The --validate flag should check against the user dn and CA dn in the metadata. The signature would not be considered valid unless those match.
The --validate flag should check against the user dn and CA dn in the metadata. The signature would not be considered valid unless those match.