← Back to portal

Verify (Auditor)

1. Minimal attachable evidence (change-control / audit)

For a minimal, attachable snapshot of the registry state, obtain the audit_evidence block:

GET https://px-root-registry.org/v1/px-tl/registry-health

The response includes an audit_evidence JSON intended for attachment to change-control templates (no telemetry, no source code).

2. Root signature verification

Registry documents are authoritative only when accompanied by a valid Root signature. The operator identity record is published at /v1/operator.json.

• /v1/fee-schedule.json — billing state and notice constraints.
• /v1/policy.json — administrative policy.
• /v1/registry-manifest.json — byte-level binding (hash + length) of published artifacts.

Pinned Root Public Key (raw32 base64url)

vKYG_q1FzMc3_mkDierRVA5HOdG7SIO-vw98NWwsQEg

Independent confirmation channels may include DNS TXT and/or GitHub releases. Where present, values MUST match.

3. Receipt and SCT verification

A typical evidence pack contains:

• Receipt (AL0 and/or AL2).
• SCT (signed timestamp) and optional inclusion/consistency proofs.
• Report (human-readable).

Reference verifier:

https://github.com/px-root-registry/px-strict-verifier

Audit manual (normative procedures):

/.well-known/al2/auditor-guidelines/

4. Transparency log (PX-TL)

• GET /v1/px-tl/sth?log_id=<id> — signed tree head.
• GET /v1/px-tl/proof/inclusion?log_id=<id>&leaf_hash=<b64u>&tree_size=<n> — inclusion proof.
• GET /v1/px-tl/proof/consistency?log_id=<id>&first=<m>&second=<n> — consistency proof.