EXHIBIT A — Carrier Selection Due Diligence Record
FreightProof Vetting Record VET-2225033A
This document constitutes the broker's contemporaneous record of carrier vetting performed at the time of dispatch, generated and cryptographically sealed by the FreightProof system operated by Rootz Corp.
1. SHIPMENT DETAILS
| Field | Value |
|---|---|
| Shipment Type | Full Truckload (FTL) |
| Commodity | New disposable diapers, consumer packaged goods |
| Weight | 20,000 lbs |
| Origin | Warehouse, Dayton, OH |
| Destination | Distribution center, Ocala, FL |
| Route | I-75 South (~850 miles, ~13 hours) |
| Dispatch Date | 2026-06-18 |
| Broker | DEMO-BROKER |
2. CARRIER SELECTED
| Field | Value |
|---|---|
| Carrier Legal Name | GREENWOOD MOTOR LINES INC (d/b/a R+L Carriers) |
| USDOT Number | 63391 |
| MC Number | On file |
| Entity Type | For-Hire, Interstate |
| Fleet Size | 10,296 power units |
| Operating Status | Authorized |
| Safety Rating | NONE (94% of carriers have never been examined by FMCSA) |
3. RISK ASSESSMENT AT TIME OF DISPATCH
| Field | Value |
|---|---|
| FreightProof Risk Score | 33 / 100 |
| Risk Level | MEDIUM |
| Recommendation | CAUTION — Document additional due diligence before selection |
Factors Identified
Context Note
R+L Carriers operates 10,296 power units covering billions of miles annually. Absolute crash counts must be evaluated relative to fleet size and exposure. A fleet of this size with zero crashes would be statistically impossible. The per-unit crash rate is within normal range for a carrier of this scale.
4. SEVEN BASIC SAFETY SCORES (FMCSA SMS)
The Behavior Analysis and Safety Improvement Categories (BASICs) are the seven categories FMCSA uses to evaluate carrier safety performance. Higher percentiles indicate worse performance relative to peers. The FMCSA intervention threshold is 65% (56% for Hazmat).
BASIC scores were queried live from the FMCSA QCMobile API at time of vetting. If no percentile is shown, FMCSA has not calculated a score for that BASIC (insufficient data or not public).
5. GOVERNMENT DATA SOURCES CHECKED
Every data point in this vetting record was drawn from official U.S. government sources. The following datasets were queried:
| Source | Dataset ID | Type | Data as of |
|---|---|---|---|
| FMCSA QCMobile API | Live | Real-time carrier profile, BASIC scores, authority, insurance | 2026-06-18T16:23:41Z |
| FMCSA Census File | socrata:az4n-8mr2 | 4.4M carrier registrations | Daily bulk |
| FMCSA Crash File | socrata:aayw-vxb3 | 3.6M crash records | Daily bulk |
| FMCSA Inspection File | socrata:fx4q-ay7w | 4.9M inspection records | Daily bulk |
| FMCSA Out-of-Service Orders | socrata:p2mt-9ige | 441K federal OOS orders | Daily delta |
| FMCSA Violations by BASIC | socrata:8mt8-2mdr | 6.7M violation records | Daily delta (see data_freshness below) |
| FMCSA Revocations/Suspensions | socrata:sa6p-acbp | 1.5M authority actions | Daily delta |
| FMCSA Insurance/Surety | from carrier record | BIPD and cargo coverage | Real-time |
6. DATA PROVENANCE CHAIN
This section establishes the origin and integrity of every data element in this record. Each step in the chain is independently verifiable.
Step 1: Government Source → FreightProof Database (with Transport Proof)
Data was ingested from the Federal Motor Carrier Safety Administration (FMCSA) via two channels:
mobile.fmcsa.dot.gov) was queried at 2026-06-18T16:23:41Z for carrier profile, BASIC scores, and authority status. The API is a free, public U.S. government service.data.transportation.gov (the U.S. DOT's Socrata open data platform) were ingested via authenticated API pulls. Each pull is recorded in the data_pulls provenance table with:Transport-Layer Provenance (source_proofs table):
Every API call is captured with:
| Field | Purpose |
|---|---|
| Resolved IP | The IP address that DNS resolved mobile.fmcsa.dot.gov to at query time |
| TLS Protocol | Transport encryption (TLS 1.3) |
| Content Hash | SHA-256 of the raw HTTP response body before any parsing |
| HTTP Status | The server's response code (200 = success) |
| ETag / Last-Modified | Server's version indicator for the response |
| Server Request ID | Socrata or FMCSA's own request tracking identifier |
This proves: (a) we contacted the real government server (DNS + IP), (b) the connection was encrypted (TLS), (c) the exact bytes we received (content hash), and (d) when we received them (timestamp + server headers).
Verification: Any party can independently query https://data.transportation.gov/resource/{dataset_id}.json with the same parameters and compare results. The source_proofs table provides the original content hash for comparison.
Step 2: Database → Vetting Snapshot
At dispatch time, ALL data relevant to DOT# 63391 was extracted from the database and combined with the live API response into a single JSON snapshot. This snapshot contains the complete state of every data source at the moment of checking.
Step 3: Snapshot → Cryptographic Hash
The snapshot JSON was hashed using SHA-256, producing:
``
fed4b90e9400a574b243cdf1cd76cebd2487778f1eef5807c4a0147bf1fb6611
`
This hash is a mathematical fingerprint. If any byte of the snapshot data is altered — a date changed, a crash removed, a score modified — the hash will not match. SHA-256 is the same algorithm used by the U.S. federal government (FIPS 180-4) and is computationally infeasible to forge.
Step 4: Hash → Stored Record
The vetting record (ID: VET-2225033A), snapshot JSON, and SHA-256 hash were stored simultaneously in the FreightProof database with an immutable timestamp. The record cannot be modified after creation without invalidating the hash.
Step 5: Data Freshness (from data_pulls provenance table)
Each bulk dataset's last successful pull is recorded in the data_pulls table and included in the snapshot. This proves the maximum staleness of each data source at the time of vetting:
| Dataset | Last Successful Pull | Rows in Pull |
|---|---|---|
| p2mt-9ige (OOS Orders) | 2026-06-18T03:01:14Z | 391,247 |
| 8mt8-2mdr (Violations) | 2026-06-18T03:12:48Z | 6,714,012 |
| sa6p-acbp (Revocations) | 2026-06-18T03:03:22Z | 1,523,891 |
These timestamps are included in the data_freshness field of the snapshot JSON and are covered by the SHA-256 hash.
Independent Verification
Any party can verify this record:
in this recordAlternatively, verify manually:
No trust in FreightProof is required. The verification is mathematical, not testimonial. The government data sources are public. The hash algorithm is a federal standard (FIPS 180-4). The computation is deterministic.
Blockchain Timestamp (OpenTimestamps → Bitcoin)
The SHA-256 hash of this vetting record was submitted to OpenTimestamps calendar servers at the time of creation. OpenTimestamps aggregates hashes into a Merkle tree and anchors the root to a Bitcoin transaction, providing an independently verifiable proof that this hash existed at a specific point in time.
, b.pool.opentimestamps.org, a.pool.eternitywall.comWhy this matters: FreightProof cannot backdate a vetting record. The Bitcoin blockchain is an independent, public, immutable timestamp authority. Even if FreightProof's database were compromised, the Bitcoin timestamp proves the hash existed before the block was mined.
Exhibit A-1: Snapshot JSON
The complete snapshot JSON (the raw data object that was hashed) is available:
→ snapshot_json field table, snapshot_json column7. MONTGOMERY COMPLIANCE MAPPING
Per Montgomery v. Caribe Transport II, 608 U.S. ___ (2026), freight brokers owe a duty of ordinary care in carrier selection. Justice Barrett's opinion identified specific categories of publicly available information that establish constructive knowledge. This record maps each category to the data checked:
| Barrett Factor | Data Checked | Result |
|---|---|---|
| Safety rating | FMCSA carrier profile, safety_rating field | NONE (unrated, normal for 94% of carriers) |
| Operating authority | FMCSA authority status, grant dates | AUTHORIZED, Interstate, For-Hire |
| Insurance status | BIPD and cargo insurance on file | On file: BIPD $1,000,000 (1,000K), Cargo $5,000 (5K) — FMCSA reports in thousands |
| Crash history | FMCSA Crash File (3.6M records) | 3,907 crashes (116 fatal, 1,335 injury) |
| Inspection results | FMCSA Inspection File (4.9M records) | Queried and included in snapshot |
| OOS violations | FMCSA OOS Orders (441K records) | 0 federal OOS orders for this carrier |
| BASIC scores | FMCSA SMS / QCMobile API | All 7 BASICs queried at time of vetting |
| Complaints | FMCSA carrier profile | Queried and included |
| Authority age | Calculated from grant date | Established carrier (decades of operation) |
| Enforcement history | FMCSA Violations (6.7M), Revocations (1.5M) | Violation severity 5,914; 0 revocations |
Every factor identified by the Supreme Court was checked. The data was current as of the moment of dispatch. The record is independently verifiable.
8. BROKER'S DOCUMENTED DECISION
Despite the MEDIUM risk score (driven by absolute crash counts for a 10,000+ truck fleet), the broker selected this carrier based on the following documented reasoning:
This decision was made with full knowledge of the risk factors identified above and documented contemporaneously with the dispatch.
9. ATTESTATION
| Field | Value |
|---|---|
| Vetting ID | VET-2225033A |
| Data Hash (SHA-256) | fed4b90e9400a574b243cdf1cd76cebd2487778f1eef5807c4a0147bf1fb6611 |
| Vetting Timestamp | 2026-06-18T16:23:41Z |
| System | FreightProof v1.0.0 by Rootz Corp |
| Verification URL | https://freight.rootz.global/api/verify/VET-2225033A` |
| Montgomery Standard | Per Montgomery v. Caribe Transport II (2026), brokers must exercise ordinary care in carrier selection using publicly available FMCSA data. |
This record was generated automatically by the FreightProof system at the time of carrier selection. It has not been modified after creation. The SHA-256 hash serves as a tamper-evident seal. Any modification to the underlying data will cause hash verification to fail.
FreightProof by Rootz Corp — freight.rootz.global — Proof of checking starts here.