SubIndication Enumeration

The signer's certificate has been revoked.

The signature is invalid because at least one hash of the signed data object(s) included in the signing process does not match the corresponding hash value in the signature.

The signature is invalid because the signature value in the signature could not be verified using the signer's public key in the signer's certificate.

The signature is considered invalid because one or more properties of the signature do not match the validation constraints.

The signature is considered invalid because the certificate chain used in the validation process does not match the validation constraints related to the certificate.

The signature is considered invalid because at least one of the algorithms used in an element (e.g. the signature value, a certificate, etc.) has been considered unreliable. Either the algorithm used to invalidate the signature or the size of the keys used by the algorithm are no longer considered secure. The Signature Validation Algorithm has detected that this element was generated after this algorithm was deemed insecure.

The signature is considered invalid because the Signature Validation Algorithm has detected that the signing time is after the expiration date (notAfter) of the signer's certificate.

The signature is considered invalid because the Signature Validation Algorithm has detected that the signing time is before the issue date (notBefore) of the signer's certificate.

The signature is not conformant to one of the base standards

The formal policy file could not be processed (e.g. not accessible, not parsable, etc.)

The signature was created using a policy and commitment type that is unknown to the SVA.

Constraints on the order of signature time-stamps and/or signed data object (s) time-stamps are not respected.

The signer's certificate cannot be identified.

No certificate chain has been found for the identified signer's certificate.

The signer's certificate was revoked at the validation date/time. The Signature Validation Algorithm cannot determine whether the signing time is before or after the revocation time.

At least one certificate chain was found, but an intermediate CA certificate has been revoked.

The signer's certificate is expired or not yet valid at the validation date/time. The Signature Validation Algorithm cannot determine that the signing time is within the validity interval of the signer's certificate.

At least one of the algorithms used in an element (e.g. the signature value, a certificate, etc.) to validate the signature or the size of the keys used in the algorithm are no longer considered reliable at the validation date/time. The Signature Validation Algorithm cannot determine whether the element was generated before or after the algorithm or the size of the keys were considered unreliable.

A proof of existence that proves whether a signed object was produced before a compromising event (e.g. broken algorithm) is missing

Insufficient information to fulfill all constraints. It may be possible to fulfill all constraints with additional revocation information that will be available at a later point of time.

The policy to use for validation could not be identified.

Cannot obtain signed data.

The certificate's chain is incomplete. The Signature Validation Algorithm cannot determine whether the certificate is trusted.

The certificate has no revocation information. The Signature Validation Algorithm cannot determine whether the certificate has been revoked.

No revocation information is available in the revocation information sources. The Signature Validation Algorithm cannot determine whether the certificate has been revoked.

The certificate has expired and no revocation information is available in the signature or document. The Signature Validation Algorithm cannot determine whether the certificate has been revoked.

The certificate is not trusted because there is no valid path to a trust anchor.

Any other reason