The CERT_AUTHORITY_KEY_ID_INFO structure, which can be used for either a certificate extension or a CRL extension, identifies the CA's key used to sign the certificate or CRL. It enables distinct keys used by the same CA to be differentiated (for example, as key updating occurs). The key may be identified by an explicit key identifier, by identification of a certificate for the key (giving certificate issuer and certificate serial number), or both. If both are used then the certificate issuer shall ensure that all three fields are consistent.
When the CryptDecodeObject or CryptDecodeObjectEx function is performed on a CERT_EXTENSION structure's Value member, and the structure's pszObjId member is set to "2.5.29.1", this CERT_AUTHORITY_KEY_ID_INFO is output from the function call.
typedef struct _CERT_AUTHORITY_KEY_ID_INFO {
CRYPT_DATA_BLOB KeyId;
CERT_NAME_BLOB CertIssuer;
CRYPT_INTEGER_BLOB CertSerialNumber;
} CERT_AUTHORITY_KEY_ID_INFO, *PCERT_AUTHORITY_KEY_ID_INFO;