It's difficult, because the certification page is part of the PDF so obviously can't include a hash or signature of itself. And you can't just rely on a hash since someone could tamper with the file and just update the hash. A well defined way to extract the signed payload would work, but their design doesn't currently involve any cryptography so it would be a pretty wholescale redesign.