Clarification needed on CSR signing process

There doesn't seem to be a lot of in-depth information on the certificate signing process other than:

• 
  

  Key Management Interoperability Protocol Usage Guide Version 1.2 (PDF)

  
  


• 
  

  RFC 2986 - PKCS #10: Certification Request Syntax Specification, Version 1.7

  
  

Here is an example CSR I created:

-----BEGIN CERTIFICATE REQUEST-----
MIIC3zCCAccCAQAwaTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRQwEgYDVQQH
EwtMb3MgQW5nZWxlczEQMA4GA1UEChMHRXhhbXBsZTELMAkGA1UECxMCQ0ExGDAW
BgNVBAMTD2Nzci5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALsbtWr46Mx8Loal+tKuAFzKHDmzBNr1DG1XlKuO32oVekJW8rkSXdIt
i90g2Bpl9yS8ndFt9djI+Jx0YZp2BnErAbriX7PXXLY13tj3OmO0f8JEAv/5HOaL
qYl79Mr03prhjyTZrlxSPsFuuXfy+arErNet7sqkOua7iexpC6Vx0CTL/YGjzEG3
PA3zAdqKMWnHruSzyAExf/NocLTJ8OdvvAIh2MP79ga8MRtXdM/nEIs6xgnd9B1c
I2mkS0gK7yFCKISZpeSusLJB9SplaOLiH0FBAzslek5WkMVs4AiEahieOMOFtyYR
8v3rKSNvSQW0y29M71AjQq9CA69VrVUCAwEAAaAxMC8GCSqGSIb3DQEJDjEiMCAw
CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOC
AQEAGRIzq4nE7KhNZ5vt85gfw6BLM887G/W2A679cXzH7nSjL0Hmr7dii891ak8v
AzgwLKYn6sRBA+cN1bidExcb49v8G7TMOIBxhZjlEewgouBRBZMtNxSJFhD7TSrr
uj7r/tudnztqIjfYL9cXo+MuoGHsGJcXoBSQBIE8jheEUdaAA2LFVaLL+3lQgylL
14iCuY6DR1bF51lZP0zSqdba+mFvAVpspZfcrVClYqsf/xfkiHH7Rx1pz4sDCKTt
WV/7YHDxGXwIjIxkhEwuMX+zz3rO++jy+iBTXnFVwfPogcbLDmcFM/j4JPxuVz4a
nx5Y3pWKymuKNQ58BAguzF+tmA==
-----END CERTIFICATE REQUEST-----

I pasted the above in certlogik.com and had a look at the output.

If I understand it correctly, 4 components will make up CertificationRequestInfo:

1. Version


2. Subject


3. Public Key Info


4. Attributes

I am assuming that using SHA1 or SHA2, the CertificationRequestInfo is then hashed and that hash output is encrypted using the private key of the computer that is creating the CSR.

When it arrives at the CA, the CA takes the CertificationRequestInfo and runs a hash on it. It then also takes the encrypted value and tries to decrypt it using the public key in the CSR. If the hash output and the decrypted hash output match, then the CA will sign the CSR.

Please correct me if I am wrong with the above. At this point I'm confused regarding to what data the CA actually signs (what data the CA hashes and then encrypts that hash).