{ "$schema": "https://json-structure.org/meta/core/v0/#", "$id": "https://raw.githubusercontent.com/api-evangelist/censys/refs/heads/main/json-structure/asset-graph-certificate-structure.json", "name": "Certificate", "description": "Certificate schema from Asset Graph API", "type": "object", "additionalProperties": false, "properties": { "added_at": { "type": "string", "description": "When the certificate was added to the Censys dataset." }, "ct": { "$ref": "#/components/schemas/Ct" }, "ever_seen_in_scan": { "type": "boolean", "description": "Whether the certificate has ever been presented by a service during a scan." }, "fingerprint_md5": { "type": "string", "description": "The MD-5 digest of the entire raw certificate. An identifier used by some systems." }, "fingerprint_sha1": { "type": "string", "description": "The SHA-1 digest of the entire raw certificate. An identifier used by some systems." }, "fingerprint_sha256": { "type": "string", "description": "The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records." }, "modified_at": { "type": "string", "description": "When the certificate record was last modified." }, "names": { "type": [ "array", "null" ], "description": "All the names contained in the certificate from various fields.", "items": { "type": "string" } }, "parent_spki_fingerprint_sha256": { "type": "string", "description": "DEPRECATED: Use parent_spki_subject_fingerprint_sha256" }, "parent_spki_subject_fingerprint_sha256": { "type": "string", "description": "The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject." }, "parse_status": { "type": "string", "enum": [ "", "success", "fail", "corrupted" ] }, "parsed": { "description": "A record containing all of the data parsed from the certificate.", "$ref": "#/components/schemas/Certificate_Parsed" }, "precert": { "type": "boolean", "description": "Whether the X.509 \"poison\" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted." }, "revocation": { "description": "A record containing revocation information, if the certificate has been revoked.", "$ref": "#/components/schemas/CertificateRevocation" }, "revoked": { "type": "boolean", "description": "Whether the certificate has been revoked before its expiry date by the issuer." }, "spki_fingerprint_sha256": { "type": "string", "description": "DEPRECATED: Use spki_subject_fingerprint_sha256" }, "spki_subject_fingerprint_sha256": { "type": "string", "description": "The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject." }, "tbs_fingerprint_sha256": { "type": "string", "description": "The SHA-256 digest of the unsigned certificate's contents." }, "tbs_no_ct_fingerprint_sha256": { "type": "string", "description": "The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate." }, "validated_at": { "type": "string", "description": "When the certificate record's trust was last checked." }, "validation": { "description": "A record containing information from the maintainers of major root certificate stores related to their trust assessment.", "$ref": "#/components/schemas/Validation" }, "validation_level": { "type": "string", "description": "The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV).", "enum": [ "", "dv", "ov", "ev" ] }, "zlint": { "description": "A record containing the results of linting the certificate for conformance to the X.509 standard using Zlint.", "$ref": "#/components/schemas/ZLint" } } }