Certificate analytics (TCA-0502)
This service provides certificate analytics for the requested certificate thumbprint and the certificate chain of trust.
Analytics include a sample counter - number of samples signed by the certificate grouped by their classification, certificate status (blacklisted/whitelisted/undefined), time when the certificate was first seen, certificate trust factor, certificate threat level, and history of certificate blacklisting/whitelisting.
The service also allows bulk requests for up to 100 thumbprints per request.
Certificate Analytics Query
The query returns certificate analytics for the requested certificate thumbprint and the certificate chain of trust.
Analytics include:
- real-time statistics (number of samples signed by the certificate, with samples grouped by their classification),
- time when the certificate was first seen,
- certificate classification status (blacklisted/whitelisted/undefined),
- other certificate reputation data (threat level, trust factor, history of blacklisting/whitelisting, reason for whitelisting/blacklisting).
Request
GET /api/certificate/analytics/v1/query/thumbprint/{thumbprint}?[format=xml|json]
Path parameters:
thumbprint- The thumbprint (sha1, sha256, md5) of the requested certificate
- Required
Query parameters:
format- Allows choosing between xml (default) and json format for the response
- Optional
The query will return certificate analytics for the requested thumbprint.
Response
{
"rl": {
"request": {},
"certificate_analytics": {}
}
}
rl.request
{
"response_format": "string",
"thumbprint": "string"
}
rl.certificate_analytics
{
"certificate_first_seen": "string",
"statistics": {},
"classification": {},
"certificate": {}
}
certificate_first_seen- When the certificate was first seen in ReversingLabs system (UTC)
certificate- Certificate information is presented as a signature chain. It includes information about issuer certificates recursively until root certificate is reached. Individual certificate information includes the following fields: common_name, valid_from, valid_to, signature_algorithm, signature, extensions, certificate_thumbprints, serial_number, version, issuer
rl.certificate_analytics.statistics
classification- KNOWN/UNKNOWN/MALICIOUS/SUSPICIOUS/TOTAL
sample_count- Number of samples with each classification
rl.certificate_analytics.classification
status- whitelisted/blacklisted/undefined
reason- Reason for whitelisting/blacklisting
blacklisted_from- Last valid signing time of the certificate that is now blacklisted
whitelisted_to- Property applicable only to certificates that were first whitelisted and then blacklisted; it should correspond to the blacklisted_from field
threat_level- 0-5; property of blacklisted certificates
trust_factor- 0-5; property of whitelisted certificates
Certificate Analytics Bulk Query
The bulk query returns certificate analytics in the same format as the single query, but for multiple certificate thumbprints in one response.
POST /api/certificate/analytics/v1/query/thumbprint/{post_format}
- post_format - allows choosing between xml and json format in the POST payload
Request
Request body:
{
"rl": {
"query": {
"thumbprints": [
"string",
"string",
"string",
"string"
],
"format": "string"
}
}
}
thumbprint- The thumbprint (sha1, sha256, md5) of the requested certificate.
- Required
format- Allows choosing between xml (default) and json format for the response.
- Required
Response
{
"rl": {
"request": {
"response_format": "string",
"thumbprints": []
},
"invalid_thumbprints": [],
"certificate_analytics": []
}
}
request- thumbprint: requested thumbprint; format: output format
invalid_thumbprints- List of ill-formatted thumbprints provided in the request
certificate_analytics- List of certificates matching the requested thumbprints with the same analytics data as in the single query
Examples
Example 1 - single query
Retrieving certificate analytics for the thumbprint A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1, in JSON format.
Request
/api/certificate/analytics/v1/query/thumbprint/A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1?format=json
Response
{
"rl": {
"request": {
"response_format": "json",
"thumbprint": "A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1"
},
"certificate_analytics": {
"certificate_first_seen": "2022-09-14T08:05:10",
"statistics": {
"known": 77,
"unknown": 1,
"malicious": 0,
"suspicious": 0,
"total": 78
},
"classification": {
"status": "undefined"
},
"certificate": {
"valid_from": "2022-06-14T04:02:43Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2025-07-12T07:06:34Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "CA Issuers - URI:http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt\nOCSP - URI:http://ocsp.globalsign.com/gsgccr45evcodesignca2020\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.3.6.1.4.1.4146.1.2\n CPS: https://www.globalsign.com/repository/\nPolicy: 2.23.140.1.3\n"
},
{
"is_critical": "False",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.globalsign.com/gsgccr45evcodesignca2020.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:25:9D:D0:FC:59:09:86:63:C5:EC:F3:B1:13:3B:57:1C:03:92:36:11\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "B9:8B:D3:79:F7:03:DC:12:78:E5:28:C2:AF:E8:61:4D:3E:E1:AC:E3"
}
],
"signature": "5B69F2E4D90E7BE365D1C7AC43371CB7776CEECA23F711A58800F1091BFABCC1B84E48ADAC4369227C12B4E245B3614E4A458EC2F4910F403A5C65AF14FB75D183C5CAEA2F1420728FAE1E982286FCDFFFC05B1CE0B1A7F20B40722AD54BB6DCC9E43A8C56B6F7095FC1A9BE7C66B8C7C5AF02F1796D5A83C571256B969FC26F7D7FC450D18424862E8CD1E025EEA76AA1960A98A9A3901BCEC5F0BE5C4EE75A3B54737E95458AE7945904FB998A00AFFD6EC08545B5617352444248D5AFF9F2AC565F8002F64C03FBFFD06052849F3C198AD516E7C6B711704B9F3A005076DDA3059DEBC975DB2F3965F589494E62DE687762783502E2E2EBA139A54300B59E116BA9CBD8323F7EB2C831A857D540E243C277C7DC59320AA3122E4A60E0908102342BFEC432407BD0F911E53D8C2CDF36A63FD1FE8DC271DF5F0CA0A32C6DC01DB8BD271F7766C2798F220171DDE4189C3411E88E0573D23291CDA2884217BB55458C8D4B957EFBC8B0D58F88490924C68E1BE8A7348C3F490B7D4158DB936902FF473A033A2F78F311FB44EEF9C2547A1632CEE370A20D3E9042C49C219C877AE9DB73E0542657A66F27C7EA7C3B594CCC4CD0BDEFC3B40443DBE4AA0E7875684531C6E51BCCF876BD9AA052E0A15FF5BBE1D5E77F63E80E3C5D08D200CAE0C5BC219A89DF67FA38C60EB60FFDA27324DEC43EBBB2E37BF341458B075084B5",
"common_name": "Reallusion Inc.",
"serial_number": "67C6DAAFB381A5567534EB0F",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "3b5d3951bd5930863767cd86a4ba27c5"
},
{
"name": "SHA1",
"value": "e18af391a8ba1ae94eb61794c573c5a9856c80d3"
},
{
"name": "SHA256",
"value": "A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1"
}
],
"issuer": "GlobalSign GCC R45 EV CodeSigning CA 2020"
}
}
}
}
Example 2 - single query
Retrieving certificate analytics for the thumbprint E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4, in JSON format.
Request
/api/certificate/analytics/v1/query/thumbprint/E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4?format=json
Response
{
"rl": {
"request": {
"response_format": "json",
"thumbprint": "E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4"
},
"certificate_analytics": {
"certificate_first_seen": "2022-09-15T05:09:36",
"statistics": {
"known": 0,
"unknown": 0,
"malicious": 1,
"suspicious": 0,
"total": 1
},
"classification": {
"status": "undefined"
},
"certificate": {
"valid_from": "2022-08-16T16:45:04Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2023-08-16T16:45:03Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:09:FE:C0:15:90:F9:AF:64:0A:92:12:B9:26:28:63:0C:97:EC:A7:B2\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "CA Issuers - URI:http://certs.apple.com/wwdrg3.der\nOCSP - URI:http://ocsp.apple.com/ocsp03-wwdrg305\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.2.840.113635.100.5.1\n User Notice:\n Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.\n CPS: https://www.apple.com/certificateauthority/\n"
},
{
"is_critical": "True",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "8B:DB:F3:20:E4:7F:AD:DD:DB:04:07:B8:D0:F4:EF:03:82:21:A1:50"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "True",
"name": "1.2.840.113635.100.6.1.7",
"value": ".."
},
{
"is_critical": "True",
"name": "1.2.840.113635.100.6.1.4",
"value": ".."
}
],
"signature": "D8506E1AD8408E4A9850644A2870525B362FBF5C74DCEF62AB73E3EB2BFC178D66168F491FF4CD894D1CD0FD3C799236C7FD41A114A1DA33EB87AAA89B51F532DFA461DCF383B1CE388E03ABB3B710925ED477EE546F5D7BAF7066E9D397D522F86CBAB8E6470B419E5CA16A9946356D4B50523E28CF852EB1BE912A215AD527F32690C1CD0DA294834AC5D06E745D6DD20077F0613F65F8547CC3BA9271BFD03A4C1245147F0197D687193E9086059AFB1997DDCA54BF7F0914C3FDC873629FAC16B5129C461A61BF28863902B87CA04E33FEC390C756C1D0556ED04B41C8B95C4AE53C6BF7422BD7D9705EA0D3984D665A2536419556ACCFEB5717B7112ACE",
"common_name": "Apple Distribution: The Dash Foundation, Inc. (44RJ69WHFF)",
"serial_number": "733E6B713464528602D5CA7DB152C6D6",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "cb702899b0e4a8e748678e6b8acde556"
},
{
"name": "SHA1",
"value": "0463c9bff6b702da41487c8440fd02f5c5e239c1"
},
{
"name": "SHA256",
"value": "E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4"
}
],
"issuer": {
"valid_from": "2020-02-19T18:13:47Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2030-02-20T00:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE, pathlen:0"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.apple.com/ocsp03-applerootca\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.apple.com/root.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "09:FE:C0:15:90:F9:AF:64:0A:92:12:B9:26:28:63:0C:97:EC:A7:B2"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "1.2.840.113635.100.6.2.1",
"value": ".."
}
],
"signature": "AD6513E8F6E0817744024742BE5FA53920EA62A9FDC590C97313D59E9BD0AA0F8D8DCBED01CF6C28405BC7552441F8FCCFC1B523E9DCECF16FCA801D77C2C461492567AF0FCA3925ADD3E37ACC33280D0E2EA1574073FAE65CAE065129EDE3850C4F61DC32168B77D044CA5D720331469CAE9B401AFAF4E0D33EFA2F8C669F97C45459EFD248F4079949605919C7DD94D1C0C16C7F7821EF0CEB3B6C99824B526038B539826DEC523153BE0F914C4949748FA651CB84474E1D75276EBDF9D25CF37FC26C0B0936E264E4C237031419D5EA6A94AAA9DBFEF69A08678BEF2BB8AA174983AFCFCBBCE9CFEA9571B0B445A2CCE587AA0AC3413A795CDA50349D953B",
"common_name": "Apple Worldwide Developer Relations Certification Authority",
"serial_number": "7CAF690A25B739FE7B9B447AC178C5EE",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "08a45128fa238443623421dd2c9887ab"
},
{
"name": "SHA1",
"value": "06ec06599f4ed0027cc58956b4d3ac1255114f35"
},
{
"name": "SHA256",
"value": "DCF21878C77F4198E4B4614F03D696D89C66C66008D4244E1B99161AAC91601F"
}
],
"issuer": {
"valid_from": "2006-04-25T21:40:36Z",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_to": "2035-02-09T21:40:36Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Certificate Sign, CRL Sign"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.2.840.113635.100.5.1\n CPS: https://www.apple.com/appleca/\n User Notice:\n Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.\n"
}
],
"signature": "5C36994C2D78B7ED8C9BDCF3779BF276D277304FC11F8583851B993D4737F2A99B408E2CD4B19012D8BEF4739BEED2640FCB794F34D8A23EF978FF6BC807EC7D39838B5320D338C4B1BF9A4F0A6BFF2BFC59A705097C174056111E74D3B78B233B47A3D56F24E2EBD1B770DF0F45E127CAF16D78EDE7B51717A8DC7E2235CA25D5D90FD66BD4A2242311F7A1AC8F738160C61B5B092F92B2F84448F060389E15F53D2667208A336AF70D82CFDEEBA32FF9536A5B64C0633377F73A072C56EBDA0F210EDABA73194FB5D9367FC18755D9A799B93242FBD8D5719E7EA152B71BBD934224122AC70F1DB64D9C5E63C84B801750AA8AD5DAE4FCD0090737B0757521",
"common_name": "Apple Root CA",
"serial_number": "02",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "7e611e0f7ba31b51986f413b41383ef0"
},
{
"name": "SHA1",
"value": "611e5b662c593a08ff58d14ae22452d198df6c60"
},
{
"name": "SHA256",
"value": "B0B1730ECBC7FF4505142C49F1295E6EDA6BCAED7E2C68C5BE91B5A11001F024"
}
],
"issuer": "Apple Root CA"
}
}
}
}
}
}
Example 3 - bulk query
Retrieving certificate analytics in JSON format for thumbprints A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1, E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4, and ABC via POST request in JSON format.
Request
/api/certificate/analytics/v1/query/thumbprint/json
{
"rl": {
"query": {
"thumbprints": [
"A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1",
"E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4",
"ABC"
],
"format": "json"
}
}
}
Response
{
"rl": {
"invalid_thumbprints": [
"ABC"
],
"request": {
"response_format": "json",
"thumbprints": [
"A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1",
"ABC",
"E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4"
]
},
"certificate_analytics": [
{
"certificate_first_seen": "2022-09-14T08:05:10",
"statistics": {
"known": 77,
"unknown": 2,
"malicious": 0,
"suspicious": 0,
"total": 79
},
"classification": {
"status": "undefined"
},
"certificate": {
"valid_from": "2022-06-14T04:02:43Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2025-07-12T07:06:34Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "CA Issuers - URI:http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt\nOCSP - URI:http://ocsp.globalsign.com/gsgccr45evcodesignca2020\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.3.6.1.4.1.4146.1.2\n CPS: https://www.globalsign.com/repository/\nPolicy: 2.23.140.1.3\n"
},
{
"is_critical": "False",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.globalsign.com/gsgccr45evcodesignca2020.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:25:9D:D0:FC:59:09:86:63:C5:EC:F3:B1:13:3B:57:1C:03:92:36:11\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "B9:8B:D3:79:F7:03:DC:12:78:E5:28:C2:AF:E8:61:4D:3E:E1:AC:E3"
}
],
"signature": "5B69F2E4D90E7BE365D1C7AC43371CB7776CEECA23F711A58800F1091BFABCC1B84E48ADAC4369227C12B4E245B3614E4A458EC2F4910F403A5C65AF14FB75D183C5CAEA2F1420728FAE1E982286FCDFFFC05B1CE0B1A7F20B40722AD54BB6DCC9E43A8C56B6F7095FC1A9BE7C66B8C7C5AF02F1796D5A83C571256B969FC26F7D7FC450D18424862E8CD1E025EEA76AA1960A98A9A3901BCEC5F0BE5C4EE75A3B54737E95458AE7945904FB998A00AFFD6EC08545B5617352444248D5AFF9F2AC565F8002F64C03FBFFD06052849F3C198AD516E7C6B711704B9F3A005076DDA3059DEBC975DB2F3965F589494E62DE687762783502E2E2EBA139A54300B59E116BA9CBD8323F7EB2C831A857D540E243C277C7DC59320AA3122E4A60E0908102342BFEC432407BD0F911E53D8C2CDF36A63FD1FE8DC271DF5F0CA0A32C6DC01DB8BD271F7766C2798F220171DDE4189C3411E88E0573D23291CDA2884217BB55458C8D4B957EFBC8B0D58F88490924C68E1BE8A7348C3F490B7D4158DB936902FF473A033A2F78F311FB44EEF9C2547A1632CEE370A20D3E9042C49C219C877AE9DB73E0542657A66F27C7EA7C3B594CCC4CD0BDEFC3B40443DBE4AA0E7875684531C6E51BCCF876BD9AA052E0A15FF5BBE1D5E77F63E80E3C5D08D200CAE0C5BC219A89DF67FA38C60EB60FFDA27324DEC43EBBB2E37BF341458B075084B5",
"common_name": "Reallusion Inc.",
"serial_number": "67C6DAAFB381A5567534EB0F",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "3b5d3951bd5930863767cd86a4ba27c5"
},
{
"name": "SHA1",
"value": "e18af391a8ba1ae94eb61794c573c5a9856c80d3"
},
{
"name": "SHA256",
"value": "A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1"
}
],
"issuer": "GlobalSign GCC R45 EV CodeSigning CA 2020"
}
},
{
"certificate_first_seen": "2022-09-15T05:09:36",
"statistics": {
"known": 0,
"unknown": 0,
"malicious": 1,
"suspicious": 0,
"total": 1
},
"classification": {
"status": "undefined"
},
"certificate": {
"valid_from": "2022-08-16T16:45:04Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2023-08-16T16:45:03Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:09:FE:C0:15:90:F9:AF:64:0A:92:12:B9:26:28:63:0C:97:EC:A7:B2\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "CA Issuers - URI:http://certs.apple.com/wwdrg3.der\nOCSP - URI:http://ocsp.apple.com/ocsp03-wwdrg305\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.2.840.113635.100.5.1\n User Notice:\n Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.\n CPS: https://www.apple.com/certificateauthority/\n"
},
{
"is_critical": "True",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "8B:DB:F3:20:E4:7F:AD:DD:DB:04:07:B8:D0:F4:EF:03:82:21:A1:50"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "True",
"name": "1.2.840.113635.100.6.1.7",
"value": ".."
},
{
"is_critical": "True",
"name": "1.2.840.113635.100.6.1.4",
"value": ".."
}
],
"signature": "D8506E1AD8408E4A9850644A2870525B362FBF5C74DCEF62AB73E3EB2BFC178D66168F491FF4CD894D1CD0FD3C799236C7FD41A114A1DA33EB87AAA89B51F532DFA461DCF383B1CE388E03ABB3B710925ED477EE546F5D7BAF7066E9D397D522F86CBAB8E6470B419E5CA16A9946356D4B50523E28CF852EB1BE912A215AD527F32690C1CD0DA294834AC5D06E745D6DD20077F0613F65F8547CC3BA9271BFD03A4C1245147F0197D687193E9086059AFB1997DDCA54BF7F0914C3FDC873629FAC16B5129C461A61BF28863902B87CA04E33FEC390C756C1D0556ED04B41C8B95C4AE53C6BF7422BD7D9705EA0D3984D665A2536419556ACCFEB5717B7112ACE",
"common_name": "Apple Distribution: The Dash Foundation, Inc. (44RJ69WHFF)",
"serial_number": "733E6B713464528602D5CA7DB152C6D6",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "cb702899b0e4a8e748678e6b8acde556"
},
{
"name": "SHA1",
"value": "0463c9bff6b702da41487c8440fd02f5c5e239c1"
},
{
"name": "SHA256",
"value": "E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4"
}
],
"issuer": {
"valid_from": "2020-02-19T18:13:47Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2030-02-20T00:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE, pathlen:0"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.apple.com/ocsp03-applerootca\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.apple.com/root.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "09:FE:C0:15:90:F9:AF:64:0A:92:12:B9:26:28:63:0C:97:EC:A7:B2"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "1.2.840.113635.100.6.2.1",
"value": ".."
}
],
"signature": "AD6513E8F6E0817744024742BE5FA53920EA62A9FDC590C97313D59E9BD0AA0F8D8DCBED01CF6C28405BC7552441F8FCCFC1B523E9DCECF16FCA801D77C2C461492567AF0FCA3925ADD3E37ACC33280D0E2EA1574073FAE65CAE065129EDE3850C4F61DC32168B77D044CA5D720331469CAE9B401AFAF4E0D33EFA2F8C669F97C45459EFD248F4079949605919C7DD94D1C0C16C7F7821EF0CEB3B6C99824B526038B539826DEC523153BE0F914C4949748FA651CB84474E1D75276EBDF9D25CF37FC26C0B0936E264E4C237031419D5EA6A94AAA9DBFEF69A08678BEF2BB8AA174983AFCFCBBCE9CFEA9571B0B445A2CCE587AA0AC3413A795CDA50349D953B",
"common_name": "Apple Worldwide Developer Relations Certification Authority",
"serial_number": "7CAF690A25B739FE7B9B447AC178C5EE",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "08a45128fa238443623421dd2c9887ab"
},
{
"name": "SHA1",
"value": "06ec06599f4ed0027cc58956b4d3ac1255114f35"
},
{
"name": "SHA256",
"value": "DCF21878C77F4198E4B4614F03D696D89C66C66008D4244E1B99161AAC91601F"
}
],
"issuer": {
"valid_from": "2006-04-25T21:40:36Z",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_to": "2035-02-09T21:40:36Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Certificate Sign, CRL Sign"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.2.840.113635.100.5.1\n CPS: https://www.apple.com/appleca/\n User Notice:\n Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.\n"
}
],
"signature": "5C36994C2D78B7ED8C9BDCF3779BF276D277304FC11F8583851B993D4737F2A99B408E2CD4B19012D8BEF4739BEED2640FCB794F34D8A23EF978FF6BC807EC7D39838B5320D338C4B1BF9A4F0A6BFF2BFC59A705097C174056111E74D3B78B233B47A3D56F24E2EBD1B770DF0F45E127CAF16D78EDE7B51717A8DC7E2235CA25D5D90FD66BD4A2242311F7A1AC8F738160C61B5B092F92B2F84448F060389E15F53D2667208A336AF70D82CFDEEBA32FF9536A5B64C0633377F73A072C56EBDA0F210EDABA73194FB5D9367FC18755D9A799B93242FBD8D5719E7EA152B71BBD934224122AC70F1DB64D9C5E63C84B801750AA8AD5DAE4FCD0090737B0757521",
"common_name": "Apple Root CA",
"serial_number": "02",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "7e611e0f7ba31b51986f413b41383ef0"
},
{
"name": "SHA1",
"value": "611e5b662c593a08ff58d14ae22452d198df6c60"
},
{
"name": "SHA256",
"value": "B0B1730ECBC7FF4505142C49F1295E6EDA6BCAED7E2C68C5BE91B5A11001F024"
}
],
"issuer": "Apple Root CA"
}
}
}
}
]
}
}