Update images of error messages for validation etc

Author: crandmck

docs/trust-list.mdx

@@ -23,7 +23,7 @@ The C2PA intends to publish an official public list of known certificates. Until
 The [contentcredentials.org](https://contentcredentials.org/) site hosts the following files that it uses to [validate signing certificates](https://c2pa.org/specifications/specifications/2.0/specs/C2PA_Specification.html#_c2pa_signers). Together, these files form the _temporary known certificate list_:
 
 - **The temporary end-entity certificate list** in https://contentcredentials.org/trust/allowed.pem consists of end-entity certificates. If the certificate is on this list, it is considered "known." To reduce bandwidth consumption, a [version with SHA-256 hashes](https://contentcredentials.org/trust/allowed.sha256.txt) of the certificates is also available.
-- **The temporary known anchor list** in https://contentcredentials.org/trust/anchors.pem contains the list of known anchor certificates. If an end-entity [certificate's chain](../getting-started.mdx#signing-and-certificates) can be traced back to an anchor certificate on this list, the certificate is considered "known."
+- **The temporary known anchor list** in https://contentcredentials.org/trust/anchors.pem contains the list of known anchor certificates. If an end-entity [certificate's chain](getting-started.mdx#signing-and-certificates) can be traced back to an anchor certificate on this list, the certificate is considered "known."
 - **The configuration file**, https://contentcredentials.org/trust/store.cfg, specifies the [Extended Key Usage (EKU)](https://datatracker.ietf.org/doc/html/rfc9336) values accepted for end-entity certificates. An end-entity certificate must have at least one of the EKUs in this list to be valid.
 
 ## Using the known certificate list

docs/verify.mdx

@@ -170,6 +170,15 @@ For example, suppose you downloaded a file from Adobe Stock and renamed it `my_s
 
 This section displays the the issuer of the claim signature from the `signature_info.issuer` property in the active manifest, as shown in the example snippet below. It shows the organization name only if the signing certificate includes the "O" or [Organization Name attribute](https://www.alvestrand.no/objectid/2.5.4.10.html) (OID value 2.5.4.10) in the certificate's distinguished name information.
 
+If the Content Credential was signed by a certificate that is NOT on the [known certificate list](verify-known-cert-list), such as the CAI test certificate built in to C2PA Tool, then Verify displays this notice:
+
+import verify_unknown_source from '../static/img/verify-cc-unknown-source.png';
+
+<img
+  src={verify_unknown_source}
+  style={{ width: '283px', display: 'block', margin: '10px auto' }}
+/>
+
 If the Content Credential was signed by a certificate on the [known certificate list](verify-known-cert-list), then this section also displays the time of the claim signature from the `signature_info.time` property in the active manifest, as shown in the example snippet below. The date is converted from UTC to the local time zone.
 
 ```json
@@ -182,15 +191,46 @@ If the Content Credential was signed by a certificate on the [known certificate
 
 If the issuer string is too long, then the date might be truncated or not shown at all. If so, refer to the [**About this Content Credential**](#about-this-content-credential) section for the full date.
 
-If the Content Credential was signed by a certificate that is NOT on the [known certificate list](verify-known-cert-list), then Verify displays this notice:
+### Validation status
 
-import verify_unknown_source from '../static/img/verify-cc-unknown-source.png';
+If the manifest has validation errors, then Verify displays this notice:
+
+import verify_validation_error from '../static/img/verify-validation-error.png';
 
 <img
-  src={verify_unknown_source}
+  src={verify_validation_error}
   style={{ width: '300px', display: 'block', margin: '10px auto' }}
 />
 
+Verify displays this warning if the `validation_status` array contains any elements. For example, a [this image](https://contentcredentials.org/verify?source=https://c2pa.org/public-testfiles/image/jpeg/adobe-20220124-E-dat-CA.jpg) with a hard binding hash mismatch error, as shown in [this manifest store](https://c2pa.org/public-testfiles/image/jpeg/manifests/adobe-20220124-E-dat-CA/manifest_store.json):
+
+```
+"validation_status": [
+    {
+      "code": "assertion.dataHash.mismatch",
+      "url": "self#jumbf=/c2pa/contentauth:urn:uuid:04cdf4ec-f713-4e47-a8d6-7af56501ce4b/c2pa.assertions/c2pa.hash.data",
+      "explanation": "asset hash error, name: jumbf manifest, error: hash verification( Hashes do not match )"
+    }
+  ]
+```
+
+Another example that can result in this message is [this image](https://contentcredentials.org/verify?source=https://c2pa.org/public-testfiles/image/jpeg/adobe-20220124-E-clm-CAICAI.jpg) with a missing referenced claim, as shown in [this manifest store](https://c2pa.org/public-testfiles/image/jpeg/manifests/adobe-20220124-E-clm-CAICAI/manifest_store.json):
+
+```
+"validation_status": [
+    {
+      "code": "assertion.hashedURI.mismatch",
+      "url": "self#jumbf=c2pa.assertions/c2pa.ingredient__1",
+      "explanation": "hash does not match assertion data: self#jumbf=c2pa.assertions/c2pa.ingredient__1"
+    },
+    {
+      "code": "claim.missing",
+      "url": "self#jumbf=/c2pa/contentbeef:urn:uuid:8bb8ad50-ef2f-4f75-b709-a0e302d58019",
+      "explanation": "ingredient not found"
+    }
+  ]
+```
+
 ### Credit and usage
 
 The **Credit and usage** section displays information about the asset's author and usage rights, divided into these subsections: