Clean-room verification
python3 -m venv .venv-verify
. .venv-verify/bin/activate
pip install cryptography rfc8785
curl -fsS https://api.satgate.io/v1/evidence/evid_QBBiz-GEI-stsaP6KS01-RL414Csuidv -o pack.json
curl -fsS https://api.satgate.io/.well-known/jwks.json -o jwks.json
python tools/verify_evidence_pack.py pack.json --jwks-file jwks.json --require-trusted-issuer