Private/Certutil/ConvertFrom-CertutilAsn1.ps1

function ConvertFrom-CertutilAsn1 {
    [CmdletBinding(DefaultParameterSetName = 'Certificate')]
    param(
        [Parameter(Mandatory, ParameterSetName = 'Certificate')]
        [System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate,

        [Parameter(Mandatory, ParameterSetName = 'CertBase64')]
        [string] $CertBase64,

        [Parameter(Mandatory, ParameterSetName = 'CrlBase64')]
        [string] $CrlBase64
    )

    switch ($PSCmdlet.ParameterSetName) {
        'CertBase64' {
            $bytes = [Convert]::FromBase64String($CertBase64)
            $cert  = [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($bytes)
            ConvertFrom-CertutilAsn1 -Certificate $cert
        }
        'Certificate' {
            [PSCustomObject]@{
                Subject      = $Certificate.Subject
                Issuer       = $Certificate.Issuer
                SerialNumber = $Certificate.SerialNumber
                NotBefore    = $Certificate.NotBefore
                NotAfter     = $Certificate.NotAfter
                Thumbprint   = $Certificate.Thumbprint
                Extensions   = $Certificate.Extensions | ForEach-Object {
                    [PSCustomObject]@{
                        OID          = $_.Oid.Value
                        FriendlyName = $_.Oid.FriendlyName
                        Value        = $_.Format($false)
                    }
                }
                RawCert      = $Certificate
            }
        }
        'CrlBase64' {
            # CRL ASN.1 decoded via certutil -dump (PS 5.1 compatible, no X509CRL2 class needed)
            $tempCrl = [IO.Path]::Combine([IO.Path]::GetTempPath(), "$([IO.Path]::GetRandomFileName()).crl")
            try {
                [IO.File]::WriteAllBytes($tempCrl, [Convert]::FromBase64String($CrlBase64))
                $dump = & certutil.exe -dump $tempCrl 2>&1
                if ($dump -match 'CertUtil:.*command FAILED') {
                    throw "certutil -dump failed on CRL: $($dump -join ' ')"
                }
                [PSCustomObject]@{
                    RawDump   = $dump -join "`n"
                    CrlBase64 = $CrlBase64
                }
            } finally {
                Remove-Item -Path $tempCrl -ErrorAction SilentlyContinue
            }
        }
    }
}