Now it does not fetch the PGP signature, because validation was broken anyway.
Instead it validates multipart/signed according to RFC 3156 section 5 and returns details for the signed part:
* BodyPartId
* SigPartId
* MicAlg
So in the future several implementations (GnuPG, OpenPGP.js, etc.) can use the correct data for verification.