This page lists every field whose value can be searched within the Certificates dataset.

The difference between a keyword and a text field is that searches on keyword fields will only return exact matches, while searches on text fields will return fuzzy matches.

Certificates

METADATA

Path Type Docs
added_at date When the certificate was added to the Censys dataset.
labels text
modified_at date When the certificate record was last modified.
parse_status text

CERTIFICATE TRANSPARENCY LOGS

Path Type Docs
ct.entries.key text
ct.entries.value.added_to_ct_at date An RFC-3339-formatted timestamp indicating when the certificate was entered into the CT log.
ct.entries.value.ct_to_censys_at date An RFC-3339-formated timestamp indicating when the certificate was ingested from the CT log into the Censys dataset.
ct.entries.value.index long Numerical marker of the certificate's place in the CT log.

MISC

Path Type Docs
ever_seen_in_scan boolean
parsed.redacted boolean
parsed.version integer
precert boolean Whether the X.509 "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3) is marked critical, which prohibits the pre-certificate from being trusted.
validation_level text The extent to which the certificate's issuer validated the identity of the entity requesting the certificate. Options include Domain validated (DV), Organization Validated (OV), or Extended Validation (EV).

FINGERPRINT

Path Type Docs
fingerprint_md5 text The MD-5 digest of the entire raw certificate. An identifier used by some systems.
fingerprint_sha1 text The SHA-1 digest of the entire raw certificate. An identifier used by some systems.
fingerprint_sha256 text The SHA-256 digest of the entire raw certificate. Its unique identifier, which Censys uses to index certificates records.
tbs_fingerprint_sha256 text The SHA-256 digest of the unsigned certificate's contents.
tbs_no_ct_fingerprint_sha256 text The SHA-256 digest of the unsigned certificate with the CT Poison extension removed, if present. This represents the shared contents of a certificate and its corresponding pre-certificate.

BASIC INFORMATION

Path Type Docs
names text All the names contained in the certificate from various fields.
parsed.issuer_dn text Distinguished Name of the entity that has signed and issued the certificate.
parsed.serial_number text Issuer-specific identifier of the certificate.
parsed.subject_dn text Distinguished Name of the entity associated with the public key.
validated_at date When the certificate record's trust was last checked.

AUTHORITY INFO ACCESS (AIA)

Path Type Docs
parsed.extensions.authority_info_access.issuer_urls text
parsed.extensions.authority_info_access.ocsp_urls text

AUTHORITY KEY ID (AKID)

Path Type Docs
parsed.extensions.authority_key_id text A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo.

BASIC CONSTRAINTS

Path Type Docs
parsed.extensions.basic_constraints.is_ca boolean Whether the certificate is permitted to sign other certificates.
parsed.extensions.basic_constraints.max_path_len integer When present, provides the maximum number of intermediate certificates that may follow this certificate in a trusted certification path.

CABF ORGANIZATION ID EXTENSION

Path Type Docs
parsed.extensions.cabf_organization_id.country text
parsed.extensions.cabf_organization_id.reference text
parsed.extensions.cabf_organization_id.scheme text
parsed.extensions.cabf_organization_id.state text

CERTIFICATE POLICIES

Path Type Docs
parsed.extensions.certificate_policies.cps text
parsed.extensions.certificate_policies.id text
parsed.extensions.certificate_policies.user_notice.explicit_text text
parsed.extensions.certificate_policies.user_notice.notice_reference.notice_numbers integer
parsed.extensions.certificate_policies.user_notice.notice_reference.organization text

CRL DISTRIBUTION POINTS

Path Type Docs
parsed.extensions.crl_distribution_points text The parsed id-ce-cRLDistributionPoints extension (OID: 2.5.29.31). Contents are a list of distributionPoint URLs; other distributionPoint types are omitted).

EMBEDDED SCTS / CT POISON

Path Type Docs
parsed.extensions.ct_poison boolean Whether the certificate possesses the pre-certificate "poison" extension (OID: 1.3.6.1.4.1.11129.2.4.3).
parsed.extensions.signed_certificate_timestamps.log_id text
parsed.extensions.signed_certificate_timestamps.signature.hash_algorithm text
parsed.extensions.signed_certificate_timestamps.signature.signature text
parsed.extensions.signed_certificate_timestamps.signature.signature_algorithm text
parsed.extensions.signed_certificate_timestamps.timestamp date
parsed.extensions.signed_certificate_timestamps.version integer

EXTENDED KEY USAGE

Path Type Docs
parsed.extensions.extended_key_usage.any boolean
parsed.extensions.extended_key_usage.apple_code_signing boolean
parsed.extensions.extended_key_usage.apple_code_signing_development boolean
parsed.extensions.extended_key_usage.apple_code_signing_third_party boolean
parsed.extensions.extended_key_usage.apple_crypto_development_env boolean
parsed.extensions.extended_key_usage.apple_crypto_env boolean
parsed.extensions.extended_key_usage.apple_crypto_maintenance_env boolean
parsed.extensions.extended_key_usage.apple_crypto_production_env boolean
parsed.extensions.extended_key_usage.apple_crypto_qos boolean
parsed.extensions.extended_key_usage.apple_crypto_test_env boolean
parsed.extensions.extended_key_usage.apple_crypto_tier0_qos boolean
parsed.extensions.extended_key_usage.apple_crypto_tier1_qos boolean
parsed.extensions.extended_key_usage.apple_crypto_tier2_qos boolean
parsed.extensions.extended_key_usage.apple_crypto_tier3_qos boolean
parsed.extensions.extended_key_usage.apple_ichat_encryption boolean
parsed.extensions.extended_key_usage.apple_ichat_signing boolean
parsed.extensions.extended_key_usage.apple_resource_signing boolean
parsed.extensions.extended_key_usage.apple_software_update_signing boolean
parsed.extensions.extended_key_usage.apple_system_identity boolean
parsed.extensions.extended_key_usage.client_auth boolean
parsed.extensions.extended_key_usage.code_signing boolean
parsed.extensions.extended_key_usage.dvcs boolean
parsed.extensions.extended_key_usage.eap_over_lan boolean
parsed.extensions.extended_key_usage.eap_over_ppp boolean
parsed.extensions.extended_key_usage.email_protection boolean
parsed.extensions.extended_key_usage.ipsec_end_system boolean
parsed.extensions.extended_key_usage.ipsec_intermediate_system_usage boolean
parsed.extensions.extended_key_usage.ipsec_tunnel boolean
parsed.extensions.extended_key_usage.ipsec_user boolean
parsed.extensions.extended_key_usage.microsoft_ca_exchange boolean
parsed.extensions.extended_key_usage.microsoft_cert_trust_list_signing boolean
parsed.extensions.extended_key_usage.microsoft_csp_signature boolean
parsed.extensions.extended_key_usage.microsoft_document_signing boolean
parsed.extensions.extended_key_usage.microsoft_drm boolean
parsed.extensions.extended_key_usage.microsoft_drm_individualization boolean
parsed.extensions.extended_key_usage.microsoft_efs_recovery boolean
parsed.extensions.extended_key_usage.microsoft_embedded_nt_crypto boolean
parsed.extensions.extended_key_usage.microsoft_encrypted_file_system boolean
parsed.extensions.extended_key_usage.microsoft_enrollment_agent boolean
parsed.extensions.extended_key_usage.microsoft_kernel_mode_code_signing boolean
parsed.extensions.extended_key_usage.microsoft_key_recovery_21 boolean
parsed.extensions.extended_key_usage.microsoft_key_recovery_3 boolean
parsed.extensions.extended_key_usage.microsoft_license_server boolean
parsed.extensions.extended_key_usage.microsoft_licenses boolean
parsed.extensions.extended_key_usage.microsoft_lifetime_signing boolean
parsed.extensions.extended_key_usage.microsoft_mobile_device_software boolean
parsed.extensions.extended_key_usage.microsoft_nt5_crypto boolean
parsed.extensions.extended_key_usage.microsoft_oem_whql_crypto boolean
parsed.extensions.extended_key_usage.microsoft_qualified_subordinate boolean
parsed.extensions.extended_key_usage.microsoft_root_list_signer boolean
parsed.extensions.extended_key_usage.microsoft_server_gated_crypto boolean
parsed.extensions.extended_key_usage.microsoft_sgc_serialized boolean
parsed.extensions.extended_key_usage.microsoft_smart_display boolean
parsed.extensions.extended_key_usage.microsoft_smartcard_logon boolean
parsed.extensions.extended_key_usage.microsoft_system_health boolean
parsed.extensions.extended_key_usage.microsoft_system_health_loophole boolean
parsed.extensions.extended_key_usage.microsoft_timestamp_signing boolean
parsed.extensions.extended_key_usage.microsoft_whql_crypto boolean
parsed.extensions.extended_key_usage.netscape_server_gated_crypto boolean
parsed.extensions.extended_key_usage.ocsp_signing boolean
parsed.extensions.extended_key_usage.sbgp_cert_aa_service_auth boolean
parsed.extensions.extended_key_usage.server_auth boolean
parsed.extensions.extended_key_usage.time_stamping boolean
parsed.extensions.extended_key_usage.unknown text

ISSUER ALTERNATE NAMES (IANS)

Path Type Docs
parsed.extensions.issuer_alt_name.directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
parsed.extensions.issuer_alt_name.directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
parsed.extensions.issuer_alt_name.directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
parsed.extensions.issuer_alt_name.directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
parsed.extensions.issuer_alt_name.directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
parsed.extensions.issuer_alt_name.directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
parsed.extensions.issuer_alt_name.directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
parsed.extensions.issuer_alt_name.directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
parsed.extensions.issuer_alt_name.directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
parsed.extensions.issuer_alt_name.directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
parsed.extensions.issuer_alt_name.directory_names.organization_id text
parsed.extensions.issuer_alt_name.directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
parsed.extensions.issuer_alt_name.directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
parsed.extensions.issuer_alt_name.directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
parsed.extensions.issuer_alt_name.directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
parsed.extensions.issuer_alt_name.directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
parsed.extensions.issuer_alt_name.directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
parsed.extensions.issuer_alt_name.dns_names text The parsed dNSName entries in the GeneralName.
parsed.extensions.issuer_alt_name.edi_party_names.name_assigner text
parsed.extensions.issuer_alt_name.edi_party_names.party_name text
parsed.extensions.issuer_alt_name.email_addresses text The parsed rfc822Name entries in the GeneralName.
parsed.extensions.issuer_alt_name.ip_addresses text The parsed ipAddress entries in the GeneralName.
parsed.extensions.issuer_alt_name.other_names.id text The OID identifying the syntax of the otherName value.
parsed.extensions.issuer_alt_name.other_names.value text The raw otherName value.
parsed.extensions.issuer_alt_name.registered_ids text The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
parsed.extensions.issuer_alt_name.uniform_resource_identifiers text The parsed uniformResourceIdentifier entries in the GeneralName.

KEY USAGE

Path Type Docs
parsed.extensions.key_usage.certificate_sign boolean Whether the keyCertSign bit is set.
parsed.extensions.key_usage.content_commitment boolean Whether the contentCommitment (formerly called nonRepudiation) bit is set.
parsed.extensions.key_usage.crl_sign boolean Whether the cRLSign bit is set.
parsed.extensions.key_usage.data_encipherment boolean Whether the dataEncipherment bit is set.
parsed.extensions.key_usage.decipher_only boolean Whether the decipherOnly bit is set.
parsed.extensions.key_usage.digital_signature boolean Whether the digitalSignature bit is set.
parsed.extensions.key_usage.encipher_only boolean Whether the encipherOnly bit is set.
parsed.extensions.key_usage.key_agreement boolean Whether the keyAgreement bit is set.
parsed.extensions.key_usage.key_encipherment boolean Whether the keyEncipherment bit is set.
parsed.extensions.key_usage.value unsigned_long The integer value of the bitmask in the extension.

NAME CONSTRAINTS

Path Type Docs
parsed.extensions.name_constraints.critical boolean
parsed.extensions.name_constraints.excluded_directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
parsed.extensions.name_constraints.excluded_directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
parsed.extensions.name_constraints.excluded_directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
parsed.extensions.name_constraints.excluded_directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
parsed.extensions.name_constraints.excluded_directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
parsed.extensions.name_constraints.excluded_directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
parsed.extensions.name_constraints.excluded_directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
parsed.extensions.name_constraints.excluded_directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
parsed.extensions.name_constraints.excluded_directory_names.organization_id text
parsed.extensions.name_constraints.excluded_directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
parsed.extensions.name_constraints.excluded_directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
parsed.extensions.name_constraints.excluded_directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
parsed.extensions.name_constraints.excluded_directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
parsed.extensions.name_constraints.excluded_directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
parsed.extensions.name_constraints.excluded_directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
parsed.extensions.name_constraints.excluded_edi_party_names.name_assigner text
parsed.extensions.name_constraints.excluded_edi_party_names.party_name text
parsed.extensions.name_constraints.excluded_email_addresses text A record providing a range of excluded names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
parsed.extensions.name_constraints.excluded_ip_addresses.begin text The first IP address in the range.
parsed.extensions.name_constraints.excluded_ip_addresses.cidr text The CIDR specifying the subtree.
parsed.extensions.name_constraints.excluded_ip_addresses.end text The last IP address in the range.
parsed.extensions.name_constraints.excluded_ip_addresses.mask text The subnet mask of the CIDR.
parsed.extensions.name_constraints.excluded_names text A record providing a range of excluded names of the type dNSName in leaf certificates whose trust path includes this certificate.
parsed.extensions.name_constraints.excluded_registered_ids text A record providing excluded names of the type registeredID in leaf certificates whose trust path includes this certificate.
parsed.extensions.name_constraints.excluded_uris text A record providing a range of excluded uniform resource identifiers in leaf certificates whose trust path includes this certificate.
parsed.extensions.name_constraints.permitted_directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
parsed.extensions.name_constraints.permitted_directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
parsed.extensions.name_constraints.permitted_directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
parsed.extensions.name_constraints.permitted_directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
parsed.extensions.name_constraints.permitted_directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
parsed.extensions.name_constraints.permitted_directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
parsed.extensions.name_constraints.permitted_directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
parsed.extensions.name_constraints.permitted_directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
parsed.extensions.name_constraints.permitted_directory_names.organization_id text
parsed.extensions.name_constraints.permitted_directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
parsed.extensions.name_constraints.permitted_directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
parsed.extensions.name_constraints.permitted_directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
parsed.extensions.name_constraints.permitted_directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
parsed.extensions.name_constraints.permitted_directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
parsed.extensions.name_constraints.permitted_directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
parsed.extensions.name_constraints.permitted_edi_party_names.name_assigner text
parsed.extensions.name_constraints.permitted_edi_party_names.party_name text
parsed.extensions.name_constraints.permitted_email_addresses text A record providing a range of permitted names of the type rfc822Name in leaf certificates whose trust path includes this certificate.
parsed.extensions.name_constraints.permitted_ip_addresses.begin text The first IP address in the range.
parsed.extensions.name_constraints.permitted_ip_addresses.cidr text The CIDR specifying the subtree.
parsed.extensions.name_constraints.permitted_ip_addresses.end text The last IP address in the range.
parsed.extensions.name_constraints.permitted_ip_addresses.mask text The subnet mask of the CIDR.
parsed.extensions.name_constraints.permitted_names text A record providing a range of permitted names of the type dNSName in leaf certificates whose trust path includes this certificate.
parsed.extensions.name_constraints.permitted_registered_ids text A record providing permitted names of the type registeredID in leaf certificates whose trust path includes this certificate.
parsed.extensions.name_constraints.permitted_uris text A record providing a range of permitted uniform resource identifiers in leaf certificates whose trust path includes this certificate.

QC STATEMENTS EXTENSION

Path Type Docs
parsed.extensions.qc_statements.ids text
parsed.extensions.qc_statements.parsed.etsi_compliance boolean
parsed.extensions.qc_statements.parsed.legislation.country_codes text
parsed.extensions.qc_statements.parsed.limit.amount long
parsed.extensions.qc_statements.parsed.limit.currency text
parsed.extensions.qc_statements.parsed.limit.currency_number long
parsed.extensions.qc_statements.parsed.limit.exponent long
parsed.extensions.qc_statements.parsed.pds_locations.language text
parsed.extensions.qc_statements.parsed.pds_locations.url text
parsed.extensions.qc_statements.parsed.retention_period long
parsed.extensions.qc_statements.parsed.sscd boolean
parsed.extensions.qc_statements.parsed.types.ids text

SUBJECT ALTERNATE NAMES (SANS)

Path Type Docs
parsed.extensions.subject_alt_name.directory_names.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
parsed.extensions.subject_alt_name.directory_names.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
parsed.extensions.subject_alt_name.directory_names.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
parsed.extensions.subject_alt_name.directory_names.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
parsed.extensions.subject_alt_name.directory_names.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
parsed.extensions.subject_alt_name.directory_names.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
parsed.extensions.subject_alt_name.directory_names.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
parsed.extensions.subject_alt_name.directory_names.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
parsed.extensions.subject_alt_name.directory_names.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
parsed.extensions.subject_alt_name.directory_names.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
parsed.extensions.subject_alt_name.directory_names.organization_id text
parsed.extensions.subject_alt_name.directory_names.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
parsed.extensions.subject_alt_name.directory_names.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
parsed.extensions.subject_alt_name.directory_names.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
parsed.extensions.subject_alt_name.directory_names.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
parsed.extensions.subject_alt_name.directory_names.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
parsed.extensions.subject_alt_name.directory_names.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).
parsed.extensions.subject_alt_name.dns_names text The parsed dNSName entries in the GeneralName.
parsed.extensions.subject_alt_name.edi_party_names.name_assigner text
parsed.extensions.subject_alt_name.edi_party_names.party_name text
parsed.extensions.subject_alt_name.email_addresses text The parsed rfc822Name entries in the GeneralName.
parsed.extensions.subject_alt_name.ip_addresses text The parsed ipAddress entries in the GeneralName.
parsed.extensions.subject_alt_name.other_names.id text The OID identifying the syntax of the otherName value.
parsed.extensions.subject_alt_name.other_names.value text The raw otherName value.
parsed.extensions.subject_alt_name.registered_ids text The parsed registeredID entries in the GeneralName. Stored in dotted-decimal format.
parsed.extensions.subject_alt_name.uniform_resource_identifiers text The parsed uniformResourceIdentifier entries in the GeneralName.

SUBJECT KEY ID (SKID)

Path Type Docs
parsed.extensions.subject_key_id text A key identifier, usually a digest of the DER-encoded SubjectPublicKeyInfo..

TOR SERVICE DESCRIPTORS

Path Type Docs
parsed.extensions.tor_service_descriptors.algorithm_name text
parsed.extensions.tor_service_descriptors.hash text
parsed.extensions.tor_service_descriptors.hash_bits integer
parsed.extensions.tor_service_descriptors.onion text

ISSUER

Path Type Docs
parsed.issuer.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
parsed.issuer.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
parsed.issuer.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
parsed.issuer.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
parsed.issuer.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
parsed.issuer.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
parsed.issuer.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
parsed.issuer.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
parsed.issuer.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
parsed.issuer.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
parsed.issuer.organization_id text
parsed.issuer.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
parsed.issuer.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
parsed.issuer.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
parsed.issuer.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
parsed.issuer.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
parsed.issuer.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).

SIGNATURE

Path Type Docs
parsed.signature.self_signed boolean Whether the certificate was signed by its own key.
parsed.signature.signature_algorithm.name text Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
parsed.signature.signature_algorithm.oid text
parsed.signature.valid boolean Whether the signature is valid.
parsed.signature.value text Contents of the signature.

SUBJECT

Path Type Docs
parsed.subject.common_name text The commonName (CN) elements of the Distinguished Name (OID: 2.5.4.3).
parsed.subject.country text The countryName (C) elements of the Distinguished Name (OID: 2.5.4.6).
parsed.subject.domain_component text The domainComponent (DC) elements of the Distinguished Name (OID: 0.9.2342.19200300.100.1.25).
parsed.subject.email_address text The emailAddress (E) elements of the Distinguished Name (OID: 1.2.840.113549.1.9.1).
parsed.subject.given_name text The givenName (G) elements of the Distinguished Name (OID: 2.5.4.42).
parsed.subject.jurisdiction_country text The jurisdictionCountry elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.3).
parsed.subject.jurisdiction_locality text The jurisdictionLocality elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.1).
parsed.subject.jurisdiction_province text The jurisdictionStateOrProvince elements of the Distinguished Name (OID: 1.3.6.1.4.1.311.60.2.1.2).
parsed.subject.locality text The localityName (L) elements of the Distinguished Name (OID: 2.5.4.7).
parsed.subject.organization text The organizationName (O) elements of the Distinguished Name (OID: 2.5.4.10).
parsed.subject.organization_id text
parsed.subject.organizational_unit text The organizationalUnit (OU) elements of the Distinguished Name (OID: 2.5.4.11).
parsed.subject.postal_code keyword The postalCode elements of the Distinguished Name (OID: 2.5.4.17).
parsed.subject.province text The stateOrProvinceName (ST) elements of the Distinguished Name (OID: 2.5.4.8).
parsed.subject.serial_number keyword The serialNumber elements of the Distinguished Name (OID: 2.5.4.5).
parsed.subject.street_address text The streetAddress (STREET) elements of the Distinguished Name (OID: 2.5.4.9).
parsed.subject.surname text The surname (SN) elements of the Distinguished Name (OID: 2.5.4.4).

PUBLIC KEY

Path Type Docs
parsed.subject_key_info.dsa.g text
parsed.subject_key_info.dsa.p text
parsed.subject_key_info.dsa.q text
parsed.subject_key_info.dsa.y text
parsed.subject_key_info.ecdsa.b text
parsed.subject_key_info.ecdsa.curve text
parsed.subject_key_info.ecdsa.gx text
parsed.subject_key_info.ecdsa.gy text
parsed.subject_key_info.ecdsa.length long
parsed.subject_key_info.ecdsa.n text
parsed.subject_key_info.ecdsa.p text
parsed.subject_key_info.ecdsa.pub text
parsed.subject_key_info.ecdsa.x text
parsed.subject_key_info.ecdsa.y text
parsed.subject_key_info.fingerprint_sha256 text The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo.
parsed.subject_key_info.key_algorithm.name text Name of public key type, such as RSA or ECDSA. Information specific to the key type is available in the named sub-record.
parsed.subject_key_info.key_algorithm.oid text
parsed.subject_key_info.rsa.exponent long The RSA key's public exponent (e).
parsed.subject_key_info.rsa.length long Bit-length of the RSA modulus.
parsed.subject_key_info.rsa.modulus text The RSA key's modulus (n) in big-endian encoding.
parsed.subject_key_info.unrecognized.raw text

UNKNOWN EXTENSIONS

Path Type Docs
parsed.unknown_extensions.critical boolean
parsed.unknown_extensions.id text
parsed.unknown_extensions.value text

VALIDITY PERIOD

Path Type Docs
parsed.validity_period.length_seconds long The duration of the certificate's validity period, in seconds.
parsed.validity_period.not_after date An RFC-3339-formatted timestamp after which the certificate is no longer valid.
parsed.validity_period.not_before date An RFC-3339-formatted timestamp before which the certificate is not valid.

CRL VALIDATION

Path Type Docs
revocation.crl.next_update date
revocation.crl.reason text An enumerated value indicating the issuer-supplied reason for the revocation.
revocation.crl.revocation_time date The issuer-supplied timestamp indicating when the certificate was revoked.
revocation.crl.revoked boolean Whether the certificate has been revoked before its expiry date by the issuer.
revoked boolean Whether the certificate has been revoked before its expiry date by the issuer.

OCSP VALIDATION

Path Type Docs
revocation.ocsp.next_update date
revocation.ocsp.reason text An enumerated value indicating the issuer-supplied reason for the revocation.
revocation.ocsp.revocation_time date The issuer-supplied timestamp indicating when the certificate was revoked.
revocation.ocsp.revoked boolean Whether the certificate has been revoked before its expiry date by the issuer.

APPLE VALIDATION

Path Type Docs
validation.apple.chains.sha256fp text
validation.apple.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
validation.apple.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
validation.apple.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
validation.apple.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
validation.apple.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
validation.apple.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).

CHROME VALIDATION

Path Type Docs
validation.chrome.chains.sha256fp text
validation.chrome.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
validation.chrome.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
validation.chrome.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
validation.chrome.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
validation.chrome.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
validation.chrome.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).

MICROSOFT VALIDATION

Path Type Docs
validation.microsoft.chains.sha256fp text
validation.microsoft.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
validation.microsoft.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
validation.microsoft.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
validation.microsoft.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
validation.microsoft.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
validation.microsoft.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).

NSS (FIREFOX) VALIDATION

Path Type Docs
validation.nss.chains.sha256fp text
validation.nss.ever_valid boolean Whether the certificate has ever been considered valid by the root store.
validation.nss.had_trusted_path boolean Whether there ever existed a trusted path of signing certificates from a certificate present in the root certificate store.
validation.nss.has_trusted_path boolean Whether there currently exists a trusted path of signing certificates from a certificate present in the root certificate store.
validation.nss.in_revocation_set boolean Whether the certificate is in the revocation set (e.g. OneCRL) associated with the root store.
validation.nss.is_valid boolean Whether the certificate is currently considered valid by the root store: a summary of the trust path, revoked, blocklisted/allowlisted, and expired fields.
validation.nss.parents text The SHA-256 fingerprints of the certificate's immediate parents in its trust path(s).

ZLINT

Path Type Docs
zlint.errors_present boolean Whether the certificate's attributes triggered any error lints for non-conformance to the X.509 standard.
zlint.failed_lints text A list of lint names which failed, if applicable.
zlint.fatals_present boolean Whether the certificate's attributes triggered any fatal lints for non-conformance to the X.509 standard.
zlint.notices_present boolean Whether the certificate's attributes triggered any notice lints for non-conformance to the X.509 standard.
zlint.timestamp date An RFC-3339-formated timestamp indicating when the certificate was linted.
zlint.version long The version of Zlint used to lint the certificate.
zlint.warnings_present boolean Whether the certificate's attributes triggered any warning lints for non-conformance to the X.509 standard.

MISC

Path Type Docs
parent_spki_subject_fingerprint_sha256 text The SHA-256 digest of the parent certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.
parsed.serial_number_hex text Issuer-specific identifier of the certificate, represented as hexadecimal.
spki_subject_fingerprint_sha256 text The SHA-256 digest of the certificate's DER-encoded SubjectPublicKeyInfo concatenated with its Subject.