STI-PA-TC-024

CRL Download; verify the CRL signature

You can get the list of CRL from server with the following API:

https://authenticate-api-stg.iconectiv.com/download/v1/crl

You should get back data from server as follows:

-----BEGIN X509 CRL-----
MIIPyzCCD3ICAQEwCgYIKoZIzj0EAwIwVjEUMBIGA1UEBwwLQnJpZGdld2F0ZXIx
CzAJBgNVBAgMAk5KMRMwEQYDVQQDDApTVEktUEEgQ1JMMQswCQYDVQQGEwJVUzEP
MA0GA1UECgwGU1RJLVBBFw0yMjA3MjAxOTAwNDRaFw0yMjA3MjExOTAwNDRaMIIO
DTCBkQIJAMRzV8BBFGlSFw0yMDAyMjQyMDIzMDFaMHUwCgYDVR0VBAMKAQAwZwYD
VR0dAQH/BF0wW6RZMFcxFjAUBgNVBAMMDTE5Mi4xNjguMzAuNjExEDAOBgNVBAoM
B1N0cmF0dXMxDjAMBgNVBAcMddBsYW5vMQ4wDAYDVQQIDAVUZXhhczELMAkGA1UE
BhMCVVMwgaYCEQCxaemSeTxloRS3U0UNjm13Fw0yMDAzMDIyMDU4MDdaMIGBMAoG
A1UdFQQDCgEBMHMGA1UdHQEB/wRpMGekZTBjMSAwHgYDVQQDDBdTVEktUEEgUm9v
dCBDZXJ0aWZpY2F0ZTEPMA0GA1UECgwGU1RJLVBBMRQwEgYDVQQHDAtCcmlkZ2V3
YXRlcjELMAkGA1UECAwCTkoxCzAJBgNVBAYTAlVTMIHIAhQoqhCeiOomO5XQYiAv
5cWxdyyYXxcNMjAwNDA3MTE0NzQ3WjCBaaaKBgNVHRUEAwoBADCBkQYDVR0dAQH/
BIGGMIGDpIGAMH4xCzAJBgNVBAYTAlVTMSkwJwYDVQQKDCBOZXVzdGFyIEluZm9y
bWF0aW9uIFNlcnZpY2VzIEluYzEZMBcGA1UECwwQd3d3LmNjaWQubmV1c3RhcjEp
MCcGA1UEAwwgTmV1c3RhciBDZXJ0aWZpZWQgQ2FsbGVyIElEIENBLTEwgaUCEFk9
zDGEQmKnCz7s5GqVsFcXDTIwMDQxNzIwNDYwMlowgYEwCgYDVR0VBAMKAQEwcwYD
VR0dAQH/BGkwZ6RlMGMxIDAeBgNVBAMMF1NUSS1QQSBSb290IENlcnRpZmljYXRl
MQ8wDQYDVQQKDAZTVEktUEExFDASBgNVBAcMC0JyaWRnZXdhdGVyMQswCQYDVQQI
DAJOSjELMAkGA1UEBhMCVVMwgYACAg4fFw0yMDA0MjIxNzI3NDZaMGswCgYDVR0V
BAMKAQEwXQYDVR0dAQH/BFMwUaRPME0xKDAmBgNVBAMMH1RNT0JJTEUtUFJPRC1S
T09ULVNUSVJTSEFLRU4tRUMxFDASBgNVBAoMC1RNT0JJTEUtVVNBMQswCQYDVQQG
EwJVUzCBpwIQC5McOtY5Z+pnI7/Dr5r0SxcNMjAxMjAyMjAxNzM2WjCBgzAKBgNV
HRUEAwoBATB1BgNVHR0BAf8EazBppGcwZTEkMCIGA1UEAwwbRGlnaUNlcnQgQXNz
dXJlZCBJRCBSb290IEcyMRkwFwYDVQQLDBB3d3cuZGlnaWNlcnQuY29tMRUwEwYD
VQQKDAxEaWdpQ2VydCBJbmMxCzAJBgNVBAYTAlVTMGcCBgF5Gq76QRcNMjEwNDI5
MTYwMDAwWjBOMAoGA1UdFQQDCgEEMEAGA1UdHQEB/wQ2MDSkMjAwMQswCQYDVQQG
EwJVUzEQMA4GA1UECgwHTGl2ZVZveDEPMA0GA1UEAwwGRmFrZUNBMIGmAhEA6Iln
0n6szHL0K/YpzKXedRcNMjEwNjA0MjA1NzM4WjCBgTAKBgNVHRUEAwoBATBzBgNV
HR0BAf8EaTBnpGUwYzEgMB4GA1UEAwwXU1RJLVBBIFJvb3QgQ2VydGlmaWNhdGUx
DzANBgNVBAoMBlNUSS1QQTEUMBIGA1UEBwwLQnJpZGdld2F0ZXIxCzAJBgNVBAgM
Ak5KMQswCQYDVQQGEwJVUzCBlQIDeQEIFw0yMTA3MTMxOTE3MDhaMH8wCgYDVR0V
BAMKAQQwcQYDVR0dAQH/BGcwZaRjMGExKjAoBgNVBAMMIUNhbGxTaGFwZXIgU0hB
S0VOIEludGVybWVkaWF0ZSBDQTETMBEGA1UECgwKQ2FsbFNoYXBlcjERMA8GA1UE
CAwITWFyeWxhbmQxCzAJBgNVBAYTAlVTMIGLAgREAESZFw0yMTA3MjIxNjAyNTVa
MHQwCgYDVR0VBAMKAQAwZgYDVR0dAQH/BFwwWqRYMFYxHzAdBgNVBAMMFkNvbWNh
c3QgU0hBS0VOIFJvb3QgQ0ExDDAKBgNVBAoMA0FNWDELMAkGA1UEBwwCSksxCzAJ
BgNVBAgMAk1JMQswCQYDVQQGEwJVUzCBjAIFWIiFVlgXDTIxMDcyMzE0MTg1OFow
dDAKBgNVHRUEAwoBADBmBgNVHR0BAf8EXDBapFgwVjEfMB0GA1UEAwwWQ29tY2Fz
dCBTSEFLRU4gUm9vdCBDQTEMMAoGA1UECgwDQU1YMQswCQYDVQQHDAJKSzELMAkG
A1UECAwCTUkxCzAJBgNVBAYTAlVTMIHQAhRnd/072ocDy1U7lPFmq9EaY5z7MRcN
MjEwNzI4MjI1NTA0WjCBqDAKBgNVHRUEAwoBCTCBmQYDVR0dAQH/BIGOMIGLpIGI
MIGFMSUwIwYJKoZIhvcNAQkBFhZuby1yZXBseUBjYWxsdG9vbHMuY29tMRYwFAYD
VQQDDA1jYWxsdG9vbHMuY29tMRkwFwYDVQQKDBBDYWxsIFRvb2xzLCBJbmMuMQ8w
DQYDVQQHDAZJcnZpbmUxCzAJBgNVBAgMAkNBMQswCQYDVQQGEwJVUzBYAgEBFw0y
MTA5MDcwNTU4MzNaMEQwCgYDVR0VBAMKAQMwNgYDVR0dAQH/BCwwKqQoMCYxETAP
BgNVBAoMCFFDYWxsIENBMREwDwYDVQQDDAhRQ2FsbCBDQTCBpgIRAKIJMk+3RJaN
Nz9nou6Y2jYXDTIxMTIxMDAxMDM0MVowgYEwCgYDVR0VBAMKAQAwcwYDVR0dAQH/
BGkwZ6RlMGMxIDAeBgNVBAMMF1NUSS1QffBSb290IENlcnRpZmljYXRlMQ8wDQYD
VQQKDAZTVEktUEExFDASBgNVBAcMC0JyaWRnZXdhdGVyMQswCQYDVQQIDAJOSjEL
MAkGA1UEBhMCVVMwgasCFEkbRiisDLtvog+OVeyj0NLZuCqtFw0yMjA1MDUxNjAx
NDhaMIGDMAoGA1UdFQQDCgEAMHUGA1UdHQEB/wRrMGmkZzBlMSAwHgYDVQQDDBdH
QlNEVGVjaCBTSEFLRU4gUm9vdCBDQTERMA8GA1UECgwIR0JTRFRlY2gxETAPBgNV
BAcMCEZ0IFdvcnRoMQ4wDAYDVQQIDAVUZXhhczELMAkGA1UEBhMCVVMwVQICJwsX
DTIyMDUyNDIwMjgzNVowQDAKBgNVHRUEAwoBBDAyBgNVHR0BAf8EKDAmpCQwIjET
MBEGA1UEAwwKVHJ1c3RlZCBDQTELMAkGA1UEBhMCVVMwgawCCEb+wdxsOsVwFw0y
MjA2MDcxNTUwMDlaMIGQMAoGA1UdFQQDCgEAMIGBBgNVHR0BAf8EdzB1pHMwcTEg
MB4GA1UECwwXVVMgU0hBS0VOIFRyaWFsIFNlcnZpY2UxFjAUBgNVBAoMDU5ldE51
bWJlciBJbmMxCzAJBgNVBAYTAlVTMSgwJgYDVQQDDB9OZXROdW1iZXIgU0hBS0VO
IFJvb3QgVHJpYWwgQ0ExMIGlAhBZ3HSVyfBjSRLWPWoygqFVFw0yMjA2MDcxNTUx
MzdaMIGBMAoGA1UdFQQDCgEAMHMGA1UdHQEB/wRpMGekZTBjMSAwHgYDVQQDDBdT
VEktUEEgUm9vdCBDZXJ0aWZpY2F0ZTEPMA0GA1UECgwGU1RJLVBBMRQwEgYDVQQH
DAtCcmlkZ2V3YXRlcjELMAkGA1UECAwCTkoxCzAJBgNVBAYTAlVTMIHfAgJpBBcN
MjIwNjE4MDExNDM0WjCByTAKBgNVHRUEAwoBCTCBugYDVR0dAQH/BIGvMIGspIGp
MIGmMSIwIAYJKoZIhvcNAQkBFhNuby1yZXBseUByb290Q0EudGxkMSkwJwYDVQQD
DCBTVElSL1NIQUtFTiBTZWxmLVNpZ25pbmcgUm9vdCBDQTEpMCcGA1UECgwgU1RJ
Ui9TSEFLRU4gU2VsZi1TaWduaW5nIFJvb3QgQ0ExEDAOBgNVBAcMB0F0bGFudGEx
CzAJBgNVBAgMAkdBMQswCQYDVQQGEwJVUzCBlgIBABcNMjIwNjIxMjAzNjQ5WjCB
gTAKBgNVHRUEAwoBAjBzBgNVHR0BAf8EaTBnpGUwYzExMC8GA1UECwwoR28gRGFk
ZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEhMB8GA1UECgwYVGhl
IEdvIERhZGR5IEdyb3VwLCBJbmMuMQswCQYDVQQGEwJVUzCB0AIUQpx8cHEeOCDw
uOHerm/zJiJkO/kXDTIyMDcwNjE5MjYwM1owgagwCgYDVR0VBAMKAQAwgZkGA1Ud
HQEB/wSBjjCBi6SBiDCBhTEwMC4GA1UEAwwnU0hBS0VOIFNhbnNheSBJbnRlcm1l
ZGlhdGUgQ0EgVVMgV0VTVCAxMRIwEAYDVQQLDAlTYW5zYXkgQ0ExGzAZBgNVBAoM
ElNhbnNheSBDb3Jwb3JhdGlvbjETMBEGA1UECAwKQ2FsaWZvcm5pYTELMAkGA1UE
BhMCVVMwgeYCFA2jkywttqz8o3hHNpnYqeBHJwR8Fw0yMjA3MDcxMzI1MDJaMIG+
MAoGA1UdFQQDCgEEMIGvBgNVHR0BAf8EgaQwgaGkgZ4wgZsxKDAmBgkqhkiG9w0B
CQEWGXRlY2hub2xvZ3lAc2ltcGx5Y2FzdC5jb20xFzAVBgNVBAMMDnNpbXBseWNh
c3QuY29tMRMwEQYDVQQLDApPcGVyYXRpb25zMRMwEQYDVQQKDApTaW1wbHlDYXN0
MRIwEAYDVQQHDAlEYXJ0bW91dGgxCzAJBgNVBAgMAk5TMQswCQYDVQQGEwJDQaCB
2TCB1jBPBgNVHRwBAf8ERTBDoD6gPIY6aHR0cHM6Ly9hdXRoZW50aWNhdGUtYXBp
LXN0Zy5pY29uZWN0aXYuY29tL2Rvd25sb2FkL3YxL2NybIQB/zALBgNVHRQEBAIC
AvIwdgYIKwYBBQUHAQEEajBoMGYGCCsGAQUFBzAChlpodHRwczovL2F1dGhlbnRp
Y2F0ZS1hcGktc3RnLmljb25lY3Rpdi5jb20vZG93bmxvYWQvdjEvY2VydGlmaWNh
dGUvY2VydGlmaWNhdGVJZF8yNjM1NS5jcnQwCgYIKoZIzj0EAwIDRwAwRAIgQBy+
Hl2vhB3q/QPVRscc2JvqaEj1ZB/H5gfStEkTgVYCIHMX7etueEJG6ILNxZg8YOch
ZttXgJI+qPa4AxFMaOqr
-----END X509 CRL-----
 == Retrieved CRL:
Certificate Revocation List (CRL):
        Issuer: /L=Bridgewater/ST=NJ/CN=STI-PA CRL/C=US/O=STI-PA
Revoked Certificates:
    Serial Number: C47357C041146952
        Revocation Date: Feb 24 20:23:01 2020 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=192.168.30.61/O=Stratus/L=Plano/ST=Texas/C=US
    Serial Number: B169E992793C65A114B753450D8E6D77
        Revocation Date: Mar  2 20:58:07 2020 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=STI-PA Root Certificate/O=STI-PA/L=Bridgewater/ST=NJ/C=US
    Serial Number: 28AA109E88EA263B95D062202FE5C5B1772C985F
        Revocation Date: Apr  7 11:47:47 2020 GMT
            X509v3 Certificate Issuer: critical
                DirName:/C=US/O=Neustar Information Services Inc/OU=www.ccid.neustar/CN=Neustar Certified Caller ID CA-1
    Serial Number: 593DCC31844262A70B3EECE46A95B057
        Revocation Date: Apr 17 20:46:02 2020 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=STI-PA Root Certificate/O=STI-PA/L=Bridgewater/ST=NJ/C=US
    Serial Number: 0E1F
        Revocation Date: Apr 22 17:27:46 2020 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=TMOBILE-PROD-ROOT-STIRSHAKEN-EC/O=TMOBILE-USA/C=US
    Serial Number: 0B931C3AD63967EA6723BFC3AF9AF44B
        Revocation Date: Dec  2 20:17:36 2020 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=DigiCert Assured ID Root G2/OU=www.digicert.com/O=DigiCert Inc/C=US
    Serial Number: 01791AAEFA41
        Revocation Date: Apr 29 16:00:00 2021 GMT
            X509v3 Certificate Issuer: critical
                DirName:/C=US/O=LiveVox/CN=FakeCA
    Serial Number: E88967D27EACCC72F42BF629CCA5DE75
        Revocation Date: Jun  4 20:57:38 2021 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=STI-PA Root Certificate/O=STI-PA/L=Bridgewater/ST=NJ/C=US
    Serial Number: 790108
        Revocation Date: Jul 13 19:17:08 2021 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=CallShaper SHAKEN Intermediate CA/O=CallShaper/ST=Maryland/C=US
    Serial Number: 44004499
        Revocation Date: Jul 22 16:02:55 2021 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=Comcast SHAKEN Root CA/O=AMX/L=JK/ST=MI/C=US
    Serial Number: 5888855658
        Revocation Date: Jul 23 14:18:58 2021 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=Comcast SHAKEN Root CA/O=AMX/L=JK/ST=MI/C=US
    Serial Number: 6777FD3BDA8703CB553B94F166ABD11A639CFB31
        Revocation Date: Jul 28 22:55:04 2021 GMT
            X509v3 Certificate Issuer: critical
                DirName:/emailAddress=no-reply@calltools.com/CN=calltools.com/O=Call Tools, Inc./L=Irvine/ST=CA/C=US
    Serial Number: 01
        Revocation Date: Sep  7 05:58:33 2021 GMT
            X509v3 Certificate Issuer: critical
                DirName:/O=QCall CA/CN=QCall CA
    Serial Number: A209324FB744968D373F67A2EE98DA36
        Revocation Date: Dec 10 01:03:41 2021 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=STI-PA Root Certificate/O=STI-PA/L=Bridgewater/ST=NJ/C=US
    Serial Number: 491B4628AC0CBB6FA20F8E55ECA3D0D2D9B82AAD
        Revocation Date: May  5 16:01:48 2022 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=GBSDTech SHAKEN Root CA/O=GBSDTech/L=Ft Worth/ST=Texas/C=US
    Serial Number: 270B
        Revocation Date: May 24 20:28:35 2022 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=Trusted CA/C=US
    Serial Number: 46FEC1DC6C3AC570
        Revocation Date: Jun  7 15:50:09 2022 GMT
            X509v3 Certificate Issuer: critical
                DirName:/OU=US SHAKEN Trial Service/O=NetNumber Inc/C=US/CN=NetNumber SHAKEN Root Trial CA1
    Serial Number: 59DC7495C9F0634912D63D6A3282A155
        Revocation Date: Jun  7 15:51:37 2022 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=STI-PA Root Certificate/O=STI-PA/L=Bridgewater/ST=NJ/C=US
    Serial Number: 6904
        Revocation Date: Jun 18 01:14:34 2022 GMT
            X509v3 Certificate Issuer: critical
                DirName:/emailAddress=no-reply@rootCA.tld/CN=STIR/SHAKEN Self-Signing Root CA/O=STIR/SHAKEN Self-Signing Root CA/L=Atlanta/ST=GA/C=US
    Serial Number: 00
        Revocation Date: Jun 21 20:36:49 2022 GMT
            X509v3 Certificate Issuer: critical
                DirName:/OU=Go Daddy Class 2 Certification Authority/O=The Go Daddy Group, Inc./C=US
    Serial Number: 429C7C70711E3820F0B8E1DEAE6FF32622643BF9
        Revocation Date: Jul  6 19:26:03 2022 GMT
            X509v3 Certificate Issuer: critical
                DirName:/CN=SHAKEN Sansay Intermediate CA US WEST 1/OU=Sansay CA/O=Sansay Corporation/ST=California/C=US
    Serial Number: 0DA3932C2DB6ACFCA378473699D8A9E04727047C
        Revocation Date: Jul  7 13:25:02 2022 GMT
            X509v3 Certificate Issuer: critical
                DirName:/emailAddress=technology@simplycast.com/CN=simplycast.com/OU=Operations/O=SimplyCast/L=Dartmouth/ST=NS/C=CA

Validate CRL Signature

You use the following API to get signature:

https://authenticate-api-stg.iconectiv.com/download/v1/certificate/certificateId_26355.crt

Server should response with:

-----BEGIN CERTIFICATE-----
MIICPDCCAeKgAwIBAgIRAJsp7BpDDvw8gxcT4n8MGGEwCgYIKoZIzj0EAwIwYzEL
MAkGA1UEBhMCVVMxCzAJBgNVBAgMAk5KMRQwEgYDVQQHDAtCcmlkZ2V3YXRlcjEP
MA0GA1UECgwGU1RJLVBBMSAwHgYDVQQDDBdTVEktUEEgUm9vdCBDZXJ0aWZpY2F0
ZTAeFw0yMDExMTEyMzMyMTJaFw0yMzExMTIwMDMyMTJaMFYxFDASBgNVBAcTC0Jy
aWRnZXdhdGVyMQswCQYDVQQIEwJOSjETMBEGA1UEAxMKU1RJLVBBIENSTDELMAkG
A1UEBhMCVVMxDzANBgNVBAoTBlNUSS1QQTBZMBMGByqGSM49AgEGCCqGSM49AwEH
A0IABKIAr1yTIx/vfEK3gHC9iwSaRHZn+5jo2dDQ7/+T8eGcV7aJu9KJ3lcMDxvj
1LUCD3i3GNylH0jHck6SCj/BwimjgYMwgYAwEgYDVR0TAQH/BAgwBgEB/wIBADAf
BgNVHSMEGDAWgBQOZDzy2PmYh6Hq3RLh6b732Gz9PDAdBgNVHQ4EFgQUbqZpgTbk
+j4bB1owEa6o8H6xHhkwDgYDVR0PAQH/BAQDAgGGMBoGA1UdIAEB/wQQMA4wDAYK
YIZIAYb/CQEBATAKBggqhkjOPQQDAgNIADBFAiEAuaAu3ylCL8/Kad7VKdv/O4vw
5QnV79xdiFc2jExdRmYCIGDlBQXhQzCJNSXxvqBnqkW/SkQ3mo/DP4LyC8NkNsew
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICBjCCAaygAwIBAgIQWdx0lcnwY0kS1j1qMoKhVTAKBggqhkjOPQQDAjBjMQsw
CQYDVQQGEwJVUzELMAkGA1UECAwCTkoxFDASBgNVBAcMC0JyaWRnZXdhdGVyMQ8w
DQYDVQQKDAZTVEktUEExIDAeBgNVBAMMF1NUSS1QQSBSb290IENlcnRpZmljYXRl
MB4XDTE5MTAwNDExNDEyM1oXDTI5MTAwNDEyNDEyM1owYzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgMAk5KMRQwEgYDVQQHDAtCcmlkZ2V3YXRlcjEPMA0GA1UECgwGU1RJ
LVBBMSAwHgYDVQQDDBdTVEktUEEgUm9vdCBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49
AgEGCCqGSM49AwEHA0IABCYlkZftjTJ5LjnKSG4Ed4Wdjs2yA4i6IsrKEp55roKm
Ypbni2MWS7CB1XMzO62h/8m+6tuu9zDsx77csEXpbpajQjBAMA8GA1UdEwEB/wQF
MAMBAf8wHQYDVR0OBBYEFA5kPPLY+ZiHoerdEuHpvvfYbP08MA4GA1UdDwEB/wQE
AwIBhjAKBggqhkjOPQQDAgNIADBFAiEA6Hydwq1G2qV9QFRfGtpSI2ekZ7+NnQey
sLATvTYUOp8CICar8g1HJb/EvjI5Lw5Su0XqAzUXpRyXr6ehLvWeR/NO
-----END CERTIFICATE-----

Using x5u:

serial=9B29EC1A430EFC3C831713E27F0C1861

issuer= /C=US/ST=NJ/L=Bridgewater/O=STI-PA/CN=STI-PA Root Certificate

subject= /L=Bridgewater/ST=NJ/CN=STI-PA CRL/C=US/O=STI-PA ==

Using Root CA:

serial=59DC7495C9F0634912D63D6A3282A155

issuer= /C=US/ST=NJ/L=Bridgewater/O=STI-PA/CN=STI-PA Root Certificate

subject= /C=US/ST=NJ/L=Bridgewater/O=STI-PA/CN=STI-PA Root Certificate

Last updated