@vanitasvitae Good analysis, is it possible to make comparison with x509 validation? I see may familiar paradigms, like falgs, extensions, attributes, but certainly more complex due to being fully self-sufficient instead of relying on amorphous _pki_