How to recognize x509 flags

Is there any way to tell the difference between data after flags and sub-flags after the flag? in a yahoo certificate I exported, there is a section with a0 2d a0 2b ..., where it's all flags. On the other hand, the subject key ID is "a0 1e 6e 0c 9b 6e 6a eb d2 ae 5a 4a 18 ff 0e 93 46 1a d6 32". How would I开发者_如何学Go tell the difference between which is what? other flags such as 03, 04, and 06 do this a lot

Also, does anyone recognize the string 86 29? its neither a flag nor readable data (the 29 is ")", but that doesnt seem to contribute to anything)

You can export the certificate in a file and then use CertUtil.exe -dump to examine contain of the certificate.

UPDATED based on the comment: Because of you pasted a long string in the comment, comments can be bad read. So I repeat the text of my last comment here:

The simplest way to decode the X.509 Extensions is using of CryptDecodeObjectEx with X509_EXTENSIONS. As a result you will receive CERT_EXTENSIONS - an array of CERT_EXTENSION (see msdn.microsoft.com/en-us/library/aa377195.aspx). An extension consist of an OID which define the extension, an attribute whether the extension if critical (whether you really MUST understand it) and an optional additional encoded extension data, which are in the most cases BER encoded NULL. Of cause you can decode the information yourself corresponds to 4.2 of RFC 3280, X.509 PKI (see http://www.ietf.org/rfc/rfc3280.txt).