Each attribute verified by a KYC Certificate Authority (i.e., the issuer of a certificate for KYC purposes) shall be encoded as follows:

SensitiveAttributes DEFINITIONS ::= BEGIN
	SensitiveAttribute ::= SEQUENCE {
		-- Version of this sensitive attribute
		version        INTEGER { v1(0) },
		-- The symmetric cipher encryption key parameters
		cipher         SEQUENCE {
			-- The symmetric cipher to use
			algorithm    OBJECT IDENTIFIER,
			-- The symmetric key encrypted with the user's public key
			-- using ECIES
			key          OCTET STRING
		},
		-- A verifiable hash of the attribute's value
		hashedValue    SEQUENCE {
			-- A random value encrypted with cipher above
			encryptedSalt  OCTET STRING,
			-- Hashing Algorithm being used
			algorithm      OBJECT IDENTIFIER,
			-- The IV or Nonce for the identified symmetric cipher algorithm
			-- to decrypt the hashed value
			ivOrNonce    OCTET STRING,
			-- The hash of salt(unencrypted) || publicKey || plainValue
			value          OCTET STRING
		},
		-- The IV or Nonce for the identified symmetric cipher algorithm
		-- to decrypt the encrypted value
		ivOrNonce    OCTET STRING,
		-- The plainValue encrypted with the above symmetric cipher information
		encryptedValue   OCTET STRING
	}
END

The X.509v3 Extension used for KYC attributes (1.3.6.1.4.1.62675.0.0) has the following format:

KYCAttributes DEFINITIONS ::= BEGIN
	KYCAttributes ::= SEQUENCE OF Attribute
	Attribute ::= SEQUENCE {
		-- Name of the attribute
		name        OBJECT IDENTIFIER,
		-- Value of this attribute
	  -- The final OCTET STRING is ASN.1 DER encoded based on the schema
		-- defined by the name
		value       CHOICE {
			-- A plain value, not sensitive
			plainValue       [0] IMPLICIT OCTET STRING,
			-- A sensitive value, encoded as a SensitiveAttribute in DER encoding
			sensitiveValue   [1] IMPLICIT OCTET STRING
		}
	}
END

Where the name Object Identifier is one of:

1.3.6.1.4.1.62675.1.: