diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.manual.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.manual.cs
index 058093035af1ec..b8a5da88b67b47 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.manual.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.manual.cs
@@ -59,4 +59,59 @@ internal static bool RepresentsNull(ReadOnlyMemory<byte>? parameters)
             return span[1] == 0;
         }
     }
+
+    internal ref partial struct ValueAlgorithmIdentifierAsn
+    {
+        internal static ReadOnlySpan<byte> ExplicitDerNull => [0x05, 0x00];
+
+        internal bool Equals(ref readonly ValueAlgorithmIdentifierAsn other)
+        {
+            if (Algorithm != other.Algorithm)
+            {
+                return false;
+            }
+
+            bool isNull = RepresentsNull(ref this);
+            bool isOtherNull = RepresentsNull(in other);
+
+            if (isNull != isOtherNull)
+            {
+                return false;
+            }
+
+            if (isNull)
+            {
+                return true;
+            }
+
+            return Parameters.SequenceEqual(other.Parameters);
+        }
+
+        internal readonly bool HasNullEquivalentParameters()
+        {
+            return RepresentsNull(in this);
+        }
+
+        internal static bool RepresentsNull(ref readonly ValueAlgorithmIdentifierAsn algorithm)
+        {
+            if (!algorithm.HasParameters)
+            {
+                return true;
+            }
+
+            ReadOnlySpan<byte> span = algorithm.Parameters;
+
+            if (span.Length != 2)
+            {
+                return false;
+            }
+
+            if (span[0] != 0x05)
+            {
+                return false;
+            }
+
+            return span[1] == 0;
+        }
+    }
 }
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.xml b/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.xml
index 980d0f2d6fb0e2..29cfb3d2d04563 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.xml
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.xml
@@ -2,7 +2,8 @@
 <asn:Sequence
   xmlns:asn="http://schemas.dot.net/asnxml/201808/"
   name="AlgorithmIdentifierAsn"
-  namespace="System.Security.Cryptography.Asn1">
+  namespace="System.Security.Cryptography.Asn1"
+  emitType="both">
     
   <!--
     https://tools.ietf.org/html/rfc3280#section-4.1.1.2
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.xml.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.xml.cs
index 6dd8bd908c66b6..f9b8eae0bdf29d 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.xml.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/AlgorithmIdentifierAsn.xml.cs
@@ -102,6 +102,68 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
 
 
+            sequenceReader.ThrowIfNotEmpty();
+        }
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal ref partial struct ValueAlgorithmIdentifierAsn
+    {
+        internal string Algorithm;
+        internal ReadOnlySpan<byte> Parameters;
+        internal bool HasParameters;
+
+        internal static void Decode(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueAlgorithmIdentifierAsn decoded)
+        {
+            Decode(Asn1Tag.Sequence, encoded, ruleSet, out decoded);
+        }
+
+        internal static void Decode(Asn1Tag expectedTag, ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueAlgorithmIdentifierAsn decoded)
+        {
+            try
+            {
+                ValueAsnReader reader = new ValueAsnReader(encoded, ruleSet);
+
+                DecodeCore(ref reader, expectedTag, out decoded);
+                reader.ThrowIfNotEmpty();
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, out ValueAlgorithmIdentifierAsn decoded)
+        {
+            Decode(ref reader, Asn1Tag.Sequence, out decoded);
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueAlgorithmIdentifierAsn decoded)
+        {
+            try
+            {
+                DecodeCore(ref reader, expectedTag, out decoded);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        private static void DecodeCore(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueAlgorithmIdentifierAsn decoded)
+        {
+            decoded = default;
+            ValueAsnReader sequenceReader = reader.ReadSequence(expectedTag);
+
+            decoded.Algorithm = sequenceReader.ReadObjectIdentifier();
+
+            if (sequenceReader.HasData)
+            {
+                decoded.Parameters = sequenceReader.ReadEncodedValue();
+                decoded.HasParameters = true;
+            }
+
+
             sequenceReader.ThrowIfNotEmpty();
         }
     }
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/AttributeAsn.xml b/src/libraries/Common/src/System/Security/Cryptography/Asn1/AttributeAsn.xml
index 9aa30a1ce40cf4..3e0a9228c41188 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/AttributeAsn.xml
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/AttributeAsn.xml
@@ -2,7 +2,8 @@
 <asn:Sequence
   xmlns:asn="http://schemas.dot.net/asnxml/201808/"
   name="AttributeAsn"
-  namespace="System.Security.Cryptography.Asn1">
+  namespace="System.Security.Cryptography.Asn1"
+  emitType="both">
 
   <!--
     https://tools.ietf.org/html/rfc5652#section-5.3
@@ -15,7 +16,7 @@
     AttributeValue ::= ANY
   -->
   <asn:ObjectIdentifier name="AttrType" />
-  <asn:SetOf name="AttrValues">
+  <asn:SetOf name="AttrValues" valueName="GetAttrValues">
 	  <asn:AnyValue />
   </asn:SetOf>
 </asn:Sequence>
\ No newline at end of file
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/AttributeAsn.xml.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/AttributeAsn.xml.cs
index ad217282851c8c..a25b39a22327c6 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/AttributeAsn.xml.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/AttributeAsn.xml.cs
@@ -119,4 +119,116 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             sequenceReader.ThrowIfNotEmpty();
         }
     }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal ref partial struct ValueAttributeAsn
+    {
+        internal string AttrType;
+        internal ReadOnlySpan<byte> AttrValues;
+
+        internal static void Decode(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueAttributeAsn decoded)
+        {
+            Decode(Asn1Tag.Sequence, encoded, ruleSet, out decoded);
+        }
+
+        internal static void Decode(Asn1Tag expectedTag, ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueAttributeAsn decoded)
+        {
+            try
+            {
+                ValueAsnReader reader = new ValueAsnReader(encoded, ruleSet);
+
+                DecodeCore(ref reader, expectedTag, out decoded);
+                reader.ThrowIfNotEmpty();
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, out ValueAttributeAsn decoded)
+        {
+            Decode(ref reader, Asn1Tag.Sequence, out decoded);
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueAttributeAsn decoded)
+        {
+            try
+            {
+                DecodeCore(ref reader, expectedTag, out decoded);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        private static void DecodeCore(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueAttributeAsn decoded)
+        {
+            decoded = default;
+            ValueAsnReader sequenceReader = reader.ReadSequence(expectedTag);
+
+            decoded.AttrType = sequenceReader.ReadObjectIdentifier();
+
+            if (!sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.SetOf))
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
+            }
+
+            decoded.AttrValues = sequenceReader.ReadEncodedValue();
+
+            sequenceReader.ThrowIfNotEmpty();
+        }
+
+
+        internal AttrValuesEnumerable GetAttrValues(AsnEncodingRules ruleSet)
+        {
+            return new AttrValuesEnumerable(AttrValues, ruleSet);
+        }
+
+        internal readonly ref struct AttrValuesEnumerable
+        {
+            private readonly ReadOnlySpan<byte> _encoded;
+            private readonly AsnEncodingRules _ruleSet;
+
+            internal AttrValuesEnumerable(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet)
+            {
+                _encoded = encoded;
+                _ruleSet = ruleSet;
+            }
+
+            public Enumerator GetEnumerator() => new Enumerator(_encoded, _ruleSet);
+
+            internal ref struct Enumerator
+            {
+                private ValueAsnReader _reader;
+                private ReadOnlySpan<byte> _current;
+
+                internal Enumerator(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet)
+                {
+                    if (!encoded.IsEmpty)
+                    {
+                        ValueAsnReader outerReader = new ValueAsnReader(encoded, ruleSet);
+                        _reader = outerReader.ReadSetOf();
+                        outerReader.ThrowIfNotEmpty();
+                    }
+
+                    _current = default;
+                }
+
+                public ReadOnlySpan<byte> Current => _current;
+
+                public bool MoveNext()
+                {
+                    if (!_reader.HasData)
+                    {
+                        return false;
+                    }
+
+                    _current = _reader.ReadEncodedValue();
+                    return true;
+                }
+            }
+        }
+    }
 }
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/GeneralSubtreeAsn.xml.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/GeneralSubtreeAsn.xml.cs
index 66366c549c4323..c8f2f2a4036c9c 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/GeneralSubtreeAsn.xml.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/GeneralSubtreeAsn.xml.cs
@@ -8,22 +8,17 @@
 
 namespace System.Security.Cryptography.X509Certificates.Asn1
 {
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct GeneralSubtreeAsn
+    file static class SharedGeneralSubtreeAsn
     {
-        private static ReadOnlySpan<byte> DefaultMinimum => [0x02, 0x01, 0x00];
-
-        internal System.Security.Cryptography.Asn1.GeneralNameAsn Base;
-        internal int Minimum;
-        internal int? Maximum;
+        internal static ReadOnlySpan<byte> DefaultMinimum => [0x02, 0x01, 0x00];
 
 #if DEBUG
-        static GeneralSubtreeAsn()
+        static SharedGeneralSubtreeAsn()
         {
             GeneralSubtreeAsn decoded = default;
             ValueAsnReader reader;
 
-            reader = new ValueAsnReader(DefaultMinimum, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedGeneralSubtreeAsn.DefaultMinimum, AsnEncodingRules.DER);
 
             if (!reader.TryReadInt32(out decoded.Minimum))
             {
@@ -33,6 +28,14 @@ static GeneralSubtreeAsn()
             reader.ThrowIfNotEmpty();
         }
 #endif
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct GeneralSubtreeAsn
+    {
+        internal System.Security.Cryptography.Asn1.GeneralNameAsn Base;
+        internal int Minimum;
+        internal int? Maximum;
 
         internal readonly void Encode(AsnWriter writer)
         {
@@ -51,7 +54,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER, initialCapacity: AsnManagedIntegerDerMaxEncodeSize);
                 tmp.WriteInteger(Minimum);
 
-                if (!tmp.EncodedValueEquals(DefaultMinimum))
+                if (!tmp.EncodedValueEquals(SharedGeneralSubtreeAsn.DefaultMinimum))
                 {
                     writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
                     tmp.CopyTo(writer);
@@ -130,7 +133,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultMinimum, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedGeneralSubtreeAsn.DefaultMinimum, AsnEncodingRules.DER);
 
                 if (!defaultReader.TryReadInt32(out decoded.Minimum))
                 {
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/OaepParamsAsn.xml.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/OaepParamsAsn.xml.cs
index e2b2098b80911e..1bfeabc1e0347a 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/OaepParamsAsn.xml.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/OaepParamsAsn.xml.cs
@@ -8,39 +8,42 @@
 
 namespace System.Security.Cryptography.Asn1
 {
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct OaepParamsAsn
+    file static class SharedOaepParamsAsn
     {
-        private static ReadOnlySpan<byte> DefaultHashFunc => [0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00];
+        internal static ReadOnlySpan<byte> DefaultHashFunc => [0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00];
 
-        private static ReadOnlySpan<byte> DefaultMaskGenFunc => [0x30, 0x16, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00];
+        internal static ReadOnlySpan<byte> DefaultMaskGenFunc => [0x30, 0x16, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00];
 
-        private static ReadOnlySpan<byte> DefaultPSourceFunc => [0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x09, 0x04, 0x00];
-
-        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn HashFunc;
-        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn MaskGenFunc;
-        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn PSourceFunc;
+        internal static ReadOnlySpan<byte> DefaultPSourceFunc => [0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x09, 0x04, 0x00];
 
 #if DEBUG
-        static OaepParamsAsn()
+        static SharedOaepParamsAsn()
         {
             OaepParamsAsn decoded = default;
             ReadOnlyMemory<byte> rebind = default;
             ValueAsnReader reader;
 
-            reader = new ValueAsnReader(DefaultHashFunc, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedOaepParamsAsn.DefaultHashFunc, AsnEncodingRules.DER);
             System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref reader, rebind, out decoded.HashFunc);
             reader.ThrowIfNotEmpty();
 
-            reader = new ValueAsnReader(DefaultMaskGenFunc, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedOaepParamsAsn.DefaultMaskGenFunc, AsnEncodingRules.DER);
             System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref reader, rebind, out decoded.MaskGenFunc);
             reader.ThrowIfNotEmpty();
 
-            reader = new ValueAsnReader(DefaultPSourceFunc, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedOaepParamsAsn.DefaultPSourceFunc, AsnEncodingRules.DER);
             System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref reader, rebind, out decoded.PSourceFunc);
             reader.ThrowIfNotEmpty();
         }
 #endif
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct OaepParamsAsn
+    {
+        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn HashFunc;
+        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn MaskGenFunc;
+        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn PSourceFunc;
 
         internal readonly void Encode(AsnWriter writer)
         {
@@ -57,7 +60,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER);
                 HashFunc.Encode(tmp);
 
-                if (!tmp.EncodedValueEquals(DefaultHashFunc))
+                if (!tmp.EncodedValueEquals(SharedOaepParamsAsn.DefaultHashFunc))
                 {
                     writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
                     tmp.CopyTo(writer);
@@ -71,7 +74,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER);
                 MaskGenFunc.Encode(tmp);
 
-                if (!tmp.EncodedValueEquals(DefaultMaskGenFunc))
+                if (!tmp.EncodedValueEquals(SharedOaepParamsAsn.DefaultMaskGenFunc))
                 {
                     writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
                     tmp.CopyTo(writer);
@@ -85,7 +88,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER);
                 PSourceFunc.Encode(tmp);
 
-                if (!tmp.EncodedValueEquals(DefaultPSourceFunc))
+                if (!tmp.EncodedValueEquals(SharedOaepParamsAsn.DefaultPSourceFunc))
                 {
                     writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
                     tmp.CopyTo(writer);
@@ -150,7 +153,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultHashFunc, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedOaepParamsAsn.DefaultHashFunc, AsnEncodingRules.DER);
                 System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref defaultReader, rebind, out decoded.HashFunc);
             }
 
@@ -163,7 +166,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultMaskGenFunc, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedOaepParamsAsn.DefaultMaskGenFunc, AsnEncodingRules.DER);
                 System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref defaultReader, rebind, out decoded.MaskGenFunc);
             }
 
@@ -176,7 +179,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultPSourceFunc, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedOaepParamsAsn.DefaultPSourceFunc, AsnEncodingRules.DER);
                 System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref defaultReader, rebind, out decoded.PSourceFunc);
             }
 
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pbkdf2Params.xml.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pbkdf2Params.xml.cs
index 77496a88650038..0012541c13dbf3 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pbkdf2Params.xml.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pbkdf2Params.xml.cs
@@ -8,28 +8,31 @@
 
 namespace System.Security.Cryptography.Asn1
 {
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct Pbkdf2Params
+    file static class SharedPbkdf2Params
     {
-        private static ReadOnlySpan<byte> DefaultPrf => [0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x07, 0x05, 0x00];
-
-        internal System.Security.Cryptography.Asn1.Pbkdf2SaltChoice Salt;
-        internal int IterationCount;
-        internal int? KeyLength;
-        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn Prf;
+        internal static ReadOnlySpan<byte> DefaultPrf => [0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x07, 0x05, 0x00];
 
 #if DEBUG
-        static Pbkdf2Params()
+        static SharedPbkdf2Params()
         {
             Pbkdf2Params decoded = default;
             ReadOnlyMemory<byte> rebind = default;
             ValueAsnReader reader;
 
-            reader = new ValueAsnReader(DefaultPrf, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedPbkdf2Params.DefaultPrf, AsnEncodingRules.DER);
             System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref reader, rebind, out decoded.Prf);
             reader.ThrowIfNotEmpty();
         }
 #endif
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct Pbkdf2Params
+    {
+        internal System.Security.Cryptography.Asn1.Pbkdf2SaltChoice Salt;
+        internal int IterationCount;
+        internal int? KeyLength;
+        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn Prf;
 
         internal readonly void Encode(AsnWriter writer)
         {
@@ -54,7 +57,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER);
                 Prf.Encode(tmp);
 
-                if (!tmp.EncodedValueEquals(DefaultPrf))
+                if (!tmp.EncodedValueEquals(SharedPbkdf2Params.DefaultPrf))
                 {
                     tmp.CopyTo(writer);
                 }
@@ -136,7 +139,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultPrf, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedPbkdf2Params.DefaultPrf, AsnEncodingRules.DER);
                 System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref defaultReader, rebind, out decoded.Prf);
             }
 
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pkcs12/MacData.xml.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pkcs12/MacData.xml.cs
index 7c4e07d3702975..d6c26ba509af78 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pkcs12/MacData.xml.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/Pkcs12/MacData.xml.cs
@@ -8,22 +8,17 @@
 
 namespace System.Security.Cryptography.Asn1.Pkcs12
 {
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct MacData
+    file static class SharedMacData
     {
-        private static ReadOnlySpan<byte> DefaultIterationCount => [0x02, 0x01, 0x01];
-
-        internal System.Security.Cryptography.Asn1.DigestInfoAsn Mac;
-        internal ReadOnlyMemory<byte> MacSalt;
-        internal int IterationCount;
+        internal static ReadOnlySpan<byte> DefaultIterationCount => [0x02, 0x01, 0x01];
 
 #if DEBUG
-        static MacData()
+        static SharedMacData()
         {
             MacData decoded = default;
             ValueAsnReader reader;
 
-            reader = new ValueAsnReader(DefaultIterationCount, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedMacData.DefaultIterationCount, AsnEncodingRules.DER);
 
             if (!reader.TryReadInt32(out decoded.IterationCount))
             {
@@ -33,6 +28,14 @@ static MacData()
             reader.ThrowIfNotEmpty();
         }
 #endif
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct MacData
+    {
+        internal System.Security.Cryptography.Asn1.DigestInfoAsn Mac;
+        internal ReadOnlyMemory<byte> MacSalt;
+        internal int IterationCount;
 
         internal readonly void Encode(AsnWriter writer)
         {
@@ -52,7 +55,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER, initialCapacity: AsnManagedIntegerDerMaxEncodeSize);
                 tmp.WriteInteger(IterationCount);
 
-                if (!tmp.EncodedValueEquals(DefaultIterationCount))
+                if (!tmp.EncodedValueEquals(SharedMacData.DefaultIterationCount))
                 {
                     tmp.CopyTo(writer);
                 }
@@ -131,7 +134,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultIterationCount, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedMacData.DefaultIterationCount, AsnEncodingRules.DER);
 
                 if (!defaultReader.TryReadInt32(out decoded.IterationCount))
                 {
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.manual.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.manual.cs
index b80004f5efa50c..9dede0a3d7d312 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.manual.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.manual.cs
@@ -61,4 +61,60 @@ internal RSASignaturePadding GetSignaturePadding(
             return RSASignaturePadding.Pss;
         }
     }
+
+    internal ref partial struct ValuePssParamsAsn
+    {
+        internal RSASignaturePadding GetSignaturePadding(int? digestValueLength = null)
+        {
+            if (TrailerField != 1)
+            {
+                throw new CryptographicException(SR.Cryptography_Pkcs_InvalidSignatureParameters);
+            }
+
+            if (MaskGenAlgorithm.Algorithm != Oids.Mgf1)
+            {
+                throw new CryptographicException(
+                    SR.Cryptography_Pkcs_PssParametersMgfNotSupported,
+                    MaskGenAlgorithm.Algorithm);
+            }
+
+            if (!MaskGenAlgorithm.HasParameters)
+            {
+                throw new CryptographicException(SR.Cryptography_Pkcs_InvalidSignatureParameters);
+            }
+
+            ValueAlgorithmIdentifierAsn.Decode(
+                MaskGenAlgorithm.Parameters,
+                AsnEncodingRules.DER,
+                out ValueAlgorithmIdentifierAsn mgfParams);
+
+            if (mgfParams.Algorithm != HashAlgorithm.Algorithm)
+            {
+                throw new CryptographicException(
+                    SR.Format(
+                        SR.Cryptography_Pkcs_PssParametersMgfHashMismatch,
+                        mgfParams.Algorithm,
+                        HashAlgorithm.Algorithm));
+            }
+
+            int saltSize = digestValueLength.GetValueOrDefault();
+
+            if (!digestValueLength.HasValue)
+            {
+                saltSize = Helpers.HashOidToByteLength(HashAlgorithm.Algorithm);
+            }
+
+            if (SaltLength != saltSize)
+            {
+                throw new CryptographicException(
+                    SR.Format(
+                        SR.Cryptography_Pkcs_PssParametersSaltMismatch,
+                        SaltLength,
+                        HashAlgorithm.Algorithm));
+            }
+
+            // When RSASignaturePadding supports custom salt sizes this return will look different.
+            return RSASignaturePadding.Pss;
+        }
+    }
 }
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.xml b/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.xml
index b80c54c49c7324..e3e3f32adf9f51 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.xml
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.xml
@@ -2,11 +2,12 @@
 <asn:Sequence
   xmlns:asn="http://schemas.dot.net/asnxml/201808/"
   name="PssParamsAsn"
-  namespace="System.Security.Cryptography.Asn1">
+  namespace="System.Security.Cryptography.Asn1"
+  emitType="both">
 
   <!--
     https://tools.ietf.org/html/rfc8017#appendix-A.2.3
-    
+
     RSASSA-PSS-params ::= SEQUENCE {
         hashAlgorithm[0] HashAlgorithm      DEFAULT sha1,
         maskGenAlgorithm[1] MaskGenAlgorithm DEFAULT mgf1SHA1,
@@ -14,8 +15,18 @@
         trailerField[3] TrailerField       DEFAULT trailerFieldBC
     }
   -->
-  <asn:AsnType name="HashAlgorithm" typeName="System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn" explicitTag="0" defaultDerInit="0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00" />
-  <asn:AsnType name="MaskGenAlgorithm" typeName="System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn" explicitTag="1" defaultDerInit="0x30, 0x16, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00" />
+  <asn:AsnType
+    name="HashAlgorithm"
+    typeName="System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn"
+    valueTypeName="System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn"
+    explicitTag="0"
+    defaultDerInit="0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00" />
+  <asn:AsnType
+    name="MaskGenAlgorithm"
+    typeName="System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn"
+    valueTypeName="System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn"
+    explicitTag="1"
+    defaultDerInit="0x30, 0x16, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00" />
   <asn:Integer name="SaltLength" explicitTag="2" backingType="int" defaultDerInit="0x02, 0x01, 0x14" />
   <asn:Integer name="TrailerField" explicitTag="3" backingType="int" defaultDerInit="0x02, 0x01, 0x01" />
-</asn:Sequence>
\ No newline at end of file
+</asn:Sequence>
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.xml.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.xml.cs
index 4c952f6a3f49dc..43e8ff1f4c64ad 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.xml.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.xml.cs
@@ -8,38 +8,32 @@
 
 namespace System.Security.Cryptography.Asn1
 {
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct PssParamsAsn
+    file static class SharedPssParamsAsn
     {
-        private static ReadOnlySpan<byte> DefaultHashAlgorithm => [0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00];
+        internal static ReadOnlySpan<byte> DefaultHashAlgorithm => [0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00];
 
-        private static ReadOnlySpan<byte> DefaultMaskGenAlgorithm => [0x30, 0x16, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00];
+        internal static ReadOnlySpan<byte> DefaultMaskGenAlgorithm => [0x30, 0x16, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x08, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00];
 
-        private static ReadOnlySpan<byte> DefaultSaltLength => [0x02, 0x01, 0x14];
+        internal static ReadOnlySpan<byte> DefaultSaltLength => [0x02, 0x01, 0x14];
 
-        private static ReadOnlySpan<byte> DefaultTrailerField => [0x02, 0x01, 0x01];
-
-        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn HashAlgorithm;
-        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn MaskGenAlgorithm;
-        internal int SaltLength;
-        internal int TrailerField;
+        internal static ReadOnlySpan<byte> DefaultTrailerField => [0x02, 0x01, 0x01];
 
 #if DEBUG
-        static PssParamsAsn()
+        static SharedPssParamsAsn()
         {
             PssParamsAsn decoded = default;
             ReadOnlyMemory<byte> rebind = default;
             ValueAsnReader reader;
 
-            reader = new ValueAsnReader(DefaultHashAlgorithm, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedPssParamsAsn.DefaultHashAlgorithm, AsnEncodingRules.DER);
             System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref reader, rebind, out decoded.HashAlgorithm);
             reader.ThrowIfNotEmpty();
 
-            reader = new ValueAsnReader(DefaultMaskGenAlgorithm, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedPssParamsAsn.DefaultMaskGenAlgorithm, AsnEncodingRules.DER);
             System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref reader, rebind, out decoded.MaskGenAlgorithm);
             reader.ThrowIfNotEmpty();
 
-            reader = new ValueAsnReader(DefaultSaltLength, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedPssParamsAsn.DefaultSaltLength, AsnEncodingRules.DER);
 
             if (!reader.TryReadInt32(out decoded.SaltLength))
             {
@@ -48,7 +42,7 @@ static PssParamsAsn()
 
             reader.ThrowIfNotEmpty();
 
-            reader = new ValueAsnReader(DefaultTrailerField, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedPssParamsAsn.DefaultTrailerField, AsnEncodingRules.DER);
 
             if (!reader.TryReadInt32(out decoded.TrailerField))
             {
@@ -58,6 +52,15 @@ static PssParamsAsn()
             reader.ThrowIfNotEmpty();
         }
 #endif
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct PssParamsAsn
+    {
+        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn HashAlgorithm;
+        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn MaskGenAlgorithm;
+        internal int SaltLength;
+        internal int TrailerField;
 
         internal readonly void Encode(AsnWriter writer)
         {
@@ -74,7 +77,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER);
                 HashAlgorithm.Encode(tmp);
 
-                if (!tmp.EncodedValueEquals(DefaultHashAlgorithm))
+                if (!tmp.EncodedValueEquals(SharedPssParamsAsn.DefaultHashAlgorithm))
                 {
                     writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
                     tmp.CopyTo(writer);
@@ -88,7 +91,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER);
                 MaskGenAlgorithm.Encode(tmp);
 
-                if (!tmp.EncodedValueEquals(DefaultMaskGenAlgorithm))
+                if (!tmp.EncodedValueEquals(SharedPssParamsAsn.DefaultMaskGenAlgorithm))
                 {
                     writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
                     tmp.CopyTo(writer);
@@ -103,7 +106,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER, initialCapacity: AsnManagedIntegerDerMaxEncodeSize);
                 tmp.WriteInteger(SaltLength);
 
-                if (!tmp.EncodedValueEquals(DefaultSaltLength))
+                if (!tmp.EncodedValueEquals(SharedPssParamsAsn.DefaultSaltLength))
                 {
                     writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
                     tmp.CopyTo(writer);
@@ -118,7 +121,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER, initialCapacity: AsnManagedIntegerDerMaxEncodeSize);
                 tmp.WriteInteger(TrailerField);
 
-                if (!tmp.EncodedValueEquals(DefaultTrailerField))
+                if (!tmp.EncodedValueEquals(SharedPssParamsAsn.DefaultTrailerField))
                 {
                     writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
                     tmp.CopyTo(writer);
@@ -183,7 +186,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultHashAlgorithm, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedPssParamsAsn.DefaultHashAlgorithm, AsnEncodingRules.DER);
                 System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref defaultReader, rebind, out decoded.HashAlgorithm);
             }
 
@@ -196,7 +199,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultMaskGenAlgorithm, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedPssParamsAsn.DefaultMaskGenAlgorithm, AsnEncodingRules.DER);
                 System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref defaultReader, rebind, out decoded.MaskGenAlgorithm);
             }
 
@@ -214,7 +217,136 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultSaltLength, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedPssParamsAsn.DefaultSaltLength, AsnEncodingRules.DER);
+
+                if (!defaultReader.TryReadInt32(out decoded.SaltLength))
+                {
+                    defaultReader.ThrowIfNotEmpty();
+                }
+
+            }
+
+
+            if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 3)))
+            {
+                explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 3));
+
+                if (!explicitReader.TryReadInt32(out decoded.TrailerField))
+                {
+                    explicitReader.ThrowIfNotEmpty();
+                }
+
+                explicitReader.ThrowIfNotEmpty();
+            }
+            else
+            {
+                defaultReader = new ValueAsnReader(SharedPssParamsAsn.DefaultTrailerField, AsnEncodingRules.DER);
+
+                if (!defaultReader.TryReadInt32(out decoded.TrailerField))
+                {
+                    defaultReader.ThrowIfNotEmpty();
+                }
+
+            }
+
+
+            sequenceReader.ThrowIfNotEmpty();
+        }
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal ref partial struct ValuePssParamsAsn
+    {
+        internal System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn HashAlgorithm;
+        internal System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn MaskGenAlgorithm;
+        internal int SaltLength;
+        internal int TrailerField;
+
+        internal static void Decode(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValuePssParamsAsn decoded)
+        {
+            Decode(Asn1Tag.Sequence, encoded, ruleSet, out decoded);
+        }
+
+        internal static void Decode(Asn1Tag expectedTag, ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValuePssParamsAsn decoded)
+        {
+            try
+            {
+                ValueAsnReader reader = new ValueAsnReader(encoded, ruleSet);
+
+                DecodeCore(ref reader, expectedTag, out decoded);
+                reader.ThrowIfNotEmpty();
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, out ValuePssParamsAsn decoded)
+        {
+            Decode(ref reader, Asn1Tag.Sequence, out decoded);
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValuePssParamsAsn decoded)
+        {
+            try
+            {
+                DecodeCore(ref reader, expectedTag, out decoded);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        private static void DecodeCore(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValuePssParamsAsn decoded)
+        {
+            decoded = default;
+            ValueAsnReader sequenceReader = reader.ReadSequence(expectedTag);
+            ValueAsnReader explicitReader;
+            ValueAsnReader defaultReader;
+
+
+            if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
+            {
+                explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
+                System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn.Decode(ref explicitReader, out decoded.HashAlgorithm);
+                explicitReader.ThrowIfNotEmpty();
+            }
+            else
+            {
+                defaultReader = new ValueAsnReader(SharedPssParamsAsn.DefaultHashAlgorithm, AsnEncodingRules.DER);
+                System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn.Decode(ref defaultReader, out decoded.HashAlgorithm);
+            }
+
+
+            if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 1)))
+            {
+                explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 1));
+                System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn.Decode(ref explicitReader, out decoded.MaskGenAlgorithm);
+                explicitReader.ThrowIfNotEmpty();
+            }
+            else
+            {
+                defaultReader = new ValueAsnReader(SharedPssParamsAsn.DefaultMaskGenAlgorithm, AsnEncodingRules.DER);
+                System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn.Decode(ref defaultReader, out decoded.MaskGenAlgorithm);
+            }
+
+
+            if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 2)))
+            {
+                explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 2));
+
+                if (!explicitReader.TryReadInt32(out decoded.SaltLength))
+                {
+                    explicitReader.ThrowIfNotEmpty();
+                }
+
+                explicitReader.ThrowIfNotEmpty();
+            }
+            else
+            {
+                defaultReader = new ValueAsnReader(SharedPssParamsAsn.DefaultSaltLength, AsnEncodingRules.DER);
 
                 if (!defaultReader.TryReadInt32(out decoded.SaltLength))
                 {
@@ -237,7 +369,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultTrailerField, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedPssParamsAsn.DefaultTrailerField, AsnEncodingRules.DER);
 
                 if (!defaultReader.TryReadInt32(out decoded.TrailerField))
                 {
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/SubjectPublicKeyInfoAsn.xml b/src/libraries/Common/src/System/Security/Cryptography/Asn1/SubjectPublicKeyInfoAsn.xml
index 1fa5606465e4ca..8f749cb9c0a6f0 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/SubjectPublicKeyInfoAsn.xml
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/SubjectPublicKeyInfoAsn.xml
@@ -2,7 +2,8 @@
 <asn:Sequence
   xmlns:asn="http://schemas.dot.net/asnxml/201808/"
   name="SubjectPublicKeyInfoAsn"
-  namespace="System.Security.Cryptography.Asn1">
+  namespace="System.Security.Cryptography.Asn1"
+  emitType="both">
 
   <!--
     https://tools.ietf.org/html/rfc3280#section-4.1
@@ -12,6 +13,9 @@
         subjectPublicKey     BIT STRING
     }
   -->
-  <asn:AsnType name="Algorithm" typeName="System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn" />
+  <asn:AsnType
+    name="Algorithm"
+    typeName="System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn"
+    valueTypeName="System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn" />
   <asn:BitString name="SubjectPublicKey" />
-</asn:Sequence>
\ No newline at end of file
+</asn:Sequence>
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/SubjectPublicKeyInfoAsn.xml.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/SubjectPublicKeyInfoAsn.xml.cs
index b738b0690a8a06..80ce6bb17b408e 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/SubjectPublicKeyInfoAsn.xml.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/SubjectPublicKeyInfoAsn.xml.cs
@@ -86,6 +86,71 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
 
 
+            sequenceReader.ThrowIfNotEmpty();
+        }
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal ref partial struct ValueSubjectPublicKeyInfoAsn
+    {
+        internal System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn Algorithm;
+        internal ReadOnlySpan<byte> SubjectPublicKey;
+
+        internal static void Decode(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueSubjectPublicKeyInfoAsn decoded)
+        {
+            Decode(Asn1Tag.Sequence, encoded, ruleSet, out decoded);
+        }
+
+        internal static void Decode(Asn1Tag expectedTag, ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueSubjectPublicKeyInfoAsn decoded)
+        {
+            try
+            {
+                ValueAsnReader reader = new ValueAsnReader(encoded, ruleSet);
+
+                DecodeCore(ref reader, expectedTag, out decoded);
+                reader.ThrowIfNotEmpty();
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, out ValueSubjectPublicKeyInfoAsn decoded)
+        {
+            Decode(ref reader, Asn1Tag.Sequence, out decoded);
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueSubjectPublicKeyInfoAsn decoded)
+        {
+            try
+            {
+                DecodeCore(ref reader, expectedTag, out decoded);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        private static void DecodeCore(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueSubjectPublicKeyInfoAsn decoded)
+        {
+            decoded = default;
+            ValueAsnReader sequenceReader = reader.ReadSequence(expectedTag);
+            ReadOnlySpan<byte> tmpSpan;
+
+            System.Security.Cryptography.Asn1.ValueAlgorithmIdentifierAsn.Decode(ref sequenceReader, out decoded.Algorithm);
+
+            if (sequenceReader.TryReadPrimitiveBitString(out _, out tmpSpan))
+            {
+                decoded.SubjectPublicKey = tmpSpan;
+            }
+            else
+            {
+                decoded.SubjectPublicKey = sequenceReader.ReadBitString(out _);
+            }
+
+
             sequenceReader.ThrowIfNotEmpty();
         }
     }
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/X509ExtensionAsn.xml b/src/libraries/Common/src/System/Security/Cryptography/Asn1/X509ExtensionAsn.xml
index 0bf07c6d172380..457a2864dd625a 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/X509ExtensionAsn.xml
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/X509ExtensionAsn.xml
@@ -2,7 +2,8 @@
 <asn:Sequence
   xmlns:asn="http://schemas.dot.net/asnxml/201808/"
   name="X509ExtensionAsn"
-  namespace="System.Security.Cryptography.Asn1">
+  namespace="System.Security.Cryptography.Asn1"
+  emitType="both">
 
   <!--
     https://tools.ietf.org/html/rfc5280#section-4.1
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/X509ExtensionAsn.xml.cs b/src/libraries/Common/src/System/Security/Cryptography/Asn1/X509ExtensionAsn.xml.cs
index 49d682e43ab32f..04efe34e8044cf 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/X509ExtensionAsn.xml.cs
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/X509ExtensionAsn.xml.cs
@@ -8,26 +8,29 @@
 
 namespace System.Security.Cryptography.Asn1
 {
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct X509ExtensionAsn
+    file static class SharedX509ExtensionAsn
     {
-        private static ReadOnlySpan<byte> DefaultCritical => [0x01, 0x01, 0x00];
-
-        internal string ExtnId;
-        internal bool Critical;
-        internal ReadOnlyMemory<byte> ExtnValue;
+        internal static ReadOnlySpan<byte> DefaultCritical => [0x01, 0x01, 0x00];
 
 #if DEBUG
-        static X509ExtensionAsn()
+        static SharedX509ExtensionAsn()
         {
             X509ExtensionAsn decoded = default;
             ValueAsnReader reader;
 
-            reader = new ValueAsnReader(DefaultCritical, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedX509ExtensionAsn.DefaultCritical, AsnEncodingRules.DER);
             decoded.Critical = reader.ReadBoolean();
             reader.ThrowIfNotEmpty();
         }
 #endif
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct X509ExtensionAsn
+    {
+        internal string ExtnId;
+        internal bool Critical;
+        internal ReadOnlyMemory<byte> ExtnValue;
 
         internal readonly void Encode(AsnWriter writer)
         {
@@ -53,7 +56,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER, initialCapacity: AsnBoolDerEncodeSize);
                 tmp.WriteBoolean(Critical);
 
-                if (!tmp.EncodedValueEquals(DefaultCritical))
+                if (!tmp.EncodedValueEquals(SharedX509ExtensionAsn.DefaultCritical))
                 {
                     tmp.CopyTo(writer);
                 }
@@ -118,7 +121,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultCritical, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedX509ExtensionAsn.DefaultCritical, AsnEncodingRules.DER);
                 decoded.Critical = defaultReader.ReadBoolean();
             }
 
@@ -133,6 +136,84 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
 
 
+            sequenceReader.ThrowIfNotEmpty();
+        }
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal ref partial struct ValueX509ExtensionAsn
+    {
+        internal string ExtnId;
+        internal bool Critical;
+        internal ReadOnlySpan<byte> ExtnValue;
+
+        internal static void Decode(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueX509ExtensionAsn decoded)
+        {
+            Decode(Asn1Tag.Sequence, encoded, ruleSet, out decoded);
+        }
+
+        internal static void Decode(Asn1Tag expectedTag, ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueX509ExtensionAsn decoded)
+        {
+            try
+            {
+                ValueAsnReader reader = new ValueAsnReader(encoded, ruleSet);
+
+                DecodeCore(ref reader, expectedTag, out decoded);
+                reader.ThrowIfNotEmpty();
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, out ValueX509ExtensionAsn decoded)
+        {
+            Decode(ref reader, Asn1Tag.Sequence, out decoded);
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueX509ExtensionAsn decoded)
+        {
+            try
+            {
+                DecodeCore(ref reader, expectedTag, out decoded);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        private static void DecodeCore(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueX509ExtensionAsn decoded)
+        {
+            decoded = default;
+            ValueAsnReader sequenceReader = reader.ReadSequence(expectedTag);
+            ValueAsnReader defaultReader;
+            ReadOnlySpan<byte> tmpSpan;
+
+            decoded.ExtnId = sequenceReader.ReadObjectIdentifier();
+
+            if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Boolean))
+            {
+                decoded.Critical = sequenceReader.ReadBoolean();
+            }
+            else
+            {
+                defaultReader = new ValueAsnReader(SharedX509ExtensionAsn.DefaultCritical, AsnEncodingRules.DER);
+                decoded.Critical = defaultReader.ReadBoolean();
+            }
+
+
+            if (sequenceReader.TryReadPrimitiveOctetString(out tmpSpan))
+            {
+                decoded.ExtnValue = tmpSpan;
+            }
+            else
+            {
+                decoded.ExtnValue = sequenceReader.ReadOctetString();
+            }
+
+
             sequenceReader.ThrowIfNotEmpty();
         }
     }
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/asn.xsd b/src/libraries/Common/src/System/Security/Cryptography/Asn1/asn.xsd
index e3884a1ad80357..871198187108f9 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/asn.xsd
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/asn.xsd
@@ -47,6 +47,15 @@
     <xs:attribute name="name" use="required" type="xs:NCName" />
     <xs:attribute name="namespace" use="required" type="QualifiedName" />
     <xs:attribute name="rebind" use="optional" type="xs:boolean" default="true" />
+    <xs:attribute name="emitType" use="optional" default="struct">
+      <xs:simpleType>
+        <xs:restriction base="xs:string">
+          <xs:enumeration value="struct" />
+          <xs:enumeration value="ref" />
+          <xs:enumeration value="both" />
+        </xs:restriction>
+      </xs:simpleType>
+    </xs:attribute>
   </xs:complexType>
 
   <xs:complexType name="FieldBase">
@@ -61,12 +70,14 @@
     <xs:complexContent>
       <xs:extension base="FieldBase">
         <xs:attribute name="typeName" use="required" type="QualifiedName" />
+        <xs:attribute name="valueTypeName" use="optional" type="QualifiedName" />
       </xs:extension>
     </xs:complexContent>
   </xs:complexType>
 
   <xs:complexType name="ExternalCollectionTypeRef">
     <xs:attribute name="typeName" use="required" type="QualifiedName" />
+    <xs:attribute name="valueTypeName" use="optional" type="QualifiedName" />
   </xs:complexType>
 
   <xs:complexType name="AnyValueType">
@@ -142,6 +153,7 @@
             <xs:element name="BMPString"/>
           </xs:choice>
         </xs:sequence>
+        <xs:attribute name="valueName" use="optional" type="xs:NCName" />
       </xs:extension>
     </xs:complexContent>
   </xs:complexType>
diff --git a/src/libraries/Common/src/System/Security/Cryptography/Asn1/asn.xslt b/src/libraries/Common/src/System/Security/Cryptography/Asn1/asn.xslt
index 9aa6b95dbb0a7a..0768fd3cf3e9c6 100644
--- a/src/libraries/Common/src/System/Security/Cryptography/Asn1/asn.xslt
+++ b/src/libraries/Common/src/System/Security/Cryptography/Asn1/asn.xslt
@@ -58,19 +58,17 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
-using System;<xsl:if test="asn:SequenceOf | asn:SetOf">
+using System;<xsl:if test="(asn:SequenceOf | asn:SetOf) and (not(@emitType) or @emitType='struct' or @emitType='both')">
 using System.Collections.Generic;</xsl:if>
 using System.Formats.Asn1;
 using System.Runtime.InteropServices;
 
 namespace <xsl:value-of select="@namespace" />
-{
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct <xsl:value-of select="@name" />
-    {<xsl:apply-templates mode="Validate" /><xsl:apply-templates mode="DefaultFieldDef" /><xsl:apply-templates mode="FieldDef" />
-<xsl:if test="*[@defaultDerInit]">
-#if DEBUG
-        static <xsl:value-of select="@name" />()
+{<xsl:if test="*[@defaultDerInit]">
+    file static class Shared<xsl:value-of select="@name" />
+    {<xsl:apply-templates mode="DefaultFieldDef" />
+<xsl:if test="not(@emitType) or @emitType='struct' or @emitType='both'">#if DEBUG
+        static Shared<xsl:value-of select="@name" />()
         {
             <xsl:value-of select="@name" /> decoded = default;<xsl:if test="asn:AsnType[@defaultDerInit] | *[@defaultDerInit]/asn:AsnType">
             ReadOnlyMemory&lt;byte&gt; rebind = default;</xsl:if>
@@ -78,7 +76,12 @@ namespace <xsl:value-of select="@namespace" />
             ValueAsnReader collectionReader;</xsl:if><xsl:apply-templates mode="DefaultFieldVerify" />
         }
 #endif
-</xsl:if>
+</xsl:if>    }
+</xsl:if><xsl:if test="not(@emitType) or @emitType='struct' or @emitType='both'">
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct <xsl:value-of select="@name" />
+    {<xsl:apply-templates mode="Validate" /><xsl:apply-templates mode="FieldDef" />
+
         internal readonly void Encode(AsnWriter writer)
         {
             Encode(writer, Asn1Tag.Sequence);
@@ -144,20 +147,74 @@ namespace <xsl:value-of select="@namespace" />
             sequenceReader.ThrowIfNotEmpty();
         }
     }
-}
+</xsl:if><xsl:if test="@emitType='ref' or @emitType='both'">
+    [StructLayout(LayoutKind.Sequential)]
+    internal ref partial struct Value<xsl:value-of select="@name" />
+    {<xsl:apply-templates mode="ValueFieldDef" />
+
+        internal static void Decode(ReadOnlySpan&lt;byte&gt; encoded, AsnEncodingRules ruleSet, out Value<xsl:value-of select="@name" /> decoded)
+        {
+            Decode(Asn1Tag.Sequence, encoded, ruleSet, out decoded);
+        }
+
+        internal static void Decode(Asn1Tag expectedTag, ReadOnlySpan&lt;byte&gt; encoded, AsnEncodingRules ruleSet, out Value<xsl:value-of select="@name" /> decoded)
+        {
+            try
+            {
+                ValueAsnReader reader = new ValueAsnReader(encoded, ruleSet);
+
+                DecodeCore(ref reader, expectedTag, out decoded);
+                reader.ThrowIfNotEmpty();
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, out Value<xsl:value-of select="@name" /> decoded)
+        {
+            Decode(ref reader, Asn1Tag.Sequence, out decoded);
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out Value<xsl:value-of select="@name" /> decoded)
+        {
+            try
+            {
+                DecodeCore(ref reader, expectedTag, out decoded);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        private static void DecodeCore(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out Value<xsl:value-of select="@name" /> decoded)
+        {
+            decoded = default;
+            ValueAsnReader sequenceReader = reader.ReadSequence(expectedTag);<xsl:if test="*[@explicitTag]">
+            ValueAsnReader explicitReader;</xsl:if><xsl:if test="*[@defaultDerInit]">
+            ValueAsnReader defaultReader;</xsl:if><xsl:if test="$hasSpanTryRead &gt; 0">
+            ReadOnlySpan&lt;byte&gt; tmpSpan;</xsl:if>
+<xsl:apply-templates mode="ValueDecode" />
+
+            sequenceReader.ThrowIfNotEmpty();
+        }
+<xsl:apply-templates mode="ValueCollectionEnumerable" />    }
+</xsl:if>}
 </xsl:template>
 
     <xsl:template match="asn:Choice">// Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
 #pragma warning disable SA1028 // ignore whitespace warnings for generated code
-using System;<xsl:if test="asn:SequenceOf | asn:SetOf">
+using System;<xsl:if test="(asn:SequenceOf | asn:SetOf) and (not(@emitType) or @emitType='struct' or @emitType='both')">
 using System.Collections.Generic;</xsl:if>
 using System.Formats.Asn1;
 using System.Runtime.InteropServices;
 
 namespace <xsl:value-of select="@namespace" />
-{
+{<xsl:if test="not(@emitType) or @emitType='struct' or @emitType='both'">
     [StructLayout(LayoutKind.Sequential)]
     internal partial struct <xsl:value-of select="@name" />
     {<xsl:apply-templates mode="Validate" /><xsl:apply-templates mode="ValidateChoice" /><xsl:apply-templates mode="FieldDef" />
@@ -233,7 +290,52 @@ namespace <xsl:value-of select="@namespace" />
             }
         }
     }
-}
+</xsl:if><xsl:if test="@emitType='ref' or @emitType='both'">
+    [StructLayout(LayoutKind.Sequential)]
+    internal ref partial struct Value<xsl:value-of select="@name" />
+    {<xsl:apply-templates mode="ValueFieldDef" />
+
+        internal static void Decode(ReadOnlySpan&lt;byte&gt; encoded, AsnEncodingRules ruleSet, out Value<xsl:value-of select="@name" /> decoded)
+        {
+            try
+            {
+                ValueAsnReader reader = new ValueAsnReader(encoded, ruleSet);
+
+                DecodeCore(ref reader, out decoded);
+                reader.ThrowIfNotEmpty();
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, out Value<xsl:value-of select="@name" /> decoded)
+        {
+            try
+            {
+                DecodeCore(ref reader, out decoded);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        private static void DecodeCore(scoped ref ValueAsnReader reader, out Value<xsl:value-of select="@name" /> decoded)
+        {
+            decoded = default;
+            Asn1Tag tag = reader.PeekTag();<xsl:if test="*[@explicitTag]">
+            ValueAsnReader explicitReader;</xsl:if><xsl:if test="$hasSpanTryRead &gt; 0">
+            ReadOnlySpan&lt;byte&gt; tmpSpan;</xsl:if>
+<xsl:apply-templates select="*" mode="ValueDecode" />
+            else
+            {
+                throw new CryptographicException();
+            }
+        }
+<xsl:apply-templates select="*" mode="ValueCollectionEnumerable" />    }
+</xsl:if>}
 </xsl:template>
 
   <xsl:template match="*[@defaultDerInit and @optional]" mode="Validate">
@@ -253,12 +355,12 @@ namespace <xsl:value-of select="@namespace" />
   </xsl:template>
 
   <xsl:template match="*[@defaultDerInit]" mode="DefaultFieldDef">
-        private static ReadOnlySpan&lt;byte&gt; <xsl:call-template name="DefaultValueField"/> =&gt; [<xsl:value-of select="@defaultDerInit"/>];
+        internal static ReadOnlySpan&lt;byte&gt; <xsl:call-template name="DefaultValueField"/> =&gt; [<xsl:value-of select="@defaultDerInit"/>];
 </xsl:template>
 
   <xsl:template match="*[@defaultDerInit]" mode="DefaultFieldVerify">
 
-            reader = new ValueAsnReader(<xsl:call-template name="DefaultValueField"/>, AsnEncodingRules.DER);<xsl:apply-templates select="." mode="DecodeSimpleValue"><xsl:with-param name="readerName" select="'reader'"/></xsl:apply-templates>
+            reader = new ValueAsnReader(<xsl:call-template name="DefaultValueFieldUsage"/>, AsnEncodingRules.DER);<xsl:apply-templates select="." mode="DecodeSimpleValue"><xsl:with-param name="readerName" select="'reader'"/></xsl:apply-templates>
             reader.ThrowIfNotEmpty();</xsl:template>
 
   <xsl:template match="*" mode="EnsureUniqueTag" xml:space="default">
@@ -284,7 +386,7 @@ namespace <xsl:value-of select="@namespace" />
                       <xsl:with-param name="indent" select="concat('    ', $indent)" />
                     </xsl:apply-templates>
 
-                if (!tmp.EncodedValueEquals(<xsl:call-template name="DefaultValueField"/>))
+                if (!tmp.EncodedValueEquals(<xsl:call-template name="DefaultValueFieldUsage"/>))
                 {
                     tmp.CopyTo(writer);
                 }
@@ -367,7 +469,7 @@ namespace <xsl:value-of select="@namespace" />
                   <xsl:with-param name="indent" select="concat('    ', $indent)" />
                 </xsl:apply-templates>
 
-                if (!tmp.EncodedValueEquals(<xsl:call-template name="DefaultValueField"/>))
+                if (!tmp.EncodedValueEquals(<xsl:call-template name="DefaultValueFieldUsage"/>))
                 {
                     writer.PushSequence(<xsl:call-template name="ContextTag" />);
                     tmp.CopyTo(writer);
@@ -529,7 +631,7 @@ namespace <xsl:value-of select="@namespace" />
     </xsl:choose>
   </xsl:template>
 
-  <xsl:template match="asn:AnyValue" mode="DefaultTag">new Asn1Tag(<xsl:call-template name="DefaultValueField"/>[0])</xsl:template>
+  <xsl:template match="asn:AnyValue" mode="DefaultTag">new Asn1Tag(<xsl:call-template name="DefaultValueFieldUsage"/>[0])</xsl:template>
 
   <xsl:template match="asn:AnyValue[@universalTagNumber]" mode="DefaultTag">new Asn1Tag((UniversalTagNumber)<xsl:value-of select="@universalTagNumber"/>)</xsl:template>
 
@@ -938,9 +1040,11 @@ namespace <xsl:value-of select="@namespace" />
   <xsl:template name="DefaultValueDecoder"><xsl:if test="@defaultDerInit">
             else
             {
-                defaultReader = new ValueAsnReader(<xsl:call-template name="DefaultValueField"/>, AsnEncodingRules.DER);<xsl:apply-templates select="." mode="DecodeSimpleValue"><xsl:with-param name="readerName" select="'defaultReader'"/><xsl:with-param name="indent" select="'    '"/></xsl:apply-templates>
+                defaultReader = new ValueAsnReader(<xsl:call-template name="DefaultValueFieldUsage"/>, AsnEncodingRules.DER);<xsl:apply-templates select="." mode="DecodeSimpleValue"><xsl:with-param name="readerName" select="'defaultReader'"/><xsl:with-param name="indent" select="'    '"/></xsl:apply-templates>
             }</xsl:if></xsl:template>
 
+  <xsl:template name="DefaultValueFieldUsage">Shared<xsl:value-of select="/*/@name"/>.Default<xsl:value-of select="@name"/></xsl:template>
+
   <xsl:template name="DefaultOrContextTag" xml:space="default">
       <xsl:choose>
           <xsl:when test="@implicitTag | @explicitTag"><xsl:call-template name="ContextTag"/></xsl:when>
@@ -948,4 +1052,353 @@ namespace <xsl:value-of select="@namespace" />
       </xsl:choose>
   </xsl:template>
 
+  <!-- ==== Value* ref struct: field definitions ==== -->
+
+  <xsl:template match="node()[name()]" mode="ValueFieldDef" priority="-9">
+    <xsl:message terminate="yes">Error, unknown ValueFieldDef node [<xsl:copy-of select="."/>]</xsl:message>
+  </xsl:template>
+
+  <!-- Default: delegate to DecodeSimpleValue for types where the logic is identical -->
+  <xsl:template match="node()[name()]" mode="ValueDecodeSimpleValue" xml:space="default" priority="-9">
+    <xsl:param name="readerName" />
+    <xsl:param name="indent" />
+    <xsl:param name="name" select="concat('decoded.', @name)"/>
+    <xsl:apply-templates select="." mode="DecodeSimpleValue">
+      <xsl:with-param name="readerName" select="$readerName"/>
+      <xsl:with-param name="indent" select="$indent"/>
+      <xsl:with-param name="name" select="$name"/>
+    </xsl:apply-templates>
+  </xsl:template>
+
+  <!-- ValueFieldDef: types that map to ReadOnlySpan (need companion bool if optional/choice) -->
+  <xsl:template match="asn:AnyValue" mode="ValueFieldDef">
+        internal ReadOnlySpan&lt;byte&gt; <xsl:value-of select="@name"/>;<xsl:if test="@optional | parent::asn:Choice">
+        internal bool Has<xsl:value-of select="@name"/>;</xsl:if></xsl:template>
+
+  <xsl:template match="asn:Integer[@backingType = 'ReadOnlyMemory']" mode="ValueFieldDef">
+        internal ReadOnlySpan&lt;byte&gt; <xsl:value-of select="@name"/>;<xsl:if test="@optional | parent::asn:Choice">
+        internal bool Has<xsl:value-of select="@name"/>;</xsl:if></xsl:template>
+
+  <xsl:template match="asn:BitString" mode="ValueFieldDef">
+        internal ReadOnlySpan&lt;byte&gt; <xsl:value-of select="@name"/>;<xsl:if test="@optional | parent::asn:Choice">
+        internal bool Has<xsl:value-of select="@name"/>;</xsl:if></xsl:template>
+
+  <xsl:template match="asn:OctetString" mode="ValueFieldDef">
+        internal ReadOnlySpan&lt;byte&gt; <xsl:value-of select="@name"/>;<xsl:if test="@optional | parent::asn:Choice">
+        internal bool Has<xsl:value-of select="@name"/>;</xsl:if></xsl:template>
+
+  <xsl:template match="asn:SequenceOf | asn:SetOf" mode="ValueFieldDef">
+        internal ReadOnlySpan&lt;byte&gt; <xsl:value-of select="@name"/>;<xsl:if test="@optional | parent::asn:Choice">
+        internal bool Has<xsl:value-of select="@name"/>;</xsl:if></xsl:template>
+
+  <!-- ValueFieldDef: AsnType - uses valueTypeName if present, otherwise typeName -->
+  <xsl:template match="asn:AsnType[@valueTypeName]" mode="ValueFieldDef">
+        internal <xsl:value-of select="@valueTypeName"/> <xsl:value-of select="@name"/>;<xsl:if test="@optional | parent::asn:Choice">
+        internal bool Has<xsl:value-of select="@name"/>;</xsl:if></xsl:template>
+
+  <xsl:template match="asn:AsnType[not(@valueTypeName) and @rebind='false']" mode="ValueFieldDef">
+        internal <xsl:value-of select="@typeName"/><xsl:if test="@optional | parent::asn:Choice">?</xsl:if> <xsl:value-of select="@name" />;</xsl:template>
+
+  <xsl:template match="asn:AsnType[not(@valueTypeName) and not(@rebind='false')]" mode="ValueFieldDef">
+        internal ReadOnlySpan&lt;byte&gt; <xsl:value-of select="@name"/>;<xsl:if test="@optional | parent::asn:Choice">
+        internal bool Has<xsl:value-of select="@name"/>;</xsl:if></xsl:template>
+
+  <!-- ValueFieldDef: types unchanged from regular (delegate to FieldDef) -->
+  <xsl:template match="asn:Boolean" mode="ValueFieldDef"><xsl:apply-templates select="." mode="FieldDef"/></xsl:template>
+  <xsl:template match="asn:Integer[not(@backingType = 'ReadOnlyMemory')]" mode="ValueFieldDef"><xsl:apply-templates select="." mode="FieldDef"/></xsl:template>
+  <xsl:template match="asn:NamedBitList" mode="ValueFieldDef"><xsl:apply-templates select="." mode="FieldDef"/></xsl:template>
+  <xsl:template match="asn:Enumerated" mode="ValueFieldDef"><xsl:apply-templates select="." mode="FieldDef"/></xsl:template>
+  <xsl:template match="asn:ObjectIdentifier" mode="ValueFieldDef"><xsl:apply-templates select="." mode="FieldDef"/></xsl:template>
+  <xsl:template match="asn:UTF8String | asn:PrintableString | asn:T61String | asn:IA5String | asn:VisibleString | asn:BMPString" mode="ValueFieldDef"><xsl:apply-templates select="." mode="FieldDef"/></xsl:template>
+  <xsl:template match="asn:UtcTime | asn:GeneralizedTime" mode="ValueFieldDef"><xsl:apply-templates select="." mode="FieldDef"/></xsl:template>
+
+  <!-- ==== Value* ref struct: decode simple values (no rebind) ==== -->
+
+  <xsl:template match="asn:AsnType[@valueTypeName]" mode="ValueDecodeSimpleValue" xml:space="default">
+    <xsl:param name="readerName" />
+    <xsl:param name="indent" />
+    <xsl:param name="name" select="concat('decoded.', @name)"/>
+    <xsl:choose>
+      <xsl:when test="@optional | parent::asn:Choice" xml:space="preserve">
+            <xsl:value-of select="$indent"/><xsl:value-of select="@valueTypeName"/> tmp<xsl:value-of select="@name"/>;
+            <xsl:value-of select="$indent"/><xsl:value-of select="@valueTypeName"/>.Decode(ref <xsl:value-of select="$readerName"/><xsl:call-template name="MaybeImplicitCallS"/>, out tmp<xsl:value-of select="@name"/>);
+            <xsl:value-of select="$indent"/><xsl:value-of select="$name"/> = tmp<xsl:value-of select="@name"/>;
+</xsl:when>
+      <xsl:otherwise xml:space="preserve">
+            <xsl:value-of select="$indent"/><xsl:value-of select="@valueTypeName"/>.Decode(ref <xsl:value-of select="$readerName"/><xsl:call-template name="MaybeImplicitCallS"/>, out <xsl:value-of select="$name"/>);</xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
+
+  <xsl:template match="asn:AsnType[not(@valueTypeName) and @rebind='false']" mode="ValueDecodeSimpleValue" xml:space="default">
+    <xsl:param name="readerName" />
+    <xsl:param name="indent" />
+    <xsl:param name="name" select="concat('decoded.', @name)"/>
+    <xsl:choose>
+      <xsl:when test="@optional | parent::asn:Choice" xml:space="preserve">
+            <xsl:value-of select="$indent"/><xsl:value-of select="@typeName"/> tmp<xsl:value-of select="@name"/>;
+            <xsl:value-of select="$indent"/><xsl:value-of select="@typeName"/>.Decode(ref <xsl:value-of select="$readerName"/><xsl:call-template name="MaybeImplicitCallS"/>, out tmp<xsl:value-of select="@name"/>);
+            <xsl:value-of select="$indent"/><xsl:value-of select="$name"/> = tmp<xsl:value-of select="@name"/>;
+</xsl:when>
+      <xsl:otherwise xml:space="preserve">
+            <xsl:value-of select="$indent"/><xsl:value-of select="@typeName"/>.Decode(ref <xsl:value-of select="$readerName"/><xsl:call-template name="MaybeImplicitCallS"/>, out <xsl:value-of select="$name"/>);</xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
+
+  <xsl:template match="asn:AsnType[not(@valueTypeName) and not(@rebind='false')]" mode="ValueDecodeSimpleValue" xml:space="default">
+    <xsl:param name="readerName" />
+    <xsl:param name="indent" />
+    <xsl:param name="name" select="concat('decoded.', @name)"/>
+    <xsl:if test="1" xml:space="preserve">
+            <xsl:value-of select="$indent"/><xsl:value-of select="$name"/> = <xsl:value-of select="$readerName"/>.ReadEncodedValue();</xsl:if>
+  </xsl:template>
+
+  <xsl:template match="asn:AnyValue" mode="ValueDecodeSimpleValue" xml:space="default">
+    <xsl:param name="readerName"/>
+    <xsl:param name="indent" />
+    <xsl:param name="name" select="concat('decoded.', @name)"/>
+    <xsl:choose>
+        <xsl:when test="@implicitTag | @universalTagNumber" xml:space="preserve">
+            <xsl:value-of select="$indent"/>if (!<xsl:value-of select="$readerName"/>.PeekTag().HasSameClassAndValue(<xsl:call-template name="DefaultOrContextTag"/>))
+            <xsl:value-of select="$indent"/>{
+            <xsl:value-of select="$indent"/>    throw new CryptographicException();
+            <xsl:value-of select="$indent"/>}
+
+            <xsl:value-of select="$indent"/><xsl:value-of select="$name"/> = <xsl:value-of select="$readerName"/>.ReadEncodedValue();</xsl:when>
+        <xsl:otherwise xml:space="preserve">
+            <xsl:value-of select="$indent"/><xsl:value-of select="$name"/> = <xsl:value-of select="$readerName"/>.ReadEncodedValue();</xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
+
+  <!-- Value* Integer (ReadOnlyMemory → ReadOnlySpan): direct span assignment -->
+  <xsl:template match="asn:Integer[@backingType = 'ReadOnlyMemory']" mode="ValueDecodeSimpleValue" xml:space="default">
+    <xsl:param name="readerName" />
+    <xsl:param name="indent" />
+    <xsl:param name="name" select="concat('decoded.', @name)"/>
+    <xsl:if test="1" xml:space="preserve">
+            <xsl:value-of select="$indent"/><xsl:value-of select="$name"/> = <xsl:value-of select="$readerName"/>.ReadIntegerBytes(<xsl:call-template name="MaybeImplicitCall0"/>);</xsl:if>
+  </xsl:template>
+
+  <!-- Value* BitString: TryReadPrimitive → direct span, else ReadBitString -->
+  <xsl:template match="asn:BitString" mode="ValueDecodeSimpleValue" xml:space="default">
+    <xsl:param name="readerName" />
+    <xsl:param name="indent" />
+    <xsl:param name="name" select="concat('decoded.', @name)"/>
+    <xsl:if test="1" xml:space="preserve">
+
+            <xsl:value-of select="$indent"/>if (<xsl:value-of select="$readerName"/>.TryReadPrimitiveBitString(out _, out tmpSpan<xsl:call-template name="MaybeImplicitCallS"/>))
+            <xsl:value-of select="$indent"/>{
+            <xsl:value-of select="$indent"/>    <xsl:value-of select="$name"/> = tmpSpan;
+            <xsl:value-of select="$indent"/>}
+            <xsl:value-of select="$indent"/>else
+            <xsl:value-of select="$indent"/>{
+            <xsl:value-of select="$indent"/>    <xsl:value-of select="$name"/> = <xsl:value-of select="$readerName"/>.ReadBitString(out _<xsl:call-template name="MaybeImplicitCallS"/>);
+            <xsl:value-of select="$indent"/>}
+</xsl:if>
+  </xsl:template>
+
+  <!-- Value* OctetString: TryReadPrimitive → direct span, else ReadOctetString -->
+  <xsl:template match="asn:OctetString" mode="ValueDecodeSimpleValue" xml:space="default">
+    <xsl:param name="readerName" />
+    <xsl:param name="indent" />
+    <xsl:param name="name" select="concat('decoded.', @name)"/>
+    <xsl:if test="1" xml:space="preserve">
+
+            <xsl:value-of select="$indent"/>if (<xsl:value-of select="$readerName"/>.TryReadPrimitiveOctetString(out tmpSpan<xsl:call-template name="MaybeImplicitCallS"/>))
+            <xsl:value-of select="$indent"/>{
+            <xsl:value-of select="$indent"/>    <xsl:value-of select="$name"/> = tmpSpan;
+            <xsl:value-of select="$indent"/>}
+            <xsl:value-of select="$indent"/>else
+            <xsl:value-of select="$indent"/>{
+            <xsl:value-of select="$indent"/>    <xsl:value-of select="$name"/> = <xsl:value-of select="$readerName"/>.ReadOctetString(<xsl:call-template name="MaybeImplicitCall0"/>);
+            <xsl:value-of select="$indent"/>}
+</xsl:if>
+  </xsl:template>
+
+  <!-- Value* SequenceOf/SetOf: read raw encoded value -->
+  <xsl:template match="asn:SequenceOf | asn:SetOf" mode="ValueDecodeSimpleValue" xml:space="default">
+    <xsl:param name="readerName" />
+    <xsl:param name="indent" />
+    <xsl:if test="not(@optional) or @explicitTag">
+      <xsl:variable name="expectedTag">
+        <xsl:choose>
+          <xsl:when test="@implicitTag"><xsl:call-template name="ContextTag"/></xsl:when>
+          <xsl:when test="self::asn:SetOf">Asn1Tag.SetOf</xsl:when>
+          <xsl:otherwise>Asn1Tag.Sequence</xsl:otherwise>
+        </xsl:choose>
+      </xsl:variable>
+      <xsl:if test="1" xml:space="preserve">
+
+            <xsl:value-of select="$indent"/>if (!<xsl:value-of select="$readerName"/>.PeekTag().HasSameClassAndValue(<xsl:value-of select="$expectedTag"/>))
+            <xsl:value-of select="$indent"/>{
+            <xsl:value-of select="$indent"/>    throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
+            <xsl:value-of select="$indent"/>}
+</xsl:if>
+    </xsl:if>
+    <xsl:if test="1" xml:space="preserve">
+            <xsl:value-of select="$indent"/>decoded.<xsl:value-of select="@name"/> = <xsl:value-of select="$readerName"/>.ReadEncodedValue();</xsl:if>
+  </xsl:template>
+
+  <!-- ==== Value* ref struct: decode orchestration ==== -->
+
+  <!-- Determines if a field needs a companion bool (span or ref struct type that can't be nullable) -->
+  <xsl:template name="ValueSetCompanionBool" xml:space="default">
+    <xsl:param name="indent" />
+    <xsl:if test="(@optional | parent::asn:Choice) and (self::asn:AnyValue | self::asn:BitString | self::asn:OctetString | self::asn:Integer[@backingType='ReadOnlyMemory'] | self::asn:SequenceOf | self::asn:SetOf | self::asn:AsnType[@valueTypeName] | self::asn:AsnType[not(@valueTypeName) and not(@rebind='false')])" xml:space="preserve">
+            <xsl:value-of select="$indent"/>decoded.Has<xsl:value-of select="@name"/> = true;</xsl:if>
+  </xsl:template>
+
+  <xsl:template match="*" mode="ValueDecode" xml:space="default">
+    <xsl:choose>
+      <xsl:when test="parent::asn:Choice">
+        <xsl:choose>
+          <xsl:when test="@explicitTag" xml:space="preserve">
+            <xsl:if test="position() != 1">else </xsl:if>if (tag.HasSameClassAndValue(<xsl:call-template name="ContextTag" />))
+            {
+                explicitReader = reader.ReadSequence(<xsl:call-template name="ContextTag"/>);<xsl:apply-templates select="." mode="ValueDecodeSimpleValue"><xsl:with-param name="readerName" select="'explicitReader'"/><xsl:with-param name="indent" select="'    '"/></xsl:apply-templates><xsl:call-template name="ValueSetCompanionBool"><xsl:with-param name="indent" select="'    '"/></xsl:call-template>
+                explicitReader.ThrowIfNotEmpty();
+            }</xsl:when>
+          <xsl:otherwise xml:space="preserve">
+            <xsl:if test="position() != 1">else </xsl:if>if (tag.HasSameClassAndValue(<xsl:call-template name="DefaultOrContextTag" />))
+            {<xsl:apply-templates select="." mode="ValueDecodeSimpleValue"><xsl:with-param name="readerName" select="'reader'"/><xsl:with-param name="indent" select="'    '"/></xsl:apply-templates><xsl:call-template name="ValueSetCompanionBool"><xsl:with-param name="indent" select="'    '"/></xsl:call-template>
+            }</xsl:otherwise>
+        </xsl:choose>
+      </xsl:when>
+      <xsl:when test="@optional or @defaultDerInit">
+        <xsl:choose>
+          <xsl:when test="@explicitTag" xml:space="preserve">
+
+            if (sequenceReader.HasData &amp;&amp; sequenceReader.PeekTag().HasSameClassAndValue(<xsl:call-template name="ContextTag" />))
+            {
+                explicitReader = sequenceReader.ReadSequence(<xsl:call-template name="ContextTag" />);<xsl:apply-templates select="." mode="ValueDecodeSimpleValue"><xsl:with-param name="readerName" select="'explicitReader'"/><xsl:with-param name="indent" select="'    '"/></xsl:apply-templates><xsl:call-template name="ValueSetCompanionBool"><xsl:with-param name="indent" select="'    '"/></xsl:call-template>
+                explicitReader.ThrowIfNotEmpty();
+            }<xsl:call-template name="ValueDefaultValueDecoder"/>
+</xsl:when>
+          <xsl:when test="@implicitTag" xml:space="preserve">
+
+            if (sequenceReader.HasData &amp;&amp; sequenceReader.PeekTag().HasSameClassAndValue(<xsl:call-template name="ContextTag" />))
+            {<xsl:apply-templates select="." mode="ValueDecodeSimpleValue"><xsl:with-param name="readerName" select="'sequenceReader'" /><xsl:with-param name="indent" select="'    '"/></xsl:apply-templates><xsl:call-template name="ValueSetCompanionBool"><xsl:with-param name="indent" select="'    '"/></xsl:call-template>
+            }<xsl:call-template name="ValueDefaultValueDecoder"/>
+</xsl:when>
+          <xsl:when test="self::asn:AnyValue" xml:space="preserve">
+
+            if (sequenceReader.HasData)
+            {<xsl:apply-templates select="." mode="ValueDecodeSimpleValue"><xsl:with-param name="readerName" select="'sequenceReader'"/><xsl:with-param name="indent" select="'    '"/></xsl:apply-templates><xsl:call-template name="ValueSetCompanionBool"><xsl:with-param name="indent" select="'    '"/></xsl:call-template>
+            }<xsl:call-template name="ValueDefaultValueDecoder"/>
+</xsl:when>
+          <xsl:otherwise xml:space="preserve">
+
+            if (sequenceReader.HasData &amp;&amp; sequenceReader.PeekTag().HasSameClassAndValue(<xsl:apply-templates select="." mode="DefaultTag" />))
+            {<xsl:apply-templates select="." mode="ValueDecodeSimpleValue"><xsl:with-param name="readerName" select="'sequenceReader'" /><xsl:with-param name="indent" select="'    '"/></xsl:apply-templates><xsl:call-template name="ValueSetCompanionBool"><xsl:with-param name="indent" select="'    '"/></xsl:call-template>
+            }<xsl:call-template name="ValueDefaultValueDecoder"/>
+</xsl:otherwise>
+        </xsl:choose>
+      </xsl:when>
+      <xsl:when test="@explicitTag" xml:space="preserve">
+
+            explicitReader = sequenceReader.ReadSequence(<xsl:call-template name="ContextTag" />);<xsl:apply-templates select="." mode="ValueDecodeSimpleValue"><xsl:with-param name="readerName" select="'explicitReader'"/></xsl:apply-templates>
+            explicitReader.ThrowIfNotEmpty();
+</xsl:when>
+      <xsl:when test="@implicitTag">
+        <xsl:apply-templates select="." mode="ValueDecodeSimpleValue">
+          <xsl:with-param name="readerName" select="'sequenceReader'" />
+        </xsl:apply-templates>
+      </xsl:when>
+      <xsl:otherwise>
+        <xsl:apply-templates select="." mode="ValueDecodeSimpleValue">
+          <xsl:with-param name="readerName" select="'sequenceReader'" />
+        </xsl:apply-templates>
+      </xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
+
+  <xsl:template name="ValueDefaultValueDecoder"><xsl:if test="@defaultDerInit">
+            else
+            {
+                defaultReader = new ValueAsnReader(<xsl:call-template name="DefaultValueFieldUsage"/>, AsnEncodingRules.DER);<xsl:apply-templates select="." mode="ValueDecodeSimpleValue"><xsl:with-param name="readerName" select="'defaultReader'"/><xsl:with-param name="indent" select="'    '"/></xsl:apply-templates>
+            }</xsl:if></xsl:template>
+
+  <!-- Variable to detect if Value* DecodeCore needs tmpSpan (for BitString/OctetString TryReadPrimitive) -->
+  <xsl:variable name="hasSpanTryRead" xml:space="default">
+    <xsl:choose>
+      <xsl:when test="//asn:BitString | //asn:OctetString">1</xsl:when>
+      <xsl:otherwise>0</xsl:otherwise>
+    </xsl:choose>
+  </xsl:variable>
+
+  <!-- ==== Value* ref struct: collection enumerable types ==== -->
+
+  <xsl:template match="asn:SequenceOf[@valueName] | asn:SetOf[@valueName]" mode="ValueCollectionEnumerable" xml:space="default">
+    <xsl:variable name="collNoun">
+      <xsl:choose>
+        <xsl:when test="self::asn:SetOf">SetOf</xsl:when>
+        <xsl:otherwise>Sequence</xsl:otherwise>
+      </xsl:choose>
+    </xsl:variable>
+    <xsl:variable name="elementType">
+      <xsl:choose>
+        <xsl:when test="*/@valueTypeName"><xsl:value-of select="*/@valueTypeName"/></xsl:when>
+        <xsl:otherwise>ReadOnlySpan&lt;byte&gt;</xsl:otherwise>
+      </xsl:choose>
+    </xsl:variable>
+    <xsl:if test="1" xml:space="preserve">
+
+        internal <xsl:value-of select="@name"/>Enumerable <xsl:value-of select="@valueName"/>(AsnEncodingRules ruleSet)
+        {
+            return new <xsl:value-of select="@name"/>Enumerable(<xsl:value-of select="@name"/>, ruleSet);
+        }
+
+        internal readonly ref struct <xsl:value-of select="@name"/>Enumerable
+        {
+            private readonly ReadOnlySpan&lt;byte&gt; _encoded;
+            private readonly AsnEncodingRules _ruleSet;
+
+            internal <xsl:value-of select="@name"/>Enumerable(ReadOnlySpan&lt;byte&gt; encoded, AsnEncodingRules ruleSet)
+            {
+                _encoded = encoded;
+                _ruleSet = ruleSet;
+            }
+
+            public Enumerator GetEnumerator() =&gt; new Enumerator(_encoded, _ruleSet);
+
+            internal ref struct Enumerator
+            {
+                private ValueAsnReader _reader;
+                private <xsl:value-of select="$elementType"/> _current;
+
+                internal Enumerator(ReadOnlySpan&lt;byte&gt; encoded, AsnEncodingRules ruleSet)
+                {
+                    if (!encoded.IsEmpty)
+                    {
+                        ValueAsnReader outerReader = new ValueAsnReader(encoded, ruleSet);
+                        _reader = outerReader.Read<xsl:value-of select="$collNoun"/>(<xsl:call-template name="MaybeImplicitCall0"/>);
+                        outerReader.ThrowIfNotEmpty();
+                    }
+
+                    _current = default;
+                }
+
+                public <xsl:value-of select="$elementType"/> Current =&gt; _current;
+
+                public bool MoveNext()
+                {
+                    if (!_reader.HasData)
+                    {
+                        return false;
+                    }
+<xsl:choose><xsl:when test="*/@valueTypeName">
+                    <xsl:value-of select="*/@valueTypeName"/>.Decode(ref _reader, out _current);</xsl:when><xsl:otherwise>
+                    _current = _reader.ReadEncodedValue();</xsl:otherwise></xsl:choose>
+                    return true;
+                }
+            }
+        }
+</xsl:if>
+  </xsl:template>
+
+  <!-- No-op for SequenceOf/SetOf without @valueName -->
+  <xsl:template match="asn:SequenceOf[not(@valueName)] | asn:SetOf[not(@valueName)]" mode="ValueCollectionEnumerable" />
+
+  <!-- No-op for all other element types -->
+  <xsl:template match="*" mode="ValueCollectionEnumerable" />
+
 </xsl:stylesheet>
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/EssCertIdV2.xml.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/EssCertIdV2.xml.cs
index 68c4fce2aaa806..91c6c3cbc83f46 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/EssCertIdV2.xml.cs
+++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/EssCertIdV2.xml.cs
@@ -8,27 +8,30 @@
 
 namespace System.Security.Cryptography.Pkcs.Asn1
 {
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct EssCertIdV2
+    file static class SharedEssCertIdV2
     {
-        private static ReadOnlySpan<byte> DefaultHashAlgorithm => [0x30, 0x0B, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01];
-
-        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn HashAlgorithm;
-        internal ReadOnlyMemory<byte> Hash;
-        internal System.Security.Cryptography.Pkcs.Asn1.CadesIssuerSerial? IssuerSerial;
+        internal static ReadOnlySpan<byte> DefaultHashAlgorithm => [0x30, 0x0B, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01];
 
 #if DEBUG
-        static EssCertIdV2()
+        static SharedEssCertIdV2()
         {
             EssCertIdV2 decoded = default;
             ReadOnlyMemory<byte> rebind = default;
             ValueAsnReader reader;
 
-            reader = new ValueAsnReader(DefaultHashAlgorithm, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedEssCertIdV2.DefaultHashAlgorithm, AsnEncodingRules.DER);
             System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref reader, rebind, out decoded.HashAlgorithm);
             reader.ThrowIfNotEmpty();
         }
 #endif
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct EssCertIdV2
+    {
+        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn HashAlgorithm;
+        internal ReadOnlyMemory<byte> Hash;
+        internal System.Security.Cryptography.Pkcs.Asn1.CadesIssuerSerial? IssuerSerial;
 
         internal readonly void Encode(AsnWriter writer)
         {
@@ -45,7 +48,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER);
                 HashAlgorithm.Encode(tmp);
 
-                if (!tmp.EncodedValueEquals(DefaultHashAlgorithm))
+                if (!tmp.EncodedValueEquals(SharedEssCertIdV2.DefaultHashAlgorithm))
                 {
                     tmp.CopyTo(writer);
                 }
@@ -115,7 +118,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultHashAlgorithm, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedEssCertIdV2.DefaultHashAlgorithm, AsnEncodingRules.DER);
                 System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn.Decode(ref defaultReader, rebind, out decoded.HashAlgorithm);
             }
 
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/MessageImprint.xml b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/MessageImprint.xml
index e0d6703b9c0782..3f0c647f8b8471 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/MessageImprint.xml
+++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/MessageImprint.xml
@@ -2,7 +2,8 @@
 <asn:Sequence
   xmlns:asn="http://schemas.dot.net/asnxml/201808/"
   name="MessageImprint"
-  namespace="System.Security.Cryptography.Pkcs.Asn1">
+  namespace="System.Security.Cryptography.Pkcs.Asn1"
+  emitType="both">
 
   <!--
     https://tools.ietf.org/html/rfc3161#section-2.4.1
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/MessageImprint.xml.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/MessageImprint.xml.cs
index 42351a6d54cd1f..afa4625be943a9 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/MessageImprint.xml.cs
+++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/MessageImprint.xml.cs
@@ -86,6 +86,71 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
 
 
+            sequenceReader.ThrowIfNotEmpty();
+        }
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal ref partial struct ValueMessageImprint
+    {
+        internal ReadOnlySpan<byte> HashAlgorithm;
+        internal ReadOnlySpan<byte> HashedMessage;
+
+        internal static void Decode(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueMessageImprint decoded)
+        {
+            Decode(Asn1Tag.Sequence, encoded, ruleSet, out decoded);
+        }
+
+        internal static void Decode(Asn1Tag expectedTag, ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueMessageImprint decoded)
+        {
+            try
+            {
+                ValueAsnReader reader = new ValueAsnReader(encoded, ruleSet);
+
+                DecodeCore(ref reader, expectedTag, out decoded);
+                reader.ThrowIfNotEmpty();
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, out ValueMessageImprint decoded)
+        {
+            Decode(ref reader, Asn1Tag.Sequence, out decoded);
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueMessageImprint decoded)
+        {
+            try
+            {
+                DecodeCore(ref reader, expectedTag, out decoded);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        private static void DecodeCore(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueMessageImprint decoded)
+        {
+            decoded = default;
+            ValueAsnReader sequenceReader = reader.ReadSequence(expectedTag);
+            ReadOnlySpan<byte> tmpSpan;
+
+            decoded.HashAlgorithm = sequenceReader.ReadEncodedValue();
+
+            if (sequenceReader.TryReadPrimitiveOctetString(out tmpSpan))
+            {
+                decoded.HashedMessage = tmpSpan;
+            }
+            else
+            {
+                decoded.HashedMessage = sequenceReader.ReadOctetString();
+            }
+
+
             sequenceReader.ThrowIfNotEmpty();
         }
     }
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TimeStampReq.xml.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TimeStampReq.xml.cs
index b6f2f409979d60..bc291bb48456b8 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TimeStampReq.xml.cs
+++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TimeStampReq.xml.cs
@@ -9,29 +9,32 @@
 
 namespace System.Security.Cryptography.Pkcs.Asn1
 {
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct Rfc3161TimeStampReq
+    file static class SharedRfc3161TimeStampReq
     {
-        private static ReadOnlySpan<byte> DefaultCertReq => [0x01, 0x01, 0x00];
-
-        internal int Version;
-        internal System.Security.Cryptography.Pkcs.Asn1.MessageImprint MessageImprint;
-        internal string? ReqPolicy;
-        internal ReadOnlyMemory<byte>? Nonce;
-        internal bool CertReq;
-        internal System.Security.Cryptography.Asn1.X509ExtensionAsn[]? Extensions;
+        internal static ReadOnlySpan<byte> DefaultCertReq => [0x01, 0x01, 0x00];
 
 #if DEBUG
-        static Rfc3161TimeStampReq()
+        static SharedRfc3161TimeStampReq()
         {
             Rfc3161TimeStampReq decoded = default;
             ValueAsnReader reader;
 
-            reader = new ValueAsnReader(DefaultCertReq, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedRfc3161TimeStampReq.DefaultCertReq, AsnEncodingRules.DER);
             decoded.CertReq = reader.ReadBoolean();
             reader.ThrowIfNotEmpty();
         }
 #endif
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct Rfc3161TimeStampReq
+    {
+        internal int Version;
+        internal System.Security.Cryptography.Pkcs.Asn1.MessageImprint MessageImprint;
+        internal string? ReqPolicy;
+        internal ReadOnlyMemory<byte>? Nonce;
+        internal bool CertReq;
+        internal System.Security.Cryptography.Asn1.X509ExtensionAsn[]? Extensions;
 
         internal readonly void Encode(AsnWriter writer)
         {
@@ -70,7 +73,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER, initialCapacity: AsnBoolDerEncodeSize);
                 tmp.WriteBoolean(CertReq);
 
-                if (!tmp.EncodedValueEquals(DefaultCertReq))
+                if (!tmp.EncodedValueEquals(SharedRfc3161TimeStampReq.DefaultCertReq))
                 {
                     tmp.CopyTo(writer);
                 }
@@ -167,7 +170,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultCertReq, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedRfc3161TimeStampReq.DefaultCertReq, AsnEncodingRules.DER);
                 decoded.CertReq = defaultReader.ReadBoolean();
             }
 
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TstInfo.xml b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TstInfo.xml
index a8e740d16e4793..294bec5165eca0 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TstInfo.xml
+++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TstInfo.xml
@@ -2,7 +2,8 @@
 <asn:Sequence
   xmlns:asn="http://schemas.dot.net/asnxml/201808/"
   name="Rfc3161TstInfo"
-  namespace="System.Security.Cryptography.Pkcs.Asn1">
+  namespace="System.Security.Cryptography.Pkcs.Asn1"
+  emitType="both">
 
   <!--
     https://tools.ietf.org/html/rfc3161#section-2.4.2
@@ -28,7 +29,7 @@
   -->
   <asn:Integer name="Version" backingType="int" />
   <asn:ObjectIdentifier name="Policy" />
-  <asn:AsnType name="MessageImprint" typeName="System.Security.Cryptography.Pkcs.Asn1.MessageImprint" />
+  <asn:AsnType name="MessageImprint" typeName="System.Security.Cryptography.Pkcs.Asn1.MessageImprint" valueTypeName="System.Security.Cryptography.Pkcs.Asn1.ValueMessageImprint" />
   <asn:Integer name="SerialNumber"  backingType="ReadOnlyMemory" />
   <asn:GeneralizedTime name="GenTime" />
   <asn:AsnType name="Accuracy" typeName="System.Security.Cryptography.Pkcs.Asn1.Rfc3161Accuracy" optional="true" rebind="false" />
diff --git a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TstInfo.xml.cs b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TstInfo.xml.cs
index a7f4011fb0bef0..1a71b5f83937ff 100644
--- a/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TstInfo.xml.cs
+++ b/src/libraries/System.Security.Cryptography.Pkcs/src/System/Security/Cryptography/Pkcs/Asn1/Rfc3161TstInfo.xml.cs
@@ -9,11 +9,26 @@
 
 namespace System.Security.Cryptography.Pkcs.Asn1
 {
+    file static class SharedRfc3161TstInfo
+    {
+        internal static ReadOnlySpan<byte> DefaultOrdering => [0x01, 0x01, 0x00];
+
+#if DEBUG
+        static SharedRfc3161TstInfo()
+        {
+            Rfc3161TstInfo decoded = default;
+            ValueAsnReader reader;
+
+            reader = new ValueAsnReader(SharedRfc3161TstInfo.DefaultOrdering, AsnEncodingRules.DER);
+            decoded.Ordering = reader.ReadBoolean();
+            reader.ThrowIfNotEmpty();
+        }
+#endif
+    }
+
     [StructLayout(LayoutKind.Sequential)]
     internal partial struct Rfc3161TstInfo
     {
-        private static ReadOnlySpan<byte> DefaultOrdering => [0x01, 0x01, 0x00];
-
         internal int Version;
         internal string Policy;
         internal System.Security.Cryptography.Pkcs.Asn1.MessageImprint MessageImprint;
@@ -25,18 +40,6 @@ internal partial struct Rfc3161TstInfo
         internal System.Security.Cryptography.Asn1.GeneralNameAsn? Tsa;
         internal System.Security.Cryptography.Asn1.X509ExtensionAsn[]? Extensions;
 
-#if DEBUG
-        static Rfc3161TstInfo()
-        {
-            Rfc3161TstInfo decoded = default;
-            ValueAsnReader reader;
-
-            reader = new ValueAsnReader(DefaultOrdering, AsnEncodingRules.DER);
-            decoded.Ordering = reader.ReadBoolean();
-            reader.ThrowIfNotEmpty();
-        }
-#endif
-
         internal readonly void Encode(AsnWriter writer)
         {
             Encode(writer, Asn1Tag.Sequence);
@@ -71,7 +74,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER, initialCapacity: AsnBoolDerEncodeSize);
                 tmp.WriteBoolean(Ordering);
 
-                if (!tmp.EncodedValueEquals(DefaultOrdering))
+                if (!tmp.EncodedValueEquals(SharedRfc3161TstInfo.DefaultOrdering))
                 {
                     tmp.CopyTo(writer);
                 }
@@ -183,7 +186,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultOrdering, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedRfc3161TstInfo.DefaultOrdering, AsnEncodingRules.DER);
                 decoded.Ordering = defaultReader.ReadBoolean();
             }
 
@@ -227,6 +230,125 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
 
 
+            sequenceReader.ThrowIfNotEmpty();
+        }
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal ref partial struct ValueRfc3161TstInfo
+    {
+        internal int Version;
+        internal string Policy;
+        internal System.Security.Cryptography.Pkcs.Asn1.ValueMessageImprint MessageImprint;
+        internal ReadOnlySpan<byte> SerialNumber;
+        internal DateTimeOffset GenTime;
+        internal System.Security.Cryptography.Pkcs.Asn1.Rfc3161Accuracy? Accuracy;
+        internal bool Ordering;
+        internal ReadOnlySpan<byte> Nonce;
+        internal bool HasNonce;
+        internal ReadOnlySpan<byte> Tsa;
+        internal bool HasTsa;
+        internal ReadOnlySpan<byte> Extensions;
+        internal bool HasExtensions;
+
+        internal static void Decode(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueRfc3161TstInfo decoded)
+        {
+            Decode(Asn1Tag.Sequence, encoded, ruleSet, out decoded);
+        }
+
+        internal static void Decode(Asn1Tag expectedTag, ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueRfc3161TstInfo decoded)
+        {
+            try
+            {
+                ValueAsnReader reader = new ValueAsnReader(encoded, ruleSet);
+
+                DecodeCore(ref reader, expectedTag, out decoded);
+                reader.ThrowIfNotEmpty();
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, out ValueRfc3161TstInfo decoded)
+        {
+            Decode(ref reader, Asn1Tag.Sequence, out decoded);
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueRfc3161TstInfo decoded)
+        {
+            try
+            {
+                DecodeCore(ref reader, expectedTag, out decoded);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        private static void DecodeCore(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueRfc3161TstInfo decoded)
+        {
+            decoded = default;
+            ValueAsnReader sequenceReader = reader.ReadSequence(expectedTag);
+            ValueAsnReader explicitReader;
+            ValueAsnReader defaultReader;
+
+
+            if (!sequenceReader.TryReadInt32(out decoded.Version))
+            {
+                sequenceReader.ThrowIfNotEmpty();
+            }
+
+            decoded.Policy = sequenceReader.ReadObjectIdentifier();
+            System.Security.Cryptography.Pkcs.Asn1.ValueMessageImprint.Decode(ref sequenceReader, out decoded.MessageImprint);
+            decoded.SerialNumber = sequenceReader.ReadIntegerBytes();
+            decoded.GenTime = sequenceReader.ReadGeneralizedTime();
+
+            if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Sequence))
+            {
+                System.Security.Cryptography.Pkcs.Asn1.Rfc3161Accuracy tmpAccuracy;
+                System.Security.Cryptography.Pkcs.Asn1.Rfc3161Accuracy.Decode(ref sequenceReader, out tmpAccuracy);
+                decoded.Accuracy = tmpAccuracy;
+
+            }
+
+
+            if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Boolean))
+            {
+                decoded.Ordering = sequenceReader.ReadBoolean();
+            }
+            else
+            {
+                defaultReader = new ValueAsnReader(SharedRfc3161TstInfo.DefaultOrdering, AsnEncodingRules.DER);
+                decoded.Ordering = defaultReader.ReadBoolean();
+            }
+
+
+            if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(Asn1Tag.Integer))
+            {
+                decoded.Nonce = sequenceReader.ReadIntegerBytes();
+                decoded.HasNonce = true;
+            }
+
+
+            if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
+            {
+                explicitReader = sequenceReader.ReadSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
+                decoded.Tsa = explicitReader.ReadEncodedValue();
+                decoded.HasTsa = true;
+                explicitReader.ThrowIfNotEmpty();
+            }
+
+
+            if (sequenceReader.HasData && sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 1)))
+            {
+                decoded.Extensions = sequenceReader.ReadEncodedValue();
+                decoded.HasExtensions = true;
+            }
+
+
             sequenceReader.ThrowIfNotEmpty();
         }
     }
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/BasicConstraintsAsn.xml.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/BasicConstraintsAsn.xml.cs
index b69516ee61cdc6..38a1453f3e2966 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/BasicConstraintsAsn.xml.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/BasicConstraintsAsn.xml.cs
@@ -8,25 +8,28 @@
 
 namespace System.Security.Cryptography.X509Certificates.Asn1
 {
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct BasicConstraintsAsn
+    file static class SharedBasicConstraintsAsn
     {
-        private static ReadOnlySpan<byte> DefaultCA => [0x01, 0x01, 0x00];
-
-        internal bool CA;
-        internal int? PathLengthConstraint;
+        internal static ReadOnlySpan<byte> DefaultCA => [0x01, 0x01, 0x00];
 
 #if DEBUG
-        static BasicConstraintsAsn()
+        static SharedBasicConstraintsAsn()
         {
             BasicConstraintsAsn decoded = default;
             ValueAsnReader reader;
 
-            reader = new ValueAsnReader(DefaultCA, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedBasicConstraintsAsn.DefaultCA, AsnEncodingRules.DER);
             decoded.CA = reader.ReadBoolean();
             reader.ThrowIfNotEmpty();
         }
 #endif
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct BasicConstraintsAsn
+    {
+        internal bool CA;
+        internal int? PathLengthConstraint;
 
         internal readonly void Encode(AsnWriter writer)
         {
@@ -44,7 +47,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER, initialCapacity: AsnBoolDerEncodeSize);
                 tmp.WriteBoolean(CA);
 
-                if (!tmp.EncodedValueEquals(DefaultCA))
+                if (!tmp.EncodedValueEquals(SharedBasicConstraintsAsn.DefaultCA))
                 {
                     tmp.CopyTo(writer);
                 }
@@ -110,7 +113,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, o
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultCA, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedBasicConstraintsAsn.DefaultCA, AsnEncodingRules.DER);
                 decoded.CA = defaultReader.ReadBoolean();
             }
 
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/CertificationRequestInfoAsn.xml b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/CertificationRequestInfoAsn.xml
index 41cd3579d1ccf5..d6b9130e1dbf9c 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/CertificationRequestInfoAsn.xml
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/CertificationRequestInfoAsn.xml
@@ -2,7 +2,8 @@
 <asn:Sequence
   xmlns:asn="http://schemas.dot.net/asnxml/201808/"
   name="CertificationRequestInfoAsn"
-  namespace="System.Security.Cryptography.X509Certificates.Asn1">
+  namespace="System.Security.Cryptography.X509Certificates.Asn1"
+  emitType="both">
 
   <!--
     https://tools.ietf.org/html/rfc2986#section-4.1
@@ -16,8 +17,11 @@
   -->
   <asn:Integer name="Version" type="int" />
   <asn:AnyValue name="Subject" universalTagNumber="16" />
-  <asn:AsnType name="SubjectPublicKeyInfo" typeName="System.Security.Cryptography.Asn1.SubjectPublicKeyInfoAsn" />
-  <asn:SetOf name="Attributes" implicitTag="0">
-    <asn:AsnType typeName="System.Security.Cryptography.Asn1.AttributeAsn" />
+  <asn:AsnType
+    name="SubjectPublicKeyInfo"
+    typeName="System.Security.Cryptography.Asn1.SubjectPublicKeyInfoAsn"
+    valueTypeName="System.Security.Cryptography.Asn1.ValueSubjectPublicKeyInfoAsn" />
+  <asn:SetOf name="Attributes" implicitTag="0" valueName="GetAttributes">
+    <asn:AsnType typeName="System.Security.Cryptography.Asn1.AttributeAsn" valueTypeName="System.Security.Cryptography.Asn1.ValueAttributeAsn" />
   </asn:SetOf>
-</asn:Sequence>
\ No newline at end of file
+</asn:Sequence>
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/CertificationRequestInfoAsn.xml.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/CertificationRequestInfoAsn.xml.cs
index 403949afeac484..12ac6712256a99 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/CertificationRequestInfoAsn.xml.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/CertificationRequestInfoAsn.xml.cs
@@ -132,4 +132,125 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             sequenceReader.ThrowIfNotEmpty();
         }
     }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal ref partial struct ValueCertificationRequestInfoAsn
+    {
+        internal System.Numerics.BigInteger Version;
+        internal ReadOnlySpan<byte> Subject;
+        internal System.Security.Cryptography.Asn1.ValueSubjectPublicKeyInfoAsn SubjectPublicKeyInfo;
+        internal ReadOnlySpan<byte> Attributes;
+
+        internal static void Decode(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueCertificationRequestInfoAsn decoded)
+        {
+            Decode(Asn1Tag.Sequence, encoded, ruleSet, out decoded);
+        }
+
+        internal static void Decode(Asn1Tag expectedTag, ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet, out ValueCertificationRequestInfoAsn decoded)
+        {
+            try
+            {
+                ValueAsnReader reader = new ValueAsnReader(encoded, ruleSet);
+
+                DecodeCore(ref reader, expectedTag, out decoded);
+                reader.ThrowIfNotEmpty();
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, out ValueCertificationRequestInfoAsn decoded)
+        {
+            Decode(ref reader, Asn1Tag.Sequence, out decoded);
+        }
+
+        internal static void Decode(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueCertificationRequestInfoAsn decoded)
+        {
+            try
+            {
+                DecodeCore(ref reader, expectedTag, out decoded);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
+            }
+        }
+
+        private static void DecodeCore(scoped ref ValueAsnReader reader, Asn1Tag expectedTag, out ValueCertificationRequestInfoAsn decoded)
+        {
+            decoded = default;
+            ValueAsnReader sequenceReader = reader.ReadSequence(expectedTag);
+
+            decoded.Version = sequenceReader.ReadInteger();
+            if (!sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag((UniversalTagNumber)16)))
+            {
+                throw new CryptographicException();
+            }
+
+            decoded.Subject = sequenceReader.ReadEncodedValue();
+            System.Security.Cryptography.Asn1.ValueSubjectPublicKeyInfoAsn.Decode(ref sequenceReader, out decoded.SubjectPublicKeyInfo);
+
+            if (!sequenceReader.PeekTag().HasSameClassAndValue(new Asn1Tag(TagClass.ContextSpecific, 0)))
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
+            }
+
+            decoded.Attributes = sequenceReader.ReadEncodedValue();
+
+            sequenceReader.ThrowIfNotEmpty();
+        }
+
+
+        internal AttributesEnumerable GetAttributes(AsnEncodingRules ruleSet)
+        {
+            return new AttributesEnumerable(Attributes, ruleSet);
+        }
+
+        internal readonly ref struct AttributesEnumerable
+        {
+            private readonly ReadOnlySpan<byte> _encoded;
+            private readonly AsnEncodingRules _ruleSet;
+
+            internal AttributesEnumerable(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet)
+            {
+                _encoded = encoded;
+                _ruleSet = ruleSet;
+            }
+
+            public Enumerator GetEnumerator() => new Enumerator(_encoded, _ruleSet);
+
+            internal ref struct Enumerator
+            {
+                private ValueAsnReader _reader;
+                private System.Security.Cryptography.Asn1.ValueAttributeAsn _current;
+
+                internal Enumerator(ReadOnlySpan<byte> encoded, AsnEncodingRules ruleSet)
+                {
+                    if (!encoded.IsEmpty)
+                    {
+                        ValueAsnReader outerReader = new ValueAsnReader(encoded, ruleSet);
+                        _reader = outerReader.ReadSetOf(new Asn1Tag(TagClass.ContextSpecific, 0));
+                        outerReader.ThrowIfNotEmpty();
+                    }
+
+                    _current = default;
+                }
+
+                public System.Security.Cryptography.Asn1.ValueAttributeAsn Current => _current;
+
+                public bool MoveNext()
+                {
+                    if (!_reader.HasData)
+                    {
+                        return false;
+                    }
+
+                    System.Security.Cryptography.Asn1.ValueAttributeAsn.Decode(ref _reader, out _current);
+                    return true;
+                }
+            }
+        }
+    }
 }
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/TbsCertificateAsn.xml.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/TbsCertificateAsn.xml.cs
index 0f0b267b23639b..4242feccf97118 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/TbsCertificateAsn.xml.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/Asn1/TbsCertificateAsn.xml.cs
@@ -9,29 +9,17 @@
 
 namespace System.Security.Cryptography.X509Certificates.Asn1
 {
-    [StructLayout(LayoutKind.Sequential)]
-    internal partial struct TbsCertificateAsn
+    file static class SharedTbsCertificateAsn
     {
-        private static ReadOnlySpan<byte> DefaultVersion => [0x02, 0x01, 0x00];
-
-        internal int Version;
-        internal ReadOnlyMemory<byte> SerialNumber;
-        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn SignatureAlgorithm;
-        internal ReadOnlyMemory<byte> Issuer;
-        internal System.Security.Cryptography.X509Certificates.Asn1.ValidityAsn Validity;
-        internal ReadOnlyMemory<byte> Subject;
-        internal System.Security.Cryptography.Asn1.SubjectPublicKeyInfoAsn SubjectPublicKeyInfo;
-        internal ReadOnlyMemory<byte>? IssuerUniqueId;
-        internal ReadOnlyMemory<byte>? SubjectUniqueId;
-        internal System.Security.Cryptography.Asn1.X509ExtensionAsn[]? Extensions;
+        internal static ReadOnlySpan<byte> DefaultVersion => [0x02, 0x01, 0x00];
 
 #if DEBUG
-        static TbsCertificateAsn()
+        static SharedTbsCertificateAsn()
         {
             TbsCertificateAsn decoded = default;
             ValueAsnReader reader;
 
-            reader = new ValueAsnReader(DefaultVersion, AsnEncodingRules.DER);
+            reader = new ValueAsnReader(SharedTbsCertificateAsn.DefaultVersion, AsnEncodingRules.DER);
 
             if (!reader.TryReadInt32(out decoded.Version))
             {
@@ -41,6 +29,21 @@ static TbsCertificateAsn()
             reader.ThrowIfNotEmpty();
         }
 #endif
+    }
+
+    [StructLayout(LayoutKind.Sequential)]
+    internal partial struct TbsCertificateAsn
+    {
+        internal int Version;
+        internal ReadOnlyMemory<byte> SerialNumber;
+        internal System.Security.Cryptography.Asn1.AlgorithmIdentifierAsn SignatureAlgorithm;
+        internal ReadOnlyMemory<byte> Issuer;
+        internal System.Security.Cryptography.X509Certificates.Asn1.ValidityAsn Validity;
+        internal ReadOnlyMemory<byte> Subject;
+        internal System.Security.Cryptography.Asn1.SubjectPublicKeyInfoAsn SubjectPublicKeyInfo;
+        internal ReadOnlyMemory<byte>? IssuerUniqueId;
+        internal ReadOnlyMemory<byte>? SubjectUniqueId;
+        internal System.Security.Cryptography.Asn1.X509ExtensionAsn[]? Extensions;
 
         internal readonly void Encode(AsnWriter writer)
         {
@@ -58,7 +61,7 @@ internal readonly void Encode(AsnWriter writer, Asn1Tag tag)
                 AsnWriter tmp = new AsnWriter(AsnEncodingRules.DER, initialCapacity: AsnManagedIntegerDerMaxEncodeSize);
                 tmp.WriteInteger(Version);
 
-                if (!tmp.EncodedValueEquals(DefaultVersion))
+                if (!tmp.EncodedValueEquals(SharedTbsCertificateAsn.DefaultVersion))
                 {
                     writer.PushSequence(new Asn1Tag(TagClass.ContextSpecific, 0));
                     tmp.CopyTo(writer);
@@ -197,7 +200,7 @@ private static void DecodeCore(ref ValueAsnReader reader, Asn1Tag expectedTag, R
             }
             else
             {
-                defaultReader = new ValueAsnReader(DefaultVersion, AsnEncodingRules.DER);
+                defaultReader = new ValueAsnReader(SharedTbsCertificateAsn.DefaultVersion, AsnEncodingRules.DER);
 
                 if (!defaultReader.TryReadInt32(out decoded.Version))
                 {
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.Load.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.Load.cs
index 57a102169ad5c4..9644f1bc90e86c 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.Load.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.Load.cs
@@ -149,135 +149,141 @@ private static unsafe CertificateRequest LoadSigningRequest(
                     outer.ThrowIfNotEmpty();
                 }
 
-                fixed (byte* p10ptr = pkcs10)
+                ReadOnlySpan<byte> encodedRequestInfo = pkcs10Asn.PeekEncodedValue();
+                ValueCertificationRequestInfoAsn requestInfo;
+                ValueAlgorithmIdentifierAsn algorithmIdentifier;
+                ReadOnlySpan<byte> signature;
+                int signatureUnusedBitCount;
+
+                ValueCertificationRequestInfoAsn.Decode(ref pkcs10Asn, out requestInfo);
+                ValueAlgorithmIdentifierAsn.Decode(ref pkcs10Asn, out algorithmIdentifier);
+
+                if (!pkcs10Asn.TryReadPrimitiveBitString(out signatureUnusedBitCount, out signature))
                 {
-                    using (PointerMemoryManager<byte> manager = new PointerMemoryManager<byte>(p10ptr, encodedLength))
-                    {
-                        ReadOnlyMemory<byte> rebind = manager.Memory;
-                        ReadOnlySpan<byte> encodedRequestInfo = pkcs10Asn.PeekEncodedValue();
-                        CertificationRequestInfoAsn requestInfo;
-                        AlgorithmIdentifierAsn algorithmIdentifier;
-                        ReadOnlySpan<byte> signature;
-                        int signatureUnusedBitCount;
+                    throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
+                }
 
-                        CertificationRequestInfoAsn.Decode(ref pkcs10Asn, rebind, out requestInfo);
-                        AlgorithmIdentifierAsn.Decode(ref pkcs10Asn, rebind, out algorithmIdentifier);
+                pkcs10Asn.ThrowIfNotEmpty();
 
-                        if (!pkcs10Asn.TryReadPrimitiveBitString(out signatureUnusedBitCount, out signature))
-                        {
-                            throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
-                        }
+                if (requestInfo.Version < 0)
+                {
+                    throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
+                }
 
-                        pkcs10Asn.ThrowIfNotEmpty();
+                // They haven't bumped from v0 to v1 as of 2022.
+                const int MaxSupportedVersion = 0;
 
-                        if (requestInfo.Version < 0)
-                        {
-                            throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
-                        }
+                if (requestInfo.Version != MaxSupportedVersion)
+                {
+                    throw new CryptographicException(
+                        SR.Format(
+                            SR.Cryptography_CertReq_Load_VersionTooNew,
+                            requestInfo.Version,
+                            MaxSupportedVersion));
+                }
+
+                PublicKey publicKey = PublicKey.DecodeSubjectPublicKeyInfo(ref requestInfo.SubjectPublicKeyInfo);
+
+                if (!skipSignatureValidation)
+                {
+                    // None of the supported signature algorithms support signatures that are not full bytes.
+                    // So, shortcut the verification on the bit length
+                    if (signatureUnusedBitCount != 0 ||
+                        !VerifyX509Signature(encodedRequestInfo, signature, publicKey, ref algorithmIdentifier))
+                    {
+                        throw new CryptographicException(SR.Cryptography_CertReq_SignatureVerificationFailed);
+                    }
+                }
+
+                X500DistinguishedName subject = new X500DistinguishedName(requestInfo.Subject);
 
-                        // They haven't bumped from v0 to v1 as of 2022.
-                        const int MaxSupportedVersion = 0;
+                req = new CertificateRequest(
+                    subject,
+                    publicKey,
+                    signerHashAlgorithm,
+                    signerSignaturePadding);
 
-                        if (requestInfo.Version != MaxSupportedVersion)
+                bool foundCertExt = false;
+
+                foreach (ValueAttributeAsn attr in requestInfo.GetAttributes(AsnEncodingRules.DER))
+                {
+                    if (attr.AttrType == Oids.Pkcs9ExtensionRequest)
+                    {
+                        if (foundCertExt)
                         {
                             throw new CryptographicException(
-                                SR.Format(
-                                    SR.Cryptography_CertReq_Load_VersionTooNew,
-                                    requestInfo.Version,
-                                    MaxSupportedVersion));
+                                SR.Cryptography_CertReq_Load_DuplicateExtensionRequests);
                         }
 
-                        PublicKey publicKey = PublicKey.DecodeSubjectPublicKeyInfo(ref requestInfo.SubjectPublicKeyInfo);
+                        foundCertExt = true;
 
-                        if (!skipSignatureValidation)
+                        scoped ReadOnlySpan<byte> firstAttrValue = default;
+                        bool foundAttrValue = false;
+
+                        foreach (ReadOnlySpan<byte> values in attr.GetAttrValues(AsnEncodingRules.DER))
                         {
-                            // None of the supported signature algorithms support signatures that are not full bytes.
-                            // So, shortcut the verification on the bit length
-                            if (signatureUnusedBitCount != 0 ||
-                                !VerifyX509Signature(encodedRequestInfo, signature, publicKey, algorithmIdentifier))
+                            if (foundAttrValue)
                             {
-                                throw new CryptographicException(SR.Cryptography_CertReq_SignatureVerificationFailed);
+                                throw new CryptographicException(
+                                    SR.Cryptography_CertReq_Load_DuplicateExtensionRequests);
                             }
+
+                            firstAttrValue = values;
+                            foundAttrValue = true;
                         }
 
-                        X500DistinguishedName subject = new X500DistinguishedName(requestInfo.Subject.Span);
+                        if (!foundAttrValue)
+                        {
+                            throw new CryptographicException(SR.Cryptography_CertReq_Load_DuplicateExtensionRequests);
+                        }
 
-                        req = new CertificateRequest(
-                            subject,
-                            publicKey,
-                            signerHashAlgorithm,
-                            signerSignaturePadding);
+                        ValueAsnReader extsReader = new ValueAsnReader(
+                            firstAttrValue,
+                            AsnEncodingRules.DER);
+
+                        ValueAsnReader exts = extsReader.ReadSequence();
+                        extsReader.ThrowIfNotEmpty();
 
-                        if (requestInfo.Attributes is not null)
+                        // Minimum length is 1, so do..while
+                        do
                         {
-                            bool foundCertExt = false;
+                            ValueX509ExtensionAsn.Decode(ref exts, out ValueX509ExtensionAsn extAsn);
 
-                            foreach (AttributeAsn attr in requestInfo.Attributes)
+                            if (unsafeLoadCertificateExtensions)
                             {
-                                if (attr.AttrType == Oids.Pkcs9ExtensionRequest)
+                                X509Extension ext = new X509Extension(
+                                    extAsn.ExtnId,
+                                    extAsn.ExtnValue,
+                                    extAsn.Critical);
+
+                                X509Extension? rich =
+                                    X509Certificate2.CreateCustomExtensionIfAny(extAsn.ExtnId);
+
+                                if (rich is not null)
                                 {
-                                    if (foundCertExt)
-                                    {
-                                        throw new CryptographicException(
-                                            SR.Cryptography_CertReq_Load_DuplicateExtensionRequests);
-                                    }
-
-                                    foundCertExt = true;
-
-                                    if (attr.AttrValues.Length != 1)
-                                    {
-                                        throw new CryptographicException(
-                                            SR.Cryptography_CertReq_Load_DuplicateExtensionRequests);
-                                    }
-
-                                    ValueAsnReader extsReader = new ValueAsnReader(
-                                        attr.AttrValues[0].Span,
-                                        AsnEncodingRules.DER);
-
-                                    ValueAsnReader exts = extsReader.ReadSequence();
-                                    extsReader.ThrowIfNotEmpty();
-
-                                    // Minimum length is 1, so do..while
-                                    do
-                                    {
-                                        X509ExtensionAsn.Decode(ref exts, rebind, out X509ExtensionAsn extAsn);
-
-                                        if (unsafeLoadCertificateExtensions)
-                                        {
-                                            X509Extension ext = new X509Extension(
-                                                extAsn.ExtnId,
-                                                extAsn.ExtnValue.Span,
-                                                extAsn.Critical);
-
-                                            X509Extension? rich =
-                                                X509Certificate2.CreateCustomExtensionIfAny(extAsn.ExtnId);
-
-                                            if (rich is not null)
-                                            {
-                                                rich.CopyFrom(ext);
-                                                req.CertificateExtensions.Add(rich);
-                                            }
-                                            else
-                                            {
-                                                req.CertificateExtensions.Add(ext);
-                                            }
-                                        }
-                                    } while (exts.HasData);
+                                    rich.CopyFrom(ext);
+                                    req.CertificateExtensions.Add(rich);
                                 }
                                 else
                                 {
-                                    if (attr.AttrValues.Length == 0)
-                                    {
-                                        throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
-                                    }
-
-                                    foreach (ReadOnlyMemory<byte> val in attr.AttrValues)
-                                    {
-                                        req.OtherRequestAttributes.Add(
-                                            new AsnEncodedData(attr.AttrType, val.Span));
-                                    }
+                                    req.CertificateExtensions.Add(ext);
                                 }
                             }
+                        } while (exts.HasData);
+                    }
+                    else
+                    {
+                        bool anyAttrValues = false;
+
+                        foreach (ReadOnlySpan<byte> val in attr.GetAttrValues(AsnEncodingRules.DER))
+                        {
+                            req.OtherRequestAttributes.Add(new AsnEncodedData(attr.AttrType, val));
+                            anyAttrValues = true;
+                        }
+
+                        if (!anyAttrValues)
+                        {
+                            throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding);
                         }
                     }
                 }
@@ -295,7 +301,7 @@ private static bool VerifyX509Signature(
             ReadOnlySpan<byte> toBeSigned,
             ReadOnlySpan<byte> signature,
             PublicKey publicKey,
-            AlgorithmIdentifierAsn algorithmIdentifier)
+            ref readonly ValueAlgorithmIdentifierAsn algorithmIdentifier)
         {
             RSA? rsa = publicKey.GetRSAPublicKey();
             ECDsa? ecdsa = publicKey.GetECDsaPublicKey();
@@ -308,14 +314,15 @@ private static bool VerifyX509Signature(
 
                 if (algorithmIdentifier.Algorithm == Oids.RsaPss)
                 {
-                    if (rsa is null || !algorithmIdentifier.Parameters.HasValue)
+                    if (rsa is null || !algorithmIdentifier.HasParameters)
                     {
                         return false;
                     }
 
-                    PssParamsAsn pssParams = PssParamsAsn.Decode(
-                        algorithmIdentifier.Parameters.GetValueOrDefault(),
-                        AsnEncodingRules.DER);
+                    ValuePssParamsAsn.Decode(
+                        algorithmIdentifier.Parameters,
+                        AsnEncodingRules.DER,
+                        out ValuePssParamsAsn pssParams);
 
                     RSASignaturePadding padding = pssParams.GetSignaturePadding();
                     hashAlg = HashAlgorithmName.FromOid(pssParams.HashAlgorithm.Algorithm);
diff --git a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/PublicKey.cs b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/PublicKey.cs
index 2c3d2d8875cf59..e4c850bcb5b3ea 100644
--- a/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/PublicKey.cs
+++ b/src/libraries/System.Security.Cryptography/src/System/Security/Cryptography/X509Certificates/PublicKey.cs
@@ -451,36 +451,32 @@ internal AsnWriter EncodeSubjectPublicKeyInfo()
             return writer;
         }
 
-        private static unsafe int DecodeSubjectPublicKeyInfo(
+        private static int DecodeSubjectPublicKeyInfo(
             ReadOnlySpan<byte> source,
             out Oid oid,
             out AsnEncodedData? parameters,
             out AsnEncodedData keyValue)
         {
-            fixed (byte* ptr = &MemoryMarshal.GetReference(source))
-            using (MemoryManager<byte> manager = new PointerMemoryManager<byte>(ptr, source.Length))
-            {
-                ValueAsnReader reader = new ValueAsnReader(source, AsnEncodingRules.DER);
+            ValueAsnReader reader = new ValueAsnReader(source, AsnEncodingRules.DER);
 
-                int read;
-                SubjectPublicKeyInfoAsn spki;
+            int read;
+            ValueSubjectPublicKeyInfoAsn spki;
 
-                try
-                {
-                    read = reader.PeekEncodedValue().Length;
-                    SubjectPublicKeyInfoAsn.Decode(ref reader, manager.Memory, out spki);
-                }
-                catch (AsnContentException e)
-                {
-                    throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
-                }
-
-                DecodeSubjectPublicKeyInfo(ref spki, out oid, out parameters, out keyValue);
-                return read;
+            try
+            {
+                read = reader.PeekEncodedValue().Length;
+                ValueSubjectPublicKeyInfoAsn.Decode(ref reader, out spki);
+            }
+            catch (AsnContentException e)
+            {
+                throw new CryptographicException(SR.Cryptography_Der_Invalid_Encoding, e);
             }
+
+            DecodeSubjectPublicKeyInfo(ref spki, out oid, out parameters, out keyValue);
+            return read;
         }
 
-        internal static PublicKey DecodeSubjectPublicKeyInfo(ref SubjectPublicKeyInfoAsn spki)
+        internal static PublicKey DecodeSubjectPublicKeyInfo(ref ValueSubjectPublicKeyInfoAsn spki)
         {
             DecodeSubjectPublicKeyInfo(
                 ref spki,
@@ -492,18 +488,16 @@ internal static PublicKey DecodeSubjectPublicKeyInfo(ref SubjectPublicKeyInfoAsn
         }
 
         private static void DecodeSubjectPublicKeyInfo(
-            ref SubjectPublicKeyInfoAsn spki,
+            ref ValueSubjectPublicKeyInfoAsn spki,
             out Oid oid,
             out AsnEncodedData? parameters,
             out AsnEncodedData keyValue)
         {
             oid = new Oid(spki.Algorithm.Algorithm, null);
-            keyValue = new AsnEncodedData(spki.SubjectPublicKey.Span);
-            parameters = spki.Algorithm.Parameters switch
-            {
-                ReadOnlyMemory<byte> algParameters => new AsnEncodedData(algParameters.Span),
-                _ => null,
-            };
+            keyValue = new AsnEncodedData(spki.SubjectPublicKey);
+            parameters = spki.Algorithm.HasParameters ?
+                new AsnEncodedData(spki.Algorithm.Parameters) :
+                null;
         }
     }
 }