We should write validation that ensures that the VMR signed artifacts are the same as the MSFT signed artifacts. This could be as general as comparing a list of the signed artifacts from the VMR to the list of the signed artifacts from the MSFT builds, or it could be as complex as comparing more specific elements of each signed artifact such as the hashes + certificates.