After extensive research, the closest thing we have to that is in Net::SSLeay, which has bindings to a ton of low-level openssl functions. In v1.83 2018-01-06 they added these:

    X509_STORE_CTX_new and X509_verify_cert
[download]

but I couldn't get past related segfaults and there's not much documentation on there. So I ended up doing:

1. use Convert::ASN1 to re-encode the tbsCertificate data I had decoded in my PKCS#7 file ("tbs" it turns out is "to-be-signed")
2. get the signature from the PCKS#7 file
3. get the subjectPublicKeyInfo.subjectPublic Key from the cert that signed this cert
4. feed that to $signer_key = Crypt::OpenSSL::RSA->new_public_key($signer_key_pem);
5. and then do $signer_key->verify($cert_as_signed, $signature)

and wash, rinse, repeat for each of the certs in the chain.