To verify a VC, a verifier could use the VC's CID (<cid>) to request for a verification key of the VC with a GET request method. The verification key can then be used to decrypt the VC's digital signature to obtain a hash value. The verifier can be certained that the VC has not been tempered if the obtained hash matches with the VC's hash.

GET https://test-network.finema.co/vc/<cid>

{
    "did_address": "did:idin:9cd19d4cbab9ca1d6f4c6a4b9117fb8904f250b47307cf4f484424f44e0c8370",
    "cid": "c498bdd8a72811eabca70242c0a82004",
    "verification_key": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEeR8NhQeHPT7l1yMyvkZMacPpibjH\n7mp5IRyO2J2kuE97h/fzu1c/7DFsO23qUN6/OezYglMEkoVo5Ob1b6k53A==\n-----END PUBLIC KEY-----"
}

{
    "errors": [
        {
           "status": 422,
            "title": "Invalid Attribute",
            "detail": "the server cannot process the request",
        }
    ]
}