Skip to main content

Certificate analytics

This service provides certificate analytics for the requested certificate thumbprint and the certificate chain of trust.

Analytics include a sample counter - number of samples signed by the certificate grouped by their classification, certificate status (blacklisted/whitelisted/undefined), time when the certificate was first seen, certificate trust factor, certificate threat level, and history of certificate blacklisting/whitelisting.

The service also allows bulk requests for up to 100 thumbprints per request.

Certificate Analytics Query

The query returns certificate analytics for the requested certificate thumbprint and the certificate chain of trust.

Analytics include:

  • real-time statistics (number of samples signed by the certificate, with samples grouped by their classification),
  • time when the certificate was first seen,
  • certificate classification status (blacklisted/whitelisted/undefined),
  • other certificate reputation data (threat level, trust factor, history of blacklisting/whitelisting, reason for whitelisting/blacklisting).

Request

GET /api/certificate/analytics/v1/query/thumbprint/{thumbprint}?[format=xml|json]

Path parameters:

  • thumbprint
    • The thumbprint (sha1, sha256, md5) of the requested certificate
    • Required

Query parameters:

  • format
    • Allows choosing between xml (default) and json format for the response
    • Optional

The query will return certificate analytics for the requested thumbprint.

Response

{
"rl": {
"request": {},
"certificate_analytics": {}
}
}

rl.request

{
"response_format": "string",
"thumbprint": "string"
}

rl.certificate_analytics

{
"certificate_first_seen": "string",
"statistics": {},
"classification": {},
"certificate": {}
}
  • certificate_first_seen
    • When the certificate was first seen in ReversingLabs system (UTC)
  • certificate
    • Certificate information is presented as a signature chain. It includes information about issuer certificates recursively until root certificate is reached. Individual certificate information includes the following fields: common_name, valid_from, valid_to, signature_algorithm, signature, extensions, certificate_thumbprints, serial_number, version, issuer

rl.certificate_analytics.statistics

  • classification
    • KNOWN/UNKNOWN/MALICIOUS/SUSPICIOUS/TOTAL
  • sample_count
    • Number of samples with each classification

rl.certificate_analytics.classification

  • status
    • whitelisted/blacklisted/undefined
  • reason
    • Reason for whitelisting/blacklisting
  • blacklisted_from
    • Last valid signing time of the certificate that is now blacklisted
  • whitelisted_to
    • Property applicable only to certificates that were first whitelisted and then blacklisted; it should correspond to the blacklisted_from field
  • threat_level
    • 0-5; property of blacklisted certificates
  • trust_factor
    • 0-5; property of whitelisted certificates

Certificate Analytics Bulk Query

The bulk query returns certificate analytics in the same format as the single query, but for multiple certificate thumbprints in one response.

POST /api/certificate/analytics/v1/query/thumbprint/{post_format}
  • post_format - allows choosing between xml and json format in the POST payload

Request

Request body:

{
"rl": {
"query": {
"thumbprints": [
"string",
"string",
"string",
"string"
],
"format": "string"
}
}
}
  • thumbprint
    • The thumbprint (sha1, sha256, md5) of the requested certificate.
    • Required
  • format
    • Allows choosing between xml (default) and json format for the response.
    • Required

Response

{
"rl": {
"request": {
"response_format": "string",
"thumbprints": []
},
"invalid_thumbprints": [],
"certificate_analytics": []
}
}
  • request
    • thumbprint: requested thumbprint; format: output format
  • invalid_thumbprints
    • List of ill-formatted thumbprints provided in the request
  • certificate_analytics
    • List of certificates matching the requested thumbprints with the same analytics data as in the single query

Examples

Example 1 - single query

Retrieving certificate analytics for the thumbprint A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1, in JSON format.

Request

/api/certificate/analytics/v1/query/thumbprint/A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1?format=json

Response

{
"rl": {
"request": {
"response_format": "json",
"thumbprint": "A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1"
},
"certificate_analytics": {
"certificate_first_seen": "2022-09-14T08:05:10",
"statistics": {
"known": 77,
"unknown": 1,
"malicious": 0,
"suspicious": 0,
"total": 78
},
"classification": {
"status": "undefined"
},
"certificate": {
"valid_from": "2022-06-14T04:02:43Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2025-07-12T07:06:34Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "CA Issuers - URI:http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt\nOCSP - URI:http://ocsp.globalsign.com/gsgccr45evcodesignca2020\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.3.6.1.4.1.4146.1.2\n CPS: https://www.globalsign.com/repository/\nPolicy: 2.23.140.1.3\n"
},
{
"is_critical": "False",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.globalsign.com/gsgccr45evcodesignca2020.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:25:9D:D0:FC:59:09:86:63:C5:EC:F3:B1:13:3B:57:1C:03:92:36:11\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "B9:8B:D3:79:F7:03:DC:12:78:E5:28:C2:AF:E8:61:4D:3E:E1:AC:E3"
}
],
"signature": "5B69F2E4D90E7BE365D1C7AC43371CB7776CEECA23F711A58800F1091BFABCC1B84E48ADAC4369227C12B4E245B3614E4A458EC2F4910F403A5C65AF14FB75D183C5CAEA2F1420728FAE1E982286FCDFFFC05B1CE0B1A7F20B40722AD54BB6DCC9E43A8C56B6F7095FC1A9BE7C66B8C7C5AF02F1796D5A83C571256B969FC26F7D7FC450D18424862E8CD1E025EEA76AA1960A98A9A3901BCEC5F0BE5C4EE75A3B54737E95458AE7945904FB998A00AFFD6EC08545B5617352444248D5AFF9F2AC565F8002F64C03FBFFD06052849F3C198AD516E7C6B711704B9F3A005076DDA3059DEBC975DB2F3965F589494E62DE687762783502E2E2EBA139A54300B59E116BA9CBD8323F7EB2C831A857D540E243C277C7DC59320AA3122E4A60E0908102342BFEC432407BD0F911E53D8C2CDF36A63FD1FE8DC271DF5F0CA0A32C6DC01DB8BD271F7766C2798F220171DDE4189C3411E88E0573D23291CDA2884217BB55458C8D4B957EFBC8B0D58F88490924C68E1BE8A7348C3F490B7D4158DB936902FF473A033A2F78F311FB44EEF9C2547A1632CEE370A20D3E9042C49C219C877AE9DB73E0542657A66F27C7EA7C3B594CCC4CD0BDEFC3B40443DBE4AA0E7875684531C6E51BCCF876BD9AA052E0A15FF5BBE1D5E77F63E80E3C5D08D200CAE0C5BC219A89DF67FA38C60EB60FFDA27324DEC43EBBB2E37BF341458B075084B5",
"common_name": "Reallusion Inc.",
"serial_number": "67C6DAAFB381A5567534EB0F",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "3b5d3951bd5930863767cd86a4ba27c5"
},
{
"name": "SHA1",
"value": "e18af391a8ba1ae94eb61794c573c5a9856c80d3"
},
{
"name": "SHA256",
"value": "A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1"
}
],
"issuer": "GlobalSign GCC R45 EV CodeSigning CA 2020"
}
}
}
}

Example 2 - single query

Retrieving certificate analytics for the thumbprint E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4, in JSON format.

Request

/api/certificate/analytics/v1/query/thumbprint/E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4?format=json

Response

{
"rl": {
"request": {
"response_format": "json",
"thumbprint": "E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4"
},
"certificate_analytics": {
"certificate_first_seen": "2022-09-15T05:09:36",
"statistics": {
"known": 0,
"unknown": 0,
"malicious": 1,
"suspicious": 0,
"total": 1
},
"classification": {
"status": "undefined"
},
"certificate": {
"valid_from": "2022-08-16T16:45:04Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2023-08-16T16:45:03Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:09:FE:C0:15:90:F9:AF:64:0A:92:12:B9:26:28:63:0C:97:EC:A7:B2\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "CA Issuers - URI:http://certs.apple.com/wwdrg3.der\nOCSP - URI:http://ocsp.apple.com/ocsp03-wwdrg305\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.2.840.113635.100.5.1\n User Notice:\n Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.\n CPS: https://www.apple.com/certificateauthority/\n"
},
{
"is_critical": "True",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "8B:DB:F3:20:E4:7F:AD:DD:DB:04:07:B8:D0:F4:EF:03:82:21:A1:50"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "True",
"name": "1.2.840.113635.100.6.1.7",
"value": ".."
},
{
"is_critical": "True",
"name": "1.2.840.113635.100.6.1.4",
"value": ".."
}
],
"signature": "D8506E1AD8408E4A9850644A2870525B362FBF5C74DCEF62AB73E3EB2BFC178D66168F491FF4CD894D1CD0FD3C799236C7FD41A114A1DA33EB87AAA89B51F532DFA461DCF383B1CE388E03ABB3B710925ED477EE546F5D7BAF7066E9D397D522F86CBAB8E6470B419E5CA16A9946356D4B50523E28CF852EB1BE912A215AD527F32690C1CD0DA294834AC5D06E745D6DD20077F0613F65F8547CC3BA9271BFD03A4C1245147F0197D687193E9086059AFB1997DDCA54BF7F0914C3FDC873629FAC16B5129C461A61BF28863902B87CA04E33FEC390C756C1D0556ED04B41C8B95C4AE53C6BF7422BD7D9705EA0D3984D665A2536419556ACCFEB5717B7112ACE",
"common_name": "Apple Distribution: The Dash Foundation, Inc. (44RJ69WHFF)",
"serial_number": "733E6B713464528602D5CA7DB152C6D6",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "cb702899b0e4a8e748678e6b8acde556"
},
{
"name": "SHA1",
"value": "0463c9bff6b702da41487c8440fd02f5c5e239c1"
},
{
"name": "SHA256",
"value": "E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4"
}
],
"issuer": {
"valid_from": "2020-02-19T18:13:47Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2030-02-20T00:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE, pathlen:0"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.apple.com/ocsp03-applerootca\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.apple.com/root.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "09:FE:C0:15:90:F9:AF:64:0A:92:12:B9:26:28:63:0C:97:EC:A7:B2"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "1.2.840.113635.100.6.2.1",
"value": ".."
}
],
"signature": "AD6513E8F6E0817744024742BE5FA53920EA62A9FDC590C97313D59E9BD0AA0F8D8DCBED01CF6C28405BC7552441F8FCCFC1B523E9DCECF16FCA801D77C2C461492567AF0FCA3925ADD3E37ACC33280D0E2EA1574073FAE65CAE065129EDE3850C4F61DC32168B77D044CA5D720331469CAE9B401AFAF4E0D33EFA2F8C669F97C45459EFD248F4079949605919C7DD94D1C0C16C7F7821EF0CEB3B6C99824B526038B539826DEC523153BE0F914C4949748FA651CB84474E1D75276EBDF9D25CF37FC26C0B0936E264E4C237031419D5EA6A94AAA9DBFEF69A08678BEF2BB8AA174983AFCFCBBCE9CFEA9571B0B445A2CCE587AA0AC3413A795CDA50349D953B",
"common_name": "Apple Worldwide Developer Relations Certification Authority",
"serial_number": "7CAF690A25B739FE7B9B447AC178C5EE",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "08a45128fa238443623421dd2c9887ab"
},
{
"name": "SHA1",
"value": "06ec06599f4ed0027cc58956b4d3ac1255114f35"
},
{
"name": "SHA256",
"value": "DCF21878C77F4198E4B4614F03D696D89C66C66008D4244E1B99161AAC91601F"
}
],
"issuer": {
"valid_from": "2006-04-25T21:40:36Z",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_to": "2035-02-09T21:40:36Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Certificate Sign, CRL Sign"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.2.840.113635.100.5.1\n CPS: https://www.apple.com/appleca/\n User Notice:\n Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.\n"
}
],
"signature": "5C36994C2D78B7ED8C9BDCF3779BF276D277304FC11F8583851B993D4737F2A99B408E2CD4B19012D8BEF4739BEED2640FCB794F34D8A23EF978FF6BC807EC7D39838B5320D338C4B1BF9A4F0A6BFF2BFC59A705097C174056111E74D3B78B233B47A3D56F24E2EBD1B770DF0F45E127CAF16D78EDE7B51717A8DC7E2235CA25D5D90FD66BD4A2242311F7A1AC8F738160C61B5B092F92B2F84448F060389E15F53D2667208A336AF70D82CFDEEBA32FF9536A5B64C0633377F73A072C56EBDA0F210EDABA73194FB5D9367FC18755D9A799B93242FBD8D5719E7EA152B71BBD934224122AC70F1DB64D9C5E63C84B801750AA8AD5DAE4FCD0090737B0757521",
"common_name": "Apple Root CA",
"serial_number": "02",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "7e611e0f7ba31b51986f413b41383ef0"
},
{
"name": "SHA1",
"value": "611e5b662c593a08ff58d14ae22452d198df6c60"
},
{
"name": "SHA256",
"value": "B0B1730ECBC7FF4505142C49F1295E6EDA6BCAED7E2C68C5BE91B5A11001F024"
}
],
"issuer": "Apple Root CA"
}
}
}
}
}
}

Example 3 - bulk query

Retrieving certificate analytics in JSON format for thumbprints A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1, E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4, and ABC via POST request in JSON format.

Request

/api/certificate/analytics/v1/query/thumbprint/json
{
"rl": {
"query": {
"thumbprints": [
"A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1",
"E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4",
"ABC"
],
"format": "json"
}
}
}

Response

{
"rl": {
"invalid_thumbprints": [
"ABC"
],
"request": {
"response_format": "json",
"thumbprints": [
"A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1",
"ABC",
"E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4"
]
},
"certificate_analytics": [
{
"certificate_first_seen": "2022-09-14T08:05:10",
"statistics": {
"known": 77,
"unknown": 2,
"malicious": 0,
"suspicious": 0,
"total": 79
},
"classification": {
"status": "undefined"
},
"certificate": {
"valid_from": "2022-06-14T04:02:43Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2025-07-12T07:06:34Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "CA Issuers - URI:http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt\nOCSP - URI:http://ocsp.globalsign.com/gsgccr45evcodesignca2020\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.3.6.1.4.1.4146.1.2\n CPS: https://www.globalsign.com/repository/\nPolicy: 2.23.140.1.3\n"
},
{
"is_critical": "False",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.globalsign.com/gsgccr45evcodesignca2020.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:25:9D:D0:FC:59:09:86:63:C5:EC:F3:B1:13:3B:57:1C:03:92:36:11\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "B9:8B:D3:79:F7:03:DC:12:78:E5:28:C2:AF:E8:61:4D:3E:E1:AC:E3"
}
],
"signature": "5B69F2E4D90E7BE365D1C7AC43371CB7776CEECA23F711A58800F1091BFABCC1B84E48ADAC4369227C12B4E245B3614E4A458EC2F4910F403A5C65AF14FB75D183C5CAEA2F1420728FAE1E982286FCDFFFC05B1CE0B1A7F20B40722AD54BB6DCC9E43A8C56B6F7095FC1A9BE7C66B8C7C5AF02F1796D5A83C571256B969FC26F7D7FC450D18424862E8CD1E025EEA76AA1960A98A9A3901BCEC5F0BE5C4EE75A3B54737E95458AE7945904FB998A00AFFD6EC08545B5617352444248D5AFF9F2AC565F8002F64C03FBFFD06052849F3C198AD516E7C6B711704B9F3A005076DDA3059DEBC975DB2F3965F589494E62DE687762783502E2E2EBA139A54300B59E116BA9CBD8323F7EB2C831A857D540E243C277C7DC59320AA3122E4A60E0908102342BFEC432407BD0F911E53D8C2CDF36A63FD1FE8DC271DF5F0CA0A32C6DC01DB8BD271F7766C2798F220171DDE4189C3411E88E0573D23291CDA2884217BB55458C8D4B957EFBC8B0D58F88490924C68E1BE8A7348C3F490B7D4158DB936902FF473A033A2F78F311FB44EEF9C2547A1632CEE370A20D3E9042C49C219C877AE9DB73E0542657A66F27C7EA7C3B594CCC4CD0BDEFC3B40443DBE4AA0E7875684531C6E51BCCF876BD9AA052E0A15FF5BBE1D5E77F63E80E3C5D08D200CAE0C5BC219A89DF67FA38C60EB60FFDA27324DEC43EBBB2E37BF341458B075084B5",
"common_name": "Reallusion Inc.",
"serial_number": "67C6DAAFB381A5567534EB0F",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "3b5d3951bd5930863767cd86a4ba27c5"
},
{
"name": "SHA1",
"value": "e18af391a8ba1ae94eb61794c573c5a9856c80d3"
},
{
"name": "SHA256",
"value": "A481635184832F09BC3D3921A335634466C4C6FC714D8BBD89F65E827E5AF1B1"
}
],
"issuer": "GlobalSign GCC R45 EV CodeSigning CA 2020"
}
},
{
"certificate_first_seen": "2022-09-15T05:09:36",
"statistics": {
"known": 0,
"unknown": 0,
"malicious": 1,
"suspicious": 0,
"total": 1
},
"classification": {
"status": "undefined"
},
"certificate": {
"valid_from": "2022-08-16T16:45:04Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2023-08-16T16:45:03Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:FALSE"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:09:FE:C0:15:90:F9:AF:64:0A:92:12:B9:26:28:63:0C:97:EC:A7:B2\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "CA Issuers - URI:http://certs.apple.com/wwdrg3.der\nOCSP - URI:http://ocsp.apple.com/ocsp03-wwdrg305\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.2.840.113635.100.5.1\n User Notice:\n Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.\n CPS: https://www.apple.com/certificateauthority/\n"
},
{
"is_critical": "True",
"name": "X509v3 Extended Key Usage",
"value": "Code Signing"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "8B:DB:F3:20:E4:7F:AD:DD:DB:04:07:B8:D0:F4:EF:03:82:21:A1:50"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Digital Signature"
},
{
"is_critical": "True",
"name": "1.2.840.113635.100.6.1.7",
"value": ".."
},
{
"is_critical": "True",
"name": "1.2.840.113635.100.6.1.4",
"value": ".."
}
],
"signature": "D8506E1AD8408E4A9850644A2870525B362FBF5C74DCEF62AB73E3EB2BFC178D66168F491FF4CD894D1CD0FD3C799236C7FD41A114A1DA33EB87AAA89B51F532DFA461DCF383B1CE388E03ABB3B710925ED477EE546F5D7BAF7066E9D397D522F86CBAB8E6470B419E5CA16A9946356D4B50523E28CF852EB1BE912A215AD527F32690C1CD0DA294834AC5D06E745D6DD20077F0613F65F8547CC3BA9271BFD03A4C1245147F0197D687193E9086059AFB1997DDCA54BF7F0914C3FDC873629FAC16B5129C461A61BF28863902B87CA04E33FEC390C756C1D0556ED04B41C8B95C4AE53C6BF7422BD7D9705EA0D3984D665A2536419556ACCFEB5717B7112ACE",
"common_name": "Apple Distribution: The Dash Foundation, Inc. (44RJ69WHFF)",
"serial_number": "733E6B713464528602D5CA7DB152C6D6",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "cb702899b0e4a8e748678e6b8acde556"
},
{
"name": "SHA1",
"value": "0463c9bff6b702da41487c8440fd02f5c5e239c1"
},
{
"name": "SHA256",
"value": "E199A1AE82E44F824C3086C1704B7CC0004364371316951992008A5E976A42C4"
}
],
"issuer": {
"valid_from": "2020-02-19T18:13:47Z",
"signature_algorithm": "sha256WithRSAEncryption",
"valid_to": "2030-02-20T00:00:00Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE, pathlen:0"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E\n"
},
{
"is_critical": "False",
"name": "Authority Information Access",
"value": "OCSP - URI:http://ocsp.apple.com/ocsp03-applerootca\n"
},
{
"is_critical": "False",
"name": "X509v3 CRL Distribution Points",
"value": "\nFull Name:\n URI:http://crl.apple.com/root.crl\n"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "09:FE:C0:15:90:F9:AF:64:0A:92:12:B9:26:28:63:0C:97:EC:A7:B2"
},
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Certificate Sign, CRL Sign"
},
{
"is_critical": "False",
"name": "1.2.840.113635.100.6.2.1",
"value": ".."
}
],
"signature": "AD6513E8F6E0817744024742BE5FA53920EA62A9FDC590C97313D59E9BD0AA0F8D8DCBED01CF6C28405BC7552441F8FCCFC1B523E9DCECF16FCA801D77C2C461492567AF0FCA3925ADD3E37ACC33280D0E2EA1574073FAE65CAE065129EDE3850C4F61DC32168B77D044CA5D720331469CAE9B401AFAF4E0D33EFA2F8C669F97C45459EFD248F4079949605919C7DD94D1C0C16C7F7821EF0CEB3B6C99824B526038B539826DEC523153BE0F914C4949748FA651CB84474E1D75276EBDF9D25CF37FC26C0B0936E264E4C237031419D5EA6A94AAA9DBFEF69A08678BEF2BB8AA174983AFCFCBBCE9CFEA9571B0B445A2CCE587AA0AC3413A795CDA50349D953B",
"common_name": "Apple Worldwide Developer Relations Certification Authority",
"serial_number": "7CAF690A25B739FE7B9B447AC178C5EE",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "08a45128fa238443623421dd2c9887ab"
},
{
"name": "SHA1",
"value": "06ec06599f4ed0027cc58956b4d3ac1255114f35"
},
{
"name": "SHA256",
"value": "DCF21878C77F4198E4B4614F03D696D89C66C66008D4244E1B99161AAC91601F"
}
],
"issuer": {
"valid_from": "2006-04-25T21:40:36Z",
"signature_algorithm": "sha1WithRSAEncryption",
"valid_to": "2035-02-09T21:40:36Z",
"version": "2",
"extensions": [
{
"is_critical": "True",
"name": "X509v3 Key Usage",
"value": "Certificate Sign, CRL Sign"
},
{
"is_critical": "True",
"name": "X509v3 Basic Constraints",
"value": "CA:TRUE"
},
{
"is_critical": "False",
"name": "X509v3 Subject Key Identifier",
"value": "2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E"
},
{
"is_critical": "False",
"name": "X509v3 Authority Key Identifier",
"value": "keyid:2B:D0:69:47:94:76:09:FE:F4:6B:8D:2E:40:A6:F7:47:4D:7F:08:5E\n"
},
{
"is_critical": "False",
"name": "X509v3 Certificate Policies",
"value": "Policy: 1.2.840.113635.100.5.1\n CPS: https://www.apple.com/appleca/\n User Notice:\n Explicit Text: Reliance on this certificate by any party assumes acceptance of the then applicable standard terms and conditions of use, certificate policy and certification practice statements.\n"
}
],
"signature": "5C36994C2D78B7ED8C9BDCF3779BF276D277304FC11F8583851B993D4737F2A99B408E2CD4B19012D8BEF4739BEED2640FCB794F34D8A23EF978FF6BC807EC7D39838B5320D338C4B1BF9A4F0A6BFF2BFC59A705097C174056111E74D3B78B233B47A3D56F24E2EBD1B770DF0F45E127CAF16D78EDE7B51717A8DC7E2235CA25D5D90FD66BD4A2242311F7A1AC8F738160C61B5B092F92B2F84448F060389E15F53D2667208A336AF70D82CFDEEBA32FF9536A5B64C0633377F73A072C56EBDA0F210EDABA73194FB5D9367FC18755D9A799B93242FBD8D5719E7EA152B71BBD934224122AC70F1DB64D9C5E63C84B801750AA8AD5DAE4FCD0090737B0757521",
"common_name": "Apple Root CA",
"serial_number": "02",
"certificate_thumbprints": [
{
"name": "MD5",
"value": "7e611e0f7ba31b51986f413b41383ef0"
},
{
"name": "SHA1",
"value": "611e5b662c593a08ff58d14ae22452d198df6c60"
},
{
"name": "SHA256",
"value": "B0B1730ECBC7FF4505142C49F1295E6EDA6BCAED7E2C68C5BE91B5A11001F024"
}
],
"issuer": "Apple Root CA"
}
}
}
}
]
}
}