attest_01KSFWF5HVQW4XKV9N8SW5RAS8

Envelope hash

4e48078f…20be15 · SHA-256 over the canonical envelope bytes.

1. 01

   Envelope hash

   Verified

   The deterministic SHA-256 of the canonicalised envelope. The leaf in the Merkle tree is derived from this exact byte sequence.

   4e48078f…20be15

   Learn more →
2. 02

   Issuer signature

   Verified

   Envelope is signed by an AWS KMS asymmetric key. The public key is pinned in the issuers table; signature algorithm is ECDSA over SECP256R1 / SHA-256.

   Issuer payment-evol…

   Learn more →
3. 03

   Dual RFC 3161 timestamp

   Verified

   Two independent timestamping authorities — Sectigo and DigiCert — sign the envelope hash. A divergence between either signature and the chain log is a tamper signal.

   Sectigo ✓ · DigiCert ✓

   Learn more →
4. 04

   Merkle inclusion proof

   Pending

   The audit path from leaf to tree root, validated against the hourly STH. Proves the attestation is included in the log without revealing other entries.

   Inclusion proof generated on bundle download

   Learn more →
5. 05

   Master STH signature

   Pending

   The signed tree head is signed by the chain-master KMS key (ECDSA P-256 / SHA-256). Anyone with the master public key can verify the log root for this segment.

   Will be signed at the next hourly checkpoint

   Learn more →
6. 06

   On-chain anchor

   Off-chain

   Each STH is anchored on Base. Once anchored, the tree root is verifiable from any public Ethereum RPC. Sepolia for staging, mainnet for production.

   Off-chain only — anchor lands at the next hourly cycle

   Learn more →

This attestation carries no public label commitments.

This attestation has not yet been anchored on-chain. Anchors are written hourly when the segment's tree head is checkpointed. The off-chain log root is fully verifiable today via the master STH signature.