The two last part are not clear.

[Ofear]

$ openssl dgst -binary -sha256 data.json > data.hash

what does data.json include? I assume only the JSON structure from # and forward (without the #) {"id":"01/IL/.....} etc....

Another line that I waste an hour to understand his the one below... Where did you get the sig.bin? What sig.bin include and where do I get it?

$ openssl dgst -verify certs/RamzorQRPubKey.pem -keyform PEM -sha256 -signature sig.bin data.hash

[yuvadm]

The OpenSSL part of the README is legacy and will soon be removed, please take a look at the Python code to see exactly what parts of the signature and data we extract.