{"service":"Castell · Open V2X PKI Testbed","tagline":"Built up. Taken down. Never fallen.","version":"0.8.9","release_date":"2026-06-11","operator":"SkyV2X","public_url":"https://pki.skyv2x.com","disclaimer":"ETSI / CCMS wire-aligned open testbed for V2X integrators. NOT a certified CCMS Trust Point. Best-effort operation.","spec_compliance":{"ts_102_940":"v2.1.1 architecture","ts_102_941":"v1.3.1 wire OER + v2.2.1 protocol semantics","ts_103_097":"v1.3.1 cert format COER","ts_103_759":"v2.1.1 misbehaviour reporting (MA-ready)","ieee_1609_2":"2016/2022 security services"},"curves_supported":[{"name":"NIST P-256","asn1":"ecdsaNistP256","rfc":"RFC 6090 / FIPS 186-5"},{"name":"Brainpool P-256r1","asn1":"ecdsaBrainpoolP256r1","rfc":"RFC 5639"},{"name":"Brainpool P-384r1","asn1":"ecdsaBrainpoolP384r1","rfc":"RFC 5639"}],"authorization_modes":{"supported":["single"],"butterfly_supported":false,"note":"Castell implements single authorization (one AT per request). Butterfly key authorization (batched, fleet-oriented) is not implemented. The spec allows either as a conformance path."},"tlm_rotation":{"link_certificate_endpoint":"/gettlmlinkcertificate[/{hashedId8}]","link_certificate_present":false,"current_tlm_hashedid8":"74534B8C394779F4","note":"Castell publishes a TLM Link Certificate Message per TS 102 941 §6.4.2.1 when the TLM is rotated. Until then the endpoint returns 404 with a structured detail; clients should treat this as 'no rotation yet'."},"trust_anchors":{"tlm":{"url":"/tlm","hashedId8":"74534B8C394779F4","sha256":"42c31989a1114f25acc161b6678f7d57ff56e97a445ac52c74534b8c394779f4","role":"Trust List Manager (top-of-trust)"},"root_ca":{"url":"/trustanchor","hashedId8":"AD7B90E1EB12A0F9","sha256":"8192981c8c2e172f56cebd763eefcd4f21212398552a45b2ad7b90e1eb12a0f9","role":"Root Certificate Authority"},"ma":{"url":"/ma","hashedId8":"405D3CF914EB9E05","sha256":"be1693bf8ae1714b8c5898a9beac4b61811519e3784e3b7d405d3cf914eb9e05","role":"Misbehaviour Authority (TS 103 759)"}},"endpoints":{"trust_material":{"GET /trustanchor":"RCA cert (COER)","GET /tlm":"TLM cert (COER, TS 102 940)","GET /ma":"MA cert (COER, TS 103 759)","GET /cert/{name}":"Cert by name (root/tlm/ea/aa/ma/at{1..5})","GET /ca/{hashedId8}":"CA cert lookup by HashedId8","GET /getcacertificate/{hashedId8}":"CPOC-style alias","GET /lookup/{hashedId8}":"Generic cert lookup"},"trust_lists":{"GET /getectl":"ECTL signed by TLM (TS 102 941)","GET /ectl/federation":"Federated RCA list (transparency)","GET /getctl/{hashedId8}":"RCA CTL (TS 102 941)","GET /getctl/{hashedId8}/{seq}":"Delta CTL by sequence","GET /getcrl/{hashedId8}":"CRL signed by RCA (TS 102 941)","GET /getcrl/{hashedId8}/{seq}":"Delta CRL by sequence","GET /gettlmlinkcertificate":"TLM Link Certificate (TS 102 941 §6.4.2.1) — 404 until TLM rotates","GET /gettlmlinkcertificate/{hashedId8}":"TLM Link Cert by OLD HID8 (CPOC v3.2 §I.5.3)"},"enrolment_authorization":{"POST /ec-request":"EnrolmentRequest (TS 102 941)","POST /at-request":"AuthorizationRequest (TS 102 941)","POST /v221/ec-request-decode":"Decode EC request debug (Pull-VPC-5)","POST /v221/at-request-decode":"Decode wire spec-strict TS 102 941 v2.2.1 (compliance proof)"},"misbehaviour":{"POST /mr":"Misbehaviour Report (TS 103 759)"},"transparency":{"GET /conformance":"Subset chain audit ULTRA-STRICT (IEEE 1609.2 §5.1.2) — gaps detection"},"scms_ieee_1609_2_1":{"POST /scms/eca/enroll":"ECA enrollment (IEEE 1609.2.1 §6.1 ScmsPdu)","POST /scms/aca/cert-request":"ACA butterfly cert request (IEEE 1609.2.1 §8.2 ScmsPdu)","POST /scms/decode":"Decode ScmsPdu OER → JSON (compliance proof)","GET /scms/discovery":"SCMS discovery (supported interfaces + wire formats)","GET /scms/bridge":"CCMS↔SCMS bridge mapping documentation"}},"rate_limits":{"GET endpoints":"60/min/IP","POST /ec-request":"10/min/IP","POST /at-request":"30/min/IP","POST /mr":"60/min/IP"}}