some x509 notes
Authority Key Identifier == Subject Key Identifier subject == issuer
The signatureValue field contains a digital signature computed upon the ASN.1 DER encoded tbsCertificate. The ASN.1 DER encoded tbsCertificate is used as the input to the signature function
Signature = signed hash of tbsCertificate (to be signed)
Signature algorithms are always used in conjunction with a one-way hash function. The data to be signed (e.g., the one-way hash function output value) is formatted for the signature algorithm to be used. Then, a private key operation (e.g., RSA encryption) is performed to generate the signature value.