The signature field's /T name.
The /ByteRange is well-formed and within the file bounds.
The CMS messageDigest equals SHA-256 of the covered bytes (integrity).
The SignerInfo signature validates under the signer certificate's key.
The signature covers the whole current file (nothing appended after it).
The signer certificate's Common Name, or null.
Number of certificates embedded in the CMS.
The recognised signature algorithm (RSA+SHA-256) or an unsupported note.
The cryptographic verdict for one signature, from GigaPdfDoc.verifySignatures.