search

Verify a Stir/Shaken Certificate

Part of the identity token included in a SIP header is the Stir/Shaken Certificate of the originating carriers.

An identity token looks like the following:

eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiaHR0cHM6Ly9idy1zaGFrZW4tY2VydC1wdWIuczMuYW1xx9uYXdzLmNvbS9iYW5kd2lkdGgtc2hha2VuLWNlcnRfMjAyMzA3MTYucGVtIn0.eyJhdHRlc3QiOiJCIiwiZGVzdCI6eyJ0biI6WyIxNzcwMjk2NTM1OSJdfSwiaWF0IjoxNjY1NDI0MDcxLCJvcmlnIjp7InRuIjoiMTc3MDQ0ODgyMDAifSwib3JpZ2lkIjoiY2Y1NzVkOWYtOGNiMS0zOWMzLWI3N2EtODUyZjJiYTdmNTQ2In0.IIXlVkGpYtP70O-HQQKAv4mqR2_1qqPpDqELS_US1mS0jEcvUnUm2N16HLwlrn0Zne2-UkTl0U3f_IYNO8slvQ;info=<https://certificates.peeringhub.io/123H/123H.crt>;alg=ES256;ppt=shaken

You can download the certificate file from the "info" field and the content of the file is similar to below:

-----BEGIN CERTIFICATE-----
zIIDdddCAr2gAwIBAgIQSJ/BURPUF9492q9GgBDhlDAKBggqhkjOPQQDAjB8MQsw
xQYDVQQGEwJVUzEXMBUGA1UECgwOUGVlcmluZ2h1YiBJbmMxIjAgBgNVBAsMGUNl
cnRpZmljYXRpb24gQXV0aG9yaXRpZXMxMDAuBgNVBAMMJ1BlZXJpbmdodWIgSW5j
IFNIQUtFTiBJbnRlcm1lZGlhdGUgQ0EgMjAeFw0yMjA4MjQwNTA1MzBaFw0yMjA5
MTIxMTExNTVaMF8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJERTERMA8GA1UEBwwI
Q0xBWU1PTlQxETAPBgNVBAoMCE1lcmF0YWxrMR0wGwYDVQQDDBRNZXJhdGFsayBT
SEFLRU4gMjg5SzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGLa/dZjC4lmBJw7
m2nFkausaapWdoWc1ug4pr/w3rm/DQsSRs/0o0Gm7Cw0L2WjSYTG6e2wt820w9rq
Z5rgl9KjggE8MIIBODAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNV
HQ4EFgQUw1+a9xx+PW878Lx98N9MOf33JEcwHwYDVR0jBBgwFoAUrqFzUYgpVxHK
DKn0sQpuTrhLTQcwFwYDVR0gBBAwDjAMBgpghkgBhv8JAQEBMBYGCCsGAQUFBwEa
BAowCKAGFgQyODlLMIGmBgNVHR8EgZ4wgZswgZigOqA4hjZodHRwczovL2F1dGhl
bnRpY2F0ZS1hcGkuaWNvbmVjdGl2LmNvbS9kb3dubG9hZC92MS9jcmyiWqRYMFYx
FDASBgNVBAcMC0JyaWRnZXdhdGVyMQswCQYDVQQIDAJOSjETMBEGA1UEAwwKU1RJ
LVBBIENSTDELMAkGA1UEBhMCVVMxDzANBgNVBAoMBlNUSS1QQTAKBggqhkjOPQQD
AgNIADBFAiEA9FwWY/mpoaJrUX/5C0kiMy0tFTwb4LmRiVgJc3RImNwCICt2Z6Mo
Z2Bza1qdBai5uMy0BeIXbGq/9b1Z6wCOfLHW
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
xxxxxdCCArWgAwIBAgIRALZNFq96KG4nRDKyzVhPcaUwCgYIKoZIzj0EAwIwazEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoMDlBlZXJpbmdodWIgSW5jMSIwIAYDVQQLDBlD
ZXJ0aWZpY2F0aW9uIEF1dGhvcml0aWVzMR8wHQYDVQQDDBZQZWVyaW5naHViIElu
YyBSb290IENBMB4XDTIyMDYyMjIyNDUwMloXDTMyMDYxOTIyNDUwMlowfDELMAkG
A1UEBhMCVVMxFzAVBgNVBAoMDlBlZXJpbmdodWIgSW5jMSIwIAYDVQQLDBlDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0aWVzMTAwLgYDVQQDDCdQZWVyaW5naHViIEluYyBT
SEFLRU4gSW50ZXJtZWRpYXRlIENBIDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC
AATXEEZfOD4d6FnCYEcvzXAMpFyyP8F1fGefqfxy+R22euER5DvlXYg0vRiyF1hD
KC/hvM7eC74evVeiNgpWB3j+o4IBJzCCASMwDgYDVR0PAQH/BAQDAgGGMA8GA1Ud
EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK6hc1GIKVcRygyp9LEKbk64S00HMB8GA1Ud
IwQYMBaAFBzpokb/fffddddngvRijv4Fon/PMBcGA1UdIAQQMA4wDAYKYIZIAYb/
CQEBATCBpgYDVR0fBIGeMIGbMIGYoDqgOIY2aHR0cHM6Ly9hdXRoZW50aWNhdGUt
YXBpLmljb25lY3Rpdi5jb20vZvvvvvvvYWQvdjEvY3JsolqkWDBWMQswCQYDVQQG
EwJVUzELMAkGA1UECAwCTkoxFDASBgNVBAcMC0JyaWRnZXdhdGVyMQ8wDQYDVQQK
DAZTVEktUEExEzARBgNVBAMMClNUSS1QQSBDUkwwCgYIKoZIzj0EAwIDSAAwRQIg
GkVAngGoauAcC66weTZ39bchjkWjkJKdZifjcqqM/y0CIQCmG8NEcrd6aC92TjHp
N2/d38qvM8vvvvv+smqhcg==
-----END CERTIFICATE-----

You can decrypt the content of the certificate to get the information about the origination carrier using Openssl command:

openssl x509 -text -noout -in cert_file_path

You should get back a response similar to the following:

PreviousTroubleshootNextIntegration

Last updated