Paste an attestation. Trust math, not OC.
Anyone with an attestation JSON can verify it here in 5 client-side checks: sha256(canonical_bytes) matches the id, the published JWK contains the kid, the ed25519 signature validates against canonical_bytes, and the attestation hasn't expired. Same envelope key that signs every billable event and rebind.
Every check runs in your browser. The JWKS is fetched directly from https://me.ochk.io/.well-known/oc-envelope-jwks.json via your browser's fetch, not through any OC API. Once the JWK is in hand, the ed25519 signature check uses @noble/curves, the same library that signs the attestation server-side · so a verifier on a different machine, in a different language, against any cached copy of the JWK, produces the same answer. OC's servers being offline doesn't change the verification outcome · only freshness check 5 eventually trips when expires_at passes.