# Certificate {% hint style="success" %} The certificate transaction is part of the **Palladium** release. {% endhint %} A **Certificate** transaction allows an identity on the LTO Network to anchor an X.509 certificate on-chain, typically an **organizational** or **Extended Validation (EV)** certificate. This enables trusted identification of legal entities, such as companies, within decentralized workflows. By registering the certificate on-chain, the organization’s identity can be cryptographically verified and linked to its LTO account. This serves as a foundation for verifiable credentials, cross-chain identity proofs, and secure interactions in regulated environments. {% hint style="info" %} The Subject Public Key Info (SPKI) in the X.509 certificate must match the sender’s public key and key type in the transaction. If they differ, the transaction is considered invalid and will be rejected by the network. {% endhint %} ### JSON ```json { "type": 24, "version": 3, "id": "2GqzNqFvxRQh7DQENecUj6kQMsA6JPXjvS7p1yx7PePx", "sender": "3Jq8mnhRquuXCiFUwTLZFVSzmQt3Fu6F7HQ", "senderKeyType": "secp256r1", "senderPublicKey": "AJQn2L4EhJhQh2NX5NvyDDB5BUPuiZBiNRmqRcSmj3g7", "fee": 500000000, "timestamp": 1326499200000, "certificate": "-----BEGIN CERTIFICATE-----\nMIIBmjCCAUGgAwIBAgIUBTg9WprxEdpxu8cLV2CKyGJ7bVQwCgYIKoZIzj0EAwIw\nIzEhMB8GA1UEAwwYQWxpY2UsTz1FeGFtcGxlIEx0ZCxDPU5MMB4XDTI1MDYwMjEy\nNTYzMloXDTI2MDYwMjEyNTYzMlowIzEhMB8GA1UEAwwYQWxpY2UsTz1FeGFtcGxl\nIEx0ZCxDPU5MMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2/WATtZvChbb3xrQ\nEXzszXz3IgpUyA7jbLVQ9B2ibL/SZtvhjU84S8fI1HhzyE5eAqKvkh/pdArBjyXL\naqw0Q6NTMFEwHQYDVR0OBBYEFEb3OV2UesAgnXz8VOieyXgEilyHMB8GA1UdIwQY\nMBaAFEb3OV2UesAgnXz8VOieyXgEilyHMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZI\nzj0EAwIDRwAwRAIgVo0OBEFkXDgJGuIrOl15UKdkvrhe0THS8MO64Jw2F7cCIBpC\nNLnbu23KWkzoIdACHRTGc3MqZrWh53lGq/+tK13P\n-----END CERTIFICATE-----", "proofs": [ "2omugkAQdrm9P7YPx6WZbXMBTifRS6ptaTT8rPRRvKFr1EPFafHSosq6HzkuuLv78gR6vaXLA9WtMsTSBgi3H1qe" ], "height": 1070000 } ``` {% hint style="info" %} * `id` and `height` should be omitted when broadcasting. These fields are set by the node. * `recipient` and`subject` are optional. * Binary strings are base58 encoded. * `timestamp` is in microseconds since epoch. * `fee` includes 8 digits, so `LTO * 10^8` * `certificate` is PEM encoded * `certificate` can be null to clear the certificate of the address {% endhint %} ### Fields {% tabs %} {% tab title="V3" %}

#	Field Name	Type	Length
1	Transaction type	Byte (constant, value=16)	1
2	Version	Byte (constant, value=3)	1
3	Network id	Byte	1
4	Timestamp	Long	8
5	Sender's key type	KeyType (Byte)	1
6	Sender's public key	PublicKey (Array[Byte])	32 \| 33
7	Fee	Long	8
8	Certificate length (N)	Short	1
9	Certificate	Array[Byte]	N

{% hint style="info" %} * Network id can be obtained by taking the 2nd byte from the sender address. * Each [key type](https://docs.ltonetwork.com/accounts#key-types) has a numeric id in addition to the reference from the JSON. * Integers (short, int, long) have a big endian byte order. * Certificate is DER encoded {% endhint %} {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ltonetwork.com/protocol/public/transactions/certificate.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.