{
  "schema_id": "mvg.org_approval_keyring@1",
  "keyring_id": "mvg.org_approval_keyring.sample.v1.0.0",
  "keyring_version": "1.0.0",
  "generated_utc": "2026-02-11T00:00:00Z",
  "organization": {
    "name": "Example Security Org (sample)",
    "domain": "example.com",
    "note": "Replace with your org name. This is a public-safe example format."
  },
  "policy": {
    "policy_id": "mvg.org_approval_policy.sample.security_review.2of3@1",
    "threshold": 2,
    "allowed_roles": [
      "security_reviewer"
    ],
    "require_distinct_signers": true,
    "require_ticket_binding": false,
    "recommend_ticket_binding": true,
    "ticket_binding_fields": [
      "system",
      "id",
      "url"
    ],
    "notes": [
      "Public-safe sample policy. Production policies are org-owned.",
      "If require_ticket_binding=true, all counted signers must bind the same ticket system+id."
    ]
  },
  "keys": [
    {
      "kid": "org.security.reviewer.1.sample",
      "role": "security_reviewer",
      "status": "active",
      "valid_from_utc": "2026-01-01T00:00:00Z",
      "public_key_jwk": {
        "kty": "EC",
        "crv": "P-256",
        "x": "M2l0T7KI5yFwDJ5wrWM9ImAjqxS1weMcbxlDZUnt_D0",
        "y": "njdfE7DEbGF1ODcjwIcSLA8BX-KOyKYVnGwrAOSaEww"
      },
      "public_key_fingerprint_sha256": "sha256:8377f12ed7cd3d279fa020932151f20f5f352a93ca2c03e729b8aee700bf131e",
      "note": "Sample public key. Replace with a device-provisioned or org-managed signing key."
    },
    {
      "kid": "org.security.reviewer.2.sample",
      "role": "security_reviewer",
      "status": "active",
      "valid_from_utc": "2026-01-01T00:00:00Z",
      "public_key_jwk": {
        "kty": "EC",
        "crv": "P-256",
        "x": "vaDlIZm_zYPYLmZiq-O12b_mmrXHfJJDoMg-OjGpunY",
        "y": "KsMvhgEKMT3BYFuARY0fX2ivlVUgKvryQ5vF8CYUJco"
      },
      "public_key_fingerprint_sha256": "sha256:67e54d106d8a56264322c7190203b8b18363460a44d2574e29fc88cbb31be928",
      "note": "Sample public key. Replace with a device-provisioned or org-managed signing key."
    },
    {
      "kid": "org.security.reviewer.3.sample",
      "role": "security_reviewer",
      "status": "active",
      "valid_from_utc": "2026-01-01T00:00:00Z",
      "public_key_jwk": {
        "kty": "EC",
        "crv": "P-256",
        "x": "mbL_5XNHtxiCiIkc2XwjOpH4CbnTV77iiNXH3OlwaNc",
        "y": "V1goibisr5vQIbh9VyjDvm3_4SPtELHPIIFGKUdYNAE"
      },
      "public_key_fingerprint_sha256": "sha256:ec769c854dfb3b12e28c060e6fdf45caee6dd5c5906c6efb9f2d0f0136660389",
      "note": "Sample public key. Replace with a device-provisioned or org-managed signing key."
    }
  ]
}