diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e74f3db11..6e9c94ff1 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,7 +5,7 @@ permissions:
 env:
   BUILD_NUMBER: ${{ github.run_number }}
   CMAKE_BUILD_PARALLEL_LEVEL: 4
-  UBUNTU_DEPS: cmake xsdcxx libxml-security-c-dev libxml2-dev zlib1g-dev
+  UBUNTU_DEPS: cmake xsdcxx libxml-security-c-dev libxml2-dev libxmlsec1-dev zlib1g-dev
 jobs:
   macos:
     name: Build on macOS for ${{ matrix.target }}
@@ -47,6 +47,9 @@ jobs:
     - name: Build libxml2
       if: steps.cache.outputs.cache-hit != 'true'
       run: ./prepare_osx_build_environment.sh libxml2 ${{ matrix.target }}
+    - name: Build xmlsec1
+      if: steps.cache.outputs.cache-hit != 'true'
+      run: ./prepare_osx_build_environment.sh xmlasec ${{ matrix.target }}
     - name: Move to cache
       if: steps.cache.outputs.cache-hit != 'true'
       run: |
@@ -86,7 +89,7 @@ jobs:
     - name: Install Deps
       run: |
         dnf install -y --setopt=install_weak_deps=False \
-          git gcc-c++ cmake rpm-build xml-security-c-devel libxml2-devel zlib-devel doxygen boost-test swig python3-devel java-17-openjdk-devel xsd minizip-devel
+          git gcc-c++ cmake rpm-build xml-security-c-devel libxml2-devel xmlsec1-openssl-devel libtool-ltdl-devel zlib-devel doxygen boost-test swig python3-devel java-17-openjdk-devel xsd minizip-devel
     - name: Install CMake
       if: matrix.container == 39
       run: |
@@ -113,14 +116,14 @@ jobs:
     container: ubuntu:${{ matrix.container }}
     strategy:
       matrix:
-        container: ['20.04', '22.04', '23.10', '24.04']
+        container: ['20.04', '22.04', '24.04']
     env:
       DEBIAN_FRONTEND: noninteractive
       DEBFULLNAME: github-actions
       DEBEMAIL: github-actions@github.com
     steps:
     - name: Install dependencies
-      run: apt update -qq && apt install --no-install-recommends -y git lsb-release build-essential devscripts debhelper ${UBUNTU_DEPS} doxygen swig openjdk-11-jdk-headless libpython3-dev python3-setuptools libboost-test-dev lintian
+      run: apt update -qq && apt install --no-install-recommends -y git lsb-release build-essential devscripts debhelper lintian pkg-config ${UBUNTU_DEPS} doxygen swig openjdk-11-jdk-headless libpython3-dev python3-setuptools libboost-test-dev
     - name: Checkout
       uses: actions/checkout@v4
       with:
@@ -217,7 +220,7 @@ jobs:
         cmake -B build -S .
         cmake --build build --target docs
     - name: Deploy
-      uses: peaceiris/actions-gh-pages@v3
+      uses: peaceiris/actions-gh-pages@v4
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
         publish_dir: ./build/doc
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 4164ea2e4..568bf9efc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -6,8 +6,12 @@ endif()
 if(POLICY CMP0122)
     cmake_policy(SET CMP0122 NEW)
 endif()
+if(POLICY CMP0167)
+    cmake_policy(SET CMP0167 NEW)
+endif()
 project(libdigidocpp VERSION 3.18.0)
 set(CMAKE_MODULE_PATH ${CMAKE_SOURCE_DIR}/cmake/modules)
+list(APPEND CMAKE_PREFIX_PATH ${CMAKE_INSTALL_PREFIX})
 
 include(VersionInfo)
 include(GNUInstallDirs)
@@ -52,9 +56,20 @@ find_package(XmlSecurityC REQUIRED)
 find_package(XSD 4.0 REQUIRED)
 find_package(ZLIB REQUIRED)
 find_package(MiniZip 1 QUIET)
-if(UNIX AND NOT APPLE)
+add_library(xmlsec INTERFACE)
+if(UNIX)
     find_package(PkgConfig)
-    pkg_check_modules(MINIZIP minizip IMPORTED_TARGET)
+    pkg_check_modules(XMLSEC1_OPENSSL xmlsec1-openssl REQUIRED IMPORTED_TARGET)
+    target_link_libraries(xmlsec INTERFACE PkgConfig::XMLSEC1_OPENSSL)
+    if(NOT APPLE)
+        pkg_check_modules(MINIZIP minizip IMPORTED_TARGET)
+    endif()
+else()
+    find_package(unofficial-xmlsec REQUIRED)
+    target_link_libraries(xmlsec INTERFACE
+        unofficial::xmlsec::xmlsec1
+        unofficial::xmlsec::xmlsec1-openssl
+    )
 endif()
 find_package(SWIG)
 if(SWIG_FOUND)
diff --git a/debian/control b/debian/control
index f9525a35a..db4a94e21 100644
--- a/debian/control
+++ b/debian/control
@@ -4,10 +4,12 @@ Priority: optional
 Maintainer: RIA <info@ria.ee>
 Build-Depends:
  debhelper-compat (= 12),
+ pkg-config,
  cmake,
  libxml-security-c-dev,
  xsdcxx (>= 4.0) | xsd (>= 4.0),
  libxml2-dev,
+ libxmlsec1-dev,
  doxygen,
  swig,
  java11-sdk-headless,
diff --git a/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd b/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd
deleted file mode 100644
index 5df405d70..000000000
--- a/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd
+++ /dev/null
@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--                  ****** NOTICE ******
-This document is part of ETSI TS 119 612. In the event that any
-part of this document in conflict with the text of TS 119 612 
-then that text shall prevail as the authoritative source
--->
-<xsd:schema targetNamespace="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
-	<xsd:import namespace="http://uri.etsi.org/02231/v2#" schemaLocation="ts_119612v020201_201601xsd.xsd"/>
-	<xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="XAdES01903v132-201601.xsd"/>
-	<!-- -->
-	<!-- -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs</xsd:documentation></xsd:annotation>
-	<xsd:element name="MimeType" type="xsd:string"/>
-<xsd:annotation><xsd:documentation>X509CertificateLocation element was specified in TS 102 231 v3.1.2 clause B.4.3 The ServiceDigitalIdentityType. It is now deprecated and is not used</xsd:documentation></xsd:annotation>
-	<xsd:element name="X509CertificateLocation" type="tsl:NonEmptyURIType"/>
-<xsd:annotation><xsd:documentation>PublicKeyLocation element was specified in TS 102 231 v3.1.2 clause B.4.3 The ServiceDigitalIdentityType. It is now deprecated and is not used</xsd:documentation></xsd:annotation>
-	<xsd:element name="PublicKeyLocation" type="tsl:NonEmptyURIType"/>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.3 OtherCriteria, bullet 1) ExtendedKeyUsage</xsd:documentation></xsd:annotation>
-	<xsd:element name="ExtendedKeyUsage" type="tslx:ExtendedKeyUsageType"/>
-	<xsd:complexType name="ExtendedKeyUsageType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="KeyPurposeId" type="xades:ObjectIdentifierType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.3 TakenOverBy Extension</xsd:documentation></xsd:annotation>
-	<xsd:element name="TakenOverBy" type="tslx:TakenOverByType"/>
-	<xsd:complexType name="TakenOverByType">
-		<xsd:sequence>
-			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType"/>
-			<xsd:element name="TSPName" type="tsl:InternationalNamesType"/>
-			<xsd:element ref="tsl:SchemeOperatorName"/>
-			<xsd:element ref="tsl:SchemeTerritory"/>
-			<xsd:element name="OtherQualifier" type="tsl:AnyType" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.3 OtherCriteria, bullet 2) CertSubjectDNAttribute</xsd:documentation></xsd:annotation>
-	<xsd:element name="CertSubjectDNAttribute" type="tslx:CertSubjectDNAttributeType"/>
-	<xsd:complexType name="CertSubjectDNAttributeType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="AttributeOID" type="xades:ObjectIdentifierType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd.orig b/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd.orig
deleted file mode 100644
index fb323a033..000000000
--- a/etc/schema/ts_119612v020101_additionaltypes_xsd.xsd.orig
+++ /dev/null
@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--                  ****** NOTICE ******
-This document is part of ETSI TS 119 612. In the event that any
-part of this document in conflict with the text of TS 119 612 
-then that text shall prevail as the authoritative source
--->
-<xsd:schema targetNamespace="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
-	<xsd:import namespace="http://uri.etsi.org/02231/v2#" schemaLocation="http://uri.etsi.org/19612/v1.2.1/tsl.xsd"/>
-	<xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES.xsd"/>
-	<!-- -->
-	<!-- -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs</xsd:documentation></xsd:annotation>
-	<xsd:element name="MimeType" type="xsd:string"/>
-<xsd:annotation><xsd:documentation>X509CertificateLocation element was specified in TS 102 231 v3.1.2 clause B.4.3 The ServiceDigitalIdentityType. It is now deprecated and is not used</xsd:documentation></xsd:annotation>
-	<xsd:element name="X509CertificateLocation" type="tsl:NonEmptyURIType"/>
-<xsd:annotation><xsd:documentation>PublicKeyLocation element was specified in TS 102 231 v3.1.2 clause B.4.3 The ServiceDigitalIdentityType. It is now deprecated and is not used</xsd:documentation></xsd:annotation>
-	<xsd:element name="PublicKeyLocation" type="tsl:NonEmptyURIType"/>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.3 OtherCriteria, bullet 1) ExtendedKeyUsage</xsd:documentation></xsd:annotation>
-	<xsd:element name="ExtendedKeyUsage" type="tslx:ExtendedKeyUsageType"/>
-	<xsd:complexType name="ExtendedKeyUsageType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="KeyPurposeId" type="xades:ObjectIdentifierType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.3 TakenOverBy Extension</xsd:documentation></xsd:annotation>
-	<xsd:element name="TakenOverBy" type="tslx:TakenOverByType"/>
-	<xsd:complexType name="TakenOverByType">
-		<xsd:sequence>
-			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType"/>
-			<xsd:element name="TSPName" type="tsl:InternationalNamesType"/>
-			<xsd:element ref="tsl:SchemeOperatorName"/>
-			<xsd:element ref="tsl:SchemeTerritory"/>
-			<xsd:element name="OtherQualifier" type="tsl:AnyType" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.3 OtherCriteria, bullet 2) CertSubjectDNAttribute</xsd:documentation></xsd:annotation>
-	<xsd:element name="CertSubjectDNAttribute" type="tslx:CertSubjectDNAttributeType"/>
-	<xsd:complexType name="CertSubjectDNAttributeType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="AttributeOID" type="xades:ObjectIdentifierType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/etc/schema/ts_119612v020101_sie_xsd.xsd b/etc/schema/ts_119612v020101_sie_xsd.xsd
deleted file mode 100644
index 440b006c6..000000000
--- a/etc/schema/ts_119612v020101_sie_xsd.xsd
+++ /dev/null
@@ -1,92 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--                  ****** NOTICE ******
-This document is part of ETSI TS 119 612. In the event that any
-part of this document in conflict with the text of TS 119 612 
-then that text shall prevail as the authoritative source
--->
-<xsd:schema targetNamespace="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
-    <xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="XAdES01903v132-201601.xsd"/>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2 Qualifications Extension</xsd:documentation></xsd:annotation>
-	<xsd:element name="Qualifications" type="tns:QualificationsType"/>
-	<xsd:complexType name="QualificationsType">
-		<xsd:sequence maxOccurs="unbounded">
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.5.9.2.1 QualificationElement-->
-			<xsd:element name="QualificationElement" type="tns:QualificationElementType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.1 QualificationElement</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="QualificationElementType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.5.9.2.3 Qualifier-->
-			<xsd:element name="Qualifiers" type="tns:QualifiersType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2 CriteriaList-->
-			<xsd:element name="CriteriaList" type="tns:CriteriaListType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-		<xsd:annotation>
-			<xsd:documentation>Please first try to use the CriteriaList before doing the OtherCriteria extension point.</xsd:documentation>
-		</xsd:annotation>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2 CriteriaList</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="CriteriaListType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.1 KeyUsage-->
-		   <xsd:element name="KeyUsage" type="tns:KeyUsageType" minOccurs="0" maxOccurs="unbounded"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.2 PolicySet-->
-			<xsd:element name="PolicySet" type="tns:PoliciesListType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="CriteriaList" type="tns:CriteriaListType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>
-			<xsd:element name="otherCriteriaList" type="xades:AnyType" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="assert">
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="all"/>
-					<xsd:enumeration value="atLeastOne"/>
-					<xsd:enumeration value="none"/>
-				</xsd:restriction>
-			</xsd:simpleType>
-		</xsd:attribute>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.3 Qualifier</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="QualifiersType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="Qualifier" type="tns:QualifierType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="QualifierType">
-		<xsd:attribute name="uri" type="anyURI"/>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.2 PolicySet</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="PoliciesListType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="PolicyIdentifier" type="xades:ObjectIdentifierType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.1 KeyUsage</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="KeyUsageType">
-		<xsd:sequence maxOccurs="9">
-			<xsd:element name="KeyUsageBit" type="tns:KeyUsageBitType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="KeyUsageBitType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:boolean">
-				<xsd:attribute name="name">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:string">
-							<xsd:enumeration value="digitalSignature"/>
-							<xsd:enumeration value="nonRepudiation"/>
-							<xsd:enumeration value="keyEncipherment"/>
-							<xsd:enumeration value="dataEncipherment"/>
-							<xsd:enumeration value="keyAgreement"/>
-							<xsd:enumeration value="keyCertSign"/>
-							<xsd:enumeration value="crlSign"/>
-							<xsd:enumeration value="encipherOnly"/>
-							<xsd:enumeration value="decipherOnly"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:attribute>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/etc/schema/ts_119612v020101_sie_xsd.xsd.orig b/etc/schema/ts_119612v020101_sie_xsd.xsd.orig
deleted file mode 100644
index 2c06e3916..000000000
--- a/etc/schema/ts_119612v020101_sie_xsd.xsd.orig
+++ /dev/null
@@ -1,92 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--                  ****** NOTICE ******
-This document is part of ETSI TS 119 612. In the event that any
-part of this document in conflict with the text of TS 119 612 
-then that text shall prevail as the authoritative source
--->
-<xsd:schema targetNamespace="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" elementFormDefault="qualified" attributeFormDefault="unqualified">
-	<xsd:import namespace="http://uri.etsi.org/01903/v1.3.2#" schemaLocation="http://uri.etsi.org/01903/v1.3.2/XAdES.xsd"/> 
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2 Qualifications Extension</xsd:documentation></xsd:annotation>
-	<xsd:element name="Qualifications" type="tns:QualificationsType"/>
-	<xsd:complexType name="QualificationsType">
-		<xsd:sequence maxOccurs="unbounded">
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.5.9.2.1 QualificationElement-->
-			<xsd:element name="QualificationElement" type="tns:QualificationElementType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.1 QualificationElement</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="QualificationElementType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.5.9.2.3 Qualifier-->
-			<xsd:element name="Qualifiers" type="tns:QualifiersType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2 CriteriaList-->
-			<xsd:element name="CriteriaList" type="tns:CriteriaListType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-		<xsd:annotation>
-			<xsd:documentation>Please first try to use the CriteriaList before doing the OtherCriteria extension point.</xsd:documentation>
-		</xsd:annotation>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2 CriteriaList</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="CriteriaListType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.1 KeyUsage-->
-		   <xsd:element name="KeyUsage" type="tns:KeyUsageType" minOccurs="0" maxOccurs="unbounded"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.2 PolicySet-->
-			<xsd:element name="PolicySet" type="tns:PoliciesListType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="CriteriaList" type="tns:CriteriaListType" minOccurs="0" maxOccurs="unbounded"/>
-			<xsd:element name="Description" type="xsd:string" minOccurs="0"/>
-			<xsd:element name="otherCriteriaList" type="xades:AnyType" minOccurs="0"/>
-		</xsd:sequence>
-		<xsd:attribute name="assert">
-			<xsd:simpleType>
-				<xsd:restriction base="xsd:string">
-					<xsd:enumeration value="all"/>
-					<xsd:enumeration value="atLeastOne"/>
-					<xsd:enumeration value="none"/>
-				</xsd:restriction>
-			</xsd:simpleType>
-		</xsd:attribute>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.3 Qualifier</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="QualifiersType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="Qualifier" type="tns:QualifierType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="QualifierType">
-		<xsd:attribute name="uri" type="anyURI"/>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.2 PolicySet</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="PoliciesListType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="PolicyIdentifier" type="xades:ObjectIdentifierType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.2.2.1 KeyUsage</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="KeyUsageType">
-		<xsd:sequence maxOccurs="9">
-			<xsd:element name="KeyUsageBit" type="tns:KeyUsageBitType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="KeyUsageBitType">
-		<xsd:simpleContent>
-			<xsd:extension base="xsd:boolean">
-				<xsd:attribute name="name">
-					<xsd:simpleType>
-						<xsd:restriction base="xsd:string">
-							<xsd:enumeration value="digitalSignature"/>
-							<xsd:enumeration value="nonRepudiation"/>
-							<xsd:enumeration value="keyEncipherment"/>
-							<xsd:enumeration value="dataEncipherment"/>
-							<xsd:enumeration value="keyAgreement"/>
-							<xsd:enumeration value="keyCertSign"/>
-							<xsd:enumeration value="crlSign"/>
-							<xsd:enumeration value="encipherOnly"/>
-							<xsd:enumeration value="decipherOnly"/>
-						</xsd:restriction>
-					</xsd:simpleType>
-				</xsd:attribute>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/etc/schema/ts_119612v020201_201601xsd.xsd b/etc/schema/ts_119612v020201_201601xsd.xsd
deleted file mode 100644
index ca8192b33..000000000
--- a/etc/schema/ts_119612v020201_201601xsd.xsd
+++ /dev/null
@@ -1,457 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--                  ****** NOTICE ******
-This document is part of ETSI TS 119 612. In the event that any
-part of this document is in conflict with the text of TS 119 612 
-then that text shall prevail as the authoritative source
-
-This is a review done in January 2016 adding the possibility to specify the Service Supply Points by a type 
-
--->
-<xsd:schema targetNamespace="http://uri.etsi.org/02231/v2#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified" attributeFormDefault="unqualified">
-	<!-- Imports -->
-	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="xml.xsd"/>
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
-	<!-- -->
-	<!-- Begin auxiliary types -->
-	<!-- -->
-	<!--InternationalNamesType-->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support</xsd:documentation></xsd:annotation>	   	   
-	<xsd:complexType name="InternationalNamesType">
-		<xsd:sequence>
-			<xsd:element name="Name" type="tsl:MultiLangNormStringType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="MultiLangNormStringType">
-		<xsd:simpleContent>
-			<xsd:extension base="tsl:NonEmptyNormalizedString">
-				<xsd:attribute ref="xml:lang" use="required"/>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support</xsd:documentation></xsd:annotation>	   	   
-	<xsd:complexType name="MultiLangStringType">
-		<xsd:simpleContent>
-			<xsd:extension base="tsl:NonEmptyString">
-				<xsd:attribute ref="xml:lang" use="required"/>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:simpleType name="NonEmptyString">
-		<xsd:restriction base="xsd:string">
-			<xsd:minLength value="1"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="NonEmptyNormalizedString">
-		<xsd:restriction base="xsd:normalizedString">
-			<xsd:minLength value="1"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!-- -->
-	<!-- AddressType -->
-	<!-- -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.5 Scheme operator address</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="AddressType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.3.5.1 Scheme operator postal address-->
-			<xsd:element ref="tsl:PostalAddresses"/>
-		  	<!--Specified in TS 119 612 v2.1.1 clause 5.3.5.2 Scheme operator electronic address-->
-			<xsd:element ref="tsl:ElectronicAddress"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--PostalAddressList Type-->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.5.1 Scheme operator postal address</xsd:documentation></xsd:annotation>
-	<xsd:element name="PostalAddresses" type="tsl:PostalAddressListType"/>
-	<xsd:complexType name="PostalAddressListType">
-		<xsd:sequence>
-			<xsd:element ref="tsl:PostalAddress" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--PostalAddress Type-->
-	<xsd:element name="PostalAddress" type="tsl:PostalAddressType"/>
-	<xsd:complexType name="PostalAddressType">
-		<xsd:sequence>
-			<xsd:element name="StreetAddress" type="tsl:NonEmptyString"/>
-			<xsd:element name="Locality" type="tsl:NonEmptyString"/>
-			<xsd:element name="StateOrProvince" type="tsl:NonEmptyString" minOccurs="0"/>
-			<xsd:element name="PostalCode" type="tsl:NonEmptyString" minOccurs="0"/>
-			<xsd:element name="CountryName" type="tsl:NonEmptyString"/>
-		</xsd:sequence>
-		<xsd:attribute ref="xml:lang" use="required"/>
-	</xsd:complexType>
-	<!--ElectronicAddressType-->
-	<!-- 2013-10. XML Schema CHANGE-->
-	<!-- ElectronicAddress changed to include MultilLan URIs for e-mails and web sites URIs as specified in TS 119 612-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.5.2 Scheme operator electronic address</xsd:documentation></xsd:annotation>
-	<xsd:element name="ElectronicAddress" type="tsl:ElectronicAddressType"/>
-	<xsd:complexType name="ElectronicAddressType">
-		<xsd:sequence>
-			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- -->
-	<!-- Types for extensions in TSL -->
-	<!-- -->
-	<xsd:complexType name="AnyType" mixed="true">
-		<xsd:sequence minOccurs="0" maxOccurs="unbounded">
-			<xsd:any processContents="lax"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.17 Scheme extensions</xsd:documentation></xsd:annotation>
-	<xsd:element name="Extension" type="tsl:ExtensionType"/>
-	<xsd:complexType name="ExtensionType">
-		<xsd:complexContent>
-			<xsd:extension base="tsl:AnyType">
-				<xsd:attribute name="Critical" type="xsd:boolean" use="required"/>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ExtensionsListType">
-		<xsd:sequence>
-			<xsd:element ref="tsl:Extension" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--NonEmptyURIType-->
-	<xsd:simpleType name="NonEmptyURIType">
-		<xsd:restriction base="xsd:anyURI">
-			<xsd:minLength value="1"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!-- AttributedNonEmptyURIType--> 
-	<!-- 2016-01. XML Schema CHANGE-->
-	<!-- AttributedNonEmptyURIType was included to allow to specify the type of the service/information found under the given URI -->
-    <xsd:complexType name="AttributedNonEmptyURIType"> 
-        <xsd:simpleContent> 
-            <xsd:extension base="tsl:NonEmptyURIType"> 
-                <xsd:attribute name="type" type="xsd:anyURI" use="optional"/> 
-            </xsd:extension> 
-        </xsd:simpleContent> 
-    </xsd:complexType> 
-
-	
-	<!-- -->
-	<!--NonEmptyURIType with language indication-->
-	<!-- -->
-   <xsd:annotation><xsd:documentation> Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support</xsd:documentation></xsd:annotation>	   
-	<xsd:complexType name="NonEmptyMultiLangURIType">
-		<xsd:simpleContent>
-			<xsd:extension base="tsl:NonEmptyURIType">
-				<xsd:attribute ref="xml:lang" use="required"/>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<!--List of NonEmptyURIType with language indication-->
-	<xsd:complexType name="NonEmptyMultiLangURIListType">
-		<xsd:sequence>
-			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--List of NonEmptyURIType-->
-	<xsd:complexType name="NonEmptyURIListType">
-		<xsd:sequence>
-			<xsd:element name="URI" type="tsl:NonEmptyURIType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- -->
-	<!-- End auxiliary types -->
-	<!-- -->
-	<!-- ROOT Element -->
-	<xsd:element name="TrustServiceStatusList" type="tsl:TrustStatusListType"/>
-	<!-- Trust Status List Type Definition -->
-	<!-- 2013-10. XML Schema CHANGE-->
-	<!-- Attribute TSLTag declared as xsd:anyURI -->
-	<xsd:complexType name="TrustStatusListType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3 Scheme information-->
-			<xsd:element ref="tsl:SchemeInformation"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List-->
-			<xsd:element ref="tsl:TrustServiceProviderList" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.7 Digital signature-->
-			<xsd:element ref="ds:Signature" minOccurs="0"/>
-		</xsd:sequence>
-		<!--Specified in TS 119 612 v2.1.1 clause 5.2 Trusted List Tag-->
-		<xsd:attribute name="TSLTag" type="xsd:anyURI" use="required"/>
-		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-	</xsd:complexType>
-	<!-- 2013-10. XML Schema CHANGE-->
-	<!-- Supressed the type TSLTagType that served to restrict the value of TSLTag by XML Schema-->
-	<!-- In this way, the XML Schema is independent of the TSLTag value and this may change from version to version-->
-	<!-- TrustServiceProviderListType-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List</xsd:documentation></xsd:annotation>
-	<xsd:element name="TrustServiceProviderList" type="tsl:TrustServiceProviderListType"/>
-	<xsd:complexType name="TrustServiceProviderListType">
-		<xsd:sequence>
- 		  <!--Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List-->
-			<xsd:element ref="tsl:TrustServiceProvider" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- TSL Scheme Information -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3 Scheme information</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeInformation" type="tsl:TSLSchemeInformationType"/>
-	<xsd:complexType name="TSLSchemeInformationType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.1 TSL version identifier-->
-			<xsd:element name="TSLVersionIdentifier" type="xsd:integer"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.2 TSL sequence number-->
-			<xsd:element name="TSLSequenceNumber" type="xsd:positiveInteger"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.3 TSL type-->
-			<xsd:element ref="tsl:TSLType"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.4 Scheme operator name-->
-			<xsd:element ref="tsl:SchemeOperatorName"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.5 Scheme operator address-->
-			<xsd:element name="SchemeOperatorAddress" type="tsl:AddressType"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.6 Scheme name-->
-			<xsd:element ref="tsl:SchemeName"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.7 Scheme information URI-->
-			<xsd:element ref="tsl:SchemeInformationURI"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.8 Status determination approach-->
-			<xsd:element name="StatusDeterminationApproach" type="tsl:NonEmptyURIType"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.9 Scheme type/community/rules-->
-			<xsd:element ref="tsl:SchemeTypeCommunityRules" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.10 Scheme territory-->
-			<xsd:element ref="tsl:SchemeTerritory" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.11 TSL policy/legal notice-->
-			<xsd:element ref="tsl:PolicyOrLegalNotice" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.12 Historical information period-->
-			<xsd:element name="HistoricalInformationPeriod" type="xsd:nonNegativeInteger"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs-->
-			<xsd:element ref="tsl:PointersToOtherTSL" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.14 List issue date and time-->
-			<xsd:element name="ListIssueDateTime" type="xsd:dateTime"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.15 Next update-->
-			<xsd:element ref="tsl:NextUpdate"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.16 Distribution points-->
-			<xsd:element ref="tsl:DistributionPoints" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.17 Scheme extensions-->
-			<xsd:element name="SchemeExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.3 TSL type</xsd:documentation></xsd:annotation>
-	<xsd:element name="TSLType" type="tsl:NonEmptyURIType"/>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.4 Scheme operator name</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeOperatorName" type="tsl:InternationalNamesType"/>
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.6 Scheme name</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeName" type="tsl:InternationalNamesType"/>
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.7 Scheme information URI</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeInformationURI" type="tsl:NonEmptyMultiLangURIListType"/>
-	<!-- 2013-10. XML Schema CHANGE-->
-	<!-- SchemeTypeCommunityRules changed to include MultilLang URIs for e-mails and web sites URIs as specified in TS 119 612-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.9 Scheme type/community/rules</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeTypeCommunityRules" type="tsl:NonEmptyMultiLangURIListType"/>
-	<!-- SchemeTerritory -->
-	<!-- 2014-04. XML Schema CHANGE-->
-	<!-- element SchemeTerritory is now of type xsd:string. Suppressed the restriction of having only 2 characters,
-	as this element may contain other values than the country codes-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.10 Scheme territory</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeTerritory" type="xsd:string"/>	
-	<!-- Policy or Legal Notice -->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.11 TSL policy/legal notice</xsd:documentation></xsd:annotation>
-	<xsd:element name="PolicyOrLegalNotice" type="tsl:PolicyOrLegalnoticeType"/>
-	<xsd:complexType name="PolicyOrLegalnoticeType">
-		<xsd:choice>
-			<xsd:element name="TSLPolicy" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
-			<xsd:element name="TSLLegalNotice" type="tsl:MultiLangStringType" maxOccurs="unbounded"/>
-		</xsd:choice>
-	</xsd:complexType>
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.15 Next update</xsd:documentation></xsd:annotation>
-	<xsd:element name="NextUpdate" type="tsl:NextUpdateType"/>
-	<xsd:complexType name="NextUpdateType">
-		<xsd:sequence>
-			<xsd:element name="dateTime" type="xsd:dateTime" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--OtherTSLPointersType-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs</xsd:documentation></xsd:annotation>
-	<xsd:element name="PointersToOtherTSL" type="tsl:OtherTSLPointersType"/>
-	<xsd:complexType name="OtherTSLPointersType">
-		<xsd:sequence>
-			<xsd:element ref="tsl:OtherTSLPointer" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="OtherTSLPointer" type="tsl:OtherTSLPointerType"/>
-	<xsd:complexType name="OtherTSLPointerType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item b) from Format-->
-			<xsd:element ref="tsl:ServiceDigitalIdentities" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item a) from Format-->
-			<xsd:element name="TSLLocation" type="tsl:NonEmptyURIType"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item c) from Format-->
-			<xsd:element ref="tsl:AdditionalInformation" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-   <xsd:annotation><xsd:documentation>pecified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item b) from Format</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceDigitalIdentities" type="tsl:ServiceDigitalIdentityListType"/>
-	<xsd:complexType name="ServiceDigitalIdentityListType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.5.3 Service digital identity-->
-			<xsd:element ref="tsl:ServiceDigitalIdentity" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item c) from Format</xsd:documentation></xsd:annotation>
-	<xsd:element name="AdditionalInformation" type="tsl:AdditionalInformationType"/>
-	<xsd:complexType name="AdditionalInformationType">
-		<xsd:choice maxOccurs="unbounded">
-			<xsd:element name="TextualInformation" type="tsl:MultiLangStringType"/>
-			<xsd:element name="OtherInformation" type="tsl:AnyType"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<!--DistributionPoints element-->
-	<!-- 2013-10. XML Schema CHANGE-->
-	<!-- DistributionPointschanged from ElectronicAddress to nonEmptyURIListType as ElectronicAddress does
-	now contain a list of multilang URIs, which is not required for distribution points-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.16 Distribution points</xsd:documentation></xsd:annotation>
-	<xsd:element name="DistributionPoints" type="tsl:NonEmptyURIListType"/>
-	<!-- TSPType -->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List</xsd:documentation></xsd:annotation>
-	<xsd:element name="TrustServiceProvider" type="tsl:TSPType"/>
-	<xsd:complexType name="TSPType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.4 TSP information-->
-			<xsd:element ref="tsl:TSPInformation"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.4.6 TSP Services (list of services)-->
-			<xsd:element ref="tsl:TSPServices"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- TSPInformationType -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.4 TSP information</xsd:documentation></xsd:annotation>
-	<xsd:element name="TSPInformation" type="tsl:TSPInformationType"/>
-	<xsd:complexType name="TSPInformationType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.4.1 TSP name-->
-			<xsd:element name="TSPName" type="tsl:InternationalNamesType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.4.2 TSP trade name-->
-			<xsd:element name="TSPTradeName" type="tsl:InternationalNamesType" minOccurs="0"/>
-				<!--Specified in TS 119 612 v2.1.1 clause 5.4.3 TSP address.
-			   	postal address and electronic addresses have the formats specified in 5.3.5.1 and 5.3.5.2 respectively.
-			   	Their semantics are specified in 5.4.3.1 and 5.4.3.2 respectively
-			   -->
-			<xsd:element name="TSPAddress" type="tsl:AddressType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.4.4 TSP information URI-->
-			<xsd:element name="TSPInformationURI" type="tsl:NonEmptyMultiLangURIListType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.4.5 TSP information extensions-->
-			<xsd:element name="TSPInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- TSP Services-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.4.6 TSP Services (list of services)</xsd:documentation></xsd:annotation>
-	<xsd:element name="TSPServices" type="tsl:TSPServicesListType"/>
-	<xsd:complexType name="TSPServicesListType">
-		<xsd:sequence>
-			<xsd:element ref="tsl:TSPService" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="TSPService" type="tsl:TSPServiceType"/>
-	<xsd:complexType name="TSPServiceType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5 Service information-->
-			<xsd:element ref="tsl:ServiceInformation"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.10 Service history-->
-			<xsd:element ref="tsl:ServiceHistory" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- TSPServiceInformationType -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5 Service information</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceInformation" type="tsl:TSPServiceInformationType"/>
-	<xsd:complexType name="TSPServiceInformationType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.1 Service type identifier-->
-			<xsd:element ref="tsl:ServiceTypeIdentifier"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.2 Service name-->
-			<xsd:element name="ServiceName" type="tsl:InternationalNamesType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.3 Service digital identity-->
-			<xsd:element ref="tsl:ServiceDigitalIdentity"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.4 Service current status-->
-			<xsd:element ref="tsl:ServiceStatus"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.5 Service status starting date and time-->
-			<xsd:element name="StatusStartingTime" type="xsd:dateTime"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.6 Scheme service definition URI-->
-			<xsd:element name="SchemeServiceDefinitionURI" type="tsl:NonEmptyMultiLangURIListType" minOccurs="0"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.7 Service supply points-->
-			<xsd:element ref="tsl:ServiceSupplyPoints" minOccurs="0"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.8 TSP service definition URI-->
-			<xsd:element name="TSPServiceDefinitionURI" type="tsl:NonEmptyMultiLangURIListType" minOccurs="0"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.9 Service information extensions-->
-			<xsd:element name="ServiceInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- Service status -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.4 Service current status</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceStatus" type="tsl:NonEmptyURIType"/>
-	<!-- Type for Service Supply Points -->
-		<!-- 2016-01. XML Schema CHANGE-->
-	<!-- ServiceSupplyPointsType changed to use AttributedNonEmptyURIType. The optional type attribute of AttributedNonEmptyURIType allows for each URI to specify the service/information to be found under this URI. 
-For example a ServiceSupplyPoints field associated to a service of a type "http://uri.etsi.org/TrstSvc/Svctype/CA/QC" could include: 
--	a URI pointing towards a descriptive text where users could be given information on (local) registration authorities and procedures to follow for being issued qualified certificates; 
--	a URI providing a CRL distribution point giving certificate status information for qualified certificates issued by or under the and further specified by the type attibute value "http://uri.etsi.org/TrstSvc/Svctype/Certstatus/CRL/QC". Such URI can for example provide access to a last and final CRL in case of service unexpected termination and/or impossibility to provide such a final CRL at the CRL distribution point available from issued certificate's extensions; and/or
--	a URI providing one access location of an OCSP responder authorized to provide certificate status information for qualified certificates issued by or under the service, and further specified by the type attibute value "http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC".
--->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.7 Service supply points</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceSupplyPoints" type="tsl:ServiceSupplyPointsType"/>
-	<xsd:complexType name="ServiceSupplyPointsType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="ServiceSupplyPoint" type="tsl:AttributedNonEmptyURIType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- TSPServiceIdentifier -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.1 Service type identifier</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceTypeIdentifier" type="tsl:NonEmptyURIType"/>
-	<!-- DigitalIdentityType  -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.3 Service digital identity</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceDigitalIdentity" type="tsl:DigitalIdentityListType"/>
-	<xsd:complexType name="DigitalIdentityListType">
-		<xsd:sequence>
-			<xsd:element name="DigitalId" type="tsl:DigitalIdentityType" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="DigitalIdentityType">
-		<xsd:choice>
-			<xsd:element name="X509Certificate" type="xsd:base64Binary"/>
-			<xsd:element name="X509SubjectName" type="xsd:string"/>
-			<xsd:element ref="ds:KeyValue"/>
-			<xsd:element name="X509SKI" type="xsd:base64Binary"/>
-			<xsd:element name="Other" type="tsl:AnyType" minOccurs="0"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<!-- ServiceHistory element-->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.10 Service history</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceHistory" type="tsl:ServiceHistoryType"/>
-	<xsd:complexType name="ServiceHistoryType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6 Service history instance-->
-			<xsd:element ref="tsl:ServiceHistoryInstance" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.6 Service history instance</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceHistoryInstance" type="tsl:ServiceHistoryInstanceType"/>
-	<xsd:complexType name="ServiceHistoryInstanceType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.1 Service type identifier-->
-			<xsd:element ref="tsl:ServiceTypeIdentifier"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.2 Service name-->
-			<xsd:element name="ServiceName" type="tsl:InternationalNamesType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.3 Service digital identity-->
-			<xsd:element ref="tsl:ServiceDigitalIdentity"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.4 Service previous status-->
-			<xsd:element ref="tsl:ServiceStatus"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.5 Previous status starting date and time-->
-			<xsd:element name="StatusStartingTime" type="xsd:dateTime"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.6 Service information extensions-->
-			<xsd:element name="ServiceInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- Elements and types for Extensions -->
-	<!-- Extensions children of tsl:VaExtension-->
-	<!-- Element ExpiredCertsRevocationInfo -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.4 expiredCertsRevocationInfo Extension</xsd:documentation></xsd:annotation>
-	<xsd:element name="ExpiredCertsRevocationInfo" type="xsd:dateTime"/>
-	<!-- Element additionalServiceInformation -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.1 additionalServiceInformation Extension</xsd:documentation></xsd:annotation>
-	<xsd:element name="AdditionalServiceInformation" type="tsl:AdditionalServiceInformationType"/>
-	<xsd:complexType name="AdditionalServiceInformationType">
-		<xsd:sequence>
-			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType"/>
-			<xsd:element name="InformationValue" type="xsd:string" minOccurs="0"/>
-			<xsd:element name="OtherInformation" type="tsl:AnyType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/etc/schema/ts_119612v020201_201601xsd.xsd.orig b/etc/schema/ts_119612v020201_201601xsd.xsd.orig
deleted file mode 100644
index bd26829c7..000000000
--- a/etc/schema/ts_119612v020201_201601xsd.xsd.orig
+++ /dev/null
@@ -1,457 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--                  ****** NOTICE ******
-This document is part of ETSI TS 119 612. In the event that any
-part of this document is in conflict with the text of TS 119 612 
-then that text shall prevail as the authoritative source
-
-This is a review done in January 2016 adding the possibility to specify the Service Supply Points by a type 
-
--->
-<xsd:schema targetNamespace="http://uri.etsi.org/02231/v2#" xmlns:tsl="http://uri.etsi.org/02231/v2#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" elementFormDefault="qualified" attributeFormDefault="unqualified">
-	<!-- Imports -->
-	<xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
-	<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
-	<!-- -->
-	<!-- Begin auxiliary types -->
-	<!-- -->
-	<!--InternationalNamesType-->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support</xsd:documentation></xsd:annotation>	   	   
-	<xsd:complexType name="InternationalNamesType">
-		<xsd:sequence>
-			<xsd:element name="Name" type="tsl:MultiLangNormStringType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="MultiLangNormStringType">
-		<xsd:simpleContent>
-			<xsd:extension base="tsl:NonEmptyNormalizedString">
-				<xsd:attribute ref="xml:lang" use="required"/>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support</xsd:documentation></xsd:annotation>	   	   
-	<xsd:complexType name="MultiLangStringType">
-		<xsd:simpleContent>
-			<xsd:extension base="tsl:NonEmptyString">
-				<xsd:attribute ref="xml:lang" use="required"/>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<xsd:simpleType name="NonEmptyString">
-		<xsd:restriction base="xsd:string">
-			<xsd:minLength value="1"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<xsd:simpleType name="NonEmptyNormalizedString">
-		<xsd:restriction base="xsd:normalizedString">
-			<xsd:minLength value="1"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!-- -->
-	<!-- AddressType -->
-	<!-- -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.5 Scheme operator address</xsd:documentation></xsd:annotation>
-	<xsd:complexType name="AddressType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.3.5.1 Scheme operator postal address-->
-			<xsd:element ref="tsl:PostalAddresses"/>
-		  	<!--Specified in TS 119 612 v2.1.1 clause 5.3.5.2 Scheme operator electronic address-->
-			<xsd:element ref="tsl:ElectronicAddress"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--PostalAddressList Type-->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.5.1 Scheme operator postal address</xsd:documentation></xsd:annotation>
-	<xsd:element name="PostalAddresses" type="tsl:PostalAddressListType"/>
-	<xsd:complexType name="PostalAddressListType">
-		<xsd:sequence>
-			<xsd:element ref="tsl:PostalAddress" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--PostalAddress Type-->
-	<xsd:element name="PostalAddress" type="tsl:PostalAddressType"/>
-	<xsd:complexType name="PostalAddressType">
-		<xsd:sequence>
-			<xsd:element name="StreetAddress" type="tsl:NonEmptyString"/>
-			<xsd:element name="Locality" type="tsl:NonEmptyString"/>
-			<xsd:element name="StateOrProvince" type="tsl:NonEmptyString" minOccurs="0"/>
-			<xsd:element name="PostalCode" type="tsl:NonEmptyString" minOccurs="0"/>
-			<xsd:element name="CountryName" type="tsl:NonEmptyString"/>
-		</xsd:sequence>
-		<xsd:attribute ref="xml:lang" use="required"/>
-	</xsd:complexType>
-	<!--ElectronicAddressType-->
-	<!-- 2013-10. XML Schema CHANGE-->
-	<!-- ElectronicAddress changed to include MultilLan URIs for e-mails and web sites URIs as specified in TS 119 612-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.5.2 Scheme operator electronic address</xsd:documentation></xsd:annotation>
-	<xsd:element name="ElectronicAddress" type="tsl:ElectronicAddressType"/>
-	<xsd:complexType name="ElectronicAddressType">
-		<xsd:sequence>
-			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- -->
-	<!-- Types for extensions in TSL -->
-	<!-- -->
-	<xsd:complexType name="AnyType" mixed="true">
-		<xsd:sequence minOccurs="0" maxOccurs="unbounded">
-			<xsd:any processContents="lax"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.17 Scheme extensions</xsd:documentation></xsd:annotation>
-	<xsd:element name="Extension" type="tsl:ExtensionType"/>
-	<xsd:complexType name="ExtensionType">
-		<xsd:complexContent>
-			<xsd:extension base="tsl:AnyType">
-				<xsd:attribute name="Critical" type="xsd:boolean" use="required"/>
-			</xsd:extension>
-		</xsd:complexContent>
-	</xsd:complexType>
-	<xsd:complexType name="ExtensionsListType">
-		<xsd:sequence>
-			<xsd:element ref="tsl:Extension" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--NonEmptyURIType-->
-	<xsd:simpleType name="NonEmptyURIType">
-		<xsd:restriction base="xsd:anyURI">
-			<xsd:minLength value="1"/>
-		</xsd:restriction>
-	</xsd:simpleType>
-	<!-- AttributedNonEmptyURIType--> 
-	<!-- 2016-01. XML Schema CHANGE-->
-	<!-- AttributedNonEmptyURIType was included to allow to specify the type of the service/information found under the given URI -->
-    <xsd:complexType name="AttributedNonEmptyURIType"> 
-        <xsd:simpleContent> 
-            <xsd:extension base="tsl:NonEmptyURIType"> 
-                <xsd:attribute name="type" type="xsd:anyURI" use="optional"/> 
-            </xsd:extension> 
-        </xsd:simpleContent> 
-    </xsd:complexType> 
-
-	
-	<!-- -->
-	<!--NonEmptyURIType with language indication-->
-	<!-- -->
-   <xsd:annotation><xsd:documentation> Specified in TS 119 612 v2.1.1 clause 5.1.4 Language support</xsd:documentation></xsd:annotation>	   
-	<xsd:complexType name="NonEmptyMultiLangURIType">
-		<xsd:simpleContent>
-			<xsd:extension base="tsl:NonEmptyURIType">
-				<xsd:attribute ref="xml:lang" use="required"/>
-			</xsd:extension>
-		</xsd:simpleContent>
-	</xsd:complexType>
-	<!--List of NonEmptyURIType with language indication-->
-	<xsd:complexType name="NonEmptyMultiLangURIListType">
-		<xsd:sequence>
-			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--List of NonEmptyURIType-->
-	<xsd:complexType name="NonEmptyURIListType">
-		<xsd:sequence>
-			<xsd:element name="URI" type="tsl:NonEmptyURIType" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- -->
-	<!-- End auxiliary types -->
-	<!-- -->
-	<!-- ROOT Element -->
-	<xsd:element name="TrustServiceStatusList" type="tsl:TrustStatusListType"/>
-	<!-- Trust Status List Type Definition -->
-	<!-- 2013-10. XML Schema CHANGE-->
-	<!-- Attribute TSLTag declared as xsd:anyURI -->
-	<xsd:complexType name="TrustStatusListType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3 Scheme information-->
-			<xsd:element ref="tsl:SchemeInformation"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List-->
-			<xsd:element ref="tsl:TrustServiceProviderList" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.7 Digital signature-->
-			<xsd:element ref="ds:Signature" minOccurs="0"/>
-		</xsd:sequence>
-		<!--Specified in TS 119 612 v2.1.1 clause 5.2 Trusted List Tag-->
-		<xsd:attribute name="TSLTag" type="xsd:anyURI" use="required"/>
-		<xsd:attribute name="Id" type="xsd:ID" use="optional"/>
-	</xsd:complexType>
-	<!-- 2013-10. XML Schema CHANGE-->
-	<!-- Supressed the type TSLTagType that served to restrict the value of TSLTag by XML Schema-->
-	<!-- In this way, the XML Schema is independent of the TSLTag value and this may change from version to version-->
-	<!-- TrustServiceProviderListType-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List</xsd:documentation></xsd:annotation>
-	<xsd:element name="TrustServiceProviderList" type="tsl:TrustServiceProviderListType"/>
-	<xsd:complexType name="TrustServiceProviderListType">
-		<xsd:sequence>
- 		  <!--Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List-->
-			<xsd:element ref="tsl:TrustServiceProvider" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- TSL Scheme Information -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3 Scheme information</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeInformation" type="tsl:TSLSchemeInformationType"/>
-	<xsd:complexType name="TSLSchemeInformationType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.1 TSL version identifier-->
-			<xsd:element name="TSLVersionIdentifier" type="xsd:integer"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.2 TSL sequence number-->
-			<xsd:element name="TSLSequenceNumber" type="xsd:positiveInteger"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.3 TSL type-->
-			<xsd:element ref="tsl:TSLType"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.4 Scheme operator name-->
-			<xsd:element ref="tsl:SchemeOperatorName"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.5 Scheme operator address-->
-			<xsd:element name="SchemeOperatorAddress" type="tsl:AddressType"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.6 Scheme name-->
-			<xsd:element ref="tsl:SchemeName"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.7 Scheme information URI-->
-			<xsd:element ref="tsl:SchemeInformationURI"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.8 Status determination approach-->
-			<xsd:element name="StatusDeterminationApproach" type="tsl:NonEmptyURIType"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.9 Scheme type/community/rules-->
-			<xsd:element ref="tsl:SchemeTypeCommunityRules" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.10 Scheme territory-->
-			<xsd:element ref="tsl:SchemeTerritory" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.11 TSL policy/legal notice-->
-			<xsd:element ref="tsl:PolicyOrLegalNotice" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.12 Historical information period-->
-			<xsd:element name="HistoricalInformationPeriod" type="xsd:nonNegativeInteger"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs-->
-			<xsd:element ref="tsl:PointersToOtherTSL" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.14 List issue date and time-->
-			<xsd:element name="ListIssueDateTime" type="xsd:dateTime"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.15 Next update-->
-			<xsd:element ref="tsl:NextUpdate"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.16 Distribution points-->
-			<xsd:element ref="tsl:DistributionPoints" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.17 Scheme extensions-->
-			<xsd:element name="SchemeExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.3 TSL type</xsd:documentation></xsd:annotation>
-	<xsd:element name="TSLType" type="tsl:NonEmptyURIType"/>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.4 Scheme operator name</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeOperatorName" type="tsl:InternationalNamesType"/>
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.6 Scheme name</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeName" type="tsl:InternationalNamesType"/>
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.7 Scheme information URI</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeInformationURI" type="tsl:NonEmptyMultiLangURIListType"/>
-	<!-- 2013-10. XML Schema CHANGE-->
-	<!-- SchemeTypeCommunityRules changed to include MultilLang URIs for e-mails and web sites URIs as specified in TS 119 612-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.9 Scheme type/community/rules</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeTypeCommunityRules" type="tsl:NonEmptyMultiLangURIListType"/>
-	<!-- SchemeTerritory -->
-	<!-- 2014-04. XML Schema CHANGE-->
-	<!-- element SchemeTerritory is now of type xsd:string. Suppressed the restriction of having only 2 characters,
-	as this element may contain other values than the country codes-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.10 Scheme territory</xsd:documentation></xsd:annotation>
-	<xsd:element name="SchemeTerritory" type="xsd:string"/>	
-	<!-- Policy or Legal Notice -->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.11 TSL policy/legal notice</xsd:documentation></xsd:annotation>
-	<xsd:element name="PolicyOrLegalNotice" type="tsl:PolicyOrLegalnoticeType"/>
-	<xsd:complexType name="PolicyOrLegalnoticeType">
-		<xsd:choice>
-			<xsd:element name="TSLPolicy" type="tsl:NonEmptyMultiLangURIType" maxOccurs="unbounded"/>
-			<xsd:element name="TSLLegalNotice" type="tsl:MultiLangStringType" maxOccurs="unbounded"/>
-		</xsd:choice>
-	</xsd:complexType>
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.15 Next update</xsd:documentation></xsd:annotation>
-	<xsd:element name="NextUpdate" type="tsl:NextUpdateType"/>
-	<xsd:complexType name="NextUpdateType">
-		<xsd:sequence>
-			<xsd:element name="dateTime" type="xsd:dateTime" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!--OtherTSLPointersType-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs</xsd:documentation></xsd:annotation>
-	<xsd:element name="PointersToOtherTSL" type="tsl:OtherTSLPointersType"/>
-	<xsd:complexType name="OtherTSLPointersType">
-		<xsd:sequence>
-			<xsd:element ref="tsl:OtherTSLPointer" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="OtherTSLPointer" type="tsl:OtherTSLPointerType"/>
-	<xsd:complexType name="OtherTSLPointerType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item b) from Format-->
-			<xsd:element ref="tsl:ServiceDigitalIdentities" minOccurs="0"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item a) from Format-->
-			<xsd:element name="TSLLocation" type="tsl:NonEmptyURIType"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item c) from Format-->
-			<xsd:element ref="tsl:AdditionalInformation" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-   <xsd:annotation><xsd:documentation>pecified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item b) from Format</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceDigitalIdentities" type="tsl:ServiceDigitalIdentityListType"/>
-	<xsd:complexType name="ServiceDigitalIdentityListType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.5.3 Service digital identity-->
-			<xsd:element ref="tsl:ServiceDigitalIdentity" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.13 Pointers to other TSLs item c) from Format</xsd:documentation></xsd:annotation>
-	<xsd:element name="AdditionalInformation" type="tsl:AdditionalInformationType"/>
-	<xsd:complexType name="AdditionalInformationType">
-		<xsd:choice maxOccurs="unbounded">
-			<xsd:element name="TextualInformation" type="tsl:MultiLangStringType"/>
-			<xsd:element name="OtherInformation" type="tsl:AnyType"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<!--DistributionPoints element-->
-	<!-- 2013-10. XML Schema CHANGE-->
-	<!-- DistributionPointschanged from ElectronicAddress to nonEmptyURIListType as ElectronicAddress does
-	now contain a list of multilang URIs, which is not required for distribution points-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.16 Distribution points</xsd:documentation></xsd:annotation>
-	<xsd:element name="DistributionPoints" type="tsl:NonEmptyURIListType"/>
-	<!-- TSPType -->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.3.18 Trust Service Provider List</xsd:documentation></xsd:annotation>
-	<xsd:element name="TrustServiceProvider" type="tsl:TSPType"/>
-	<xsd:complexType name="TSPType">
-		<xsd:sequence>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.4 TSP information-->
-			<xsd:element ref="tsl:TSPInformation"/>
-		   <!--Specified in TS 119 612 v2.1.1 clause 5.4.6 TSP Services (list of services)-->
-			<xsd:element ref="tsl:TSPServices"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- TSPInformationType -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.4 TSP information</xsd:documentation></xsd:annotation>
-	<xsd:element name="TSPInformation" type="tsl:TSPInformationType"/>
-	<xsd:complexType name="TSPInformationType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.4.1 TSP name-->
-			<xsd:element name="TSPName" type="tsl:InternationalNamesType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.4.2 TSP trade name-->
-			<xsd:element name="TSPTradeName" type="tsl:InternationalNamesType" minOccurs="0"/>
-				<!--Specified in TS 119 612 v2.1.1 clause 5.4.3 TSP address.
-			   	postal address and electronic addresses have the formats specified in 5.3.5.1 and 5.3.5.2 respectively.
-			   	Their semantics are specified in 5.4.3.1 and 5.4.3.2 respectively
-			   -->
-			<xsd:element name="TSPAddress" type="tsl:AddressType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.4.4 TSP information URI-->
-			<xsd:element name="TSPInformationURI" type="tsl:NonEmptyMultiLangURIListType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.4.5 TSP information extensions-->
-			<xsd:element name="TSPInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- TSP Services-->
-   <xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.4.6 TSP Services (list of services)</xsd:documentation></xsd:annotation>
-	<xsd:element name="TSPServices" type="tsl:TSPServicesListType"/>
-	<xsd:complexType name="TSPServicesListType">
-		<xsd:sequence>
-			<xsd:element ref="tsl:TSPService" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:element name="TSPService" type="tsl:TSPServiceType"/>
-	<xsd:complexType name="TSPServiceType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5 Service information-->
-			<xsd:element ref="tsl:ServiceInformation"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.10 Service history-->
-			<xsd:element ref="tsl:ServiceHistory" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- TSPServiceInformationType -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5 Service information</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceInformation" type="tsl:TSPServiceInformationType"/>
-	<xsd:complexType name="TSPServiceInformationType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.1 Service type identifier-->
-			<xsd:element ref="tsl:ServiceTypeIdentifier"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.2 Service name-->
-			<xsd:element name="ServiceName" type="tsl:InternationalNamesType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.3 Service digital identity-->
-			<xsd:element ref="tsl:ServiceDigitalIdentity"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.4 Service current status-->
-			<xsd:element ref="tsl:ServiceStatus"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.5 Service status starting date and time-->
-			<xsd:element name="StatusStartingTime" type="xsd:dateTime"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.6 Scheme service definition URI-->
-			<xsd:element name="SchemeServiceDefinitionURI" type="tsl:NonEmptyMultiLangURIListType" minOccurs="0"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.7 Service supply points-->
-			<xsd:element ref="tsl:ServiceSupplyPoints" minOccurs="0"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.8 TSP service definition URI-->
-			<xsd:element name="TSPServiceDefinitionURI" type="tsl:NonEmptyMultiLangURIListType" minOccurs="0"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.5.9 Service information extensions-->
-			<xsd:element name="ServiceInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- Service status -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.4 Service current status</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceStatus" type="tsl:NonEmptyURIType"/>
-	<!-- Type for Service Supply Points -->
-		<!-- 2016-01. XML Schema CHANGE-->
-	<!-- ServiceSupplyPointsType changed to use AttributedNonEmptyURIType. The optional type attribute of AttributedNonEmptyURIType allows for each URI to specify the service/information to be found under this URI. 
-For example a ServiceSupplyPoints field associated to a service of a type "http://uri.etsi.org/TrstSvc/Svctype/CA/QC" could include: 
--	a URI pointing towards a descriptive text where users could be given information on (local) registration authorities and procedures to follow for being issued qualified certificates; 
--	a URI providing a CRL distribution point giving certificate status information for qualified certificates issued by or under the and further specified by the type attibute value "http://uri.etsi.org/TrstSvc/Svctype/Certstatus/CRL/QC". Such URI can for example provide access to a last and final CRL in case of service unexpected termination and/or impossibility to provide such a final CRL at the CRL distribution point available from issued certificate's extensions; and/or
--	a URI providing one access location of an OCSP responder authorized to provide certificate status information for qualified certificates issued by or under the service, and further specified by the type attibute value "http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC".
--->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.7 Service supply points</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceSupplyPoints" type="tsl:ServiceSupplyPointsType"/>
-	<xsd:complexType name="ServiceSupplyPointsType">
-		<xsd:sequence maxOccurs="unbounded">
-			<xsd:element name="ServiceSupplyPoint" type="tsl:AttributedNonEmptyURIType"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- TSPServiceIdentifier -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.1 Service type identifier</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceTypeIdentifier" type="tsl:NonEmptyURIType"/>
-	<!-- DigitalIdentityType  -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.3 Service digital identity</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceDigitalIdentity" type="tsl:DigitalIdentityListType"/>
-	<xsd:complexType name="DigitalIdentityListType">
-		<xsd:sequence>
-			<xsd:element name="DigitalId" type="tsl:DigitalIdentityType" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:complexType name="DigitalIdentityType">
-		<xsd:choice>
-			<xsd:element name="X509Certificate" type="xsd:base64Binary"/>
-			<xsd:element name="X509SubjectName" type="xsd:string"/>
-			<xsd:element ref="ds:KeyValue"/>
-			<xsd:element name="X509SKI" type="xsd:base64Binary"/>
-			<xsd:element name="Other" type="tsl:AnyType" minOccurs="0"/>
-		</xsd:choice>
-	</xsd:complexType>
-	<!-- ServiceHistory element-->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.10 Service history</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceHistory" type="tsl:ServiceHistoryType"/>
-	<xsd:complexType name="ServiceHistoryType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6 Service history instance-->
-			<xsd:element ref="tsl:ServiceHistoryInstance" minOccurs="0" maxOccurs="unbounded"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.6 Service history instance</xsd:documentation></xsd:annotation>
-	<xsd:element name="ServiceHistoryInstance" type="tsl:ServiceHistoryInstanceType"/>
-	<xsd:complexType name="ServiceHistoryInstanceType">
-		<xsd:sequence>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.1 Service type identifier-->
-			<xsd:element ref="tsl:ServiceTypeIdentifier"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.2 Service name-->
-			<xsd:element name="ServiceName" type="tsl:InternationalNamesType"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.3 Service digital identity-->
-			<xsd:element ref="tsl:ServiceDigitalIdentity"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.4 Service previous status-->
-			<xsd:element ref="tsl:ServiceStatus"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.5 Previous status starting date and time-->
-			<xsd:element name="StatusStartingTime" type="xsd:dateTime"/>
-			<!--Specified in TS 119 612 v2.1.1 clause 5.6.6 Service information extensions-->
-			<xsd:element name="ServiceInformationExtensions" type="tsl:ExtensionsListType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-	<!-- Elements and types for Extensions -->
-	<!-- Extensions children of tsl:VaExtension-->
-	<!-- Element ExpiredCertsRevocationInfo -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.4 expiredCertsRevocationInfo Extension</xsd:documentation></xsd:annotation>
-	<xsd:element name="ExpiredCertsRevocationInfo" type="xsd:dateTime"/>
-	<!-- Element additionalServiceInformation -->
-	<xsd:annotation><xsd:documentation>Specified in TS 119 612 v2.1.1 clause 5.5.9.1 additionalServiceInformation Extension</xsd:documentation></xsd:annotation>
-	<xsd:element name="AdditionalServiceInformation" type="tsl:AdditionalServiceInformationType"/>
-	<xsd:complexType name="AdditionalServiceInformationType">
-		<xsd:sequence>
-			<xsd:element name="URI" type="tsl:NonEmptyMultiLangURIType"/>
-			<xsd:element name="InformationValue" type="xsd:string" minOccurs="0"/>
-			<xsd:element name="OtherInformation" type="tsl:AnyType" minOccurs="0"/>
-		</xsd:sequence>
-	</xsd:complexType>
-</xsd:schema>
diff --git a/etc/schema/xml.xsd b/etc/schema/xml.xsd
deleted file mode 100644
index 3f4e85417..000000000
--- a/etc/schema/xml.xsd
+++ /dev/null
@@ -1,117 +0,0 @@
-<?xml version='1.0'?>
-<!-- DOCTYPE xs:schema PUBLIC "-//W3C//DTD XMLSCHEMA 200102//EN" "XMLSchema.dtd" -->
-<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema" xml:lang="en">
-
- <xs:annotation>
-  <xs:documentation>
-   See http://www.w3.org/XML/1998/namespace.html and
-   http://www.w3.org/TR/REC-xml for information about this namespace.
-
-    This schema document describes the XML namespace, in a form
-    suitable for import by other schema documents.  
-
-    Note that local names in this namespace are intended to be defined
-    only by the World Wide Web Consortium or its subgroups.  The
-    following names are currently defined in this namespace and should
-    not be used with conflicting semantics by any Working Group,
-    specification, or document instance:
-
-    base (as an attribute name): denotes an attribute whose value
-         provides a URI to be used as the base for interpreting any
-         relative URIs in the scope of the element on which it
-         appears; its value is inherited.  This name is reserved
-         by virtue of its definition in the XML Base specification.
-
-    lang (as an attribute name): denotes an attribute whose value
-         is a language code for the natural language of the content of
-         any element; its value is inherited.  This name is reserved
-         by virtue of its definition in the XML specification.
-  
-    space (as an attribute name): denotes an attribute whose
-         value is a keyword indicating what whitespace processing
-         discipline is intended for the content of the element; its
-         value is inherited.  This name is reserved by virtue of its
-         definition in the XML specification.
-
-    Father (in any context at all): denotes Jon Bosak, the chair of 
-         the original XML Working Group.  This name is reserved by 
-         the following decision of the W3C XML Plenary and 
-         XML Coordination groups:
-
-             In appreciation for his vision, leadership and dedication
-             the W3C XML Plenary on this 10th day of February, 2000
-             reserves for Jon Bosak in perpetuity the XML name
-             xml:Father
-  </xs:documentation>
- </xs:annotation>
-
- <xs:annotation>
-  <xs:documentation>This schema defines attributes and an attribute group
-        suitable for use by
-        schemas wishing to allow xml:base, xml:lang or xml:space attributes
-        on elements they define.
-
-        To enable this, such a schema must import this schema
-        for the XML namespace, e.g. as follows:
-        &lt;schema . . .>
-         . . .
-         &lt;import namespace="http://www.w3.org/XML/1998/namespace"
-                    schemaLocation="http://www.w3.org/2001/03/xml.xsd"/>
-
-        Subsequently, qualified reference to any of the attributes
-        or the group defined below will have the desired effect, e.g.
-
-        &lt;type . . .>
-         . . .
-         &lt;attributeGroup ref="xml:specialAttrs"/>
- 
-         will define a type which will schema-validate an instance
-         element with any of those attributes</xs:documentation>
- </xs:annotation>
-
- <xs:annotation>
-  <xs:documentation>In keeping with the XML Schema WG's standard versioning
-   policy, this schema document will persist at
-   http://www.w3.org/2001/03/xml.xsd.
-   At the date of issue it can also be found at
-   http://www.w3.org/2001/xml.xsd.
-   The schema document at that URI may however change in the future,
-   in order to remain compatible with the latest version of XML Schema
-   itself.  In other words, if the XML Schema namespace changes, the version
-   of this document at
-   http://www.w3.org/2001/xml.xsd will change
-   accordingly; the version at
-   http://www.w3.org/2001/03/xml.xsd will not change.
-  </xs:documentation>
- </xs:annotation>
-
- <xs:attribute name="lang" type="xs:language">
-  <xs:annotation>
-   <xs:documentation>In due course, we should install the relevant ISO 2- and 3-letter
-         codes as the enumerated possible values . . .</xs:documentation>
-  </xs:annotation>
- </xs:attribute>
-
- <xs:attribute name="space" default="preserve">
-  <xs:simpleType>
-   <xs:restriction base="xs:NCName">
-    <xs:enumeration value="default"/>
-    <xs:enumeration value="preserve"/>
-   </xs:restriction>
-  </xs:simpleType>
- </xs:attribute>
-
- <xs:attribute name="base" type="xs:anyURI">
-  <xs:annotation>
-   <xs:documentation>See http://www.w3.org/TR/xmlbase/ for
-                     information about this attribute.</xs:documentation>
-  </xs:annotation>
- </xs:attribute>
-
- <xs:attributeGroup name="specialAttrs">
-  <xs:attribute ref="xml:base"/>
-  <xs:attribute ref="xml:lang"/>
-  <xs:attribute ref="xml:space"/>
- </xs:attributeGroup>
-
-</xs:schema>
diff --git a/libdigidocpp.wxs b/libdigidocpp.wxs
index 748d0f79a..7d3b605ca 100644
--- a/libdigidocpp.wxs
+++ b/libdigidocpp.wxs
@@ -55,6 +55,8 @@
       <File Name="XalanMessages_1_12.dll" />
       <File Name="xsec_2_0.dll" />
       <File Name="libxml2.dll" />
+      <File Name="libxmlsec1.dll" />
+      <File Name="libxmlsec1-openssl.dll" />
     </ComponentGroup>
 
     <ComponentGroup Id="Libraries" Source="$(var.libdigidocpp)\bin">
diff --git a/patches/vcpkg-ports/xmlsec/CMakeLists.txt b/patches/vcpkg-ports/xmlsec/CMakeLists.txt
new file mode 100644
index 000000000..dc2e42186
--- /dev/null
+++ b/patches/vcpkg-ports/xmlsec/CMakeLists.txt
@@ -0,0 +1,177 @@
+cmake_minimum_required (VERSION 3.8)
+project (xmlsec1 C)
+
+option(INSTALL_HEADERS_TOOLS "Install public header files and tools" ON)
+
+find_package(LibXml2 REQUIRED)
+find_package(OpenSSL REQUIRED)
+#find_package(Iconv REQUIRED)
+
+FILE(GLOB SOURCESXMLSEC
+	src/*.c
+)
+
+FILE(GLOB SOURCESXMLSECOPENSSL
+	src/openssl/*.c
+	src/strings.c
+)
+
+# Generate xmlexports with fixed definition of XMLSEC_STATIC
+file(READ include/xmlsec/exports.h EXPORTS_H)
+if(BUILD_SHARED_LIBS)
+    string(REPLACE "!defined(XMLSEC_STATIC)" "1" EXPORTS_H "${EXPORTS_H}")
+else()
+    string(REPLACE "!defined(XMLSEC_STATIC)" "0" EXPORTS_H "${EXPORTS_H}")
+endif()
+file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/exports.h "${EXPORTS_H}")
+
+message(STATUS "Reading version info from configure.ac")
+
+file(STRINGS "configure.ac"
+    _xmlsec_version_defines REGEX "XMLSEC_VERSION_(MAJOR|MINOR|SUBMINOR)=([0-9]+)$")
+
+foreach(ver ${_xmlsec_version_defines})
+    if(ver MATCHES "XMLSEC_VERSION_(MAJOR|MINOR|SUBMINOR)=([0-9]+)$")
+        set(XMLSEC_VERSION_${CMAKE_MATCH_1} "${CMAKE_MATCH_2}" CACHE INTERNAL "")
+    endif()
+endforeach()
+
+set(XMLSEC_VERSION ${XMLSEC_VERSION_MAJOR}.${XMLSEC_VERSION_MINOR}.${XMLSEC_VERSION_SUBMINOR})
+math(EXPR XMLSEC_VERSION_INFO_NUMBER
+	"${XMLSEC_VERSION_MAJOR} + ${XMLSEC_VERSION_MINOR}")
+set(XMLSEC_VERSION_INFO ${XMLSEC_VERSION_INFO_NUMBER}:${XMLSEC_VERSION_SUBMINOR}:${XMLSEC_VERSION_MINOR})
+
+message(STATUS "XMLSEC_VERSION: ${XMLSEC_VERSION}")
+message(STATUS "XMLSEC_VERSION_MAJOR: ${XMLSEC_VERSION_MAJOR}")
+message(STATUS "XMLSEC_VERSION_MINOR: ${XMLSEC_VERSION_MINOR}")
+message(STATUS "XMLSEC_VERSION_SUBMINOR: ${XMLSEC_VERSION_SUBMINOR}")
+message(STATUS "XMLSEC_VERSION_INFO: ${XMLSEC_VERSION_INFO}")
+
+message(STATUS "Generating version.h")
+
+configure_file(include/xmlsec/version.h.in include/xmlsec/version.h)
+
+if(MSVC)
+  add_compile_options(/wd4130 /wd4127 /wd4152)
+endif()
+
+set(CMAKE_SHARED_LIBRARY_PREFIX "lib")
+set(CMAKE_STATIC_LIBRARY_PREFIX "lib")
+
+add_library(xmlsec1 ${SOURCESXMLSEC})
+add_library(xmlsec1-openssl ${SOURCESXMLSECOPENSSL})
+
+include_directories(${CMAKE_CURRENT_BINARY_DIR}/include include)
+
+target_link_libraries(xmlsec1 PRIVATE
+    LibXml2::LibXml2 OpenSSL::Crypto
+)
+target_link_libraries(xmlsec1-openssl PRIVATE
+    LibXml2::LibXml2 OpenSSL::Crypto xmlsec1
+)
+
+add_compile_definitions(inline=__inline)
+add_compile_definitions(PACKAGE="xmlsec1")
+add_compile_definitions(HAVE_STDIO_H)
+add_compile_definitions(HAVE_STDLIB_H)
+add_compile_definitions(HAVE_STRING_H)
+add_compile_definitions(HAVE_CTYPE_H)
+add_compile_definitions(HAVE_MALLOC_H)
+add_compile_definitions(HAVE_MEMORY_H)
+add_compile_definitions(XMLSEC_DEFAULT_CRYPTO="openssl")
+add_compile_definitions(XMLSEC_NO_GOST)
+add_compile_definitions(XMLSEC_NO_GOST2012)
+add_compile_definitions(UNICODE)
+add_compile_definitions(_UNICODE)
+add_compile_definitions(_MBCS)
+add_compile_definitions(_REENTRANT)
+
+set_target_properties(xmlsec1 xmlsec1-openssl PROPERTIES VERSION ${XMLSEC_VERSION_MAJOR}.${XMLSEC_VERSION_MINOR})
+
+if(NOT BUILD_SHARED_LIBS)
+    set(XMLSEC_CORE_CFLAGS "-DLIBXML_STATIC -DLIBXSLT_STATIC -DXMLSEC_STATIC -DXMLSEC_NO_CRYPTO_DYNAMIC_LOADING")
+    set(XMLSEC_OPENSSL_CFLAGS ${XMLSEC_CORE_CFLAGS})
+else()
+    set(XMLSEC_CORE_CFLAGS "-DXMLSEC_DL_WIN32")
+    set(XMLSEC_OPENSSL_CFLAGS ${XMLSEC_CORE_CFLAGS})
+endif()
+
+target_compile_definitions(xmlsec1
+    PRIVATE ${XMLSEC_CORE_CFLAGS}
+    PUBLIC XMLSEC_NO_XSLT XMLSEC_CRYPTO_OPENSSL
+)
+target_compile_definitions(xmlsec1-openssl PRIVATE ${XMLSEC_OPENSSL_CFLAGS})
+
+install(TARGETS xmlsec1 xmlsec1-openssl
+    EXPORT xmlsecExport
+    RUNTIME DESTINATION bin
+    LIBRARY DESTINATION lib
+    ARCHIVE DESTINATION lib
+)
+
+install(EXPORT xmlsecExport
+    FILE unofficial-xmlsec-config.cmake
+    NAMESPACE unofficial::xmlsec::
+    DESTINATION share/unofficial-xmlsec
+)
+
+if(INSTALL_HEADERS_TOOLS)
+	file(GLOB PUBLIC_HEADERS
+		include/xmlsec/*.h
+		include/xmlsec/openssl/*.h)
+    list(FILTER PUBLIC_HEADERS EXCLUDE REGEX "exports\\.h$")
+
+	foreach(file IN LISTS PUBLIC_HEADERS)
+		get_filename_component(dir ${file} DIRECTORY)
+		file(RELATIVE_PATH rel_dir ${CMAKE_SOURCE_DIR}/xmlsec/${LIB} ${dir})
+		install(FILES ${file} DESTINATION "include/${rel_dir}")
+	endforeach()
+
+	install(FILES ${CMAKE_CURRENT_BINARY_DIR}/include/xmlsec/version.h DESTINATION "include/xmlsec")
+	install(FILES ${CMAKE_CURRENT_BINARY_DIR}/exports.h DESTINATION "include/xmlsec")
+
+	# xmlsec application
+	add_executable(xmlsec
+		apps/crypto.c
+		apps/cmdline.c
+		apps/xmlsec.c)
+
+	if(CMAKE_SYSTEM_NAME STREQUAL "Windows" OR CMAKE_SYSTEM_NAME STREQUAL "WindowsStore")
+		target_link_libraries(xmlsec PRIVATE crypt32.lib)
+	endif()
+
+	target_link_libraries(xmlsec PRIVATE
+		${LIBXML2_LIBRARIES} OpenSSL::SSL xmlsec1 xmlsec1-openssl
+	)
+    #if(NOT Iconv_IS_BUILT_IN)
+    #    target_link_libraries(xmlsec PRIVATE Iconv::Iconv)
+    #endif()
+
+	if(BUILD_SHARED_LIBS)
+		target_compile_definitions(xmlsec PRIVATE -DXMLSEC_CRYPTO_DYNAMIC_LOADING)
+	else()
+        find_package(Threads REQUIRED)
+		target_compile_definitions(xmlsec PRIVATE -DLIBXML_STATIC -DLIBXSLT_STATIC -DXMLSEC_STATIC)
+        target_link_libraries(xmlsec PUBLIC Threads::Threads)
+	endif()
+	install(TARGETS xmlsec DESTINATION tools/xmlsec)
+endif()
+
+message(STATUS "Generating pkgconfig files")
+
+set(prefix ${CMAKE_INSTALL_PREFIX})
+set(exec_prefix ${prefix})
+set(libdir ${prefix}/${CMAKE_INSTALL_LIBDIR})
+set(includedir ${prefix}/${CMAKE_INSTALL_INCLUDEDIR})
+set(VERSION ${XMLSEC_VERSION})
+set(LIBXML_MIN_VERSION ${LIBXML2_VERSION_STRING})
+set(OPENSSL_LIBS "-lssl -lcrypto")
+set(XMLSEC_CORE_CFLAGS "${XMLSEC_CORE_CFLAGS} -DXMLSEC_DL_LIBLTDL=1 -I\${includedir}/xmlsec1 -DXMLSEC_CRYPTO_OPENSSL=1")
+set(XMLSEC_CORE_LIBS "-lxmlsec1 -lltdl")
+set(XMLSEC_OPENSSL_CFLAGS "${XMLSEC_OPENSSL_CFLAGS} -I\${includedir}/xmlsec1")
+set(XMLSEC_OPENSSL_LIBS "-L\${libdir} -lxmlsec1-openssl ${XMLSEC_CORE_LIBS} ${OPENSSL_LIBS}")
+
+configure_file(${PROJECT_SOURCE_DIR}/xmlsec.pc.in ${PROJECT_BINARY_DIR}/xmlsec1.pc @ONLY)
+configure_file(${PROJECT_SOURCE_DIR}/xmlsec-openssl.pc.in ${PROJECT_BINARY_DIR}/xmlsec1-openssl.pc @ONLY)
+install(FILES ${PROJECT_BINARY_DIR}/xmlsec1.pc DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig/)
+install(FILES ${PROJECT_BINARY_DIR}/xmlsec1-openssl.pc DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig/)
diff --git a/patches/vcpkg-ports/xmlsec/openssl.patch b/patches/vcpkg-ports/xmlsec/openssl.patch
new file mode 100644
index 000000000..fafbd6041
--- /dev/null
+++ b/patches/vcpkg-ports/xmlsec/openssl.patch
@@ -0,0 +1,11 @@
+diff -U3 -r xmlsec1-1.3.4.orig/src/openssl/x509.c xmlsec1-1.3.4/src/openssl/x509.c
+--- xmlsec1-1.3.4.orig/src/openssl/x509.c	2024-04-09 17:46:44
++++ xmlsec1-1.3.4/src/openssl/x509.c	2024-07-05 10:09:02
+@@ -44,6 +44,7 @@
+ #include <xmlsec/openssl/x509.h>
+ 
+ /* Windows overwrites X509_NAME and other things that break openssl */
++#undef X509_NAME
+ #include <openssl/evp.h>
+ #include <openssl/x509.h>
+ #include <openssl/x509_vfy.h>
diff --git a/patches/vcpkg-ports/xmlsec/pkgconfig_fixes.patch b/patches/vcpkg-ports/xmlsec/pkgconfig_fixes.patch
new file mode 100644
index 000000000..6e5196f59
--- /dev/null
+++ b/patches/vcpkg-ports/xmlsec/pkgconfig_fixes.patch
@@ -0,0 +1,21 @@
+diff --git a/xmlsec-openssl.pc.in b/xmlsec-openssl.pc.in
+index af3ae29..40635cf 100644
+--- a/xmlsec-openssl.pc.in
++++ b/xmlsec-openssl.pc.in
+@@ -8,5 +8,4 @@ Version: @VERSION@
+ Description: XML Security Library implements XML Signature and XML Encryption standards
+ Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_PC_FILE_COND@
+ Cflags: @XMLSEC_OPENSSL_CFLAGS@
+-Cflags.private: -DXMLSEC_STATIC
+ Libs: @XMLSEC_OPENSSL_LIBS@
+diff --git a/xmlsec.pc.in b/xmlsec.pc.in
+index 2d5a3ad..0f72d68 100644
+--- a/xmlsec.pc.in
++++ b/xmlsec.pc.in
+@@ -7,5 +7,5 @@ Name: xmlsec1
+ Version: @VERSION@
+ Description: XML Security Library implements XML Signature and XML Encryption standards
+ Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ @LIBXSLT_PC_FILE_COND@
+-Cflags: -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 @XMLSEC_CORE_CFLAGS@
++Cflags: @XMLSEC_CORE_CFLAGS@
+ Libs: -L${libdir} @XMLSEC_CORE_LIBS@
diff --git a/patches/vcpkg-ports/xmlsec/portfile.cmake b/patches/vcpkg-ports/xmlsec/portfile.cmake
new file mode 100644
index 000000000..095dcb894
--- /dev/null
+++ b/patches/vcpkg-ports/xmlsec/portfile.cmake
@@ -0,0 +1,39 @@
+vcpkg_minimum_required(VERSION 2022-10-12) # for ${VERSION}
+
+string(REPLACE "." "_" release_tag "xmlsec_${VERSION}")
+vcpkg_from_github(
+    OUT_SOURCE_PATH SOURCE_PATH
+    REPO lsh123/xmlsec
+    REF "${release_tag}"
+    SHA512 f75c84e991ab6aaaa910475c1d90c8cd460c48d3753902eb347005ca5679d75ba2b6a67cd2b6953bfe318e645eaf81b56be9c7e5530b4a2e2de0cefba5cefe85
+    HEAD_REF master
+    PATCHES 
+        pkgconfig_fixes.patch
+        openssl.patch
+)
+
+file(COPY "${CMAKE_CURRENT_LIST_DIR}/CMakeLists.txt" DESTINATION "${SOURCE_PATH}")
+
+vcpkg_cmake_configure(
+    SOURCE_PATH "${SOURCE_PATH}"
+    OPTIONS_DEBUG -DINSTALL_HEADERS_TOOLS=OFF
+)
+
+vcpkg_cmake_install()
+vcpkg_cmake_config_fixup(PACKAGE_NAME unofficial-xmlsec)
+vcpkg_fixup_pkgconfig()
+vcpkg_copy_pdbs()
+
+if(VCPKG_LIBRARY_LINKAGE STREQUAL dynamic)
+  vcpkg_replace_string(
+    "${CURRENT_PACKAGES_DIR}/include/xmlsec/xmlsec.h"
+    "ifdef XMLSEC_NO_SIZE_T"
+    "if 1 //ifdef XMLSEC_NO_SIZE_T"
+  )
+endif()
+
+# unofficial legacy usage
+file(INSTALL "${CMAKE_CURRENT_LIST_DIR}/xmlsec-config.cmake" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}")
+
+file(INSTALL "${CMAKE_CURRENT_LIST_DIR}/usage" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}")
+file(INSTALL "${SOURCE_PATH}/Copyright" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright)
diff --git a/patches/vcpkg-ports/xmlsec/usage b/patches/vcpkg-ports/xmlsec/usage
new file mode 100644
index 000000000..2192f4ae7
--- /dev/null
+++ b/patches/vcpkg-ports/xmlsec/usage
@@ -0,0 +1,17 @@
+xmlsec can be imported via CMake FindPkgConfig module:
+
+    find_package(PkgConfig)
+    # For dynamic loading of xmlsec crypto library
+    pkg_check_modules(XMLSEC1 REQUIRED IMPORTED_TARGET xmlsec1)
+    target_link_libraries(main PRIVATE PkgConfig::XMLSEC1)
+    # For selecting the openssl crypto engine at link time
+    pkg_check_modules(XMLSEC1_OPENSSL REQUIRED IMPORTED_TARGET xmlsec1-openssl)
+    target_link_libraries(main PRIVATE PkgConfig::XMLSEC1_OPENSSL)
+
+vcpkg provides proprietary CMake targets:
+
+    find_package(unofficial-xmlsec CONFIG REQUIRED)
+    # For dynamic loading of xmlsec crypto library
+    target_link_libraries(main PRIVATE unofficial::xmlsec::xmlsec1)
+    # For selecting the openssl crypto engine at link time
+    target_link_libraries(main PRIVATE unofficial::xmlsec::xmlsec1-openssl)
diff --git a/patches/vcpkg-ports/xmlsec/vcpkg.json b/patches/vcpkg-ports/xmlsec/vcpkg.json
new file mode 100644
index 000000000..fdf93d613
--- /dev/null
+++ b/patches/vcpkg-ports/xmlsec/vcpkg.json
@@ -0,0 +1,23 @@
+{
+  "name": "xmlsec",
+  "version": "1.3.4",
+  "description": "XML Security Library is a C library based on LibXML2. The library supports major XML security standards.",
+  "homepage": "https://www.aleksey.com/xmlsec/",
+  "license": "X11 AND MPL-1.1",
+  "supports": "!xbox & !uwp",
+  "dependencies": [
+    {
+      "name": "libxml2",
+      "default-features": false
+    },
+    "openssl",
+    {
+      "name": "vcpkg-cmake",
+      "host": true
+    },
+    {
+      "name": "vcpkg-cmake-config",
+      "host": true
+    }
+  ]
+}
diff --git a/patches/vcpkg-ports/xmlsec/xmlsec-config.cmake b/patches/vcpkg-ports/xmlsec/xmlsec-config.cmake
new file mode 100644
index 000000000..5c8b6f34b
--- /dev/null
+++ b/patches/vcpkg-ports/xmlsec/xmlsec-config.cmake
@@ -0,0 +1,10 @@
+file(READ "${CMAKE_CURRENT_LIST_DIR}/usage" usage)
+message(WARNING "find_package(xmlsec) is deprecated.\n${usage}")
+include(CMakeFindDependencyMacro)
+find_dependency(unofficial-xmlsec CONFIG REQUIRED)
+if(NOT TARGET xmlsec1)
+    add_library(xmlsec1 ALIAS unofficial::xmlsec::xmlsec1)
+endif()
+if(NOT TARGET xmlsec1-openssl)
+    add_library(xmlsec1-openssl ALIAS unofficial::xmlsec::xmlsec1-openssl)
+endif()
diff --git a/prepare_osx_build_environment.sh b/prepare_osx_build_environment.sh
index 813c15c6c..98765a52a 100755
--- a/prepare_osx_build_environment.sh
+++ b/prepare_osx_build_environment.sh
@@ -6,7 +6,8 @@ XALAN_DIR=xalan_c-1.12
 XMLSEC_DIR=xml-security-c-2.0.4
 XSD=xsd-4.0.0-i686-macosx
 OPENSSL_DIR=openssl-3.0.14
-LIBXML2_DIR=libxml2-2.12.5
+LIBXML2_DIR=libxml2-2.12.8
+XMLSEC1_DIR=xmlsec1-1.3.4
 ANDROID_NDK=android-ndk-r26d
 FREETYPE_DIR=freetype-2.10.1
 FONTCONFIG_DIR=fontconfig-2.13.1
@@ -247,6 +248,25 @@ function libxml2 {
     cd -
 }
 
+function xmlsec {
+    echo Building ${XMLSEC1_DIR}
+    if [ ! -f ${XMLSEC1_DIR}.tar.gz ]; then
+        curl -O -L http://www.aleksey.com/xmlsec/download/${XMLSEC1_DIR}.tar.gz
+    fi
+    rm -rf ${XMLSEC1_DIR}
+    tar xf ${XMLSEC1_DIR}.tar.gz
+    cd ${XMLSEC1_DIR}
+    case "${ARGS}" in
+    *android*) CONF_EXTRA="--without-libxslt --with-libxml=${TARGET_PATH}" ;;
+    *ios*) CONF_EXTRA="--without-libxslt" ;;
+    *) ;;
+    esac
+    ./configure --prefix=${TARGET_PATH} ${CONFIGURE} ${CONF_EXTRA} --disable-crypto-dl --without-gnutls --disable-apps --with-openssl=${TARGET_PATH}
+    make -s
+    sudo make install
+    cd -
+}
+
 function xsd {
     echo Building ${XSD}
     #if [ ! -f ${XSD}.tar.bz2 ]; then
@@ -419,6 +439,7 @@ case "$@" in
 *xalan*) xalan ;;
 *xmlsec*) xml_security ;;
 *libxml2*) libxml2 ;;
+*xmlasec*) xmlsec ;;
 *xsd*) xsd ;;
 *openssl*) openssl ;;
 *freetype*) freetype ;;
@@ -430,6 +451,7 @@ case "$@" in
     xalan
     xml_security
     libxml2
+    xmlsec
     ;;
 *)
     echo "Usage:"
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 3f8bacaa9..0f654891e 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -42,28 +42,6 @@ XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/OpenDocument_dsig.xsd
     --root-element document-signatures
     --namespace-map urn:oasis:names:tc:opendocument:xmlns:digitalsignature:1.0=digidoc::asic
     --namespace-map http://www.w3.org/2000/09/xmldsig\#=digidoc::dsig)
-XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/xml.xsd
-    --root-element-none )
-XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/ts_119612v020201_201601xsd.xsd
-    --root-element TrustServiceStatusList
-    --namespace-map http://uri.etsi.org/02231/v2\#=digidoc::tsl
-    --namespace-map http://www.w3.org/2000/09/xmldsig\#=digidoc::dsig
-    --custom-type AdditionalInformationType=/AdditionalInformationTypeBase
-    --custom-type ExtensionType=/ExtensionTypeBase
-    --hxx-epilogue \"\#include <xml/ExtensionType.h>\"
-    --hxx-epilogue \"\#include <xml/AdditionalInformationType.h>\" )
-XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/ts_119612v020101_additionaltypes_xsd.xsd
-    --root-element-none
-    --namespace-map http://uri.etsi.org/02231/v2\#=digidoc::tsl
-    --namespace-map http://uri.etsi.org/02231/v2/additionaltypes\#=digidoc::tsl
-    --namespace-map http://uri.etsi.org/01903/v1.3.2\#=digidoc::xades )
-XSD_SCHEMA( xsd_SRCS XML_HEADER ${XML_DIR} ${SCHEMA_DIR}/ts_119612v020101_sie_xsd.xsd
-    --root-element-none
-    --accessor-regex /assert/assert_/
-    --modifier-regex /assert/assert_/
-    --namespace-map http://uri.etsi.org/02231/v2\#=digidoc::tsl
-    --namespace-map http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/\#=digidoc::tsl
-    --namespace-map http://uri.etsi.org/01903/v1.3.2\#=digidoc::xades )
 
 
 file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/tslcerts.h "namespace digidoc {\nstatic const std::vector<X509Cert> tslcerts {\n")
@@ -82,10 +60,6 @@ set( SCHEMA_FILES
     ${SCHEMA_DIR}/XAdES01903v132-201601-relaxed.xsd
     ${SCHEMA_DIR}/XAdES01903v141-201601.xsd
     ${SCHEMA_DIR}/en_31916201v010101.xsd
-    ${SCHEMA_DIR}/xml.xsd
-    ${SCHEMA_DIR}/ts_119612v020201_201601xsd.xsd
-    ${SCHEMA_DIR}/ts_119612v020101_additionaltypes_xsd.xsd
-    ${SCHEMA_DIR}/ts_119612v020101_sie_xsd.xsd
     ${SCHEMA_DIR}/OpenDocument_dsig.xsd
 )
 set( PUBLIC_HEADER
@@ -121,9 +95,7 @@ add_library(digidocpp_priv STATIC
     crypto/TSL.cpp
     crypto/X509Crypto.cpp
     util/DateTime.cpp
-    xml/AdditionalInformationType.cpp
     xml/AnyType.cpp
-    xml/ExtensionType.cpp
     xml/ObjectType.cpp
     xml/SecureDOMParser.cpp
     xml/UnsignedSignaturePropertiesType.cpp
@@ -152,6 +124,7 @@ target_link_libraries(digidocpp_priv
     XmlSecurityC::XmlSecurityC
     ZLIB::ZLIB
     LibXml2::LibXml2
+    xmlsec
     $<$<C_COMPILER_ID:MSVC>:Ws2_32>
 )
 
@@ -334,7 +307,8 @@ if( FRAMEWORK )
     add_custom_target( embedlibs DEPENDS digidocpp $<TARGET_NAME_IF_EXISTS:digidoc-tool>
         COMMAND mkdir -p $<TARGET_FILE_DIR:digidocpp>/Libraries
         COMMAND ln -s -f Versions/Current/Libraries $<TARGET_BUNDLE_DIR:digidocpp>
-        COMMAND cp ${XmlSecurityC_LIBRARIES} $<TARGET_FILE_DIR:digidocpp>/Libraries
+        COMMAND cp ${XmlSecurityC_LIBRARIES} ${XMLSEC1_OPENSSL_LINK_LIBRARIES} $<TARGET_FILE_DIR:digidocpp>/Libraries
+        COMMAND rm $<TARGET_FILE_DIR:digidocpp>/Libraries/*.tbd
         COMMAND chmod 644 $<TARGET_FILE_DIR:digidocpp>/Libraries/*
         COMMAND install_name_tool -id 'libcrypto.dylib'
             $<TARGET_FILE_DIR:digidocpp>/Libraries/libcrypto.dylib
@@ -357,12 +331,20 @@ if( FRAMEWORK )
             -change '${LIBPATH}/libxalan-c.112.dylib' '@loader_path/libxalan-c.dylib'
             -change '${LIBPATH}/libxalanMsg.112.dylib' '@loader_path/libxalanMsg.dylib'
             $<TARGET_FILE_DIR:digidocpp>/Libraries/libxml-security-c.dylib
+        COMMAND install_name_tool -id 'libxmlsec1.1.dylib'
+            $<TARGET_FILE_DIR:digidocpp>/Libraries/libxmlsec1.dylib
+        COMMAND install_name_tool -id 'libxmlsec1-openssl.dylib'
+            -change '${LIBPATH}/libcrypto.3.dylib' '@loader_path/libcrypto.dylib'
+            -change '${LIBPATH}/libxmlsec1.1.dylib' '@loader_path/libxmlsec1.dylib'
+            $<TARGET_FILE_DIR:digidocpp>/Libraries/libxmlsec1-openssl.dylib
         COMMAND install_name_tool
             -change '${LIBPATH}/libcrypto.3.dylib' '@loader_path/Libraries/libcrypto.dylib'
             -change '${LIBPATH}/libssl.3.dylib' '@loader_path/Libraries/libssl.dylib'
             -change '${LIBPATH}/libxerces-c-3.2.dylib' '@loader_path/Libraries/libxerces-c.dylib'
             -change '${LIBPATH}/libxml-security-c.20.dylib' '@loader_path/Libraries/libxml-security-c.dylib'
             -change '${LIBPATH}/libxalan-c.112.dylib' '@loader_path/Libraries/libxalan-c.dylib'
+            -change '${LIBPATH}/libxmlsec1.1.dylib' '@loader_path/Libraries/libxmlsec1.dylib'
+            -change '${LIBPATH}/libxmlsec1-openssl.1.dylib' '@loader_path/Libraries/libxmlsec1-openssl.dylib'
             $<TARGET_FILE:digidocpp>
     )
     if(BUILD_TOOLS)
@@ -375,6 +357,8 @@ if( FRAMEWORK )
                 -change '${LIBPATH}/libxerces-c-3.2.dylib' '@executable_path/../Libraries/libxerces-c.dylib'
                 -change '${LIBPATH}/libxml-security-c.20.dylib' '@executable_path/../Libraries/libxml-security-c.dylib'
                 -change '${LIBPATH}/libxalan-c.112.dylib' '@executable_path/../Libraries/libxalan-c.dylib'
+                -change '${LIBPATH}/libxmlsec1.1.dylib' '@executable_path/../Libraries/libxmlsec1.dylib'
+                -change '${LIBPATH}/libxmlsec1-openssl.1.dylib' '@executable_path/../Libraries/libxmlsec1-openssl.dylib'
                 $<TARGET_FILE_DIR:digidocpp>/Resources/digidoc-tool
             COMMAND touch $<TARGET_FILE:digidoc-tool>
         )
diff --git a/src/Container.cpp b/src/Container.cpp
index 932351f60..1d61086d5 100644
--- a/src/Container.cpp
+++ b/src/Container.cpp
@@ -31,6 +31,12 @@
 #include "util/log.h"
 
 #include <libxml/parser.h>
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/crypto.h>
 
 DIGIDOCPP_WARNING_PUSH
 DIGIDOCPP_WARNING_DISABLE_CLANG("-Wnull-conversion")
@@ -71,6 +77,9 @@ static string m_appName = "libdigidocpp";
 static string m_userAgent = "libdigidocpp";
 static vector<decltype(&Container::createPtr)> m_createList {};
 static vector<std::unique_ptr<Container> (*)(const std::string &path, ContainerOpenCB *cb)> m_openList {};
+#ifndef XMLSEC_NO_XSLT
+static xsltSecurityPrefsPtr xsltSecPrefs {};
+#endif
 }
 
 /**
@@ -142,6 +151,39 @@ void digidoc::initialize(const string &appInfo, const string &userAgent, initCal
         }
     }
 
+    LIBXML_TEST_VERSION
+    xmlLineNumbersDefaultValue = 1;
+    xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+    xmlSubstituteEntitiesDefault(1);
+    xmlIndentTreeOutput = 1;
+#ifndef XMLSEC_NO_XSLT
+    xsltSecPrefs = xsltNewSecurityPrefs();
+    xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_READ_FILE,        xsltSecurityForbid);
+    xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_WRITE_FILE,       xsltSecurityForbid);
+    xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+    xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_READ_NETWORK,     xsltSecurityForbid);
+    xsltSetSecurityPrefs(xsltSecPrefs,  XSLT_SECPREF_WRITE_NETWORK,    xsltSecurityForbid);
+    xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif
+    if(xmlSecInit() < 0)
+        THROW("Error during initialisation of xmlsec.");
+    if(xmlSecCheckVersion() != 1)
+        THROW("Error during initialisation of xmlsec. Loaded xmlsec library version is not compatible");
+
+    /* Load default crypto engine if we are supporting dynamic
+     * loading for xmlsec-crypto libraries. Use the crypto library
+     * name ("openssl", "nss", etc.) to load corresponding
+     * xmlsec-crypto library.
+     */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+    if(xmlSecCryptoDLLoadLibrary(nullptr) < 0)
+        THROW("Error during initialisation of xmlsec. Unable to load default xmlsec-crypto library");
+#endif
+    if(xmlSecCryptoAppInit(nullptr) < 0)
+        THROW("Error during initialisation of xmlsec. Crypto initialization failed.");
+    if(xmlSecCryptoInit() < 0)
+        THROW("Error during initialisation of xmlsec. xmlsec-crypto initialization failed.");
+
     if(!Conf::instance())
         Conf::init(new XmlConfCurrent);
 
@@ -188,6 +230,14 @@ void digidoc::terminate()
     } catch (...) {
         // Don't throw on terminate
     }
+
+    xmlSecCryptoShutdown();
+    xmlSecCryptoAppShutdown();
+    xmlSecShutdown();
+#ifndef XMLSEC_NO_XSLT
+    xsltFreeSecurityPrefs(xsltSecPrefs);
+    xsltCleanupGlobals();
+#endif
     xmlCleanupParser();
     m_createList.clear();
     m_openList.clear();
diff --git a/src/XMLDocument.h b/src/XMLDocument.h
index b2008899f..b1f4b614f 100644
--- a/src/XMLDocument.h
+++ b/src/XMLDocument.h
@@ -26,6 +26,10 @@
 #include <libxml/xmlschemas.h>
 #include <libxml/c14n.h> // needs to be last to workaround old libxml2 errors
 
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/crypto.h>
+
 #include <openssl/evp.h>
 
 #include <memory>
@@ -162,6 +166,12 @@ struct XMLElem
     pointer d{};
 };
 
+struct XMLName
+{
+    std::string_view name = {};
+    std::string_view ns = {};
+};
+
 struct XMLNode: public XMLElem<xmlNode>
 {
     struct iterator: XMLElem<xmlNode>
@@ -221,6 +231,11 @@ struct XMLNode: public XMLElem<xmlNode>
         return next;
     }
 
+    operator std::vector<unsigned char>()
+    {
+        return from_base64(operator sv());
+    }
+
     XMLNode& operator=(sv text) noexcept
     {
         if(!d)
@@ -235,12 +250,11 @@ struct XMLNode: public XMLElem<xmlNode>
     {
         return find(*begin(), name, ns());
     }
-};
 
-struct XMLName
-{
-    std::string_view name = {};
-    std::string_view ns = {};
+    constexpr XMLNode operator/(const XMLName &name) const noexcept
+    {
+        return find(*begin(), name.name, name.ns);
+    }
 };
 
 struct XMLDocument: public unique_xml_t<decltype(xmlFreeDoc)>, public XMLNode
@@ -263,7 +277,7 @@ struct XMLDocument: public unique_xml_t<decltype(xmlFreeDoc)>, public XMLNode
     }
 
     XMLDocument(std::string_view path, const XMLName &n = {}) noexcept
-        : XMLDocument(xmlParseFile(path.data()), n)
+        : XMLDocument(path.empty() ? nullptr : xmlParseFile(path.data()), n)
     {}
 
     static XMLDocument openStream(std::istream &is, const XMLName &name = {}, bool hugeFile = false)
@@ -368,6 +382,22 @@ struct XMLDocument: public unique_xml_t<decltype(xmlFreeDoc)>, public XMLNode
         return xmlSchemaValidateDoc(validate.get(), get()) == 0;
     }
 
+    static bool verifySignature(XMLNode signature) noexcept
+    {
+        auto mngr = make_unique_ptr(xmlSecKeysMngrCreate(), xmlSecKeysMngrDestroy);
+        if(!mngr)
+            return false;
+        if(xmlSecCryptoAppDefaultKeysMngrInit(mngr.get()) < 0)
+            return false;
+        auto ctx = make_unique_ptr(xmlSecDSigCtxCreate(mngr.get()), xmlSecDSigCtxDestroy);
+        if(!ctx)
+            return false;
+        ctx->keyInfoReadCtx.flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+        if(xmlSecDSigCtxVerify(ctx.get(), signature.d) < 0)
+            return false;
+        return ctx->status == xmlSecDSigStatusSucceeded;
+    }
+
     static void schemaValidationError(void */*ctx*/, const char *msg, ...) noexcept
     {
         va_list args{};
diff --git a/src/crypto/TSL.cpp b/src/crypto/TSL.cpp
index 192790950..25c0e89ac 100644
--- a/src/crypto/TSL.cpp
+++ b/src/crypto/TSL.cpp
@@ -20,37 +20,29 @@
 #include "crypto/TSL.h"
 
 #include "Conf.h"
+#include "XMLDocument.h"
 #include "crypto/Connect.h"
-#include "crypto/Digest.h"
 #include "util/DateTime.h"
 #include "util/File.h"
-#include "util/log.h"
-#include "xml/ts_119612v020201_201601xsd.hxx"
-
-DIGIDOCPP_WARNING_PUSH
-DIGIDOCPP_WARNING_DISABLE_CLANG("-Wnull-conversion")
-DIGIDOCPP_WARNING_DISABLE_GCC("-Wunused-parameter")
-DIGIDOCPP_WARNING_DISABLE_MSVC(4005)
-#include <xsec/enc/OpenSSL/OpenSSLCryptoX509.hpp>
-#include <xsec/enc/XSECKeyInfoResolverDefault.hpp>
-#include <xsec/framework/XSECException.hpp>
-#include <xsec/framework/XSECProvider.hpp>
-DIGIDOCPP_WARNING_POP
 
 #include <array>
-#include <cmath>
+#include <charconv>
 #include <fstream>
 #include <future>
 
 using namespace digidoc;
-using namespace digidoc::tsl;
 using namespace digidoc::util;
 using namespace std;
-using namespace xercesc;
-using namespace xml_schema;
 
 namespace digidoc {
 
+constexpr string_view TSL_NS {"http://uri.etsi.org/02231/v2#"};
+constexpr string_view ADD_NS {"http://uri.etsi.org/02231/v2/additionaltypes#"};
+constexpr string_view ECC_NS {"http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#"};
+constexpr string_view DSIG_NS {"http://www.w3.org/2000/09/xmldsig#"};
+constexpr string_view XADES_NS {"http://uri.etsi.org/01903/v1.3.2#"};
+constexpr string_view XML_NS {"http://www.w3.org/XML/1998/namespace"};
+
 constexpr array SCHEMES_URI {
     "http://uri.etsi.org/TrstSvc/eSigDir-1999-93-EC-TrustedList/TSLType/schemes",
     "http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUlistofthelists",
@@ -98,7 +90,7 @@ constexpr array SERVICES_SUPPORTED {
 };
 
 template<typename C, typename T>
-constexpr bool find(const C &list, const T &value)
+constexpr bool contains(const C &list, const T &value)
 {
     return find(list.begin(), list.end(), value) != list.end();
 }
@@ -107,45 +99,19 @@ constexpr bool find(const C &list, const T &value)
 
 
 
-TSL::TSL(string file)
-    : path(std::move(file))
+TSL::TSL(const string &file)
+    : XMLDocument(file, {"TrustServiceStatusList", TSL_NS})
+    , schemeInformation((*this)/"SchemeInformation")
 {
-    try {
-        if(path.empty() || File::fileSize(path) == 0)
-            return;
-        Properties properties;
-        properties.schema_location("http://uri.etsi.org/02231/v2#",
-            Conf::instance()->xsdPath() + "/ts_119612v020201_201601xsd.xsd");
-        tsl = trustServiceStatusList(path,
-            Flags::keep_dom|Flags::dont_initialize|Flags::dont_validate, properties);
-    }
-    catch(const Parsing &e)
-    {
-        stringstream s;
-        s << e;
-        WARN("Failed to parse TSL %s %s: %s", territory().c_str(), path.c_str(), s.str().c_str());
-    }
-    catch(const xsd::cxx::exception &e)
-    {
-        WARN("Failed to parse TSL %s %s: %s", territory().c_str(), path.c_str(), e.what());
-    }
-    catch(const XMLException &e)
-    {
-        try {
-            string result = xsd::cxx::xml::transcode<char>(e.getMessage());
-            WARN("Failed to parse TSL %s %s: %s", territory().c_str(), path.c_str(), result.c_str());
-        } catch(const xsd::cxx::xml::invalid_utf16_string & /* ex */) {
-            WARN("Failed to parse TSL %s %s", territory().c_str(), path.c_str());
-        }
-    }
-    catch(const Exception &e)
-    {
-        WARN("Failed to parse TSL %s %s: %s", territory().c_str(), path.c_str(), e.msg().c_str());
-    }
-    catch(...)
+    if(file.empty())
+        return;
+    if(get())
     {
-        WARN("Failed to parse TSL %s %s", territory().c_str(), path.c_str());
+        static array<const xmlChar*,2> ids { pcxmlChar("Id"), nullptr };
+        xmlSecAddIDs(get(), nullptr, ids.data());
     }
+    else
+        WARN("Failed to parse configuration: %s", file.c_str());
 }
 
 bool TSL::activate(const string &territory)
@@ -162,31 +128,29 @@ bool TSL::activate(const string &territory)
 
 vector<TSL::Service> TSL::services() const
 {
-    if(!find(GENERIC_URI, type()) || !tsl->trustServiceProviderList())
+    if(!contains(GENERIC_URI, type()))
         return {};
 
     vector<Service> services;
-    for(const TSPType &pointer: tsl->trustServiceProviderList()->trustServiceProvider())
+    for(auto pointer = (*this)/"TrustServiceProviderList"/"TrustServiceProvider"; pointer; pointer++)
     {
-        for(const TSPServiceType &service: pointer.tSPServices().tSPService())
+        for(auto service = pointer/"TSPServices"/"TSPService"; service; service++)
         {
-            const TSPServiceInformationType &serviceInfo = service.serviceInformation();
-            if(!find(SERVICES_SUPPORTED, serviceInfo.serviceTypeIdentifier()))
+            auto serviceInfo = service/"ServiceInformation";
+            string_view type = serviceInfo/"ServiceTypeIdentifier";
+            if(!contains(SERVICES_SUPPORTED, type))
                 continue;
             Service s;
-            s.type = serviceInfo.serviceTypeIdentifier();
-            s.name = toString(serviceInfo.serviceName());
+            s.type = type;
+            s.name = toString(serviceInfo/"ServiceName");
             if(!parseInfo(serviceInfo, s))
                 continue;
-            if(service.serviceHistory())
+            for(auto history = service/"ServiceHistory"/"ServiceHistoryInstance"; history; history++)
             {
-                for(const ServiceHistoryInstanceType &history: service.serviceHistory()->serviceHistoryInstance())
-                {
-                    if(history.serviceTypeIdentifier() != serviceInfo.serviceTypeIdentifier())
-                        DEBUG("History service type is not supported %s", history.serviceTypeIdentifier().c_str());
-                    else
-                        parseInfo(history, s);
-                }
+                if(string_view historyType = history/"ServiceTypeIdentifier"; historyType != s.type)
+                    DEBUG("History service type is not supported %.*s", int(historyType.size()), historyType.data());
+                else
+                    parseInfo(history, s);
             }
             services.push_back(std::move(s));
         }
@@ -220,24 +184,22 @@ string TSL::fetch(const string &url, const string &path)
 
 bool TSL::isExpired() const
 {
-    return !tsl || !tsl->schemeInformation().nextUpdate().dateTime() ||
-        date::xsd2time_t(tsl->schemeInformation().nextUpdate().dateTime().get()) < time(nullptr);
+    return nextUpdate() < date::to_string(time(nullptr));
 }
 
-string TSL::issueDate() const
+string_view TSL::issueDate() const noexcept
 {
-    return !tsl ? string() : date::to_string(tsl->schemeInformation().listIssueDateTime());
+    return schemeInformation/"ListIssueDateTime";
 }
 
-string TSL::nextUpdate() const
+string_view TSL::nextUpdate() const noexcept
 {
-    return !tsl || !tsl->schemeInformation().nextUpdate().dateTime() ?
-        string() : date::to_string(tsl->schemeInformation().nextUpdate().dateTime().get());
+    return schemeInformation/"NextUpdate"/"dateTime";
 }
 
-string_view TSL::operatorName() const
+string_view TSL::operatorName() const noexcept
 {
-    return !tsl ? string_view() : toString(tsl->schemeInformation().schemeOperatorName());
+    return toString(schemeInformation/"SchemeOperatorName");
 }
 
 vector<TSL::Service> TSL::parse()
@@ -246,7 +208,7 @@ vector<TSL::Service> TSL::parse()
     string cache = CONF(TSLCache);
     vector<X509Cert> cert = CONF(TSLCerts);
     File::createDirectory(cache);
-    return parse(url, cert, cache, File::fileName(url));
+    return parse(url, cert, cache, string(File::fileName(url)));
 }
 
 vector<TSL::Service> TSL::parse(const string &url, const vector<X509Cert> &certs,
@@ -260,7 +222,7 @@ vector<TSL::Service> TSL::parse(const string &url, const vector<X509Cert> &certs
         vector< future< vector<TSL::Service> > > futures;
         for(const TSL::Pointer &p: tsl.pointers())
         {
-            if(!File::fileExists(cache + '/' + p.territory + ".xml"))
+            if(!File::fileExists(cache + "/" + p.territory + ".xml"))
                 continue;
             futures.push_back(async(launch::async, [p, cache]{
                 return parse(p.location, p.certs, cache, p.territory + ".xml");
@@ -290,7 +252,7 @@ TSL TSL::parseTSL(const string &url, const vector<X509Cert> &certs,
     try {
         TSL tsl(path);
         tsl.validate(certs);
-        valid = tsl;
+        valid = std::move(tsl);
         DEBUG("TSL %s (%llu) signature is valid", territory.c_str(), tsl.sequenceNumber());
 
         if(valid.isExpired())
@@ -318,7 +280,7 @@ TSL TSL::parseTSL(const string &url, const vector<X509Cert> &certs,
         string etag = fetch(url, tmp);
         TSL tsl = TSL(tmp);
         tsl.validate(certs);
-        valid = tsl;
+        valid = std::move(tsl);
 
         ofstream(File::encodeName(path), ofstream::binary|fstream::trunc)
             << ifstream(File::encodeName(tmp), fstream::binary).rdbuf();
@@ -329,7 +291,7 @@ TSL TSL::parseTSL(const string &url, const vector<X509Cert> &certs,
         DEBUG("TSL %s (%llu) signature is valid", territory.c_str(), tsl.sequenceNumber());
     } catch(const Exception &) {
         ERR("TSL %s signature is invalid", territory.c_str());
-        if(!valid.tsl)
+        if(!valid)
             throw;
     }
 
@@ -339,126 +301,129 @@ TSL TSL::parseTSL(const string &url, const vector<X509Cert> &certs,
     return valid;
 }
 
-template<class Info>
-bool TSL::parseInfo(const Info &info, Service &s)
+bool TSL::parseInfo(XMLNode info, Service &s)
 {
     vector<Qualifier> qualifiers;
-    if(info.serviceInformationExtensions())
+    for(auto extension = info/"ServiceInformationExtensions"/"Extension"; extension; extension++)
     {
-        for(const ExtensionType &extension: info.serviceInformationExtensions()->extension())
+        if(extension.property("Critical") == "true")
         {
-            if(extension.critical())
+            if(auto takenOverByType = extension/"TakenOverByType")
+                WARN("Found critical extension TakenOverByType '%s'", toString(takenOverByType/"TSPName").data());
+            if(extension/"ExpiredCertsRevocationInfo")
             {
-                if(extension.takenOverByType())
-                    WARN("Found critical extension TakenOverByType '%s'", toString(extension.takenOverByType()->tSPName()).data());
-                if(extension.expiredCertsRevocationInfo())
-                {
-                    WARN("Found critical extension ExpiredCertsRevocationInfo");
-                    return false;
-                }
+                WARN("Found critical extension ExpiredCertsRevocationInfo");
+                return false;
+            }
+        }
+        if(auto additional = extension/"AdditionalServiceInformation")
+            s.additional = additional/"URI";
+        for(auto element = extension/XMLName{"Qualifications", ECC_NS}/"QualificationElement"; element; element++)
+        {
+            Qualifier &q = qualifiers.emplace_back();
+            for(auto qualifier = element/"Qualifiers"/"Qualifier"; qualifier; qualifier++)
+            {
+                if(auto uri = qualifier.property("uri"); !uri.empty())
+                    q.qualifiers.emplace_back(uri);
             }
-            if(extension.additionalServiceInformationType())
-                s.additional = extension.additionalServiceInformationType()->uRI();
-            if(extension.qualificationsType())
+            auto criteriaList = element/"CriteriaList";
+            q.assert_ = criteriaList.property("assert");
+            for(auto criteria: criteriaList)
             {
-                for(const QualificationElementType &element: extension.qualificationsType()->qualificationElement())
+                if(criteria.name() == "KeyUsage" && criteria.ns() == ECC_NS)
                 {
-                    Qualifier &q = qualifiers.emplace_back();
-                    for(const QualifierType &qualifier: element.qualifiers().qualifier())
+                    map<X509Cert::KeyUsage,bool> &usage = q.keyUsage.emplace_back();
+                    for(auto bit = criteria/"KeyUsageBit"; bit; bit++)
                     {
-                        if(qualifier.uri())
-                            q.qualifiers.push_back(qualifier.uri().get());
+                        auto name = bit.property("name");
+                        auto value = string_view(bit) == "true";
+                        if(name == "digitalSignature")
+                            usage[X509Cert::DigitalSignature] = value;
+                        if(name == "nonRepudiation")
+                            usage[X509Cert::NonRepudiation] = value;
+                        if(name == "keyEncipherment")
+                            usage[X509Cert::KeyEncipherment] = value;
+                        if(name == "dataEncipherment")
+                            usage[X509Cert::DataEncipherment] = value;
+                        if(name == "keyAgreement")
+                            usage[X509Cert::KeyAgreement] = value;
+                        if(name == "keyCertSign")
+                            usage[X509Cert::KeyCertificateSign] = value;
+                        if(name == "crlSign")
+                            usage[X509Cert::CRLSign] = value;
+                        if(name == "encipherOnly")
+                            usage[X509Cert::EncipherOnly] = value;
+                        if(name == "decipherOnly")
+                            usage[X509Cert::DecipherOnly] = value;
                     }
-                    const CriteriaListType &criteria = element.criteriaList();
-                    if(criteria.assert_())
-                        q.assert_ = criteria.assert_().get();
-                    for(const KeyUsageType &keyUsage: criteria.keyUsage())
-                    {
-                        map<X509Cert::KeyUsage,bool> &usage = q.keyUsage.emplace_back();
-                        for(const KeyUsageBitType &bit: keyUsage.keyUsageBit())
-                        {
-                            if(!bit.name())
-                                continue;
-                            if(bit.name().get() == "digitalSignature")
-                                usage[X509Cert::DigitalSignature] = bit;
-                            if(bit.name().get() == "nonRepudiation")
-                                usage[X509Cert::NonRepudiation] = bit;
-                            if(bit.name().get() == "keyEncipherment")
-                                usage[X509Cert::KeyEncipherment] = bit;
-                            if(bit.name().get() == "dataEncipherment")
-                                usage[X509Cert::DataEncipherment] = bit;
-                            if(bit.name().get() == "keyAgreement")
-                                usage[X509Cert::KeyAgreement] = bit;
-                            if(bit.name().get() == "keyCertSign")
-                                usage[X509Cert::KeyCertificateSign] = bit;
-                            if(bit.name().get() == "crlSign")
-                                usage[X509Cert::CRLSign] = bit;
-                            if(bit.name().get() == "encipherOnly")
-                                usage[X509Cert::EncipherOnly] = bit;
-                            if(bit.name().get() == "decipherOnly")
-                                usage[X509Cert::DecipherOnly] = bit;
-                        }
-                    }
-                    for(const PoliciesListType &policySet: criteria.policySet())
+                }
+                if(criteria.name() == "PolicySet" && criteria.ns() == ECC_NS)
+                {
+                    vector<string> &policies = q.policySet.emplace_back();
+                    for(auto policy = criteria/"PolicyIdentifier"; policy; policy++)
                     {
-                        vector<string> &policies = q.policySet.emplace_back();
-                        policies.reserve(policySet.policyIdentifier().size());
-                        for(const xades::ObjectIdentifierType &policy: policySet.policyIdentifier())
-                            policies.push_back(policy.identifier());
+                        if(string_view identifier = policy/XMLName{"Identifier", XADES_NS}; !identifier.empty())
+                            policies.emplace_back(identifier);
                     }
                 }
             }
         }
     }
+    auto certs = serviceDigitalIdentity(info, s.name);
+    s.certs.insert(s.certs.cend(), make_move_iterator(certs.begin()), make_move_iterator(certs.end()));
 
-    for(const DigitalIdentityType &id: info.serviceDigitalIdentity().digitalId())
-    {
-        if(!id.x509Certificate())
-            continue;
-        const Base64Binary &base64 = id.x509Certificate().get();
-        s.certs.emplace_back((const unsigned char*)base64.data(), base64.size());
-    }
-
-    if(find(SERVICESTATUS_START, info.serviceStatus()))
-        s.validity.emplace(date::xsd2time_t(info.statusStartingTime()), std::move(qualifiers));
-    else if(find(SERVICESTATUS_END, info.serviceStatus()))
-        s.validity.emplace(date::xsd2time_t(info.statusStartingTime()), nullopt);
+    if(string_view serviceStatus = info/"ServiceStatus"; contains(SERVICESTATUS_START, serviceStatus))
+        s.validity.emplace(info/"StatusStartingTime", std::move(qualifiers));
+    else if(contains(SERVICESTATUS_END, serviceStatus))
+        s.validity.emplace(info/"StatusStartingTime", nullopt);
     else
-        DEBUG("Unknown service status %s", info.serviceStatus().c_str());
+        DEBUG("Unknown service status %s", serviceStatus.data());
     return true;
 }
 
+string TSL::path() const
+{
+    return get() && get()->name ? string(get()->name) : string();
+}
+
 vector<string> TSL::pivotURLs() const
 {
-    if(!tsl)
+    if(!*this)
         return {};
-    string current(File::fileName(path));
-    size_t pos = current.find_first_of('.');
-    if(current.find("pivot") != string::npos && pos != string::npos)
-        current.resize(pos);
+    auto current = File::fileName(path());
+    if(size_t pos = current.find_first_of('.');
+        current.find("pivot") != string::npos && pos != string::npos)
+        current = current.substr(0, pos);
     vector<string> result;
-    for(const auto &uri: tsl->schemeInformation().schemeInformationURI().uRI())
+    for(auto uriNode = schemeInformation/"SchemeInformationURI"/"URI"; uriNode; uriNode++)
     {
-        if(uri.lang() == "en" && uri.find("pivot") != string::npos && uri.find(current) == string::npos)
-            result.push_back(uri);
+        if(uriNode.property("lang", XML_NS) != "en")
+            continue;
+        if(string_view uri = uriNode; uri.find("pivot") != string::npos && uri.find(current) == string::npos)
+            result.emplace_back(uri);
     }
     return result;
 }
 
 vector<TSL::Pointer> TSL::pointers() const
 {
-    if(!find(SCHEMES_URI, type()) || !tsl->schemeInformation().pointersToOtherTSL())
+    if(!contains(SCHEMES_URI, type()))
         return {};
     vector<Pointer> pointer;
-    for(const OtherTSLPointersType::OtherTSLPointerType &other:
-        tsl->schemeInformation().pointersToOtherTSL()->otherTSLPointer())
+    for(auto other = schemeInformation/"PointersToOtherTSL"/"OtherTSLPointer"; other; other++)
     {
-        if(!other.additionalInformation() ||
-           other.additionalInformation()->mimeType() != "application/vnd.etsi.tsl+xml")
-            continue;
         Pointer p;
-        p.territory = other.additionalInformation()->schemeTerritory();
-        p.location = string(other.tSLLocation());
+        string_view mimeType;
+        for(auto info = other/"AdditionalInformation"/"OtherInformation"; info; info++)
+        {
+            if(auto mime = info/XMLName{"MimeType", ADD_NS})
+                mimeType = mime;
+            if(auto territory = info/"SchemeTerritory")
+                p.territory = territory;
+        }
+        if(mimeType != "application/vnd.etsi.tsl+xml")
+            continue;
+        p.location = other/"TSLLocation";
         p.certs = serviceDigitalIdentities(other, p.territory);
         if(!p.certs.empty())
             pointer.push_back(std::move(p));
@@ -468,55 +433,53 @@ vector<TSL::Pointer> TSL::pointers() const
 
 unsigned long long TSL::sequenceNumber() const
 {
-    return !tsl ? 0 : tsl->schemeInformation().tSLSequenceNumber();
+    unsigned long long value{};
+    if(string_view num = schemeInformation/"TSLSequenceNumber"; !num.empty())
+        from_chars(num.data(), num.data() + num.size(), value);
+    return value;
 }
 
-vector<X509Cert> TSL::serviceDigitalIdentities(const tsl::OtherTSLPointerType &other, string_view region)
+vector<X509Cert> TSL::serviceDigitalIdentity(XMLNode service, string_view ctx)
 {
     vector<X509Cert> result;
-    if(!other.serviceDigitalIdentities())
-        return result;
-    for(const auto &service: other.serviceDigitalIdentities()->serviceDigitalIdentity())
+    for(auto serviceID = service/"ServiceDigitalIdentity"; serviceID; serviceID++)
     {
-        for(const auto &digitalID: service.digitalId())
+        for(auto id = serviceID/"DigitalId"; id; id++)
         {
-            if(!digitalID.x509Certificate())
+            vector<unsigned char> cert = id/"X509Certificate";
+            if(cert.empty())
                 continue;
-            const Base64Binary &base64 = digitalID.x509Certificate().get();
             try {
-                result.emplace_back((const unsigned char*)base64.data(), base64.size());
+                result.emplace_back(cert);
                 continue;
             } catch(const Exception &e) {
-                DEBUG("Failed to parse %s certificate, Testing also parse as PEM: %s", region.data(), e.msg().c_str());
+                DEBUG("Failed to parse %.*s certificate, Testing also parse as PEM: %s", int(ctx.size()), ctx.data(), e.msg().c_str());
             }
             try {
-                result.emplace_back((const unsigned char*)base64.data(), base64.size(), X509Cert::Pem);
+                result.emplace_back(cert, X509Cert::Pem);
             } catch(const Exception &e) {
-                DEBUG("Failed to parse %s certificate as PEM: %s", region.data(), e.msg().c_str());
+                DEBUG("Failed to parse %.*s certificate as PEM: %s", int(ctx.size()), ctx.data(), e.msg().c_str());
             }
         }
     }
     return result;
 }
 
+vector<X509Cert> TSL::serviceDigitalIdentities(XMLNode other, string_view ctx)
+{
+    return serviceDigitalIdentity(other/"ServiceDigitalIdentities", ctx);
+}
+
 X509Cert TSL::signingCert() const
 {
-    if(!tsl ||
-        !tsl->signature() ||
-        !tsl->signature()->keyInfo() ||
-        tsl->signature()->keyInfo()->x509Data().empty() ||
-        tsl->signature()->keyInfo()->x509Data().front().x509Certificate().empty())
-        return X509Cert();
-    const Base64Binary &base64 = tsl->signature()->keyInfo()->x509Data().front().x509Certificate().front();
-    return X509Cert((const unsigned char*)base64.data(), base64.size());
+    vector<unsigned char> cert = (*this)/XMLName{"Signature", DSIG_NS}/"KeyInfo"/"X509Data"/"X509Certificate";
+    return cert.empty() ? X509Cert() : X509Cert(cert);
 }
 
 vector<X509Cert> TSL::signingCerts() const
 {
     vector<X509Cert> result;
-    if(!tsl || !tsl->schemeInformation().pointersToOtherTSL())
-        return result;
-    for(const auto &other: tsl->schemeInformation().pointersToOtherTSL()->otherTSLPointer())
+    for(auto other = schemeInformation/"PointersToOtherTSL"/"OtherTSLPointer"; other; other++)
     {
         vector<X509Cert> certs = serviceDigitalIdentities(other, "pivot");
         result.insert(result.cend(), make_move_iterator(certs.begin()), make_move_iterator(certs.end()));
@@ -524,80 +487,38 @@ vector<X509Cert> TSL::signingCerts() const
     return result;
 }
 
-string TSL::territory() const
+string_view TSL::territory() const noexcept
 {
-    return !tsl || !tsl->schemeInformation().schemeTerritory() ?
-        string() : tsl->schemeInformation().schemeTerritory().get();
+    return schemeInformation/"SchemeTerritory";
 }
 
-string_view TSL::toString(const InternationalNamesType &obj, string_view lang)
+string_view TSL::toString(XMLNode obj, string_view lang) noexcept
 {
-    for(const InternationalNamesType::NameType &name: obj.name())
-        if(name.lang() == lang)
-            return name;
-    return obj.name().front();
+    for(auto n = obj/"Name"; n; n++)
+        if(n.property("lang", XML_NS) == lang)
+            return n;
+    return obj/"Name";
 }
 
-string_view TSL::type() const
+string_view TSL::type() const noexcept
 {
-    return !tsl ? string_view() : tsl->schemeInformation().tSLType();
+    return schemeInformation/"TSLType";
 }
 
-string TSL::url() const
+string_view TSL::url() const noexcept
 {
-    if(!tsl)
-        return {};
-    const TSLSchemeInformationType &info = tsl->schemeInformation();
-    if(!info.distributionPoints() || info.distributionPoints().get().uRI().empty())
-        return {};
-    return info.distributionPoints().get().uRI().front();
+    return schemeInformation/"DistributionPoints"/"URI";
 }
 
-void TSL::validate(const X509Cert &cert) const
+void TSL::validate() const
 {
-    if(!tsl)
+    if(!*this)
         THROW("Failed to parse XML");
-    if(!cert)
-        THROW("TSL empty signing certificate");
-
-    try {
-        XSECProvider prov;
-        auto deleteSig = [&](DSIGSignature *s) { prov.releaseSignature(s); };
-        unique_ptr<DSIGSignature, decltype(deleteSig)> sig(prov.newSignatureFromDOM(tsl->_node()->getOwnerDocument()), deleteSig);
-        sig->setSigningKey(OpenSSLCryptoX509(cert.handle()).clonePublicKey());
-        sig->registerIdAttributeName((const XMLCh*)u"ID");
-        sig->setIdByAttributeName(true);
-        sig->load();
-        if(!sig->verify())
-        {
-            try {
-                string result = xsd::cxx::xml::transcode<char>(sig->getErrMsgs());
-                THROW("TSL %s Signature is invalid: %s", territory().c_str(), result.c_str());
-            } catch(const xsd::cxx::xml::invalid_utf16_string & /* ex */) {
-                THROW("TSL %s Signature is invalid", territory().c_str());
-            }
-        }
-    }
-    catch(const XSECException &e)
-    {
-        try {
-            string result = xsd::cxx::xml::transcode<char>(e.getMsg());
-            THROW("TSL %s Signature is invalid: %s", territory().c_str(), result.c_str());
-        } catch(const xsd::cxx::xml::invalid_utf16_string & /* ex */) {
-            THROW("TSL %s Signature is invalid", territory().c_str());
-        }
-    }
-    catch(const xsd::cxx::xml::invalid_utf16_string & /* ex */) {
-        THROW("Failed to parse XML.");
-    }
-    catch(const Exception &)
-    {
-        throw;
-    }
-    catch(...)
-    {
-        THROW("TSL %s Signature is invalid", territory().c_str());
-    }
+    auto signature = (*this)/XMLName{"Signature", DSIG_NS};
+    if(!signature)
+        THROW("TSL %s Failed to verify signature", territory().data());
+    if(!XMLDocument::verifySignature(signature))
+        THROW("TSL %s Signature is invalid", territory().data());
 }
 
 void TSL::validate(const vector<X509Cert> &certs, int recursion) const
@@ -606,21 +527,20 @@ void TSL::validate(const vector<X509Cert> &certs, int recursion) const
         THROW("PIVOT TSL recursion parsing limit");
     if(certs.empty())
         THROW("TSL trusted signing certificates empty");
-    X509Cert cert = signingCert();
-    if(find(certs.cbegin(), certs.cend(), cert) != certs.cend())
+    if(contains(certs, signingCert()))
     {
-        validate(cert);
+        validate();
         return;
     }
 
     vector<string> urls = pivotURLs();
     if(urls.empty())
-        THROW("TSL %s Signature is signed with untrusted certificate", territory().c_str());
+        THROW("TSL %s Signature is signed with untrusted certificate", territory().data());
 
     // https://ec.europa.eu/tools/lotl/pivot-lotl-explanation.html
     string path = File::path(CONF(TSLCache), File::fileName(urls[0]));
     TSL pivot(path);
-    if(!pivot.tsl)
+    if(!pivot)
     {
         string etag = fetch(urls[0], path);
         ofstream(File::encodeName(path + ".etag"), ofstream::trunc) << etag;
@@ -654,7 +574,7 @@ bool TSL::validateETag(const string &url)
         return validateRemoteDigest(url);
 
     DEBUG("Remote ETag: %s", it->second.c_str());
-    ifstream is(File::encodeName(path + ".etag"));
+    ifstream is(File::encodeName(path() + ".etag"));
     if(!is.is_open())
         THROW("Cached ETag does not exist");
     string etag(it->second.size(), 0);
@@ -696,7 +616,7 @@ bool TSL::validateRemoteDigest(const string &url)
 
     Digest sha(URI_RSA_SHA256);
     array<unsigned char, 10240> buf{};
-    ifstream is(path, ifstream::binary);
+    ifstream is(path(), ifstream::binary);
     while(is)
     {
         is.read((char*)buf.data(), streamsize(buf.size()));
@@ -705,6 +625,6 @@ bool TSL::validateRemoteDigest(const string &url)
     }
 
     if(!digest.empty() && digest != sha.result())
-        THROW("TSL %s remote digest does not match local. TSL might be outdated", territory().c_str());
+        THROW("TSL %s remote digest does not match local. TSL might be outdated", territory().data());
     return true;
 }
diff --git a/src/crypto/TSL.h b/src/crypto/TSL.h
index 9ee0b00f8..ac5029fe2 100644
--- a/src/crypto/TSL.h
+++ b/src/crypto/TSL.h
@@ -21,34 +21,36 @@
 
 #include "X509Cert.h"
 
+#include "XMLDocument.h"
+
 #include <map>
 #include <optional>
 
 namespace digidoc
 {
+struct XMLNode;
 class Exception;
-namespace tsl { class TrustStatusListType; class InternationalNamesType; class OtherTSLPointerType; }
 
-class TSL
+class TSL: private XMLDocument
 {
 public:
     struct Qualifier { std::vector<std::string> qualifiers; std::vector<std::vector<std::string>> policySet; std::vector<std::map<X509Cert::KeyUsage,bool>> keyUsage; std::string assert_; };
     using Qualifiers = std::optional<std::vector<Qualifier>>;
-    struct Service { std::vector<X509Cert> certs; std::map<time_t,Qualifiers> validity; std::string type, additional, name; };
+    struct Service { std::vector<X509Cert> certs; std::map<std::string,Qualifiers> validity; std::string type, additional, name; };
     struct Pointer { std::string territory, location; std::vector<X509Cert> certs; };
 
-    TSL(std::string file = {});
+    TSL(const std::string &file = {});
     bool isExpired() const;
-    void validate(const X509Cert &cert) const;
+    void validate() const;
     void validate(const std::vector<X509Cert> &certs, int recursion = 0) const;
 
-    std::string_view type() const;
-    std::string_view operatorName() const;
-    std::string territory() const;
+    std::string_view type() const noexcept;
+    std::string_view operatorName() const noexcept;
+    std::string_view territory() const noexcept;
     unsigned long long sequenceNumber() const;
-    std::string issueDate() const;
-    std::string nextUpdate() const;
-    std::string url() const;
+    std::string_view issueDate() const noexcept;
+    std::string_view nextUpdate() const noexcept;
+    std::string_view url() const noexcept;
 
     std::vector<Pointer> pointers() const;
     std::vector<Service> services() const;
@@ -57,6 +59,7 @@ class TSL
     static std::vector<Service> parse();
 
 private:
+    std::string path() const;
     std::vector<std::string> pivotURLs() const;
     X509Cert signingCert() const;
     std::vector<X509Cert> signingCerts() const;
@@ -68,14 +71,12 @@ class TSL
     static std::vector<Service> parse(const std::string &url, const std::vector<X509Cert> &certs,
         const std::string &cache, const std::string &territory);
     static TSL parseTSL(const std::string &url, const std::vector<X509Cert> &certs,
-        const std::string &cache, const std::string &territory);
-    template<class Info>
-    static bool parseInfo(const Info &info, Service &s);
-    static std::vector<X509Cert> serviceDigitalIdentities(const tsl::OtherTSLPointerType &other,
-        std::string_view region);
-    static std::string_view toString(const tsl::InternationalNamesType &obj, std::string_view lang = "en");
+        const std::string &cache, const std::string &territory) ;
+    static bool parseInfo(XMLNode info, Service &s);
+    static std::vector<X509Cert> serviceDigitalIdentity(XMLNode other, std::string_view ctx);
+    static std::vector<X509Cert> serviceDigitalIdentities(XMLNode other, std::string_view ctx);
+    static std::string_view toString(XMLNode obj, std::string_view lang = "en") noexcept;
 
-    std::shared_ptr<tsl::TrustStatusListType> tsl;
-    std::string path;
+    XMLNode schemeInformation;
 };
 }
diff --git a/src/crypto/X509CertStore.cpp b/src/crypto/X509CertStore.cpp
index 36e11953e..083b49c87 100644
--- a/src/crypto/X509CertStore.cpp
+++ b/src/crypto/X509CertStore.cpp
@@ -24,7 +24,6 @@
 #include "crypto/OpenSSLHelpers.h"
 #include "crypto/TSL.h"
 #include "util/DateTime.h"
-#include "util/File.h"
 #include "util/log.h"
 
 #include <openssl/conf.h>
@@ -32,7 +31,6 @@
 #include <openssl/x509v3.h>
 
 #include <algorithm>
-#include <iomanip>
 
 using namespace digidoc;
 using namespace std;
@@ -80,7 +78,7 @@ X509CertStore::~X509CertStore() = default;
 
 void X509CertStore::activate(const X509Cert &cert) const
 {
-    if(std::max(TSL::activate(cert.issuerName("C")), TSL::activate(cert.subjectName("C"))))
+    if(std::max<bool>(TSL::activate(cert.issuerName("C")), TSL::activate(cert.subjectName("C"))))
         d->update();
 }
 
@@ -197,7 +195,7 @@ int X509CertStore::validate(int ok, X509_STORE_CTX *ctx, const Type &type)
         X509_VERIFY_PARAM *param = X509_STORE_CTX_get0_param(ctx);
         if(!(X509_VERIFY_PARAM_get_flags(param) & X509_V_FLAG_USE_CHECK_TIME) || s.validity.empty())
             return 1;
-        auto current = X509_VERIFY_PARAM_get_time(param);
+        auto current = util::date::to_string(X509_VERIFY_PARAM_get_time(param));
         for(auto i = s.validity.crbegin(), end = s.validity.crend(); i != end; ++i)
         {
             if(current >= i->first)
diff --git a/src/util/DateTime.cpp b/src/util/DateTime.cpp
index 45b0a0f67..4aff7acd5 100644
--- a/src/util/DateTime.cpp
+++ b/src/util/DateTime.cpp
@@ -50,6 +50,11 @@ time_t date::mkgmtime(struct tm &t)
 #endif
 }
 
+string date::to_string(time_t t)
+{
+    return to_string(gmtime(t));
+}
+
 string date::to_string(const tm &date)
 {
     static const tm zero{};
diff --git a/src/util/DateTime.h b/src/util/DateTime.h
index b58c9c202..6a8146cdb 100644
--- a/src/util/DateTime.h
+++ b/src/util/DateTime.h
@@ -33,6 +33,7 @@ namespace digidoc
         public:
             static struct tm gmtime(time_t t);
             static time_t mkgmtime(struct tm &t);
+            static std::string to_string(time_t t);
             static std::string to_string(const tm &date);
             static std::string to_string(const xml_schema::DateTime &time);
             static time_t xsd2time_t(const xml_schema::DateTime &time);
diff --git a/src/xml/AdditionalInformationType.cpp b/src/xml/AdditionalInformationType.cpp
deleted file mode 100644
index 2e771e390..000000000
--- a/src/xml/AdditionalInformationType.cpp
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * libdigidocpp
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- *
- */
-
-#include "AdditionalInformationType.h"
-
-#include <xsd/cxx/xml/dom/parsing-source.hxx>
-#include <xsd/cxx/xml/dom/serialization-source.hxx>
-
-using namespace digidoc::tsl;
-using namespace std;
-using namespace xercesc;
-using namespace xml_schema;
-
-AdditionalInformationType::AdditionalInformationType()
-    : AdditionalInformationTypeBase()
-{
-}
-
-AdditionalInformationType::AdditionalInformationType(const AdditionalInformationType &x, Flags f, Container *c)
-    : AdditionalInformationTypeBase(x, f, c)
-{
-}
-
-AdditionalInformationType::AdditionalInformationType(const DOMElement &e, Flags f, Container *c)
-    : AdditionalInformationTypeBase(e, f, c)
-{
-    xsd::cxx::xml::dom::parser<char> p(e, true, false, true);
-    for (; p.more_content(); p.next_content(false))
-    {
-        const DOMElement &i(p.cur_element());
-        const xsd::cxx::xml::qualified_name<char> n(xsd::cxx::xml::dom::name<char>(i));
-        if(n.name() == "OtherInformation" && n.namespace_() == "http://uri.etsi.org/02231/v2#")
-        {
-            DOMElement *elem = i.getFirstElementChild();
-            const xsd::cxx::xml::qualified_name<char> n2(xsd::cxx::xml::dom::name<char>(*elem));
-            if(n2.name() == "MimeType")// && n.namespace_() == "http://uri.etsi.org/02231/v2/additionaltypes#")
-                mimeType_ = xsd::cxx::xml::transcode<char>(elem->getTextContent());
-            if(n2.name() == "SchemeTerritory")
-                schemeTerritory_ = xsd::cxx::xml::transcode<char>(elem->getTextContent());
-        }
-    }
-}
-
-AdditionalInformationType::~AdditionalInformationType()
-{
-}
-
-AdditionalInformationType* AdditionalInformationType::_clone(Flags f, Container *c) const
-{
-    return new class AdditionalInformationType(*this, f, c);
-}
-
-std::string AdditionalInformationType::mimeType() const
-{
-    return mimeType_;
-}
-
-std::string AdditionalInformationType::schemeTerritory() const
-{
-    return schemeTerritory_;
-}
-
-void digidoc::tsl::operator<< (DOMElement &e, const AdditionalInformationType &i)
-{
-    e << static_cast<const AdditionalInformationTypeBase&>(i);
-}
-
diff --git a/src/xml/AdditionalInformationType.h b/src/xml/AdditionalInformationType.h
deleted file mode 100644
index 4717e3bb7..000000000
--- a/src/xml/AdditionalInformationType.h
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * libdigidocpp
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- *
- */
-
-#pragma once
-
-#include "xml/ts_119612v020201_201601xsd.hxx"
-
-namespace digidoc {
-namespace tsl {
-
-class AdditionalInformationType: public AdditionalInformationTypeBase
-{
-public:
-    AdditionalInformationType();
-    AdditionalInformationType(const xercesc::DOMElement &e, xml_schema::Flags f = 0, xml_schema::Container *c = 0);
-    AdditionalInformationType(const AdditionalInformationType &x, xml_schema::Flags f = 0, xml_schema::Container *c = 0);
-    virtual ~AdditionalInformationType();
-
-    virtual AdditionalInformationType* _clone(xml_schema::Flags f = 0, xml_schema::Container *c = 0) const;
-
-    std::string mimeType() const;
-    std::string schemeTerritory() const;
-
-private:
-    std::string mimeType_;
-    std::string schemeTerritory_;
-};
-
-void operator<< (xercesc::DOMElement&, const AdditionalInformationType&);
-
-}
-}
diff --git a/src/xml/ExtensionType.cpp b/src/xml/ExtensionType.cpp
deleted file mode 100644
index 26e0ebf65..000000000
--- a/src/xml/ExtensionType.cpp
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * libdigidocpp
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- *
- */
-
-#include "ExtensionType.h"
-
-#include <xsd/cxx/xml/dom/parsing-source.hxx>
-#include <xsd/cxx/xml/dom/serialization-source.hxx>
-
-using namespace digidoc::tsl;
-using namespace xercesc;
-using namespace xml_schema;
-using namespace xsd::cxx::xml;
-using namespace xsd::cxx::xml::dom;
-
-#ifdef _WIN32
-#pragma warning( disable: 4355 )
-#endif
-
-ExtensionType::ExtensionType(const CriticalType &x)
-    : ExtensionTypeBase(x)
-    , ExpiredCertsRevocationInfo_(this)
-    , TakenOverByType_(this)
-    , QualificationsType_(this)
-    , AdditionalServiceInformationType_(this)
-{
-}
-
-ExtensionType::ExtensionType(const ExtensionType &x, Flags f, Container *c)
-    : ExtensionTypeBase(x, f, c)
-    , ExpiredCertsRevocationInfo_(x.ExpiredCertsRevocationInfo_, f, this)
-    , TakenOverByType_(x.TakenOverByType_, f, this)
-    , QualificationsType_(x.QualificationsType_, f, this)
-    , AdditionalServiceInformationType_(x.AdditionalServiceInformationType_, f, this)
-{
-}
-
-ExtensionType::ExtensionType(const DOMElement &e, Flags f, Container *c)
-    : ExtensionTypeBase(e, f | Flags::base, c)
-    , ExpiredCertsRevocationInfo_(this)
-    , TakenOverByType_(this)
-    , QualificationsType_(this)
-    , AdditionalServiceInformationType_(this)
-{
-    parser<char> p(e, true, false, true);
-    for (; p.more_content(); p.next_content(false))
-    {
-        const DOMElement &i(p.cur_element());
-        const qualified_name<char> n(name<char>(i));
-
-        if(n.name() == "ExpiredCertsRevocationInfo" && n.namespace_() == "http://uri.etsi.org/02231/v2#")
-        {
-            std::unique_ptr<ExpiredCertsRevocationInfo> r(ExpiredCertsRevocationInfoTraits::create(i, f, this));
-            if(!this->ExpiredCertsRevocationInfo_.present())
-                this->ExpiredCertsRevocationInfo_.set(std::move(r));
-            continue;
-        }
-
-        if(n.name() == "TakenOverBy" && n.namespace_() == "http://uri.etsi.org/02231/v2/additionaltypes#")
-        {
-            std::unique_ptr<TakenOverByType> r(TakenOverByTypeTraits::create(i, f, this));
-            if(!this->TakenOverByType_.present())
-                this->TakenOverByType_.set(std::move(r));
-            continue;
-        }
-
-        if(n.name() == "Qualifications" && n.namespace_() == "http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#")
-        {
-            std::unique_ptr<QualificationsType> r(QualificationsTypeTraits::create(i, f, this));
-            if(!this->QualificationsType_.present())
-                this->QualificationsType_.set(std::move(r));
-            continue;
-        }
-
-        if(n.name() == "AdditionalServiceInformation" && n.namespace_() == "http://uri.etsi.org/02231/v2#")
-        {
-            std::unique_ptr<AdditionalServiceInformationType> r(AdditionalServiceInformationTypeTraits::create(i, f, this));
-            if(!this->AdditionalServiceInformationType_.present())
-                this->AdditionalServiceInformationType_.set(std::move(r));
-            continue;
-        }
-
-        break;
-    }
-}
-
-ExtensionType::~ExtensionType() = default;
-
-ExtensionType* ExtensionType::_clone(Flags f, Container *c) const
-{
-    return new class ExtensionType(*this, f, c);
-}
-
-const ExtensionType::ExpiredCertsRevocationInfoOptional& ExtensionType::expiredCertsRevocationInfo() const
-{
-    return ExpiredCertsRevocationInfo_;
-}
-
-const ExtensionType::TakenOverByOptional& ExtensionType::takenOverByType() const
-{
-    return TakenOverByType_;
-}
-
-const ExtensionType::QualificationsOptional& ExtensionType::qualificationsType() const
-{
-    return QualificationsType_;
-}
-
-const ExtensionType::AdditionalServiceInformationOptional& ExtensionType::additionalServiceInformationType() const
-{
-    return AdditionalServiceInformationType_;
-}
diff --git a/src/xml/ExtensionType.h b/src/xml/ExtensionType.h
deleted file mode 100644
index 888fa9a0c..000000000
--- a/src/xml/ExtensionType.h
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
- * libdigidocpp
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
- *
- */
-
-#pragma once
-
-#include "xml/ts_119612v020201_201601xsd.hxx"
-#include "xml/ts_119612v020101_additionaltypes_xsd.hxx"
-#include "xml/ts_119612v020101_sie_xsd.hxx"
-
-namespace digidoc {
-namespace tsl {
-
-class ExtensionType: public ExtensionTypeBase
-{
-public:
-    typedef ::xml_schema::DateTime ExpiredCertsRevocationInfo;
-
-    typedef ::xsd::cxx::tree::optional<ExpiredCertsRevocationInfo> ExpiredCertsRevocationInfoOptional;
-    typedef ::xsd::cxx::tree::traits<ExpiredCertsRevocationInfo, char> ExpiredCertsRevocationInfoTraits;
-    const ExpiredCertsRevocationInfoOptional& expiredCertsRevocationInfo() const;
-
-    typedef ::xsd::cxx::tree::optional<TakenOverByType> TakenOverByOptional;
-    typedef ::xsd::cxx::tree::traits<TakenOverByType, char> TakenOverByTypeTraits;
-    const TakenOverByOptional& takenOverByType() const;
-
-    typedef ::xsd::cxx::tree::optional<QualificationsType> QualificationsOptional;
-    typedef ::xsd::cxx::tree::traits<QualificationsType, char> QualificationsTypeTraits;
-    const QualificationsOptional& qualificationsType() const;
-
-    typedef ::xsd::cxx::tree::optional<AdditionalServiceInformationType> AdditionalServiceInformationOptional;
-    typedef ::xsd::cxx::tree::traits<AdditionalServiceInformationType, char> AdditionalServiceInformationTypeTraits;
-    const AdditionalServiceInformationOptional& additionalServiceInformationType() const;
-
-    ExtensionType(const CriticalType &x);
-    ExtensionType(const xercesc::DOMElement& e, xml_schema::Flags f = 0, xml_schema::Container* c = 0);
-    ExtensionType(const ExtensionType& x, xml_schema::Flags f = 0, xml_schema::Container* c = 0);
-    virtual ~ExtensionType();
-
-    virtual ExtensionType* _clone(xml_schema::Flags f = 0, xml_schema::Container* c = 0) const;
-
-protected:
-    ExpiredCertsRevocationInfoOptional ExpiredCertsRevocationInfo_;
-    TakenOverByOptional TakenOverByType_;
-    QualificationsOptional QualificationsType_;
-    AdditionalServiceInformationOptional AdditionalServiceInformationType_;
-};
-
-}
-}
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 4252b8267..5f96be6ee 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -29,15 +29,15 @@ add_test(NAME TSLTest_CA-non-qa
     WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src
 )
 add_test(NAME TSLTest_CA-withdrawn
-    COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-CA-withdrawn.xml good ${CMAKE_CURRENT_SOURCE_DIR}/data
+    COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-CA-withdrawn.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data
     WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src
 )
 add_test(NAME TSLTest_CA-withdrawn-granted-before
     COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-CA-withdrawn-granted-before.xml good ${CMAKE_CURRENT_SOURCE_DIR}/data
     WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src
 )
-add_test(NAME TSLTest_CA-withdrawn-granted-after
-    COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-CA-withdrawn-granted-after.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data
+add_test(NAME TSLTest_CA-withdrawn-granted-later
+    COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-CA-withdrawn-granted-later.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data
     WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src
 )
 add_test(NAME TSLTest_OCSP-invalid-type
@@ -52,8 +52,8 @@ add_test(NAME TSLTest_OCSP-withdrawn-granted-before
     COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-OCSP-withdrawn-granted-before.xml good ${CMAKE_CURRENT_SOURCE_DIR}/data
     WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src
 )
-add_test(NAME TSLTest_OCSP-withdrawn-granted-after
-    COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-OCSP-withdrawn-granted-after.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data
+add_test(NAME TSLTest_OCSP-withdrawn-granted-later
+    COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-OCSP-withdrawn-granted-later.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data
     WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src
 )
 add_test(NAME TSLTest_TSA-invalid-type
@@ -68,8 +68,8 @@ add_test(NAME TSLTest_TSA-withdrawn-granted-before
     COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-TSA-withdrawn-granted-before.xml good ${CMAKE_CURRENT_SOURCE_DIR}/data
     WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src
 )
-add_test(NAME TSLTest_TSA-withdrawn-granted-after
-    COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-TSA-withdrawn-granted-after.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data
+add_test(NAME TSLTest_TSA-withdrawn-granted-later
+    COMMAND ${CMAKE_CURRENT_BINARY_DIR}/TSLTests -- EE_T-TSA-withdrawn-granted-later.xml bad ${CMAKE_CURRENT_SOURCE_DIR}/data
     WORKING_DIRECTORY ${CMAKE_BINARY_DIR}/src
 )
 add_test(NAME TSLTest_EE_T-no_QCStatement
diff --git a/test/data/EE_T-CA-non-qa.xml b/test/data/EE_T-CA-non-qa.xml
new file mode 100644
index 000000000..801fe0d5f
--- /dev/null
+++ b/test/data/EE_T-CA-non-qa.xml
@@ -0,0 +1,688 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?><TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:ecc="http://uri.etsi.org/TrstSvc/SvcInfoExt/eSigDir-1999-93-EC-TrustedList/#" xmlns:tslx="http://uri.etsi.org/02231/v2/additionaltypes#" xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" Id="TEST-EE" TSLTag="http://uri.etsi.org/02231/TSLTag">
+   <SchemeInformation>
+      <TSLVersionIdentifier>5</TSLVersionIdentifier>
+      <TSLSequenceNumber>8</TSLSequenceNumber>
+      <TSLType>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUgeneric</TSLType>
+      <SchemeOperatorName>
+         <Name xml:lang="en">Information System Authority</Name>
+      </SchemeOperatorName>
+      <SchemeOperatorAddress>
+         <PostalAddresses>
+            <PostalAddress xml:lang="en">
+               <StreetAddress>139A Pärnu mnt</StreetAddress>
+               <Locality>Tallinn</Locality>
+               <StateOrProvince>Harjumaa</StateOrProvince>
+               <PostalCode>15169</PostalCode>
+               <CountryName>EE</CountryName>
+            </PostalAddress>
+         </PostalAddresses>
+         <ElectronicAddress>
+            <URI xml:lang="en">mailto:ria@ria.ee</URI>
+            <URI xml:lang="en">https://www.ria.ee</URI>
+         </ElectronicAddress>
+      </SchemeOperatorAddress>
+      <SchemeName>
+         <Name xml:lang="en">EE:Supervision/Accreditation Status List of test certification services</Name>
+      </SchemeName>
+      <SchemeInformationURI>
+         <URI xml:lang="en">https://open-eid.github.io/test-TL/</URI>
+      </SchemeInformationURI>
+      <StatusDeterminationApproach>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/StatusDetn/EUappropriate</StatusDeterminationApproach>
+      <SchemeTypeCommunityRules>
+         <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EUcommon</URI>
+         <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EE</URI>
+      </SchemeTypeCommunityRules>
+      <SchemeTerritory>EE_T</SchemeTerritory>
+      <PolicyOrLegalNotice>
+         <TSLLegalNotice xml:lang="en">The present TSL implementation of test certificates is not applicable to any legal frameworks</TSLLegalNotice>
+      </PolicyOrLegalNotice>
+      <HistoricalInformationPeriod>65535</HistoricalInformationPeriod>
+      <PointersToOtherTSL>
+         <OtherTSLPointer>
+            <ServiceDigitalIdentities>
+               <ServiceDigitalIdentity>
+                  <DigitalId>
+                     <X509Certificate>MIIEvDCCAqQCCQC/HGif/u6k6TANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UEAxMIVGVzdCBUU0wwHhcNMTQwNjI1MDkxMDMwWhcNMTUwNjI1MDkxMDMwWjAgMQswCQYDVQQGEwJFRTERMA8GA1UEAxMIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCU3NdeUa4xMF78VfYPGDDGC4yd2bYboF4C2R7mfUcoaIGOZ4VCShl9ojjQY0a4/7QEI5FPDwvziydN9UFlCRYmb7YrANXL1WS71aLapLM9KuT6e0siFgh1HLeZA0YcdL7opRCVAKxejHuWShuRdvJsNXiv/nKg35I6NPW5OP7IM4HR71CqGcWgtlFkL7sqs943vccpLZa23XQcAfngW0VdPSxuz4R/kzNkIFXBjrPSpjR74006e9csrKxJmebKfGqIIOu0waFVmXsWbj46p05PLpfsVX+lJ8O9CVtq0p4R4BzcUHh4zLJpUDZlRcK0t64EjTSnH4OgEP+qH/zhBxDb8maCRqyZT7iY6e/VBbfwub7ZhNzAnPYd7yGbBz7PIBWEqDNLtTBVq7rlYd63ap2TEvXKczh50IJEM8DTdAWpHG6iRcB17nqxI3U8iq/bPVhcT/OW4Dhb9ZdEllJzCgvpDpv/yBZ/F1tggQwrtjZ4cvZ6AXt+Bb5j5vZpcxbl1Q/2a4dcFMCXfxuuoboXPlFY1ElQGiF3oOV/iVRBNn6gnv0b3+qB1sQlLii4nS/fxwAehsH5z3m4fuLgZKfT9AcpR1e8jJQLJne0dTX0spc1yOVi8nv/PvpZGh3OI/rZfGP2pUU4RQnV96Fw/VBeYFv48+mcwMta+HpaaNTNvmzhQIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQB9gBvNxbsw/iGCXlbqrqZMjvvMqJVEsSIYe7Hb3mBiPAw50zxBTVXPY9nq5P2nD1hWK/sQMLVTbhQ/rSbiiEzMizEEhMAj5NzLrGm5qDFJeJjvqvsV+IehO9E4sKZ5GI9lhbuOcPo5N1YGSDrtqJpPPKhSv4TeOtl7Y1uCSMq8R9Y3XjNBqv0BsdlnMq6ugBQ74eiOwrIdy2jCIbzNn9ZJtbTiOnVSlaywMiaRkjslkajnFDvMj3pmh9R9/r+/cGMosCVMEqxFYcNjn2CU1S9mslnZb2U/LBYm/WhHF3V1PDN56NaIgBVJAXOJgeQGKvDKHddDMjavSanXQbZeEaikH8znON+HiasNVG/Y7ZBMQTcoWJZ23q07tDQSXCDfgl1AhhaAxgsCnf+yfwWaxHjhygx40VzJnEiBTzAVnqDGW0cezpRnP8huueen38ptKjI46JFR+CgW0ckyFpNtE5AaR0vJuJl8lSpAkXtmIC6iGxsnszV519MXZxpXI0QXAhZQmkw7HPvy/aWxqmX8yyy5Yh2en25631GHt5LtSc1iiGpX0/x+rAiRjDcU5AAEOB4XWF3+NSc7Tyl09trfisQcWp9vCEFSIAwhiErpMvmP+yK/Emh7nZwqU4ueAj3OvggqPsg0Soaixr/UQC9T+rIwifv1Bh2q+VXGqdLG62Ay5Q==</X509Certificate>
+                  </DigitalId>
+               </ServiceDigitalIdentity>
+               <ServiceDigitalIdentity>
+                  <DigitalId>
+                     <X509Certificate>MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UEAwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJFRTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0fYeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sTNS9U3WQYvY8bEstPZnaEvdQSSVRf4j9eVg+RTJ8Y4jjZ02GbLwrpELD2Qs+ohCl8e64G29qutchv6nJqOdbL5U+d6DKyrzSpZyMRPA+UmB78KsBTs0o3wME7IA9J37YgtpUZifcC4LdgTWrX2eBICGPqi7GGKzdnI5LDhCJZnHwzva+6lBwa8fW5aXQG69uPTFmd/pNNF6+8f2FcYGljQiD6FYVKAUfYRBlw9ymKaIbNmyh9bs71ezPrI4ltOLjmZLZFRouSIaeExfzj2FkWERNG/iAuEIRolyyXjqjiQIuiEi8uo6sg1cPrD59EuWtTcMzTxuhVU8Ra37F6DrMEipqh84zQcnT0i/RNk4K723aB9uWwHJgJ5Y2/6cbta7ZkYsfQfjBC4nBRVyUlBCpEFYNePbKttYF5Cf5FraMlGzAY0W/MSIUxvRmlkjCzBod4LA+K/hQxEiw7Xa8OAZfw9l9lmSnia+fgRz3fLKxg3yklw6rA/2aISb83uVRvxgqKym3EeJ/+CsOQpwOblEBxWfQizah1Ct4NhsuKLmBbopxAXLqz25E+3BvvsM4nuwWVfoyvTVXYQ+k4V/hj2iS5buJ5twIDAQABMA0GCSqGSIb3DQEBBQUAA4ICAQAGTw5MJurTeeWy+jQikGfivrxt9lzqt+uSV8D6V1GBzBAl8m4SqSY0U8KM/gtqh9bhmQwm0qgx/mKcDKzCUKajXPKm/NbR+pjZD9Lcx4Iy0iqi9rsxSKECGM2dYAmm7GXnXvz9QUxZjteTgYoRP2s6GfosvTQiUEr/cIrYAU3wC0/94pRb9/FLVVon/aVdsh+Dqb4j7BhKLzXNCNjkv1Sv/YL1zpe/2SPxe0Bfymys97lcu1DB01e/MLfqQJThYOblMte/zGNZO24HcvROIkyoUtYy5/H4F5rsamSGMNdBfauTtYxz7lOT7qQoDNyGMN9bfjWnkVi/lV2CVooeiHIs7wLWEhYmU9DiAzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzoYDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLLFh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYRG1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIbYBI4oaPjh2zKIrz/AlY2RmqMMA==</X509Certificate>
+                  </DigitalId>
+               </ServiceDigitalIdentity>
+            </ServiceDigitalIdentities>
+            <TSLLocation>https://open-eid.github.io/test-TL/tl-mp-test-EE.xml</TSLLocation>
+            <AdditionalInformation>
+               <OtherInformation>
+                  <TSLType>http://uri.etsi.org/TrstSvc/TrustedList/TSLType/EUlistofthelists</TSLType>
+               </OtherInformation>
+               <OtherInformation>
+                  <SchemeOperatorName>
+                     <Name xml:lang="en">Information System Authority</Name>
+                  </SchemeOperatorName>
+               </OtherInformation>
+               <OtherInformation>
+                  <SchemeTypeCommunityRules>
+                     <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/schemerules/EUlistofthelists</URI>
+                  </SchemeTypeCommunityRules>
+               </OtherInformation>
+               <OtherInformation>
+                  <SchemeTerritory>EE</SchemeTerritory>
+               </OtherInformation>
+               <OtherInformation>
+                  <tslx:MimeType>application/vnd.etsi.tsl+xml</tslx:MimeType>
+               </OtherInformation>
+            </AdditionalInformation>
+         </OtherTSLPointer>
+      </PointersToOtherTSL>
+      <ListIssueDateTime>2024-07-08T14:06:07Z</ListIssueDateTime>
+      <NextUpdate>
+         <dateTime>2027-08-20T21:00:00Z</dateTime>
+      </NextUpdate>
+      <DistributionPoints>
+         <URI>https://open-eid.github.io/test-TL/EE_T.xml</URI>
+      </DistributionPoints>
+   </SchemeInformation>
+   <TrustServiceProviderList>
+      <TrustServiceProvider>
+         <TSPInformation>
+            <TSPName>
+               <Name xml:lang="en">AS Sertifitseerimiskeskus</Name>
+            </TSPName>
+            <TSPTradeName>
+               <Name xml:lang="en">SK</Name>
+            </TSPTradeName>
+            <TSPAddress>
+               <PostalAddresses>
+                  <PostalAddress xml:lang="en">
+                     <StreetAddress>Pärnu mnt 141</StreetAddress>
+                     <Locality>Tallinn</Locality>
+                     <StateOrProvince>Harjumaa</StateOrProvince>
+                     <PostalCode>11314</PostalCode>
+                     <CountryName>EE</CountryName>
+                  </PostalAddress>
+               </PostalAddresses>
+               <ElectronicAddress>
+                  <URI xml:lang="en">http://www.sk.ee</URI>
+                  <URI xml:lang="en">mailto:info@sk.ee</URI>
+               </ElectronicAddress>
+            </TSPAddress>
+            <TSPInformationURI>
+               <URI xml:lang="en">http://www.sk.ee/en/repository/CPS</URI>
+            </TSPInformationURI>
+         </TSPInformation>
+         <TSPServices>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/PKC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">TEST of ESTEID-SK 2011: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIEuzCCA6OgAwIBAgIQSxRID7FoIaNNdNhBeucLvDANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTEwMzA3MTMwNjA5WhcNMjMwOTA3MTIwNjA5WjBsMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEfMB0GA1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxMTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SMr+A2QGMJuNpu60MgqKG0yLL7JfvjNtgs2hqWADDn1AQeD79o+8r4SRYp9kowSFA8E1v38XXTHRq3nSZeToOC5DMAWjsKlm4x8hwwp31BXCs/Hrl9VmikIgAlaHvv3Z+MzS6qeLdzyYi/glPVrY42A6/kBApOJlOVLvAFdySNmFkY+Ky7MZ9jbBr+Nx4py/V7xm9VD62Oe1lku4S4qd+VYcQ5jftbr4OFjBp9Nn58/5svQxrLjv3B67i19d7sNh7UPnMiO6BeBb6yb3P1lqdHofE1lElStIPViJlzjPOh4puxWadHDvVYUCJgW2aM58mTfjFhZbVfcrVn5OyIiTQIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwgZkGA1UdIASBkTCBjjCBiwYKKwYBBAHOHwMBATB9MFgGCCsGAQUFBwICMEweSgBBAGkAbgB1AGwAdAAgAHQAZQBzAHQAaQBtAGkAcwBlAGsAcwAuACAATwBuAGwAeQAgAGYAbwByACAAdABlAHMAdABpAG4AZwAuMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwHQYDVR0OBBYEFEG2/sWxsbRTE4z6+mLQNG1tIjQKMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQBdh5R23K7qkrO78j51xN6CR2qwxUcK/cgcTLWv0obPmJ7jRax3PX0pFhaUE6EhAR0dgS4u6XZrjPgVrt/mwq1h8lJP1MF2ueAHKyS0SGj7aFLkcC+ULwu1k6yiortFJ0Ds49ZGA+ioGzYWPQ+g1Zl4wSDIz52ot0cHUijnf39Szq7E2z7MDfZkYg8HZeHrO493EFghXcnSH7J7z47cgP3GWFNUKv1V2c0eVE4OxRulZ3KmBLPWbJKZ0TyGa/Aooc+TorEjxz//WzcF/Sklp4FeD0MU39UURIlg7LfEcm832bPzZzVGFd4drBd5Dy0Uquu63kW7RDqr+wQFSxKr9DIH</X509Certificate>
+                     </DigitalId>
+                     <DigitalId>
+                        <X509SubjectName>1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of ESTEID-SK 2011,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2011-03-08T22:00:00Z</StatusStartingTime>
+                  <TSPServiceDefinitionURI>
+                     <URI xml:lang="en">http://sk.ee/en/repository/CP/</URI>
+                  </TSPServiceDefinitionURI>
+                  <ServiceInformationExtensions>
+                     <Extension Critical="true">
+                        <ecc:Qualifications>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="atLeastOne">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                        </ecc:Qualifications>
+                     </Extension>
+                     <Extension Critical="true">
+                        <AdditionalServiceInformation>
+                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures</URI>
+                        </AdditionalServiceInformation>
+                     </Extension>
+                  </ServiceInformationExtensions>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">TEST of ESTEID-SK 2015: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIGgzCCBWugAwIBAgIQEDb9gCZi4PdWc7IoNVIbsTANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTUxMjE4MDcxMzQ0WhgPMjAzMDEyMTcyMzU5NTlaMGsxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEfMB0GA1UEAwwWVEVTVCBvZiBFU1RFSUQtU0sgMjAxNTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMTeAFvLxmAeaOsRKaf+hlkOhW+CdEilmUIKWs+qCWVq+w8E8PA/TohAZdUcO4KFXothmPDmfOCb0ExXcnOPCr2NndavzB39htlyYKYxkOkZi3pLz8bZg/HvpBoy8KIg0sYdbhVPYHf6i7fuJjDac4zN1vKdVQXA6Tv5wS/e90/ZyF955vycxdNLticdozm5yCDMNgsEji6QNA1zIi3+C2YmnDXx6VyxhuC2R3q0xNkwtJ4ezs1RZGxWokTNPzQc3ilGhEJlVsS8vP624hUHwufQnwrKWpc3+D+plMIO0j3E+hmh46gIadDRweFR/dzb+CIBHRaFh0LEBjd/cDFQlBI+E8vpkhqeWp6rp1xwnhCL201M3E1E1Mw+51Xqj7WOfY0TzjOmQJy8WJPEwU2m44KxW1SnpeEBVkgb4XYFeQHAllc7J7JDv50BoIPpecgaqn1vKR7l//wDsL0MN1tDlBhl3x7TJ/fwMnwB1E3zVZR74TUZh5J49CAcFrfM4RmP/0hcDW8+4wNWMg2Qgst2qmPZmHCI/OJt5yMt0Ud5yPF8AWxVot3TxOBGjMiM8m6WsksFsQxp5WtA0DANGXIIfydTaTV16Mg+KpYVqFKxkvFBmfVp6xApMaFl3dY/m56O9JHEqFpBDF+uDQIMjFJxJ4Pt7Mdk40zfL4PSw9Qco2T3AgMBAAGjggINMIICCTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNVHQ4EFgQUScDyRDll1ZtGOw04YIOx1i0ohqYwDgYDVR0PAQH/BAQDAgEGMGYGA1UdIARfMF0wMQYKKwYBBAHOHwMBATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwDAYKKwYBBAHOHwMBAjAMBgorBgEEAc4fAwEDMAwGCisGAQQBzh8DAQQwEgYDVR0TAQH/BAgwBgEB/wIBADBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0lBCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDCBiQYIKwYBBQUHAQEEfTB7MCUGCCsGAQUFBzABhhlodHRwOi8vZGVtby5zay5lZS9jYV9vY3NwMFIGCCsGAQUFBzAChkZodHRwOi8vd3d3LnNrLmVlL2NlcnRzL1RFU1Rfb2ZfRUVfQ2VydGlmaWNhdGlvbl9DZW50cmVfUm9vdF9DQS5kZXIuY3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBDAUAA4IBAQDBOYTpbbQuoJKAmtDPpAomDd9mKZCarIPxAH8UXphSndMqOmIUA4oQMrLcZ6a0rMyCFR8x4NX7abc8T81cvgUAWjfNFn8+bi6+DgbjhYY+wZ010MHHdUo2xPajfog8cDWJPkmz+9PAdyjzhb1eYoEnm5D6o4hZQCiRyPnOKp7LZcpsVz1IFXsqP7M5WgHk0SqY1vs+Yhu7zWPSNYFIzNNXGoUtfKhhkHiRWFX/wdzr3fqeaQ3gs/PyD53YuJXRzFrktgJJoJWnHEYIhEwbai9+OeKr4L4kTkxvPKTyjjpLKcjUk0Y0cxg7BuzwevonyBtL72b/FVs6XsXJJqCa3W4T</X509Certificate>
+                     </DigitalId>
+                     <DigitalId>
+                        <X509SubjectName>CN=TEST of ESTEID-SK 2015,2.5.4.97=#0c0e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2015-12-18T07:13:44Z</StatusStartingTime>
+                  <TSPServiceDefinitionURI>
+                     <URI xml:lang="en">http://sk.ee/en/repository/CP/</URI>
+                  </TSPServiceDefinitionURI>
+                  <ServiceInformationExtensions>
+                     <Extension Critical="true">
+                        <ecc:Qualifications>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="atLeastOne">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                        </ecc:Qualifications>
+                     </Extension>
+                     <Extension Critical="true">
+                        <AdditionalServiceInformation>
+                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures</URI>
+                        </AdditionalServiceInformation>
+                     </Extension>
+                  </ServiceInformationExtensions>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">TEST of EID-SK 2016 qualified certificates for electronic signatures</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIG+DCCBeCgAwIBAgIQUkCP5k8r59RXxWzfbx+GsjANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTYwODMwMTEyNDE1WhgPMjAzMDEyMTcyMzU5NTlaMGgxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEcMBoGA1UEAwwTVEVTVCBvZiBFSUQtU0sgMjAxNjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOrKOByrJqS1QsKD4tXhqkZafPMd5sfxem6iVbMAAHKpvOs4Ia2oXdSvJ2FjrMl5szeT4lpHyzfECzO3nx7pvRLKHufi6lMwMGjtSI6DK8BiH9z7Lm+kNLunNFdIir0hPijjbIkjg9iwfaeST9Fi5502LsK7duhKuCnH7O0uMrS/MynJ4StANGY13X2FvPW4qkrtbwsmhdN0Btro72O6/3O+0vbnq/yCWtcQrBGv3+8XEBdCqH5S/Rt0EugKX4UlVy5l0QUc8IrjGtdMsr9KDtvmVwlefXYKoLqkC7guMGOUNf6Y4AYGsPqfY4dG3N5YNp5FHDL7IO93h7TpRV3gyR38LiJsPHk5nES5mdPkNuEkCyg0zEKI7uJ4LUuBbjzZPp2gP7PN8Iqi9GP7V2NCz8vUVN3WpHvctsf0DMvZdV5pxqLY5ojyfhMsU4aMcGSQA9EK8ES3O1zBK1DW+btjbQjUFW1SIwCkB2yofFxge+vvzZGbvt2UGOE8oAL8/JzNxi9FbjTAbycrGWgEMQ0sM1fKc+OsvoaSy9m3ZQGph0+dbsouQpl3kpJvjDMzxxkrMqxdhlVMreLKGCMMxJMAGQEwVS5P93Nnmz8UbkmeomUJr3NrBo4+V9L5S4Kx1vTvD0p72xRYFyfifLOjs8qs7lR3yhkcBPQI78ERqxv31FWDAgMBAAGjggKFMIICgTAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jAdBgNVHQ4EFgQUrrDq4Tb4JqulzAtmVf46HQK/ErQwDgYDVR0PAQH/BAQDAgEGMIHEBgNVHSAEgbwwgbkwPAYHBACL7EABAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzA8BgcEAIvsQAEAMDEwLwYIKwYBBQUHAgEWI2h0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvb3JpdW0vQ1BTMDsGBgQAj3oBAjAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b29yaXVtL0NQUzASBgNVHRMBAf8ECDAGAQH/AgEAMCcGA1UdJQQgMB4GCCsGAQUFBwMJBggrBgEFBQcDAgYIKwYBBQUHAwQwfAYIKwYBBQUHAQEEcDBuMCAGCCsGAQUFBzABhhRodHRwOi8vb2NzcC5zay5lZS9DQTBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5zay5lZS9jZXJ0cy9FRV9DZXJ0aWZpY2F0aW9uX0NlbnRyZV9Sb290X0NBLmRlci5jcnQwQQYDVR0eBDowOKE2MASCAiIiMAqHCAAAAAAAAAAAMCKHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCUGCCsGAQUFBwEDBBkwFzAVBggrBgEFBQcLAjAJBgcEAIvsSQEBMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBDAUAA4IBAQAiw1VNxp1Ho7FwcPlFqlLl6zb225IvpNelFX2QMbq1SPe41LuBW7WRZIV4b6bRQug55k8lAm8eX3zEXL9I+4Bzai/IBlMSTYNpqAQGNVImQVwMa64uN8DWo8LNWSYNYYxQzO7sTnqsqxLPWeKZRMkREI0RaVNoIPsciJvid9iBKTcGnMVkbrgyLzlXblLMU4I0pL2RWlfs2tr+XtCtWAvJPFskM2QZ2NnLjW8WroZr8TooocRA1vl/ruIAPC3FxW7zebKcA2B66j4tW7uyF2kPx4WWA3xgR5QZnn4ePEAYjJdu1eWd9KbeAbxPCfFOST43t0fm20HfV2Wp2PMEq4b2</X509Certificate>
+                     </DigitalId>
+                     <DigitalId>
+                        <X509SubjectName>CN=TEST of EID-SK 2016,2.5.4.97=#130e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2016-12-21T10:00:00Z</StatusStartingTime>
+                  <TSPServiceDefinitionURI>
+                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
+                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
+                  </TSPServiceDefinitionURI>
+                  <ServiceInformationExtensions>
+                     <Extension Critical="true">
+                        <ecc:Qualifications>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"/>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForESig"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:PolicySet>
+                                    <ecc:PolicyIdentifier>
+                                       <xades:Identifier>1.3.6.1.4.1.10015.17.2</xades:Identifier>
+                                    </ecc:PolicyIdentifier>
+                                 </ecc:PolicySet>
+                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates
+                                 </ecc:Description>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                        </ecc:Qualifications>
+                     </Extension>
+                     <Extension Critical="true">
+                        <AdditionalServiceInformation>
+                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures</URI>
+                        </AdditionalServiceInformation>
+                     </Extension>
+                  </ServiceInformationExtensions>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/PKC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">TEST of NQ-SK 2016 advanced certificates for electronic signatures</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIGijCCBXKgAwIBAgIQOjiPZGsWs2VXxW0gWA+mAzANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwIBcNMTYwODMwMTEyNTIwWhgPMjAzMDEyMTcyMzU5NTlaMGcxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlBUyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBOUS1TSyAyMDE2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwKLATeOt27z1OPLOFaUQVTLSL6tiQLrBZCO3C3DQuMLixR6cCla+aAS3U4VaKZRCrK+NI7v2cGvDdPW6jmztJJPlXcbZ2nY6QtQq2TkXnVx8Yh+9H1iRB3u9Av9ALFEisj/uYWGoqA8bT7C0MgCu7VGdvpYpiRy7FCyKX7CDf3wW4a/x+vil4yMb0UD2BTrMgwTgcxsaQ4zCg+DFvB8+97pOWZMWbBjkLskM/mxp/ChrDVRiQsMgcUgiQ2heqRa3lNrHXkyJYseUEaCxXkT+aIwdtG7HPqvTrhLbfJs9iMFV3t08jFRZn8gwpUlyy0pztNoy6Xn6d9BHv5+P7/yIOMKghh23gx637WRIaghIn8+6i6/CIK77IQTxwwc4Prg/kpr+F7/5l7M/9Hk7yXsJZ5RHP+JooJcF25pU7VEO80UDJ/srKfm/frlHqeioUxmYRdZSRLiPiZpMC958euD5NsuiJSGqCtESGLyRxNp5Ts7iaQbMcRx0fHTJ0jG4EzXprUKCZCBD2ozK+DljyKEQZmwr7tXge9/JEiX1xhO4fGzadtz5nXjJvAnh8KUnTX9fli7Y1wY2Y2iBlYUbxn9ENPusE5TcLMKDnvpLEd7b0Z3keQiIWR0GvNN59Fe2RhM4sa0IyNXyM0xvamglEEP9/uWJmEdYf7q0wBmWQUhcMc8CAwEAAaOCAhgwggIUMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MB0GA1UdDgQWBBSsw050xt/OPR3E74FhBbZv3UkdPTAOBgNVHQ8BAf8EBAMCAQYwRgYDVR0gBD8wPTA7BgYEAI96AQEwMTAvBggrBgEFBQcCARYjaHR0cHM6Ly93d3cuc2suZWUvcmVwb3NpdG9vcml1bS9DUFMwEgYDVR0TAQH/BAgwBgEB/wIBADCBjQYIKwYBBQUHAQEEgYAwfjAgBggrBgEFBQcwAYYUaHR0cDovL29jc3Auc2suZWUvQ0EwWgYIKwYBBQUHMAKGTmh0dHBzOi8vd3d3LnNrLmVlL3VwbG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3RfQ0EuZGVyLmNydDBBBgNVHR4EOjA4oTYwBIICIiIwCocIAAAAAAAAAAAwIocgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJwYDVR0lBCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDAlBggrBgEFBQcBAwQZMBcwFQYIKwYBBQUHCwIwCQYHBACL7EkBATBDBgNVHR8EPDA6MDigNqA0hjJodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvdGVzdF9lZWNjcmNhLmNybDANBgkqhkiG9w0BAQwFAAOCAQEAt/0Rv4T7HcRt53ELEDvjTXdxCmdAvLs/eynom18jTguHSwO1vqcq+FRjZ8Qw2Ds5lL8QqT9h38lrQoyNVXLSJOV49seLM/So3k2I6agYXOtM1a+oQG6Si09dQVwMAk0y/7YOddVnx5OdGJZlJTqQumVJUS96Wm74qKh6B+w0gGgAvg/7BpAIBtUweRmjoV4iT/EKz0bKOJPU63guw7y6APGJOsama9fj96cVrnqNdPhaPKqTIPkdabkwxB3wPiCzON9+r0FVUn0se4kIkqZ+jJQBLmYCvnuzMwiYVBvWorTpWNXwLV7B8cwI5/UwmXermhgBhRhb4ZBQhuChRNEp4w==</X509Certificate>
+                     </DigitalId>
+                     <DigitalId>
+                        <X509SubjectName>CN=TEST of NQ-SK 2016,2.5.4.97=#130e4e545245452d3130373437303133,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2016-12-21T10:00:00Z</StatusStartingTime>
+                  <TSPServiceDefinitionURI>
+                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
+                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
+                  </TSPServiceDefinitionURI>
+                  <ServiceInformationExtensions>
+                     <Extension Critical="true">
+                        <AdditionalServiceInformation>
+                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures</URI>
+                        </AdditionalServiceInformation>
+                     </Extension>
+                  </ServiceInformationExtensions>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">TEST of ESTEID2018: Test certificates for Estonian ID-card, the residence permit card, digital personal identification document</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIFfDCCBN2gAwIBAgIQNhjzSfd2UEpbkO14EY4ORTAKBggqhkjOPQQDBDBiMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEdMBsGA1UEAwwUVEVTVCBvZiBFRS1Hb3ZDQTIwMTgwHhcNMTgwOTA2MDkwMzUyWhcNMzMwODMwMTI0ODI4WjBgMQswCQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRhDA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBxYug4cEqwmIj+3TVaUlhfxCV9FQgfuglC2/0Ux1Ieqw11mDjNvnGJhkWxaLbWJi7QtthMG5R104l7Np7lBevrBgBDtfgja9e3MLTQkY+cFS+UQxjt9ZihTUJVsR7lowYlaGEiqqsGbEhlwfu27Xsm8b2rhSiTOvNdjTtG57NnwVAX+ijggMyMIIDLjAfBgNVHSMEGDAWgBR/DHDY9OWPAXfux20pKbn0yfxqwDAdBgNVHQ4EFgQUwISZKcROnzsCNPaZ4QpWAAgpPnswDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwggHNBgNVHSAEggHEMIIBwDAIBgYEAI96AQIwCQYHBACL7EABAjAyBgsrBgEEAYORIQECATAjMCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9DUFMwDQYLKwYBBAGDkSEBAgIwDQYLKwYBBAGDkX8BAgEwDQYLKwYBBAGDkSEBAgUwDQYLKwYBBAGDkSEBAgYwDQYLKwYBBAGDkSEBAgcwDQYLKwYBBAGDkSEBAgMwDQYLKwYBBAGDkSEBAgQwDQYLKwYBBAGDkSEBAggwDQYLKwYBBAGDkSEBAgkwDQYLKwYBBAGDkSEBAgowDQYLKwYBBAGDkSEBAgswDQYLKwYBBAGDkSEBAgwwDQYLKwYBBAGDkSEBAg0wDQYLKwYBBAGDkSEBAg4wDQYLKwYBBAGDkSEBAg8wDQYLKwYBBAGDkSEBAhAwDQYLKwYBBAGDkSEBAhEwDQYLKwYBBAGDkSEBAhIwDQYLKwYBBAGDkSEBAhMwDQYLKwYBBAGDkSEBAhQwDQYLKwYBBAGDkX8BAgIwDQYLKwYBBAGDkX8BAgMwDQYLKwYBBAGDkX8BAgQwDQYLKwYBBAGDkX8BAgUwDQYLKwYBBAGDkX8BAgYwKgYDVR0lAQH/BCAwHgYIKwYBBQUHAwkGCCsGAQUFBwMCBggrBgEFBQcDBDB3BggrBgEFBQcBAQRrMGkwLgYIKwYBBQUHMAGGImh0dHA6Ly9haWEuZGVtby5zay5lZS9lZS1nb3ZjYTIwMTgwNwYIKwYBBQUHMAKGK2h0dHA6Ly9jLnNrLmVlL1Rlc3Rfb2ZfRUUtR292Q0EyMDE4LmRlci5jcnQwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATA4BgNVHR8EMTAvMC2gK6AphidodHRwOi8vYy5zay5lZS9UZXN0X29mX0VFLUdvdkNBMjAxOC5jcmwwCgYIKoZIzj0EAwQDgYwAMIGIAkIBIF+LqytyaV4o5wUSm30VysB8LdWtoOrzNq2QhB6tGv4slg5z+CR58e60eRFqNxT7eccA/HgoPWs0B1Z+L067qtUCQgCB8OP0kHx/j1t7htN2CXjpSjGFZw5TTI4s1eGyTbe0UJRBXEkUKfFbZVmzGPFPprwUdSPi8PpO7+xGBYlFHA4z+Q==</X509Certificate>
+                     </DigitalId>
+                     <DigitalId>
+                        <X509SubjectName>CN=TEST of ESTEID2018,2.5.4.97=#0c0e4e545245452d3130373437303133,O=SK ID Solutions AS,C=EE</X509SubjectName>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2018-04-05T09:45:21Z</StatusStartingTime>
+                  <TSPServiceDefinitionURI>
+                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
+                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
+                  </TSPServiceDefinitionURI>
+                  <ServiceInformationExtensions>
+                     <Extension Critical="true">
+                        <ecc:Qualifications>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="atLeastOne">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="digitalSignature">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:Description> This service issues qualified certificates for e-signing and e-authentication within the same process. The Relying Party shall make distinction by inspection of keyUsage field contents - e-signature certificates have nonRepudation bit set exclusively. Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) and that has either its nR or its dS bit set is to be considered as supported by an SSCD</ecc:Description>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                        </ecc:Qualifications>
+                     </Extension>
+                     <Extension Critical="true">
+                        <AdditionalServiceInformation>
+                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures</URI>
+                        </AdditionalServiceInformation>
+                     </Extension>
+                  </ServiceInformationExtensions>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">TEST of SK OCSP RESPONDER 2011</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIEijCCA3KgAwIBAgIQaI8x6BnacYdNdNwlYnn/mzANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTEwMzA3MTMyMjQ1WhcNMjQwOTA3MTIyMjQ1WjCBgzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDTALBgNVBAsMBE9DU1AxJzAlBgNVBAMMHlRFU1Qgb2YgU0sgT0NTUCBSRVNQT05ERVIgMjAxMTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0cw6Cja17BbYbHi6frwccDI4BIQLk/fiCE8L45os0xhPgEGR+EHE8LPCIqofPgf4gwN1vDE6cQNUlK0Od+Ush39i9Z45esnfpGq+2HsDJaFmFr5+uC1MEz5Kn1TazEvKbRjkGnSQ9BertlGer2BlU/kqOk5qA5RtJfhT0psc1ixKdPipv59wnf+nHx1+T+fPWndXVZLoDg4t3w8lIvIE/KhOSMlErvBIHIAKV7yH1hOxyeGLghqzMiAn3UeTEOgoOS9URv0C/T5C3mH+Y/uakMSxjNuz41PneimCzbEJZJRiEaMIj8qPAubcbL8GtY03MWmfNtX6/wh6u6TMfW8S2wIDAQABo4H+MIH7MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMJMB0GA1UdDgQWBBR9/5CuRokEgGiqSzYuZGYAogl8TzCBoAYDVR0gBIGYMIGVMIGSBgorBgEEAc4fAwEBMIGDMFgGCCsGAQUFBwICMEweSgBBAGkAbgB1AGwAdAAgAHQAZQBzAHQAaQBtAGkAcwBlAGsAcwAuACAATwBuAGwAeQAgAGYAbwByACAAdABlAHMAdABpAG4AZwAuMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LnNrLmVlL2FqYXRlbXBlbC8wHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wDQYJKoZIhvcNAQEFBQADggEBAAbaj7kTruTAPHqToye9ZtBdaJ3FZjiKug9/5RjsMwDpOeqFDqCorLd+DBI4tgdu0g4lhaI3aVnKdRBkGV18kqp84uU97JRFWQEf6H8hpJ9k/LzAACkP3tD+0ym+md532mV+nRz1Jj+RPLAUk9xYMV7KPczZN1xnl2wZDJwBbQpcSVH1DjlZv3tFLHBLIYTS6qOK4SxStcgRq7KdRczfW6mfXzTCRWM3G9nmDei5Q3+XTED41j8szRWglzYf6zOv4djkja64WYraQ5zb4x8Xh7qTCk6UupZ7je+0oRfuz0h/3zyRdjcRPkjloSpQp/NG8Rmrcnr874p8d9fdwCrRI7U=</X509Certificate>
+                     </DigitalId>
+                     <DigitalId>
+                        <X509SubjectName>1.2.840.113549.1.9.1=#1609706b6940736b2e6565,CN=TEST of SK OCSP RESPONDER 2011,OU=OCSP,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2011-03-08T22:00:00Z</StatusStartingTime>
+                  <ServiceSupplyPoints>
+                     <ServiceSupplyPoint>http://demo.sk.ee/ocsp</ServiceSupplyPoint>
+                  </ServiceSupplyPoints>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/Certstatus/OCSP/QC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">TEST of SK OCSP RESPONDER 2020</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIEzjCCA7agAwIBAgIQa7w4iGoiIOtfrn0fG/hc1zANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMjAxMTEzMTIzMzM1WhcNMjQwNjEzMTEzMzM1WjCBgzELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxDTALBgNVBAsMBE9DU1AxJzAlBgNVBAMMHlRFU1Qgb2YgU0sgT0NTUCBSRVNQT05ERVIgMjAyMDEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6U1uMvi5P6bycikgOFp1QdIdt2R/x/+WbRVNLNjDTMS0t70BVl6+Z7c5jqZUNIBZ5qlr3K8v5bIv0rdr1H/By0wFMWsWksZnQLIsb/lU+HeuSIDY2ESs0YzvZW4AB3tDrMFOrtuImmsUxhsz00KcRt9o+/o0RD9v5qxhJaqj6+Pr/8fZJK67Wuiqli2vVtuStaTb5zpjA1MJtu9OM4jk/FaL1FaST72XPTzpMVNJR/Rk63t0wL4l4f4s3y0ZI+JPzXu3jyeH+g3ZVLbwB2ccwgqfDPKXoxfNtcDxjUZz16OQQp2Rp14h/n8If0jyHfiNHHCDKaSPFyyJJMgRrQkiwIDAQABo4IBQTCCAT0wEwYDVR0lBAwwCgYIKwYBBQUHAwkwHQYDVR0OBBYEFIGteMcJzpGYrEl+MRkb+QpBx6XFMIGgBgNVHSAEgZgwgZUwgZIGCisGAQQBzh8DAQEwgYMwWAYIKwYBBQUHAgIwTB5KAEEAaQBuAHUAbAB0ACAAdABlAHMAdABpAG0AaQBzAGUAawBzAC4AIABPAG4AbAB5ACAAZgBvAHIAIAB0AGUAcwB0AGkAbgBnAC4wJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuc2suZWUvYWphdGVtcGVsLzAfBgNVHSMEGDAWgBS1NAqdpS8QxechDr7EsWVHGwN2/jBDBgNVHR8EPDA6MDigNqA0hjJodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvdGVzdF9lZWNjcmNhLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAKR+ssgVTDDkGl+sLwz5OwaBMUOPEscr7DcCXmjmRaC+KjTe8kCuXZwnMH7tMf0mDyF22USJ/o2m0MFW1k8zjH1yr1/2JghttRfi5mCvoMHNXVM/ST1C/6rrymaYA27RxIj201USwTQp35YvhUUIZO3Xby/60yXZyt7wCS7xAnH65U/0LnkT5w5DLC8EdXlH3QF600Z74fm8z54lY80IoSgIEPmFZlLe4YR822G24mawGRQKIbhPK2DO6sGtLZDAfee4B6TGmPcunztsYaUoc1spfCKrx5EBthieSgAp0dh0kMBAR/AGh7fSwl5zyASFgYmtVP4FZS6w6ETlXU7Bg3g==</X509Certificate>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2020-11-13T13:00:00Z</StatusStartingTime>
+                  <ServiceSupplyPoints>
+                     <ServiceSupplyPoint>http://demo.sk.ee/ocsp</ServiceSupplyPoint>
+                  </ServiceSupplyPoints>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-QC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">DEMO of SK TSA</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIEEDCCAvigAwIBAgIQM7TnUTYz+b1Tgw99YoRLODANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTQwNTI2MDk1NTA5WhcNMjQwNTI2MDk1NTA5WjBYMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEMMAoGA1UECwwDVFNBMRcwFQYDVQQDDA5ERU1PIG9mIFNLIFRTQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMYVFuAcGSanEI10cpb2Rcd2IgXz5XMYJM8XD1wL5Ltv/R2dCQmGaDbpb+/bXOCgm9P/fjCJ7g/DGoplomkKQfUkK4qi0quUaZylnJRgDtj6Y12Mni507Lnk6+6f0xxUAUSV7mCrdZtzYG7jrVjeTjx5RHwr69EKz5zBdLE/N5n893h2+Z1gMsUXJvm1DN4Ui99kCdo1vi2iTVgh5SpTo8lDAkzElrl6B3sHWwgUe7CyxjL4uqvU3B6OwU27F3mrAK/3c1+hdyuZKMTurWzQznCr1jqx0TubxRcwiyDyE9i3ip0G92+NB1/xop33+ooLkL930i/A/kVJYWLIR2N2Ms8CAwEAAaOBsDCBrTAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFNfCWP6p03Uhi50s/a2eWQR886TUMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQBfidmlXMbJ+tBDgaQ9CyM0ObI5srSaePHamHglBUFU34tYp9HVhVU+8xh5+hGEOV5y0mZeeIyuQyfwlySQ0vMWdZx02KdNFa9m6ICpufTieHHUzZBCWs/Pl8Bci3Vu5y/VwUAYf14TVJEWCyhyRwo/bfxXRnWIr/Mhe8d10exroADEtcEhRLklyHw6C+ck/mVyrbQm+XoZq876TyuZWmbzxMSi3UG/Zpss1LjK4qI75HDJqW/PHsDJC8YCIpVoRBcN+O0TLuzxOYG++cZBU7QR3axkSkyammtbF85lqxh4Xi4nKjIYgrGWbNXZp4dN/G+uMTDk/2rj8w7E6aRWne2m</X509Certificate>
+                     </DigitalId>
+                     <DigitalId>
+                        <X509Certificate>MIIEFTCCAv2gAwIBAgIQTqz7bCP8W45UBZa7tztTTDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTQwOTAyMTAwNjUxWhcNMjQwOTAyMTAwNjUxWjBdMQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEMMAoGA1UECwwDVFNBMRwwGgYDVQQDDBNERU1PIG9mIFNLIFRTQSAyMDE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAysgrVnVPxH8jNgCsJw0y+7fmmBDTM/tNB+xielnP9KcuQ+nyTgNu1JMpnry7Rh4ndr54rPLXNGVdb/vsgsi8B558DisPVUn3Rur3/8XQ+BCkhTQIg1cSmyCsWxJgeaQKJi6WGVaQWB2he35aVhL5F6ae/gzXT3sGGwnWujZkY9o5RapGV15+/b7Uv+7jWYFAxcD6ba5jI00RY/gmsWwKb226Rnz/pXKDBfuN3ox7y5/lZf5+MyIcVe1qJe7VAJGpJFjNq+BEEdvfqvJ1PiGQEDJAPhRqahVjBSzqZhJQoL3HI42NRCFwarvdnZYoCPxjeYpAynTHgNR7kKGX1iQ8OQIDAQABo4GwMIGtMA4GA1UdDwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAdBgNVHQ4EFgQUJwScZQxzlzySVqZXviXpKZDV5NwwHwYDVR0jBBgwFoAUtTQKnaUvEMXnIQ6+xLFlRxsDdv4wQwYDVR0fBDwwOjA4oDagNIYyaHR0cHM6Ly93d3cuc2suZWUvcmVwb3NpdG9yeS9jcmxzL3Rlc3RfZWVjY3JjYS5jcmwwDQYJKoZIhvcNAQELBQADggEBAIq02SVKwP1UolKjqAQe7SVY/Kgi++G2kqAd40UmMqa94GTu91LFZR5TvdoyZjjnQ2ioXh5CV2lflUy/lUrZMDpqEe7IbjZW5+b9n5aBvXYJgDua9SYjMOrcy3siytqq8UbNgh79ubYgWhHhJSnLWK5YJ+5vQjTpOMdRsLp/D+FhTUa6mP0UDY+U82/tFufkd9HW4zbalUWhQgnNYI3oo0CsZ0HExuynOOZmM1Bf8PzD6etlLSKkYB+mB77Omqgflzz+Jjyh45o+305MRzHDFeJZx7WxC+XTNWQ0ZFTFfc0ozxxzUWUlfNfpWyQh3+4LbeSQRWrNkbNRfCpYotyM6AY=</X509Certificate>
+                     </DigitalId>
+                     <DigitalId>
+                        <X509SubjectName>CN=DEMO of SK TSA,OU=TSA,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2014-05-31T21:00:00Z</StatusStartingTime>
+                  <ServiceSupplyPoints>
+                     <ServiceSupplyPoint>http://demo.sk.ee/tsa/</ServiceSupplyPoint>
+                  </ServiceSupplyPoints>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/TSA/QTST</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">DEMO SK TIMESTAMPING AUTHORITY 2020</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIEgzCCA2ugAwIBAgIQcGzJsYR4QLlft+S73s/WfTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMjAxMTMwMjEwMDAwWhcNMjUxMTMwMjEwMDAwWjB/MSwwKgYDVQQDDCNERU1PIFNLIFRJTUVTVEFNUElORyBBVVRIT1JJVFkgMjAyMDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxDDAKBgNVBAsMA1RTQTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMQswCQYDVQQGEwJFRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMz8yTHQyp8gzyPnKt/CQg+07c/ogDl4V1SmyFGPT+lQaYZvXIKNNZyJlzII+vNnsok6hIRvAX5ffDZs8dkeNdo8QOuQ81QbLn5JJT2VuSppvpnqpFCiL+uWY0/nnwNmyiDueMkUDDJavbSPCkWwmW+aQZCNGd+krSTL/zNHCfOt7cAVDQAL9C4Ue7olufIZoDCTqRA00S8bGbTQPyTS8uUMEuwWc4JYZqEu4c24bIGhbKoCOSR60WrD6cBoZXLlqwDbWdkX5SLjJ9dTCxGW+pLpnAWx+KqJY3HkDiSZCT46JXOaoVzmcFx3l7eqQfqWgkzRZs9TJvqQSLQ+vgSAORECAwEAAaOB/DCB+TAOBgNVHQ8BAf8EBAMCBsAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwHQYDVR0OBBYEFJ8v3/rNs6jK0l3BxyVSixDYEOJHMB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MIGOBggrBgEFBQcBAQSBgTB/MCEGCCsGAQUFBzABhhVodHRwOi8vZGVtby5zay5lZS9haWEwWgYIKwYBBQUHMAKGTmh0dHBzOi8vd3d3LnNrLmVlL3VwbG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3RfQ0EuZGVyLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAWWkQKAbEAT77n8L42gw5ql7BO1fdmUgRJRRwWL9Vo9l1c50lqieR8MUToF4wpF6D0PJUx9FDcKL0fbURFTRuETCgGekYmCjMbVQCiv6W38vMsIdJLBWjo2oT2AjtJ2VakwkrzzSxOSBrF5u0hPsAkP0VkBhmW1E0DHfm1Bti2xk5t9OsJMJqfTTl8v1HXktlnxi6WdUzLBcSdknFePDnSYoT3xOfOz1IlB3Ta729bgglAjVBEoWyrKX4kTjZPChxseMntXaW/pN+Agm3Xa9hniXdK4KamzX8d8LJ+qObxmc9TXmksbWZVup0ktfJYWIHCwZjmQukAed/pIX8UV3N9w==</X509Certificate>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2020-11-30T21:00:00Z</StatusStartingTime>
+                  <ServiceSupplyPoints>
+                     <ServiceSupplyPoint>http://demo.sk.ee/tsa/</ServiceSupplyPoint>
+                  </ServiceSupplyPoints>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">TEST of KLASS3 2010: test electronic seals</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIExzCCA6+gAwIBAgIQIrzOHDuBOQRPabRVIaWqEzANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTIwMzIxMTA1ODI5WhcNMjUwMzIxMTA1ODI5WjB1MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEhMB8GA1UECwwYU2VydGlmaXRzZWVyaW1pc3RlZW51c2VkMR8wHQYDVQQDDBZURVNUIG9mIEtMQVNTMy1TSyAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7Ua/6IAAqXvy2COvRLW9yCSeImQ23XRAzf/xHmJ6fYiSs0LaR8c19IOSOkOarAgUrt0XDG5KWBdE5qwuVc0gQN9ZjYwmDg3dq4LVo89FdvATKk2Tao01Iu1N+2eGSEifgGBH5iWfYqu1hGJ2nJPHIG9bKXZXfw+ET2gymO5bHnt8iOJmq+YynMXEvxtUTl2hKh0o6m28i3YKXru0jm5qe5/YCJ9HFw9yKn8eLnI2/9Jfruxe5F1AMOkVXhVtA57yeQARv18a8uEQZV0CS/WDmCPi+hl6GqSwhWZBdB9igOMsnZdNS1s7kr2/46doZQVPa2X3vJyYMTl/oaWB++VfAQIDAQABo4IBSTCCAUUwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwgZkGA1UdIASBkTCBjjCBiwYKKwYBBAHOHwMBATB9MCEGCCsGAQUFBwIBFhVodHRwczovL3d3dy5zay5lZS9jcHMwWAYIKwYBBQUHAgIwTB5KAEEAaQBuAHUAbAB0ACAAdABlAHMAdABpAG0AaQBzAGUAawBzAC4AIABPAG4AbAB5ACAAZgBvAHIAIAB0AGUAcwB0AGkAbgBnAC4wHQYDVR0OBBYEFNFoQ5JN1Wc5Ii9tzYgGEg662Wp2MB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHBzOi8vd3d3LnNrLmVlL3JlcG9zaXRvcnkvY3Jscy90ZXN0X2VlY2NyY2EuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCiE8G8gwZpeeHm0PoqHd54/KbfH2cAklqO5rcg2m9fhhvPNtMQ9Wc19JWauE2YuNsnJNKetglUAnA/yd64DhQKBf+2JUgYJas4dTscRgXXlz8huuvenNUpfPd3iispVc2WNBQ2qjBEZXdqhbkG0/RgM42Hb28+1v23HsoLhCGY2YjHhYynmOk/8BULI/ArsgA7FJflXi5Xp/cdC8BJQ87vtPlAnxm0axZMvASNXMUvvQTUjCTg0yczX3d8+I3EBNBlzfPMsyU1LCn6Opbs2/DGF/4enhRGk/49L6ltfOyOA73buSogS2JkvCweSx6Y2cs1fXVyFszm2HJmQgwbZYfR</X509Certificate>
+                     </DigitalId>
+                     <DigitalId>
+                        <X509SubjectName>CN=TEST of KLASS3-SK 2010,OU=Sertifitseerimisteenused,O=AS Sertifitseerimiskeskus,C=EE</X509SubjectName>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2010-03-31T09:17:00Z</StatusStartingTime>
+                  <TSPServiceDefinitionURI>
+                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
+                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
+                  </TSPServiceDefinitionURI>
+                  <ServiceInformationExtensions>
+                     <Extension Critical="true">
+                        <ecc:Qualifications>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForLegalPerson"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="atLeastOne">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">false</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                        </ecc:Qualifications>
+                     </Extension>
+                     <Extension Critical="true">
+                        <AdditionalServiceInformation>
+                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSeals</URI>
+                        </AdditionalServiceInformation>
+                     </Extension>
+                  </ServiceInformationExtensions>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">TEST of KLASS3-SK 2016: test electronic seals</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIGyTCCBbGgAwIBAgIQWwxFeuMr159YRRcFxuRXvzANBgkqhkiG9w0BAQwFADB9MQswCQYDVQQGEwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEwMC4GA1UEAwwnVEVTVCBvZiBFRSBDZXJ0aWZpY2F0aW9uIENlbnRyZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwHhcNMTYxMjA1MDcyODA1WhcNMzAxMjE3MDcyODA1WjCBjjELMAkGA1UEBhMCRUUxIjAgBgNVBAoMGUFTIFNlcnRpZml0c2VlcmltaXNrZXNrdXMxITAfBgNVBAsMGFNlcnRpZml0c2VlcmltaXN0ZWVudXNlZDEXMBUGA1UEYQwOTlRSRUUtMTA3NDcwMTMxHzAdBgNVBAMMFlRFU1Qgb2YgS0xBU1MzLVNLIDIwMTYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDLBBWlTGtbsgjmRQHKjUz7xsc4BI5Lts/l9t7seXPK5OzZiXomPK2y8y8QxslfDI9KEA0X7VAF2UPwgEDpBLXAOcD1cbijMl23Gz815TH7Lfg+ZpHDh375F1m2vlEoWX0UG7FioRM+xAsBK3EaL3HpJkN8fCSzUwgP7tCl+ivmQwTA0dAoXCib/XtTrYjYa57vHG8xMzKZvc9B4pK9DLvBe+fHbkXHEh1y1EU4AX2VE+eIcieqSHh1PtsB6/YCoSHDa8/uffWcrurbbl++QHgQC8yE6jTQyEfHcIB7ZCy1RbH4l4QtdmsuG7YpxDyBcjFjdz1h1a82GFA67ZHlZ5ogDn7xXyu2fbUBcJlj9wM2wxiyrUt6HCFky6CJhL60zEGVur4nWL/2KYedOxa4CowTv52ceGHBMuWcBHQK2egs5l8ti8oN5jLIhHe2k0dCYJa59fOf6QQv7jKeA/yfY6CmW8BWtY8knmFSOnsqEIBSbWNsYMB1+cidxyr3sTd+haTIZs1JVhS1+gFAe4xVJYDMdnU+nqIvZvNwP9fANC+Nl3h8rfdHLYIexRg8+m2lsrgVT2QOf73EJ+JS10vUI2SinVZikxltxHkA96jDWzs1kpdjKuPdei7fI1roKBhKLyUA6n7tB2XEp0E5K5v4HNXWnY7+skuyvSZxMShNgSmegQIDAQABo4ICMTCCAi0wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAcYwgfYGA1UdIASB7jCB6zCBgwYJKwYBBAHOHwcDMHYwIAYIKwYBBQUHAgEWFGh0dHA6Ly93d3cuc2suZWUvY3BzMFIGCCsGAQUFBwICMEYeRABBAHMAdQB0AHUAcwBlACAAcwBlAHIAdABpAGYAaQBrAGEAYQB0AC4AIABDAG8AcgBwAG8AcgBhAHQAZQAgAEkARAAuMAgGBmeBDAECAjAvBgkrBgEEAc4fBwIwIjAgBggrBgEFBQcCARYUaHR0cDovL3d3dy5zay5lZS9jcHMwCAYGBACPegEBMAkGBwQAi+xAAQEwCAYGBACPegEHMAkGBwQAi+xAAQMwHQYDVR0OBBYEFC4bj7sBLzT42jAEi1zB8lwl49j3MB8GA1UdIwQYMBaAFLU0Cp2lLxDF5yEOvsSxZUcbA3b+MIGIBggrBgEFBQcBAQR8MHowIAYIKwYBBQUHMAGGFGh0dHA6Ly9vY3NwLnNrLmVlL0NBMFYGCCsGAQUFBzAChkpodHRwczovL3NrLmVlL3VwbG9hZC9maWxlcy9URVNUX29mX0VFX0NlcnRpZmljYXRpb25fQ2VudHJlX1Jvb3RfQ0EuZGVyLmNydDBDBgNVHR8EPDA6MDigNqA0hjJodHRwczovL3d3dy5zay5lZS9yZXBvc2l0b3J5L2NybHMvdGVzdF9lZWNjcmNhLmNybDANBgkqhkiG9w0BAQwFAAOCAQEAWwdrvtnroOs0VHJWGJTKBclIZhxqmMWmy0Wt/cmblAT4NV0mcWGKwGj4F2S1tUnsw9x4zbpPy0GX0knKVeC76MnwbgjjjjQDs9DPc+CmLz3RMGqiw1ZIXvvXnoUiaB9vH6Xekm7McvIUTZtRjKIgFK6IzU2P5YGl5OMJ8TFhhtH0Jwo/0pyJqM9W0hmMdSMOHTwtqHnBQGjn0KQ5+zDtgVy6rt8bn44yuKXUIdYOFMrhK9nE/D8c7sOEbcDbr1n+rLFS0ov2xMcySIa99Rk5HaCsfvQAz5RQx38gJ9Hu/Ah9AVuMBfNyyrgYzRu93dc/+XX2h/Oe2s4LuJUDvm1aFw==</X509Certificate>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2017-06-30T06:00:00Z</StatusStartingTime>
+                  <TSPServiceDefinitionURI>
+                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
+                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
+                  </TSPServiceDefinitionURI>
+                  <ServiceInformationExtensions>
+                     <Extension Critical="true">
+                        <ecc:Qualifications>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCQSCDStatusAsInCert"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:PolicySet>
+                                    <ecc:PolicyIdentifier>
+                                       <xades:Identifier>0.4.0.194112.1.3</xades:Identifier>
+                                    </ecc:PolicyIdentifier>
+                                 </ecc:PolicySet>
+                                 <ecc:Description>Any certificate that is issued under the CA/QC Sdi certificate and that is issued as a QC (i.e. containing a QcCompliance statement) and having its Certificate Policy PolicyIdentifier OID set as 0.4.0.194112.1.3, is to be considered as supported by a QSCD. They are issued for digital stamping according to eIDAS regulation</ecc:Description>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForLegalPerson"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="atLeastOne">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">false</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:Description>Any certificate issued under the CA/QC Sdi certificate and is issued as a QC (i.e. containing a QcCompliance statement) is to be considered as issued to a Legal Person</ecc:Description>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:Description>All certificates issued under this CA/QC service that have nonRepudiation bit set exclusively are issued as qualified certificates</ecc:Description>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForESeal"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:Description/>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                        </ecc:Qualifications>
+                     </Extension>
+                     <Extension Critical="true">
+                        <AdditionalServiceInformation>
+                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSeals</URI>
+                        </AdditionalServiceInformation>
+                     </Extension>
+                  </ServiceInformationExtensions>
+               </ServiceInformation>
+            </TSPService>
+            <TSPService>
+               <ServiceInformation>
+                  <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/TSA/TSS-QC</ServiceTypeIdentifier>
+                  <ServiceName>
+                     <Name xml:lang="en">CN=libdigidocpp Inter,C=EE</Name>
+                  </ServiceName>
+                  <ServiceDigitalIdentity>
+                     <DigitalId>
+                        <X509Certificate>MIIDeDCCAmCgAwIBAgIBAzANBgkqhkiG9w0BAQUFADAnMQswCQYDVQQGEwJFRTEYMBYGA1UEAxMPbGliZGlnaWRvY3BwIENBMB4XDTE0MDMyMzIzMTM0OVoXDTI0MDMyMDIzMTM0OVowKjELMAkGA1UEBhMCRUUxGzAZBgNVBAMTEmxpYmRpZ2lkb2NwcCBJbnRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN6EPZ6Dg8D+VjK6lakSh1MdZzuunt0p/5EEJEW/wNJIPFK4CWTMDvYD1aiVP7Kh+WmJV+l3lck0vAyPUnPjXQrbucz0V+1DaBhOnairMhK04gJ2fYktNr90atyz/mQJroiyHdncToeW7iSbro8d2P9BSLfIM6o/yjNasYAWfcrG4/biGTYW/YqN2fad605T8tLYgReNET84qFQV4L34mUdY8PLDg/kaJL6iYC337u5UfNl6qEdg1zU/8jD1c1YPL1duF+J2JK3YbLizjKkBAQRGpY3Emk984lV6fQBfgCEwbO1yecOXL9jFXIGp9aZNjVLtQuPu/Yfz120rMx8qlEcCAwEAAaOBqzCBqDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUWp//2G24RVxM2GM5/6mJ9lYq2PEwHwYDVR0jBBgwFoAUPsJJGbvIsF9JdKFutxdtIX28DAgwRQYIKwYBBQUHAQEEOTA3MDUGCCsGAQUFBzABhilodHRwOi8vd3d3Lm9wZW54YWRlcy5vcmcvY2dpLWJpbi9vY3NwLmNnaTANBgkqhkiG9w0BAQUFAAOCAQEARxDvfF4LvUlAHhxzOEygk+gFishTUrzsaaZ9NFgo7yLrejjyzM3RRZQTkFfru9Xr0DmxCfh4pgFBHlW4csDmufQOFTtJTf3Qvuh+EnM+WGtMsNZaHwuEpVlI64WYgbM1UOD71BswvJ/drZ6b0xmlJQwjLMn6f8ET10w+eTcWF2rPfaod8Rj0JPSJPPLYm6FOgJzHuB3p4h+uBx2kh1a64PD3/jGvz8r2ZUHXdkQD+mz6UJPj6cxsmzcTu3k1RVX+kPgjQvJ6PjQQJyAL3UGYIb0cYZIcEZ3gHErtZ9HQS2zJXtlMrlnpwAWi3xiw015hz4KyPJvQOKxyX2/TIatCpA==</X509Certificate>
+                     </DigitalId>
+                  </ServiceDigitalIdentity>
+                  <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
+                  <StatusStartingTime>2010-03-31T09:17:00Z</StatusStartingTime>
+                  <TSPServiceDefinitionURI>
+                     <URI xml:lang="en">https://sk.ee/en/repository/CP/</URI>
+                     <URI xml:lang="et">https://sk.ee/repositoorium/CP/</URI>
+                  </TSPServiceDefinitionURI>
+                  <ServiceInformationExtensions>
+                     <Extension Critical="true">
+                        <ecc:Qualifications>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCForLegalPerson"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="atLeastOne">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">false</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCWithSSCD"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                           <ecc:QualificationElement>
+                              <ecc:Qualifiers>
+                                 <ecc:Qualifier uri="http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/QCStatement"/>
+                              </ecc:Qualifiers>
+                              <ecc:CriteriaList assert="all">
+                                 <ecc:KeyUsage>
+                                    <ecc:KeyUsageBit name="nonRepudiation">true</ecc:KeyUsageBit>
+                                 </ecc:KeyUsage>
+                              </ecc:CriteriaList>
+                           </ecc:QualificationElement>
+                        </ecc:Qualifications>
+                     </Extension>
+                     <Extension Critical="true">
+                        <AdditionalServiceInformation>
+                           <URI xml:lang="en">http://uri.etsi.org/TrstSvc/TrustedList/SvcInfoExt/ForeSignatures</URI>
+                        </AdditionalServiceInformation>
+                     </Extension>
+                  </ServiceInformationExtensions>
+               </ServiceInformation>
+            </TSPService>
+         </TSPServices>
+      </TrustServiceProvider>
+   </TrustServiceProviderList>
+<ds:Signature Id="S0"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#TEST-EE"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>t65aSUu4OMp9MylQUfJzmO6/qBD5NEYPZ4V1j2JG7tc=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>UHfgbifUebApTRtasmuqWr1kGKs3jmlkKEKxssZIR2c=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>dDAc08OxAiq8hrbTDhJEwkpQRG3doypxKAFglpj6Nce6fl21F3cergC1ZBf5CYD5QAyk+BHCM9fd
+V6pPOpXTgLHQ7BxD+u+vQ2rURlcbTuCpT0CCBU5VaZ0uf7wPzrCXbVJPs3uWwQOGbhXvNFcoIF5r
+dy98ABHsPYo70yoYi31gjfNinQpKxjUmgovC/HmstK0wi8GHGAWEOATITJQNLoN5BBPqGNdHDPS9
+Shg1KGmc6Dwe8SmkGRgfjHWrjImTYRK+PH+wmQSvKqZuuq+Oxtt58Flp3Ir5KoqYOIU7zNxrJQeE
+QKDimq+qV2pPX1feoKsyGnMfNqcZrg0iciFAjzD8wPD0KkHepAEYfqJ4Zd0qlTCRVs7B63brnxgT
+/Z0yUgjAFVFb/iqZjp0b6I+7QL1NyDoKH9P3+woH9suO6r2WGCozoQoyDwS52WJas9iJnr4gRPV4
+xm7HT72ZlZ6HLcqWU2lEU31XaCpR1rh7xZZCIqLpyrnhC3jBmYVuSCRIRSMKCPzNUsOW48fd3FIX
+CH258t4DSQTpEDkCxtD/UEe89LaeZpirEkCgl/nLgQajSoP7v9xw4P5M4sQideOHL2s8I2NcRrZH
+bkv3WmO+2ZBZayI4nTQzLuLYRoVxGSszBHaUyN7WeyXHrnB6wrQ5qSGtSIZBxL7odww+SYW57TQ=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE
+AwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJF
+RTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0f
+YeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sT
+NS9U3WQYvY8bEstPZnaEvdQSSVRf4j9eVg+RTJ8Y4jjZ02GbLwrpELD2Qs+ohCl8e64G29qutchv
+6nJqOdbL5U+d6DKyrzSpZyMRPA+UmB78KsBTs0o3wME7IA9J37YgtpUZifcC4LdgTWrX2eBICGPq
+i7GGKzdnI5LDhCJZnHwzva+6lBwa8fW5aXQG69uPTFmd/pNNF6+8f2FcYGljQiD6FYVKAUfYRBlw
+9ymKaIbNmyh9bs71ezPrI4ltOLjmZLZFRouSIaeExfzj2FkWERNG/iAuEIRolyyXjqjiQIuiEi8u
+o6sg1cPrD59EuWtTcMzTxuhVU8Ra37F6DrMEipqh84zQcnT0i/RNk4K723aB9uWwHJgJ5Y2/6cbt
+a7ZkYsfQfjBC4nBRVyUlBCpEFYNePbKttYF5Cf5FraMlGzAY0W/MSIUxvRmlkjCzBod4LA+K/hQx
+Eiw7Xa8OAZfw9l9lmSnia+fgRz3fLKxg3yklw6rA/2aISb83uVRvxgqKym3EeJ/+CsOQpwOblEBx
+WfQizah1Ct4NhsuKLmBbopxAXLqz25E+3BvvsM4nuwWVfoyvTVXYQ+k4V/hj2iS5buJ5twIDAQAB
+MA0GCSqGSIb3DQEBBQUAA4ICAQAGTw5MJurTeeWy+jQikGfivrxt9lzqt+uSV8D6V1GBzBAl8m4S
+qSY0U8KM/gtqh9bhmQwm0qgx/mKcDKzCUKajXPKm/NbR+pjZD9Lcx4Iy0iqi9rsxSKECGM2dYAmm
+7GXnXvz9QUxZjteTgYoRP2s6GfosvTQiUEr/cIrYAU3wC0/94pRb9/FLVVon/aVdsh+Dqb4j7BhK
+LzXNCNjkv1Sv/YL1zpe/2SPxe0Bfymys97lcu1DB01e/MLfqQJThYOblMte/zGNZO24HcvROIkyo
+UtYy5/H4F5rsamSGMNdBfauTtYxz7lOT7qQoDNyGMN9bfjWnkVi/lV2CVooeiHIs7wLWEhYmU9Di
+AzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzo
+YDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLL
+Fh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYR
+G1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIb
+YBI4oaPjh2zKIrz/AlY2RmqMMA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties Target="#S0"><xades:SignedProperties Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2024-07-08T11:06:07Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object></ds:Signature></TrustServiceStatusList>
\ No newline at end of file
diff --git a/test/data/EE_T-CA-withdrawn-granted-before.xml b/test/data/EE_T-CA-withdrawn-granted-before.xml
index a9ca13d18..234283815 100644
--- a/test/data/EE_T-CA-withdrawn-granted-before.xml
+++ b/test/data/EE_T-CA-withdrawn-granted-before.xml
@@ -75,7 +75,7 @@
             </AdditionalInformation>
          </OtherTSLPointer>
       </PointersToOtherTSL>
-      <ListIssueDateTime>2020-12-11T10:36:28Z</ListIssueDateTime>
+      <ListIssueDateTime>2024-07-08T15:00:16Z</ListIssueDateTime>
       <NextUpdate>
          <dateTime>2027-08-20T21:00:00Z</dateTime>
       </NextUpdate>
@@ -127,7 +127,7 @@
                      </DigitalId>
                   </ServiceDigitalIdentity>
                   <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
-                  <StatusStartingTime>2016-11-28T01:00:00Z</StatusStartingTime>
+                  <StatusStartingTime>2013-04-23T01:00:00Z</StatusStartingTime>
                   <TSPServiceDefinitionURI>
                      <URI xml:lang="en">http://sk.ee/en/repository/CP/</URI>
                   </TSPServiceDefinitionURI>
@@ -182,7 +182,7 @@
                         </DigitalId>
                      </ServiceDigitalIdentity>
                      <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/withdrawn</ServiceStatus>
-                     <StatusStartingTime>2016-11-27T22:00:00Z</StatusStartingTime>
+                     <StatusStartingTime>2013-04-22T11:49:30Z</StatusStartingTime>
                   </ServiceHistoryInstance>
                   <ServiceHistoryInstance>
                      <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
@@ -627,15 +627,15 @@
          </TSPServices>
       </TrustServiceProvider>
    </TrustServiceProviderList>
-<ds:Signature Id="S0"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#TEST-EE"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>1Be6Pb83gRGV1D35y8eXFtj/OveFEsGr9bnwIs9xkYA=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>lYHBnQ/i/q/Tr3aaUjLihMIGaizr7XhEeeWq7MugID4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>qll7tfZTzta+xfv1hLE56JuUPuSimdqKJpjXCvyGQ3cZH9OjPm+qjbMserUJUDYoW9P77cgKmQRO
-Tz1kl/TTNFD6gLG33NutjBF+aPQVUQePymoSV2A81/eWbjweX+qDt3MUlla7RRfn045JXbTZJha3
-UMsB85R6BQDx1KLksqU7jgYxRaJx0ikPuuWC9Voftew6VutwAVvke0eLQwhxDZ7ppkQt2cZdZ1fZ
-2JY4UPCKgpGjB5j7Z5r/krbs6tnYey09zmtix7uh8ocvl9srhbwz1tUab3ezbfWYmQz1VnGVxyL2
-ueV8pyIWZHRQTvIpzXXjtoxHz2w45VUShgW/6+UcubtEPS59MNBXW3LLJeRGiwuDVvuz0ZwpLB2h
-rNPcnGI1TePG5Tu1z46VVr/mNw9RvEY37h7asZKGMtnj1b9GBR/Ma36M1RVAl9vldTJwWhXuHkGm
-Vi2T+YSAt6qpVE822f12kdW93uWFQENj9glwYZowRFa7e3238gKOyBKM0RsukIb0Kye4zk37HacB
-1j8ibL0AaICc+8fhSDkmVsVvsKu1P98zvYLiUn1/uxVD/e5BDW9DACTAWRoxSZ+34Z1n9heny5j5
-/joEZwN4Y67nz2IVENG9+0DHAGnG53NTjCMcHj8RhwkNmcss13+KZK1h9bsAebkMUM5g8N8ICjs=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE
+<ds:Signature Id="S0"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#TEST-EE"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>5eoz49jlgdIxmRrbCBqv7P+X3zBICURg9tQKfe0Bucg=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>SnRrOVKoFum1PAJ55DnL2/V+COIkV30S+Ew3Ic/+od8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>KCstB1+y35pqsyBdDAS6LdiRmRzzK59G2/AeizVHXa6Hk73fFYbLFn4snisDEReeWmzzHSpnksRP
+BM1aGQ+nenq6K3NMgrlipjopoCmVCbmz/2bJ/8Lvf6WOSh6dcmNXMqkxSXrLnw8UHJBN/+ScGSQj
+Fy5vgx5J0WGZI2PKdd6FuWOhvKm1MzPlmuh7BjqX9jQpKt5aiJUBSxXEOjzKSmFRJA9mK5gVShLZ
+BSzABSzHuGyj6pmevHhn/+vVbyUgNVeLPmbSOiFChMOuAt17geb1gZviqUc2UemvvX20oIk40liZ
+juayyOeP1raB1VVDTtcWgCDoNAUXBglr3sPYeo/u1bNFbAsC0vOF6v998KmORjC+1Q/CScJwiFey
+zoDxIhbCzVs5cVG44tLVcFDUODUveS59zveCttVKZTnrFCeimMc1cql1Lbx8i/3/nTqL1iQ2MTr0
+ARe2sHlhrPjVs9vaNgkOx7aXdeIEjYlCqkhN3xbBBfGeKD6uY2YqsFOPGKPCGQB8+ykqSbsGrWI0
+R4yp6k2m9a2gpy953RBPy+4wcH38S153ugL1izXNaZT06+WPBZgGvHPa090t0XYjS790I1GEgwg6
+2RZvjW7n0NV1vC24qIcB8MFQ3Z1sPuiZgcP/891+vVTxzXPV1qDn54oE1xOQFwKgUdKnVWRrJ04=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE
 AwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJF
 RTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0f
 YeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sT
@@ -656,4 +656,4 @@ AzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzo
 YDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLL
 Fh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYR
 G1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIb
-YBI4oaPjh2zKIrz/AlY2RmqMMA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties Target="#S0"><xades:SignedProperties Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2020-12-11T08:36:28Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object></ds:Signature></TrustServiceStatusList>
\ No newline at end of file
+YBI4oaPjh2zKIrz/AlY2RmqMMA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties Target="#S0"><xades:SignedProperties Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2024-07-08T12:00:16Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object></ds:Signature></TrustServiceStatusList>
\ No newline at end of file
diff --git a/test/data/EE_T-CA-withdrawn-granted-later.xml b/test/data/EE_T-CA-withdrawn-granted-later.xml
index 937e87730..e5e7c2ab0 100644
--- a/test/data/EE_T-CA-withdrawn-granted-later.xml
+++ b/test/data/EE_T-CA-withdrawn-granted-later.xml
@@ -75,7 +75,7 @@
             </AdditionalInformation>
          </OtherTSLPointer>
       </PointersToOtherTSL>
-      <ListIssueDateTime>2020-12-11T10:36:29Z</ListIssueDateTime>
+      <ListIssueDateTime>2024-07-08T14:59:20Z</ListIssueDateTime>
       <NextUpdate>
          <dateTime>2027-08-20T21:00:00Z</dateTime>
       </NextUpdate>
@@ -127,7 +127,7 @@
                      </DigitalId>
                   </ServiceDigitalIdentity>
                   <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/granted</ServiceStatus>
-                  <StatusStartingTime>2016-11-29T01:00:00Z</StatusStartingTime>
+                  <StatusStartingTime>2013-04-24T11:49:30Z</StatusStartingTime>
                   <TSPServiceDefinitionURI>
                      <URI xml:lang="en">http://sk.ee/en/repository/CP/</URI>
                   </TSPServiceDefinitionURI>
@@ -182,7 +182,7 @@
                         </DigitalId>
                      </ServiceDigitalIdentity>
                      <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/withdrawn</ServiceStatus>
-                     <StatusStartingTime>2016-11-27T22:00:00Z</StatusStartingTime>
+                     <StatusStartingTime>2013-04-22T11:49:30Z</StatusStartingTime>
                   </ServiceHistoryInstance>
                   <ServiceHistoryInstance>
                      <ServiceTypeIdentifier>http://uri.etsi.org/TrstSvc/Svctype/CA/QC</ServiceTypeIdentifier>
@@ -627,15 +627,15 @@
          </TSPServices>
       </TrustServiceProvider>
    </TrustServiceProviderList>
-<ds:Signature Id="S0"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#TEST-EE"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>5zcz+hBh7Fr37DA77Xv4bPiij/isTwQz8Q4Kf+LXxT8=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>HC+E9uid2ys39YsCEDKN7resLtxvOIOf/Y8AN4iPyWo=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>2qoq/9eQvEr9VPhN98/DY+XOm33ALTUZ552rrDEcfs73BiCnND3SEZuoyyG+ULW/RHa6GhGoBRF0
-RvVd4bPMA33mVTg//qA+k+F+wqekWKX+u73C9tBTqfboq5oG0O3moGfAoWeNsLhWJbJBEL2FWHhn
-6PVXf41Ftf5VaevfK1Mq/JhYTpqMXHaacoNQ/zVPkuhinHqjgWIM1jeK7L7tqupw6J+1CNKeEjvJ
-Girt3sxomz0zUroSbdBcxm1YXUrbBuNvk0M7kDkJJlpIzzotVFYsbYRitpW2csXCbFpO4urN1CHP
-fPIPBG1UaW/YY1ggrWlsUsBfT+CHnMTGmEYh2peyqMLnCrpVRc7x14d4ZcPUUPIwTl3NtvkA2VDR
-327ddR1rvR9BVgtFwDtsNZd35WwLPkqBSDfC2cIUTukQD+FfaSGnfYpmxhcB1vJNpF7rs78TiF2s
-g7SxvU3BDZxWmUxDQGcX4LG5EFHPCNcPf/fiMea5G8dRCapXIrIGmFtWumvbNAdcLef/+PwioQV1
-Fp7VLTZLGr6fCrsESM92gMbjdR4uitVixXSKao7slZdNNBuS267/TL89s57BrkFszypMlqWEwawr
-3IESikq+SkM0AoKukKcU1Tj8aBxs2tQ389tzAYLSfrevZ2zIRZ46TeCYVSwL9j3+efxfJcrYmsM=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE
+<ds:Signature Id="S0"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#TEST-EE"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>5X+DKzZFHzD0jrbdYMuRV0FI9Rtk0GDSrdn1THQ6/VM=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>J/jgHjLvAY0xsw5jKuCeNaJ7KyS6mlaikJ9uftyjw6s=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>sjZO9YeudvIEdjLmHpK2GAMrNsPbMEVfM0slJugA7NhlGUvNsPmkDRp6qbND82h/s33apZ1izGvZ
++oGKD3iI3ZyYNeldABZor6J2JCldtFTAdnbCD4ShVeJ4A9YWRn790CX3D0WhYW/MG27Ww/zhDDmm
+/xIA13XPqIvBkM+dTADexfzy2UoUCd7+w/Bw3GqghA4XVaFewNQwAqw4Tbs8aWQwZ9bnWRR5T2eT
+liVqrtMhByWdmrDR/Ttb5nr9MZHogepaPmMsx5JBcBl7N9wTUGnoJZWaDRxWWfkFLbyqnXS3tob7
+02411tMutTsN24mOvx/Ax+d3jn+U9ly4bzzu92SsF+TrLuaTgoxOlEm29dFjC+MRHCgJn7AGCJj0
+N3S/+9VfeUeQ8lyzKL4qXpC6Y9OPW5Tu05Aa2yAD4DSqwd2jL05OUHUBHyRFFyWsCd2veSuXs74W
+0w8oVN3TpariC4TCYRFjNfZDVVtSqWFLC6po2w/1a1/EwfdT/N8HVMjsDwB1JJvAqE78//1pMgA/
+3482K1OPxSSOu3RPiB9z4jK45w0AAI3ZHCrJtbBcp23LAG5DOxJegUjZhixNjiqtssVtFU8IE37v
+wRoJrghOD28Nxl4OXjEM5MI4HfQSLitP3c5b45d1qtzdaL4/ulMRKTnBmiTcRrhBUsjwUR1l/w0=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE
 AwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJF
 RTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0f
 YeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sT
@@ -656,4 +656,4 @@ AzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzo
 YDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLL
 Fh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYR
 G1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIb
-YBI4oaPjh2zKIrz/AlY2RmqMMA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties Target="#S0"><xades:SignedProperties Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2020-12-11T08:36:29Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object></ds:Signature></TrustServiceStatusList>
\ No newline at end of file
+YBI4oaPjh2zKIrz/AlY2RmqMMA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties Target="#S0"><xades:SignedProperties Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2024-07-08T11:59:20Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object></ds:Signature></TrustServiceStatusList>
\ No newline at end of file
diff --git a/test/data/EE_T-CA-withdrawn.xml b/test/data/EE_T-CA-withdrawn.xml
index 4a58cdb7f..976bca9bb 100644
--- a/test/data/EE_T-CA-withdrawn.xml
+++ b/test/data/EE_T-CA-withdrawn.xml
@@ -75,7 +75,7 @@
             </AdditionalInformation>
          </OtherTSLPointer>
       </PointersToOtherTSL>
-      <ListIssueDateTime>2020-12-11T10:36:29Z</ListIssueDateTime>
+      <ListIssueDateTime>2024-07-08T14:58:00Z</ListIssueDateTime>
       <NextUpdate>
          <dateTime>2027-08-20T21:00:00Z</dateTime>
       </NextUpdate>
@@ -127,7 +127,7 @@
                      </DigitalId>
                   </ServiceDigitalIdentity>
                   <ServiceStatus>http://uri.etsi.org/TrstSvc/TrustedList/Svcstatus/withdrawn</ServiceStatus>
-                  <StatusStartingTime>2016-11-27T21:00:00Z</StatusStartingTime>
+                  <StatusStartingTime>2013-04-22T11:49:30Z</StatusStartingTime>
                   <TSPServiceDefinitionURI>
                      <URI xml:lang="en">http://sk.ee/en/repository/CP/</URI>
                   </TSPServiceDefinitionURI>
@@ -611,15 +611,15 @@
          </TSPServices>
       </TrustServiceProvider>
    </TrustServiceProviderList>
-<ds:Signature Id="S0"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#TEST-EE"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>bSGQxOPC6bL6YVWxepwIPRsyLkXiXfNM6x+2DTXRKY0=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>HC+E9uid2ys39YsCEDKN7resLtxvOIOf/Y8AN4iPyWo=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>I2Dhb65fKWaQfhOg+NO4+TBH4kVPeYD4XFzdCTOOYqQ0gBpAovAS3rW6cTn+GvEun/sUefViIE6H
-P/LboL3EvtmBrvHOCY/fxj9k3MyHsdK8JyDigMXiu1V2+/JIHZWX74IWHqR/UVbTQ4r6yxdljNaN
-UdJN2kOPvubj5mTNTtC8mSugw8j5TBK5/BPaVzXxd2w8iD275q0NWYn1I2tM4KMZ2hzj1um+D/h+
-8bKnu0gyW9bC+zh3CelgiYSwNse4SUPH2r9l1ndNPXzqBmIz8U/lwD/F75f60WwSrfV+fjYbZ7HR
-sr/BwG5Ka8m46YxfQjRnSVjzQCybwp7u1sD5fbM7K8fuLDUSkvU+TVNT09BKUsyJMLaHBGvoCGqq
-tF3/8kTJUo36FXkQOqXK/iegKTxRAO8sSnppYJgiltTB75HeQgyEI6c1QEDOeUXlljaQtycga1rx
-eyuRNP3I0SgPlPaTNihdqDQk814u7hJQz0J71MSWsUJp+EUlbhbCbCXXz3llhOXOaMEr3Ep+/O3Y
-BpDFJAq6N5t/4bpSHxnwProRnR/1N6F9/JFTINEaI+jMoDTRQXmNen4c/6yYvyHILV92PnR3HZVT
-cfVIuTbcEFZVQpaBd2s5VJYiMdgvUjNMWvyUZc8mgPdeGV2imLU12wg88CZStwlxZQGgTZrMpso=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE
+<ds:Signature Id="S0"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#TEST-EE"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>xbL8Cj+bzOj37r8G3x/tqXhxR7uhoRCBw8ljw7eBWtY=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#SignedProperties"><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>4KekkQp+xPo/SAu5UQ2L3e2jxmjr5iMYIQMdhV1xHfM=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>wyk8SWOe/JRO5a4xlj6WPYL/Lbz9TMqOjaUS4W61hxUQZO2ugqZ0yjmmcRcZXB5jL/CgUtwCeDZI
+chPH7ZbyLR6Ev35Yg6warJ4kvST4P9s69VUKzpBlLvkoO9xf+lREeO6bkFFoRYiKaq/SjmH9pf7c
+KLO1s/PrhvWUucYn5TzWnNwTd/B+oL+X2SuGpKdz/CTGPel8zx7dXUTac2BEir+VHSg5O5KuICLc
+hN3CbHLEYocHHYeQNoMYl64fNHoUu4yn067gUdVT0VT2zUzLrIwAId6JF8tjZe7zDZJyPIMIvw+t
+bwzs0/FCJokhF+Siwb9+iN5lg5iEcQTWa631lKP3uTB40T3l/QxsGos9K76hXvjR5rWy0GeU0q27
+9xz0RmTv2ipGe8ebDz4S0Vp/vV4WM9pr5psl3MTqGdIfoxsl64uY0L2zuyuSwbRwMiZHiBlssVJ7
+AYezzhi4+9rB1Chyjdm5RqmcePDWwEXNFZk1s12zs9XJKvOwmbZyVG8aP4Papxt3+o/iR2NH5zcg
+vamgGB/UDoPhHpEahKd/uQP6rL/duBIkbl38GcCNLHFXV+osSxbZzMidXKNnIAtS9EaXbiTRdM6V
+HyPclZ9ma9rDoylPNrx7kSkl7q5lrLdFP4r7hW+Oi8kFRUMzEq+Zr/hbXk2l6OJP7pbLZTW1+eI=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIEvDCCAqQCCQCL/COUVyiGjTANBgkqhkiG9w0BAQUFADAgMQswCQYDVQQGEwJFRTERMA8GA1UE
 AwwIVGVzdCBUU0wwHhcNMTgxMTE1MTI1MjU1WhcNMjgxMTEyMTI1MjU1WjAgMQswCQYDVQQGEwJF
 RTERMA8GA1UEAwwIVGVzdCBUU0wwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDfFK0f
 YeGrdngMZXZndDEpcl9pjGGNpbie3+ch5mDqObUe+OL45b4+SfPapriVRNBa+m5T1TuijP7Kb8sT
@@ -640,4 +640,4 @@ AzcmODU9uMRRBlGOWK8UQg05exc518heICmudSbgSyQLGqzVoI4kybhmBA3w93KEXJSXlnU7hBzo
 YDP2d1g46Ay59UtvLycS1kxe0jVjxxRnh/f9aPbMwUYBzEC0naUzMeJtElHLHgW4HT6PLgFImgLL
 Fh8dnYJUzn35wz10g3YBA61YUJuODpapKHixn/2X/t/8Vf1vqr/VwiwUglNQj+P78Fdb3T56JsYR
 G1bdf6nz5dvv4qtLoG+OjPI/tiLjh2ktqaMjeVmlQFchy/C5Lr48d9IGmo+x2ECYSWVvwzxI7PIb
-YBI4oaPjh2zKIrz/AlY2RmqMMA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties Target="#S0"><xades:SignedProperties Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2020-12-11T08:36:29Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object></ds:Signature></TrustServiceStatusList>
\ No newline at end of file
+YBI4oaPjh2zKIrz/AlY2RmqMMA==</ds:X509Certificate></ds:X509Data></ds:KeyInfo><ds:Object><xades:QualifyingProperties Target="#S0"><xades:SignedProperties Id="SignedProperties"><xades:SignedSignatureProperties><xades:SigningTime>2024-07-08T11:58:00Z</xades:SigningTime><xades:SigningCertificate><xades:Cert><xades:CertDigest><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>nk6Dlz6rjsOp9TaNXJg0RNj/m53oC7RGzdDHcZ7jrfo=</ds:DigestValue></xades:CertDigest><xades:IssuerSerial><ds:X509IssuerName>CN=Test TSL, C=EE</ds:X509IssuerName><ds:X509SerialNumber>10086976385427474061</ds:X509SerialNumber></xades:IssuerSerial></xades:Cert></xades:SigningCertificate></xades:SignedSignatureProperties></xades:SignedProperties></xades:QualifyingProperties></ds:Object></ds:Signature></TrustServiceStatusList>
\ No newline at end of file
diff --git a/vcpkg.json b/vcpkg.json
index 47f688fcd..8d31818e4 100644
--- a/vcpkg.json
+++ b/vcpkg.json
@@ -7,6 +7,7 @@
         "name": "libxml2",
         "default-features": false
       },
+      "xmlsec",
       "zlib"
     ],
     "features": {
@@ -16,7 +17,8 @@
     "vcpkg-configuration": {
         "overlay-ports": [
           "patches/vcpkg-ports/openssl",
-          "patches/vcpkg-ports/xml-security-c"
+          "patches/vcpkg-ports/xml-security-c",
+          "patches/vcpkg-ports/xmlsec"
         ],
         "registries": [
           {