Verify a certificate

Aquadrio's independence is not a claim you have to take on trust. Download a real sample certificate and confirm every figure yourself, offline, with no issuing authority and no Aquadrio software.

The sample certificate

This is the credential the files below encode: one Renewable Compute Credit, its signed provenance fields on the face, its recomputable sha256 in the provenance strip. It is a specimen of a simulated workload, marked as such. Every figure on it is a signed field of the JSON you can download and check.

Renewable Compute Credit
1RCC
One GPU-hour executed inside the clean-energy gate and the water gate.
serialrcc_job_golden_0001
vintage2026minted
hardware
H100-80GB SXM
hardware-typed; no cross-hardware fungibility asserted
gpu-hours certified
56.1GPU-h
hours executed inside both gates
energy basisMEASURED
0.6957kWh / GPU-h
39.03 kWh total, board-power
composite carbonMEASURED
118.42gCO₂ / kWh
70% renewable across the certified windows
water gateMEASURED
PASSED
every window at or under the WUE threshold
direct facility waterMODELED
11.70gal
cooling water at lakeshore-west, from published WUE
clean-window segments
2
exec_golden_a · exec_golden_b
granular cert refDEFERRED
null
retired-GC reference; RegistryClient stub today
embedded grid waterMEASURED

The uncoolable upstream figure: the water consumed generating this job's electricity, recomputed from the certificate's own per-window generation mix using the Standard's published factors. It is derived, off-hash, and shown with the recompute recipe on the verification page. Water consumed, never withdrawn.

provenance_certificate_hashsha256 · canon v1 · recomputable offline
a4ab6ee806a26dfa50fac7f1f1da5bb56988153373d2bdb00889790b80507044
signaturenone · additive to the hash when present
short a4ab6ee8…80507044
AQUADRIOworkload: simulated
not for sale · not a security
MEASURED

Measured or computed from live data now.

MODELED

Derived from published figures, labeled.

DEFERRED

Specified and severable, not built yet.

The bundle

Three files: the certificate, the same certificate as a signed JSON record, and a zero-dependency verifier that runs on any recent Node. These are the exact files handed out offline; the repository's leave-behind bundle is the source of truth and this page serves a synced copy.

Run it

With all three files in one folder, run the verifier against the signed JSON:

node verify_rcc.mjs sample_rcc_cert.signed.json

It recomputes the sha256 from the certificate's own inputs and confirms it matches the hash on the certificate. The exit code is driven solely by the hash, so an unsigned or older certificate still verifies. If a signature block is present, the verifier prints an additional line confirming the embedded public key signed this certificate's canonical bytes. The public key rides inside the envelope, so nothing is fetched.

What the signature proves honestly: that some key signed this exact record, and that the algorithm was not relabeled to look stronger than it is. What it does not yet prove: whose key it is. A local-dev marker means a non-production key. Binding a key to a trusted issuer identity is a trust-store concern outside this zero-dependency verifier.

The recompute recipe (canon v1)

The verifier is one implementation. The canonicalization is fixed and language-independent, so you can reproduce the hash in any language by following this recipe. It is the full specification, summarized; the canonicalization rules are the source of record.

  1. 01Take the certificate JSON and drop the provenance_certificate_hash field (it is the output, never part of its own input).
  2. 02Confirm canon_version is "1", then apply that ruleset.
  3. 03Round each number to its fixed number of decimals with banker's rounding, and emit it as a string.
  4. 04Render every timestamp in UTC, second precision, with a Z suffix.
  5. 05Serialize with sorted keys, compact separators, UTF-8 normalized to NFC, and segments in chronological order.
  6. 06Take the sha256 of those bytes. It must equal the certificate's provenance_certificate_hash.

Indirect (grid) water

Recompute it from the certificate's own generation mix and energy: sum over each fuel of (fuel share × energy in MWh × its consumption factor). The factors are published in the RCC Standard. The figure is water consumed, not withdrawn.

The canon version pins the ruleset. A future precision change bumps the version and leaves prior certificates verifiable under their own version, so a certificate never becomes uncheckable.