All X.509 Certificates
This schema outlines the fields available in Censys BigQuery All X.509 Certificates tables.
Certificates
| Path | Type | Repeated | Docs |
|---|---|---|---|
| added_at | TIMESTAMP | No | |
| ct | SubRecord | No | |
| ct.akamai_ct | SubRecord | No | |
| ct.akamai_ct.added_to_ct_at | TIMESTAMP | No | |
| ct.akamai_ct.censys_to_ct_at | TIMESTAMP | No | |
| ct.akamai_ct.ct_to_censys_at | TIMESTAMP | No | |
| ct.akamai_ct.index | INTEGER | No | |
| ct.akamai_ct.sct | STRING | No | |
| ct.behind_the_sofa | SubRecord | No | |
| ct.behind_the_sofa.added_to_ct_at | TIMESTAMP | No | |
| ct.behind_the_sofa.censys_to_ct_at | TIMESTAMP | No | |
| ct.behind_the_sofa.ct_to_censys_at | TIMESTAMP | No | |
| ct.behind_the_sofa.index | INTEGER | No | |
| ct.behind_the_sofa.sct | STRING | No | |
| ct.certificatetransparency_cn_ct | SubRecord | No | |
| ct.certificatetransparency_cn_ct.added_to_ct_at | TIMESTAMP | No | |
| ct.certificatetransparency_cn_ct.censys_to_ct_at | TIMESTAMP | No | |
| ct.certificatetransparency_cn_ct.ct_to_censys_at | TIMESTAMP | No | |
| ct.certificatetransparency_cn_ct.index | INTEGER | No | |
| ct.certificatetransparency_cn_ct.sct | STRING | No | |
| ct.certly_log | SubRecord | No | |
| ct.certly_log.added_to_ct_at | TIMESTAMP | No | |
| ct.certly_log.censys_to_ct_at | TIMESTAMP | No | |
| ct.certly_log.ct_to_censys_at | TIMESTAMP | No | |
| ct.certly_log.index | INTEGER | No | |
| ct.certly_log.sct | STRING | No | |
| ct.cloudflare_nimbus_2017 | SubRecord | No | |
| ct.cloudflare_nimbus_2017.added_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2017.censys_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2017.ct_to_censys_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2017.index | INTEGER | No | |
| ct.cloudflare_nimbus_2017.sct | STRING | No | |
| ct.cloudflare_nimbus_2018 | SubRecord | No | |
| ct.cloudflare_nimbus_2018.added_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2018.censys_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2018.ct_to_censys_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2018.index | INTEGER | No | |
| ct.cloudflare_nimbus_2018.sct | STRING | No | |
| ct.cloudflare_nimbus_2019 | SubRecord | No | |
| ct.cloudflare_nimbus_2019.added_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2019.censys_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2019.ct_to_censys_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2019.index | INTEGER | No | |
| ct.cloudflare_nimbus_2019.sct | STRING | No | |
| ct.cloudflare_nimbus_2020 | SubRecord | No | |
| ct.cloudflare_nimbus_2020.added_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2020.censys_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2020.ct_to_censys_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2020.index | INTEGER | No | |
| ct.cloudflare_nimbus_2020.sct | STRING | No | |
| ct.cloudflare_nimbus_2021 | SubRecord | No | |
| ct.cloudflare_nimbus_2021.added_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2021.censys_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2021.ct_to_censys_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2021.index | INTEGER | No | |
| ct.cloudflare_nimbus_2021.sct | STRING | No | |
| ct.cloudflare_nimbus_2022 | SubRecord | No | |
| ct.cloudflare_nimbus_2022.added_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2022.censys_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2022.ct_to_censys_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2022.index | INTEGER | No | |
| ct.cloudflare_nimbus_2022.sct | STRING | No | |
| ct.cloudflare_nimbus_2023 | SubRecord | No | |
| ct.cloudflare_nimbus_2023.added_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2023.censys_to_ct_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2023.ct_to_censys_at | TIMESTAMP | No | |
| ct.cloudflare_nimbus_2023.index | INTEGER | No | |
| ct.cloudflare_nimbus_2023.sct | STRING | No | |
| ct.cnnic_ctserver | SubRecord | No | |
| ct.cnnic_ctserver.added_to_ct_at | TIMESTAMP | No | |
| ct.cnnic_ctserver.censys_to_ct_at | TIMESTAMP | No | |
| ct.cnnic_ctserver.ct_to_censys_at | TIMESTAMP | No | |
| ct.cnnic_ctserver.index | INTEGER | No | |
| ct.cnnic_ctserver.sct | STRING | No | |
| ct.comodo_dodo | SubRecord | No | |
| ct.comodo_dodo.added_to_ct_at | TIMESTAMP | No | |
| ct.comodo_dodo.censys_to_ct_at | TIMESTAMP | No | |
| ct.comodo_dodo.ct_to_censys_at | TIMESTAMP | No | |
| ct.comodo_dodo.index | INTEGER | No | |
| ct.comodo_dodo.sct | STRING | No | |
| ct.comodo_mammoth | SubRecord | No | |
| ct.comodo_mammoth.added_to_ct_at | TIMESTAMP | No | |
| ct.comodo_mammoth.censys_to_ct_at | TIMESTAMP | No | |
| ct.comodo_mammoth.ct_to_censys_at | TIMESTAMP | No | |
| ct.comodo_mammoth.index | INTEGER | No | |
| ct.comodo_mammoth.sct | STRING | No | |
| ct.comodo_sabre | SubRecord | No | |
| ct.comodo_sabre.added_to_ct_at | TIMESTAMP | No | |
| ct.comodo_sabre.censys_to_ct_at | TIMESTAMP | No | |
| ct.comodo_sabre.ct_to_censys_at | TIMESTAMP | No | |
| ct.comodo_sabre.index | INTEGER | No | |
| ct.comodo_sabre.sct | STRING | No | |
| ct.ctlogs_alpha | SubRecord | No | |
| ct.ctlogs_alpha.added_to_ct_at | TIMESTAMP | No | |
| ct.ctlogs_alpha.censys_to_ct_at | TIMESTAMP | No | |
| ct.ctlogs_alpha.ct_to_censys_at | TIMESTAMP | No | |
| ct.ctlogs_alpha.index | INTEGER | No | |
| ct.ctlogs_alpha.sct | STRING | No | |
| ct.digicert_ct1 | SubRecord | No | |
| ct.digicert_ct1.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_ct1.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_ct1.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_ct1.index | INTEGER | No | |
| ct.digicert_ct1.sct | STRING | No | |
| ct.digicert_ct2 | SubRecord | No | |
| ct.digicert_ct2.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_ct2.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_ct2.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_ct2.index | INTEGER | No | |
| ct.digicert_ct2.sct | STRING | No | |
| ct.digicert_golem | SubRecord | No | |
| ct.digicert_golem.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_golem.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_golem.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_golem.index | INTEGER | No | |
| ct.digicert_golem.sct | STRING | No | |
| ct.digicert_nessie_2018 | SubRecord | No | |
| ct.digicert_nessie_2018.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2018.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2018.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_nessie_2018.index | INTEGER | No | |
| ct.digicert_nessie_2018.sct | STRING | No | |
| ct.digicert_nessie_2019 | SubRecord | No | |
| ct.digicert_nessie_2019.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2019.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2019.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_nessie_2019.index | INTEGER | No | |
| ct.digicert_nessie_2019.sct | STRING | No | |
| ct.digicert_nessie_2020 | SubRecord | No | |
| ct.digicert_nessie_2020.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2020.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2020.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_nessie_2020.index | INTEGER | No | |
| ct.digicert_nessie_2020.sct | STRING | No | |
| ct.digicert_nessie_2021 | SubRecord | No | |
| ct.digicert_nessie_2021.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2021.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2021.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_nessie_2021.index | INTEGER | No | |
| ct.digicert_nessie_2021.sct | STRING | No | |
| ct.digicert_nessie_2022 | SubRecord | No | |
| ct.digicert_nessie_2022.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2022.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2022.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_nessie_2022.index | INTEGER | No | |
| ct.digicert_nessie_2022.sct | STRING | No | |
| ct.digicert_nessie_2023 | SubRecord | No | |
| ct.digicert_nessie_2023.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2023.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_nessie_2023.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_nessie_2023.index | INTEGER | No | |
| ct.digicert_nessie_2023.sct | STRING | No | |
| ct.digicert_yeti_2018 | SubRecord | No | |
| ct.digicert_yeti_2018.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2018.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2018.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_yeti_2018.index | INTEGER | No | |
| ct.digicert_yeti_2018.sct | STRING | No | |
| ct.digicert_yeti_2019 | SubRecord | No | |
| ct.digicert_yeti_2019.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2019.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2019.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_yeti_2019.index | INTEGER | No | |
| ct.digicert_yeti_2019.sct | STRING | No | |
| ct.digicert_yeti_2020 | SubRecord | No | |
| ct.digicert_yeti_2020.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2020.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2020.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_yeti_2020.index | INTEGER | No | |
| ct.digicert_yeti_2020.sct | STRING | No | |
| ct.digicert_yeti_2021 | SubRecord | No | |
| ct.digicert_yeti_2021.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2021.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2021.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_yeti_2021.index | INTEGER | No | |
| ct.digicert_yeti_2021.sct | STRING | No | |
| ct.digicert_yeti_2022 | SubRecord | No | |
| ct.digicert_yeti_2022.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2022.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2022.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_yeti_2022.index | INTEGER | No | |
| ct.digicert_yeti_2022.sct | STRING | No | |
| ct.digicert_yeti_2023 | SubRecord | No | |
| ct.digicert_yeti_2023.added_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2023.censys_to_ct_at | TIMESTAMP | No | |
| ct.digicert_yeti_2023.ct_to_censys_at | TIMESTAMP | No | |
| ct.digicert_yeti_2023.index | INTEGER | No | |
| ct.digicert_yeti_2023.sct | STRING | No | |
| ct.gdca_ct | SubRecord | No | |
| ct.gdca_ct.added_to_ct_at | TIMESTAMP | No | |
| ct.gdca_ct.censys_to_ct_at | TIMESTAMP | No | |
| ct.gdca_ct.ct_to_censys_at | TIMESTAMP | No | |
| ct.gdca_ct.index | INTEGER | No | |
| ct.gdca_ct.sct | STRING | No | |
| ct.gdca_ctlog | SubRecord | No | |
| ct.gdca_ctlog.added_to_ct_at | TIMESTAMP | No | |
| ct.gdca_ctlog.censys_to_ct_at | TIMESTAMP | No | |
| ct.gdca_ctlog.ct_to_censys_at | TIMESTAMP | No | |
| ct.gdca_ctlog.index | INTEGER | No | |
| ct.gdca_ctlog.sct | STRING | No | |
| ct.gdca_log | SubRecord | No | |
| ct.gdca_log.added_to_ct_at | TIMESTAMP | No | |
| ct.gdca_log.censys_to_ct_at | TIMESTAMP | No | |
| ct.gdca_log.ct_to_censys_at | TIMESTAMP | No | |
| ct.gdca_log.index | INTEGER | No | |
| ct.gdca_log.sct | STRING | No | |
| ct.gdca_log2 | SubRecord | No | |
| ct.gdca_log2.added_to_ct_at | TIMESTAMP | No | |
| ct.gdca_log2.censys_to_ct_at | TIMESTAMP | No | |
| ct.gdca_log2.ct_to_censys_at | TIMESTAMP | No | |
| ct.gdca_log2.index | INTEGER | No | |
| ct.gdca_log2.sct | STRING | No | |
| ct.google_argon_2017 | SubRecord | No | |
| ct.google_argon_2017.added_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2017.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2017.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_argon_2017.index | INTEGER | No | |
| ct.google_argon_2017.sct | STRING | No | |
| ct.google_argon_2018 | SubRecord | No | |
| ct.google_argon_2018.added_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2018.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2018.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_argon_2018.index | INTEGER | No | |
| ct.google_argon_2018.sct | STRING | No | |
| ct.google_argon_2019 | SubRecord | No | |
| ct.google_argon_2019.added_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2019.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2019.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_argon_2019.index | INTEGER | No | |
| ct.google_argon_2019.sct | STRING | No | |
| ct.google_argon_2020 | SubRecord | No | |
| ct.google_argon_2020.added_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2020.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2020.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_argon_2020.index | INTEGER | No | |
| ct.google_argon_2020.sct | STRING | No | |
| ct.google_argon_2021 | SubRecord | No | |
| ct.google_argon_2021.added_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2021.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2021.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_argon_2021.index | INTEGER | No | |
| ct.google_argon_2021.sct | STRING | No | |
| ct.google_argon_2022 | SubRecord | No | |
| ct.google_argon_2022.added_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2022.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2022.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_argon_2022.index | INTEGER | No | |
| ct.google_argon_2022.sct | STRING | No | |
| ct.google_argon_2023 | SubRecord | No | |
| ct.google_argon_2023.added_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2023.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_argon_2023.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_argon_2023.index | INTEGER | No | |
| ct.google_argon_2023.sct | STRING | No | |
| ct.google_aviator | SubRecord | No | |
| ct.google_aviator.added_to_ct_at | TIMESTAMP | No | |
| ct.google_aviator.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_aviator.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_aviator.index | INTEGER | No | |
| ct.google_aviator.sct | STRING | No | |
| ct.google_daedalus | SubRecord | No | |
| ct.google_daedalus.added_to_ct_at | TIMESTAMP | No | |
| ct.google_daedalus.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_daedalus.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_daedalus.index | INTEGER | No | |
| ct.google_daedalus.sct | STRING | No | |
| ct.google_icarus | SubRecord | No | |
| ct.google_icarus.added_to_ct_at | TIMESTAMP | No | |
| ct.google_icarus.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_icarus.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_icarus.index | INTEGER | No | |
| ct.google_icarus.sct | STRING | No | |
| ct.google_pilot | SubRecord | No | |
| ct.google_pilot.added_to_ct_at | TIMESTAMP | No | |
| ct.google_pilot.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_pilot.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_pilot.index | INTEGER | No | |
| ct.google_pilot.sct | STRING | No | |
| ct.google_rocketeer | SubRecord | No | |
| ct.google_rocketeer.added_to_ct_at | TIMESTAMP | No | |
| ct.google_rocketeer.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_rocketeer.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_rocketeer.index | INTEGER | No | |
| ct.google_rocketeer.sct | STRING | No | |
| ct.google_skydiver | SubRecord | No | |
| ct.google_skydiver.added_to_ct_at | TIMESTAMP | No | |
| ct.google_skydiver.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_skydiver.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_skydiver.index | INTEGER | No | |
| ct.google_skydiver.sct | STRING | No | |
| ct.google_submariner | SubRecord | No | |
| ct.google_submariner.added_to_ct_at | TIMESTAMP | No | |
| ct.google_submariner.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_submariner.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_submariner.index | INTEGER | No | |
| ct.google_submariner.sct | STRING | No | |
| ct.google_testtube | SubRecord | No | |
| ct.google_testtube.added_to_ct_at | TIMESTAMP | No | |
| ct.google_testtube.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_testtube.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_testtube.index | INTEGER | No | |
| ct.google_testtube.sct | STRING | No | |
| ct.google_xenon_2018 | SubRecord | No | |
| ct.google_xenon_2018.added_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2018.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2018.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_xenon_2018.index | INTEGER | No | |
| ct.google_xenon_2018.sct | STRING | No | |
| ct.google_xenon_2019 | SubRecord | No | |
| ct.google_xenon_2019.added_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2019.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2019.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_xenon_2019.index | INTEGER | No | |
| ct.google_xenon_2019.sct | STRING | No | |
| ct.google_xenon_2020 | SubRecord | No | |
| ct.google_xenon_2020.added_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2020.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2020.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_xenon_2020.index | INTEGER | No | |
| ct.google_xenon_2020.sct | STRING | No | |
| ct.google_xenon_2021 | SubRecord | No | |
| ct.google_xenon_2021.added_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2021.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2021.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_xenon_2021.index | INTEGER | No | |
| ct.google_xenon_2021.sct | STRING | No | |
| ct.google_xenon_2022 | SubRecord | No | |
| ct.google_xenon_2022.added_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2022.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2022.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_xenon_2022.index | INTEGER | No | |
| ct.google_xenon_2022.sct | STRING | No | |
| ct.google_xenon_2023 | SubRecord | No | |
| ct.google_xenon_2023.added_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2023.censys_to_ct_at | TIMESTAMP | No | |
| ct.google_xenon_2023.ct_to_censys_at | TIMESTAMP | No | |
| ct.google_xenon_2023.index | INTEGER | No | |
| ct.google_xenon_2023.sct | STRING | No | |
| ct.izenpe_com_ct | SubRecord | No | |
| ct.izenpe_com_ct.added_to_ct_at | TIMESTAMP | No | |
| ct.izenpe_com_ct.censys_to_ct_at | TIMESTAMP | No | |
| ct.izenpe_com_ct.ct_to_censys_at | TIMESTAMP | No | |
| ct.izenpe_com_ct.index | INTEGER | No | |
| ct.izenpe_com_ct.sct | STRING | No | |
| ct.izenpe_com_pilot | SubRecord | No | |
| ct.izenpe_com_pilot.added_to_ct_at | TIMESTAMP | No | |
| ct.izenpe_com_pilot.censys_to_ct_at | TIMESTAMP | No | |
| ct.izenpe_com_pilot.ct_to_censys_at | TIMESTAMP | No | |
| ct.izenpe_com_pilot.index | INTEGER | No | |
| ct.izenpe_com_pilot.sct | STRING | No | |
| ct.izenpe_eus_ct | SubRecord | No | |
| ct.izenpe_eus_ct.added_to_ct_at | TIMESTAMP | No | |
| ct.izenpe_eus_ct.censys_to_ct_at | TIMESTAMP | No | |
| ct.izenpe_eus_ct.ct_to_censys_at | TIMESTAMP | No | |
| ct.izenpe_eus_ct.index | INTEGER | No | |
| ct.izenpe_eus_ct.sct | STRING | No | |
| ct.letsencrypt_ct_birch | SubRecord | No | |
| ct.letsencrypt_ct_birch.added_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_birch.censys_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_birch.ct_to_censys_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_birch.index | INTEGER | No | |
| ct.letsencrypt_ct_birch.sct | STRING | No | |
| ct.letsencrypt_ct_clicky | SubRecord | No | |
| ct.letsencrypt_ct_clicky.added_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_clicky.censys_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_clicky.ct_to_censys_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_clicky.index | INTEGER | No | |
| ct.letsencrypt_ct_clicky.sct | STRING | No | |
| ct.letsencrypt_ct_faux | SubRecord | No | |
| ct.letsencrypt_ct_faux.added_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_faux.censys_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_faux.ct_to_censys_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_faux.index | INTEGER | No | |
| ct.letsencrypt_ct_faux.sct | STRING | No | |
| ct.letsencrypt_ct_oak | SubRecord | No | |
| ct.letsencrypt_ct_oak.added_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak.censys_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak.ct_to_censys_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak.index | INTEGER | No | |
| ct.letsencrypt_ct_oak.sct | STRING | No | |
| ct.letsencrypt_ct_oak_2019 | SubRecord | No | |
| ct.letsencrypt_ct_oak_2019.added_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2019.censys_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2019.ct_to_censys_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2019.index | INTEGER | No | |
| ct.letsencrypt_ct_oak_2019.sct | STRING | No | |
| ct.letsencrypt_ct_oak_2020 | SubRecord | No | |
| ct.letsencrypt_ct_oak_2020.added_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2020.censys_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2020.ct_to_censys_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2020.index | INTEGER | No | |
| ct.letsencrypt_ct_oak_2020.sct | STRING | No | |
| ct.letsencrypt_ct_oak_2021 | SubRecord | No | |
| ct.letsencrypt_ct_oak_2021.added_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2021.censys_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2021.ct_to_censys_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2021.index | INTEGER | No | |
| ct.letsencrypt_ct_oak_2021.sct | STRING | No | |
| ct.letsencrypt_ct_oak_2022 | SubRecord | No | |
| ct.letsencrypt_ct_oak_2022.added_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2022.censys_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2022.ct_to_censys_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2022.index | INTEGER | No | |
| ct.letsencrypt_ct_oak_2022.sct | STRING | No | |
| ct.letsencrypt_ct_oak_2023 | SubRecord | No | |
| ct.letsencrypt_ct_oak_2023.added_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2023.censys_to_ct_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2023.ct_to_censys_at | TIMESTAMP | No | |
| ct.letsencrypt_ct_oak_2023.index | INTEGER | No | |
| ct.letsencrypt_ct_oak_2023.sct | STRING | No | |
| ct.nordu_ct_flimsy | SubRecord | No | |
| ct.nordu_ct_flimsy.added_to_ct_at | TIMESTAMP | No | |
| ct.nordu_ct_flimsy.censys_to_ct_at | TIMESTAMP | No | |
| ct.nordu_ct_flimsy.ct_to_censys_at | TIMESTAMP | No | |
| ct.nordu_ct_flimsy.index | INTEGER | No | |
| ct.nordu_ct_flimsy.sct | STRING | No | |
| ct.nordu_ct_plausible | SubRecord | No | |
| ct.nordu_ct_plausible.added_to_ct_at | TIMESTAMP | No | |
| ct.nordu_ct_plausible.censys_to_ct_at | TIMESTAMP | No | |
| ct.nordu_ct_plausible.ct_to_censys_at | TIMESTAMP | No | |
| ct.nordu_ct_plausible.index | INTEGER | No | |
| ct.nordu_ct_plausible.sct | STRING | No | |
| ct.sheca_ct | SubRecord | No | |
| ct.sheca_ct.added_to_ct_at | TIMESTAMP | No | |
| ct.sheca_ct.censys_to_ct_at | TIMESTAMP | No | |
| ct.sheca_ct.ct_to_censys_at | TIMESTAMP | No | |
| ct.sheca_ct.index | INTEGER | No | |
| ct.sheca_ct.sct | STRING | No | |
| ct.sheca_ctlog | SubRecord | No | |
| ct.sheca_ctlog.added_to_ct_at | TIMESTAMP | No | |
| ct.sheca_ctlog.censys_to_ct_at | TIMESTAMP | No | |
| ct.sheca_ctlog.ct_to_censys_at | TIMESTAMP | No | |
| ct.sheca_ctlog.index | INTEGER | No | |
| ct.sheca_ctlog.sct | STRING | No | |
| ct.startssl_ct | SubRecord | No | |
| ct.startssl_ct.added_to_ct_at | TIMESTAMP | No | |
| ct.startssl_ct.censys_to_ct_at | TIMESTAMP | No | |
| ct.startssl_ct.ct_to_censys_at | TIMESTAMP | No | |
| ct.startssl_ct.index | INTEGER | No | |
| ct.startssl_ct.sct | STRING | No | |
| ct.symantec_ws_ct | SubRecord | No | |
| ct.symantec_ws_ct.added_to_ct_at | TIMESTAMP | No | |
| ct.symantec_ws_ct.censys_to_ct_at | TIMESTAMP | No | |
| ct.symantec_ws_ct.ct_to_censys_at | TIMESTAMP | No | |
| ct.symantec_ws_ct.index | INTEGER | No | |
| ct.symantec_ws_ct.sct | STRING | No | |
| ct.symantec_ws_deneb | SubRecord | No | |
| ct.symantec_ws_deneb.added_to_ct_at | TIMESTAMP | No | |
| ct.symantec_ws_deneb.censys_to_ct_at | TIMESTAMP | No | |
| ct.symantec_ws_deneb.ct_to_censys_at | TIMESTAMP | No | |
| ct.symantec_ws_deneb.index | INTEGER | No | |
| ct.symantec_ws_deneb.sct | STRING | No | |
| ct.symantec_ws_sirius | SubRecord | No | |
| ct.symantec_ws_sirius.added_to_ct_at | TIMESTAMP | No | |
| ct.symantec_ws_sirius.censys_to_ct_at | TIMESTAMP | No | |
| ct.symantec_ws_sirius.ct_to_censys_at | TIMESTAMP | No | |
| ct.symantec_ws_sirius.index | INTEGER | No | |
| ct.symantec_ws_sirius.sct | STRING | No | |
| ct.symantec_ws_vega | SubRecord | No | |
| ct.symantec_ws_vega.added_to_ct_at | TIMESTAMP | No | |
| ct.symantec_ws_vega.censys_to_ct_at | TIMESTAMP | No | |
| ct.symantec_ws_vega.ct_to_censys_at | TIMESTAMP | No | |
| ct.symantec_ws_vega.index | INTEGER | No | |
| ct.symantec_ws_vega.sct | STRING | No | |
| ct.venafi_api_ctlog | SubRecord | No | |
| ct.venafi_api_ctlog.added_to_ct_at | TIMESTAMP | No | |
| ct.venafi_api_ctlog.censys_to_ct_at | TIMESTAMP | No | |
| ct.venafi_api_ctlog.ct_to_censys_at | TIMESTAMP | No | |
| ct.venafi_api_ctlog.index | INTEGER | No | |
| ct.venafi_api_ctlog.sct | STRING | No | |
| ct.venafi_api_ctlog_gen2 | SubRecord | No | |
| ct.venafi_api_ctlog_gen2.added_to_ct_at | TIMESTAMP | No | |
| ct.venafi_api_ctlog_gen2.censys_to_ct_at | TIMESTAMP | No | |
| ct.venafi_api_ctlog_gen2.ct_to_censys_at | TIMESTAMP | No | |
| ct.venafi_api_ctlog_gen2.index | INTEGER | No | |
| ct.venafi_api_ctlog_gen2.sct | STRING | No | |
| ct.wosign_ct | SubRecord | No | |
| ct.wosign_ct.added_to_ct_at | TIMESTAMP | No | |
| ct.wosign_ct.censys_to_ct_at | TIMESTAMP | No | |
| ct.wosign_ct.ct_to_censys_at | TIMESTAMP | No | |
| ct.wosign_ct.index | INTEGER | No | |
| ct.wosign_ct.sct | STRING | No | |
| ct.wosign_ctlog | SubRecord | No | |
| ct.wosign_ctlog.added_to_ct_at | TIMESTAMP | No | |
| ct.wosign_ctlog.censys_to_ct_at | TIMESTAMP | No | |
| ct.wosign_ctlog.ct_to_censys_at | TIMESTAMP | No | |
| ct.wosign_ctlog.index | INTEGER | No | |
| ct.wosign_ctlog.sct | STRING | No | |
| ct.wosign_ctlog2 | SubRecord | No | |
| ct.wosign_ctlog2.added_to_ct_at | TIMESTAMP | No | |
| ct.wosign_ctlog2.censys_to_ct_at | TIMESTAMP | No | |
| ct.wosign_ctlog2.ct_to_censys_at | TIMESTAMP | No | |
| ct.wosign_ctlog2.index | INTEGER | No | |
| ct.wosign_ctlog2.sct | STRING | No | |
| ct.wosign_ctlog3 | SubRecord | No | |
| ct.wosign_ctlog3.added_to_ct_at | TIMESTAMP | No | |
| ct.wosign_ctlog3.censys_to_ct_at | TIMESTAMP | No | |
| ct.wosign_ctlog3.ct_to_censys_at | TIMESTAMP | No | |
| ct.wosign_ctlog3.index | INTEGER | No | |
| ct.wosign_ctlog3.sct | STRING | No | |
| ct.wotrus_ctlog | SubRecord | No | |
| ct.wotrus_ctlog.added_to_ct_at | TIMESTAMP | No | |
| ct.wotrus_ctlog.censys_to_ct_at | TIMESTAMP | No | |
| ct.wotrus_ctlog.ct_to_censys_at | TIMESTAMP | No | |
| ct.wotrus_ctlog.index | INTEGER | No | |
| ct.wotrus_ctlog.sct | STRING | No | |
| ct.wotrus_ctlog3 | SubRecord | No | |
| ct.wotrus_ctlog3.added_to_ct_at | TIMESTAMP | No | |
| ct.wotrus_ctlog3.censys_to_ct_at | TIMESTAMP | No | |
| ct.wotrus_ctlog3.ct_to_censys_at | TIMESTAMP | No | |
| ct.wotrus_ctlog3.index | INTEGER | No | |
| ct.wotrus_ctlog3.sct | STRING | No | |
| fingerprint_sha256 | STRING | No | |
| metadata | SubRecord | No | |
| metadata.added_at | TIMESTAMP | No | |
| metadata.parse_error | STRING | No | |
| metadata.parse_status | STRING | No | |
| metadata.parse_version | INTEGER | No | |
| metadata.post_processed | BOOLEAN | No | |
| metadata.post_processed_at | TIMESTAMP | No | |
| metadata.seen_in_scan | BOOLEAN | No | |
| metadata.source | STRING | No | |
| metadata.updated_at | TIMESTAMP | No | |
| parent_spki_subject_fingerprint | STRING | No | |
| parents | STRING | Yes | |
| parsed | SubRecord | No | |
| parsed.extensions | SubRecord | No | |
| parsed.extensions.authority_info_access | SubRecord | No | The parsed id-pe-authorityInfoAccess extension (1.3.6.1.5.7.1.1). Only id-ad-caIssuers and id-ad-ocsp accessMethods are supported; others are omitted. |
| parsed.extensions.authority_info_access.issuer_urls | STRING | Yes | URLs of accessLocations with accessMethod of id-ad-caIssuers, pointing to locations where this certificate's issuers can be downloaded. Only uniformResourceIdentifier accessLocations are supported; others are omitted. |
| parsed.extensions.authority_info_access.ocsp_urls | STRING | Yes | URLs of accessLocations with accessMethod of id-ad-ocsp, pointing to OCSP servers that can be used to check this certificate's revocation status. Only uniformResourceIdentifier accessLocations are supported; others are omitted. |
| parsed.extensions.authority_key_id | STRING | No | A key identifier, usually a digest of the DER encoding of a SubjectPublicKeyInfo. This is the hex encoding of the OCTET STRING value. |
| parsed.extensions.basic_constraints | SubRecord | No | The parsed id-ce-basicConstraints extension (2.5.29.19); see RFC 5280. |
| parsed.extensions.basic_constraints.is_ca | BOOLEAN | No | Indicates that the certificate is permitted to sign other certificates. |
| parsed.extensions.basic_constraints.max_path_len | INTEGER | No | When present, gives the maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certification path. |
| parsed.extensions.cabf_organization_id | SubRecordType | No | The CA/BF organization ID extensions (2.23.140.3.1) |
| parsed.extensions.cabf_organization_id.country | STRING | No | |
| parsed.extensions.cabf_organization_id.reference | STRING | No | |
| parsed.extensions.cabf_organization_id.scheme | STRING | No | |
| parsed.extensions.cabf_organization_id.state | STRING | No | |
| parsed.extensions.certificate_policies | SubRecordType | Yes | The parsed id-ce-certificatePolicies extension (2.5.29.32). |
| parsed.extensions.certificate_policies.cps | STRING | Yes | List of URIs to the policies |
| parsed.extensions.certificate_policies.id | STRING | No | The OBJECT IDENTIFIER identifying the policy. |
| parsed.extensions.certificate_policies.user_notice | SubRecordType | Yes | List of textual notices to display relying parties. |
| parsed.extensions.certificate_policies.user_notice.explicit_text | STRING | No | Textual statement with a maximum size of 200 characters. Should be a UTF8String or IA5String. |
| parsed.extensions.certificate_policies.user_notice.notice_reference | SubRecordType | Yes | Names an organization and identifies, by number, a particular textual statement prepared by that organization. |
| parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers | INTEGER | Yes | The numeric identifier(s) of the notice. |
| parsed.extensions.certificate_policies.user_notice.notice_reference.organization | STRING | No | The organization that prepared the notice. |
| parsed.extensions.crl_distribution_points | STRING | Yes | The parsed id-ce-cRLDistributionPoints extension (2.5.29.31). Contents are a list of distributionPoint URLs (other distributionPoint types are omitted). |
| parsed.extensions.ct_poison | BOOLEAN | No | This is true if the certificate possesses the Certificate Transparency Precertificate Poison extension (1.3.6.1.4.1.11129.2.4.3). |
| parsed.extensions.extended_key_usage | SubRecordType | No | The parsed id-ce-extKeyUsage (2.5.29.37) extension. |
| parsed.extensions.extended_key_usage.any | BOOLEAN | No | Extension has extended key usage ANY (OBJECT IDENTIFIER = 2.5.29.37.0) |
| parsed.extensions.extended_key_usage.apple_code_signing | BOOLEAN | No | Extension has extended key usage APPLE_CODE_SIGNING (OBJECT IDENTIFIER = 1.2.840.113635.100.4.1) |
| parsed.extensions.extended_key_usage.apple_code_signing_development | BOOLEAN | No | Extension has extended key usage APPLE_CODE_SIGNING_DEVELOPMENT (OBJECT IDENTIFIER = 1.2.840.113635.100.4.1.1) |
| parsed.extensions.extended_key_usage.apple_code_signing_third_party | BOOLEAN | No | Extension has extended key usage APPLE_CODE_SIGNING_THIRD_PARTY (OBJECT IDENTIFIER = 1.2.840.113635.100.4.1.3) |
| parsed.extensions.extended_key_usage.apple_crypto_development_env | BOOLEAN | No | Extension has extended key usage APPLE_CRYPTO_DEVELOPMENT_ENV (OBJECT IDENTIFIER = 1.2.840.113635.100.4.5.4) |
| parsed.extensions.extended_key_usage.apple_crypto_env | BOOLEAN | No | Extension has extended key usage APPLE_CRYPTO_ENV (OBJECT IDENTIFIER = 1.2.840.113635.100.4.5) |
| parsed.extensions.extended_key_usage.apple_crypto_maintenance_env | BOOLEAN | No | Extension has extended key usage APPLE_CRYPTO_MAINTENANCE_ENV (OBJECT IDENTIFIER = 1.2.840.113635.100.4.5.2) |
| parsed.extensions.extended_key_usage.apple_crypto_production_env | BOOLEAN | No | Extension has extended key usage APPLE_CRYPTO_PRODUCTION_ENV (OBJECT IDENTIFIER = 1.2.840.113635.100.4.5.1) |
| parsed.extensions.extended_key_usage.apple_crypto_qos | BOOLEAN | No | Extension has extended key usage APPLE_CRYPTO_QOS (OBJECT IDENTIFIER = 1.2.840.113635.100.4.6) |
| parsed.extensions.extended_key_usage.apple_crypto_test_env | BOOLEAN | No | Extension has extended key usage APPLE_CRYPTO_TEST_ENV (OBJECT IDENTIFIER = 1.2.840.113635.100.4.5.3) |
| parsed.extensions.extended_key_usage.apple_crypto_tier0_qos | BOOLEAN | No | Extension has extended key usage APPLE_CRYPTO_TIER0_QOS (OBJECT IDENTIFIER = 1.2.840.113635.100.4.6.1) |
| parsed.extensions.extended_key_usage.apple_crypto_tier1_qos | BOOLEAN | No | Extension has extended key usage APPLE_CRYPTO_TIER1_QOS (OBJECT IDENTIFIER = 1.2.840.113635.100.4.6.2) |
| parsed.extensions.extended_key_usage.apple_crypto_tier2_qos | BOOLEAN | No | Extension has extended key usage APPLE_CRYPTO_TIER2_QOS (OBJECT IDENTIFIER = 1.2.840.113635.100.4.6.3) |
| parsed.extensions.extended_key_usage.apple_crypto_tier3_qos | BOOLEAN | No | Extension has extended key usage APPLE_CRYPTO_TIER3_QOS (OBJECT IDENTIFIER = 1.2.840.113635.100.4.6.4) |
| parsed.extensions.extended_key_usage.apple_ichat_encryption | BOOLEAN | No | Extension has extended key usage APPLE_ICHAT_ENCRYPTION (OBJECT IDENTIFIER = 1.2.840.113635.100.4.3) |
| parsed.extensions.extended_key_usage.apple_ichat_signing | BOOLEAN | No | Extension has extended key usage APPLE_ICHAT_SIGNING (OBJECT IDENTIFIER = 1.2.840.113635.100.4.2) |
| parsed.extensions.extended_key_usage.apple_resource_signing | BOOLEAN | No | Extension has extended key usage APPLE_RESOURCE_SIGNING (OBJECT IDENTIFIER = 1.2.840.113635.100.4.1.4) |
| parsed.extensions.extended_key_usage.apple_software_update_signing | BOOLEAN | No | Extension has extended key usage APPLE_SOFTWARE_UPDATE_SIGNING (OBJECT IDENTIFIER = 1.2.840.113635.100.4.1.2) |
| parsed.extensions.extended_key_usage.apple_system_identity | BOOLEAN | No | Extension has extended key usage APPLE_SYSTEM_IDENTITY (OBJECT IDENTIFIER = 1.2.840.113635.100.4.4) |
| parsed.extensions.extended_key_usage.client_auth | BOOLEAN | No | Extension has extended key usage CLIENT_AUTH (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.2) |
| parsed.extensions.extended_key_usage.code_signing | BOOLEAN | No | Extension has extended key usage CODE_SIGNING (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.3) |
| parsed.extensions.extended_key_usage.dvcs | BOOLEAN | No | Extension has extended key usage DVCS (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.10) |
| parsed.extensions.extended_key_usage.eap_over_lan | BOOLEAN | No | Extension has extended key usage EAP_OVER_LAN (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.14) |
| parsed.extensions.extended_key_usage.eap_over_ppp | BOOLEAN | No | Extension has extended key usage EAP_OVER_PPP (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.13) |
| parsed.extensions.extended_key_usage.email_protection | BOOLEAN | No | Extension has extended key usage EMAIL_PROTECTION (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.4) |
| parsed.extensions.extended_key_usage.ipsec_end_system | BOOLEAN | No | Extension has extended key usage IPSEC_END_SYSTEM (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.5) |
| parsed.extensions.extended_key_usage.ipsec_tunnel | BOOLEAN | No | Extension has extended key usage IPSEC_TUNNEL (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.6) |
| parsed.extensions.extended_key_usage.ipsec_user | BOOLEAN | No | Extension has extended key usage IPSEC_USER (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.7) |
| parsed.extensions.extended_key_usage.microsoft_ca_exchange | BOOLEAN | No | Extension has extended key usage MICROSOFT_CA_EXCHANGE (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.21.5) |
| parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing | BOOLEAN | No | Extension has extended key usage MICROSOFT_CERT_TRUST_LIST_SIGNING (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.1) |
| parsed.extensions.extended_key_usage.microsoft_csp_signature | BOOLEAN | No | Extension has extended key usage MICROSOFT_CSP_SIGNATURE (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.16) |
| parsed.extensions.extended_key_usage.microsoft_document_signing | BOOLEAN | No | Extension has extended key usage MICROSOFT_DOCUMENT_SIGNING (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.12) |
| parsed.extensions.extended_key_usage.microsoft_drm | BOOLEAN | No | Extension has extended key usage MICROSOFT_DRM (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.5.1) |
| parsed.extensions.extended_key_usage.microsoft_drm_individualization | BOOLEAN | No | Extension has extended key usage MICROSOFT_DRM_INDIVIDUALIZATION (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.5.2) |
| parsed.extensions.extended_key_usage.microsoft_efs_recovery | BOOLEAN | No | Extension has extended key usage MICROSOFT_EFS_RECOVERY (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.4.1) |
| parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto | BOOLEAN | No | Extension has extended key usage MICROSOFT_EMBEDDED_NT_CRYPTO (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.8) |
| parsed.extensions.extended_key_usage.microsoft_encrypted_file_system | BOOLEAN | No | Extension has extended key usage MICROSOFT_ENCRYPTED_FILE_SYSTEM (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.4) |
| parsed.extensions.extended_key_usage.microsoft_enrollment_agent | BOOLEAN | No | Extension has extended key usage MICROSOFT_ENROLLMENT_AGENT (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.20.2.1) |
| parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing | BOOLEAN | No | Extension has extended key usage MICROSOFT_KERNEL_MODE_CODE_SIGNING (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.61.1.1) |
| parsed.extensions.extended_key_usage.microsoft_key_recovery_21 | BOOLEAN | No | Extension has extended key usage MICROSOFT_KEY_RECOVERY_21 (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.21.6) |
| parsed.extensions.extended_key_usage.microsoft_key_recovery_3 | BOOLEAN | No | Extension has extended key usage MICROSOFT_KEY_RECOVERY_3 (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.11) |
| parsed.extensions.extended_key_usage.microsoft_license_server | BOOLEAN | No | Extension has extended key usage MICROSOFT_LICENSE_SERVER (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.5.4) |
| parsed.extensions.extended_key_usage.microsoft_licenses | BOOLEAN | No | Extension has extended key usage MICROSOFT_LICENSES (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.5.3) |
| parsed.extensions.extended_key_usage.microsoft_lifetime_signing | BOOLEAN | No | Extension has extended key usage MICROSOFT_LIFETIME_SIGNING (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.13) |
| parsed.extensions.extended_key_usage.microsoft_mobile_device_software | BOOLEAN | No | Extension has extended key usage MICROSOFT_MOBILE_DEVICE_SOFTWARE (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.14) |
| parsed.extensions.extended_key_usage.microsoft_nt5_crypto | BOOLEAN | No | Extension has extended key usage MICROSOFT_NT5_CRYPTO (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.6) |
| parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto | BOOLEAN | No | Extension has extended key usage MICROSOFT_OEM_WHQL_CRYPTO (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.7) |
| parsed.extensions.extended_key_usage.microsoft_qualified_subordinate | BOOLEAN | No | Extension has extended key usage MICROSOFT_QUALIFIED_SUBORDINATE (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.10) |
| parsed.extensions.extended_key_usage.microsoft_root_list_signer | BOOLEAN | No | Extension has extended key usage MICROSOFT_ROOT_LIST_SIGNER (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.9) |
| parsed.extensions.extended_key_usage.microsoft_server_gated_crypto | BOOLEAN | No | Extension has extended key usage MICROSOFT_SERVER_GATED_CRYPTO (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.3) |
| parsed.extensions.extended_key_usage.microsoft_sgc_serialized | BOOLEAN | No | Extension has extended key usage MICROSOFT_SGC_SERIALIZED (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.3.1) |
| parsed.extensions.extended_key_usage.microsoft_smart_display | BOOLEAN | No | Extension has extended key usage MICROSOFT_SMART_DISPLAY (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.15) |
| parsed.extensions.extended_key_usage.microsoft_smartcard_logon | BOOLEAN | No | Extension has extended key usage MICROSOFT_SMARTCARD_LOGON (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.20.2.2) |
| parsed.extensions.extended_key_usage.microsoft_system_health | BOOLEAN | No | Extension has extended key usage MICROSOFT_SYSTEM_HEALTH (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.47.1.1) |
| parsed.extensions.extended_key_usage.microsoft_system_health_loophole | BOOLEAN | No | Extension has extended key usage MICROSOFT_SYSTEM_HEALTH_LOOPHOLE (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.47.1.3) |
| parsed.extensions.extended_key_usage.microsoft_timestamp_signing | BOOLEAN | No | Extension has extended key usage MICROSOFT_TIMESTAMP_SIGNING (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.2) |
| parsed.extensions.extended_key_usage.microsoft_whql_crypto | BOOLEAN | No | Extension has extended key usage MICROSOFT_WHQL_CRYPTO (OBJECT IDENTIFIER = 1.3.6.1.4.1.311.10.3.5) |
| parsed.extensions.extended_key_usage.netscape_server_gated_crypto | BOOLEAN | No | Extension has extended key usage NETSCAPE_SERVER_GATED_CRYPTO (OBJECT IDENTIFIER = 2.16.840.1.113730.4.1) |
| parsed.extensions.extended_key_usage.ocsp_signing | BOOLEAN | No | Extension has extended key usage OCSP_SIGNING (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.9) |
| parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth | BOOLEAN | No | Extension has extended key usage SBGP_CERT_AA_SERVICE_AUTH (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.11) |
| parsed.extensions.extended_key_usage.server_auth | BOOLEAN | No | Extension has extended key usage SERVER_AUTH (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.1) |
| parsed.extensions.extended_key_usage.time_stamping | BOOLEAN | No | Extension has extended key usage TIME_STAMPING (OBJECT IDENTIFIER = 1.3.6.1.5.5.7.3.8) |
| parsed.extensions.extended_key_usage.unknown | STRING | Yes | A list of the raw OBJECT IDENTIFIERs of any EKUs not recognized by the application. |
| parsed.extensions.extended_key_usage.value | INTEGER | Yes | |
| parsed.extensions.issuer_alt_name | SubRecordType | No | The parsed Issuer Alternative Name extension (id-ce-issuerAltName, 2.5.29.18). |
| parsed.extensions.issuer_alt_name.directory_names | SubRecordType | Yes | Parsed directoryName entries in the GeneralName (CHOICE tag 4). |
| parsed.extensions.issuer_alt_name.directory_names.common_name | STRING | Yes | commonName (CN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.3) |
| parsed.extensions.issuer_alt_name.directory_names.country | STRING | Yes | countryName (C) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.6) |
| parsed.extensions.issuer_alt_name.directory_names.domain_component | STRING | Yes | domainComponent (DC) elements of the distinguished name (OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25) |
| parsed.extensions.issuer_alt_name.directory_names.email_address | STRING | Yes | emailAddress (E) elements of the distinguished name (OBJECT IDENTIFIER 1.2.840.113549.1.9.1) |
| parsed.extensions.issuer_alt_name.directory_names.given_name | STRING | Yes | givenName (G) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.42) |
| parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country | STRING | Yes | jurisdictionCountry elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3) |
| parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality | STRING | Yes | jurisdictionLocality elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.1) |
| parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province | STRING | Yes | jurisdictionStateOrProvice elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2) |
| parsed.extensions.issuer_alt_name.directory_names.locality | STRING | Yes | localityName (L) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.7) |
| parsed.extensions.issuer_alt_name.directory_names.organization | STRING | Yes | organizationName (O) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.10) |
| parsed.extensions.issuer_alt_name.directory_names.organization_id | STRING | Yes | organizationId elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.97) |
| parsed.extensions.issuer_alt_name.directory_names.organizational_unit | STRING | Yes | organizationalUnit (OU) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.11) |
| parsed.extensions.issuer_alt_name.directory_names.postal_code | STRING | Yes | postalCode elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.17) |
| parsed.extensions.issuer_alt_name.directory_names.province | STRING | Yes | stateOrProviceName (ST) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.8) |
| parsed.extensions.issuer_alt_name.directory_names.serial_number | STRING | Yes | serialNumber elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.5) |
| parsed.extensions.issuer_alt_name.directory_names.street_address | STRING | Yes | streetAddress (STREET) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.9) |
| parsed.extensions.issuer_alt_name.directory_names.surname | STRING | Yes | surname (SN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.4) |
| parsed.extensions.issuer_alt_name.dns_names | STRING | Yes | dNSName entries in the GeneralName (IA5String, CHOICE tag 2). |
| parsed.extensions.issuer_alt_name.edi_party_names | SubRecordType | Yes | Parsed eDIPartyName entries in the GeneralName (CHOICE tag 5) |
| parsed.extensions.issuer_alt_name.edi_party_names.name_assigner | STRING | No | The nameAssigner (a DirectoryString) |
| parsed.extensions.issuer_alt_name.edi_party_names.party_name | STRING | No | The partyName (a DirectoryString) |
| parsed.extensions.issuer_alt_name.email_addresses | STRING | Yes | rfc822Name entries in the GeneralName (IA5String, CHOICE tag 1). |
| parsed.extensions.issuer_alt_name.ip_addresses | STRING | Yes | iPAddress entries in the GeneralName (CHOICE tag 7). |
| parsed.extensions.issuer_alt_name.other_names | SubRecordType | Yes | otherName entries in the GeneralName (CHOICE tag 0). An arbitrary binary value identified by an OBJECT IDENTIFIER. |
| parsed.extensions.issuer_alt_name.other_names.id | STRING | No | The OBJECT IDENTIFIER identifying the syntax of the otherName value. |
| parsed.extensions.issuer_alt_name.other_names.value | STRING | No | The raw otherName value. |
| parsed.extensions.issuer_alt_name.registered_ids | STRING | Yes | registeredID entries in the GeneralName (OBJECT IDENTIFIER, CHOICE tag 8). Stored in dotted-decimal format. |
| parsed.extensions.issuer_alt_name.uniform_resource_identifiers | STRING | Yes | uniformResourceIdentifier entries in the GeneralName (CHOICE tag 6). |
| parsed.extensions.key_usage | SubRecord | No | The parsed id-ce-keyUsage extension (2.5.29.15); see RFC 5280. |
| parsed.extensions.key_usage.certificate_sign | BOOLEAN | No | Indicates if the keyCertSign bit(5) is set. |
| parsed.extensions.key_usage.content_commitment | BOOLEAN | No | Indicates if the contentCommitment bit(1) (formerly called nonRepudiation) is set. |
| parsed.extensions.key_usage.crl_sign | BOOLEAN | No | Indicates if the cRLSign bit(6) is set. |
| parsed.extensions.key_usage.data_encipherment | BOOLEAN | No | Indicates if the dataEncipherment bit(3) is set. |
| parsed.extensions.key_usage.decipher_only | BOOLEAN | No | Indicates if the encipherOnly bit(7) is set. |
| parsed.extensions.key_usage.digital_signature | BOOLEAN | No | Indicates if the digitalSignature bit(0) is set. |
| parsed.extensions.key_usage.encipher_only | BOOLEAN | No | Indicates if the decipherOnly bit(8) is set. |
| parsed.extensions.key_usage.key_agreement | BOOLEAN | No | Indicates if the keyAgreement bit(4) is set. |
| parsed.extensions.key_usage.key_encipherment | BOOLEAN | No | Indicates if the keyEncipherment bit(2) is set. |
| parsed.extensions.key_usage.value | INTEGER | No | Integer value of the bitmask in the extension |
| parsed.extensions.name_constraints | SubRecord | No | The parsed id-ce-nameConstraints extension (2.5.29.30). Specifies a name space within which all child certificates' subject names MUST be located. |
| parsed.extensions.name_constraints.critical | BOOLEAN | No | If set, clients unable to understand this extension must reject this certificate. |
| parsed.extensions.name_constraints.excluded_directory_names | SubRecordType | Yes | Excluded names of type directoryName. |
| parsed.extensions.name_constraints.excluded_directory_names.common_name | STRING | Yes | commonName (CN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.3) |
| parsed.extensions.name_constraints.excluded_directory_names.country | STRING | Yes | countryName (C) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.6) |
| parsed.extensions.name_constraints.excluded_directory_names.domain_component | STRING | Yes | domainComponent (DC) elements of the distinguished name (OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25) |
| parsed.extensions.name_constraints.excluded_directory_names.email_address | STRING | Yes | emailAddress (E) elements of the distinguished name (OBJECT IDENTIFIER 1.2.840.113549.1.9.1) |
| parsed.extensions.name_constraints.excluded_directory_names.given_name | STRING | Yes | givenName (G) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.42) |
| parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country | STRING | Yes | jurisdictionCountry elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3) |
| parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality | STRING | Yes | jurisdictionLocality elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.1) |
| parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province | STRING | Yes | jurisdictionStateOrProvice elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2) |
| parsed.extensions.name_constraints.excluded_directory_names.locality | STRING | Yes | localityName (L) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.7) |
| parsed.extensions.name_constraints.excluded_directory_names.organization | STRING | Yes | organizationName (O) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.10) |
| parsed.extensions.name_constraints.excluded_directory_names.organization_id | STRING | Yes | organizationId elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.97) |
| parsed.extensions.name_constraints.excluded_directory_names.organizational_unit | STRING | Yes | organizationalUnit (OU) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.11) |
| parsed.extensions.name_constraints.excluded_directory_names.postal_code | STRING | Yes | postalCode elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.17) |
| parsed.extensions.name_constraints.excluded_directory_names.province | STRING | Yes | stateOrProviceName (ST) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.8) |
| parsed.extensions.name_constraints.excluded_directory_names.serial_number | STRING | Yes | serialNumber elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.5) |
| parsed.extensions.name_constraints.excluded_directory_names.street_address | STRING | Yes | streetAddress (STREET) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.9) |
| parsed.extensions.name_constraints.excluded_directory_names.surname | STRING | Yes | surname (SN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.4) |
| parsed.extensions.name_constraints.excluded_edi_party_names | SubRecordType | Yes | Excluded names of type ediPartyName. |
| parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner | STRING | No | The nameAssigner (a DirectoryString) |
| parsed.extensions.name_constraints.excluded_edi_party_names.party_name | STRING | No | The partyName (a DirectoryString) |
| parsed.extensions.name_constraints.excluded_email_addresses | STRING | Yes | Excluded names of type rfc822Name. |
| parsed.extensions.name_constraints.excluded_names | STRING | Yes | Excluded names of type dNSName. |
| parsed.extensions.name_constraints.excluded_registered_ids | STRING | Yes | Excluded names of type registeredID. |
| parsed.extensions.name_constraints.permitted_directory_names | SubRecordType | Yes | Permitted names of type directoryName. |
| parsed.extensions.name_constraints.permitted_directory_names.common_name | STRING | Yes | commonName (CN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.3) |
| parsed.extensions.name_constraints.permitted_directory_names.country | STRING | Yes | countryName (C) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.6) |
| parsed.extensions.name_constraints.permitted_directory_names.domain_component | STRING | Yes | domainComponent (DC) elements of the distinguished name (OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25) |
| parsed.extensions.name_constraints.permitted_directory_names.email_address | STRING | Yes | emailAddress (E) elements of the distinguished name (OBJECT IDENTIFIER 1.2.840.113549.1.9.1) |
| parsed.extensions.name_constraints.permitted_directory_names.given_name | STRING | Yes | givenName (G) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.42) |
| parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country | STRING | Yes | jurisdictionCountry elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3) |
| parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality | STRING | Yes | jurisdictionLocality elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.1) |
| parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province | STRING | Yes | jurisdictionStateOrProvice elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2) |
| parsed.extensions.name_constraints.permitted_directory_names.locality | STRING | Yes | localityName (L) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.7) |
| parsed.extensions.name_constraints.permitted_directory_names.organization | STRING | Yes | organizationName (O) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.10) |
| parsed.extensions.name_constraints.permitted_directory_names.organization_id | STRING | Yes | organizationId elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.97) |
| parsed.extensions.name_constraints.permitted_directory_names.organizational_unit | STRING | Yes | organizationalUnit (OU) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.11) |
| parsed.extensions.name_constraints.permitted_directory_names.postal_code | STRING | Yes | postalCode elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.17) |
| parsed.extensions.name_constraints.permitted_directory_names.province | STRING | Yes | stateOrProviceName (ST) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.8) |
| parsed.extensions.name_constraints.permitted_directory_names.serial_number | STRING | Yes | serialNumber elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.5) |
| parsed.extensions.name_constraints.permitted_directory_names.street_address | STRING | Yes | streetAddress (STREET) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.9) |
| parsed.extensions.name_constraints.permitted_directory_names.surname | STRING | Yes | surname (SN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.4) |
| parsed.extensions.name_constraints.permitted_edi_party_names | SubRecordType | Yes | Permitted names of type ediPartyName |
| parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner | STRING | No | The nameAssigner (a DirectoryString) |
| parsed.extensions.name_constraints.permitted_edi_party_names.party_name | STRING | No | The partyName (a DirectoryString) |
| parsed.extensions.name_constraints.permitted_email_addresses | STRING | Yes | Permitted names of type rfc822Name. |
| parsed.extensions.name_constraints.permitted_names | STRING | Yes | Permitted names of type dNSName. |
| parsed.extensions.name_constraints.permitted_registered_ids | STRING | Yes | Permitted names of type registeredID. |
| parsed.extensions.qc_statements | SubRecordType | No | IDs and parsed statements for qualified certificates (1.3.6.1.5.5.7.1.3) |
| parsed.extensions.qc_statements.ids | STRING | Yes | All included statement OIDs |
| parsed.extensions.qc_statements.parsed | SubRecord | No | Contains known QCStatements. Each field is repeated to handle the case where a single statement appears more than once. |
| parsed.extensions.qc_statements.parsed.etsi_compliance | BOOLEAN | Yes | True if present (Statement ID 0.4.0.1862.1.1) |
| parsed.extensions.qc_statements.parsed.legislation | SubRecordType | Yes | Statement ID 0.4.0.1862.1.7 |
| parsed.extensions.qc_statements.parsed.legislation.country_codes | STRING | Yes | Country codes for the set of countries where this certificate issued as a qualified certificate |
| parsed.extensions.qc_statements.parsed.limit | SubRecordType | Yes | Statement ID 0.4.0.1862.1.2 |
| parsed.extensions.qc_statements.parsed.limit.amount | INTEGER | No | Value in currency |
| parsed.extensions.qc_statements.parsed.limit.currency | STRING | No | Currency, if provided as a string |
| parsed.extensions.qc_statements.parsed.limit.currency_number | INTEGER | No | Currency, if provided as an integer |
| parsed.extensions.qc_statements.parsed.limit.exponent | INTEGER | No | Total is amount times 10 raised to the exponent |
| parsed.extensions.qc_statements.parsed.pds_locations | SubRecordType | Yes | Statement ID 0.4.0.1862.1.5 |
| parsed.extensions.qc_statements.parsed.pds_locations.locations | SubRecordType | Yes | Included PDS locations |
| parsed.extensions.qc_statements.parsed.pds_locations.locations.language | STRING | No | Locale code |
| parsed.extensions.qc_statements.parsed.pds_locations.locations.url | STRING | No | Location of the PDS |
| parsed.extensions.qc_statements.parsed.retention_period | INTEGER | Yes | Statement ID 0.4.0.1862.1.3 |
| parsed.extensions.qc_statements.parsed.sscd | BOOLEAN | Yes | True if present (Statement ID 0.4.0.1862.1.4 |
| parsed.extensions.qc_statements.parsed.types | SubRecordType | Yes | Statement ID 0.4.0.1862.1.6 |
| parsed.extensions.qc_statements.parsed.types.ids | STRING | Yes | Included QC type OIDs |
| parsed.extensions.signed_certificate_timestamps | SubRecordType | Yes | The parsed Certificate Transparency SignedCertificateTimestampsList extension (1.3.6.1.4.1.11129.2.4.2); see RFC 6962. |
| parsed.extensions.signed_certificate_timestamps.extensions | STRING | No | For future extensions to the protocol. |
| parsed.extensions.signed_certificate_timestamps.log_id | STRING | No | The SHA-256 hash of the log's public key, calculated over the DER encoding of the key's SubjectPublicKeyInfo. |
| parsed.extensions.signed_certificate_timestamps.signature | STRING | No | The log's signature for this SCT. |
| parsed.extensions.signed_certificate_timestamps.timestamp | TIMESTAMP | No | Time at which the SCT was issued (in seconds since the Unix epoch). |
| parsed.extensions.signed_certificate_timestamps.version | INTEGER | No | Version of the protocol to which the SCT conforms. |
| parsed.extensions.subject_alt_name | SubRecordType | No | The parsed Subject Alternative Name extension (id-ce-subjectAltName, 2.5.29.17). |
| parsed.extensions.subject_alt_name.directory_names | SubRecordType | Yes | Parsed directoryName entries in the GeneralName (CHOICE tag 4). |
| parsed.extensions.subject_alt_name.directory_names.common_name | STRING | Yes | commonName (CN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.3) |
| parsed.extensions.subject_alt_name.directory_names.country | STRING | Yes | countryName (C) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.6) |
| parsed.extensions.subject_alt_name.directory_names.domain_component | STRING | Yes | domainComponent (DC) elements of the distinguished name (OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25) |
| parsed.extensions.subject_alt_name.directory_names.email_address | STRING | Yes | emailAddress (E) elements of the distinguished name (OBJECT IDENTIFIER 1.2.840.113549.1.9.1) |
| parsed.extensions.subject_alt_name.directory_names.given_name | STRING | Yes | givenName (G) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.42) |
| parsed.extensions.subject_alt_name.directory_names.jurisdiction_country | STRING | Yes | jurisdictionCountry elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3) |
| parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality | STRING | Yes | jurisdictionLocality elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.1) |
| parsed.extensions.subject_alt_name.directory_names.jurisdiction_province | STRING | Yes | jurisdictionStateOrProvice elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2) |
| parsed.extensions.subject_alt_name.directory_names.locality | STRING | Yes | localityName (L) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.7) |
| parsed.extensions.subject_alt_name.directory_names.organization | STRING | Yes | organizationName (O) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.10) |
| parsed.extensions.subject_alt_name.directory_names.organization_id | STRING | Yes | organizationId elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.97) |
| parsed.extensions.subject_alt_name.directory_names.organizational_unit | STRING | Yes | organizationalUnit (OU) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.11) |
| parsed.extensions.subject_alt_name.directory_names.postal_code | STRING | Yes | postalCode elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.17) |
| parsed.extensions.subject_alt_name.directory_names.province | STRING | Yes | stateOrProviceName (ST) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.8) |
| parsed.extensions.subject_alt_name.directory_names.serial_number | STRING | Yes | serialNumber elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.5) |
| parsed.extensions.subject_alt_name.directory_names.street_address | STRING | Yes | streetAddress (STREET) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.9) |
| parsed.extensions.subject_alt_name.directory_names.surname | STRING | Yes | surname (SN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.4) |
| parsed.extensions.subject_alt_name.dns_names | STRING | Yes | dNSName entries in the GeneralName (IA5String, CHOICE tag 2). |
| parsed.extensions.subject_alt_name.edi_party_names | SubRecordType | Yes | Parsed eDIPartyName entries in the GeneralName (CHOICE tag 5) |
| parsed.extensions.subject_alt_name.edi_party_names.name_assigner | STRING | No | The nameAssigner (a DirectoryString) |
| parsed.extensions.subject_alt_name.edi_party_names.party_name | STRING | No | The partyName (a DirectoryString) |
| parsed.extensions.subject_alt_name.email_addresses | STRING | Yes | rfc822Name entries in the GeneralName (IA5String, CHOICE tag 1). |
| parsed.extensions.subject_alt_name.ip_addresses | STRING | Yes | iPAddress entries in the GeneralName (CHOICE tag 7). |
| parsed.extensions.subject_alt_name.other_names | SubRecordType | Yes | otherName entries in the GeneralName (CHOICE tag 0). An arbitrary binary value identified by an OBJECT IDENTIFIER. |
| parsed.extensions.subject_alt_name.other_names.id | STRING | No | The OBJECT IDENTIFIER identifying the syntax of the otherName value. |
| parsed.extensions.subject_alt_name.other_names.value | STRING | No | The raw otherName value. |
| parsed.extensions.subject_alt_name.registered_ids | STRING | Yes | registeredID entries in the GeneralName (OBJECT IDENTIFIER, CHOICE tag 8). Stored in dotted-decimal format. |
| parsed.extensions.subject_alt_name.uniform_resource_identifiers | STRING | Yes | uniformResourceIdentifier entries in the GeneralName (CHOICE tag 6). |
| parsed.extensions.subject_key_id | STRING | No | A key identifier, usually a digest of the DER encoding of a SubjectPublicKeyInfo. This is the hex encoding of the OCTET STRING value. |
| parsed.fingerprint_md5 | STRING | No | The MD5 digest over the DER encoding of the certificate, as a hexadecimal string. |
| parsed.fingerprint_sha1 | STRING | No | The SHA1 digest over the DER encoding of the certificate, as a hexadecimal string. |
| parsed.fingerprint_sha256 | STRING | No | The SHA2-256 digest over the DER encoding of the certificate, as a hexadecimal string. |
| parsed.issuer | SubRecordType | No | The parsed issuer name. |
| parsed.issuer.common_name | STRING | Yes | commonName (CN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.3) |
| parsed.issuer.country | STRING | Yes | countryName (C) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.6) |
| parsed.issuer.domain_component | STRING | Yes | domainComponent (DC) elements of the distinguished name (OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25) |
| parsed.issuer.email_address | STRING | Yes | emailAddress (E) elements of the distinguished name (OBJECT IDENTIFIER 1.2.840.113549.1.9.1) |
| parsed.issuer.given_name | STRING | Yes | givenName (G) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.42) |
| parsed.issuer.jurisdiction_country | STRING | Yes | jurisdictionCountry elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3) |
| parsed.issuer.jurisdiction_locality | STRING | Yes | jurisdictionLocality elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.1) |
| parsed.issuer.jurisdiction_province | STRING | Yes | jurisdictionStateOrProvice elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2) |
| parsed.issuer.locality | STRING | Yes | localityName (L) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.7) |
| parsed.issuer.organization | STRING | Yes | organizationName (O) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.10) |
| parsed.issuer.organization_id | STRING | Yes | organizationId elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.97) |
| parsed.issuer.organizational_unit | STRING | Yes | organizationalUnit (OU) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.11) |
| parsed.issuer.postal_code | STRING | Yes | postalCode elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.17) |
| parsed.issuer.province | STRING | Yes | stateOrProviceName (ST) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.8) |
| parsed.issuer.serial_number | STRING | Yes | serialNumber elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.5) |
| parsed.issuer.street_address | STRING | Yes | streetAddress (STREET) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.9) |
| parsed.issuer.surname | STRING | Yes | surname (SN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.4) |
| parsed.issuer_dn | STRING | No | A canonical string representation of the issuer name. |
| parsed.names | STRING | Yes | A list of subject names in the certificate, including the Subject CommonName and SubjectAltName DNSNames, IPAddresses and URIs. |
| parsed.redacted | BOOLEAN | No | This is set if any of the certificate's names contain redacted fields. |
| parsed.serial_number | STRING | No | Serial number as an signed decimal integer. Stored as string to support >uint lengths. Negative values are allowed. |
| parsed.signature | SubRecord | No | |
| parsed.signature.self_signed | BOOLEAN | No | Indicates whether the subject key was also used to sign the certificate. |
| parsed.signature.signature_algorithm | SubRecordType | No | |
| parsed.signature.signature_algorithm.name | STRING | No | Name of signature algorithm, e.g., SHA1-RSA or ECDSA-SHA512. Unknown algorithms get an integer id. |
| parsed.signature.signature_algorithm.oid | STRING | No | The OBJECT IDENTIFIER of the signature algorithm, in dotted-decimal notation. |
| parsed.signature.valid | BOOLEAN | No | |
| parsed.signature.value | STRING | No | Contents of the signature BIT STRING. |
| parsed.signature_algorithm | SubRecordType | No | Identifies the algorithm used by the CA to sign the certificate. |
| parsed.signature_algorithm.name | STRING | No | Name of signature algorithm, e.g., SHA1-RSA or ECDSA-SHA512. Unknown algorithms get an integer id. |
| parsed.signature_algorithm.oid | STRING | No | The OBJECT IDENTIFIER of the signature algorithm, in dotted-decimal notation. |
| parsed.spki_subject_fingerprint | STRING | No | The SHA2-256 digest over the DER encoding of the certificate's SubjectPublicKeyInfo, as a hexadecimal string. |
| parsed.subject | SubRecordType | No | The parsed subject name. |
| parsed.subject.common_name | STRING | Yes | commonName (CN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.3) |
| parsed.subject.country | STRING | Yes | countryName (C) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.6) |
| parsed.subject.domain_component | STRING | Yes | domainComponent (DC) elements of the distinguished name (OBJECT IDENTIFIER 0.9.2342.19200300.100.1.25) |
| parsed.subject.email_address | STRING | Yes | emailAddress (E) elements of the distinguished name (OBJECT IDENTIFIER 1.2.840.113549.1.9.1) |
| parsed.subject.given_name | STRING | Yes | givenName (G) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.42) |
| parsed.subject.jurisdiction_country | STRING | Yes | jurisdictionCountry elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.3) |
| parsed.subject.jurisdiction_locality | STRING | Yes | jurisdictionLocality elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.1) |
| parsed.subject.jurisdiction_province | STRING | Yes | jurisdictionStateOrProvice elements of the distinguished name (OBJECT IDENTIFIER 1.3.6.1.4.1.311.60.2.1.2) |
| parsed.subject.locality | STRING | Yes | localityName (L) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.7) |
| parsed.subject.organization | STRING | Yes | organizationName (O) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.10) |
| parsed.subject.organization_id | STRING | Yes | organizationId elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.97) |
| parsed.subject.organizational_unit | STRING | Yes | organizationalUnit (OU) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.11) |
| parsed.subject.postal_code | STRING | Yes | postalCode elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.17) |
| parsed.subject.province | STRING | Yes | stateOrProviceName (ST) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.8) |
| parsed.subject.serial_number | STRING | Yes | serialNumber elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.5) |
| parsed.subject.street_address | STRING | Yes | streetAddress (STREET) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.9) |
| parsed.subject.surname | STRING | Yes | surname (SN) elements of the distinguished name (OBJECT IDENTIFIER 2.5.4.4) |
| parsed.subject_dn | STRING | No | A canonical string representation of the subject name. |
| parsed.subject_key_info | SubRecord | No | The certificate's public key. Only one of the *_public_key fields will be set. |
| parsed.subject_key_info.dsa_public_key | SubRecordType | No | The public portion of a DSA asymmetric key. |
| parsed.subject_key_info.dsa_public_key.g | STRING | No | |
| parsed.subject_key_info.dsa_public_key.p | STRING | No | |
| parsed.subject_key_info.dsa_public_key.q | STRING | No | |
| parsed.subject_key_info.dsa_public_key.y | STRING | No | |
| parsed.subject_key_info.ecdsa_public_key | SubRecordType | No | The public portion of an ECDSA asymmetric key. |
| parsed.subject_key_info.ecdsa_public_key.b | STRING | No | |
| parsed.subject_key_info.ecdsa_public_key.curve | STRING | No | |
| parsed.subject_key_info.ecdsa_public_key.gx | STRING | No | |
| parsed.subject_key_info.ecdsa_public_key.gy | STRING | No | |
| parsed.subject_key_info.ecdsa_public_key.length | INTEGER | No | |
| parsed.subject_key_info.ecdsa_public_key.n | STRING | No | |
| parsed.subject_key_info.ecdsa_public_key.p | STRING | No | |
| parsed.subject_key_info.ecdsa_public_key.pub | STRING | No | |
| parsed.subject_key_info.ecdsa_public_key.x | STRING | No | |
| parsed.subject_key_info.ecdsa_public_key.y | STRING | No | |
| parsed.subject_key_info.fingerprint_sha256 | STRING | No | The SHA2-256 digest calculated over the certificate's DER-encoded SubjectPublicKeyInfo field. |
| parsed.subject_key_info.key_algorithm | SubRecordType | No | Identifies the type of key and any relevant parameters. |
| parsed.subject_key_info.key_algorithm.name | STRING | No | Name of public key type, e.g., RSA or ECDSA. More information is available the named SubRecord (e.g., RSAPublicKey()). |
| parsed.subject_key_info.key_algorithm.oid | STRING | No | OID of the public key on the certificate. This is helpful when an unknown type is present. This field is reserved and not currently populated. |
| parsed.subject_key_info.rsa_public_key | SubRecordType | No | Container for the public portion (modulus and exponent) of an RSA asymmetric key. |
| parsed.subject_key_info.rsa_public_key.exponent | INTEGER | No | The RSA key's public exponent (e). |
| parsed.subject_key_info.rsa_public_key.length | INTEGER | No | Bit-length of modulus. |
| parsed.subject_key_info.rsa_public_key.modulus | STRING | No | The RSA key's modulus (n) in big-endian encoding. |
| parsed.tbs_fingerprint | STRING | No | The SHA2-256 digest over the DER encoding of the certificate's TBSCertificate, as a hexadecimal string. |
| parsed.tbs_noct_fingerprint | STRING | No | The SHA2-256 digest over the DER encoding of the certificate's TBSCertificate, *with any CT extensions omitted*, as a hexadecimal string. |
| parsed.unknown_extensions | SubRecordType | Yes | List of raw extensions that were not recognized by the application. |
| parsed.unknown_extensions.critical | BOOLEAN | No | Certificates should be rejected if they have critical extensions the validator does not recognize. |
| parsed.unknown_extensions.id | STRING | No | The OBJECT IDENTIFIER identifying the extension. |
| parsed.unknown_extensions.value | STRING | No | The raw value of the extnValue OCTET STREAM. |
| parsed.validation_level | STRING | No | How the certificate is validated -- Domain validated (DV), Organization Validated (OV), Extended Validation (EV), or unknown. |
| parsed.validity | SubRecord | No | |
| parsed.validity.end | TIMESTAMP | No | Timestamp of when certificate expires. Timezone is UTC. |
| parsed.validity.length | INTEGER | No | The length of time, in seconds, that the certificate is valid. |
| parsed.validity.start | TIMESTAMP | No | Timestamp of when certificate is first valid. Timezone is UTC. |
| parsed.version | INTEGER | No | The x.509 certificate version number. |
| precert | BOOLEAN | No | |
| raw | STRING | No | |
| tags | STRING | Yes | |
| validation | SubRecord | No | |
| validation.apple | SubRecord | No | |
| validation.apple.blacklisted | BOOLEAN | No | True if the certificate is explicitly blacklisted by some method than OneCRL/CRLSet. For example, a set of certificates revoked by Cloudflare are blacklisted by SPKI hash in Chrome. |
| validation.apple.had_trusted_path | BOOLEAN | No | True if now or at some point in the past there existed a path from the certificate to the root store. |
| validation.apple.in_revocation_set | BOOLEAN | No | True if the certificate is in the revocation set (e.g. OneCRL) associated with this root store. |
| validation.apple.parents | STRING | Yes | SHA256 fingerprints of immediate parents. |
| validation.apple.paths | SubRecord | Yes | |
| validation.apple.paths.path | STRING | Yes | |
| validation.apple.trusted_path | BOOLEAN | No | True if there exists a path from the certificate to the root store. |
| validation.apple.type | STRING | No | Indicates if the certificate is a root, intermediate, or leaf. |
| validation.apple.valid | BOOLEAN | No | ((has_trusted_path && !revoked && !blacklisted) || whitelisted) && !expired |
| validation.apple.was_valid | BOOLEAN | No | True if the certificate is valid now or was ever valid in the past. |
| validation.apple.whitelisted | BOOLEAN | No | True if the certificate is explicitly whitelisted, e.g. the set of trusted WoSign certificates Apple uses. |
| validation.crl_error | STRING | No | |
| validation.crl_revocation | SubRecord | No | Indicates that the certificate has been revoked. |
| validation.crl_revocation.next_update | TIMESTAMP | No | |
| validation.crl_revocation.reason | STRING | No | |
| validation.crl_revocation.revoked | BOOLEAN | No | |
| validation.google_ct_primary | SubRecord | No | |
| validation.google_ct_primary.blacklisted | BOOLEAN | No | True if the certificate is explicitly blacklisted by some method than OneCRL/CRLSet. For example, a set of certificates revoked by Cloudflare are blacklisted by SPKI hash in Chrome. |
| validation.google_ct_primary.had_trusted_path | BOOLEAN | No | True if now or at some point in the past there existed a path from the certificate to the root store. |
| validation.google_ct_primary.in_revocation_set | BOOLEAN | No | True if the certificate is in the revocation set (e.g. OneCRL) associated with this root store. |
| validation.google_ct_primary.parents | STRING | Yes | SHA256 fingerprints of immediate parents. |
| validation.google_ct_primary.paths | SubRecord | Yes | |
| validation.google_ct_primary.paths.path | STRING | Yes | |
| validation.google_ct_primary.trusted_path | BOOLEAN | No | True if there exists a path from the certificate to the root store. |
| validation.google_ct_primary.type | STRING | No | Indicates if the certificate is a root, intermediate, or leaf. |
| validation.google_ct_primary.valid | BOOLEAN | No | ((has_trusted_path && !revoked && !blacklisted) || whitelisted) && !expired |
| validation.google_ct_primary.was_valid | BOOLEAN | No | True if the certificate is valid now or was ever valid in the past. |
| validation.google_ct_primary.whitelisted | BOOLEAN | No | True if the certificate is explicitly whitelisted, e.g. the set of trusted WoSign certificates Apple uses. |
| validation.microsoft | SubRecord | No | |
| validation.microsoft.blacklisted | BOOLEAN | No | True if the certificate is explicitly blacklisted by some method than OneCRL/CRLSet. For example, a set of certificates revoked by Cloudflare are blacklisted by SPKI hash in Chrome. |
| validation.microsoft.had_trusted_path | BOOLEAN | No | True if now or at some point in the past there existed a path from the certificate to the root store. |
| validation.microsoft.in_revocation_set | BOOLEAN | No | True if the certificate is in the revocation set (e.g. OneCRL) associated with this root store. |
| validation.microsoft.parents | STRING | Yes | SHA256 fingerprints of immediate parents. |
| validation.microsoft.paths | SubRecord | Yes | |
| validation.microsoft.paths.path | STRING | Yes | |
| validation.microsoft.trusted_path | BOOLEAN | No | True if there exists a path from the certificate to the root store. |
| validation.microsoft.type | STRING | No | Indicates if the certificate is a root, intermediate, or leaf. |
| validation.microsoft.valid | BOOLEAN | No | ((has_trusted_path && !revoked && !blacklisted) || whitelisted) && !expired |
| validation.microsoft.was_valid | BOOLEAN | No | True if the certificate is valid now or was ever valid in the past. |
| validation.microsoft.whitelisted | BOOLEAN | No | True if the certificate is explicitly whitelisted, e.g. the set of trusted WoSign certificates Apple uses. |
| validation.nss | SubRecord | No | |
| validation.nss.blacklisted | BOOLEAN | No | True if the certificate is explicitly blacklisted by some method than OneCRL/CRLSet. For example, a set of certificates revoked by Cloudflare are blacklisted by SPKI hash in Chrome. |
| validation.nss.had_trusted_path | BOOLEAN | No | True if now or at some point in the past there existed a path from the certificate to the root store. |
| validation.nss.in_revocation_set | BOOLEAN | No | True if the certificate is in the revocation set (e.g. OneCRL) associated with this root store. |
| validation.nss.parents | STRING | Yes | SHA256 fingerprints of immediate parents. |
| validation.nss.paths | SubRecord | Yes | |
| validation.nss.paths.path | STRING | Yes | |
| validation.nss.trusted_path | BOOLEAN | No | True if there exists a path from the certificate to the root store. |
| validation.nss.type | STRING | No | Indicates if the certificate is a root, intermediate, or leaf. |
| validation.nss.valid | BOOLEAN | No | ((has_trusted_path && !revoked && !blacklisted) || whitelisted) && !expired |
| validation.nss.was_valid | BOOLEAN | No | True if the certificate is valid now or was ever valid in the past. |
| validation.nss.whitelisted | BOOLEAN | No | True if the certificate is explicitly whitelisted, e.g. the set of trusted WoSign certificates Apple uses. |
| validation.ocsp_error | STRING | No | |
| validation.ocsp_revocation | SubRecord | No | Indicates that the certificate has been revoked. |
| validation.ocsp_revocation.next_update | TIMESTAMP | No | |
| validation.ocsp_revocation.reason | STRING | No | |
| validation.ocsp_revocation.revoked | BOOLEAN | No | |
| validation.revoked | BOOLEAN | No | |
| zlint | SubRecord | No | |
| zlint.errors_present | BOOLEAN | No | |
| zlint.fatals_present | BOOLEAN | No | |
| zlint.lints | SubRecord | No | |
| zlint.lints.e_basic_constraints_not_critical | STRING | No | |
| zlint.lints.e_ca_common_name_missing | STRING | No | |
| zlint.lints.e_ca_country_name_invalid | STRING | No | |
| zlint.lints.e_ca_country_name_missing | STRING | No | |
| zlint.lints.e_ca_crl_sign_not_set | STRING | No | |
| zlint.lints.e_ca_is_ca | STRING | No | |
| zlint.lints.e_ca_key_cert_sign_not_set | STRING | No | |
| zlint.lints.e_ca_key_usage_missing | STRING | No | |
| zlint.lints.e_ca_key_usage_not_critical | STRING | No | |
| zlint.lints.e_ca_organization_name_missing | STRING | No | |
| zlint.lints.e_ca_subject_field_empty | STRING | No | |
| zlint.lints.e_cab_dv_conflicts_with_locality | STRING | No | |
| zlint.lints.e_cab_dv_conflicts_with_org | STRING | No | |
| zlint.lints.e_cab_dv_conflicts_with_postal | STRING | No | |
| zlint.lints.e_cab_dv_conflicts_with_province | STRING | No | |
| zlint.lints.e_cab_dv_conflicts_with_street | STRING | No | |
| zlint.lints.e_cab_iv_requires_personal_name | STRING | No | |
| zlint.lints.e_cab_ov_requires_org | STRING | No | |
| zlint.lints.e_cert_contains_unique_identifier | STRING | No | |
| zlint.lints.e_cert_extensions_version_not_3 | STRING | No | |
| zlint.lints.e_cert_policy_iv_requires_country | STRING | No | |
| zlint.lints.e_cert_policy_iv_requires_province_or_locality | STRING | No | |
| zlint.lints.e_cert_policy_ov_requires_country | STRING | No | |
| zlint.lints.e_cert_policy_ov_requires_province_or_locality | STRING | No | |
| zlint.lints.e_cert_unique_identifier_version_not_2_or_3 | STRING | No | |
| zlint.lints.e_distribution_point_incomplete | STRING | No | |
| zlint.lints.e_dnsname_bad_character_in_label | STRING | No | |
| zlint.lints.e_dnsname_contains_bare_iana_suffix | STRING | No | |
| zlint.lints.e_dnsname_empty_label | STRING | No | |
| zlint.lints.e_dnsname_hyphen_in_sld | STRING | No | |
| zlint.lints.e_dnsname_label_too_long | STRING | No | |
| zlint.lints.e_dnsname_left_label_wildcard_correct | STRING | No | |
| zlint.lints.e_dnsname_not_valid_tld | STRING | No | |
| zlint.lints.e_dnsname_underscore_in_sld | STRING | No | |
| zlint.lints.e_dnsname_wildcard_only_in_left_label | STRING | No | |
| zlint.lints.e_dsa_correct_order_in_subgroup | STRING | No | |
| zlint.lints.e_dsa_improper_modulus_or_divisor_size | STRING | No | |
| zlint.lints.e_dsa_params_missing | STRING | No | |
| zlint.lints.e_dsa_shorter_than_2048_bits | STRING | No | |
| zlint.lints.e_dsa_unique_correct_representation | STRING | No | |
| zlint.lints.e_ec_improper_curves | STRING | No | |
| zlint.lints.e_ev_business_category_missing | STRING | No | |
| zlint.lints.e_ev_country_name_missing | STRING | No | |
| zlint.lints.e_ev_locality_name_missing | STRING | No | |
| zlint.lints.e_ev_organization_name_missing | STRING | No | |
| zlint.lints.e_ev_serial_number_missing | STRING | No | |
| zlint.lints.e_ev_valid_time_too_long | STRING | No | |
| zlint.lints.e_ext_aia_marked_critical | STRING | No | |
| zlint.lints.e_ext_authority_key_identifier_critical | STRING | No | |
| zlint.lints.e_ext_authority_key_identifier_missing | STRING | No | |
| zlint.lints.e_ext_authority_key_identifier_no_key_identifier | STRING | No | |
| zlint.lints.e_ext_cert_policy_disallowed_any_policy_qualifier | STRING | No | |
| zlint.lints.e_ext_cert_policy_duplicate | STRING | No | |
| zlint.lints.e_ext_cert_policy_explicit_text_ia5_string | STRING | No | |
| zlint.lints.e_ext_cert_policy_explicit_text_too_long | STRING | No | |
| zlint.lints.e_ext_duplicate_extension | STRING | No | |
| zlint.lints.e_ext_freshest_crl_marked_critical | STRING | No | |
| zlint.lints.e_ext_ian_dns_not_ia5_string | STRING | No | |
| zlint.lints.e_ext_ian_empty_name | STRING | No | |
| zlint.lints.e_ext_ian_no_entries | STRING | No | |
| zlint.lints.e_ext_ian_rfc822_format_invalid | STRING | No | |
| zlint.lints.e_ext_ian_space_dns_name | STRING | No | |
| zlint.lints.e_ext_ian_uri_format_invalid | STRING | No | |
| zlint.lints.e_ext_ian_uri_host_not_fqdn_or_ip | STRING | No | |
| zlint.lints.e_ext_ian_uri_not_ia5 | STRING | No | |
| zlint.lints.e_ext_ian_uri_relative | STRING | No | |
| zlint.lints.e_ext_key_usage_cert_sign_without_ca | STRING | No | |
| zlint.lints.e_ext_key_usage_without_bits | STRING | No | |
| zlint.lints.e_ext_name_constraints_not_critical | STRING | No | |
| zlint.lints.e_ext_name_constraints_not_in_ca | STRING | No | |
| zlint.lints.e_ext_policy_constraints_empty | STRING | No | |
| zlint.lints.e_ext_policy_constraints_not_critical | STRING | No | |
| zlint.lints.e_ext_policy_map_any_policy | STRING | No | |
| zlint.lints.e_ext_san_contains_reserved_ip | STRING | No | |
| zlint.lints.e_ext_san_directory_name_present | STRING | No | |
| zlint.lints.e_ext_san_dns_name_too_long | STRING | No | |
| zlint.lints.e_ext_san_dns_not_ia5_string | STRING | No | |
| zlint.lints.e_ext_san_edi_party_name_present | STRING | No | |
| zlint.lints.e_ext_san_empty_name | STRING | No | |
| zlint.lints.e_ext_san_missing | STRING | No | |
| zlint.lints.e_ext_san_no_entries | STRING | No | |
| zlint.lints.e_ext_san_not_critical_without_subject | STRING | No | |
| zlint.lints.e_ext_san_other_name_present | STRING | No | |
| zlint.lints.e_ext_san_registered_id_present | STRING | No | |
| zlint.lints.e_ext_san_rfc822_format_invalid | STRING | No | |
| zlint.lints.e_ext_san_rfc822_name_present | STRING | No | |
| zlint.lints.e_ext_san_space_dns_name | STRING | No | |
| zlint.lints.e_ext_san_uniform_resource_identifier_present | STRING | No | |
| zlint.lints.e_ext_san_uri_format_invalid | STRING | No | |
| zlint.lints.e_ext_san_uri_host_not_fqdn_or_ip | STRING | No | |
| zlint.lints.e_ext_san_uri_not_ia5 | STRING | No | |
| zlint.lints.e_ext_san_uri_relative | STRING | No | |
| zlint.lints.e_ext_subject_directory_attr_critical | STRING | No | |
| zlint.lints.e_ext_subject_key_identifier_critical | STRING | No | |
| zlint.lints.e_ext_subject_key_identifier_missing_ca | STRING | No | |
| zlint.lints.e_generalized_time_does_not_include_seconds | STRING | No | |
| zlint.lints.e_generalized_time_includes_fraction_seconds | STRING | No | |
| zlint.lints.e_generalized_time_not_in_zulu | STRING | No | |
| zlint.lints.e_ian_bare_wildcard | STRING | No | |
| zlint.lints.e_ian_dns_name_includes_null_char | STRING | No | |
| zlint.lints.e_ian_dns_name_starts_with_period | STRING | No | |
| zlint.lints.e_ian_wildcard_not_first | STRING | No | |
| zlint.lints.e_inhibit_any_policy_not_critical | STRING | No | |
| zlint.lints.e_international_dns_name_not_nfkc | STRING | No | |
| zlint.lints.e_international_dns_name_not_unicode | STRING | No | |
| zlint.lints.e_invalid_certificate_version | STRING | No | |
| zlint.lints.e_issuer_field_empty | STRING | No | |
| zlint.lints.e_name_constraint_empty | STRING | No | |
| zlint.lints.e_name_constraint_maximum_not_absent | STRING | No | |
| zlint.lints.e_name_constraint_minimum_non_zero | STRING | No | |
| zlint.lints.e_old_root_ca_rsa_mod_less_than_2048_bits | STRING | No | |
| zlint.lints.e_old_sub_ca_rsa_mod_less_than_1024_bits | STRING | No | |
| zlint.lints.e_old_sub_cert_rsa_mod_less_than_1024_bits | STRING | No | |
| zlint.lints.e_path_len_constraint_improperly_included | STRING | No | |
| zlint.lints.e_path_len_constraint_zero_or_less | STRING | No | |
| zlint.lints.e_public_key_type_not_allowed | STRING | No | |
| zlint.lints.e_root_ca_extended_key_usage_present | STRING | No | |
| zlint.lints.e_root_ca_key_usage_must_be_critical | STRING | No | |
| zlint.lints.e_root_ca_key_usage_present | STRING | No | |
| zlint.lints.e_rsa_exp_negative | STRING | No | |
| zlint.lints.e_rsa_mod_less_than_2048_bits | STRING | No | |
| zlint.lints.e_rsa_no_public_key | STRING | No | |
| zlint.lints.e_rsa_public_exponent_not_odd | STRING | No | |
| zlint.lints.e_rsa_public_exponent_too_small | STRING | No | |
| zlint.lints.e_san_bare_wildcard | STRING | No | |
| zlint.lints.e_san_dns_name_includes_null_char | STRING | No | |
| zlint.lints.e_san_dns_name_starts_with_period | STRING | No | |
| zlint.lints.e_san_wildcard_not_first | STRING | No | |
| zlint.lints.e_serial_number_longer_than_20_octets | STRING | No | |
| zlint.lints.e_serial_number_not_positive | STRING | No | |
| zlint.lints.e_signature_algorithm_not_supported | STRING | No | |
| zlint.lints.e_sub_ca_aia_does_not_contain_ocsp_url | STRING | No | |
| zlint.lints.e_sub_ca_aia_marked_critical | STRING | No | |
| zlint.lints.e_sub_ca_aia_missing | STRING | No | |
| zlint.lints.e_sub_ca_certificate_policies_missing | STRING | No | |
| zlint.lints.e_sub_ca_crl_distribution_points_does_not_contain_url | STRING | No | |
| zlint.lints.e_sub_ca_crl_distribution_points_marked_critical | STRING | No | |
| zlint.lints.e_sub_ca_crl_distribution_points_missing | STRING | No | |
| zlint.lints.e_sub_ca_eku_missing | STRING | No | |
| zlint.lints.e_sub_ca_eku_name_constraints | STRING | No | |
| zlint.lints.e_sub_ca_must_not_contain_any_policy | STRING | No | |
| zlint.lints.e_sub_cert_aia_does_not_contain_ocsp_url | STRING | No | |
| zlint.lints.e_sub_cert_aia_marked_critical | STRING | No | |
| zlint.lints.e_sub_cert_aia_missing | STRING | No | |
| zlint.lints.e_sub_cert_cert_policy_empty | STRING | No | |
| zlint.lints.e_sub_cert_certificate_policies_missing | STRING | No | |
| zlint.lints.e_sub_cert_country_name_must_appear | STRING | No | |
| zlint.lints.e_sub_cert_crl_distribution_points_does_not_contain_url | STRING | No | |
| zlint.lints.e_sub_cert_crl_distribution_points_marked_critical | STRING | No | |
| zlint.lints.e_sub_cert_eku_missing | STRING | No | |
| zlint.lints.e_sub_cert_eku_server_auth_client_auth_missing | STRING | No | |
| zlint.lints.e_sub_cert_given_name_surname_contains_correct_policy | STRING | No | |
| zlint.lints.e_sub_cert_key_usage_cert_sign_bit_set | STRING | No | |
| zlint.lints.e_sub_cert_key_usage_crl_sign_bit_set | STRING | No | |
| zlint.lints.e_sub_cert_locality_name_must_appear | STRING | No | |
| zlint.lints.e_sub_cert_locality_name_must_not_appear | STRING | No | |
| zlint.lints.e_sub_cert_not_is_ca | STRING | No | |
| zlint.lints.e_sub_cert_or_sub_ca_using_sha1 | STRING | No | |
| zlint.lints.e_sub_cert_postal_code_must_not_appear | STRING | No | |
| zlint.lints.e_sub_cert_province_must_appear | STRING | No | |
| zlint.lints.e_sub_cert_province_must_not_appear | STRING | No | |
| zlint.lints.e_sub_cert_street_address_should_not_exist | STRING | No | |
| zlint.lints.e_sub_cert_valid_time_too_long | STRING | No | |
| zlint.lints.e_subject_common_name_max_length | STRING | No | |
| zlint.lints.e_subject_common_name_not_from_san | STRING | No | |
| zlint.lints.e_subject_contains_noninformational_value | STRING | No | |
| zlint.lints.e_subject_contains_reserved_ip | STRING | No | |
| zlint.lints.e_subject_country_not_iso | STRING | No | |
| zlint.lints.e_subject_empty_without_san | STRING | No | |
| zlint.lints.e_subject_info_access_marked_critical | STRING | No | |
| zlint.lints.e_subject_locality_name_max_length | STRING | No | |
| zlint.lints.e_subject_not_dn | STRING | No | |
| zlint.lints.e_subject_organization_name_max_length | STRING | No | |
| zlint.lints.e_subject_organizational_unit_name_max_length | STRING | No | |
| zlint.lints.e_subject_state_name_max_length | STRING | No | |
| zlint.lints.e_utc_time_does_not_include_seconds | STRING | No | |
| zlint.lints.e_utc_time_not_in_zulu | STRING | No | |
| zlint.lints.e_validity_time_not_positive | STRING | No | |
| zlint.lints.e_wrong_time_format_pre2050 | STRING | No | |
| zlint.lints.n_ca_digital_signature_not_set | STRING | No | |
| zlint.lints.n_contains_redacted_dnsname | STRING | No | |
| zlint.lints.n_sub_ca_eku_not_technically_constrained | STRING | No | |
| zlint.lints.n_subject_common_name_included | STRING | No | |
| zlint.lints.w_distribution_point_missing_ldap_or_uri | STRING | No | |
| zlint.lints.w_dnsname_underscore_in_trd | STRING | No | |
| zlint.lints.w_dnsname_wildcard_left_of_public_suffix | STRING | No | |
| zlint.lints.w_eku_critical_improperly | STRING | No | |
| zlint.lints.w_ext_aia_access_location_missing | STRING | No | |
| zlint.lints.w_ext_cert_policy_contains_noticeref | STRING | No | |
| zlint.lints.w_ext_cert_policy_explicit_text_includes_control | STRING | No | |
| zlint.lints.w_ext_cert_policy_explicit_text_not_nfc | STRING | No | |
| zlint.lints.w_ext_cert_policy_explicit_text_not_utf8 | STRING | No | |
| zlint.lints.w_ext_crl_distribution_marked_critical | STRING | No | |
| zlint.lints.w_ext_ian_critical | STRING | No | |
| zlint.lints.w_ext_key_usage_not_critical | STRING | No | |
| zlint.lints.w_ext_policy_map_not_critical | STRING | No | |
| zlint.lints.w_ext_policy_map_not_in_cert_policy | STRING | No | |
| zlint.lints.w_ext_san_critical_with_subject_dn | STRING | No | |
| zlint.lints.w_ext_subject_key_identifier_missing_sub_cert | STRING | No | |
| zlint.lints.w_ian_iana_pub_suffix_empty | STRING | No | |
| zlint.lints.w_issuer_dn_leading_whitespace | STRING | No | |
| zlint.lints.w_issuer_dn_trailing_whitespace | STRING | No | |
| zlint.lints.w_multiple_issuer_rdn | STRING | No | |
| zlint.lints.w_multiple_subject_rdn | STRING | No | |
| zlint.lints.w_name_constraint_on_edi_party_name | STRING | No | |
| zlint.lints.w_name_constraint_on_registered_id | STRING | No | |
| zlint.lints.w_name_constraint_on_x400 | STRING | No | |
| zlint.lints.w_root_ca_basic_constraints_path_len_constraint_field_present | STRING | No | |
| zlint.lints.w_root_ca_contains_cert_policy | STRING | No | |
| zlint.lints.w_rsa_mod_factors_smaller_than_752 | STRING | No | |
| zlint.lints.w_rsa_mod_not_odd | STRING | No | |
| zlint.lints.w_rsa_public_exponent_not_in_range | STRING | No | |
| zlint.lints.w_san_iana_pub_suffix_empty | STRING | No | |
| zlint.lints.w_serial_number_low_entropy | STRING | No | |
| zlint.lints.w_sub_ca_aia_does_not_contain_issuing_ca_url | STRING | No | |
| zlint.lints.w_sub_ca_certificate_policies_marked_critical | STRING | No | |
| zlint.lints.w_sub_ca_eku_critical | STRING | No | |
| zlint.lints.w_sub_ca_name_constraints_not_critical | STRING | No | |
| zlint.lints.w_sub_cert_aia_does_not_contain_issuing_ca_url | STRING | No | |
| zlint.lints.w_sub_cert_certificate_policies_marked_critical | STRING | No | |
| zlint.lints.w_sub_cert_eku_extra_values | STRING | No | |
| zlint.lints.w_sub_cert_sha1_expiration_too_long | STRING | No | |
| zlint.lints.w_subject_dn_leading_whitespace | STRING | No | |
| zlint.lints.w_subject_dn_trailing_whitespace | STRING | No | |
| zlint.notices_present | BOOLEAN | No | |
| zlint.version | INTEGER | No | |
| zlint.warnings_present | BOOLEAN | No |