Mark enums with FlagsAttribute (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1027)

In externally visible method 'X509AuthorityKeyIdentifierExtension.X509AuthorityKeyIdentifierExtension(AsnEncodedData encodedExtension, bool critical)', validate parameter 'encodedExtension' is non-null before using it. If appropriate, throw an 'ArgumentNullException' when the argument is 'null'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1062)

In externally visible method 'X509CrlNumberExtension.X509CrlNumberExtension(AsnEncodedData encodedExtension, bool critical)', validate parameter 'encodedExtension' is non-null before using it. If appropriate, throw an 'ArgumentNullException' when the argument is 'null'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1062)

In externally visible method 'X509SubjectAltNameExtension.X509SubjectAltNameExtension(AsnEncodedData encodedExtension, bool critical)', validate parameter 'encodedExtension' is non-null before using it. If appropriate, throw an 'ArgumentNullException' when the argument is 'null'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1062)

Change the type of parameter 'applicationUri' of method 'X509SubjectAltNameExtension.X509SubjectAltNameExtension(string, IEnumerable<string>)' from 'string' to 'System.Uri', or provide an overload to 'X509SubjectAltNameExtension.X509SubjectAltNameExtension(string, IEnumerable<string>)' that allows 'applicationUri' to be passed as a 'System.Uri' object (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1054)

In externally visible method 'X509SubjectAltNameExtension.X509SubjectAltNameExtension(string applicationUri, IEnumerable<string> domainNames)', validate parameter 'domainNames' is non-null before using it. If appropriate, throw an 'ArgumentNullException' when the argument is 'null'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1062)

In externally visible method 'T X509Extensions.FindExtension<T>(X509Certificate2 certificate)', validate parameter 'certificate' is non-null before using it. If appropriate, throw an 'ArgumentNullException' when the argument is 'null'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1062)

In externally visible method 'byte[] PEMWriter.ExportCertificateAsPEM(X509Certificate2 certificate)', validate parameter 'certificate' is non-null before using it. If appropriate, throw an 'ArgumentNullException' when the argument is 'null'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1062)

Use recommended dispose pattern to ensure that object created by 'RSA.Create()' is disposed on all paths. If possible, wrap the creation within a 'using' statement or a 'using' declaration. Otherwise, use a try-finally pattern, with a dedicated local variable declared before the try region and an unconditional Dispose invocation on non-null value in the 'finally' region, say 'x?.Dispose()'. If the object is explicitly disposed within the try region or the dispose ownership is transfered to another object or method, assign 'null' to the local variable just after such an operation to prevent double dispose in 'finally'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca2000)

In externally visible method 'X509CRL.X509CRL(IX509CRL crl)', validate parameter 'crl' is non-null before using it. If appropriate, throw an 'ArgumentNullException' when the argument is 'null'. (https://learn.microsoft.com/dotnet/fundamentals/code-analysis/quality-rules/ca1062)