All the X509 things I have found appear to have options to deal with the certificate itself, but I haven't found the next step, i.e

shh, its secrets

Crypt::OpenSSL::X509 -> https://metacpan.org/source/DANIEL/Crypt-OpenSSL-X509-1.804/t *:(* no payoff, so

Crypt::OpenSSL signature -> Crypt::OpenSSL::DSA::Signature - Digital Signature Object

  use Crypt::OpenSSL::DSA;
  my $dsa_priv = Crypt::OpenSSL::DSA->read_priv_key( $filename );
  my $sig_obj = $dsa_priv->do_sign($message);
  my $dsa_pub = Crypt::OpenSSL::DSA->read_pub_key( $filename );
  my $valid = $dsa_pub->do_verify($message, $sig_obj);
[download]

Does it work? Anything better? I don't know :)