Certificate is a JSON Structure definition published by Censys, describing 23 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.
{
"$schema": "https://json-structure.org/meta/core/v0/#",
"$id": "https://raw.githubusercontent.com/api-evangelist/censys/refs/heads/main/json-structure/asset-graph-certificate-structure.json",
"name": "Certificate",
"description": "Certificate schema from Asset Graph API",
"type": "object",
"additionalProperties": false,
"properties": {
"added_at": {
"type": "string",
"description": "When the certificate was added to the Censys dataset."
},
"ct": {
"$ref": "#/components/schemas/Ct"
},
"ever_seen_in_scan": {
"type": "boolean",
"description": "Whether the certificate has ever been presented by a service during a scan."
},
"fingerprint_md5": {
"type": "string",
"description": "The MD-5 digest of the entire raw certificate. An identifier used by some systems."
},
"fingerprint_sha1": {
"type": "string",
"description": "The SHA-1 digest of the entire raw certificate. An identifier used by some systems."
},
"fingerprint_sha256": {
"type": "string",
"description": "The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records."
},
"modified_at": {
"type": "string",
"description": "When the certificate record was last modified."
},
"names": {
"type": [
"array",
"null"
],
"description": "All the names contained in the certificate from various fields.",
"items": {
"type": "string"
}
},
"parent_spki_fingerprint_sha256": {
"type": "string",
"description": "DEPRECATED: Use parent_spki_subject_fingerprint_sha256"
},
"parent_spki_subject_fingerprint_sha256": {
"type": "string",
"description": "The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject."
},
"parse_status": {
"type": "string",
"enum": [
"",
"success",
"fail",
"corrupted"
]
},
"parsed": {
"description": "A record containing all of the data parsed from the certificate.",
"$ref": "#/components/schemas/Certificate_Parsed"
},
"precert": {
"type": "boolean",
"description": "Whether the X.509 \"poison\" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted."
},
"revocation": {
"description": "A record containing revocation information, if the certificate has been revoked.",
"$ref": "#/components/schemas/CertificateRevocation"
},
"revoked": {
"type": "boolean",
"description": "Whether the certificate has been revoked before its expiry date by the issuer."
},
"spki_fingerprint_sha256": {
"type": "string",
"description": "DEPRECATED: Use spki_subject_fingerprint_sha256"
},
"spki_subject_fingerprint_sha256": {
"type": "string",
"description": "The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject."
},
"tbs_fingerprint_sha256": {
"type": "string",
"description": "The SHA-256 digest of the unsigned certificate's contents."
},
"tbs_no_ct_fingerprint_sha256": {
"type": "string",
"description": "The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate."
},
"validated_at": {
"type": "string",
"description": "When the certificate record's trust was last checked."
},
"validation": {
"description": "A record containing information from the maintainers of major root certificate stores related to their trust assessment.",
"$ref": "#/components/schemas/Validation"
},
"validation_level": {
"type": "string",
"description": "The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV).",
"enum": [
"",
"dv",
"ov",
"ev"
]
},
"zlint": {
"description": "A record containing the results of linting the certificate for conformance to the X.509 standard using Zlint.",
"$ref": "#/components/schemas/ZLint"
}
}
}