diff --git a/tools/tcg_rim_tool/RimSignCert.pem b/tools/tcg_rim_tool/RimSignCert.pem
index 9d37a2fa..40aa4386 100644
--- a/tools/tcg_rim_tool/RimSignCert.pem
+++ b/tools/tcg_rim_tool/RimSignCert.pem
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIDoTCCAomgAwIBAgIJAPB+r6VBhBn5MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
+MIID2jCCAsKgAwIBAgIJAP0uwoNdwZDFMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNV
 BAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwI
-UENDbGllbnQxEjAQBgNVBAMMCUV4YW1wbGVDQTAeFw0yMDAzMTExODExMjJaFw0z
-MDAxMTgxODExMjJaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UE
+UENDbGllbnQxEjAQBgNVBAMMCUV4YW1wbGVDQTAeFw0yMDA3MjEyMTQ1MDBaFw0z
+MDA1MzAyMTQ1MDBaMFwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJWQTEQMA4GA1UE
 CgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxGzAZBgNVBAMMEmV4YW1wbGUu
 UklNLnNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKd1lWGk
 SRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44
@@ -10,13 +10,14 @@ SRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44
 j9NL4dcMgxRXsPdHfXb0923C7xYd2t2qfW05umgaj7qeQl6c68CFNsGX4JA8rWFQ
 ZvvGx5DGlK4KTcjPuQQINs5fxasNKqLY2hq+z82x/rqwr2hmyizD6FpFSyIABPEM
 PfB036GEhRwu1WEMkq8yIp2jgRUoFYke9pB3ph9pVow0Hh4mNFSKD4pP41VSKY1n
-us83mdkuukPy5o0CAwEAAaNvMG0wHQYDVR0OBBYEFC/euOfQMKIgnaoBhhqWT+3s
-8rzBMB8GA1UdIwQYMBaAFEahuO3bpnFf0NLneoo8XW6aw5Y4MAkGA1UdEwQCMAAw
-CwYDVR0PBAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUA
-A4IBAQBl2Bu9xpnHCCeeebjx+ILQXJXBd6q5+NQlV3zzBrf0bleZRtsOmsuFvWQo
-KQxsfZuk7QcSvVd/1v8mqwJ0PwbFKQmrhIPWP+iowiBNqpG5PH9YxhpHQ1osOfib
-NLOXMhudIQRY0yAgqQf+MOlXYa0stX8gkgftVBDRutuMKyOTf4a6d8TUcbG2Rnyz
-O/6S9bq4cPDYLqWRBM+aGN8e00UWTKpBl6/1EU8wkJA6WdllK2e8mVkXUPWYyHTZ
-0qQnrYiuLr36ycAznABDzEAoj4tMZbjIAfuscty6Ggzxl1WbyZLI6YzyXALwaYvr
-crTLeyFynlKxuCfDnr1SAHDM65BY
+us83mdkuukPy5o0CAwEAAaOBpzCBpDAdBgNVHQ4EFgQUL96459AwoiCdqgGGGpZP
+7ezyvMEwHwYDVR0jBBgwFoAURqG47dumcV/Q0ud6ijxdbprDljgwCQYDVR0TBAIw
+ADALBgNVHQ8EBAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwNQYIKwYBBQUHAQEE
+KTAnMCUGCCsGAQUFBzAChhlodHRwczovL2V4YW1wbGUuY29tL2NlcnRzMA0GCSqG
+SIb3DQEBCwUAA4IBAQDpKx5oQlkS11cg7Qp58BmCvjCzFpof+qYePooJsD3i5SwK
+fRTa2CkDMww9qrwBK7G60y7jhe5InKTdqIlVqaji5ZImR0QMKTtk7zt9AJ9EaEzK
+xfDiE/qX34KxNe4ZmbvLH8N+BSujQXMMi56zGjW469Y/rbDMG8uU1dq3zqhO5b+d
+Ur1ecdkYLgzxu6O+oWy5JpVibmcjvNezJsUtjc+km2FYm24vU3/fCNzZ2z0EHQES
+cIEQ5OqfpdFrV3De238RhMH6J4xePSidnFpfBc6FrdyDI1A8eRFz36I4xfVL3ZnJ
+P/+j+NE4q6yz5VGvm0npLO394ZihtsI1sRAR8ORJ
 -----END CERTIFICATE-----
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
index 8e15c03b..e4ca291a 100644
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/CredentialParser.java
@@ -1,5 +1,9 @@
 package hirs.swid;
 
+import org.bouncycastle.asn1.x509.AccessDescription;
+import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.GeneralName;
 import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openssl.PEMKeyPair;
@@ -34,6 +38,10 @@ public class CredentialParser {
         return certificate;
     }
 
+    public void setCertificate(X509Certificate certificate) {
+        this.certificate = certificate;
+    }
+
     public PrivateKey getPrivateKey() {
         return privateKey;
     }
@@ -62,13 +70,13 @@ public class CredentialParser {
     }
 
     /**
-     * This method returns the PublicKey object from a PEM certificate file.
+     * This method returns the X509Certificate object from a PEM certificate file.
      * @param certificateFile
      * @return
      * @throws FileNotFoundException
      */
-    public PublicKey parseKeyFromPEMCertificate(String certificateFile) throws FileNotFoundException {
-        return parsePEMCertificate(certificateFile).getPublicKey();
+    public X509Certificate parseCertFromPEM(String certificateFile) throws FileNotFoundException {
+        return parsePEMCertificate(certificateFile);
     }
 
     /**
@@ -207,20 +215,39 @@ public class CredentialParser {
     }
 
     /**
-     * Utility method for extracting the subjectKeyIdentifier from an X509Certificate.
-     * The subjectKeyIdentifier is stored as a DER-encoded octet and will be converted to a String.
+     * This method returns the authorityInfoAccess from an X509Certificate.
      * @return
+     * @throws IOException
+     */
+    public String getCertificateAuthorityInfoAccess() throws IOException {
+        StringBuilder sb = new StringBuilder("Authority Info Access:\n");
+        byte[] extension = certificate.getExtensionValue(Extension.authorityInfoAccess.getId());
+        if (extension != null && extension.length > 0) {
+            AuthorityInformationAccess aia = AuthorityInformationAccess.getInstance(
+                                    JcaX509ExtensionUtils.parseExtensionValue(extension));
+            for (AccessDescription ad : aia.getAccessDescriptions()) {
+                if (ad.getAccessMethod().toString().equals(SwidTagConstants.CA_ISSUERS)) {
+                    sb.append("CA issuers - ");
+                }
+                if (ad.getAccessLocation().getTagNo() == GeneralName.uniformResourceIdentifier) {
+                    sb.append("URI:" + ad.getAccessLocation().getName().toString() + "\n");
+                }
+            }
+        }
+        return sb.toString();
+    }
+
+    /**
+     * This method returns the subjectKeyIdentifier from an X509Certificate.
+     * @return
+     * @throws IOException
      */
     public String getCertificateSubjectKeyIdentifier() throws IOException {
         String decodedValue = null;
-        byte[] extension = certificate.getExtensionValue(SwidTagConstants.CERTIFICATE_SUBJECT_KEY_IDENTIFIER);
-        if (extension != null) {
+        byte[] extension = certificate.getExtensionValue(Extension.subjectKeyIdentifier.getId());
+        if (extension != null && extension.length > 0) {
             decodedValue = JcaX509ExtensionUtils.parseExtensionValue(extension).toString();
         }
-        //If there is a # symbol at the beginning of the string, remove it
-        if (decodedValue.startsWith("#")) {
-            decodedValue = decodedValue.substring(1);
-        }
-        return decodedValue;
+        return decodedValue.substring(1);//Drop the # at the beginning of the string
     }
 }
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java
index 51c2a3fc..98a22402 100644
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagConstants.java
@@ -145,5 +145,5 @@ public class SwidTagConstants {
             "http://csrc.nist.gov/ns/swid/2015-extensions/1.0",
             "pathSeparator", "n8060");
 
-    public static final String CERTIFICATE_SUBJECT_KEY_IDENTIFIER = "2.5.29.14";
+    public static final String CA_ISSUERS = "1.3.6.1.5.5.7.48.2";
 }
diff --git a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java
index 2b88f71e..74c5165e 100644
--- a/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java
+++ b/tools/tcg_rim_tool/src/main/java/hirs/swid/SwidTagValidator.java
@@ -92,10 +92,10 @@ public class SwidTagValidator {
         if (HashSwid.get256Hash(filepath).equals(
                 file.getAttribute(SwidTagConstants._SHA256_HASH.getPrefix() + ":" +
                         SwidTagConstants._SHA256_HASH.getLocalPart()))) {
-            System.out.println("Support RIM hash verified!");
+            System.out.println("Support RIM hash verified!" + System.lineSeparator());
             return true;
         } else {
-            System.out.println("Support RIM hash does not match Base RIM!");
+            System.out.println("Support RIM hash does not match Base RIM!" + System.lineSeparator());
             return false;
         }
     }
@@ -119,7 +119,10 @@ public class SwidTagValidator {
             } else {
                 CredentialParser cp = new CredentialParser();
                 if (!certificateFile.isEmpty()) {
-                    context = new DOMValidateContext(cp.parseKeyFromPEMCertificate(certificateFile), nodes.item(0));
+                    X509Certificate certificate = cp.parseCertFromPEM(certificateFile);
+                    cp.setCertificate(certificate);
+                    System.out.println(cp.getCertificateAuthorityInfoAccess());
+                    context = new DOMValidateContext(certificate.getPublicKey(), nodes.item(0));
                 } else {
                     System.out.println("Signing certificate not found for validation!");
                     System.exit(1);
diff --git a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
index eb13e379..ce3ff320 100644
--- a/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
+++ b/tools/tcg_rim_tool/src/test/java/hirs/swid/TestSwidTagGateway.java
@@ -43,6 +43,7 @@ public class TestSwidTagGateway {
 	/**
 	 * This test corresponds to the arguments:
 	 * -c base -l TpmLog.bin -k privateRimKey.pem -p RimSignCert.pem
+	 * where RimSignCert.pem has the AIA extension.
 	 */
 	@Test
 	public void testCreateBaseWithCert() throws URISyntaxException {
diff --git a/tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag b/tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag
index a48b2fa7..ebe47437 100644
--- a/tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag
+++ b/tools/tcg_rim_tool/src/test/resources/generated_with_cert.swidtag
@@ -28,23 +28,24 @@ xqXw1SLqAm8ngL9Haj2Ww+y0PEZfo++JlOMZuQ==</SignatureValue>
     <KeyInfo>
       <X509Data>
         <X509SubjectName>CN=example.RIM.signer,OU=PCClient,O=Example,ST=VA,C=US</X509SubjectName>
-        <X509Certificate>MIIDoTCCAomgAwIBAgIJAPB+r6VBhBn5MA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAlVTMQsw
+        <X509Certificate>MIID2jCCAsKgAwIBAgIJAP0uwoNdwZDFMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAlVTMQsw
 CQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxEjAQBgNVBAMM
-CUV4YW1wbGVDQTAeFw0yMDAzMTExODExMjJaFw0zMDAxMTgxODExMjJaMFwxCzAJBgNVBAYTAlVT
+CUV4YW1wbGVDQTAeFw0yMDA3MjEyMTQ1MDBaFw0zMDA1MzAyMTQ1MDBaMFwxCzAJBgNVBAYTAlVT
 MQswCQYDVQQIDAJWQTEQMA4GA1UECgwHRXhhbXBsZTERMA8GA1UECwwIUENDbGllbnQxGzAZBgNV
 BAMMEmV4YW1wbGUuUklNLnNpZ25lcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKd1
 lWGkSRuxAAY2wHag2GVxUk1dZx2PTpfQOflvLeccAVwa8mQhlsRERq+QK8ilj8Xfqs44/nBaccZD
 OjdfIxIUCMfwhGXjxCaqZbgTucNsExDnu4arTGraoAwzHg0cVLiKT/Cxj9NL4dcMgxRXsPdHfXb0
 923C7xYd2t2qfW05umgaj7qeQl6c68CFNsGX4JA8rWFQZvvGx5DGlK4KTcjPuQQINs5fxasNKqLY
 2hq+z82x/rqwr2hmyizD6FpFSyIABPEMPfB036GEhRwu1WEMkq8yIp2jgRUoFYke9pB3ph9pVow0
-Hh4mNFSKD4pP41VSKY1nus83mdkuukPy5o0CAwEAAaNvMG0wHQYDVR0OBBYEFC/euOfQMKIgnaoB
-hhqWT+3s8rzBMB8GA1UdIwQYMBaAFEahuO3bpnFf0NLneoo8XW6aw5Y4MAkGA1UdEwQCMAAwCwYD
-VR0PBAQDAgbAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQBl2Bu9xpnH
-CCeeebjx+ILQXJXBd6q5+NQlV3zzBrf0bleZRtsOmsuFvWQoKQxsfZuk7QcSvVd/1v8mqwJ0PwbF
-KQmrhIPWP+iowiBNqpG5PH9YxhpHQ1osOfibNLOXMhudIQRY0yAgqQf+MOlXYa0stX8gkgftVBDR
-utuMKyOTf4a6d8TUcbG2RnyzO/6S9bq4cPDYLqWRBM+aGN8e00UWTKpBl6/1EU8wkJA6WdllK2e8
-mVkXUPWYyHTZ0qQnrYiuLr36ycAznABDzEAoj4tMZbjIAfuscty6Ggzxl1WbyZLI6YzyXALwaYvr
-crTLeyFynlKxuCfDnr1SAHDM65BY</X509Certificate>
+Hh4mNFSKD4pP41VSKY1nus83mdkuukPy5o0CAwEAAaOBpzCBpDAdBgNVHQ4EFgQUL96459AwoiCd
+qgGGGpZP7ezyvMEwHwYDVR0jBBgwFoAURqG47dumcV/Q0ud6ijxdbprDljgwCQYDVR0TBAIwADAL
+BgNVHQ8EBAMCBsAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwNQYIKwYBBQUHAQEEKTAnMCUGCCsGAQUF
+BzAChhlodHRwczovL2V4YW1wbGUuY29tL2NlcnRzMA0GCSqGSIb3DQEBCwUAA4IBAQDpKx5oQlkS
+11cg7Qp58BmCvjCzFpof+qYePooJsD3i5SwKfRTa2CkDMww9qrwBK7G60y7jhe5InKTdqIlVqaji
+5ZImR0QMKTtk7zt9AJ9EaEzKxfDiE/qX34KxNe4ZmbvLH8N+BSujQXMMi56zGjW469Y/rbDMG8uU
+1dq3zqhO5b+dUr1ecdkYLgzxu6O+oWy5JpVibmcjvNezJsUtjc+km2FYm24vU3/fCNzZ2z0EHQES
+cIEQ5OqfpdFrV3De238RhMH6J4xePSidnFpfBc6FrdyDI1A8eRFz36I4xfVL3ZnJP/+j+NE4q6yz
+5VGvm0npLO394ZihtsI1sRAR8ORJ</X509Certificate>
       </X509Data>
       <KeyValue>
         <RSAKeyValue>