diff --git a/docs/static/openapi.yml b/docs/static/openapi.yml
index 54014917b..7da3e0926 100644
--- a/docs/static/openapi.yml
+++ b/docs/static/openapi.yml
@@ -10705,6 +10705,8 @@ paths:
                     schemaVersion:
                       type: integer
                       format: int64
+                    crlSignerDelegator:
+                      type: string
               pagination:
                 type: object
                 properties:
@@ -10863,6 +10865,8 @@ paths:
                         schemaVersion:
                           type: integer
                           format: int64
+                        crlSignerDelegator:
+                          type: string
         default:
           description: An unexpected error response.
           schema:
@@ -10935,6 +10939,8 @@ paths:
                   schemaVersion:
                     type: integer
                     format: int64
+                  crlSignerDelegator:
+                    type: string
         default:
           description: An unexpected error response.
           schema:
@@ -21841,6 +21847,8 @@ definitions:
       schemaVersion:
         type: integer
         format: int64
+      crlSignerDelegator:
+        type: string
   zigbeealliance.distributedcomplianceledger.pki.PkiRevocationDistributionPointsByIssuerSubjectKeyID:
     type: object
     properties:
@@ -21881,6 +21889,8 @@ definitions:
             schemaVersion:
               type: integer
               format: int64
+            crlSignerDelegator:
+              type: string
   zigbeealliance.distributedcomplianceledger.pki.ProposedCertificate:
     type: object
     properties:
@@ -22284,6 +22294,8 @@ definitions:
             schemaVersion:
               type: integer
               format: int64
+            crlSignerDelegator:
+              type: string
       pagination:
         type: object
         properties:
@@ -23029,6 +23041,8 @@ definitions:
           schemaVersion:
             type: integer
             format: int64
+          crlSignerDelegator:
+            type: string
   zigbeealliance.distributedcomplianceledger.pki.QueryGetPkiRevocationDistributionPointsByIssuerSubjectKeyIDResponse:
     type: object
     properties:
@@ -23072,6 +23086,8 @@ definitions:
                 schemaVersion:
                   type: integer
                   format: int64
+                crlSignerDelegator:
+                  type: string
   zigbeealliance.distributedcomplianceledger.pki.QueryGetProposedCertificateResponse:
     type: object
     properties:
diff --git a/docs/transactions.md b/docs/transactions.md
index d918935d7..37838a026 100644
--- a/docs/transactions.md
+++ b/docs/transactions.md
@@ -1007,7 +1007,7 @@ Publishes a PKI Revocation distribution endpoint (such as RFC5280 Certificate Re
 
 If `crlSignerCertificate` is a PAA (root certificate), then it must be present on DCL.
 
-If `crlSignerCertificate` is a PAI (intermediate certificate), then it must be chained back to a valid PAA (root certificate) present on DCL.
+If `crlSignerCertificate` is a PAI (intermediate certificate) or delegated by PAA, then it must be chained back to a valid PAA (root certificate) present on DCL.
 In this case `crlSignerCertificate` is not required to be present on DCL, and will not be added to DCL as a result of this transaction.
 If PAI needs to be added to DCL, it should be done via [ADD_PAI](#add_pai) transaction.
 
@@ -1024,7 +1024,8 @@ and DACs (leaf certificates) added to DCL if they are revoked in the CRL identif
   - pid: `optional(uint16)` -  Product ID (positive non-zero). Must be empty if `IsPAA` is true. Must be equal to a `pid` field in `CRLSignerCertificate`.
   - isPAA: `bool` -  True if the revocation information distribution point relates to a PAA
   - label: `string` -  A label to disambiguate multiple revocation information partitions of a particular issuer.
-  - crlSignerCertificate: `string` - The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data.
+  - crlSignerCertificate: `string` - The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data. Please note that if crlSignerCertificate is a delegated certificate by a PAI, the delegator certificate must be provided using the `crlSignerDelegator` field.
+  - crlSignerDelegator: `optional(string)` - If crlSignerCertificate is a delegated certificate by a PAI, then crlSignerDelegator must contain the delegator PAI certificate which must be chained back to an approved certificate in the ledger, encoded in X.509v3 PEM format. Otherwise this field can be omitted. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data.
   - issuerSubjectKeyID: `string` - Uniquely identifies the PAA or PAI for which this revocation distribution point is provided. Must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters., e.g: `5A880E6C3653D07FB08971A3F473790930E62BDB`.
   - dataUrl: `string` -  The URL where to obtain the information in the format indicated by the RevocationType field. Must start with either `http` or `https`. Must be unique for all pairs of VendorID and IssuerSubjectKeyID.
   - dataFileSize: `optional(uint64)` -  Total size in bytes of the file found at the DataUrl. Must be omitted if RevocationType is 1.
@@ -1037,7 +1038,7 @@ and DACs (leaf certificates) added to DCL if they are revoked in the CRL identif
   - `pki/RevocationDistributionPoint/value/<IssuerSubjectKeyID>/<vid>/<label>`-> Revocation Distribution Point
 - CLI command:
   - `dcld tx pki add-revocation-point --vid=<uint16> --pid=<uint16> --issuer-subject-key-id=<string> --is-paa=<bool> --label=<string>
-    --certificate=<string-or-path> --data-url=<string> --revocation-type=1 --from=<account>`
+    --certificate=<string-or-path> --certificate-delegator=<string-or-path> --data-url=<string> --revocation-type=1 --from=<account>`
 
 #### UPDATE_REVOCATION_DISTRIBUTION_POINT
 
@@ -1053,7 +1054,8 @@ Updates an existing PKI Revocation distribution endpoint (such as RFC5280 Certif
   - vid: `uint16` -  Vendor ID (positive non-zero). Must be the same as Vendor account's VID and `vid` field in the VID-scoped `CRLSignerCertificate`. Must be the same as a `vid` associated with non-VID scoped `CRLSignerCertificate` on the ledger.
   - label: `string` -  A label to disambiguate multiple revocation information partitions of a particular issuer.
   - issuerSubjectKeyID: `string` - Uniquely identifies the PAA or PAI for which this revocation distribution point is provided. Must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters., e.g: `5A880E6C3653D07FB08971A3F473790930E62BDB`.
-  - crlSignerCertificate: `optional(string)` - The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data.
+  - crlSignerCertificate: `optional(string)` - The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data. Please note that if crlSignerCertificate is a delegated certificate by a PAI, the delegator certificate must be provided using the `crlSignerDelegator` field.
+  - crlSignerDelegator: `optional(string)` - If crlSignerCertificate is a delegated certificate by a PAI, then crlSignerDelegator must contain the delegator PAI certificate which must be chained back to an approved certificate in the ledger, encoded in X.509v3 PEM format. Otherwise this field can be omitted. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data.
   - dataUrl: `optional(string)` -  The URL where to obtain the information in the format indicated by the RevocationType field. Must start with either `http` or `https`. Must be unique for all pairs of VendorID and IssuerSubjectKeyID.
   - dataFileSize: `optional(uint64)` -  Total size in bytes of the file found at the DataUrl. Must be omitted if RevocationType is 1.
   - dataDigest: `optional(string)` -  Digest of the entire contents of the associated file downloaded from the DataUrl. Must be omitted if RevocationType is 1. Must be provided if and only if the `DataFileSize` field is present.
@@ -1064,7 +1066,7 @@ Updates an existing PKI Revocation distribution endpoint (such as RFC5280 Certif
   - `pki/RevocationDistributionPoint/value/<IssuerSubjectKeyID>/<vid>/<label>` -> Revocation Distribution Point
 - CLI command:
   - `dcld tx pki update-revocation-point --vid=<uint16> --issuer-subject-key-id=<string> --label=<string>
-    --data-url=<string> --certificate=<string-or-path> --from=<account>`
+    --data-url=<string> --certificate=<string-or-path> --certificate-delegator=<string-or-path> --from=<account>`
 
 #### DELETE_REVOCATION_DISTRIBUTION_POINT
 
diff --git a/integration_tests/cli/pki-revocation-points.sh b/integration_tests/cli/pki-revocation-points.sh
index e3abb9893..b7a139b5f 100755
--- a/integration_tests/cli/pki-revocation-points.sh
+++ b/integration_tests/cli/pki-revocation-points.sh
@@ -25,6 +25,18 @@ test_root_cert_path="integration_tests/constants/test_root_cert"
 test_root_cert_subject="MDAxGDAWBgNVBAMMD01hdHRlciBUZXN0IFBBQTEUMBIGCisGAQQBgqJ8AgEMBDEyNUQ="
 test_root_cert_subject_key_id="E2:90:8D:36:9C:3C:A3:C1:13:BB:09:E2:4D:C1:CC:C5:A6:66:91:D4"
 
+root_cert_with_vid_path="integration_tests/constants/root_cert_with_vid"
+root_cert_with_vid_subject="MIGYMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE="
+root_cert_with_vid_subject_key_id="CE:A8:92:66:EA:E0:80:BD:2B:B5:68:E4:0B:07:C4:FA:2C:34:6D:31"
+
+delegator_cert_with_vid_65521_path="integration_tests/constants/intermediate_cert_with_vid_1"
+delegator_cert_with_vid_65521_copy_path="integration_tests/constants/intermediate_cert_with_vid_1_copy"
+delegator_cert_with_vid_subject_key_id="0E8CE8C8B8AA50BC258556B9B19CC2C7D9C52F17"
+
+crl_signer_delegated_by_pai_1="integration_tests/constants/leaf_cert_with_vid_65521"
+crl_signer_delegated_by_pai_2="integration_tests/constants/leaf_cert_with_vid_65522"
+crl_signer_delegated_by_paa="integration_tests/constants/leaf_cert_without_vid"
+
 trustee_account="jack"
 second_trustee_account="alice"
 third_trustee_account="bob"
@@ -35,6 +47,8 @@ third_trustee_account_address=$(echo $passphrase | dcld keys show bob -a)
 
 label="label"
 label_pai="label_pai"
+label_leaf="label_leaf"
+label_leaf_with_delegator="label_leaf_with_delegator"
 vid=65521
 vid_65522=65522
 vid_non_vid_scoped=4701
@@ -137,6 +151,12 @@ check_response "$result" "\"code\": 0"
 result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$test_root_cert_subject" --subject-key-id="$test_root_cert_subject_key_id" --from $second_trustee_account --yes)
 check_response "$result" "\"code\": 0"
 
+echo "Trustees add VID scoped root cert"
+result=$(echo "$passphrase" | dcld tx pki propose-add-x509-root-cert --certificate="$root_cert_with_vid_path" --vid $vid --from $trustee_account --yes)
+check_response "$result" "\"code\": 0"
+result=$(echo "$passphrase" | dcld tx pki approve-add-x509-root-cert --subject="$root_cert_with_vid_subject" --subject-key-id="$root_cert_with_vid_subject_key_id" --from $second_trustee_account --yes)
+check_response "$result" "\"code\": 0"
+
 test_divider
 
 echo "7. ADD REVOCATION POINT FOR PAA WHEN CRL SIGNER CERTIFICATE PEM VALUE IS NOT EQUAL TO STORED CERTIFICATE PEM VALUE"
@@ -255,7 +275,72 @@ response_does_not_contain "$result" "\"label\": \"$vid_non_vid_scoped\""
 
 test_divider
 
-echo "12. UPDATE REVOCATION POINT WHEN POINT NOT FOUND"
+echo "12. ADD REVOCATION POINT FOR CRL SIGNER CERTIFICATE DELEGATED BY PAI"
+
+result=$(dcld tx pki add-revocation-point --vid=$vid --is-paa="false" --certificate="$crl_signer_delegated_by_pai_1" --label="$label_leaf_with_delegator" --data-url="$data_url" --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id --revocation-type=1 --certificate-delegator="$delegator_cert_with_vid_65521_path" --from=$vendor_account --yes)
+check_response "$result" "\"code\": 0"
+
+result=$(dcld query pki revocation-point --vid=$vid --label=$label_leaf_with_delegator --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id)
+check_response "$result" "\"vid\": $vid"
+check_response "$result" "\"label\": \"$label_leaf_with_delegator\""
+check_response "$result" "\"issuerSubjectKeyID\": \"$delegator_cert_with_vid_subject_key_id\""
+
+echo $result
+
+test_divider
+
+echo "13. ADD REVOCATION POINT FOR CRL SIGNER CERTIFICATE DELEGATED BY PAA"
+
+echo "Add PAI certificate"
+result=$(echo "$passphrase" | dcld tx pki add-x509-cert --certificate="$delegator_cert_with_vid_65521_path" --from $vendor_account --yes)
+check_response "$result" "\"code\": 0"
+
+echo "Add PKI revocation point with IS_PAA=true"
+result=$(dcld tx pki add-revocation-point --vid=$vid_65522 --is-paa="true" --certificate="$crl_signer_delegated_by_paa" --label="$label_leaf" --data-url="$data_url" --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id --revocation-type=1 --from=$vendor_account_65522 --yes)
+check_response "$result" "\"code\": 0"
+
+result=$(dcld query pki revocation-point --vid=$vid_65522 --label=$label_leaf --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id)
+check_response "$result" "\"vid\": $vid_65522"
+check_response "$result" "\"label\": \"$label_leaf\""
+check_response "$result" "\"issuerSubjectKeyID\": \"$delegator_cert_with_vid_subject_key_id\""
+echo $result
+
+test_divider
+
+echo "14. UPDATE REVOCATION POINT FOR CRL SIGNER CERTIFICATE DELEGATED BY PAI"
+data_url_new="$data_url"_new
+result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$crl_signer_delegated_by_pai_1" --label="$label_leaf_with_delegator" --data-url="$data_url_new" --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id --certificate-delegator="$delegator_cert_with_vid_65521_copy_path" --from=$vendor_account --yes)
+check_response "$result" "\"code\": 0"
+echo $result
+
+result=$(dcld query pki revocation-point --vid=$vid --label=$label_leaf_with_delegator --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id)
+check_response "$result" "\"vid\": $vid"
+check_response "$result" "\"label\": \"$label_leaf_with_delegator\""
+check_response "$result" "\"issuerSubjectKeyID\": \"$delegator_cert_with_vid_subject_key_id\""
+check_response "$result" "\"dataURL\": \"$data_url_new\""
+check_response "$result" "\"CrlSignerCertificate\": $(<$crl_signer_delegated_by_pai_1)"
+check_response "$result" "\"CrlSignerDelegator\": $(<$delegator_cert_with_vid_65521_copy_path)"
+echo $result
+
+test_divider
+
+echo "15. UPDATE REVOCATION POINT FOR CRL SIGNER CERTIFICATE DELEGATED BY PAA"
+result=$(dcld tx pki update-revocation-point --vid=$vid_65522 --certificate="$crl_signer_delegated_by_pai_2" --label="$label_leaf" --data-url="$data_url_new" --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id --from=$vendor_account_65522 --yes)
+check_response "$result" "\"code\": 0"
+echo $result
+
+result=$(dcld query pki revocation-point --vid=$vid_65522 --label=$label_leaf --issuer-subject-key-id=$delegator_cert_with_vid_subject_key_id)
+check_response "$result" "\"vid\": $vid_65522"
+check_response "$result" "\"label\": \"$label_leaf\""
+check_response "$result" "\"issuerSubjectKeyID\": \"$delegator_cert_with_vid_subject_key_id\""
+check_response "$result" "\"dataURL\": \"$data_url_new\""
+check_response "$result" "\"CrlSignerCertificate\": $(<$crl_signer_delegated_by_pai_2)"
+
+echo $result
+
+test_divider
+
+echo "16. UPDATE REVOCATION POINT WHEN POINT NOT FOUND"
 
 result=$(dcld tx pki update-revocation-point --vid=$vid_65522 --certificate="$pai_cert_with_numeric_vid_pid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes)
 response_does_not_contain "$result" "\"code\": 0"
@@ -263,7 +348,7 @@ echo $result
 
 test_divider
 
-echo "13. UPDATE REVOCATION POINT FOR PAA WHEN NEW CERT IS NOT PAA"
+echo "17. UPDATE REVOCATION POINT FOR PAA WHEN NEW CERT IS NOT PAA"
 
 result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$pai_cert_with_numeric_vid_pid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account --yes)
 response_does_not_contain "$result" "\"code\": 0"
@@ -271,7 +356,7 @@ echo $result
 
 test_divider
 
-echo "14. UPDATE REVOCATION POINT WHEN SENDER IS NOT VENDOR"
+echo "18. UPDATE REVOCATION POINT WHEN SENDER IS NOT VENDOR"
 
 result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$paa_cert_with_numeric_vid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$trustee_account --yes)
 response_does_not_contain "$result" "\"code\": 0"
@@ -279,7 +364,7 @@ echo $result
 
 test_divider
 
-echo "15. UPDATE REVOCATION POINT FOR PAA WHEN SENDER VID IS NOT EQUAL TO CERT VID"
+echo "19. UPDATE REVOCATION POINT FOR PAA WHEN SENDER VID IS NOT EQUAL TO CERT VID"
 
 result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$paa_cert_with_numeric_vid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes)
 response_does_not_contain "$result" "\"code\": 0"
@@ -287,7 +372,7 @@ echo $result
 
 test_divider
 
-echo "16. UPDATE REVOCATION POINT FOR PAA WHEN MSG VID IS NOT EQUAL TO CERT VID"
+echo "20. UPDATE REVOCATION POINT FOR PAA WHEN MSG VID IS NOT EQUAL TO CERT VID"
 
 result=$(dcld tx pki update-revocation-point --vid=$vid_65522 --certificate="$paa_cert_with_numeric_vid_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account --yes)
 response_does_not_contain "$result" "\"code\": 0"
@@ -295,7 +380,7 @@ echo $result
 
 test_divider
 
-echo "17. UPDATE REVOCATION POINT FOR VID-SCOPED PAA"
+echo "21. UPDATE REVOCATION POINT FOR VID-SCOPED PAA"
 schema_version_3=3
 result=$(dcld tx pki update-revocation-point --vid=$vid --certificate="$root_cert_path" --label="$label" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --schemaVersion=$schema_version_3 --from=$vendor_account --yes)
 check_response "$result" "\"code\": 0"
@@ -309,7 +394,7 @@ check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\""
 check_response "$result" "\"schemaVersion\": $schema_version_3"
 test_divider
 
-echo "18. UPDATE REVOCATION POINT FOR NON-VID SCOPED PAA"
+echo "22. UPDATE REVOCATION POINT FOR NON-VID SCOPED PAA"
 
 result=$(dcld tx pki update-revocation-point --vid=$vid_non_vid_scoped --certificate="$test_root_cert_path" --label="$label_non_vid_scoped" --data-url="$data_url_non_vid_scoped" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_non_vid_scoped --yes)
 check_response "$result" "\"code\": 0"
@@ -323,7 +408,7 @@ check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\""
 
 test_divider
 
-echo "19. UPDATE REVOCATION POINT FOR PAI"
+echo "23. UPDATE REVOCATION POINT FOR PAI"
 
 result=$(dcld tx pki update-revocation-point --vid=$vid_65522 --certificate="$pai_cert_vid_path" --label="$label_pai" --data-url="$data_url" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes)
 check_response "$result" "\"code\": 0"
@@ -337,7 +422,7 @@ check_response "$result" "\"issuerSubjectKeyID\": \"$issuer_subject_key_id\""
 
 test_divider
 
-echo "20. DELETE REVOCATION PAA"
+echo "24. DELETE REVOCATION POINT"
 
 result=$(dcld tx pki delete-revocation-point --vid=$vid --label="$label" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account --yes)
 check_response "$result" "\"code\": 0"
@@ -346,15 +431,4 @@ echo $result
 result=$(dcld query pki revocation-point --vid=$vid --label=$label --issuer-subject-key-id=$issuer_subject_key_id)
 check_response "$result" "Not Found"
 
-test_divider
-
-echo "21. DELETE REVOCATION PAI"
-
-result=$(dcld tx pki delete-revocation-point --vid=$vid_65522 --label="$label_pai" --issuer-subject-key-id=$issuer_subject_key_id --from=$vendor_account_65522 --yes)
-check_response "$result" "\"code\": 0"
-echo $result
-
-result=$(dcld query pki revocation-point --vid=$vid_65522 --label=$label_pai --issuer-subject-key-id=$issuer_subject_key_id)
-check_response "$result" "Not Found"
-
 test_divider
\ No newline at end of file
diff --git a/integration_tests/constants/constants.go b/integration_tests/constants/constants.go
index 1c45ac443..a395a9d29 100644
--- a/integration_tests/constants/constants.go
+++ b/integration_tests/constants/constants.go
@@ -561,44 +561,116 @@ HGBcCo5whZU=
 -----END CERTIFICATE-----`
 
 	IntermediateCertWithVid1 = `-----BEGIN CERTIFICATE-----
-MIICejCCAiGgAwIBAgIBAzAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
+MIICiTCCAi+gAwIBAgIBAzAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
 BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
 bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
-DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy
-NjEyMDczMloYDzMwMjMwNjI5MTIwNzMyWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDMy
+NzA2MDcxMloYDzMwMjMwNzI5MDYwNzEyWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
 BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs
 ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93
 d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC
 onwCAgwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0
 G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7
-1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
-GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNHADBEAiAOQSIQ
-sdClGJ86LQ1p7e+kb0Dg+YsyxIv2XHdUvIVn2gIgBkbzBccRbDG3p/+gnPhF+7xP
-T/SKbO+GZvoizizl6Gc=
+1jRkVsyjUDBOMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
+GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAMBgNVHRMEBTADAQH/MAoGCCqGSM49
+BAMCA0gAMEUCIQCy8SeF6UXIGM+0X6fc5tqSrgAQ1nCN5cvsWyfZvH0y9wIgQ45S
+TXQomsOa4eHQpJzsY/JQqprA0FapY1nsvL+PQFg=
 -----END CERTIFICATE-----`
 
 	IntermediateCertWithVid2 = `-----BEGIN CERTIFICATE-----
-MIICezCCAiGgAwIBAgIBBDAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
+MIICiDCCAi+gAwIBAgIBBDAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
 BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
 bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
-DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy
-NjEzMDcwNVoYDzMwMjMwNjI5MTMwNzA1WjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDMy
+NzE1MzQxMVoYDzMwMjMwNzI5MTUzNDExWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
 BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs
 ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93
 d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYyMRQwEgYKKwYBBAGC
 onwCAgwERkZGMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0
 G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7
-1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
-GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNIADBFAiEAkApx
-PWFFDoptmYnsW1QhKqrcD+xmFgJA4SWTH5Q1efMCIDWqdG0sAgum+FphfM4HF6XV
-M6mDL6NurBAW1pJlg8OT
+1jRkVsyjUDBOMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
+GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAMBgNVHRMEBTADAQH/MAoGCCqGSM49
+BAMCA0cAMEQCIHkhL7r/xEi16827IYysHe0w8X0rsbU5zcHcbK1wt0ALAiASEZMI
+NN1ZIQJHBjCm+vWh3Jsjt2wUHKIM5i64Wd9kPA==
+-----END CERTIFICATE-----`
+
+	IntermediateCertWithoutVidPid = `-----BEGIN CERTIFICATE-----
+MIICfjCCAiOgAwIBAgIUApsGBeXsNPxNq4brOXLNfbYysakwCgYIKoZIzj0EAwIw
+gZgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3
+IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu
+ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC
+onwCAQwERkZGMTAgFw0yNDAzMjgxMzEzMjVaGA8zMDIzMDczMDEzMTMyNVowgYIx
+CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlv
+cmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGluZyBE
+aXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYI
+KoZIzj0DAQcDQgAE5M2Hy7bsKdEZ2PQbT/PSij2uwpymBSiBDx9hgSD9AKVgUcm6
+EVt/Uz5V14xJxuWWm3iQYfaKHtpTVvvWNGRWzKNdMFswHQYDVR0OBBYEFA6M6Mi4
+qlC8JYVWubGcwsfZxS8XMB8GA1UdIwQYMBaAFM6okmbq4IC9K7Vo5AsHxPosNG0x
+MAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgGCMAoGCCqGSM49BAMCA0kAMEYCIQDm
+jhpYAW9UseDLyoF2bmvy36jV7Hwvst+R3wJi0jh4xAIhAPXCfe8DUCoRV32q97C0
+IYJElzT/KwBY6c2Xyu4gsjqh
 -----END CERTIFICATE-----`
 
-	RootIssuer        = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"
-	RootSubject       = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"
-	RootSubjectAsText = "O=root-ca,ST=some-state,C=AU"
-	RootSubjectKeyID  = "5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB"
-	RootSerialNumber  = "442314047376310867378175982234956458728610743315"
+	LeafCertWithVid = `-----BEGIN CERTIFICATE-----
+MIICrjCCAlSgAwIBAgIUBCg+BsyaPLK2sNxttFUIbDF/FPAwCgYIKoZIzj0EAwIw
+ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3
+IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu
+ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC
+onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI2MTAyNDI1
+WhgPMzAyMzA3MjgxMDI0MjVaMIGaMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3
+IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRowGAYDVQQKDBFDUkwtbGVhZiB3aXRo
+IFZJRDEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4
+YW1wbGUuY29tMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABNk/8AZJsYEd7kBVDv5c+Mm4kNsuyMF1d+UTOTlptsCzx4YwLlCX
+SSr2SwDHbkRvMbp5cfFt9uyNc0Tx3bVVyPWjYDBeMB0GA1UdDgQWBBTWmCYQvqwj
+dAkKQAvNOWVT8Xaw9TAfBgNVHSMEGDAWgBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAM
+BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIBgjAKBggqhkjOPQQDAgNIADBFAiEA
+nAoa731+XkR5/0XaESqHG40IZysduxN8sJo2sJpPvvwCICGn7oAwDmQh0umEJ6dK
+Vtv3RJ9iuKtC/fkzUzhv9c0z
+-----END CERTIFICATE-----`
+
+	LeafCertWithVidPid = `-----BEGIN CERTIFICATE-----
+MIICzDCCAnKgAwIBAgIUG6W5A5QhAdUKiVAG9yo5VrndE2IwCgYIKoZIzj0EAwIw
+ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3
+IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu
+ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC
+onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI2MTAzNTI4
+WhgPMzAyMzA3MjgxMDM1MjhaMIG4MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3
+IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSIwIAYDVQQKDBlDUkwtbGVhZiB3aXRo
+IFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYB
+BAGConwCAgwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNk/8AZJsYEd
+7kBVDv5c+Mm4kNsuyMF1d+UTOTlptsCzx4YwLlCXSSr2SwDHbkRvMbp5cfFt9uyN
+c0Tx3bVVyPWjYDBeMB0GA1UdDgQWBBTWmCYQvqwjdAkKQAvNOWVT8Xaw9TAfBgNV
+HSMEGDAWgBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAMBgNVHRMBAf8EAjAAMA4GA1Ud
+DwEB/wQEAwIBgjAKBggqhkjOPQQDAgNIADBFAiEAhs/qxSBUSsRdqXfC8tQlPIPU
+CNbAI81hYOHbiOx6fD0CIFz63D+Ug7xurPSqAPHoTAY6MhseK4IrbAjKRPA0sQl5
+-----END CERTIFICATE-----`
+
+	LeafCertWithoutVidPid = `-----BEGIN CERTIFICATE-----
+MIICozCCAkmgAwIBAgIUDXi3VEZsSRTrSqZuIqDWX0Ar4egwCgYIKoZIzj0EAwIw
+ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3
+IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu
+ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC
+onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI2MTEwNjIz
+WhgPMzAyMzA3MjgxMTA2MjNaMIGPMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3
+IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSUwIwYDVQQKDBxDUkwtbGVhZiB3aXRo
+b3V0IFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD
+VQQDDA93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZ
+P/AGSbGBHe5AVQ7+XPjJuJDbLsjBdXflEzk5abbAs8eGMC5Ql0kq9ksAx25EbzG6
+eXHxbfbsjXNE8d21Vcj1o2AwXjAdBgNVHQ4EFgQU1pgmEL6sI3QJCkALzTllU/F2
+sPUwHwYDVR0jBBgwFoAUDozoyLiqULwlhVa5sZzCx9nFLxcwDAYDVR0TAQH/BAIw
+ADAOBgNVHQ8BAf8EBAMCAYIwCgYIKoZIzj0EAwIDSAAwRQIhAPIzS2Tlov+9/R6U
+fJhEWAA8mOgN9OVCdPWAegWuN3b2AiApXciu/dT4B5db3puPWrAsMjAUYF2Owc/D
+eujhLsD51w==
+-----END CERTIFICATE-----`
+
+	RootIssuer                     = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"
+	RootSubject                    = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"
+	RootSubjectAsText              = "O=root-ca,ST=some-state,C=AU"
+	RootSubjectKeyID               = "5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB"
+	RootSubjectKeyIDWithoutColumns = "5A880E6C3653D07FB08971A3F473790930E62BDB"
+	RootSerialNumber               = "442314047376310867378175982234956458728610743315"
 
 	RootCertWithSameSubjectAndSKIDSubject         = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ=="
 	RootCertWithSameSubjectAndSKIDSubjectKeyID    = "33:5E:0C:07:44:F8:B5:9C:CD:55:01:9B:6D:71:23:83:6F:D0:D4:BE"
@@ -613,12 +685,13 @@ M6mDL6NurBAW1pJlg8OT
 	LeafCertWithSameSubjectAndSKIDSubjectKeyID          = "12:16:55:8E:5E:2A:DF:04:D7:E6:FE:D1:53:69:61:98:EF:17:2F:03"
 	LeafCertWithSameSubjectAndSKIDSerialNumber          = "5"
 
-	IntermediateIssuer         = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"
-	IntermediateAuthorityKeyID = "5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB"
-	IntermediateSubject        = "MDwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRgwFgYDVQQKDA9pbnRlcm1lZGlhdGUtY2E="
-	IntermediateSubjectAsText  = "O=intermediate-ca,ST=some-state,C=AU"
-	IntermediateSubjectKeyID   = "4E:3B:73:F4:70:4D:C2:98:0D:DB:C8:5A:5F:02:3B:BF:86:25:56:2B"
-	IntermediateSerialNumber   = "169917617234879872371588777545667947720450185023"
+	IntermediateIssuer                     = "MDQxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRAwDgYDVQQKDAdyb290LWNh"
+	IntermediateAuthorityKeyID             = "5A:88:0E:6C:36:53:D0:7F:B0:89:71:A3:F4:73:79:09:30:E6:2B:DB"
+	IntermediateSubject                    = "MDwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRgwFgYDVQQKDA9pbnRlcm1lZGlhdGUtY2E="
+	IntermediateSubjectAsText              = "O=intermediate-ca,ST=some-state,C=AU"
+	IntermediateSubjectKeyID               = "4E:3B:73:F4:70:4D:C2:98:0D:DB:C8:5A:5F:02:3B:BF:86:25:56:2B"
+	IntermediateSubjectKeyIDWithoutColumns = "4E3B73F4704DC2980DDBC85A5F023BBF8625562B"
+	IntermediateSerialNumber               = "169917617234879872371588777545667947720450185023"
 
 	LeafIssuer         = "MDwxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApzb21lLXN0YXRlMRgwFgYDVQQKDA9pbnRlcm1lZGlhdGUtY2E="
 	LeafAuthorityKeyID = "4E:3B:73:F4:70:4D:C2:98:D:DB:C8:5A:5F:02:3B:BF:86:25:56:2B"
@@ -657,16 +730,43 @@ M6mDL6NurBAW1pJlg8OT
 
 	TestCertPemVid = 4701
 
-	RootCertWithVidSubject      = "MIGYMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE="
-	RootCertWithVidSubjectKeyID = "CE:A8:92:66:EA:E0:80:BD:2B:B5:68:E4:0B:07:C4:FA:2C:34:6D:31"
-	RootCertWithVidVid          = 65521
+	RootCertWithVidSubject                    = "MIGYMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjE="
+	RootCertWithVidSubjectKeyID               = "CE:A8:92:66:EA:E0:80:BD:2B:B5:68:E4:0B:07:C4:FA:2C:34:6D:31"
+	RootCertWithVidSubjectKeyIDWithoutColumns = "CEA89266EAE080BD2BB568E40B07C4FA2C346D31"
+	RootCertWithVidVid                        = 65521
 
-	IntermediateCertWithVid1Subject      = "MIGuMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDARGRkYx"
-	IntermediateCertWithVid1SubjectKeyID = "0E:8C:E8:C8:B8:AA:50:BC:25:85:56:B9:B1:9C:C2:C7:D9:C5:2F:17"
-	IntermediateCertWithVid1SerialNumber = "3"
-	IntermediateCertWithVid1Vid          = 65521
+	IntermediateCertWithVid1Subject                    = "MIGuMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTEUMBIGCisGAQQBgqJ8AgEMBEZGRjExFDASBgorBgEEAYKifAICDARGRkYx"
+	IntermediateCertWithVid1SubjectKeyID               = "0E:8C:E8:C8:B8:AA:50:BC:25:85:56:B9:B1:9C:C2:C7:D9:C5:2F:17"
+	IntermediateCertWithVid1SubjectKeyIDWithoutColumns = "0E8CE8C8B8AA50BC258556B9B19CC2C7D9C52F17"
+	IntermediateCertWithVid1SerialNumber               = "3"
+	IntermediateCertWithVid1Vid                        = 65521
 
 	IntermediateCertWithVid2SubjectKeyID = "0E:8C:E8:C8:B8:AA:50:BC:25:85:56:B9:B1:9C:C2:C7:D9:C5:2F:17"
 	IntermediateCertWithVid2SerialNumber = "4"
 	IntermediateCertWithVid2Vid          = 65522
+
+	IntermediateCertWithoutVidPidSubject      = "MIGCMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9FeGFtcGxlIENvbXBhbnkxGTAXBgNVBAsMEFRlc3RpbmcgRGl2aXNpb24xGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbQ=="
+	IntermediateCertWithoutVidPidSubjectKeyID = "0E:8C:E8:C8:B8:AA:50:BC:25:85:56:B9:B1:9C:C2:C7:D9:C5:2F:17"
+	IntermediateCertWithoutVidPidSerialNumber = "14875121728167018569770528052537472929544450473"
+
+	LeafCertWithVidSubject        = "MIGaMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRowGAYDVQQKDBFDUkwtbGVhZiB3aXRoIFZJRDEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGConwCAQwERkZGMQ=="
+	LeafCertWithVidSubjectAsText  = "CN=www.example.com,OU=Testing Division,O=CRL-leaf with VID,L=New York,ST=New York,C=US,vid=0xFFF1"
+	LeafCertWithVidSubjectKeyID   = "D6:98:26:10:BE:AC:23:74:09:0A:40:0B:CD:39:65:53:F1:76:B0:F5"
+	LeafCertWithVidAuthorityKeyID = IntermediateCertWithVid1SubjectKeyID
+	LeafCertWithVidSerialNumber   = "23733396166621909643583307546615137635389084912"
+	LeafCertWithVidVid            = 65521
+
+	LeafCertWithVidPidSubject        = "MIG4MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSIwIAYDVQQKDBlDUkwtbGVhZiB3aXRoIFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGConwCAgwERkZGMQ=="
+	LeafCertWithVidPidSubjectAsText  = "CN=www.example.com,OU=Testing Division,O=CRL-leaf with VID and PID,L=New York,ST=New York,C=US,pid=0xFFF1,vid=0xFFF1"
+	LeafCertWithVidPidSubjectKeyID   = "D6:98:26:10:BE:AC:23:74:09:0A:40:0B:CD:39:65:53:F1:76:B0:F5"
+	LeafCertWithVidPidAuthorityKeyID = IntermediateCertWithVid1SubjectKeyID
+	LeafCertWithVidPidSerialNumber   = "157838490760642822714861562571853387507185816418"
+	LeafCertWithVidPidVid            = 65521
+	LeafCertWithVidPidPid            = 65521
+
+	LeafCertWithoutVidPidSubject        = "MIGPMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSUwIwYDVQQKDBxDUkwtbGVhZiB3aXRob3V0IFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93d3cuZXhhbXBsZS5jb20="
+	LeafCertWithoutVidPidSubjectAsText  = "CN=www.example.com,OU=Testing Division,O=CRL-leaf without VID and PID,L=New York,ST=New York,C=US"
+	LeafCertWithoutVidPidSubjectKeyID   = "D6:98:26:10:BE:AC:23:74:09:0A:40:0B:CD:39:65:53:F1:76:B0:F5"
+	LeafCertWithoutVidPidAuthorityKeyID = IntermediateCertWithVid1SubjectKeyID
+	LeafCertWithoutVidPidSerialNumber   = "76908939670186132114931832808683834138281370088"
 )
diff --git a/integration_tests/constants/intermediate_cert_with_vid_1 b/integration_tests/constants/intermediate_cert_with_vid_1
index 41e40b049..2a8e9b086 100644
--- a/integration_tests/constants/intermediate_cert_with_vid_1
+++ b/integration_tests/constants/intermediate_cert_with_vid_1
@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE-----
-MIICejCCAiGgAwIBAgIBAzAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
+MIICiTCCAi+gAwIBAgIBAzAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
 BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
 bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
-DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy
-NjEyMDczMloYDzMwMjMwNjI5MTIwNzMyWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDMy
+NzA2MDcxMloYDzMwMjMwNzI5MDYwNzEyWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
 BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs
 ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93
 d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMRQwEgYKKwYBBAGC
 onwCAgwERkZGMTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0
 G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7
-1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
-GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNHADBEAiAOQSIQ
-sdClGJ86LQ1p7e+kb0Dg+YsyxIv2XHdUvIVn2gIgBkbzBccRbDG3p/+gnPhF+7xP
-T/SKbO+GZvoizizl6Gc=
+1jRkVsyjUDBOMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
+GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAMBgNVHRMEBTADAQH/MAoGCCqGSM49
+BAMCA0gAMEUCIQCy8SeF6UXIGM+0X6fc5tqSrgAQ1nCN5cvsWyfZvH0y9wIgQ45S
+TXQomsOa4eHQpJzsY/JQqprA0FapY1nsvL+PQFg=
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/integration_tests/constants/intermediate_cert_with_vid_1_copy b/integration_tests/constants/intermediate_cert_with_vid_1_copy
new file mode 100644
index 000000000..499a9e4b5
--- /dev/null
+++ b/integration_tests/constants/intermediate_cert_with_vid_1_copy
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICnTCCAkKgAwIBAgIUD05hvGL08UmRJivrVoLd/raw9gswCgYIKoZIzj0EAwIw
+gZgxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3
+IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu
+ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC
+onwCAQwERkZGMTAgFw0yNDAzMjcxNTQyNDBaGA8zMDIzMDcyOTE1NDI0MFowga4x
+CzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlv
+cmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGluZyBE
+aXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGConwC
+AQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwWTATBgcqhkjOPQIBBggqhkjO
+PQMBBwNCAATkzYfLtuwp0RnY9BtP89KKPa7CnKYFKIEPH2GBIP0ApWBRyboRW39T
+PlXXjEnG5ZabeJBh9ooe2lNW+9Y0ZFbMo1AwTjAdBgNVHQ4EFgQUDozoyLiqULwl
+hVa5sZzCx9nFLxcwHwYDVR0jBBgwFoAUzqiSZurggL0rtWjkCwfE+iw0bTEwDAYD
+VR0TBAUwAwEB/zAKBggqhkjOPQQDAgNJADBGAiEAl/iTG29rwOctwFeMaHgTodgd
+DYLiKs1zgIKJhrFxgkICIQCGd/dl4uGHg4bHO9ip46oMrsTs0OZNtEYx9df8AG7w
+IA==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/integration_tests/constants/intermediate_cert_with_vid_2 b/integration_tests/constants/intermediate_cert_with_vid_2
index f3397aa54..ffbf0b90d 100644
--- a/integration_tests/constants/intermediate_cert_with_vid_2
+++ b/integration_tests/constants/intermediate_cert_with_vid_2
@@ -1,16 +1,16 @@
 -----BEGIN CERTIFICATE-----
-MIICezCCAiGgAwIBAgIBBDAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
+MIICiDCCAi+gAwIBAgIBBDAKBggqhkjOPQQDAjCBmDELMAkGA1UEBhMCVVMxETAP
 BgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhh
 bXBsZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQD
-DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDIy
-NjEzMDcwNVoYDzMwMjMwNjI5MTMwNzA1WjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
+DA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYxMCAXDTI0MDMy
+NzE1MzQxMVoYDzMwMjMwNzI5MTUzNDExWjCBrjELMAkGA1UEBhMCVVMxETAPBgNV
 BAgMCE5ldyBZb3JrMREwDwYDVQQHDAhOZXcgWW9yazEYMBYGA1UECgwPRXhhbXBs
 ZSBDb21wYW55MRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYDVQQDDA93
 d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYyMRQwEgYKKwYBBAGC
 onwCAgwERkZGMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOTNh8u27CnRGdj0
 G0/z0oo9rsKcpgUogQ8fYYEg/QClYFHJuhFbf1M+VdeMScbllpt4kGH2ih7aU1b7
-1jRkVsyjQjBAMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
-GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAKBggqhkjOPQQDAgNIADBFAiEAkApx
-PWFFDoptmYnsW1QhKqrcD+xmFgJA4SWTH5Q1efMCIDWqdG0sAgum+FphfM4HF6XV
-M6mDL6NurBAW1pJlg8OT
+1jRkVsyjUDBOMB0GA1UdDgQWBBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAfBgNVHSME
+GDAWgBTOqJJm6uCAvSu1aOQLB8T6LDRtMTAMBgNVHRMEBTADAQH/MAoGCCqGSM49
+BAMCA0cAMEQCIHkhL7r/xEi16827IYysHe0w8X0rsbU5zcHcbK1wt0ALAiASEZMI
+NN1ZIQJHBjCm+vWh3Jsjt2wUHKIM5i64Wd9kPA==
 -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/integration_tests/constants/leaf_cert_with_vid_65521 b/integration_tests/constants/leaf_cert_with_vid_65521
new file mode 100644
index 000000000..01cefbc6c
--- /dev/null
+++ b/integration_tests/constants/leaf_cert_with_vid_65521
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrjCCAlSgAwIBAgIUBCg+BsyaPLK2sNxttFUIbDF/FPAwCgYIKoZIzj0EAwIw
+ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3
+IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu
+ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC
+onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI2MTAyNDI1
+WhgPMzAyMzA3MjgxMDI0MjVaMIGaMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3
+IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRowGAYDVQQKDBFDUkwtbGVhZiB3aXRo
+IFZJRDEZMBcGA1UECwwQVGVzdGluZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4
+YW1wbGUuY29tMRQwEgYKKwYBBAGConwCAQwERkZGMTBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABNk/8AZJsYEd7kBVDv5c+Mm4kNsuyMF1d+UTOTlptsCzx4YwLlCX
+SSr2SwDHbkRvMbp5cfFt9uyNc0Tx3bVVyPWjYDBeMB0GA1UdDgQWBBTWmCYQvqwj
+dAkKQAvNOWVT8Xaw9TAfBgNVHSMEGDAWgBQOjOjIuKpQvCWFVrmxnMLH2cUvFzAM
+BgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQEAwIBgjAKBggqhkjOPQQDAgNIADBFAiEA
+nAoa731+XkR5/0XaESqHG40IZysduxN8sJo2sJpPvvwCICGn7oAwDmQh0umEJ6dK
+Vtv3RJ9iuKtC/fkzUzhv9c0z
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/integration_tests/constants/leaf_cert_with_vid_65522 b/integration_tests/constants/leaf_cert_with_vid_65522
new file mode 100644
index 000000000..e1fa2e5a0
--- /dev/null
+++ b/integration_tests/constants/leaf_cert_with_vid_65522
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICuTCCAl+gAwIBAgIUJ8QWVXvctSk1w7hRdtLIvrgglgAwCgYIKoZIzj0EAwIw
+ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3
+IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu
+ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC
+onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI3MTI1MDI3
+WhgPMzAyMzA3MjkxMjUwMjdaMIGlMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3
+IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSUwIwYDVQQKDBxDUkwtbGVhZiB3aXRo
+b3V0IFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD
+VQQDDA93d3cuZXhhbXBsZS5jb20xFDASBgorBgEEAYKifAIBDARGRkYyMFkwEwYH
+KoZIzj0CAQYIKoZIzj0DAQcDQgAE2T/wBkmxgR3uQFUO/lz4ybiQ2y7IwXV35RM5
+OWm2wLPHhjAuUJdJKvZLAMduRG8xunlx8W327I1zRPHdtVXI9aNgMF4wHQYDVR0O
+BBYEFNaYJhC+rCN0CQpAC805ZVPxdrD1MB8GA1UdIwQYMBaAFA6M6Mi4qlC8JYVW
+ubGcwsfZxS8XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgGCMAoGCCqGSM49
+BAMCA0gAMEUCIQCqGZtCl5fCQf9KIAl6rOE9Xegf/NZAtrJoVmDfJ8yFbgIgZXBs
+CBffM8rd8twMhqjhovJDeDRYSbYeWq8mgdLkycc=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/integration_tests/constants/leaf_cert_without_vid b/integration_tests/constants/leaf_cert_without_vid
new file mode 100644
index 000000000..be68beed4
--- /dev/null
+++ b/integration_tests/constants/leaf_cert_without_vid
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICozCCAkmgAwIBAgIUDXi3VEZsSRTrSqZuIqDWX0Ar4egwCgYIKoZIzj0EAwIw
+ga4xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3
+IFlvcmsxGDAWBgNVBAoMD0V4YW1wbGUgQ29tcGFueTEZMBcGA1UECwwQVGVzdGlu
+ZyBEaXZpc2lvbjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMRQwEgYKKwYBBAGC
+onwCAQwERkZGMTEUMBIGCisGAQQBgqJ8AgIMBEZGRjEwIBcNMjQwMzI2MTEwNjIz
+WhgPMzAyMzA3MjgxMTA2MjNaMIGPMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3
+IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMSUwIwYDVQQKDBxDUkwtbGVhZiB3aXRo
+b3V0IFZJRCBhbmQgUElEMRkwFwYDVQQLDBBUZXN0aW5nIERpdmlzaW9uMRgwFgYD
+VQQDDA93d3cuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZ
+P/AGSbGBHe5AVQ7+XPjJuJDbLsjBdXflEzk5abbAs8eGMC5Ql0kq9ksAx25EbzG6
+eXHxbfbsjXNE8d21Vcj1o2AwXjAdBgNVHQ4EFgQU1pgmEL6sI3QJCkALzTllU/F2
+sPUwHwYDVR0jBBgwFoAUDozoyLiqULwlhVa5sZzCx9nFLxcwDAYDVR0TAQH/BAIw
+ADAOBgNVHQ8BAf8EBAMCAYIwCgYIKoZIzj0EAwIDSAAwRQIhAPIzS2Tlov+9/R6U
+fJhEWAA8mOgN9OVCdPWAegWuN3b2AiApXciu/dT4B5db3puPWrAsMjAUYF2Owc/D
+eujhLsD51w==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/proto/pki/pki_revocation_distribution_point.proto b/proto/pki/pki_revocation_distribution_point.proto
index 7818ab4e2..6b7338e7f 100644
--- a/proto/pki/pki_revocation_distribution_point.proto
+++ b/proto/pki/pki_revocation_distribution_point.proto
@@ -16,5 +16,6 @@ message PkiRevocationDistributionPoint {
   uint32 dataDigestType = 10; 
   uint32 revocationType = 11;
   uint32 schemaVersion = 12;
+  string crlSignerDelegator = 13;
 }
 
diff --git a/proto/pki/tx.proto b/proto/pki/tx.proto
index 158d7ddae..50a8a9015 100644
--- a/proto/pki/tx.proto
+++ b/proto/pki/tx.proto
@@ -131,6 +131,7 @@ message MsgAddPkiRevocationDistributionPoint {
   uint32 dataDigestType = 11;
   uint32 revocationType = 12 [(gogoproto.moretags) = "validate:\"required\""];
   uint32 schemaVersion = 13 [(gogoproto.moretags) = "validate:\"gte=0,lte=65535\""];
+  string crlSignerDelegator = 14 [(gogoproto.moretags) = "validate:\"max=10485760\""];
 }
 
 message MsgAddPkiRevocationDistributionPointResponse {
@@ -147,6 +148,7 @@ message MsgUpdatePkiRevocationDistributionPoint {
   string dataDigest = 8;
   uint32 dataDigestType = 9;
   uint32 schemaVersion = 10 [(gogoproto.moretags) = "validate:\"gte=0,lte=65535\""];
+  string crlSignerDelegator = 11 [(gogoproto.moretags) = "validate:\"max=10485760\""];
 }
 
 message MsgUpdatePkiRevocationDistributionPointResponse {
diff --git a/types/pki/errors.go b/types/pki/errors.go
index 407128a66..694bf4e52 100644
--- a/types/pki/errors.go
+++ b/types/pki/errors.go
@@ -49,6 +49,8 @@ var (
 	ErrCertNotChainedBack                                = sdkerrors.Register(ModuleName, 438, "Certificate is not chained back to a root certificate on DCL")
 	ErrCertVidNotEqualAccountVid                         = sdkerrors.Register(ModuleName, 439, "account's vid is not equal to certificate vid")
 	ErrCertVidNotEqualToRootVid                          = sdkerrors.Register(ModuleName, 440, "certificate's vid is not equal to vid of root certificate ")
+	ErrCRLSignerCertificateInvalidFormat                 = sdkerrors.Register(ModuleName, 441, "invalid CRLSignerCertificate certificate")
+	ErrInvalidAuthorityKeyIDFormat                       = sdkerrors.Register(ModuleName, 442, "invalid AuthorityKeyID format")
 )
 
 func NewErrUnauthorizedRole(transactionName string, requiredRole types.AccountRole) error {
@@ -231,6 +233,13 @@ func NewErrRootCertVidNotEqualToAccountVid(rootVID int32, accountVID int32) erro
 		rootVID, accountVID)
 }
 
+func NewErrCRLSignerCertificateInvalidFormat(description string) error {
+	return sdkerrors.Wrapf(
+		ErrCRLSignerCertificateInvalidFormat, "Invalid CRL Signer Certificate format: %v",
+		description,
+	)
+}
+
 func NewErrCRLSignerCertificatePidNotEqualMsgPid(certificatePid int32, messagePid int32) error {
 	return sdkerrors.Wrapf(
 		ErrCRLSignerCertificatePidNotEqualMsgPid,
@@ -289,6 +298,14 @@ func NewErrDataFieldPresented(revocationType uint32) error {
 }
 
 func NewErrWrongSubjectKeyIDFormat() error {
+	return sdkerrors.Wrapf(
+		ErrWrongSubjectKeyIDFormat,
+		"Wrong SubjectKeyID format. It must consist of even number of uppercase hexadecimal characters ([0-9A-F]), "+
+			"with no whitespace and no non-hexadecimal characters",
+	)
+}
+
+func NewErrWrongIssuerSubjectKeyIDFormat() error {
 	return sdkerrors.Wrapf(
 		ErrWrongSubjectKeyIDFormat,
 		"Wrong IssuerSubjectKeyID format. It must consist of even number of uppercase hexadecimal characters ([0-9A-F]), "+
@@ -296,6 +313,14 @@ func NewErrWrongSubjectKeyIDFormat() error {
 	)
 }
 
+func NewErrInvalidAuthorityKeyIDFormat() error {
+	return sdkerrors.Wrapf(
+		ErrInvalidAuthorityKeyIDFormat,
+		"Invalid AuthorityKeyID format. It must consist of even number of uppercase hexadecimal characters ([0-9A-F]), "+
+			"with no whitespace and no non-hexadecimal characters",
+	)
+}
+
 func NewErrVidNotFound(e interface{}) error {
 	return sdkerrors.Wrapf(ErrVidNotFound, "%v",
 		e)
@@ -387,3 +412,11 @@ func NewErrCertificateVidNotEqualMsgVid(e interface{}) error {
 func NewErrCertNotChainedBack() error {
 	return sdkerrors.Wrapf(ErrCertNotChainedBack, "CRL Signer Certificate is not chained back to root certificate on DCL")
 }
+
+func NewErrCRLSignerCertNotChainedBackToDelegator() error {
+	return sdkerrors.Wrapf(ErrCertNotChainedBack, "CRL Signer Certificate is not chained back to delegated PAI CRL Signer certificate")
+}
+
+func NewErrCRLSignerCertDelegatorNotChainedBack() error {
+	return sdkerrors.Wrapf(ErrCertNotChainedBack, "Delegated CRL Signer Certificate is not chained back to root certificate on DCL")
+}
diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts
index 112d017b9..7c23c75ba 100644
--- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts
+++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/rest.ts
@@ -69,6 +69,8 @@ export interface PkiPkiRevocationDistributionPoint {
 
   /** @format int64 */
   schemaVersion?: number;
+
+  crlSignerDelegator?: string;
 }
 
 export interface PkiPkiRevocationDistributionPointsByIssuerSubjectKeyID {
@@ -130,6 +132,9 @@ export interface PkiRevokedNocRootCertificates {
   subject?: string;
   subjectKeyId?: string;
   certs?: PkiCertificate[];
+
+    /** @format int64 */
+    schemaVersion?: number;
 }
 
 export interface PkiRevokedRootCertificates {
diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts
index 5d9a844b6..b5f915be3 100644
--- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts
+++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/genesis.ts
@@ -108,7 +108,7 @@ export const GenesisState = {
     message.approvedCertificatesBySubjectList = []
     message.rejectedCertificateList = []
     message.PkiRevocationDistributionPointList = []
-    message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList = []
+    message.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList = []
     message.approvedCertificatesBySubjectKeyIdList = []
     message.nocRootCertificatesList = []
     message.nocIcaCertificatesList = []
@@ -150,7 +150,7 @@ export const GenesisState = {
           message.PkiRevocationDistributionPointList.push(PkiRevocationDistributionPoint.decode(reader, reader.uint32()))
           break
         case 12:
-          message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList.push(
+          message.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList.push(
             PkiRevocationDistributionPointsByIssuerSubjectKeyID.decode(reader, reader.uint32())
           )
           break
@@ -185,7 +185,7 @@ export const GenesisState = {
     message.approvedCertificatesBySubjectList = []
     message.rejectedCertificateList = []
     message.PkiRevocationDistributionPointList = []
-    message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList = []
+    message.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList = []
     message.approvedCertificatesBySubjectKeyIdList = []
     message.nocRootCertificatesList = []
     message.nocIcaCertificatesList = []
@@ -250,7 +250,7 @@ export const GenesisState = {
       object.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList !== null
     ) {
       for (const e of object.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList) {
-        message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList.push(PkiRevocationDistributionPointsByIssuerSubjectKeyID.fromJSON(e))
+        message.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList.push(PkiRevocationDistributionPointsByIssuerSubjectKeyID.fromJSON(e))
       }
     }
     if (object.approvedCertificatesBySubjectKeyIdList !== undefined && object.approvedCertificatesBySubjectKeyIdList !== null) {
@@ -327,12 +327,12 @@ export const GenesisState = {
     } else {
       obj.PkiRevocationDistributionPointList = []
     }
-    if (message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList) {
-      obj.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList = message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList.map((e) =>
+    if (message.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList) {
+      obj.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList = message.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList.map((e) =>
         e ? PkiRevocationDistributionPointsByIssuerSubjectKeyID.toJSON(e) : undefined
       )
     } else {
-      obj.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList = []
+      obj.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList = []
     }
     if (message.approvedCertificatesBySubjectKeyIdList) {
       obj.approvedCertificatesBySubjectKeyIdList = message.approvedCertificatesBySubjectKeyIdList.map((e) =>
@@ -370,7 +370,7 @@ export const GenesisState = {
     message.approvedCertificatesBySubjectList = []
     message.rejectedCertificateList = []
     message.PkiRevocationDistributionPointList = []
-    message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList = []
+    message.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList = []
     message.approvedCertificatesBySubjectKeyIdList = []
     message.nocRootCertificatesList = []
     message.nocIcaCertificatesList = []
@@ -431,11 +431,11 @@ export const GenesisState = {
       }
     }
     if (
-      object.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList !== undefined &&
-      object.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList !== null
+      object.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList !== undefined &&
+      object.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList !== null
     ) {
-      for (const e of object.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList) {
-        message.pkiRevocationDistributionPointsByIssuerSubjectKeyIDList.push(PkiRevocationDistributionPointsByIssuerSubjectKeyID.fromPartial(e))
+      for (const e of object.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList) {
+        message.PkiRevocationDistributionPointsByIssuerSubjectKeyIDList.push(PkiRevocationDistributionPointsByIssuerSubjectKeyID.fromPartial(e))
       }
     }
     if (object.approvedCertificatesBySubjectKeyIdList !== undefined && object.approvedCertificatesBySubjectKeyIdList !== null) {
diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/pki_revocation_distribution_point.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/pki_revocation_distribution_point.ts
index 4b44bb783..82c9f9783 100644
--- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/pki_revocation_distribution_point.ts
+++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/pki_revocation_distribution_point.ts
@@ -17,6 +17,7 @@ export interface PkiRevocationDistributionPoint {
   dataDigestType: number
   revocationType: number
   schemaVersion: number
+  crlSignerDelegator: string
 }
 
 const basePkiRevocationDistributionPoint: object = {
@@ -31,7 +32,8 @@ const basePkiRevocationDistributionPoint: object = {
   dataDigest: '',
   dataDigestType: 0,
   revocationType: 0,
-  schemaVersion: 0
+  schemaVersion: 0,
+  crlSignerDelegator: ''
 }
 
 export const PkiRevocationDistributionPoint = {
@@ -72,6 +74,9 @@ export const PkiRevocationDistributionPoint = {
     if (message.schemaVersion !== 0) {
       writer.uint32(96).uint32(message.schemaVersion)
     }
+    if (message.crlSignerDelegator !== '') {
+      writer.uint32(106).string(message.crlSignerDelegator)
+    }
     return writer
   },
 
@@ -118,6 +123,9 @@ export const PkiRevocationDistributionPoint = {
         case 12:
           message.schemaVersion = reader.uint32()
           break
+        case 13:
+          message.crlSignerDelegator = reader.string()
+          break
         default:
           reader.skipType(tag & 7)
           break
@@ -188,6 +196,11 @@ export const PkiRevocationDistributionPoint = {
     } else {
       message.schemaVersion = 0
     }
+    if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) {
+      message.crlSignerDelegator = String(object.crlSignerDelegator)
+    } else {
+      message.crlSignerDelegator = ''
+    }
     return message
   },
 
@@ -205,6 +218,7 @@ export const PkiRevocationDistributionPoint = {
     message.dataDigestType !== undefined && (obj.dataDigestType = message.dataDigestType)
     message.revocationType !== undefined && (obj.revocationType = message.revocationType)
     message.schemaVersion !== undefined && (obj.schemaVersion = message.schemaVersion)
+    message.crlSignerDelegator !== undefined && (obj.crlSignerDelegator = message.crlSignerDelegator)
     return obj
   },
 
@@ -270,6 +284,11 @@ export const PkiRevocationDistributionPoint = {
     } else {
       message.schemaVersion = 0
     }
+    if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) {
+      message.crlSignerDelegator = object.crlSignerDelegator
+    } else {
+      message.crlSignerDelegator = ''
+    }
     return message
   }
 }
diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts
index 8bb9b4181..c8edbd78d 100644
--- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts
+++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/query.ts
@@ -3203,7 +3203,7 @@ export interface Query {
   NocRootCertificatesAll(request: QueryAllNocRootCertificatesRequest): Promise<QueryAllNocRootCertificatesResponse>
   /** Queries a NocIcaCertificates by index. */
   NocIcaCertificates(request: QueryGetNocIcaCertificatesRequest): Promise<QueryGetNocIcaCertificatesResponse>
-  /** Queries a list of NocCertificates items. */
+  /** Queries a list of NocIcaCertificates items. */
   NocIcaCertificatesAll(request: QueryAllNocIcaCertificatesRequest): Promise<QueryAllNocIcaCertificatesResponse>
   /** Queries a RevokedNocRootCertificates by index. */
   RevokedNocRootCertificates(request: QueryGetRevokedNocRootCertificatesRequest): Promise<QueryGetRevokedNocRootCertificatesResponse>
diff --git a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts
index e3c4ac5c2..245c00c05 100644
--- a/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts
+++ b/vue/src/store/generated/zigbee-alliance/distributed-compliance-ledger/zigbeealliance.distributedcomplianceledger.pki/module/types/pki/tx.ts
@@ -99,6 +99,7 @@ export interface MsgAddPkiRevocationDistributionPoint {
   dataDigestType: number
   revocationType: number
   schemaVersion: number
+  crlSignerDelegator: string
 }
 
 export interface MsgAddPkiRevocationDistributionPointResponse {}
@@ -114,6 +115,7 @@ export interface MsgUpdatePkiRevocationDistributionPoint {
   dataDigest: string
   dataDigestType: number
   schemaVersion: number
+  crlSignerDelegator: string
 }
 
 export interface MsgUpdatePkiRevocationDistributionPointResponse {}
@@ -1525,7 +1527,8 @@ const baseMsgAddPkiRevocationDistributionPoint: object = {
   dataDigest: '',
   dataDigestType: 0,
   revocationType: 0,
-  schemaVersion: 0
+  schemaVersion: 0,
+  crlSignerDelegator: ''
 }
 
 export const MsgAddPkiRevocationDistributionPoint = {
@@ -1569,6 +1572,9 @@ export const MsgAddPkiRevocationDistributionPoint = {
     if (message.schemaVersion !== 0) {
       writer.uint32(104).uint32(message.schemaVersion)
     }
+    if (message.crlSignerDelegator !== '') {
+      writer.uint32(114).string(message.crlSignerDelegator)
+    }
     return writer
   },
 
@@ -1618,6 +1624,9 @@ export const MsgAddPkiRevocationDistributionPoint = {
         case 13:
           message.schemaVersion = reader.uint32()
           break
+        case 14:
+          message.crlSignerDelegator = reader.string()
+          break
         default:
           reader.skipType(tag & 7)
           break
@@ -1693,6 +1702,11 @@ export const MsgAddPkiRevocationDistributionPoint = {
     } else {
       message.schemaVersion = 0
     }
+    if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) {
+      message.crlSignerDelegator = String(object.crlSignerDelegator)
+    } else {
+      message.crlSignerDelegator = ''
+    }
     return message
   },
 
@@ -1711,6 +1725,7 @@ export const MsgAddPkiRevocationDistributionPoint = {
     message.dataDigestType !== undefined && (obj.dataDigestType = message.dataDigestType)
     message.revocationType !== undefined && (obj.revocationType = message.revocationType)
     message.schemaVersion !== undefined && (obj.schemaVersion = message.schemaVersion)
+    message.crlSignerDelegator !== undefined && (obj.crlSignerDelegator = message.crlSignerDelegator)
     return obj
   },
 
@@ -1781,6 +1796,11 @@ export const MsgAddPkiRevocationDistributionPoint = {
     } else {
       message.schemaVersion = 0
     }
+    if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) {
+      message.crlSignerDelegator = object.crlSignerDelegator
+    } else {
+      message.crlSignerDelegator = ''
+    }
     return message
   }
 }
@@ -1833,7 +1853,8 @@ const baseMsgUpdatePkiRevocationDistributionPoint: object = {
   dataFileSize: 0,
   dataDigest: '',
   dataDigestType: 0,
-  schemaVersion: 0
+  schemaVersion: 0,
+  crlSignerDelegator: ''
 }
 
 export const MsgUpdatePkiRevocationDistributionPoint = {
@@ -1868,6 +1889,9 @@ export const MsgUpdatePkiRevocationDistributionPoint = {
     if (message.schemaVersion !== 0) {
       writer.uint32(80).uint32(message.schemaVersion)
     }
+    if (message.crlSignerDelegator !== '') {
+      writer.uint32(90).string(message.crlSignerDelegator)
+    }
     return writer
   },
 
@@ -1908,6 +1932,9 @@ export const MsgUpdatePkiRevocationDistributionPoint = {
         case 10:
           message.schemaVersion = reader.uint32()
           break
+        case 11:
+          message.crlSignerDelegator = reader.string()
+          break
         default:
           reader.skipType(tag & 7)
           break
@@ -1968,6 +1995,11 @@ export const MsgUpdatePkiRevocationDistributionPoint = {
     } else {
       message.schemaVersion = 0
     }
+    if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) {
+      message.crlSignerDelegator = String(object.crlSignerDelegator)
+    } else {
+      message.crlSignerDelegator = ''
+    }
     return message
   },
 
@@ -1983,6 +2015,7 @@ export const MsgUpdatePkiRevocationDistributionPoint = {
     message.dataDigest !== undefined && (obj.dataDigest = message.dataDigest)
     message.dataDigestType !== undefined && (obj.dataDigestType = message.dataDigestType)
     message.schemaVersion !== undefined && (obj.schemaVersion = message.schemaVersion)
+    message.crlSignerDelegator !== undefined && (obj.crlSignerDelegator = message.crlSignerDelegator)
     return obj
   },
 
@@ -2038,6 +2071,11 @@ export const MsgUpdatePkiRevocationDistributionPoint = {
     } else {
       message.schemaVersion = 0
     }
+    if (object.crlSignerDelegator !== undefined && object.crlSignerDelegator !== null) {
+      message.crlSignerDelegator = object.crlSignerDelegator
+    } else {
+      message.crlSignerDelegator = ''
+    }
     return message
   }
 }
diff --git a/x/pki/client/cli/flags.go b/x/pki/client/cli/flags.go
index a6322f0c8..25b0a497c 100644
--- a/x/pki/client/cli/flags.go
+++ b/x/pki/client/cli/flags.go
@@ -29,4 +29,5 @@ const (
 	FlagRevokeChild              = "revoke-child"
 	FlagRevokeChildShortcut      = "r"
 	FlagCertificateSchemaVersion = "certificate-schema-version"
+	FlagCertificateDelegator     = "certificate-delegator"
 )
diff --git a/x/pki/client/cli/tx_add_pki_revocation_distribution_point.go b/x/pki/client/cli/tx_add_pki_revocation_distribution_point.go
index 7ae91dfc0..81cde1a44 100644
--- a/x/pki/client/cli/tx_add_pki_revocation_distribution_point.go
+++ b/x/pki/client/cli/tx_add_pki_revocation_distribution_point.go
@@ -22,6 +22,7 @@ func CmdAddPkiRevocationDistributionPoint() *cobra.Command {
 		isPAA                bool
 		label                string
 		crlSignerCertificate string
+		crlSignerDelegator   string
 		issuerSubjectKeyID   string
 		dataURL              string
 		dataFileSize         uint64
@@ -46,6 +47,11 @@ func CmdAddPkiRevocationDistributionPoint() *cobra.Command {
 				return err
 			}
 
+			crlSignerDelegatorPem, err := cli.ReadFromFile(crlSignerDelegator)
+			if err != nil {
+				return err
+			}
+
 			msg := types.NewMsgAddPkiRevocationDistributionPoint(
 				clientCtx.GetFromAddress().String(),
 				vid,
@@ -53,6 +59,7 @@ func CmdAddPkiRevocationDistributionPoint() *cobra.Command {
 				isPAA,
 				label,
 				cert,
+				crlSignerDelegatorPem,
 				issuerSubjectKeyID,
 				dataURL,
 				dataFileSize,
@@ -78,7 +85,8 @@ func CmdAddPkiRevocationDistributionPoint() *cobra.Command {
 		"Product ID (positive non-zero). Must be empty if IsPAA is true. Must be equal to a pid field in CRLSignerCertificate")
 	cmd.Flags().BoolVar(&isPAA, FlagIsPAA, true, "True if the revocation information distribution point relates to a PAA (Root certificate)")
 	cmd.Flags().StringVarP(&label, FlagLabel, FlagLabelShortcut, "", " A label to disambiguate multiple revocation information partitions of a particular issuer")
-	cmd.Flags().StringVarP(&crlSignerCertificate, FlagCertificate, FlagCertificateShortcut, "", "The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data")
+	cmd.Flags().StringVarP(&crlSignerCertificate, FlagCertificate, FlagCertificateShortcut, "", "The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data. Please note that if crlSignerCertificate is a delegated certificate by a PAI, the delegator certificate must be provided using the `crlSignerDelegator` field")
+	cmd.Flags().StringVar(&crlSignerDelegator, FlagCertificateDelegator, "", "If crlSignerCertificate is a delegated certificate by a PAI, then crlSignerDelegator must contain the delegator PAI certificate which must be chained back to an approved certificate in the ledger, encoded in X.509v3 PEM format. Otherwise this field can be omitted. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data")
 	cmd.Flags().StringVar(&issuerSubjectKeyID, FlagIssuerSubjectKeyID, "", "Uniquely identifies the PAA or PAI for which this revocation distribution point is provided. Must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters., e.g: 5A880E6C3653D07FB08971A3F473790930E62BDB")
 	cmd.Flags().StringVar(&dataURL, FlagDataURL, "", "The URL where to obtain the information in the format indicated by the RevocationType field. Must start with either http or https")
 	cmd.Flags().Uint64Var(&dataFileSize, FlagDataFileSize, 0, "Total size in bytes of the file found at the DataURL. Must be omitted if RevocationType is 1")
diff --git a/x/pki/client/cli/tx_update_pki_revocation_distribution_point.go b/x/pki/client/cli/tx_update_pki_revocation_distribution_point.go
index cfbfa75ae..9caed45ff 100644
--- a/x/pki/client/cli/tx_update_pki_revocation_distribution_point.go
+++ b/x/pki/client/cli/tx_update_pki_revocation_distribution_point.go
@@ -20,6 +20,7 @@ func CmdUpdatePkiRevocationDistributionPoint() *cobra.Command {
 		vid                  int32
 		label                string
 		crlSignerCertificate string
+		crlSignerDelegator   string
 		issuerSubjectKeyID   string
 		dataURL              string
 		dataFileSize         uint64
@@ -43,11 +44,17 @@ func CmdUpdatePkiRevocationDistributionPoint() *cobra.Command {
 				return err
 			}
 
+			crlSignerDelegatorPem, err := cli.ReadFromFile(crlSignerDelegator)
+			if err != nil {
+				return err
+			}
+
 			msg := types.NewMsgUpdatePkiRevocationDistributionPoint(
 				clientCtx.GetFromAddress().String(),
 				vid,
 				label,
 				cert,
+				crlSignerDelegatorPem,
 				issuerSubjectKeyID,
 				dataURL,
 				dataFileSize,
@@ -69,7 +76,8 @@ func CmdUpdatePkiRevocationDistributionPoint() *cobra.Command {
 	cmd.Flags().Int32Var(&vid, FlagVid, 0,
 		"Vendor ID (positive non-zero). Must be the same as Vendor account's VID and vid field in the VID-scoped CRLSignerCertificate")
 	cmd.Flags().StringVarP(&label, FlagLabel, FlagLabelShortcut, "", " A label to disambiguate multiple revocation information partitions of a particular issuer")
-	cmd.Flags().StringVarP(&crlSignerCertificate, FlagCertificate, FlagCertificateShortcut, "", "The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data")
+	cmd.Flags().StringVarP(&crlSignerCertificate, FlagCertificate, FlagCertificateShortcut, "", "The issuer certificate whose revocation information is provided in the distribution point entry, encoded in X.509v3 PEM format. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data. Please note that if crlSignerCertificate is a delegated certificate by a PAI, the delegator certificate must be provided using the `crlSignerDelegator` field")
+	cmd.Flags().StringVar(&crlSignerDelegator, FlagCertificateDelegator, "", "If crlSignerCertificate is a delegated certificate by a PAI, then crlSignerDelegator must contain the delegator PAI certificate which must be chained back to an approved certificate in the ledger, encoded in X.509v3 PEM format. Otherwise this field can be omitted. The corresponding CLI parameter can contain either a PEM string or a path to a file containing the data")
 	cmd.Flags().StringVar(&issuerSubjectKeyID, FlagIssuerSubjectKeyID, "", "Uniquely identifies the PAA or PAI for which this revocation distribution point is provided. Must consist of even number of uppercase hexadecimal characters ([0-9A-F]), with no whitespace and no non-hexadecimal characters., e.g: 5A880E6C3653D07FB08971A3F473790930E62BDB")
 	cmd.Flags().StringVar(&dataURL, FlagDataURL, "", "The URL where to obtain the information in the format indicated by the RevocationType field. Must start with either http or https")
 	cmd.Flags().Uint64Var(&dataFileSize, FlagDataFileSize, 0, "Total size in bytes of the file found at the DataURL. Must be omitted if RevocationType is 1")
diff --git a/x/pki/handler_add_revocation_test.go b/x/pki/handler_add_revocation_test.go
index 8ea6d8a5d..c8066e20f 100644
--- a/x/pki/handler_add_revocation_test.go
+++ b/x/pki/handler_add_revocation_test.go
@@ -104,6 +104,63 @@ func TestHandler_AddPkiRevocationDistributionPoint_NegativeCases(t *testing.T) {
 			addRevocation: createAddRevocationMessageWithPAACertNoVid(accAddress.String(), testconstants.Vid),
 			err:           pkitypes.ErrMessageVidNotEqualRootCertVid,
 		},
+		{
+			name:            "Invalid PAI Delegator certificate",
+			accountVid:      testconstants.LeafCertWithVidVid,
+			accountRole:     dclauthtypes.Vendor,
+			rootCertOptions: createRootWithVidOptions(),
+			addRevocation: &types.MsgAddPkiRevocationDistributionPoint{
+				Signer:               accAddress.String(),
+				Vid:                  testconstants.LeafCertWithVidVid,
+				IsPAA:                false,
+				Pid:                  0,
+				CrlSignerCertificate: testconstants.LeafCertWithVid,
+				CrlSignerDelegator:   "invalid",
+				Label:                label,
+				DataURL:              testconstants.DataURL,
+				IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
+				RevocationType:       types.CRLRevocationType,
+			},
+			err: pkitypes.ErrInvalidCertificate,
+		},
+		{
+			name:            "CRL Signer Certificate is not chained back to Delegator PAI certificate",
+			accountVid:      testconstants.LeafCertWithVidVid,
+			accountRole:     dclauthtypes.Vendor,
+			rootCertOptions: createRootWithVidOptions(),
+			addRevocation: &types.MsgAddPkiRevocationDistributionPoint{
+				Signer:               accAddress.String(),
+				Vid:                  testconstants.LeafCertWithVidVid,
+				IsPAA:                false,
+				Pid:                  0,
+				CrlSignerCertificate: testconstants.LeafCertWithVid,
+				CrlSignerDelegator:   testconstants.IntermediateCertPem,
+				Label:                label,
+				DataURL:              testconstants.DataURL,
+				IssuerSubjectKeyID:   testconstants.IntermediateSubjectKeyIDWithoutColumns,
+				RevocationType:       types.CRLRevocationType,
+			},
+			err: pkitypes.ErrCertNotChainedBack,
+		},
+		{
+			name:            "Delegated CRL Signer Certificate is not chained back to root certificate on DCL",
+			accountVid:      testconstants.LeafCertWithVidVid,
+			accountRole:     dclauthtypes.Vendor,
+			rootCertOptions: createTestRootCertOptions(),
+			addRevocation: &types.MsgAddPkiRevocationDistributionPoint{
+				Signer:               accAddress.String(),
+				Vid:                  testconstants.LeafCertWithVidVid,
+				IsPAA:                false,
+				Pid:                  0,
+				CrlSignerCertificate: testconstants.LeafCertWithVid,
+				CrlSignerDelegator:   testconstants.IntermediateCertWithVid1,
+				Label:                label,
+				DataURL:              testconstants.DataURL,
+				IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
+				RevocationType:       types.CRLRevocationType,
+			},
+			err: pkitypes.ErrCertNotChainedBack,
+		},
 	}
 
 	for _, tc := range cases {
@@ -172,7 +229,7 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) {
 			name:            "PAANoVid",
 			rootCertOptions: createPAACertNoVidOptions(testconstants.VendorID1),
 			addRevocation:   createAddRevocationMessageWithPAACertNoVid(vendorAcc.String(), testconstants.VendorID1),
-			SchemaVersion:   1000000,
+			SchemaVersion:   65535,
 		},
 		{
 			name:            "PAIWithVid",
@@ -188,7 +245,40 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) {
 				IssuerSubjectKeyID:   testconstants.SubjectKeyIDWithoutColons,
 				RevocationType:       types.CRLRevocationType,
 			},
-			SchemaVersion: 999999999,
+			SchemaVersion: testconstants.SchemaVersion,
+		},
+		{
+			name:            "CrlSignerDelegatedByPAI",
+			rootCertOptions: createTestRootCertOptions(),
+			addRevocation: &types.MsgAddPkiRevocationDistributionPoint{
+				Signer:               vendorAcc.String(),
+				Vid:                  65522,
+				IsPAA:                false,
+				Pid:                  0,
+				CrlSignerCertificate: testconstants.LeafCertPem,
+				CrlSignerDelegator:   testconstants.IntermediateCertPem,
+				Label:                label,
+				DataURL:              testconstants.DataURL,
+				IssuerSubjectKeyID:   testconstants.RootSubjectKeyIDWithoutColumns,
+				RevocationType:       types.CRLRevocationType,
+			},
+			SchemaVersion: testconstants.SchemaVersion,
+		},
+		{
+			name:            "CrlSignerDelegatedByPAA",
+			rootCertOptions: createTestRootCertOptions(),
+			addRevocation: &types.MsgAddPkiRevocationDistributionPoint{
+				Signer:               vendorAcc.String(),
+				Vid:                  65522,
+				IsPAA:                true,
+				Pid:                  0,
+				CrlSignerCertificate: testconstants.IntermediateCertPem,
+				Label:                label,
+				DataURL:              testconstants.DataURL,
+				IssuerSubjectKeyID:   testconstants.RootSubjectKeyIDWithoutColumns,
+				RevocationType:       types.CRLRevocationType,
+			},
+			SchemaVersion: testconstants.SchemaVersion,
 		},
 	}
 
@@ -202,11 +292,11 @@ func TestHandler_AddPkiRevocationDistributionPoint_PositiveCases(t *testing.T) {
 			_, err := setup.Handler(setup.Ctx, tc.addRevocation)
 			require.NoError(t, err)
 
-			revocationPoint, isFound := setup.Keeper.GetPkiRevocationDistributionPoint(setup.Ctx, tc.addRevocation.Vid, label, testconstants.SubjectKeyIDWithoutColons)
+			revocationPoint, isFound := setup.Keeper.GetPkiRevocationDistributionPoint(setup.Ctx, tc.addRevocation.Vid, label, tc.addRevocation.IssuerSubjectKeyID)
 			require.True(t, isFound)
 			assertRevocationPointEqual(t, tc.addRevocation, &revocationPoint)
 
-			revocationPointBySubjectKeyID, isFound := setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, testconstants.SubjectKeyIDWithoutColons)
+			revocationPointBySubjectKeyID, isFound := setup.Keeper.GetPkiRevocationDistributionPointsByIssuerSubjectKeyID(setup.Ctx, tc.addRevocation.IssuerSubjectKeyID)
 			require.True(t, isFound)
 			assertRevocationPointEqual(t, tc.addRevocation, revocationPointBySubjectKeyID.Points[0])
 		})
diff --git a/x/pki/handler_update_revocation_test.go b/x/pki/handler_update_revocation_test.go
index 2f3732802..9208f0cd7 100644
--- a/x/pki/handler_update_revocation_test.go
+++ b/x/pki/handler_update_revocation_test.go
@@ -168,6 +168,42 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_NegativeCases(t *testing.T
 			},
 			err: pkitypes.ErrDataFieldPresented,
 		},
+		{
+			name:            "Invalid PAI Delegator certificate",
+			accountVid:      testconstants.LeafCertWithVidVid,
+			vendorAccVid:    testconstants.LeafCertWithVidVid,
+			accountRole:     dclauthtypes.Vendor,
+			rootCertOptions: createRootWithVidOptions(),
+			addRevocation:   createAddRevocationMessageWithLeafCertWithVid(vendorAcc.String()),
+			updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{
+				Signer:               vendorAcc.String(),
+				Vid:                  testconstants.LeafCertWithVidVid,
+				CrlSignerCertificate: testconstants.LeafCertWithVid,
+				CrlSignerDelegator:   "invalid",
+				Label:                label,
+				DataURL:              testconstants.DataURL,
+				IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
+			},
+			err: pkitypes.ErrInvalidCertificate,
+		},
+		{
+			name:            "CRL Signer Certificate is not chained back to Delegator PAI certificate",
+			accountVid:      testconstants.LeafCertWithVidVid,
+			vendorAccVid:    testconstants.LeafCertWithVidVid,
+			accountRole:     dclauthtypes.Vendor,
+			rootCertOptions: createRootWithVidOptions(),
+			addRevocation:   createAddRevocationMessageWithLeafCertWithVid(vendorAcc.String()),
+			updatedRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{
+				Signer:               vendorAcc.String(),
+				Vid:                  testconstants.LeafCertWithVidVid,
+				CrlSignerCertificate: testconstants.LeafCertWithVid,
+				CrlSignerDelegator:   testconstants.IntermediateCertPem,
+				Label:                label,
+				DataURL:              testconstants.DataURL,
+				IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
+			},
+			err: pkitypes.ErrCertNotChainedBack,
+		},
 	}
 
 	for _, tc := range cases {
@@ -683,6 +719,42 @@ func TestHandler_UpdatePkiRevocationDistributionPoint_CrlSignerCertificateField(
 				IssuerSubjectKeyID:   testconstants.SubjectKeyIDWithoutColons,
 			},
 		},
+		{
+			name:             "CrlSignerDelegatedByPAI",
+			rootCertOptions1: createTestRootCertOptions(),
+			rootCertOptions2: createRootWithVidOptions(),
+			addRevocation:    createAddRevocationMessageWithLeafCertWithVid(vendorAcc.String()),
+			updateRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{
+				Signer:               vendorAcc.String(),
+				Vid:                  65521,
+				CrlSignerCertificate: testconstants.LeafCertWithVid,
+				CrlSignerDelegator:   testconstants.IntermediateCertWithVid1,
+				Label:                label,
+				DataURL:              testconstants.DataURL,
+				IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
+			},
+		},
+		{
+			name:             "CrlSignerDelegatedByPAA",
+			rootCertOptions1: createTestRootCertOptions(),
+			rootCertOptions2: createRootWithVidOptions(),
+			addRevocation: &types.MsgAddPkiRevocationDistributionPoint{
+				Signer:               vendorAcc.String(),
+				IsPAA:                true,
+				CrlSignerCertificate: testconstants.IntermediateCertPem,
+				Label:                label,
+				DataURL:              testconstants.DataURL,
+				IssuerSubjectKeyID:   testconstants.RootSubjectKeyIDWithoutColumns,
+				RevocationType:       types.CRLRevocationType,
+			},
+			updateRevocation: &types.MsgUpdatePkiRevocationDistributionPoint{
+				Signer:               vendorAcc.String(),
+				CrlSignerCertificate: testconstants.IntermediateCertWithoutVidPid,
+				Label:                label,
+				DataURL:              testconstants.DataURL,
+				IssuerSubjectKeyID:   testconstants.RootSubjectKeyIDWithoutColumns,
+			},
+		},
 	}
 
 	for _, tc := range cases {
diff --git a/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go b/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go
index f90f1b89b..2f95ad044 100644
--- a/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go
+++ b/x/pki/keeper/msg_server_add_pki_revocation_distribution_point.go
@@ -46,7 +46,7 @@ func (k msgServer) AddPkiRevocationDistributionPoint(goCtx context.Context, msg
 		err = k.checkRootCert(ctx, crlSignerCertificate, msg)
 	} else {
 		// check that crlSignerCertificate is chained back to a certificate on the ledger
-		err = k.checkNonRootCert(ctx, crlSignerCertificate)
+		err = k.checkCRLSignerNonRootCert(ctx, crlSignerCertificate, msg.CrlSignerDelegator, msg.IsPAA)
 	}
 	if err != nil {
 		return nil, err
@@ -69,6 +69,7 @@ func (k msgServer) AddPkiRevocationDistributionPoint(goCtx context.Context, msg
 		Pid:                  msg.Pid,
 		IsPAA:                msg.IsPAA,
 		CrlSignerCertificate: msg.CrlSignerCertificate,
+		CrlSignerDelegator:   msg.CrlSignerDelegator,
 		DataURL:              msg.DataURL,
 		DataFileSize:         msg.DataFileSize,
 		DataDigest:           msg.DataDigest,
@@ -116,9 +117,28 @@ func (k msgServer) checkRootCert(ctx sdk.Context, crlSignerCertificate *x509.Cer
 	return nil
 }
 
-func (k msgServer) checkNonRootCert(ctx sdk.Context, crlSignerCertificate *x509.Certificate) error {
+func (k msgServer) checkCRLSignerNonRootCert(ctx sdk.Context, crlSignerCertificate *x509.Certificate, crlSignerDelegator string, isPAA bool) error {
+	if crlSignerDelegator != "" && !isPAA {
+		crlSignerDelegatorCert, err := x509.DecodeX509Certificate(crlSignerDelegator)
+		if err != nil {
+			return pkitypes.NewErrInvalidCertificate(err)
+		}
+
+		// verify CRL Signer certificate against Delegated PAI certificate
+		if err = crlSignerCertificate.Verify(crlSignerDelegatorCert, ctx.BlockTime()); err != nil {
+			return pkitypes.NewErrCRLSignerCertNotChainedBackToDelegator()
+		}
+
+		if _, err = k.verifyCertificate(ctx, crlSignerDelegatorCert); err != nil {
+			return pkitypes.NewErrCRLSignerCertDelegatorNotChainedBack()
+		}
+
+		return nil
+	}
+
 	// check that it's chained back to a cert on DCL
-	if _, err := k.verifyCertificate(ctx, crlSignerCertificate); err != nil {
+	_, err := k.verifyCertificate(ctx, crlSignerCertificate)
+	if err != nil {
 		return pkitypes.NewErrCertNotChainedBack()
 	}
 
diff --git a/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go b/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go
index a433728fd..e770d3c98 100644
--- a/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go
+++ b/x/pki/keeper/msg_server_update_pki_revocation_distribution_point.go
@@ -36,10 +36,13 @@ func (k msgServer) UpdatePkiRevocationDistributionPoint(goCtx context.Context, m
 
 	// validate and update new values
 	if msg.CrlSignerCertificate != "" {
-		if err := k.verifyUpdatedCertificate(ctx, msg.CrlSignerCertificate, &pkiRevocationDistributionPoint); err != nil {
+		err = k.verifyUpdatedCertificate(ctx, msg.CrlSignerCertificate, msg.CrlSignerDelegator, &pkiRevocationDistributionPoint)
+		if err != nil {
 			return nil, err
 		}
+
 		pkiRevocationDistributionPoint.CrlSignerCertificate = msg.CrlSignerCertificate
+		pkiRevocationDistributionPoint.CrlSignerDelegator = msg.CrlSignerDelegator
 	}
 
 	if pkiRevocationDistributionPoint.RevocationType == types.CRLRevocationType && (msg.DataFileSize != 0 || msg.DataDigest != "" || msg.DataDigestType != 0) {
@@ -79,7 +82,7 @@ func (k msgServer) UpdatePkiRevocationDistributionPoint(goCtx context.Context, m
 	return &types.MsgUpdatePkiRevocationDistributionPointResponse{}, nil
 }
 
-func (k msgServer) verifyUpdatedCertificate(ctx sdk.Context, newCertificatePem string, revocationPoint *types.PkiRevocationDistributionPoint) error {
+func (k msgServer) verifyUpdatedCertificate(ctx sdk.Context, newCertificatePem, newDelegatorCertPem string, revocationPoint *types.PkiRevocationDistributionPoint) error {
 	oldCertificate, err := x509.DecodeX509Certificate(revocationPoint.CrlSignerCertificate)
 	if err != nil {
 		return pkitypes.NewErrInvalidCertificate(err)
@@ -88,7 +91,7 @@ func (k msgServer) verifyUpdatedCertificate(ctx sdk.Context, newCertificatePem s
 	if oldCertificate.IsSelfSigned() {
 		err = k.verifyUpdatedPAA(ctx, newCertificatePem, revocationPoint)
 	} else {
-		err = k.verifyUpdatedPAI(ctx, newCertificatePem, revocationPoint)
+		err = k.verifyUpdatedPAI(ctx, newCertificatePem, newDelegatorCertPem, revocationPoint)
 	}
 
 	if err != nil {
@@ -154,7 +157,7 @@ func (k msgServer) verifyUpdatedPAA(ctx sdk.Context, newCertificatePem string, r
 	return nil
 }
 
-func (k msgServer) verifyUpdatedPAI(ctx sdk.Context, newCertificatePem string, revocationPoint *types.PkiRevocationDistributionPoint) error {
+func (k msgServer) verifyUpdatedPAI(ctx sdk.Context, newCertificatePem, newDelegatorCertPem string, revocationPoint *types.PkiRevocationDistributionPoint) error {
 	// decode new cert
 	newCertificate, err := x509.DecodeX509Certificate(newCertificatePem)
 	if err != nil {
@@ -187,9 +190,18 @@ func (k msgServer) verifyUpdatedPAI(ctx sdk.Context, newCertificatePem string, r
 		return pkitypes.NewErrPidNotFoundInCertificateButProvidedInRevocationPoint()
 	}
 
+	// Check for static validation when CRL Signer is a Leaf certificate
+	if revocationPoint.IsPAA || revocationPoint.CrlSignerDelegator != "" {
+		err = types.VerifyCRLSignerCertFormat(newCertificate)
+		if err != nil {
+			return err
+		}
+	}
+
 	// check that it's chained back to a cert on DCL
-	if _, err = k.verifyCertificate(ctx, newCertificate); err != nil {
-		return pkitypes.NewErrCertNotChainedBack()
+	err = k.checkCRLSignerNonRootCert(ctx, newCertificate, newDelegatorCertPem, revocationPoint.IsPAA)
+	if err != nil {
+		return err
 	}
 
 	return nil
diff --git a/x/pki/revocation_message_utils_test.go b/x/pki/revocation_message_utils_test.go
index a1b2b8f67..bc4cd8782 100644
--- a/x/pki/revocation_message_utils_test.go
+++ b/x/pki/revocation_message_utils_test.go
@@ -66,6 +66,20 @@ func createAddRevocationMessageWithPAACertNoVid(signer string, vid int32) *types
 	}
 }
 
+func createAddRevocationMessageWithLeafCertWithVid(signer string) *types.MsgAddPkiRevocationDistributionPoint {
+	return &types.MsgAddPkiRevocationDistributionPoint{
+		Signer:               signer,
+		Vid:                  testconstants.LeafCertWithVidVid,
+		IsPAA:                false,
+		CrlSignerCertificate: testconstants.LeafCertWithVid,
+		CrlSignerDelegator:   testconstants.IntermediateCertWithVid1,
+		Label:                label,
+		DataURL:              testconstants.DataURL,
+		IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
+		RevocationType:       types.CRLRevocationType,
+	}
+}
+
 func assertRevocationPointEqual(t *testing.T, expected *types.MsgAddPkiRevocationDistributionPoint, actual *types.PkiRevocationDistributionPoint) {
 	require.Equal(t, expected.CrlSignerCertificate, actual.CrlSignerCertificate)
 	require.Equal(t, expected.CrlSignerCertificate, actual.CrlSignerCertificate)
diff --git a/x/pki/types/message_add_pki_revocation_distribution_point.go b/x/pki/types/message_add_pki_revocation_distribution_point.go
index 00895f724..101378f48 100644
--- a/x/pki/types/message_add_pki_revocation_distribution_point.go
+++ b/x/pki/types/message_add_pki_revocation_distribution_point.go
@@ -1,9 +1,14 @@
 package types
 
 import (
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	x509std "crypto/x509"
+	"encoding/asn1"
 	"strings"
 
 	sdk "github.com/cosmos/cosmos-sdk/types"
+
 	pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki"
 	"github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator"
 	"github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/x509"
@@ -13,8 +18,10 @@ const TypeMsgAddPkiRevocationDistributionPoint = "add_pki_revocation_distributio
 
 var _ sdk.Msg = &MsgAddPkiRevocationDistributionPoint{}
 
+var oidKeyUsage = asn1.ObjectIdentifier{2, 5, 29, 15}
+
 func NewMsgAddPkiRevocationDistributionPoint(signer string, vid int32, pid int32, isPAA bool, label string,
-	crlSignerCertificate string, issuerSubjectKeyID string, dataURL string, dataFileSize uint64, dataDigest string,
+	crlSignerCertificate string, crlSignerDelegator string, issuerSubjectKeyID string, dataURL string, dataFileSize uint64, dataDigest string,
 	dataDigestType uint32, revocationType uint32, schemaVersion uint32) *MsgAddPkiRevocationDistributionPoint {
 	return &MsgAddPkiRevocationDistributionPoint{
 		Signer:               signer,
@@ -23,6 +30,7 @@ func NewMsgAddPkiRevocationDistributionPoint(signer string, vid int32, pid int32
 		IsPAA:                isPAA,
 		Label:                label,
 		CrlSignerCertificate: crlSignerCertificate,
+		CrlSignerDelegator:   crlSignerDelegator,
 		IssuerSubjectKeyID:   issuerSubjectKeyID,
 		DataURL:              dataURL,
 		DataFileSize:         dataFileSize,
@@ -61,8 +69,9 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyPAA(cert *x509.Certificat
 		return pkitypes.NewErrNotEmptyPidForRootCertificate()
 	}
 
-	if !cert.IsSelfSigned() {
-		return pkitypes.NewErrRootCertificateIsNotSelfSigned()
+	pid, _ := x509.GetPidFromSubject(cert.SubjectAsText)
+	if pid != 0 {
+		return pkitypes.NewErrNotEmptyPidForRootCertificate()
 	}
 
 	// verify VID
@@ -75,6 +84,13 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyPAA(cert *x509.Certificat
 		return pkitypes.NewErrCRLSignerCertificateVidNotEqualMsgVid(vid, msg.Vid)
 	}
 
+	if !cert.IsSelfSigned() {
+		err = VerifyCRLSignerCertFormat(cert)
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
 
@@ -108,6 +124,78 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyPAI(cert *x509.Certificat
 		return pkitypes.NewErrCRLSignerCertificatePidNotEqualMsgPid(pid, msg.Pid)
 	}
 
+	if msg.CrlSignerDelegator != "" {
+		err = VerifyCRLSignerCertFormat(cert)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}
+
+func VerifyCRLSignerCertFormat(certificate *x509.Certificate) error {
+	if certificate.SubjectKeyID == "" {
+		return pkitypes.NewErrWrongSubjectKeyIDFormat()
+	}
+
+	cert := certificate.Certificate
+	if cert.Version != 3 {
+		return pkitypes.NewErrCRLSignerCertificateInvalidFormat(
+			"The version field SHALL be set to 2 to indicate v3 certificate",
+		)
+	}
+
+	if cert.SignatureAlgorithm != x509std.ECDSAWithSHA256 {
+		return pkitypes.NewErrCRLSignerCertificateInvalidFormat(
+			"The signature field SHALL contain the identifier for signatureAlgorithm ecdsa-with-SHA256",
+		)
+	}
+
+	// Type assert to get the ECDSA public key
+	ecdsaPubKey, ok := cert.PublicKey.(*ecdsa.PublicKey)
+	if !ok {
+		return pkitypes.NewErrCRLSignerCertificateInvalidFormat(
+			"Public key is not of type ECDSA",
+		)
+	}
+
+	// Check if the curve parameters match prime256v1 (secp256r1 / P-256)
+	if ecdsaPubKey.Curve != elliptic.P256() {
+		return pkitypes.NewErrCRLSignerCertificateInvalidFormat(
+			"The public key must use prime256v1 curve",
+		)
+	}
+
+	// Basic Constraint extension should be marked critical and have the cA field set to false
+	if !cert.BasicConstraintsValid || cert.IsCA {
+		return pkitypes.NewErrCRLSignerCertificateInvalidFormat(
+			"Basic Constraint extension's cA field SHALL be set to FALSE",
+		)
+	}
+
+	// Key Usage extension should be marked critical
+	isCritical := false
+	for _, ext := range cert.Extensions {
+		if ext.Id.Equal(oidKeyUsage) {
+			isCritical = ext.Critical
+
+			break
+		}
+	}
+
+	if !isCritical {
+		return pkitypes.NewErrCRLSignerCertificateInvalidFormat("Basic Constraint extension SHALL be marked critical")
+	}
+
+	if cert.KeyUsage&x509std.KeyUsageCRLSign == 0 {
+		return pkitypes.NewErrCRLSignerCertificateInvalidFormat("The cRLSign bits SHALL be set in the KeyUsage bitstring")
+	}
+
+	if cert.KeyUsage&^(x509std.KeyUsageCRLSign|x509std.KeyUsageDigitalSignature) != 0 {
+		return pkitypes.NewErrCRLSignerCertificateInvalidFormat("The KeyUsage bitstring can only include the cRLSign and digitalSignature bits")
+	}
+
 	return nil
 }
 
@@ -183,7 +271,7 @@ func (msg *MsgAddPkiRevocationDistributionPoint) verifyFields() error {
 	match := VerifyRevocationPointIssuerSubjectKeyIDFormat(msg.IssuerSubjectKeyID)
 
 	if !match {
-		return pkitypes.NewErrWrongSubjectKeyIDFormat()
+		return pkitypes.NewErrWrongIssuerSubjectKeyIDFormat()
 	}
 
 	return nil
@@ -200,11 +288,11 @@ func (msg *MsgAddPkiRevocationDistributionPoint) ValidateBasic() error {
 		return err
 	}
 
-	if err := msg.verifyFields(); err != nil {
+	if err = msg.verifyFields(); err != nil {
 		return err
 	}
 
-	if err := msg.verifySignerCertificate(); err != nil {
+	if err = msg.verifySignerCertificate(); err != nil {
 		return err
 	}
 
diff --git a/x/pki/types/message_add_pki_revocation_distribution_point_test.go b/x/pki/types/message_add_pki_revocation_distribution_point_test.go
index 2ca3838c0..5b36f2e08 100644
--- a/x/pki/types/message_add_pki_revocation_distribution_point_test.go
+++ b/x/pki/types/message_add_pki_revocation_distribution_point_test.go
@@ -1,15 +1,20 @@
 package types
 
 import (
-	fmt "fmt"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	x509std "crypto/x509"
+	"fmt"
 	"testing"
 
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
 	"github.com/stretchr/testify/require"
+
 	testconstants "github.com/zigbee-alliance/distributed-compliance-ledger/integration_tests/constants"
 	"github.com/zigbee-alliance/distributed-compliance-ledger/testutil/sample"
 	pkitypes "github.com/zigbee-alliance/distributed-compliance-ledger/types/pki"
 	"github.com/zigbee-alliance/distributed-compliance-ledger/utils/validator"
+	"github.com/zigbee-alliance/distributed-compliance-ledger/x/pki/x509"
 )
 
 func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) {
@@ -365,20 +370,6 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) {
 			},
 			err: pkitypes.ErrNonRootCertificateSelfSigned,
 		},
-		{
-			name: "IsPAA true, certificate is non-root",
-			msg: MsgAddPkiRevocationDistributionPoint{
-				Signer:               sample.AccAddress(),
-				Vid:                  testconstants.Vid,
-				IsPAA:                true,
-				CrlSignerCertificate: testconstants.IntermediateCertPem,
-				Label:                "label",
-				DataURL:              testconstants.DataURL,
-				IssuerSubjectKeyID:   testconstants.SubjectKeyIDWithoutColons,
-				RevocationType:       1,
-			},
-			err: pkitypes.ErrRootCertificateIsNotSelfSigned,
-		},
 		{
 			name: "PAA is true, CRL signer certificate contains vid != msg.vid",
 			msg: MsgAddPkiRevocationDistributionPoint{
@@ -461,12 +452,12 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) {
 			name: "minimal msg isPAA true",
 			msg: MsgAddPkiRevocationDistributionPoint{
 				Signer:               sample.AccAddress(),
-				Vid:                  testconstants.PAACertWithNumericVidVid,
+				Vid:                  testconstants.LeafCertWithVidVid,
 				IsPAA:                true,
-				CrlSignerCertificate: testconstants.PAACertWithNumericVid,
+				CrlSignerCertificate: testconstants.LeafCertWithVid,
 				Label:                "label",
 				DataURL:              testconstants.DataURL,
-				IssuerSubjectKeyID:   testconstants.SubjectKeyIDWithoutColons,
+				IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
 				RevocationType:       1,
 			},
 		},
@@ -474,13 +465,12 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) {
 			name: "minimal msg isPAA false",
 			msg: MsgAddPkiRevocationDistributionPoint{
 				Signer:               sample.AccAddress(),
-				Vid:                  testconstants.PAICertWithNumericPidVidVid,
+				Vid:                  testconstants.LeafCertWithVidVid,
 				IsPAA:                false,
-				Pid:                  testconstants.PAICertWithNumericPidVidPid,
-				CrlSignerCertificate: testconstants.PAICertWithNumericPidVid,
+				CrlSignerCertificate: testconstants.LeafCertWithVid,
 				Label:                "label",
 				DataURL:              testconstants.DataURL,
-				IssuerSubjectKeyID:   testconstants.SubjectKeyIDWithoutColons,
+				IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
 				RevocationType:       1,
 			},
 		},
@@ -488,12 +478,12 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) {
 			name: "vid == cert.vid",
 			msg: MsgAddPkiRevocationDistributionPoint{
 				Signer:               sample.AccAddress(),
-				Vid:                  testconstants.PAACertWithNumericVidVid,
+				Vid:                  testconstants.LeafCertWithVidVid,
 				IsPAA:                true,
-				CrlSignerCertificate: testconstants.PAACertWithNumericVid,
+				CrlSignerCertificate: testconstants.LeafCertWithVid,
 				Label:                "label",
 				DataURL:              testconstants.DataURL,
-				IssuerSubjectKeyID:   testconstants.SubjectKeyIDWithoutColons,
+				IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
 				RevocationType:       1,
 			},
 		},
@@ -501,13 +491,13 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) {
 			name: "vid == cert.vid, pid == cert.pid",
 			msg: MsgAddPkiRevocationDistributionPoint{
 				Signer:               sample.AccAddress(),
-				Vid:                  testconstants.PAICertWithNumericPidVidVid,
+				Vid:                  testconstants.LeafCertWithVidPidVid,
 				IsPAA:                false,
-				CrlSignerCertificate: testconstants.PAICertWithNumericPidVid,
+				CrlSignerCertificate: testconstants.LeafCertWithVidPid,
 				Label:                "label",
 				DataURL:              testconstants.DataURL,
-				IssuerSubjectKeyID:   testconstants.SubjectKeyIDWithoutColons,
-				Pid:                  testconstants.PAICertWithNumericPidVidPid,
+				IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
+				Pid:                  testconstants.LeafCertWithVidPidPid,
 				RevocationType:       1,
 			},
 		},
@@ -530,10 +520,10 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) {
 				Signer:               sample.AccAddress(),
 				Vid:                  testconstants.Vid,
 				IsPAA:                true,
-				CrlSignerCertificate: testconstants.RootCertPem,
+				CrlSignerCertificate: testconstants.LeafCertWithoutVidPid,
 				Label:                "label",
 				DataURL:              testconstants.DataURL,
-				IssuerSubjectKeyID:   testconstants.SubjectKeyIDWithoutColons,
+				IssuerSubjectKeyID:   testconstants.IntermediateCertWithVid1SubjectKeyIDWithoutColumns,
 				RevocationType:       1,
 			},
 		},
@@ -582,3 +572,82 @@ func TestMsgAddPkiRevocationDistributionPoint_ValidateBasic(t *testing.T) {
 		})
 	}
 }
+func TestMsgAddPkiRevocationDistributionPoint_verifyCRLCertFormat(t *testing.T) {
+	negativeTests := []struct {
+		name string
+		init func(*x509.Certificate)
+		err  error
+	}{
+		{
+			name: "empty subject-key-id",
+			init: func(certificate *x509.Certificate) {
+				certificate.SubjectKeyID = ""
+			},
+			err: pkitypes.ErrWrongSubjectKeyIDFormat,
+		},
+		{
+			name: "version is not v3",
+			init: func(certificate *x509.Certificate) {
+				certificate.Certificate.Version = 2
+			},
+			err: pkitypes.ErrCRLSignerCertificateInvalidFormat,
+		},
+		{
+			name: "SignatureAlgorithm is not ECDSAWithSHA256",
+			init: func(certificate *x509.Certificate) {
+				certificate.Certificate.SignatureAlgorithm = x509std.ECDSAWithSHA384
+			},
+			err: pkitypes.ErrCRLSignerCertificateInvalidFormat,
+		},
+		{
+			name: "PublicKey is not use prime256v1 curve",
+			init: func(certificate *x509.Certificate) {
+				ecdsaPubKey, _ := certificate.Certificate.PublicKey.(*ecdsa.PublicKey)
+				ecdsaPubKey.Curve = elliptic.P224()
+				certificate.Certificate.PublicKey = ecdsaPubKey
+			},
+			err: pkitypes.ErrCRLSignerCertificateInvalidFormat,
+		},
+		{
+			name: "Key Usage extension is not critical",
+			init: func(certificate *x509.Certificate) {
+				certificate.Certificate.Extensions[3].Critical = false
+			},
+			err: pkitypes.ErrCRLSignerCertificateInvalidFormat,
+		},
+		{
+			name: "The cRLSign bits is not in the KeyUsage bitstring",
+			init: func(certificate *x509.Certificate) {
+				certificate.Certificate.KeyUsage = x509std.KeyUsageCertSign
+			},
+			err: pkitypes.ErrCRLSignerCertificateInvalidFormat,
+		},
+		{
+			name: "Other Key Usage bits expect KeyUsageCRLSign and KeyUsageDigitalSignature is not be set",
+			init: func(certificate *x509.Certificate) {
+				certificate.Certificate.KeyUsage = x509std.KeyUsageCertSign | x509std.KeyUsageCRLSign | x509std.KeyUsageDigitalSignature
+			},
+			err: pkitypes.ErrCRLSignerCertificateInvalidFormat,
+		},
+	}
+
+	for _, tt := range negativeTests {
+		t.Run(tt.name, func(t *testing.T) {
+			cert, err := x509.DecodeX509Certificate(testconstants.LeafCertWithVid)
+			require.NoError(t, err)
+
+			tt.init(cert)
+
+			err = VerifyCRLSignerCertFormat(cert)
+			require.Error(t, err)
+			require.ErrorIs(t, err, tt.err)
+		})
+	}
+
+	// Positive case
+	cert, err := x509.DecodeX509Certificate(testconstants.LeafCertWithVid)
+	require.NoError(t, err)
+
+	err = VerifyCRLSignerCertFormat(cert)
+	require.NoError(t, err)
+}
diff --git a/x/pki/types/message_delete_pki_revocation_distribution_point.go b/x/pki/types/message_delete_pki_revocation_distribution_point.go
index 9f801b13f..02c7bfc3d 100644
--- a/x/pki/types/message_delete_pki_revocation_distribution_point.go
+++ b/x/pki/types/message_delete_pki_revocation_distribution_point.go
@@ -56,7 +56,7 @@ func (msg *MsgDeletePkiRevocationDistributionPoint) ValidateBasic() error {
 	match := VerifyRevocationPointIssuerSubjectKeyIDFormat(msg.IssuerSubjectKeyID)
 
 	if !match {
-		return pkitypes.NewErrWrongSubjectKeyIDFormat()
+		return pkitypes.NewErrWrongIssuerSubjectKeyIDFormat()
 	}
 
 	return nil
diff --git a/x/pki/types/message_update_pki_revocation_distribution_point.go b/x/pki/types/message_update_pki_revocation_distribution_point.go
index 1b868ae31..5d63427b4 100644
--- a/x/pki/types/message_update_pki_revocation_distribution_point.go
+++ b/x/pki/types/message_update_pki_revocation_distribution_point.go
@@ -13,12 +13,14 @@ const TypeMsgUpdatePkiRevocationDistributionPoint = "update_pki_revocation_distr
 var _ sdk.Msg = &MsgUpdatePkiRevocationDistributionPoint{}
 
 func NewMsgUpdatePkiRevocationDistributionPoint(signer string, vid int32, label string, crlSignerCertificate string,
-	issuerSubjectKeyID string, dataURL string, dataFileSize uint64, dataDigest string, dataDigestType uint32, schemaVersion uint32) *MsgUpdatePkiRevocationDistributionPoint {
+	crlSignerDelegator string, issuerSubjectKeyID string, dataURL string, dataFileSize uint64, dataDigest string,
+	dataDigestType uint32, schemaVersion uint32) *MsgUpdatePkiRevocationDistributionPoint {
 	return &MsgUpdatePkiRevocationDistributionPoint{
 		Signer:               signer,
 		Vid:                  vid,
 		Label:                label,
 		CrlSignerCertificate: crlSignerCertificate,
+		CrlSignerDelegator:   crlSignerDelegator,
 		IssuerSubjectKeyID:   issuerSubjectKeyID,
 		DataURL:              dataURL,
 		DataFileSize:         dataFileSize,
@@ -101,7 +103,7 @@ func (msg *MsgUpdatePkiRevocationDistributionPoint) ValidateBasic() error {
 	match := VerifyRevocationPointIssuerSubjectKeyIDFormat(msg.IssuerSubjectKeyID)
 
 	if !match {
-		return pkitypes.NewErrWrongSubjectKeyIDFormat()
+		return pkitypes.NewErrWrongIssuerSubjectKeyIDFormat()
 	}
 
 	return nil
diff --git a/x/pki/types/pki_revocation_distribution_point.pb.go b/x/pki/types/pki_revocation_distribution_point.pb.go
index 1b6bc47f7..e6f413592 100644
--- a/x/pki/types/pki_revocation_distribution_point.pb.go
+++ b/x/pki/types/pki_revocation_distribution_point.pb.go
@@ -35,6 +35,7 @@ type PkiRevocationDistributionPoint struct {
 	DataDigestType       uint32 `protobuf:"varint,10,opt,name=dataDigestType,proto3" json:"dataDigestType,omitempty"`
 	RevocationType       uint32 `protobuf:"varint,11,opt,name=revocationType,proto3" json:"revocationType,omitempty"`
 	SchemaVersion        uint32 `protobuf:"varint,12,opt,name=schemaVersion,proto3" json:"schemaVersion,omitempty"`
+	CrlSignerDelegator   string `protobuf:"bytes,13,opt,name=crlSignerDelegator,proto3" json:"crlSignerDelegator,omitempty"`
 }
 
 func (m *PkiRevocationDistributionPoint) Reset()         { *m = PkiRevocationDistributionPoint{} }
@@ -154,6 +155,13 @@ func (m *PkiRevocationDistributionPoint) GetSchemaVersion() uint32 {
 	return 0
 }
 
+func (m *PkiRevocationDistributionPoint) GetCrlSignerDelegator() string {
+	if m != nil {
+		return m.CrlSignerDelegator
+	}
+	return ""
+}
+
 func init() {
 	proto.RegisterType((*PkiRevocationDistributionPoint)(nil), "zigbeealliance.distributedcomplianceledger.pki.PkiRevocationDistributionPoint")
 }
@@ -163,32 +171,33 @@ func init() {
 }
 
 var fileDescriptor_35504fa19b856908 = []byte{
-	// 396 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0xcd, 0x6e, 0x13, 0x31,
-	0x14, 0x85, 0x63, 0xd2, 0xf4, 0xc7, 0xb4, 0x08, 0x59, 0x5d, 0x78, 0x65, 0x8d, 0x2a, 0x84, 0x46,
-	0x42, 0x99, 0x91, 0xe0, 0x09, 0x0a, 0x11, 0x12, 0x82, 0x45, 0x34, 0x01, 0x16, 0x2c, 0xa8, 0x3c,
-	0x9e, 0xcb, 0xf4, 0x92, 0xc9, 0xd8, 0xb2, 0x3d, 0x15, 0xe9, 0x53, 0xf0, 0x18, 0x3c, 0x0a, 0xcb,
-	0x2e, 0x59, 0xa2, 0xe4, 0x45, 0xd0, 0xd8, 0x6a, 0x93, 0xa0, 0xec, 0x7c, 0x8e, 0x3f, 0x7d, 0x9b,
-	0x7b, 0xe8, 0x0b, 0x33, 0xc7, 0xdc, 0xcc, 0xf1, 0xca, 0xc2, 0x8d, 0x56, 0xd2, 0xa3, 0x6e, 0xaf,
-	0x2a, 0x74, 0xde, 0x62, 0xd9, 0x85, 0x60, 0x34, 0xb6, 0x3e, 0x33, 0x56, 0x7b, 0xcd, 0xb2, 0x5b,
-	0xac, 0x4b, 0x00, 0xd9, 0x34, 0x28, 0x5b, 0x05, 0xd9, 0x03, 0x08, 0x95, 0xd2, 0x0b, 0x13, 0xdb,
-	0x06, 0xaa, 0x1a, 0x6c, 0x66, 0xe6, 0x78, 0xf1, 0x6b, 0x48, 0xc5, 0x74, 0x8e, 0xc5, 0x83, 0x7a,
-	0xb2, 0x65, 0x9e, 0xf6, 0x62, 0xf6, 0x94, 0x0e, 0x6f, 0xb0, 0xe2, 0x24, 0x21, 0xe9, 0xa8, 0xe8,
-	0x9f, 0xec, 0x9c, 0x8e, 0x1a, 0x59, 0x42, 0xc3, 0x1f, 0x25, 0x24, 0x3d, 0x29, 0x62, 0x60, 0x19,
-	0x65, 0xe8, 0x5c, 0x07, 0x76, 0xd6, 0x95, 0xdf, 0x41, 0xf9, 0xf7, 0xb0, 0x7c, 0x37, 0xe1, 0xc3,
-	0x80, 0xec, 0xf9, 0xe9, 0xbd, 0x06, 0x2b, 0x7e, 0x10, 0xbd, 0x26, 0x7a, 0xd1, 0x4d, 0x2f, 0x2f,
-	0xf9, 0x28, 0x21, 0xe9, 0x71, 0x11, 0x03, 0x7b, 0x49, 0xcf, 0x95, 0x6d, 0x66, 0x58, 0xb7, 0x60,
-	0xdf, 0x80, 0xf5, 0xf8, 0x0d, 0x95, 0xf4, 0xc0, 0x0f, 0x83, 0x79, 0xef, 0x1f, 0xe3, 0xf4, 0xa8,
-	0x92, 0x5e, 0x7e, 0x2a, 0x3e, 0xf0, 0xa3, 0x80, 0xdd, 0x47, 0x76, 0x41, 0x4f, 0xfb, 0xe7, 0x5b,
-	0x6c, 0x60, 0x86, 0xb7, 0xc0, 0x8f, 0x13, 0x92, 0x1e, 0x14, 0x3b, 0x1d, 0x13, 0x94, 0xf6, 0x79,
-	0x82, 0x35, 0x38, 0xcf, 0x4f, 0x82, 0x60, 0xab, 0x61, 0xcf, 0xe9, 0x93, 0x4d, 0xfa, 0xb8, 0x34,
-	0xc0, 0x69, 0x42, 0xd2, 0xb3, 0xe2, 0xbf, 0xb6, 0xe7, 0x36, 0x37, 0x0b, 0xdc, 0xe3, 0xc8, 0xed,
-	0xb6, 0xec, 0x19, 0x3d, 0x73, 0xea, 0x1a, 0x16, 0xf2, 0x33, 0x58, 0x87, 0xba, 0xe5, 0xa7, 0x01,
-	0xdb, 0x2d, 0x5f, 0x7f, 0xfd, 0xbd, 0x12, 0xe4, 0x6e, 0x25, 0xc8, 0xdf, 0x95, 0x20, 0x3f, 0xd7,
-	0x62, 0x70, 0xb7, 0x16, 0x83, 0x3f, 0x6b, 0x31, 0xf8, 0x32, 0xa9, 0xd1, 0x5f, 0x77, 0x65, 0xa6,
-	0xf4, 0x22, 0x8f, 0xf7, 0x1f, 0xdf, 0x0f, 0x20, 0xdf, 0x1a, 0xc0, 0x78, 0xb3, 0x80, 0x71, 0x9c,
-	0x40, 0xfe, 0xa3, 0x1f, 0x56, 0xee, 0x97, 0x06, 0x5c, 0x79, 0x18, 0x16, 0xf4, 0xea, 0x5f, 0x00,
-	0x00, 0x00, 0xff, 0xff, 0xb4, 0x5c, 0x42, 0x90, 0x70, 0x02, 0x00, 0x00,
+	// 411 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0xcd, 0x6e, 0xd4, 0x30,
+	0x14, 0x85, 0xc7, 0x4c, 0xa7, 0x3f, 0xa6, 0x83, 0x90, 0xd5, 0x85, 0x57, 0x51, 0x54, 0x21, 0x14,
+	0x09, 0x4d, 0x22, 0xc1, 0x13, 0x14, 0x22, 0x24, 0x04, 0x8b, 0x51, 0x06, 0x58, 0xb0, 0xa0, 0x72,
+	0x92, 0x4b, 0x7a, 0x99, 0x4c, 0x6c, 0xd9, 0x4e, 0xc5, 0xf4, 0x29, 0x78, 0x2c, 0x96, 0x5d, 0x76,
+	0x89, 0x66, 0x5e, 0x04, 0xd9, 0x56, 0xe7, 0x87, 0x76, 0x77, 0xcf, 0xb9, 0x47, 0x9f, 0xe4, 0xeb,
+	0x43, 0x5f, 0xa9, 0x39, 0x66, 0x6a, 0x8e, 0x97, 0x1a, 0xae, 0x65, 0x25, 0x2c, 0xca, 0xee, 0xb2,
+	0x46, 0x63, 0x35, 0x96, 0xbd, 0x17, 0x4a, 0x62, 0x67, 0x53, 0xa5, 0xa5, 0x95, 0x2c, 0xbd, 0xc1,
+	0xa6, 0x04, 0x10, 0x6d, 0x8b, 0xa2, 0xab, 0x20, 0xdd, 0x04, 0xa1, 0xae, 0xe4, 0x42, 0x05, 0xb7,
+	0x85, 0xba, 0x01, 0x9d, 0xaa, 0x39, 0x9e, 0xdf, 0x0d, 0x69, 0x34, 0x9d, 0x63, 0xb1, 0x41, 0xe7,
+	0x3b, 0xe4, 0xa9, 0x03, 0xb3, 0xe7, 0x74, 0x78, 0x8d, 0x35, 0x27, 0x31, 0x49, 0x46, 0x85, 0x1b,
+	0xd9, 0x19, 0x1d, 0xb5, 0xa2, 0x84, 0x96, 0x3f, 0x89, 0x49, 0x72, 0x52, 0x04, 0xc1, 0x52, 0xca,
+	0xd0, 0x98, 0x1e, 0xf4, 0xac, 0x2f, 0x7f, 0x42, 0x65, 0x3f, 0xc2, 0xf2, 0x43, 0xce, 0x87, 0x3e,
+	0xf2, 0xc8, 0xc6, 0x71, 0x15, 0xd6, 0xfc, 0x20, 0x70, 0x55, 0xe0, 0xa2, 0x99, 0x5e, 0x5c, 0xf0,
+	0x51, 0x4c, 0x92, 0xe3, 0x22, 0x08, 0xf6, 0x9a, 0x9e, 0x55, 0xba, 0x9d, 0x61, 0xd3, 0x81, 0x7e,
+	0x07, 0xda, 0xe2, 0x0f, 0xac, 0x84, 0x05, 0x7e, 0xe8, 0xc9, 0x8f, 0xee, 0x18, 0xa7, 0x47, 0xb5,
+	0xb0, 0xe2, 0x4b, 0xf1, 0x89, 0x1f, 0xf9, 0xd8, 0xbd, 0x64, 0xe7, 0xf4, 0xd4, 0x8d, 0xef, 0xb1,
+	0x85, 0x19, 0xde, 0x00, 0x3f, 0x8e, 0x49, 0x72, 0x50, 0xec, 0x79, 0x2c, 0xa2, 0xd4, 0xe9, 0x1c,
+	0x1b, 0x30, 0x96, 0x9f, 0x78, 0xc0, 0x8e, 0xc3, 0x5e, 0xd2, 0x67, 0x5b, 0xf5, 0x79, 0xa9, 0x80,
+	0xd3, 0x98, 0x24, 0xe3, 0xe2, 0x3f, 0xd7, 0xe5, 0xb6, 0x7f, 0xe6, 0x73, 0x4f, 0x43, 0x6e, 0xdf,
+	0x65, 0x2f, 0xe8, 0xd8, 0x54, 0x57, 0xb0, 0x10, 0x5f, 0x41, 0x1b, 0x94, 0x1d, 0x3f, 0xf5, 0xb1,
+	0x7d, 0xd3, 0xdd, 0x77, 0xf3, 0xd6, 0x1c, 0x5a, 0x68, 0x84, 0x95, 0x9a, 0x8f, 0xc3, 0x7d, 0x1f,
+	0x6e, 0xde, 0x7e, 0xff, 0xb3, 0x8a, 0xc8, 0xed, 0x2a, 0x22, 0x7f, 0x57, 0x11, 0xf9, 0xbd, 0x8e,
+	0x06, 0xb7, 0xeb, 0x68, 0x70, 0xb7, 0x8e, 0x06, 0xdf, 0xf2, 0x06, 0xed, 0x55, 0x5f, 0xa6, 0x95,
+	0x5c, 0x64, 0xa1, 0x2f, 0x93, 0xfb, 0xc2, 0x64, 0x3b, 0x85, 0x99, 0x6c, 0x1b, 0x33, 0x09, 0x95,
+	0xc9, 0x7e, 0xb9, 0x22, 0x66, 0x76, 0xa9, 0xc0, 0x94, 0x87, 0xbe, 0x71, 0x6f, 0xfe, 0x05, 0x00,
+	0x00, 0xff, 0xff, 0x13, 0xa7, 0x00, 0x1d, 0xa0, 0x02, 0x00, 0x00,
 }
 
 func (m *PkiRevocationDistributionPoint) Marshal() (dAtA []byte, err error) {
@@ -211,6 +220,13 @@ func (m *PkiRevocationDistributionPoint) MarshalToSizedBuffer(dAtA []byte) (int,
 	_ = i
 	var l int
 	_ = l
+	if len(m.CrlSignerDelegator) > 0 {
+		i -= len(m.CrlSignerDelegator)
+		copy(dAtA[i:], m.CrlSignerDelegator)
+		i = encodeVarintPkiRevocationDistributionPoint(dAtA, i, uint64(len(m.CrlSignerDelegator)))
+		i--
+		dAtA[i] = 0x6a
+	}
 	if m.SchemaVersion != 0 {
 		i = encodeVarintPkiRevocationDistributionPoint(dAtA, i, uint64(m.SchemaVersion))
 		i--
@@ -347,6 +363,10 @@ func (m *PkiRevocationDistributionPoint) Size() (n int) {
 	if m.SchemaVersion != 0 {
 		n += 1 + sovPkiRevocationDistributionPoint(uint64(m.SchemaVersion))
 	}
+	l = len(m.CrlSignerDelegator)
+	if l > 0 {
+		n += 1 + l + sovPkiRevocationDistributionPoint(uint64(l))
+	}
 	return n
 }
 
@@ -679,6 +699,38 @@ func (m *PkiRevocationDistributionPoint) Unmarshal(dAtA []byte) error {
 					break
 				}
 			}
+		case 13:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CrlSignerDelegator", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowPkiRevocationDistributionPoint
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthPkiRevocationDistributionPoint
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthPkiRevocationDistributionPoint
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CrlSignerDelegator = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipPkiRevocationDistributionPoint(dAtA[iNdEx:])
diff --git a/x/pki/types/query.pb.go b/x/pki/types/query.pb.go
index ef4757d42..a1bfc03b0 100644
--- a/x/pki/types/query.pb.go
+++ b/x/pki/types/query.pb.go
@@ -2505,7 +2505,7 @@ type QueryClient interface {
 	NocRootCertificatesAll(ctx context.Context, in *QueryAllNocRootCertificatesRequest, opts ...grpc.CallOption) (*QueryAllNocRootCertificatesResponse, error)
 	// Queries a NocIcaCertificates by index.
 	NocIcaCertificates(ctx context.Context, in *QueryGetNocIcaCertificatesRequest, opts ...grpc.CallOption) (*QueryGetNocIcaCertificatesResponse, error)
-	// Queries a list of NocCertificates items.
+	// Queries a list of NocIcaCertificates items.
 	NocIcaCertificatesAll(ctx context.Context, in *QueryAllNocIcaCertificatesRequest, opts ...grpc.CallOption) (*QueryAllNocIcaCertificatesResponse, error)
 	// Queries a RevokedNocRootCertificates by index.
 	RevokedNocRootCertificates(ctx context.Context, in *QueryGetRevokedNocRootCertificatesRequest, opts ...grpc.CallOption) (*QueryGetRevokedNocRootCertificatesResponse, error)
@@ -2770,7 +2770,7 @@ type QueryServer interface {
 	NocRootCertificatesAll(context.Context, *QueryAllNocRootCertificatesRequest) (*QueryAllNocRootCertificatesResponse, error)
 	// Queries a NocIcaCertificates by index.
 	NocIcaCertificates(context.Context, *QueryGetNocIcaCertificatesRequest) (*QueryGetNocIcaCertificatesResponse, error)
-	// Queries a list of NocCertificates items.
+	// Queries a list of NocIcaCertificates items.
 	NocIcaCertificatesAll(context.Context, *QueryAllNocIcaCertificatesRequest) (*QueryAllNocIcaCertificatesResponse, error)
 	// Queries a RevokedNocRootCertificates by index.
 	RevokedNocRootCertificates(context.Context, *QueryGetRevokedNocRootCertificatesRequest) (*QueryGetRevokedNocRootCertificatesResponse, error)
diff --git a/x/pki/types/tx.pb.go b/x/pki/types/tx.pb.go
index a6a9a993f..564a59df2 100644
--- a/x/pki/types/tx.pb.go
+++ b/x/pki/types/tx.pb.go
@@ -915,6 +915,7 @@ type MsgAddPkiRevocationDistributionPoint struct {
 	DataDigestType       uint32 `protobuf:"varint,11,opt,name=dataDigestType,proto3" json:"dataDigestType,omitempty"`
 	RevocationType       uint32 `protobuf:"varint,12,opt,name=revocationType,proto3" json:"revocationType,omitempty" validate:"required"`
 	SchemaVersion        uint32 `protobuf:"varint,13,opt,name=schemaVersion,proto3" json:"schemaVersion,omitempty" validate:"gte=0,lte=65535"`
+	CrlSignerDelegator   string `protobuf:"bytes,14,opt,name=crlSignerDelegator,proto3" json:"crlSignerDelegator,omitempty" validate:"max=10485760"`
 }
 
 func (m *MsgAddPkiRevocationDistributionPoint) Reset()         { *m = MsgAddPkiRevocationDistributionPoint{} }
@@ -1041,6 +1042,13 @@ func (m *MsgAddPkiRevocationDistributionPoint) GetSchemaVersion() uint32 {
 	return 0
 }
 
+func (m *MsgAddPkiRevocationDistributionPoint) GetCrlSignerDelegator() string {
+	if m != nil {
+		return m.CrlSignerDelegator
+	}
+	return ""
+}
+
 type MsgAddPkiRevocationDistributionPointResponse struct {
 }
 
@@ -1092,6 +1100,7 @@ type MsgUpdatePkiRevocationDistributionPoint struct {
 	DataDigest           string `protobuf:"bytes,8,opt,name=dataDigest,proto3" json:"dataDigest,omitempty"`
 	DataDigestType       uint32 `protobuf:"varint,9,opt,name=dataDigestType,proto3" json:"dataDigestType,omitempty"`
 	SchemaVersion        uint32 `protobuf:"varint,10,opt,name=schemaVersion,proto3" json:"schemaVersion,omitempty" validate:"gte=0,lte=65535"`
+	CrlSignerDelegator   string `protobuf:"bytes,11,opt,name=crlSignerDelegator,proto3" json:"crlSignerDelegator,omitempty" validate:"max=10485760"`
 }
 
 func (m *MsgUpdatePkiRevocationDistributionPoint) Reset() {
@@ -1199,6 +1208,13 @@ func (m *MsgUpdatePkiRevocationDistributionPoint) GetSchemaVersion() uint32 {
 	return 0
 }
 
+func (m *MsgUpdatePkiRevocationDistributionPoint) GetCrlSignerDelegator() string {
+	if m != nil {
+		return m.CrlSignerDelegator
+	}
+	return ""
+}
+
 type MsgUpdatePkiRevocationDistributionPointResponse struct {
 }
 
@@ -2075,101 +2091,102 @@ func init() {
 func init() { proto.RegisterFile("pki/tx.proto", fileDescriptor_badfdb2b39855d16) }
 
 var fileDescriptor_badfdb2b39855d16 = []byte{
-	// 1490 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5a, 0xdd, 0x6f, 0xdb, 0x54,
-	0x14, 0x9f, 0xf3, 0xd1, 0x8f, 0xb3, 0xae, 0xd2, 0x2e, 0x5d, 0x97, 0x79, 0x23, 0xc9, 0xbc, 0x69,
-	0xab, 0x44, 0x9b, 0x74, 0xdd, 0x52, 0xb6, 0x89, 0x81, 0xda, 0x85, 0x6d, 0xd5, 0xda, 0x51, 0xdc,
-	0x6d, 0x20, 0x84, 0x98, 0x9c, 0xf8, 0xce, 0xbb, 0xd4, 0x89, 0x8d, 0xed, 0x54, 0xeb, 0xde, 0xf8,
-	0x0b, 0x40, 0x42, 0xbc, 0xf2, 0x06, 0x48, 0x93, 0x98, 0x86, 0xf8, 0x78, 0xe5, 0x81, 0x17, 0x5e,
-	0x90, 0x26, 0x5e, 0xe0, 0x29, 0x1a, 0xdb, 0x0b, 0x12, 0x6f, 0x79, 0x47, 0x42, 0xfe, 0xba, 0x8e,
-	0x13, 0xbb, 0x4d, 0x5c, 0x17, 0x75, 0xa5, 0x6f, 0xf6, 0xcd, 0x3d, 0xbf, 0x7b, 0xef, 0xf9, 0xfd,
-	0xce, 0xb1, 0xcf, 0x71, 0x60, 0x44, 0x5d, 0x25, 0x45, 0xe3, 0x7e, 0x41, 0xd5, 0x14, 0x43, 0x41,
-	0x85, 0x07, 0x44, 0xaa, 0x60, 0x2c, 0xc8, 0x32, 0x11, 0xea, 0x55, 0x5c, 0x10, 0x89, 0x6e, 0x68,
-	0xa4, 0xd2, 0x30, 0xb0, 0x58, 0x55, 0x6a, 0xaa, 0x3d, 0x2a, 0x63, 0x51, 0xc2, 0x5a, 0x41, 0x5d,
-	0x25, 0xec, 0x91, 0xaa, 0xa2, 0xd7, 0x14, 0xfd, 0x8e, 0x65, 0x5d, 0xb4, 0x6f, 0x6c, 0x28, 0x76,
-	0x4c, 0x52, 0x24, 0xc5, 0x1e, 0x37, 0xaf, 0xec, 0x51, 0xee, 0x51, 0x12, 0x8e, 0x2c, 0xe9, 0xd2,
-	0xb2, 0xa6, 0xa8, 0x8a, 0x8e, 0xe7, 0x44, 0xf1, 0xdd, 0xd2, 0xf4, 0x05, 0x5e, 0x51, 0x8c, 0xcb,
-	0x58, 0x33, 0xd0, 0x55, 0x18, 0xd0, 0x89, 0x54, 0xc7, 0x5a, 0x86, 0xc9, 0x33, 0x13, 0xc3, 0xf3,
-	0xc5, 0x56, 0x33, 0xf7, 0xd2, 0x9a, 0x20, 0x13, 0x51, 0x30, 0xf0, 0x45, 0x4e, 0xc3, 0x1f, 0x35,
-	0x88, 0x86, 0x45, 0xee, 0xb7, 0xef, 0xa7, 0xc6, 0x9c, 0xc5, 0xe6, 0x44, 0x51, 0xc3, 0xba, 0xbe,
-	0x62, 0x68, 0xa4, 0x2e, 0xf1, 0x8e, 0x39, 0x3a, 0x0f, 0xa9, 0x2a, 0xd6, 0x8c, 0x4c, 0xc2, 0x82,
-	0x39, 0xd9, 0x6a, 0xe6, 0xf2, 0xdd, 0x30, 0x93, 0x35, 0xe1, 0xfe, 0xa5, 0x33, 0xd3, 0xe7, 0xce,
-	0x97, 0x5e, 0x9d, 0x9d, 0xe6, 0x78, 0xcb, 0x02, 0xbd, 0x02, 0x29, 0x52, 0xbf, 0xab, 0x64, 0x92,
-	0x96, 0xe5, 0x61, 0xff, 0x06, 0x4c, 0x83, 0x73, 0xd3, 0x17, 0x66, 0x39, 0xde, 0x9a, 0x84, 0x10,
-	0xa4, 0x0c, 0x52, 0xc3, 0x99, 0x54, 0x9e, 0x99, 0x48, 0xf2, 0xd6, 0x35, 0xba, 0x00, 0xc9, 0x35,
-	0x22, 0x66, 0xd2, 0x79, 0x66, 0x22, 0x3d, 0x7f, 0xba, 0xd5, 0xcc, 0x9d, 0xf0, 0xec, 0x25, 0x03,
-	0x5f, 0x3a, 0x33, 0x29, 0x1b, 0xf8, 0xd2, 0x6c, 0xa9, 0x74, 0xb6, 0x34, 0x49, 0x0f, 0xc4, 0x9b,
-	0x36, 0x68, 0x11, 0x0e, 0x9a, 0x7b, 0x58, 0xa9, 0xde, 0xc3, 0x35, 0xe1, 0x36, 0xd6, 0x74, 0xa2,
-	0xd4, 0x33, 0x03, 0x79, 0x66, 0xe2, 0xc0, 0x7c, 0xb6, 0xd5, 0xcc, 0xb1, 0x7e, 0xa0, 0x69, 0x0f,
-	0x88, 0xe3, 0xbb, 0x0d, 0x51, 0x19, 0x0e, 0xe8, 0x3e, 0xa4, 0xc1, 0x9e, 0x90, 0xfc, 0x46, 0xdc,
-	0x09, 0x38, 0x1e, 0xca, 0x17, 0x8f, 0x75, 0x55, 0xa9, 0xeb, 0x98, 0xfb, 0x2a, 0x61, 0xb1, 0x3a,
-	0xa7, 0xaa, 0x9a, 0xb2, 0xb6, 0x7d, 0xac, 0x5e, 0x84, 0x41, 0xbd, 0x51, 0xf9, 0x10, 0x57, 0x5d,
-	0x62, 0xf3, 0xad, 0x66, 0xee, 0x58, 0x28, 0xb1, 0x33, 0xe7, 0x38, 0xde, 0x35, 0x40, 0x97, 0x61,
-	0xc4, 0xb9, 0xbc, 0x8e, 0xd7, 0x17, 0x44, 0x87, 0xdf, 0x5c, 0xab, 0x99, 0x3b, 0x1a, 0x02, 0x30,
-	0x53, 0x9a, 0xe5, 0x78, 0x9f, 0x11, 0x15, 0x47, 0xaa, 0x1f, 0x71, 0xa4, 0x3d, 0x71, 0x38, 0xde,
-	0x0c, 0xf6, 0x13, 0xf5, 0xe6, 0x5f, 0x09, 0x18, 0x35, 0x67, 0xd9, 0x3f, 0xef, 0x9a, 0xc0, 0x08,
-	0x54, 0x77, 0x3a, 0x36, 0x75, 0x0f, 0x44, 0x51, 0x77, 0x06, 0xc6, 0xfd, 0x9e, 0xa6, 0x24, 0xfc,
-	0x90, 0x84, 0x63, 0x9e, 0xf0, 0x79, 0xbc, 0xa6, 0xac, 0xe2, 0x3d, 0x55, 0x07, 0xaa, 0x1a, 0x71,
-	0x30, 0xa2, 0x63, 0x8d, 0x08, 0xf2, 0x8d, 0x46, 0xad, 0x82, 0x35, 0x8b, 0x8a, 0x61, 0xde, 0x37,
-	0x86, 0xf2, 0xb0, 0x5f, 0xb3, 0x9c, 0x78, 0xf9, 0x1e, 0x91, 0x45, 0x2b, 0x17, 0x0d, 0xf1, 0xed,
-	0x43, 0xdd, 0x8c, 0x0e, 0x45, 0x61, 0xf4, 0x14, 0x9c, 0xdc, 0x88, 0x36, 0xca, 0xef, 0xaf, 0x09,
-	0x8b, 0x5f, 0x27, 0x14, 0xff, 0x17, 0xfc, 0xa6, 0xfb, 0xe1, 0x77, 0x60, 0x03, 0x7e, 0x07, 0xbb,
-	0xf9, 0x75, 0xfc, 0x1e, 0xea, 0x4e, 0xea, 0xf7, 0x87, 0x49, 0x38, 0xb8, 0xa4, 0x4b, 0xde, 0x8c,
-	0xbd, 0x60, 0xda, 0xb9, 0xc1, 0x74, 0xd4, 0x7a, 0xac, 0xfb, 0xb9, 0xa2, 0x4c, 0xfe, 0x9d, 0x80,
-	0x8c, 0xf5, 0xab, 0x79, 0xf8, 0xbd, 0x67, 0x7e, 0x28, 0xa1, 0xf1, 0x3c, 0xa9, 0x38, 0xc8, 0x87,
-	0x39, 0x9b, 0x32, 0xf2, 0x67, 0xda, 0x0e, 0x42, 0x51, 0x5c, 0x5e, 0x25, 0x26, 0x6b, 0x55, 0xc1,
-	0x20, 0x4a, 0xbd, 0xec, 0xbe, 0xc4, 0x13, 0xa5, 0xbe, 0xac, 0x90, 0x7a, 0x8c, 0xec, 0x38, 0x2f,
-	0xbb, 0x89, 0x08, 0x2f, 0xbb, 0xd3, 0x90, 0x54, 0x89, 0xcd, 0x49, 0x7a, 0x53, 0x67, 0x98, 0x53,
-	0xd1, 0x18, 0xa4, 0x89, 0xbe, 0x3c, 0x37, 0x67, 0x51, 0x31, 0xc4, 0xdb, 0x37, 0x68, 0x0a, 0xd2,
-	0xb2, 0x50, 0xc1, 0x72, 0x70, 0x7a, 0xf3, 0x16, 0xb5, 0x67, 0xa1, 0xeb, 0x30, 0x56, 0xd5, 0xe4,
-	0x15, 0x6b, 0xfb, 0xa6, 0xf3, 0xc8, 0x5d, 0x52, 0x15, 0x0c, 0x3b, 0xdf, 0x6d, 0x60, 0x1d, 0x68,
-	0x84, 0xae, 0x02, 0x22, 0xba, 0xde, 0xc0, 0xda, 0x8a, 0xa7, 0x98, 0xb2, 0x9d, 0x1e, 0xc3, 0xa1,
-	0x02, 0x4c, 0x50, 0x09, 0x06, 0x45, 0xc1, 0x10, 0x6e, 0xf1, 0x8b, 0x56, 0xa0, 0x0e, 0xcf, 0x1f,
-	0x6d, 0x35, 0x73, 0x87, 0x03, 0x44, 0xda, 0xd0, 0x64, 0x8e, 0x77, 0xe7, 0x9a, 0xb9, 0xc2, 0xbc,
-	0xbc, 0x42, 0x64, 0xbc, 0x42, 0x1e, 0xe0, 0xcc, 0x70, 0x9e, 0x99, 0x48, 0xf1, 0xbe, 0x31, 0x94,
-	0x05, 0x30, 0xef, 0xcb, 0x44, 0xc2, 0xba, 0x91, 0x01, 0x2b, 0x9b, 0xb4, 0x8d, 0xa0, 0x53, 0x30,
-	0xea, 0xdd, 0xdd, 0x5c, 0x57, 0x71, 0x66, 0xbf, 0xa9, 0x4f, 0xbe, 0x63, 0x14, 0xbd, 0x01, 0xa3,
-	0x1a, 0x95, 0x94, 0x35, 0x6f, 0xc4, 0xd2, 0x71, 0xe8, 0x39, 0x3b, 0xa6, 0x77, 0xc7, 0xc1, 0x81,
-	0x28, 0x71, 0x50, 0x80, 0xc9, 0x5e, 0x24, 0x4e, 0x63, 0xe2, 0xe7, 0x14, 0x9c, 0x5e, 0xd2, 0xa5,
-	0x5b, 0xaa, 0x09, 0xff, 0x02, 0x84, 0x05, 0x95, 0x73, 0xb2, 0x27, 0x39, 0xcf, 0x84, 0xc8, 0xd9,
-	0xca, 0x56, 0x7d, 0xa9, 0x36, 0xdd, 0xbf, 0x6a, 0x67, 0x3d, 0xd5, 0xda, 0xe1, 0x73, 0xac, 0xd5,
-	0xcc, 0x65, 0x3c, 0x6b, 0xa5, 0x46, 0x0c, 0x5c, 0x53, 0x8d, 0xf5, 0x4d, 0x64, 0x3b, 0xb8, 0xa9,
-	0x6c, 0x87, 0x7a, 0x90, 0xed, 0x70, 0xa0, 0x6c, 0xbb, 0x54, 0x07, 0x51, 0x54, 0x77, 0x06, 0x8a,
-	0x3d, 0x8a, 0x88, 0x0a, 0xef, 0xcb, 0x84, 0x25, 0xbc, 0x32, 0x96, 0xf1, 0x6e, 0x14, 0x5e, 0xb0,
-	0x88, 0x52, 0x7d, 0x8b, 0xc8, 0x71, 0x6d, 0x2f, 0x6e, 0xa2, 0xae, 0xfd, 0x2c, 0x01, 0x23, 0x66,
-	0x12, 0xd0, 0xcd, 0x53, 0xdf, 0x26, 0xe2, 0x2e, 0x7a, 0xdb, 0x70, 0x08, 0x4c, 0xf5, 0x4f, 0x20,
-	0x37, 0x0e, 0x63, 0xed, 0x4e, 0xa1, 0xde, 0x7a, 0x94, 0x80, 0x43, 0x76, 0xca, 0xbc, 0xa1, 0x54,
-	0x77, 0x5a, 0xbb, 0x2d, 0xb0, 0x29, 0x90, 0x8a, 0xad, 0x29, 0x90, 0x8e, 0x12, 0xec, 0x39, 0x78,
-	0x39, 0xd0, 0x5f, 0xd4, 0xa3, 0x1f, 0x27, 0x9c, 0x1a, 0xa6, 0xa6, 0xac, 0xed, 0xc6, 0x1a, 0xa6,
-	0xb3, 0x04, 0x49, 0x05, 0xd4, 0x7b, 0x6e, 0x69, 0xd0, 0xee, 0x02, 0xea, 0xa0, 0x6f, 0x12, 0xb6,
-	0x16, 0xa9, 0x0b, 0x17, 0xaa, 0xc2, 0x8e, 0x56, 0x5c, 0x32, 0x36, 0xc5, 0xa5, 0xa2, 0x28, 0x2e,
-	0x6b, 0xf7, 0x22, 0x3a, 0xdd, 0x45, 0xfd, 0xf9, 0x6d, 0xd2, 0x29, 0xb5, 0xcc, 0x42, 0x6c, 0xdb,
-	0xa2, 0xf8, 0x45, 0xd0, 0xdd, 0xd6, 0x9b, 0x19, 0xff, 0x55, 0xed, 0xec, 0x16, 0x6c, 0x01, 0x94,
-	0x51, 0x5e, 0x1f, 0x27, 0xe1, 0x70, 0xe7, 0xa4, 0xd8, 0x43, 0x65, 0x8f, 0xd6, 0x38, 0x69, 0x3d,
-	0x0e, 0xb9, 0x10, 0xc6, 0x5c, 0x56, 0x67, 0xfe, 0x19, 0x87, 0xe4, 0x92, 0x2e, 0xa1, 0x1f, 0x19,
-	0x18, 0x0f, 0xf9, 0xd0, 0xb5, 0xd0, 0xe7, 0x87, 0xb6, 0x42, 0xe8, 0x37, 0x18, 0xf6, 0xed, 0xd8,
-	0xa0, 0xdc, 0x03, 0x58, 0x1b, 0x0f, 0xf9, 0x96, 0x13, 0x65, 0xe3, 0xc1, 0x50, 0x91, 0x36, 0xbe,
-	0xf1, 0x97, 0x13, 0xf4, 0x39, 0x03, 0xfb, 0xdb, 0x3f, 0x9b, 0xbc, 0x1e, 0x65, 0x09, 0xcf, 0x9e,
-	0xbd, 0xb2, 0x35, 0x7b, 0xba, 0xaf, 0x9f, 0x18, 0x38, 0x12, 0xfe, 0x25, 0x61, 0x31, 0x3a, 0x83,
-	0xdd, 0x68, 0xec, 0xcd, 0x38, 0xd1, 0x7c, 0x27, 0x08, 0xef, 0x95, 0x2f, 0x46, 0xa7, 0x32, 0xa6,
-	0x13, 0x6c, 0xda, 0x78, 0x46, 0x5f, 0x30, 0x30, 0xda, 0xd1, 0x75, 0x9e, 0x8b, 0xb0, 0x90, 0x1f,
-	0x82, 0x5d, 0xd8, 0x32, 0x04, 0xdd, 0xe0, 0x77, 0x0c, 0x1c, 0x0a, 0x6e, 0xa6, 0x5e, 0x8b, 0xb4,
-	0x48, 0x00, 0x12, 0xbb, 0x1c, 0x17, 0x12, 0xdd, 0xf5, 0xef, 0x0c, 0x1c, 0xdf, 0xbc, 0xe1, 0x78,
-	0x33, 0x5a, 0x20, 0x6d, 0x8c, 0xca, 0xbe, 0xbf, 0x1d, 0xa8, 0xf4, 0x64, 0x4f, 0x19, 0x38, 0xd9,
-	0x53, 0xdb, 0xe8, 0x9d, 0x08, 0xdb, 0xe8, 0x05, 0x98, 0xbd, 0xb3, 0x4d, 0xc0, 0xbe, 0x23, 0xf6,
-	0xd4, 0xa0, 0x88, 0x72, 0xc4, 0x5e, 0x80, 0x23, 0x1d, 0xb1, 0x9f, 0x5e, 0x01, 0xfa, 0x84, 0x81,
-	0x61, 0xaf, 0x51, 0xf0, 0x5a, 0x14, 0xc5, 0xb8, 0xd6, 0x6c, 0x79, 0x2b, 0xd6, 0x74, 0x47, 0x0f,
-	0x19, 0x40, 0x01, 0xc5, 0xf8, 0x9b, 0xd1, 0xc4, 0xdc, 0x01, 0xc3, 0x2e, 0xc5, 0x02, 0xd3, 0x91,
-	0x35, 0x7d, 0x75, 0x6e, 0xb4, 0xac, 0xd9, 0x0e, 0x11, 0x31, 0x6b, 0x06, 0x95, 0x9a, 0xe8, 0x6b,
-	0x06, 0x0e, 0x76, 0xd7, 0x99, 0xe5, 0x2d, 0x79, 0xc1, 0x41, 0x61, 0x17, 0xe3, 0x40, 0xe9, 0xc8,
-	0xef, 0x41, 0x15, 0xdc, 0xb5, 0xc8, 0x0f, 0x91, 0x4e, 0xf6, 0x97, 0xe3, 0x42, 0xa2, 0xbb, 0x7e,
-	0xcc, 0xc0, 0x58, 0x70, 0x7d, 0xb2, 0xd5, 0xa5, 0x5c, 0x2f, 0xbf, 0x15, 0x13, 0x90, 0xbb, 0xe5,
-	0xf9, 0x0f, 0x7e, 0x79, 0x96, 0x65, 0x9e, 0x3c, 0xcb, 0x32, 0x4f, 0x9f, 0x65, 0x99, 0x4f, 0x9f,
-	0x67, 0xf7, 0x3d, 0x79, 0x9e, 0xdd, 0xf7, 0xc7, 0xf3, 0xec, 0xbe, 0xf7, 0xca, 0x12, 0x31, 0xee,
-	0x35, 0x2a, 0x85, 0xaa, 0x52, 0x2b, 0xda, 0x8b, 0x4e, 0xb9, 0xab, 0x16, 0xdb, 0x56, 0x9d, 0xf2,
-	0x96, 0x9d, 0xb2, 0xd7, 0x2d, 0xde, 0x2f, 0x5a, 0xff, 0x93, 0x5b, 0x57, 0xb1, 0x5e, 0x19, 0xb0,
-	0xfe, 0xca, 0x76, 0xf6, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x05, 0xa0, 0x0d, 0xab, 0x3b, 0x27,
-	0x00, 0x00,
+	// 1515 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x5a, 0xcd, 0x6f, 0xd4, 0xc6,
+	0x1b, 0xc6, 0xfb, 0x91, 0x8f, 0x37, 0x21, 0x12, 0xf3, 0x0b, 0xc1, 0x18, 0x7e, 0xbb, 0x8b, 0x41,
+	0x10, 0xa9, 0xc9, 0x6e, 0x08, 0x6c, 0x0a, 0xa8, 0xb4, 0x4a, 0xd8, 0x02, 0x11, 0x09, 0x4d, 0x1d,
+	0xa0, 0x55, 0x55, 0x15, 0x79, 0xd7, 0x83, 0x99, 0xc6, 0xbb, 0x76, 0x6d, 0x6f, 0x44, 0xb8, 0xf5,
+	0x2f, 0x28, 0x52, 0xd5, 0x6b, 0x6f, 0x6d, 0x25, 0xa4, 0x22, 0xaa, 0x7e, 0x5c, 0x7b, 0xed, 0xa5,
+	0x12, 0xea, 0xa5, 0x3d, 0xad, 0x10, 0x5c, 0x2a, 0xf5, 0xb6, 0xf7, 0x4a, 0x95, 0x3f, 0x76, 0xbc,
+	0xde, 0xb5, 0x93, 0x5d, 0xc7, 0xa9, 0x42, 0x9a, 0x9b, 0x3d, 0x3b, 0xef, 0x33, 0x33, 0xef, 0xf3,
+	0xbc, 0xe3, 0x79, 0xdf, 0x59, 0x18, 0xd5, 0xd6, 0x48, 0xc1, 0x7c, 0x90, 0xd7, 0x74, 0xd5, 0x54,
+	0x51, 0xfe, 0x21, 0x91, 0xcb, 0x18, 0x8b, 0x8a, 0x42, 0xc4, 0x5a, 0x05, 0xe7, 0x25, 0x62, 0x98,
+	0x3a, 0x29, 0xd7, 0x4d, 0x2c, 0x55, 0xd4, 0xaa, 0xe6, 0xb4, 0x2a, 0x58, 0x92, 0xb1, 0x9e, 0xd7,
+	0xd6, 0x08, 0x77, 0xb4, 0xa2, 0x1a, 0x55, 0xd5, 0xb8, 0x6b, 0x5b, 0x17, 0x9c, 0x17, 0x07, 0x8a,
+	0x1b, 0x97, 0x55, 0x59, 0x75, 0xda, 0xad, 0x27, 0xa7, 0x95, 0x7f, 0x92, 0x84, 0xa3, 0xcb, 0x86,
+	0xbc, 0xa2, 0xab, 0x9a, 0x6a, 0xe0, 0x79, 0x49, 0x7a, 0xbf, 0x38, 0x73, 0x51, 0x50, 0x55, 0xf3,
+	0x0a, 0xd6, 0x4d, 0x74, 0x0d, 0x06, 0x0c, 0x22, 0xd7, 0xb0, 0xce, 0x32, 0x39, 0x66, 0x72, 0x78,
+	0xa1, 0xd0, 0x6c, 0x64, 0xff, 0xb7, 0x2e, 0x2a, 0x44, 0x12, 0x4d, 0x7c, 0x89, 0xd7, 0xf1, 0x27,
+	0x75, 0xa2, 0x63, 0x89, 0xff, 0xed, 0x87, 0xe9, 0x71, 0x77, 0xb0, 0x79, 0x49, 0xd2, 0xb1, 0x61,
+	0xac, 0x9a, 0x3a, 0xa9, 0xc9, 0x82, 0x6b, 0x8e, 0x2e, 0x40, 0xaa, 0x82, 0x75, 0x93, 0x4d, 0xd8,
+	0x30, 0xa7, 0x9a, 0x8d, 0x6c, 0xae, 0x1b, 0x66, 0xaa, 0x2a, 0x3e, 0xb8, 0x7c, 0x76, 0xe6, 0xfc,
+	0x85, 0xe2, 0xeb, 0x73, 0x33, 0xbc, 0x60, 0x5b, 0xa0, 0xd7, 0x20, 0x45, 0x6a, 0xf7, 0x54, 0x36,
+	0x69, 0x5b, 0x1e, 0xf1, 0x4f, 0xc0, 0x32, 0x38, 0x3f, 0x73, 0x71, 0x8e, 0x17, 0xec, 0x4e, 0x08,
+	0x41, 0xca, 0x24, 0x55, 0xcc, 0xa6, 0x72, 0xcc, 0x64, 0x52, 0xb0, 0x9f, 0xd1, 0x45, 0x48, 0xae,
+	0x13, 0x89, 0x4d, 0xe7, 0x98, 0xc9, 0xf4, 0xc2, 0x99, 0x66, 0x23, 0x7b, 0xd2, 0xb3, 0x97, 0x4d,
+	0x7c, 0xf9, 0xec, 0x94, 0x62, 0xe2, 0xcb, 0x73, 0xc5, 0xe2, 0xb9, 0xe2, 0x14, 0x5d, 0x90, 0x60,
+	0xd9, 0xa0, 0x25, 0x38, 0x64, 0xcd, 0x61, 0xb5, 0x72, 0x1f, 0x57, 0xc5, 0x3b, 0x58, 0x37, 0x88,
+	0x5a, 0x63, 0x07, 0x72, 0xcc, 0xe4, 0xc1, 0x85, 0x4c, 0xb3, 0x91, 0xe5, 0xfc, 0x40, 0x33, 0x1e,
+	0x10, 0x2f, 0x74, 0x1b, 0xa2, 0x12, 0x1c, 0x34, 0x7c, 0x48, 0x83, 0x3d, 0x21, 0xf9, 0x8d, 0xf8,
+	0x93, 0x70, 0x22, 0x94, 0x2f, 0x01, 0x1b, 0x9a, 0x5a, 0x33, 0x30, 0xff, 0x75, 0xc2, 0x66, 0x75,
+	0x5e, 0xd3, 0x74, 0x75, 0x7d, 0xe7, 0x58, 0xbd, 0x04, 0x83, 0x46, 0xbd, 0xfc, 0x31, 0xae, 0xb4,
+	0x88, 0xcd, 0x35, 0x1b, 0xd9, 0xe3, 0xa1, 0xc4, 0xce, 0x9e, 0xe7, 0x85, 0x96, 0x01, 0xba, 0x02,
+	0xa3, 0xee, 0xe3, 0x0d, 0xbc, 0xb1, 0x28, 0xb9, 0xfc, 0x66, 0x9b, 0x8d, 0xec, 0xb1, 0x10, 0x80,
+	0xd9, 0xe2, 0x1c, 0x2f, 0xf8, 0x8c, 0xa8, 0x38, 0x52, 0xfd, 0x88, 0x23, 0xed, 0x89, 0xc3, 0xf5,
+	0x66, 0xb0, 0x9f, 0xa8, 0x37, 0xff, 0x4c, 0xc0, 0x98, 0xd5, 0xcb, 0xf9, 0x79, 0xcf, 0x04, 0x46,
+	0xa0, 0xba, 0xd3, 0xb1, 0xa9, 0x7b, 0x20, 0x8a, 0xba, 0x59, 0x98, 0xf0, 0x7b, 0x9a, 0x92, 0xf0,
+	0x63, 0x12, 0x8e, 0x7b, 0xc2, 0x17, 0xf0, 0xba, 0xba, 0x86, 0xf7, 0x55, 0x1d, 0xa8, 0x6a, 0xc4,
+	0xc3, 0xa8, 0x81, 0x75, 0x22, 0x2a, 0x37, 0xeb, 0xd5, 0x32, 0xd6, 0x6d, 0x2a, 0x86, 0x05, 0x5f,
+	0x1b, 0xca, 0xc1, 0x88, 0x6e, 0x3b, 0xf1, 0xca, 0x7d, 0xa2, 0x48, 0xf6, 0x5e, 0x34, 0x24, 0xb4,
+	0x37, 0x75, 0x33, 0x3a, 0x14, 0x85, 0xd1, 0xd3, 0x70, 0x6a, 0x33, 0xda, 0x28, 0xbf, 0xbf, 0x26,
+	0x6c, 0x7e, 0xdd, 0x50, 0xfc, 0x4f, 0xf0, 0x9b, 0xee, 0x87, 0xdf, 0x81, 0x4d, 0xf8, 0x1d, 0xec,
+	0xe6, 0xd7, 0xf5, 0x7b, 0xa8, 0x3b, 0xa9, 0xdf, 0x1f, 0x27, 0xe1, 0xd0, 0xb2, 0x21, 0x7b, 0x3d,
+	0xf6, 0x83, 0x69, 0xf7, 0x06, 0xd3, 0x31, 0xfb, 0xb3, 0xee, 0xe7, 0x8a, 0x32, 0xf9, 0x57, 0x02,
+	0x58, 0xfb, 0x57, 0x6b, 0xf1, 0xfb, 0xdf, 0xfc, 0x50, 0x42, 0xe3, 0xf9, 0x52, 0xf1, 0x90, 0x0b,
+	0x73, 0x36, 0x65, 0xe4, 0xc9, 0x80, 0x13, 0x84, 0x92, 0xb4, 0xb2, 0x46, 0x2c, 0xd6, 0x2a, 0xa2,
+	0x49, 0xd4, 0x5a, 0xa9, 0x75, 0x88, 0x27, 0x6a, 0x6d, 0x45, 0x25, 0xb5, 0x18, 0xd9, 0x71, 0x0f,
+	0xbb, 0x89, 0x08, 0x87, 0xdd, 0x19, 0x48, 0x6a, 0xc4, 0xe1, 0x24, 0xbd, 0xa5, 0x33, 0xac, 0xae,
+	0x68, 0x1c, 0xd2, 0xc4, 0x58, 0x99, 0x9f, 0xb7, 0xa9, 0x18, 0x12, 0x9c, 0x17, 0x34, 0x0d, 0x69,
+	0x45, 0x2c, 0x63, 0x25, 0x78, 0x7b, 0xf3, 0x06, 0x75, 0x7a, 0xa1, 0x1b, 0x30, 0x5e, 0xd1, 0x95,
+	0x55, 0x7b, 0xfa, 0x96, 0xf3, 0xc8, 0x3d, 0x52, 0x11, 0x4d, 0x67, 0xbf, 0xdb, 0xc4, 0x3a, 0xd0,
+	0x08, 0x5d, 0x03, 0x44, 0x0c, 0xa3, 0x8e, 0xf5, 0x55, 0x4f, 0x31, 0x25, 0x67, 0x7b, 0x0c, 0x87,
+	0x0a, 0x30, 0x41, 0x45, 0x18, 0x94, 0x44, 0x53, 0xbc, 0x2d, 0x2c, 0xd9, 0x81, 0x3a, 0xbc, 0x70,
+	0xac, 0xd9, 0xc8, 0x1e, 0x09, 0x10, 0x69, 0x5d, 0x57, 0x78, 0xa1, 0xd5, 0xd7, 0xda, 0x2b, 0xac,
+	0xc7, 0xab, 0x44, 0xc1, 0xab, 0xe4, 0x21, 0x66, 0x87, 0x73, 0xcc, 0x64, 0x4a, 0xf0, 0xb5, 0xa1,
+	0x0c, 0x80, 0xf5, 0x5e, 0x22, 0x32, 0x36, 0x4c, 0x16, 0xec, 0xdd, 0xa4, 0xad, 0x05, 0x9d, 0x86,
+	0x31, 0xef, 0xed, 0xd6, 0x86, 0x86, 0xd9, 0x11, 0x4b, 0x9f, 0x42, 0x47, 0x2b, 0x7a, 0x0b, 0xc6,
+	0x74, 0x2a, 0x29, 0xbb, 0xdf, 0xa8, 0xad, 0xe3, 0xd0, 0x75, 0x76, 0x74, 0xef, 0x8e, 0x83, 0x83,
+	0x11, 0xe2, 0x00, 0xdd, 0x00, 0x44, 0xa9, 0x28, 0x61, 0x05, 0xcb, 0xa2, 0xa9, 0xea, 0xec, 0x58,
+	0x90, 0xd3, 0xfc, 0xa7, 0xd8, 0x00, 0x33, 0x3e, 0x0f, 0x53, 0xbd, 0xc4, 0x0b, 0x0d, 0xb0, 0x47,
+	0x69, 0x38, 0xb3, 0x6c, 0xc8, 0xb7, 0x35, 0x6b, 0x80, 0x57, 0x20, 0xc6, 0x68, 0x6c, 0x24, 0x7b,
+	0x8a, 0x8d, 0xd9, 0x90, 0xd8, 0xb0, 0xb7, 0xbe, 0xbe, 0x42, 0x20, 0xdd, 0x7f, 0x08, 0xcc, 0x79,
+	0x21, 0xe0, 0xc4, 0xe2, 0xf1, 0x66, 0x23, 0xcb, 0x7a, 0xd6, 0x6a, 0x95, 0x98, 0xb8, 0xaa, 0x99,
+	0x1b, 0x5b, 0xc4, 0xc0, 0xe0, 0x96, 0x31, 0x30, 0xd4, 0x43, 0x0c, 0x0c, 0x07, 0xc6, 0x40, 0x97,
+	0x84, 0x21, 0x3e, 0x09, 0x8f, 0x44, 0x93, 0xf0, 0x59, 0x28, 0xf4, 0xa8, 0x48, 0xaa, 0xe2, 0xaf,
+	0x12, 0xb6, 0x8a, 0x2d, 0x8c, 0xbd, 0xa8, 0xe2, 0x60, 0x45, 0xa6, 0xfa, 0x56, 0xa4, 0xeb, 0xda,
+	0x5e, 0xdc, 0x44, 0x5d, 0xfb, 0x79, 0x02, 0x46, 0xad, 0x1d, 0xc5, 0xb0, 0x56, 0x7d, 0x87, 0x48,
+	0x7b, 0xe8, 0x1c, 0xe4, 0x12, 0x98, 0xea, 0x9f, 0x40, 0x7e, 0x02, 0xc6, 0xdb, 0x9d, 0xe2, 0x9d,
+	0x57, 0x12, 0x70, 0xd8, 0xd9, 0x7f, 0x6f, 0xaa, 0x95, 0xdd, 0x56, 0x08, 0x0c, 0x2c, 0x57, 0xa4,
+	0x62, 0x2b, 0x57, 0xa4, 0xa3, 0x1c, 0x02, 0xb3, 0xf0, 0xff, 0x40, 0x7f, 0x51, 0x8f, 0x7e, 0x9a,
+	0x70, 0xb3, 0xab, 0xaa, 0xba, 0xbe, 0x17, 0xb3, 0xab, 0xce, 0xe4, 0x28, 0x15, 0x90, 0x89, 0xb6,
+	0x92, 0x96, 0x76, 0x17, 0x50, 0x07, 0x7d, 0x9b, 0x70, 0xb4, 0x48, 0x5d, 0xb8, 0x58, 0x11, 0x77,
+	0xb5, 0xe2, 0x92, 0xb1, 0x29, 0x2e, 0x15, 0x45, 0x71, 0x19, 0xa7, 0x4a, 0xd2, 0xe9, 0x2e, 0xea,
+	0xcf, 0xef, 0x92, 0x6e, 0x12, 0x68, 0xa5, 0x88, 0x3b, 0x16, 0xc5, 0xaf, 0x82, 0xee, 0xb6, 0x5f,
+	0x66, 0xf9, 0xb7, 0xb2, 0xfa, 0x56, 0x2a, 0x19, 0x40, 0x19, 0xe5, 0xf5, 0x69, 0x12, 0x8e, 0x74,
+	0x76, 0x8a, 0x3d, 0x54, 0xf6, 0x69, 0x8d, 0x93, 0xd6, 0x13, 0x90, 0x0d, 0x61, 0xac, 0xc5, 0xea,
+	0xec, 0xdf, 0x13, 0x90, 0x5c, 0x36, 0x64, 0xf4, 0x13, 0x03, 0x13, 0x21, 0x57, 0x70, 0x8b, 0x7d,
+	0x5e, 0x01, 0xe6, 0x43, 0x6f, 0x87, 0xb8, 0x77, 0x63, 0x83, 0x6a, 0x2d, 0xc0, 0x9e, 0x78, 0xc8,
+	0x2d, 0x53, 0x94, 0x89, 0x07, 0x43, 0x45, 0x9a, 0xf8, 0xe6, 0x77, 0x3a, 0xe8, 0x0b, 0x06, 0x46,
+	0xda, 0x2f, 0x74, 0xde, 0x8c, 0x32, 0x84, 0x67, 0xcf, 0x5d, 0xdd, 0x9e, 0x3d, 0x9d, 0xd7, 0xcf,
+	0x0c, 0x1c, 0x0d, 0xbf, 0xe3, 0x58, 0x8a, 0xce, 0x60, 0x37, 0x1a, 0x77, 0x2b, 0x4e, 0x34, 0xdf,
+	0x0a, 0xc2, 0xab, 0xf8, 0x4b, 0xd1, 0xa9, 0x8c, 0x69, 0x05, 0x5b, 0x96, 0xc4, 0xd1, 0x97, 0x0c,
+	0x8c, 0x75, 0xd4, 0xc3, 0xe7, 0x23, 0x0c, 0xe4, 0x87, 0xe0, 0x16, 0xb7, 0x0d, 0x41, 0x27, 0xf8,
+	0x3d, 0x03, 0x87, 0x83, 0xcb, 0xbc, 0xd7, 0x23, 0x0d, 0x12, 0x80, 0xc4, 0xad, 0xc4, 0x85, 0x44,
+	0x67, 0xfd, 0x3b, 0x03, 0x27, 0xb6, 0x2e, 0x85, 0xde, 0x8a, 0x16, 0x48, 0x9b, 0xa3, 0x72, 0x1f,
+	0xee, 0x04, 0x2a, 0x5d, 0xd9, 0x73, 0x06, 0x4e, 0xf5, 0x54, 0x83, 0x7a, 0x2f, 0xc2, 0x34, 0x7a,
+	0x01, 0xe6, 0xee, 0xee, 0x10, 0xb0, 0x6f, 0x89, 0x3d, 0x15, 0x28, 0xa2, 0x2c, 0xb1, 0x17, 0xe0,
+	0x48, 0x4b, 0xec, 0xa7, 0x56, 0x80, 0x3e, 0x63, 0x60, 0xd8, 0x2b, 0x14, 0xbc, 0x11, 0x45, 0x31,
+	0x2d, 0x6b, 0xae, 0xb4, 0x1d, 0x6b, 0x3a, 0xa3, 0xc7, 0x0c, 0xa0, 0x80, 0x64, 0xfc, 0xed, 0x68,
+	0x62, 0xee, 0x80, 0xe1, 0x96, 0x63, 0x81, 0xe9, 0xd8, 0x35, 0x7d, 0x79, 0x6e, 0xb4, 0x5d, 0xb3,
+	0x1d, 0x22, 0xe2, 0xae, 0x19, 0x94, 0x6a, 0xa2, 0x6f, 0x18, 0x38, 0xd4, 0x9d, 0x67, 0x96, 0xb6,
+	0xe5, 0x05, 0x17, 0x85, 0x5b, 0x8a, 0x03, 0xa5, 0x63, 0x7f, 0x0f, 0xca, 0xe0, 0xae, 0x47, 0xfe,
+	0x88, 0x74, 0xb2, 0xbf, 0x12, 0x17, 0x12, 0x9d, 0xf5, 0x53, 0x06, 0xc6, 0x83, 0xf3, 0x93, 0xed,
+	0x0e, 0xd5, 0xf2, 0xf2, 0x3b, 0x31, 0x01, 0xb5, 0xa6, 0xbc, 0xf0, 0xd1, 0x2f, 0x2f, 0x32, 0xcc,
+	0xb3, 0x17, 0x19, 0xe6, 0xf9, 0x8b, 0x0c, 0xf3, 0xe8, 0x65, 0xe6, 0xc0, 0xb3, 0x97, 0x99, 0x03,
+	0x7f, 0xbc, 0xcc, 0x1c, 0xf8, 0xa0, 0x24, 0x13, 0xf3, 0x7e, 0xbd, 0x9c, 0xaf, 0xa8, 0xd5, 0x82,
+	0x33, 0xe8, 0x74, 0x6b, 0xd4, 0x42, 0xdb, 0xa8, 0xd3, 0xde, 0xb0, 0xd3, 0xce, 0xb8, 0x85, 0x07,
+	0x05, 0xfb, 0x1f, 0x7c, 0x1b, 0x1a, 0x36, 0xca, 0x03, 0xf6, 0x9f, 0xec, 0xce, 0xfd, 0x13, 0x00,
+	0x00, 0xff, 0xff, 0x75, 0xd3, 0xa1, 0x57, 0xd5, 0x27, 0x00, 0x00,
 }
 
 // Reference imports to suppress errors if they are not otherwise used.
@@ -3432,6 +3449,13 @@ func (m *MsgAddPkiRevocationDistributionPoint) MarshalToSizedBuffer(dAtA []byte)
 	_ = i
 	var l int
 	_ = l
+	if len(m.CrlSignerDelegator) > 0 {
+		i -= len(m.CrlSignerDelegator)
+		copy(dAtA[i:], m.CrlSignerDelegator)
+		i = encodeVarintTx(dAtA, i, uint64(len(m.CrlSignerDelegator)))
+		i--
+		dAtA[i] = 0x72
+	}
 	if m.SchemaVersion != 0 {
 		i = encodeVarintTx(dAtA, i, uint64(m.SchemaVersion))
 		i--
@@ -3560,6 +3584,13 @@ func (m *MsgUpdatePkiRevocationDistributionPoint) MarshalToSizedBuffer(dAtA []by
 	_ = i
 	var l int
 	_ = l
+	if len(m.CrlSignerDelegator) > 0 {
+		i -= len(m.CrlSignerDelegator)
+		copy(dAtA[i:], m.CrlSignerDelegator)
+		i = encodeVarintTx(dAtA, i, uint64(len(m.CrlSignerDelegator)))
+		i--
+		dAtA[i] = 0x5a
+	}
 	if m.SchemaVersion != 0 {
 		i = encodeVarintTx(dAtA, i, uint64(m.SchemaVersion))
 		i--
@@ -4563,6 +4594,10 @@ func (m *MsgAddPkiRevocationDistributionPoint) Size() (n int) {
 	if m.SchemaVersion != 0 {
 		n += 1 + sovTx(uint64(m.SchemaVersion))
 	}
+	l = len(m.CrlSignerDelegator)
+	if l > 0 {
+		n += 1 + l + sovTx(uint64(l))
+	}
 	return n
 }
 
@@ -4617,6 +4652,10 @@ func (m *MsgUpdatePkiRevocationDistributionPoint) Size() (n int) {
 	if m.SchemaVersion != 0 {
 		n += 1 + sovTx(uint64(m.SchemaVersion))
 	}
+	l = len(m.CrlSignerDelegator)
+	if l > 0 {
+		n += 1 + l + sovTx(uint64(l))
+	}
 	return n
 }
 
@@ -7201,6 +7240,38 @@ func (m *MsgAddPkiRevocationDistributionPoint) Unmarshal(dAtA []byte) error {
 					break
 				}
 			}
+		case 14:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CrlSignerDelegator", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTx
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthTx
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTx
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CrlSignerDelegator = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTx(dAtA[iNdEx:])
@@ -7569,6 +7640,38 @@ func (m *MsgUpdatePkiRevocationDistributionPoint) Unmarshal(dAtA []byte) error {
 					break
 				}
 			}
+		case 11:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field CrlSignerDelegator", wireType)
+			}
+			var stringLen uint64
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowTx
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				stringLen |= uint64(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			intStringLen := int(stringLen)
+			if intStringLen < 0 {
+				return ErrInvalidLengthTx
+			}
+			postIndex := iNdEx + intStringLen
+			if postIndex < 0 {
+				return ErrInvalidLengthTx
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.CrlSignerDelegator = string(dAtA[iNdEx:postIndex])
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipTx(dAtA[iNdEx:])