 value is the duration, given in the units denoted
+ by the indicated choice. A year is considered to be 31556952 seconds,
+ which is the average number of seconds in a year.
+
+Fields:
+* microseconds of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+* milliseconds of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+
+* seconds of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+
+* minutes of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+
+* hours of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+
+* sixtyHours of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+
+* years of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+
+
+>>>
+NOTE: Years can be mapped more closely to wall-clock days using the hours
+ choice for up to 7 years and the sixtyHours choice for up to 448 years.
+>>>
+```asn1
+Duration ::= CHOICE {
+ microseconds Uint16,
+ milliseconds Uint16,
+ seconds Uint16,
+ minutes Uint16,
+ hours Uint16,
+ sixtyHours Uint16,
+ years Uint16
+}
+```
+
+### GeographicRegion
+This structure represents a geographic region of a specified form.
+ A certificate is not valid if any part of the region indicated in its
+ scope field lies outside the region indicated in the scope of its issuer.
+
+Fields:
+* circularRegion of type [**CircularRegion**](#CircularRegion)
+ contains a single instance of the CircularRegion
+ structure.
+
+
+* rectangularRegion of type [**SequenceOfRectangularRegion**](#SequenceOfRectangularRegion)
+ is an array of RectangularRegion structures
+ containing at least one entry. This field is interpreted as a series of
+ rectangles, which may overlap or be disjoint. The permitted region is any
+ point within any of the rectangles.
+
+
+
+* polygonalRegion of type [**PolygonalRegion**](#PolygonalRegion)
+ contains a single instance of the PolygonalRegion
+ structure.
+
+
+
+* identifiedRegion of type [**SequenceOfIdentifiedRegion**](#SequenceOfIdentifiedRegion)
+ is an array of IdentifiedRegion structures
+ containing at least one entry. The permitted region is any point within
+ any of the identified regions.
+
+
+
+
+>>>
+NOTE: Critical information fields:
+ - If present, this is a critical information field as defined in 5.2.6.
+ An implementation that does not recognize the indicated CHOICE when
+ verifying a signed SPDU shall indicate that the signed SPDU is invalid in
+ the sense of 4.2.2.3.2, that is, it is invalid in the sense that its
+ validity cannot be established.
+ - If selected, rectangularRegion is a critical information field as
+ defined in 5.2.6. An implementation that does not support the number of
+ RectangularRegion in rectangularRegions when verifying a signed SPDU shall
+ indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, that
+ is, it is invalid in the sense that its validity cannot be established.
+ A conformant implementation shall support rectangularRegions fields
+ containing at least eight entries.
+ - If selected, identifiedRegion is a critical information field as
+ defined in 5.2.6. An implementation that does not support the number of
+ IdentifiedRegion in identifiedRegion shall reject the signed SPDU as
+ invalid in the sense of 4.2.2.3.2, that is, it is invalid in the sense
+ that its validity cannot be established. A conformant implementation shall
+ support identifiedRegion fields containing at least eight entries.
+>>>
+```asn1
+GeographicRegion ::= CHOICE {
+ circularRegion CircularRegion,
+ rectangularRegion SequenceOfRectangularRegion,
+ polygonalRegion PolygonalRegion,
+ identifiedRegion SequenceOfIdentifiedRegion,
+ ...
+}
+```
+
+### CircularRegion
+This structure specifies a circle with its center at center, its
+ radius given in meters, and located tangential to the reference ellipsoid.
+ The indicated region is all the points on the surface of the reference
+ ellipsoid whose distance to the center point over the reference ellipsoid
+ is less than or equal to the radius. A point which contains an elevation
+ component is considered to be within the circular region if its horizontal
+ projection onto the reference ellipsoid lies within the region.
+
+Fields:
+* center of type [**TwoDLocation**](#TwoDLocation)
+* radius of type [**Uint16**](Ieee1609Dot2BaseTypes.md#Uint16)
+
+```asn1
+CircularRegion ::= SEQUENCE {
+ center TwoDLocation,
+ radius Uint16
+}
+```
+
+### RectangularRegion
+This structure specifies a rectangle on the surface of the WGS84 ellipsoid where the
+ sides are given by lines of constant latitude or longitude.
+ A point which contains an elevation component is considered to be within the rectangular region
+ if its horizontal projection onto the reference ellipsoid lies within the region.
+ A RectangularRegion is invalid if the northWest value is south of the southEast value, or if the
+ latitude values in the two points are equal, or if the longitude values in the two points are
+ equal; otherwise it is valid. A certificate that contains an invalid RectangularRegion is invalid.
+
+Fields:
+* northWest of type [**TwoDLocation**](#TwoDLocation)
+ is the north-west corner of the rectangle.
+
+
+* southEast of type [**TwoDLocation**](#TwoDLocation)
+ is the south-east corner of the rectangle.
+
+
+
+
+```asn1
+RectangularRegion ::= SEQUENCE {
+ northWest TwoDLocation,
+ southEast TwoDLocation
+}
+```
+
+
+### SequenceOfRectangularRegion
+This type is used for clarity of definitions.
+```asn1
+SequenceOfRectangularRegion ::= SEQUENCE OF RectangularRegion
+```
+
+
+### PolygonalRegion
+This structure defines a region using a series of distinct
+ geographic points, defined on the surface of the reference ellipsoid. The
+ region is specified by connecting the points in the order they appear,
+ with each pair of points connected by the geodesic on the reference
+ ellipsoid. The polygon is completed by connecting the final point to the
+ first point. The allowed region is the interior of the polygon and its
+ boundary.
+
+
+ A point which contains an elevation component is considered to be
+ within the polygonal region if its horizontal projection onto the
+ reference ellipsoid lies within the region.
+
+ A valid PolygonalRegion contains at least three points. In a valid
+ PolygonalRegion, the implied lines that make up the sides of the polygon
+ do not intersect.
+
+>>>
+NOTE: Critical information fields: If present, this is a critical
+ information field as defined in 5.2.6. An implementation that does not
+ support the number of TwoDLocation in the PolygonalRegion when verifying a
+ signed SPDU shall indicate that the signed SPDU is invalid. A compliant
+ implementation shall support PolygonalRegions containing at least eight
+ TwoDLocation entries.
+>>>
+```asn1
+PolygonalRegion ::= SEQUENCE SIZE (3..MAX) OF TwoDLocation
+```
+
+### TwoDLocation
+This structure is used to define validity regions for use in
+ certificates. The latitude and longitude fields contain the latitude and
+ longitude as defined above.
+
+Fields:
+* latitude of type [**Latitude**](#Latitude)
+* longitude of type [**Longitude**](#Longitude)
+
+
+>>>
+NOTE: This data structure is consistent with the location encoding
+ used in SAE J2735, except that values 900 000 001 for latitude (used to
+ indicate that the latitude was not available) and 1 800 000 001 for
+ longitude (used to indicate that the longitude was not available) are not
+ valid.
+>>>
+```asn1
+TwoDLocation ::= SEQUENCE {
+ latitude Latitude,
+ longitude Longitude
+}
+```
+
+### IdentifiedRegion
+This structure indicates the region of validity of a certificate
+ using region identifiers.
+ A conformant implementation that supports this type shall support at least
+ one of the possible CHOICE values. The Protocol Implementation Conformance
+ Statement (PICS) provided in Annex A allows an implementation to state
+ which CountryOnly values it recognizes.
+
+Fields:
+* countryOnly of type [**UnCountryId**](#UnCountryId)
+ indicates that only a country (or a geographic entity
+ included in a country list) is given.
+
+
+* countryAndRegions of type [**CountryAndRegions**](#CountryAndRegions)
+ indicates that one or more top-level regions
+ within a country (as defined by the region listing associated with that
+ country) is given.
+
+
+
+* countryAndSubregions of type [**CountryAndSubregions**](#CountryAndSubregions)
+ indicates that one or more regions smaller
+ than the top-level regions within a country (as defined by the region
+ listing associated with that country) is given.
+
+
+
+Critical information fields: If present, this is a critical
+ information field as defined in 5.2.6. An implementation that does not
+ recognize the indicated CHOICE when verifying a signed SPDU shall indicate
+ that the signed SPDU is invalid in the sense of 4.2.2.3.2, that is, it is
+ invalid in the sense that its validity cannot be established.
+```asn1
+IdentifiedRegion ::= CHOICE {
+ countryOnly UnCountryId,
+ countryAndRegions CountryAndRegions,
+ countryAndSubregions CountryAndSubregions,
+ ...
+}
+```
+
+
+### SequenceOfIdentifiedRegion
+This type is used for clarity of definitions.
+```asn1
+SequenceOfIdentifiedRegion ::= SEQUENCE OF IdentifiedRegion
+```
+
+
+### UnCountryId
+This type contains the integer representation of the country or
+ area identifier as defined by the United Nations Statistics Division in
+ October 2013 (see normative references in Clause 0).
+ A conformant implementation that implements IdentifiedRegion shall
+ recognize (in the sense of be able to determine whether a two dimensional
+ location lies inside or outside the borders identified by) at least one
+ value of UnCountryId. The Protocol Implementation Conformance Statement
+ (PICS) provided in Annex A allows an implementation to state which
+ UnCountryId values it recognizes.
+ Since 2013 and before the publication of this version of this standard,
+ three changes have been made to the country code list, to define the
+ region "sub-Saharan Africa" and remove the "developed regions", and
+ "developing regions". A conformant implementation may recognize these
+ region identifiers in the sense defined in the previous paragraph.
+ If a verifying implementation is required to check that relevant
+ geographic information in a signed SPDU is consistent with a certificate
+ containing one or more instances of this type, then the SDS is permitted
+ to indicate that the signed SPDU is valid even if some instances of this
+ type are unrecognized in the sense defined above, so long as the
+ recognized instances of this type completely contain the relevant
+ geographic information. Informally, if the recognized values in the
+ certificate allow the SDS to determine that the SPDU is valid, then it
+ can make that determination even if there are also unrecognized values in
+ the certificate. This field is therefore not a "critical information
+ field" as defined in 5.2.6, because unrecognized values are permitted so
+ long as the validity of the SPDU can be established with the recognized
+ values. However, as discussed in 5.2.6, the presence of an unrecognized
+ value in a certificate can make it impossible to determine whether the
+ certificate and the SPDU are valid.
+```asn1
+UnCountryId ::= Uint16
+```
+
+
+### CountryOnly
+This type is defined only for backwards compatibility.
+```asn1
+CountryOnly ::= UnCountryId
+```
+
+### CountryAndRegions
+A conformant implementation that supports CountryAndRegions shall
+ support a regions field containing at least eight entries.
+ A conformant implementation that implements this type shall recognize
+ (in the sense of "be able to determine whether a two dimensional location
+ lies inside or outside the borders identified by") at least one value of
+ UnCountryId and at least one value for a region within the country
+ indicated by that recognized UnCountryId value. In this version of this
+ standard, the only means to satisfy this is for a conformant
+ implementation to recognize the value of UnCountryId indicating USA and
+ at least one of the FIPS state codes for US states. The Protocol
+ Implementation Conformance Statement (PICS) provided in Annex A allows
+ an implementation to state which UnCountryId values it recognizes and
+ which region values are recognized within that country.
+ If a verifying implementation is required to check that an relevant
+ geographic information in a signed SPDU is consistent with a certificate
+ containing one or more instances of this type, then the SDS is permitted
+ to indicate that the signed SPDU is valid even if some values of country
+ or within regions are unrecognized in the sense defined above, so long
+ as the recognized instances of this type completely contain the relevant
+ geographic information. Informally, if the recognized values in the
+ certificate allow the SDS to determine that the SPDU is valid, then it
+ can make that determination even if there are also unrecognized values
+ in the certificate. This field is therefore not a "critical information
+ field" as defined in 5.2.6, because unrecognized values are permitted so
+ long as the validity of the SPDU can be established with the recognized
+ values. However, as discussed in 5.2.6, the presence of an unrecognized
+ value in a certificate can make it impossible to determine whether the
+ certificate is valid and so whether the SPDU is valid.
+ In this type:
+
+Fields:
+* countryOnly of type [**UnCountryId**](#UnCountryId)
+ is a UnCountryId as defined above.
+
+
+* regions of type [**SequenceOfUint8**](#SequenceOfUint8)
+ identifies one or more regions within the country. If
+ country indicates the United States of America, the values in this field
+ identify the state or statistically equivalent entity using the integer
+ version of the 2010 FIPS codes as provided by the U.S. Census Bureau
+ (see normative references in Clause 0). For other values of country, the
+ meaning of region is not defined in this version of this standard.
+
+
+
+
+```asn1
+CountryAndRegions ::= SEQUENCE {
+ countryOnly UnCountryId,
+ regions SequenceOfUint8
+}
+```
+
+### CountryAndSubregions
+A conformant implementation that supports CountryAndSubregions
+ shall support a regionAndSubregions field containing at least eight
+ entries.
+ A conformant implementation that implements this type shall recognize
+ (in the sense of be able to determine whether a two dimensional location
+ lies inside or outside the borders identified by) at least one value of
+ country and at least one value for a region within the country indicated
+ by that recognized country value. In this version of this standard, the
+ only means to satisfy this is for a conformant implementation to recognize
+ the value of UnCountryId indicating USA and at least one of the FIPS state
+ codes for US states. The Protocol Implementation Conformance Statement
+ (PICS) provided in Annex A allows an implementation to state which
+ UnCountryId values it recognizes and which region values are recognized
+ within that country.
+ If a verifying implementation is required to check that an relevant
+ geographic information in a signed SPDU is consistent with a certificate
+ containing one or more instances of this type, then the SDS is permitted
+ to indicate that the signed SPDU is valid even if some values of country
+ or within regionAndSubregions are unrecognized in the sense defined above,
+ so long as the recognized instances of this type completely contain the
+ relevant geographic information. Informally, if the recognized values in
+ the certificate allow the SDS to determine that the SPDU is valid, then
+ it can make that determination even if there are also unrecognized values
+ in the certificate. This field is therefore not a "critical information
+ field" as defined in 5.2.6, because unrecognized values are permitted so
+ long as the validity of the SPDU can be established with the recognized
+ values. However, as discussed in 5.2.6, the presence of an unrecognized
+ value in a certificate can make it impossible to determine whether the
+ certificate is valid and so whether the SPDU is valid.
+ In this structure:
+
+Fields:
+* countryOnly of type [**UnCountryId**](#UnCountryId)
+ is a UnCountryId as defined above.
+
+
+* regionAndSubregions of type [**SequenceOfRegionAndSubregions**](#SequenceOfRegionAndSubregions)
+ identifies one or more subregions within
+ country.
+
+
+
+
+```asn1
+CountryAndSubregions ::= SEQUENCE {
+ countryOnly UnCountryId,
+ regionAndSubregions SequenceOfRegionAndSubregions
+}
+```
+
+### RegionAndSubregions
+The meanings of the fields in this structure are to be interpreted
+ in the context of a country within which the region is located, referred
+ to as the "enclosing country". If this structure is used in a
+ CountryAndSubregions structure, the enclosing country is the one indicated
+ by the country field in the CountryAndSubregions structure. If other uses
+ are defined for this structure in future, it is expected that that
+ definition will include a specification of how the enclosing country can
+ be determined.
+ If the enclosing country is the United States of America:
+ - The region field identifies the state or statistically equivalent
+ entity using the integer version of the 2010 FIPS codes as provided by the
+ U.S. Census Bureau (see normative references in Clause 0).
+ - The values in the subregions field identify the county or county
+ equivalent entity using the integer version of the 2010 FIPS codes as
+ provided by the U.S. Census Bureau.
+ If the enclosing country is a different country from the USA, the meaning
+ of regionAndSubregions is not defined in this version of this standard.
+ A conformant implementation that implements this type shall recognize (in
+ the sense of "be able to determine whether a two-dimensional location lies
+ inside or outside the borders identified by"), for at least one enclosing
+ country, at least one value for a region within that country and at least
+ one subregion for the indicated region. In this version of this standard,
+ the only means to satisfy this is for a conformant implementation to
+ recognize, for the USA, at least one of the FIPS state codes for US
+ states, and at least one of the county codes in at least one of the
+ recognized states. The Protocol Implementation Conformance Statement
+ (PICS) provided in Annex A allows an implementation to state which
+ UnCountryId values it recognizes and which region values are recognized
+ within that country.
+ If a verifying implementation is required to check that an relevant
+ geographic information in a signed SPDU is consistent with a certificate
+ containing one or more instances of this type, then the SDS is permitted
+ to indicate that the signed SPDU is valid even if some values within
+ subregions are unrecognized in the sense defined above, so long as the
+ recognized instances of this type completely contain the relevant
+ geographic information. Informally, if the recognized values in the
+ certificate allow the SDS to determine that the SPDU is valid, then it
+ can make that determination even if there are also unrecognized values
+ in the certificate. This field is therefore not not a "critical
+ information field" as defined in 5.2.6, because unrecognized values are
+ permitted so long as the validity of the SPDU can be established with the
+ recognized values. However, as discussed in 5.2.6, the presence of an
+ unrecognized value in a certificate can make it impossible to determine
+ whether the certificate is valid and so whether the SPDU is valid.
+ In this structure:
+
+Fields:
+* region of type [**Uint8**](Ieee1609Dot2BaseTypes.md#Uint8)
+ identifies a region within a country.
+
+
+* subregions of type [**SequenceOfUint16**](#SequenceOfUint16)
+ identifies one or more subregions within region. A
+ conformant implementation that supports RegionAndSubregions shall support
+ a subregions field containing at least eight entries.
+
+
+
+
+```asn1
+RegionAndSubregions ::= SEQUENCE {
+ region Uint8,
+ subregions SequenceOfUint16
+}
+```
+
+
+### SequenceOfRegionAndSubregions
+This type is used for clarity of definitions.
+```asn1
+SequenceOfRegionAndSubregions ::= SEQUENCE OF RegionAndSubregions
+```
+
+### ThreeDLocation
+This structure contains an estimate of 3D location. The details of
+ the structure are given in the definitions of the individual fields below.
+
+Fields:
+* latitude of type [**Latitude**](#Latitude)
+* longitude of type [**Longitude**](#Longitude)
+
+* elevation of type [**Elevation**](#Elevation)
+
+
+>>>
+NOTE: The units used in this data structure are consistent with the
+ location data structures used in SAE J2735 [B26], though the encoding is
+ incompatible.
+>>>
+```asn1
+ThreeDLocation ::= SEQUENCE {
+ latitude Latitude,
+ longitude Longitude,
+ elevation Elevation
+}
+```
+
+
+### Latitude
+This type contains an INTEGER encoding an estimate of the latitude
+ with precision 1/10th microdegree relative to the World Geodetic System
+ (WGS)-84 datum as defined in NIMA Technical Report TR8350.2.
+ The integer in the latitude field is no more than 900 000 000 and no less
+ than ?900 000 000, except that the value 900 000 001 is used to indicate
+ the latitude was not available to the sender.
+```asn1
+Latitude ::= NinetyDegreeInt
+```
+
+
+### Longitude
+This type contains an INTEGER encoding an estimate of the longitude
+ with precision 1/10th microdegree relative to the World Geodetic System
+ (WGS)-84 datum as defined in NIMA Technical Report TR8350.2.
+ The integer in the longitude field is no more than 1 800 000 000 and no
+ less than ?1 799 999 999, except that the value 1 800 000 001 is used to
+ indicate that the longitude was not available to the sender.
+```asn1
+Longitude ::= OneEightyDegreeInt
+```
+
+
+### Elevation
+This structure contains an estimate of the geodetic altitude above
+ or below the WGS84 ellipsoid. The 16-bit value is interpreted as an
+ integer number of decimeters representing the height above a minimum
+ height of -409.5 m, with the maximum height being 6143.9 m.
+```asn1
+Elevation ::= Uint16
+```
+
+
+### NinetyDegreeInt
+The integer in the latitude field is no more than 900,000,000 and
+ no less than -900,000,000, except that the value 900,000,001 is used to
+ indicate the latitude was not available to the sender.
+```asn1
+NinetyDegreeInt ::= INTEGER {
+ min (-900000000),
+ max (900000000),
+ unknown (900000001)
+} (-900000000..900000001)
+```
+
+
+### KnownLatitude
+The known latitudes are from -900,000,000 to +900,000,000 in 0.1
+ microdegree intervals.
+```asn1
+KnownLatitude ::= NinetyDegreeInt (min..max)
+```
+
+
+### UnknownLatitude
+The value 900,000,001 indicates that the latitude was not
+ available to the sender.
+```asn1
+UnknownLatitude ::= NinetyDegreeInt (unknown)
+```
+
+
+### OneEightyDegreeInt
+The integer in the longitude field is no more than 1,800,000,000
+ and no less than -1,799,999,999, except that the value 1,800,000,001 is
+ used to indicate that the longitude was not available to the sender.
+```asn1
+OneEightyDegreeInt ::= INTEGER {
+ min (-1799999999),
+ max (1800000000),
+ unknown (1800000001)
+} (-1799999999..1800000001)
+```
+
+
+### KnownLongitude
+The known longitudes are from -1,799,999,999 to +1,800,000,000 in
+ 0.1 microdegree intervals.
+```asn1
+KnownLongitude ::= OneEightyDegreeInt (min..max)
+```
+
+
+### UnknownLongitude
+The value 1,800,000,001 indicates that the longitude was not
+ available to the sender.
+```asn1
+UnknownLongitude ::= OneEightyDegreeInt (unknown)
+```
+
+### Signature
+This structure represents a signature for a supported public key
+ algorithm. It may be contained within SignedData or Certificate.
+
+Fields:
+* ecdsaNistP256Signature of type [**EcdsaP256Signature**](#EcdsaP256Signature)
+* ecdsaBrainpoolP256r1Signature of type [**EcdsaP256Signature**](#EcdsaP256Signature)
+
+* ecdsaBrainpoolP384r1Signature of type [**EcdsaP384Signature**](#EcdsaP384Signature)
+
+ ...,
+* ecdsaNistP384Signature of type [**EcdsaP384Signature**](#EcdsaP384Signature)
+
+* sm2Signature of type [**EcsigP256Signature**](#EcsigP256Signature)
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2. The canonicalization
+ applies to instances of this data structure of form EcdsaP256Signature
+ and EcdsaP384Signature.
+>>>
+```asn1
+Signature ::= CHOICE {
+ ecdsaNistP256Signature EcdsaP256Signature,
+ ecdsaBrainpoolP256r1Signature EcdsaP256Signature,
+ ...,
+ ecdsaBrainpoolP384r1Signature EcdsaP384Signature,
+ ecdsaNistP384Signature EcdsaP384Signature,
+ sm2Signature EcsigP256Signature
+}
+```
+
+### EcdsaP256Signature
+This structure represents an ECDSA signature. The signature is
+ generated as specified in 5.3.1.
+
+
+ If the signature process followed the specification of FIPS 186-4
+ and output the integer r, r is represented as an EccP256CurvePoint
+ indicating the selection x-only.
+
+ If the signature process followed the specification of SEC 1 and
+ output the elliptic curve point R to allow for fast verification, R is
+ represented as an EccP256CurvePoint indicating the choice compressed-y-0,
+ compressed-y-1, or uncompressed at the sender's discretion.
+
+
+
+ NISTp256:
+ - p = FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF
+ - n = FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551
+
+ Brainpoolp256:
+ - p = A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377
+ - n = A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7
+
+Fields:
+* rSig of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+* sSig of type **OCTET STRING** (SIZE (32))
+
+
+>>>
+NOTE: When the signature is of form x-only, the x-value in rSig is
+ an integer mod n, the order of the group; when the signature is of form
+ compressed-y-\*, the x-value in rSig is an integer mod p, the underlying
+ prime defining the finite field. In principle this means that to convert a
+ signature from form compressed-y-\* to form x-only, the converter checks
+ the x-value to see if it lies between n and p and reduces it mod n if so.
+ In practice this check is unnecessary: Haase's Theorem states that
+ difference between n and p is always less than 2*square-root(p), and so the
+ chance that an integer lies between n and p, for a 256-bit curve, is
+ bounded above by approximately square-root(p)/p or 2(-128). For the
+ 256-bit curves in this standard, the exact values of n and p in hexadecimal
+ are:
+>>>
+```asn1
+EcdsaP256Signature ::= SEQUENCE {
+ rSig EccP256CurvePoint,
+ sSig OCTET STRING (SIZE (32))
+}
+```
+
+### EcdsaP384Signature
+This structure represents an ECDSA signature. The signature is
+ generated as specified in 5.3.1.
+
+
+ If the signature process followed the specification of FIPS 186-4
+ and output the integer r, r is represented as an EccP384CurvePoint
+ indicating the selection x-only.
+
+ If the signature process followed the specification of SEC 1 and
+ output the elliptic curve point R to allow for fast verification, R is
+ represented as an EccP384CurvePoint indicating the choice compressed-y-0,
+ compressed-y-1, or uncompressed at the sender's discretion.
+
+Fields:
+* rSig of type [**EccP384CurvePoint**](#EccP384CurvePoint)
+* sSig of type **OCTET STRING** (SIZE (48))
+
+
+>>>
+NOTE: When the signature is of form x-only, the x-value in rSig is
+ an integer mod n, the order of the group; when the signature is of form
+ compressed-y-\*, the x-value in rSig is an integer mod p, the underlying
+ prime defining the finite field. In principle this means that to convert a
+ signature from form compressed-y-* to form x-only, the converter checks the
+ x-value to see if it lies between n and p and reduces it mod n if so. In
+ practice this check is unnecessary: Haase's Theorem states that difference
+ between n and p is always less than 2*square-root(p), and so the chance
+ that an integer lies between n and p, for a 384-bit curve, is bounded
+ above by approximately square-root(p)/p or 2(-192). For the 384-bit curve
+ in this standard, the exact values of n and p in hexadecimal are:
+ - p = 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B412B1DA197FB71123
+ ACD3A729901D1A71874700133107EC53
+ - n = 8CB91E82A3386D280F5D6F7E50E641DF152F7109ED5456B31F166E6CAC0425A7
+ CF3AB6AF6B7FC3103B883202E9046565
+>>>
+```asn1
+EcdsaP384Signature ::= SEQUENCE {
+ rSig EccP384CurvePoint,
+ sSig OCTET STRING (SIZE (48))
+}
+```
+
+### EcsigP256Signature
+This structure represents a elliptic curve signature where the
+ component r is constrained to be an integer. This structure supports SM2
+ signatures as specified in 5.3.1.3.
+
+Fields:
+* rSig of type **OCTET STRING** (SIZE (32))
+* sSig of type **OCTET STRING** (SIZE (32))
+
+```asn1
+EcsigP256Signature ::= SEQUENCE {
+ rSig OCTET STRING (SIZE (32)),
+ sSig OCTET STRING (SIZE (32))
+}
+```
+
+### EccP256CurvePoint
+This structure specifies a point on an elliptic curve in Weierstrass
+ form defined over a 256-bit prime number. The curves supported in this
+ standard are NIST p256 as defined in FIPS 186-4, Brainpool p256r1 as
+ defined in RFC 5639, and the SM2 curve as defined in GB/T 32918.5-2017.
+ The fields in this structure are OCTET STRINGS produced with the elliptic
+ curve point encoding and decoding methods defined in subclause 5.5.6 of
+ IEEE Std 1363-2000. The x-coordinate is encoded as an unsigned integer of
+ length 32 octets in network byte order for all values of the CHOICE; the
+ encoding of the y-coordinate y depends on whether the point is x-only,
+ compressed, or uncompressed. If the point is x-only, y is omitted. If the
+ point is compressed, the value of type depends on the least significant
+ bit of y: if the least significant bit of y is 0, type takes the value
+ compressed-y-0, and if the least significant bit of y is 1, type takes the
+ value compressed-y-1. If the point is uncompressed, y is encoded explicitly
+ as an unsigned integer of length 32 octets in network byte order.
+
+Fields:
+* x-only of type **OCTET STRING** (SIZE (32))
+* fill of type **NULL**
+
+* compressed-y-0 of type **OCTET STRING** (SIZE (32))
+
+* compressed-y-1 of type **OCTET STRING** (SIZE (32))
+
+* uncompressedP256 of type **SEQUENCE** {
+ x OCTET STRING (SIZE (32)),
+ y OCTET STRING (SIZE (32))
+ }
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2 if it appears in a
+ HeaderInfo or in a ToBeSignedCertificate. See the definitions of HeaderInfo
+ and ToBeSignedCertificate for a specification of the canonicalization
+ operations.
+>>>
+```asn1
+EccP256CurvePoint::= CHOICE {
+ x-only OCTET STRING (SIZE (32)),
+ fill NULL,
+ compressed-y-0 OCTET STRING (SIZE (32)),
+ compressed-y-1 OCTET STRING (SIZE (32)),
+ uncompressedP256 SEQUENCE {
+ x OCTET STRING (SIZE (32)),
+ y OCTET STRING (SIZE (32))
+ }
+}
+```
+
+### EccP384CurvePoint
+This structure specifies a point on an elliptic curve in
+ Weierstrass form defined over a 384-bit prime number. The only supported
+ such curve in this standard is Brainpool p384r1 as defined in RFC 5639.
+ The fields in this structure are octet strings produced with the elliptic
+ curve point encoding and decoding methods defined in subclause 5.5.6 of
+ IEEE Std 1363-2000. The x-coordinate is encoded as an unsigned integer of
+ length 48 octets in network byte order for all values of the CHOICE; the
+ encoding of the y-coordinate y depends on whether the point is x-only,
+ compressed, or uncompressed. If the point is x-only, y is omitted. If the
+ point is compressed, the value of type depends on the least significant
+ bit of y: if the least significant bit of y is 0, type takes the value
+ compressed-y-0, and if the least significant bit of y is 1, type takes the
+ value compressed-y-1. If the point is uncompressed, y is encoded
+ explicitly as an unsigned integer of length 48 octets in network byte order.
+
+Fields:
+* x-only of type **OCTET STRING** (SIZE (48))
+* fill of type **NULL**
+
+* compressed-y-0 of type **OCTET STRING** (SIZE (48))
+
+* compressed-y-1 of type **OCTET STRING** (SIZE (48))
+
+* uncompressedP384 of type **SEQUENCE** {
+ x OCTET STRING (SIZE (48)),
+ y OCTET STRING (SIZE (48))
+ }
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2 if it appears in a
+ HeaderInfo or in a ToBeSignedCertificate. See the definitions of HeaderInfo
+ and ToBeSignedCertificate for a specification of the canonicalization
+ operations.
+>>>
+```asn1
+EccP384CurvePoint::= CHOICE {
+ x-only OCTET STRING (SIZE (48)),
+ fill NULL,
+ compressed-y-0 OCTET STRING (SIZE (48)),
+ compressed-y-1 OCTET STRING (SIZE (48)),
+ uncompressedP384 SEQUENCE {
+ x OCTET STRING (SIZE (48)),
+ y OCTET STRING (SIZE (48))
+ }
+}
+```
+
+
+### SymmAlgorithm
+This enumerated value indicates supported symmetric algorithms. The
+ algorithm identifier identifies both the algorithm itself and a specific
+ mode of operation. The symmetric algorithms supported in this version of
+ this standard are AES-128 and SM4. The only mode of operation supported is
+ Counter Mode Encryption With Cipher Block Chaining Message Authentication
+ Code (CCM). Full details are given in 5.3.8.
+```asn1
+SymmAlgorithm ::= ENUMERATED {
+ aes128Ccm,
+ ...,
+ sm4Ccm
+}
+```
+
+
+### HashAlgorithm
+This structure identifies a hash algorithm. The value sha256,
+ indicates SHA-256. The value sha384 indicates SHA-384. The value sm3
+ indicates SM3. See 5.3.3 for more details.
+
+>>>
+NOTE: Critical information fields: This is a critical information field as
+ defined in 5.2.6. An implementation that does not recognize the enumerated
+ value of this type in a signed SPDU when verifying a signed SPDU shall
+ indicate that the signed SPDU is invalid in the sense of 4.2.2.3.2, that
+ is, it is invalid in the sense that its validity cannot be established.
+>>>
+```asn1
+HashAlgorithm ::= ENUMERATED {
+ sha256,
+ ...,
+ sha384,
+ sm3
+}
+```
+
+### EciesP256EncryptedKey
+This data structure is used to transfer a 16-byte symmetric key
+ encrypted using ECIES as specified in IEEE Std 1363a-2004. The symmetric
+ key is input to the key encryption process with no headers, encapsulation,
+ or length indication. Encryption and decryption are carried out as
+ specified in 5.3.5.1.
+
+Fields:
+* v of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+ is the sender's ephemeral public key, which is the output V from
+ encryption as specified in 5.3.5.1.
+
+
+* c of type **OCTET STRING** (SIZE (16))
+ is the encrypted symmetric key, which is the output C from
+ encryption as specified in 5.3.5.1. The algorithm for the symmetric key
+ is identified by the CHOICE indicated in the following SymmetricCiphertext.
+ For ECIES this shall be AES-128.
+
+
+
+* t of type **OCTET STRING** (SIZE (16))
+ is the authentication tag, which is the output tag from
+ encryption as specified in 5.3.5.1.
+
+
+
+
+```asn1
+EciesP256EncryptedKey ::= SEQUENCE {
+ v EccP256CurvePoint,
+ c OCTET STRING (SIZE (16)),
+ t OCTET STRING (SIZE (16))
+}
+```
+
+### EcencP256EncryptedKey
+This data structure is used to transfer a 16-byte symmetric key
+ encrypted using SM2 encryption as specified in 5.3.3. The symmetric key is
+ input to the key encryption process with no headers, encapsulation, or
+ length indication. Encryption and decryption are carried out as specified
+ in 5.3.5.2.
+
+Fields:
+* v of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+ is the sender's ephemeral public key, which is the output V from
+ encryption as specified in 5.3.5.2.
+
+
+* c of type **OCTET STRING** (SIZE (16))
+ is the encrypted symmetric key, which is the output C from
+ encryption as specified in 5.3.5.2. The algorithm for the symmetric key
+ is identified by the CHOICE indicated in the following SymmetricCiphertext.
+ For SM2 this algorithm shall be SM4.
+
+
+
+* t of type **OCTET STRING** (SIZE (32))
+ is the authentication tag, which is the output tag from
+ encryption as specified in 5.3.5.2.
+
+
+
+
+```asn1
+EcencP256EncryptedKey ::= SEQUENCE {
+ v EccP256CurvePoint,
+ c OCTET STRING (SIZE (16)),
+ t OCTET STRING (SIZE (32))
+}
+```
+
+### EncryptionKey
+This structure contains an encryption key, which may be a public or
+ a symmetric key.
+
+Fields:
+* public of type [**PublicEncryptionKey**](Ieee1609Dot2BaseTypes.md#PublicEncryptionKey)
+* symmetric of type [**SymmetricEncryptionKey**](Ieee1609Dot2BaseTypes.md#SymmetricEncryptionKey)
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2 if it appears in a
+ HeaderInfo or in a ToBeSignedCertificate. The canonicalization applies to
+ the PublicEncryptionKey. See the definitions of HeaderInfo and
+ ToBeSignedCertificate for a specification of the canonicalization
+ operations.
+>>>
+```asn1
+EncryptionKey ::= CHOICE {
+ public PublicEncryptionKey,
+ symmetric SymmetricEncryptionKey
+}
+```
+
+### PublicEncryptionKey
+This structure specifies a public encryption key and the associated
+ symmetric algorithm which is used for bulk data encryption when encrypting
+ for that public key.
+
+Fields:
+* supportedSymmAlg of type [**SymmAlgorithm**](#SymmAlgorithm)
+* publicKey of type [**BasePublicEncryptionKey**](#BasePublicEncryptionKey)
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2 if it appears in a
+ HeaderInfo or in a ToBeSignedCertificate. The canonicalization applies to
+ the BasePublicEncryptionKey. See the definitions of HeaderInfo and
+ ToBeSignedCertificate for a specification of the canonicalization
+ operations.
+>>>
+```asn1
+PublicEncryptionKey ::= SEQUENCE {
+ supportedSymmAlg SymmAlgorithm,
+ publicKey BasePublicEncryptionKey
+}
+```
+
+### BasePublicEncryptionKey
+This structure specifies the bytes of a public encryption key for
+ a particular algorithm. Supported public key encryption algorithms are
+ defined in 5.3.5.
+
+Fields:
+* eciesNistP256 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+* eciesBrainpoolP256r1 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+
+* ecencSm2 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+
+ ...,
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2 if it appears in a
+ HeaderInfo or in a ToBeSignedCertificate. See the definitions of HeaderInfo
+ and ToBeSignedCertificate for a specification of the canonicalization
+ operations.
+>>>
+```asn1
+BasePublicEncryptionKey ::= CHOICE {
+ eciesNistP256 EccP256CurvePoint,
+ eciesBrainpoolP256r1 EccP256CurvePoint,
+ ...,
+ ecencSm2 EccP256CurvePoint
+}
+```
+
+### PublicVerificationKey
+This structure represents a public key and states with what
+ algorithm the public key is to be used. Cryptographic mechanisms are
+ defined in 5.3.
+ An EccP256CurvePoint or EccP384CurvePoint within a PublicVerificationKey
+ structure is invalid if it indicates the choice x-only.
+
+Fields:
+* ecdsaNistP256 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+* ecdsaBrainpoolP256r1 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+
+* ecdsaBrainpoolP384r1 of type [**EccP384CurvePoint**](#EccP384CurvePoint)
+
+ ... ,
+* ecdsaNistP384 of type [**EccP384CurvePoint**](#EccP384CurvePoint)
+
+* ecsigSm2 of type [**EccP256CurvePoint**](Ieee1609Dot2BaseTypes.md#EccP256CurvePoint)
+
+
+>>>
+NOTE: Canonicalization: This data structure is subject to canonicalization
+ for the relevant operations specified in 6.1.2. The canonicalization
+ applies to the EccP256CurvePoint and the Ecc384CurvePoint. Both forms of
+ point are encoded in compressed form, i.e., such that the choice indicated
+ within the Ecc*CurvePoint is compressed-y-0 or compressed-y-1.
+>>>
+```asn1
+PublicVerificationKey ::= CHOICE {
+ ecdsaNistP256 EccP256CurvePoint,
+ ecdsaBrainpoolP256r1 EccP256CurvePoint,
+ ... ,
+ ecdsaBrainpoolP384r1 EccP384CurvePoint,
+ ecdsaNistP384 EccP384CurvePoint,
+ ecsigSm2 EccP256CurvePoint
+}
+```
+
+### SymmetricEncryptionKey
+This structure provides the key bytes for use with an identified
+ symmetric algorithm. The supported symmetric algorithms are AES-128 and
+ SM4 in CCM mode as specified in 5.3.8.
+
+Fields:
+* aes128Ccm of type **OCTET STRING** (SIZE(16))
+* sm4Ccm of type **OCTET STRING** (SIZE(16))
+
+ ...,
+```asn1
+SymmetricEncryptionKey ::= CHOICE {
+ aes128Ccm OCTET STRING(SIZE(16)),
+ ...,
+ sm4Ccm OCTET STRING(SIZE(16))
+}
+```
+
+### PsidSsp
+This structure represents the permissions that the certificate
+ holder has with respect to activities for a single application area,
+ identified by a Psid.
+
+
+
+
+
+
+ For consistency rules for other forms of the ssp field, see the
+ following subclauses.
+
+Fields:
+* psid of type [**Psid**](Ieee1609Dot2BaseTypes.md#Psid)
+* ssp of type [**ServiceSpecificPermissions**](Ieee1609Dot2BaseTypes.md#ServiceSpecificPermissions) OPTIONAL
+
+
+>>>
+NOTE: Consistency with issuing certificate: If a certificate has an
+ appPermissions entry A for which the ssp field is omitted, A is consistent
+ with the issuing certificate if the issuing certificate contains a
+ PsidSspRange P for which the following holds:
+ - The psid field in P is equal to the psid field in A and one of the
+ following is true:
+ - The sspRange field in P indicates all.
+ - The sspRange field in P indicates opaque and one of the entries in
+ opaque is an OCTET STRING of length 0.
+>>>
+```asn1
+PsidSsp ::= SEQUENCE {
+ psid Psid,
+ ssp ServiceSpecificPermissions OPTIONAL
+}
+```
+
+
+### SequenceOfPsidSsp
+This type is used for clarity of definitions.
+```asn1
+SequenceOfPsidSsp ::= SEQUENCE OF PsidSsp
+```
+
+
+### Psid
+This type represents the PSID defined in IEEE Std 1609.12.
+```asn1
+Psid ::= INTEGER (0..MAX)
+```
+
+
+### SequenceOfPsid
+This type is used for clarity of definitions.
+```asn1
+SequenceOfPsid ::= SEQUENCE OF Psid
+```
+
+### ServiceSpecificPermissions
+This structure represents the Service Specific Permissions (SSP)
+ relevant to a given entry in a PsidSsp. The meaning of the SSP is specific
+ to the associated Psid. SSPs may be PSID-specific octet strings or
+ bitmap-based. See Annex C for further discussion of how application
+ specifiers may choose which SSP form to use.
+
+
+
+ For consistency rules for other types of ServiceSpecificPermissions,
+ see the following subclauses.
+
+Fields:
+* opaque of type **OCTET STRING** (SIZE(0..MAX))
+* bitmapSsp of type [**BitmapSsp**](#BitmapSsp)
+
+ ...,
+
+>>>
+NOTE: Consistency with issuing certificate: If a certificate has an
+ appPermissions entry A for which the ssp field is opaque, A is consistent
+ with the issuing certificate if the issuing certificate contains one of
+ the following:
+ - (OPTION 1) A SubjectPermissions field indicating the choice all and
+ no PsidSspRange field containing the psid field in A;
+ - (OPTION 2) A PsidSspRange P for which the following holds:
+ - The psid field in P is equal to the psid field in A and one of the
+ following is true:
+ - The sspRange field in P indicates all.
+ - The sspRange field in P indicates opaque and one of the entries in
+ the opaque field in P is an OCTET STRING identical to the opaque field in
+ A.
+>>>
+```asn1
+ServiceSpecificPermissions ::= CHOICE {
+ opaque OCTET STRING (SIZE(0..MAX)),
+ ...,
+ bitmapSsp BitmapSsp
+}
+```
+
+
+### BitmapSsp
+This structure represents a bitmap representation of a SSP. The
+ mapping of the bits of the bitmap to constraints on the signed SPDU is
+ PSID-specific.
+
+>>>
+NOTE: A BitmapSsp B is consistent with a BitmapSspRange R if for every
+ bit set to 1 in the sspBitmask in R, the bit in the identical position in
+ B is set equal to the bit in that position in the sspValue in R. For each
+ bit set to 0 in the sspBitmask in R, the corresponding bit in the
+ identical position in B may be freely set to 0 or 1, i.e., if a bit is
+ set to 0 in the sspBitmask in R, the value of corresponding bit in the
+ identical position in B has no bearing on whether B and R are consistent.
+>>>
+```asn1
+BitmapSsp ::= OCTET STRING (SIZE(0..31))
+```
+
+### PsidSspRange
+This structure represents the certificate issuing or requesting
+ permissions of the certificate holder with respect to one particular set
+ of application permissions.
+
+Fields:
+* psid of type [**Psid**](Ieee1609Dot2BaseTypes.md#Psid)
+ identifies the application area.
+
+
+* sspRange of type [**SspRange**](#SspRange) OPTIONAL
+ identifies the SSPs associated with that PSID for which
+ the holder may issue or request certificates. If sspRange is omitted, the
+ holder may issue or request certificates for any SSP for that PSID.
+
+
+
+
+```asn1
+PsidSspRange ::= SEQUENCE {
+ psid Psid,
+ sspRange SspRange OPTIONAL
+}
+```
+
+
+### SequenceOfPsidSspRange
+This type is used for clarity of definitions.
+```asn1
+SequenceOfPsidSspRange ::= SEQUENCE OF PsidSspRange
+```
+
+### SspRange
+This structure identifies the SSPs associated with a PSID for
+ which the holder may issue or request certificates.
+
+
+
+ If a certificate has a PsidSspRange A for which the ssp field is all,
+ A is consistent with the issuing certificate if the issuing certificate
+ contains a PsidSspRange P for which the following holds:
+ - (OPTION 1) A SubjectPermissions field indicating the choice all and
+ no PsidSspRange field containing the psid field in A;
+ - (OPTION 2) A PsidSspRange P for which the psid field in P is equal to
+ the psid field in A and the sspRange field in P indicates all.
+
+ For consistency rules for other types of SspRange, see the following
+ subclauses.
+
+Fields:
+* opaque of type [**SequenceOfOctetString**](#SequenceOfOctetString)
+* all of type **NULL**
+
+* bitmapSspRange of type [**BitmapSspRange**](#BitmapSspRange)
+
+ ...,
+
+>>>
+NOTE: The choice "all" may also be indicated by omitting the
+ SspRange in the enclosing PsidSspRange structure. Omitting the SspRange is
+ preferred to explicitly indicating "all".
+>>>
+```asn1
+SspRange ::= CHOICE {
+ opaque SequenceOfOctetString,
+ all NULL,
+ ...,
+ bitmapSspRange BitmapSspRange
+}
+```
+
+### BitmapSspRange
+This structure represents a bitmap representation of a SSP. The
+ sspValue indicates permissions. The sspBitmask contains an octet string
+ used to permit or constrain sspValue fields in issued certificates. The
+ sspValue and sspBitmask fields shall be of the same length.
+
+
+
+ Reference ETSI TS 103 097 for more information on bitmask SSPs.
+
+Fields:
+* sspValue of type **OCTET STRING** (SIZE(1..32))
+* sspBitmask of type **OCTET STRING** (SIZE(1..32))
+
+
+>>>
+NOTE: Consistency with issuing certificate: If a certificate has an
+ PsidSspRange value P for which the sspRange field is bitmapSspRange,
+ P is consistent with the issuing certificate if the issuing certificate
+ contains one of the following:
+ - (OPTION 1) A SubjectPermissions field indicating the choice all and
+ no PsidSspRange field containing the psid field in P;
+ - (OPTION 2) A PsidSspRange R for which the following holds:
+ - The psid field in R is equal to the psid field in P and one of the
+ following is true:
+ - EITHER The sspRange field in R indicates all
+ - OR The sspRange field in R indicates bitmapSspRange and for every
+ bit set to 1 in the sspBitmask in R:
+ - The bit in the identical position in the sspBitmask in P is set
+ equal to 1, AND
+ - The bit in the identical position in the sspValue in P is set equal
+ to the bit in that position in the sspValue in R.
+>>>
+```asn1
+BitmapSspRange ::= SEQUENCE {
+ sspValue OCTET STRING (SIZE(1..32)),
+ sspBitmask OCTET STRING (SIZE(1..32))
+}
+```
+
+
+### SubjectAssurance
+This type is used for clarity of definitions.
+
+This field contains the certificate holder's assurance level, which
+ indicates the security of both the platform and storage of secret keys as
+ well as the confidence in this assessment.
+
+
+ This field is encoded as defined in Table 1, where "A" denotes bit
+ fields specifying an assurance level, "R" reserved bit fields, and "C" bit
+ fields specifying the confidence.
+
+ Table 1: Bitwise encoding of subject assurance
+
+ | Bit number | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
+ | -------------- | --- | --- | --- | --- | --- | --- | --- | --- |
+ | Interpretation | A | A | A | R | R | R | C | C |
+
+ In Table 1, bit number 0 denotes the least significant bit. Bit 7
+ to bit 5 denote the device's assurance levels, bit 4 to bit 2 are reserved
+ for future use, and bit 1 and bit 0 denote the confidence.
+
+ The specification of these assurance levels as well as the
+ encoding of the confidence levels is outside the scope of the present
+ standard. It can be assumed that a higher assurance value indicates that
+ the holder is more trusted than the holder of a certificate with lower
+ assurance value and the same confidence value.
+
+>>>
+NOTE: This field was originally specified in ETSI TS 103 097 and
+ future uses of this field are anticipated to be consistent with future
+ versions of that standard.
+>>>
+```asn1
+SubjectAssurance ::= OCTET STRING (SIZE(1))
+```
+
+
+### CrlSeries
+This integer identifies a series of CRLs issued under the authority
+ of a particular CRACA.
+```asn1
+CrlSeries ::= Uint16
+```
+
+
+### IValue
+This atomic type is used in the definition of other data structures.
+```asn1
+IValue ::= Uint16
+```
+
+
+### Hostname
+This is a UTF-8 string as defined in IETF RFC 3629. The contents
+ are determined by policy.
+```asn1
+Hostname ::= UTF8String (SIZE(0..255))
+```
+
+
+### LinkageValue
+This is the individual linkage value. See 5.1.3 and 7.3 for details
+ of use.
+```asn1
+LinkageValue ::= OCTET STRING (SIZE(9))
+```
+
+### GroupLinkageValue
+This is the group linkage value. See 5.1.3 and 7.3 for details of
+ use.
+
+Fields:
+* jValue of type **OCTET STRING** (SIZE(4))
+* value of type **OCTET STRING** (SIZE(9))
+
+```asn1
+GroupLinkageValue ::= SEQUENCE {
+ jValue OCTET STRING (SIZE(4)),
+ value OCTET STRING (SIZE(9))
+}
+```
+
+
+### LaId
+This structure contains a LA Identifier for use in the algorithms
+ specified in 5.1.3.4.
+```asn1
+LaId ::= OCTET STRING (SIZE(2))
+```
+
+
+### SequenceOfLinkageSeed
+This type is used for clarity of definitions.
+```asn1
+SequenceOfLinkageSeed ::= SEQUENCE OF LinkageSeed
+```
+
+
+### LinkageSeed
+This structure contains a linkage seed value for use in the
+ algorithms specified in 5.1.3.4.
+```asn1
+LinkageSeed ::= OCTET STRING (SIZE(16))
+```
+
+### CERT-EXT-TYPE
+This structure is the Information Object Class used to contain
+ information about a set of certificate extensions that are associated with
+ each other: an AppExtension, a CertIssueExtension, and a
+ CertRequestExtension.
+
+Fields:
+* id of type [**ExtId**](Ieee1609Dot2BaseTypes.md#ExtId)
+```asn1
+CERT-EXT-TYPE ::= CLASS {
+ &id ExtId,
+ &App,
+ &Issue,
+ &Req
+} WITH SYNTAX {ID &id APP &App ISSUE &Issue REQUEST &Req}
+```
+
+### Extension
+This parameterized type represents a (id, content) pair drawn from
+ the set ExtensionTypes, which is constrained to contain objects defined by
+ the class EXT-TYPE.
+
+Fields:
+* id of type [**EXT-TYPE**](Ieee1609Dot2BaseTypes.md#EXT-TYPE) .&extId({ExtensionTypes})
+* content of type [**EXT-TYPE**](Ieee1609Dot2BaseTypes.md#EXT-TYPE) .&ExtContent({ExtensionTypes}{@.id})
+
+```asn1
+Extension {EXT-TYPE : ExtensionTypes} ::= SEQUENCE {
+ id EXT-TYPE.&extId({ExtensionTypes}),
+ content EXT-TYPE.&ExtContent({ExtensionTypes}{@.id})
+}
+```
+
+### EXT-TYPE
+This class defines objects in a form suitable for import into the
+ definition of HeaderInfo.
+
+Fields:
+* extId of type [**ExtId**](Ieee1609Dot2BaseTypes.md#ExtId)
+```asn1
+EXT-TYPE ::= CLASS {
+ &extId ExtId,
+ &ExtContent
+} WITH SYNTAX {&ExtContent IDENTIFIED BY &extId}
+```
+
+
+### ExtId
+This type is used as an identifier for instances of ExtContent
+ within an EXT-TYPE.
+```asn1
+ExtId ::= INTEGER(0..255)
+```
+
+
+
diff --git a/docs/SaeJ3287AsrBsm.md b/docs/SaeJ3287AsrBsm.md
new file mode 100644
index 0000000000000000000000000000000000000000..45f846eec27ff6240885cf1e3e6c5062bd824615
--- /dev/null
+++ b/docs/SaeJ3287AsrBsm.md
@@ -0,0 +1,12 @@
+# ASN.1 module SaeJ3287AsrBsm
+ OID: _{joint-iso-itu-t (2) country (16) us (840) organization (1) sae (114566) v2x-communications (1) technical-committees (1) v2x-security (4) technical-reports (1) misbehavior-reporting (1) asn1-module (1) aid-specific(2) bsm(32) version-1 (1) version-minor-0 (0)}_
+
+## Data Elements:
+
+### AsrBsm
+```asn1
+AsrBsm ::= NULL
+```
+
+
+
diff --git a/ieee1609.2 b/ieee1609.2
new file mode 160000
index 0000000000000000000000000000000000000000..880216d33d08b424764a319ae1d8ee825a793a47
--- /dev/null
+++ b/ieee1609.2
@@ -0,0 +1 @@
+Subproject commit 880216d33d08b424764a319ae1d8ee825a793a47
diff --git a/sec_ts103097 b/sec_ts103097
new file mode 160000
index 0000000000000000000000000000000000000000..5bb49cd927cde78bf88a2b0dac6b39ca9805a221
--- /dev/null
+++ b/sec_ts103097
@@ -0,0 +1 @@
+Subproject commit 5bb49cd927cde78bf88a2b0dac6b39ca9805a221