{
  "key_type": "Ed25519",
  "purpose": "RANKIGI agent passport JWT signing and verification",
  "non_purposes": [
    "Server-attested closure events (see rankigi-closure-key.json)",
    "CCAP Witness of Last Resort attestation (see rankigi-witness-key.json)"
  ],
  "public_key_pem": "-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEAXoEmtOmourUMaDFTCyU2Z2HY9YJLQH+Sv8q+EEdha9Y=\n-----END PUBLIC KEY-----\n",
  "public_key_b64_spki": "MCowBQYDK2VwAyEAXoEmtOmourUMaDFTCyU2Z2HY9YJLQH+Sv8q+EEdha9Y=",
  "fingerprint": "sha256:3ca5f8c2f41375be3b5e71212eb55ff42e9c428984e306602036e19381ee2031",
  "fingerprint_method": "sha256(base64_spki) hex, lowercase",
  "issued_at": "2026-03-26T08:02:05Z",
  "verify_with": "python3 verify.py bundle.json --pubkey rankigi-passport-key.pem",
  "pem_url": "https://rankigi.com/.well-known/rankigi-public-key.pem",
  "contact": "security@rankigi.com",
  "rotation_policy": "Key rotation announced in advance at https://rankigi.com/proof and via the chain itself as a signed rotation event",
  "key_split_note": "Day 0 prep (2026-05-24) split the single rankigi-public-key.json role into three distinct keys for role hygiene. This passport key currently shares its material with the closure key during the transition; they will diverge at next rotation."
}