c2patool does not extract nested certificates

[hackerfactor]

I have a picture with a C2PA manifest. "c2patool --certs" extracts the signing certificate chain.

I include my picture as a component in another picture with a C2PA manifest. Now the file has two certificate chains: the outer one signs the entire file and the inner one for the dependency picture. "c2patool --certs" only extracts the outer certificate chain; it does not extract the inner certificate chain. This means that c2patool cannot be used to externally validate the inner certificate chain.