{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/censys/refs/heads/main/json-structure/asset-graph-certificateextensions-structure.json",
  "name": "CertificateExtensions",
  "description": "CertificateExtensions schema from Asset Graph API",
  "type": "object",
  "additionalProperties": false,
  "properties": {
    "authority_info_access": {
      "description": "The parsed id-pe-authorityInfoAccess extension (OID: 1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted.",
      "$ref": "#/components/schemas/AuthorityInfoAccess"
    },
    "authority_key_id": {
      "type": "string",
      "description": "A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo."
    },
    "basic_constraints": {
      "description": "The parsed id-ce-basicConstraints extension (OID: 2.5.29.19).",
      "$ref": "#/components/schemas/BasicConstraints"
    },
    "cabf_organization_id": {
      "description": "CA/Browser Forum organization ID extensions (OID: 2.23.140.3.1).",
      "$ref": "#/components/schemas/CabfOrganizationId"
    },
    "certificate_policies": {
      "type": [
        "array",
        "null"
      ],
      "description": "The parsed id-ce-certificatePolicies extension (OID: 2.5.29.32).",
      "items": {
        "$ref": "#/components/schemas/CertificatePolicy"
      }
    },
    "crl_distribution_points": {
      "type": [
        "array",
        "null"
      ],
      "description": "The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted).",
      "items": {
        "type": "string"
      }
    },
    "ct_poison": {
      "type": "boolean",
      "description": "Whether the certificate possesses the pre-certificate \"poison\" extension (OID: 1.3.6.1.4.1.11129.2.4.3)."
    },
    "extended_key_usage": {
      "description": "The parsed id-ce-extKeyUsage extension (OID: 2.5.29.37).",
      "$ref": "#/components/schemas/ExtendedKeyUsage"
    },
    "issuer_alt_name": {
      "description": "The parsed id-ce-issuerAltName extension (OID: 2.5.29.18).",
      "$ref": "#/components/schemas/GeneralNames"
    },
    "key_usage": {
      "description": "The parsed id-ce-keyUsage extension (OID: 2.5.29.15).",
      "$ref": "#/components/schemas/KeyUsage"
    },
    "name_constraints": {
      "description": "The parsed id-ce-nameConstraints extension (OID: 2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located.",
      "$ref": "#/components/schemas/NameConstraints"
    },
    "qc_statements": {
      "$ref": "#/components/schemas/QcStatements"
    },
    "signed_certificate_timestamps": {
      "type": [
        "array",
        "null"
      ],
      "items": {
        "$ref": "#/components/schemas/SignedCertificateTimestamp"
      }
    },
    "subject_alt_name": {
      "description": "The parsed id-ce-subjectAltName extension (OID: 2.5.29.17).",
      "$ref": "#/components/schemas/GeneralNames"
    },
    "subject_key_id": {
      "type": "string",
      "description": "A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.."
    },
    "tor_service_descriptors": {
      "type": [
        "array",
        "null"
      ],
      "items": {
        "$ref": "#/components/schemas/TorServiceDescriptor"
      }
    }
  }
}