================================================================================
KORENET RAILS — TENANT WELCOME PACK · CREDENTIALS
Tenant: Len24 Bank Limited
Tenant Type: Commercial Bank
Subdomain: len24.korenet.cloud
Portal: https://korenet.cloud
Generated: May 27, 2026
Classification: SOVEREIGN · INSTITUTIONAL GRADE · LICK-SIGNED · FAIL-CLOSED
Admin Level: FULL ADMIN
Len24 Bank Limited · KoreNet Sovereign Rails Tenant
Issued by: Kore Collective (Pty) Ltd · Registration: 2020/118214/07
================================================================================

SWIFT Code:       LENZAKJJ
Branch Code:      240017
Jurisdiction:     SARB
Regulatory Tier:  TIER_1_INSTITUTIONAL
Weekly Limit:     500000000.00
Settlement CCY:   ZAR

ENDPOINTS
---------
Portal:           https://korenet.cloud
Rails (tenant):   https://len24.korenet.cloud
KoreNet API:      https://api.korenet.cloud
OAuth 2.0:        https://auth.korenet.cloud
Token URL:        https://auth.korenet.cloud/oauth2/token
JWKS URL:         https://auth.korenet.cloud/.well-known/jwks.json

OAUTH 2.0 CLIENT (grant_type=client_credentials)
------------------------------------------------
client_id:     le_fefa1ed807cc8ef1eefcf09c3801fb58
client_secret: REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT
audience:      https://api.korenet.cloud https://len24.korenet.cloud
scope:         rails:read rails:write transfers:read transfers:write vault:read ledger:read sentinel:read kip:submit vault:write vault:pair transfers:bulk compliance:read

ROLES & PERMISSIONS
-------------------
Roles:       tenant-admin, rails-operator, commercial-bank-officer
Permissions: rails.dispatch, rails.status, transfers.initiate, transfers.query, vault.query, ledger.query, sentinel.events.read, kip.submit, vault.pair, vault.pair_bank_account, transfers.bulk_dispatch, compliance.submit_report

JWT BEARER TOKEN (Valid until May 27, 2027)
------------------------------------------
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImtvcmVuZXQtcmFpbHMtaHMyNTYtZzEifQ.eyJpc3MiOiJodHRwczovL2F1dGgua29yZW5ldC5jbG91ZCIsImF1ZCI6WyJodHRwczovL2FwaS5rb3JlbmV0LmNsb3VkIiwiaHR0cHM6Ly9sZW4yNC5rb3JlbmV0LmNsb3VkIl0sInN1YiI6InRlbmFudDpsZW4yNCIsInRlbmFudCI6ImxlbjI0IiwidGVuYW50X25hbWUiOiJMZW4yNCBCYW5rIExpbWl0ZWQiLCJ0ZW5hbnRfdHlwZSI6IkNvbW1lcmNpYWwgQmFuayIsInN1YmRvbWFpbiI6ImxlbjI0LmtvcmVuZXQuY2xvdWQiLCJzd2lmdCI6IkxFTlpBS0pKIiwiYnJhbmNoX2NvZGUiOiIyNDAwMTciLCJqdXJpc2RpY3Rpb24iOiJTQVJCIiwicmVndWxhdG9yeV90aWVyIjoiVElFUl8xX0lOU1RJVFVUSU9OQUwiLCJ3ZWVrbHlfbGltaXQiOiI1MDAwMDAwMDAuMDAiLCJpYXQiOjE3NDgwNDQ4MDAsImV4cCI6MTc3OTU4MDgwMCwianRpIjoiYzkwMGRmNDJjYTgzNzgxOTJjMmIwY2E0YWI2ZGVjYTIiLCJzY29wZSI6InJhaWxzOnJlYWQgcmFpbHM6d3JpdGUgdHJhbnNmZXJzOnJlYWQgdHJhbnNmZXJzOndyaXRlIHZhdWx0OnJlYWQgbGVkZ2VyOnJlYWQgc2VudGluZWw6cmVhZCBraXA6c3VibWl0IHZhdWx0OndyaXRlIHZhdWx0OnBhaXIgdHJhbnNmZXJzOmJ1bGsgY29tcGxpYW5jZTpyZWFkIiwicm9sZXMiOlsidGVuYW50LWFkbWluIiwicmFpbHMtb3BlcmF0b3IiLCJjb21tZXJjaWFsLWJhbmstb2ZmaWNlciJdLCJwZXJtaXNzaW9ucyI6WyJyYWlscy5kaXNwYXRjaCIsInJhaWxzLnN0YXR1cyIsInRyYW5zZmVycy5pbml0aWF0ZSIsInRyYW5zZmVycy5xdWVyeSIsInZhdWx0LnF1ZXJ5IiwibGVkZ2VyLnF1ZXJ5Iiwic2VudGluZWwuZXZlbnRzLnJlYWQiLCJraXAuc3VibWl0IiwidmF1bHQucGFpciIsInZhdWx0LnBhaXJfYmFua19hY2NvdW50IiwidHJhbnNmZXJzLmJ1bGtfZGlzcGF0Y2giLCJjb21wbGlhbmNlLnN1Ym1pdF9yZXBvcnQiXSwibXRsc19jZXJ0X3NoYTI1NiI6IjQzOkQ5OjBGOkYyOkI0OjA0OjNBOjE3OjJDOkE4OkUzOkREOkM0OkJCOjE4OjM0OjRBOkMwOkI5Ojg0Ojc1OjM2OjRBOjRGOjQ2OjYwOjU5OkRGOjY0OkYyOjA4OjZBIn0.3JJlNs0PAgKmRjMB7kBOHZMJircqW76-xSVMoTYzRrg

JWT DETAILS
-----------
Algorithm: HS256
Key ID:    korenet-rails-hs256-g1
Issuer:    https://auth.korenet.cloud
Audience:  https://api.korenet.cloud, https://len24.korenet.cloud
Subject:   tenant:len24
Issued:    May 27, 2026
Expires:   May 27, 2027
jti:       c900df42ca8378192c2b0ca4ab6deca2
HS256 secret (keep secret — do NOT commit):
REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT

MTLS CLIENT CERTIFICATE
-----------------------
Common Name:         len24.korenet.cloud
Subject:             ZA, ST = Gauteng, L = Johannesburg, O = KoreNet Rails, OU = Len24 Bank Limited, CN = len24.korenet.cloud, emailAddress = ops@len24.korenet.cloud
Organization:        KoreNet Rails
Organizational Unit: Len24 Bank Limited
Valid From:          May 27, 2026
Valid Until:         May 27, 2027
Key Size:            4096-bit RSA
SHA-256 fingerprint: 43:D9:0F:F2:B4:04:3A:17:2C:A8:E3:DD:C4:BB:18:34:4A:C0:B9:84:75:36:4A:4F:46:60:59:DF:64:F2:08:6A
SHA-1  fingerprint:  C9:1E:F6:E3:64:ED:CA:19:00:80:E9:CB:26:3B:6C:DD:7B:02:7A:85
PFX passphrase:      REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT

Issuing CA: KoreNet Issuing CA G1
CA SHA-256 fingerprint: 5A:6B:E3:CA:C9:E6:B9:98:FE:5D:0A:F3:43:7B:B9:8B:C8:5F:E2:09:D0:B2:76:6F:AB:0A:6F:48:7B:65:13:DA

Certificate files (in certificates/):
- len24-client.crt           · X.509 client certificate
- len24-client.key           · 4096-bit RSA private key
- len24-client.pem           · cert + key (for curl --cert)
- len24-client.fullchain.pem · client + CA (for server validation)
- len24-client.pfx           · PKCS12 bundle (PFX password above)
- korenet-issuing-ca.crt           · KoreNet Issuing CA G1 (public only)

ENVIRONMENT VARIABLES
---------------------
export LEN24_TENANT="len24"
export LEN24_SUBDOMAIN="len24.korenet.cloud"
export LEN24_PORTAL_URL="https://korenet.cloud"
export LEN24_RAILS_URL="https://len24.korenet.cloud"
export LEN24_API_URL="https://api.korenet.cloud"
export LEN24_OAUTH_URL="https://auth.korenet.cloud"
export LEN24_CLIENT_ID="le_fefa1ed807cc8ef1eefcf09c3801fb58"
export LEN24_CLIENT_SECRET="REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT"
export LEN24_JWT="REDACTED.JWT.BEARER_TOKEN_PROVIDED_AT_BUILD"
export LEN24_JWT_SECRET="REDACTED.JWT.BEARER_TOKEN_PROVIDED_AT_BUILD"
export LEN24_CERT="certificates/len24-client.crt"
export LEN24_KEY="certificates/len24-client.key"
export LEN24_PFX="certificates/len24-client.pfx"
export LEN24_PFX_PASS="REDACTED_PROVIDED_AT_BUILD_FROM_KEY_VAULT"
export LEN24_CA="certificates/korenet-issuing-ca.crt"

QUICK TEST COMMANDS
-------------------
# 1. Mint an OAuth access token (production pattern)
curl -X POST "$LEN24_OAUTH_URL/oauth2/token" \
     --cert "$LEN24_CERT" --key "$LEN24_KEY" \
     --cacert "$LEN24_CA" \
     -u "$LEN24_CLIENT_ID:$LEN24_CLIENT_SECRET" \
     -d "grant_type=client_credentials&scope=rails:read rails:write transfers:read transfers:write vault:read ledger:read sentinel:read kip:submit vault:write vault:pair transfers:bulk compliance:read"

# 2. Call tenant rails (mTLS + Bearer JWT)
curl --cert "$LEN24_CERT" --key "$LEN24_KEY" --cacert "$LEN24_CA" \
     -H "Authorization: Bearer $LEN24_JWT" \
     "$LEN24_RAILS_URL/api/v1/rails/health"


SENTINEL & QUORUM
-----------------
Sentinel Tier-B monitoring
2-Signatory Quorum required for state-changing operations
LICK-signed audit trail via Kore Collective LICK G1

CLASSIFICATION REMINDER
-----------------------
This pack is SOVEREIGN · INSTITUTIONAL GRADE. Treat all secrets above as
HSM-protected material. Rotate via the KoreNet rotation workbench
(https://korenet.cloud/rotation) — never edit this file in place.
