extracting raw ASN.1 parts from X.509 certificate

I'd like to extract raw hex ASN.1 data from X.509 certificate. I know, that I can do this by using DER format and hexdumping it.

I'm interested in particular parts like "subject", "issuer" and their raw hex ASN1 data.

Solution 1:

Determine offset of interesting part by using (number in first column):

openssl x509 -in crt.pem -outform der | openssl asn1parse -inform der -i

For example, if "subject" entry is at offset 119. Dump raw data of that substructure:

openssl x509 -in crt.pem -outform der | openssl asn1parse -inform der -i -strparse 119 -noout -out subject.raw

Now print raw hex data:

cat subject.raw | od --address-radix=n --format=x1 | tr -d ' \n'