Verify on-chain

Don't trust the response — verify it. Every attestation is a Solana account (PDA) written by the Master Broker. You can confirm authenticity + integrity independently of the API.

Three checks

1. Provider = Master Broker. The response's attestations[].provider_pubkey should equal the canonical Master Broker signer:

   Copy

   9BHC6c5Gv9tUL3DCzRSGkdApdU2QMwh29pxH4Q6zV9xR
   

2. PDA is owned by the Themra program + the write was Master-Broker-signed. Take attestation_pda + write_tx_sig from the response and check them against the program:

   Copy

   Program ID: 7jaScjdweyaX6HhzexauEiMe7s7zoqWnkQYLSbNaezeK   (Solana devnet)
   

   • getAccountInfo(attestation_pda) → owner must equal the program ID.
   • getTransaction(write_tx_sig) → the transaction must be signed by the Master Broker and write to that PDA.

3. Snapshot hash matches the data. raw_snapshot_hash is SHA-256(raw vendor JSON). If you hold the raw payload, recompute and compare — this is the integrity anchor under the hash-only model.

Verifier (Python, stdlib only)

No dependencies — getAccountInfo for program ownership, getSignaturesForAddress + getTransaction for the Master-Broker signer proof:

import json, urllib.request

MASTER_BROKER = "9BHC6c5Gv9tUL3DCzRSGkdApdU2QMwh29pxH4Q6zV9xR"
PROGRAM_ID    = "7jaScjdweyaX6HhzexauEiMe7s7zoqWnkQYLSbNaezeK"
RPC           = "https://api.devnet.solana.com"

def rpc(method, params):
    body = json.dumps({"jsonrpc": "2.0", "id": 1, "method": method, "params": params}).encode()
    req = urllib.request.Request(RPC, data=body, headers={"Content-Type": "application/json"})
    with urllib.request.urlopen(req, timeout=20) as r:
        return json.loads(r.read())

def verify(pda: str) -> bool:
    acc = rpc("getAccountInfo", [pda, {"encoding": "base64"}])["result"]["value"]
    owned = bool(acc) and acc["owner"] == PROGRAM_ID
    sigs = rpc("getSignaturesForAddress", [pda, {"limit": 1}])["result"]
    if not sigs:
        return False
    tx = rpc("getTransaction", [sigs[0]["signature"],
             {"encoding": "jsonParsed", "maxSupportedTransactionVersion": 0}])["result"]
    keys = tx["transaction"]["message"]["accountKeys"]
    signed_by_mb = any(k["pubkey"] == MASTER_BROKER and k["signer"] for k in keys)
    succeeded = (tx["meta"] or {}).get("err") is None
    return owned and signed_by_mb and succeeded

# verify(attestation_pda)  ->  True if program-owned + Master-Broker-signed + succeeded

The reference example also accepts a --payload (to check provider_pubkey) and a --tx-sig. (Full source ships as verify-attestation-signature.py.)

Explorer references

Cross-check anything by hand on a Solana devnet explorer:

https://solscan.io/account/<attestation_pda>?cluster=devnet
https://solscan.io/tx/<write_tx_sig>?cluster=devnet

If provider_pubkey is not the Master Broker, or the PDA isn't owned by the program — do not trust the data, and report it.