For clients to check the signature of the signed federation list, an endpoint providing the JWKS must be made available in VZD.
However, neither the spec nor the VZD open-api yaml files doesn't mention this.

Please clarify on how to receive the public key from VZD.

usually this would be provided in /.well-known/jwks.json

understood that the cert is in the jws header under x5c, however this cert is expired, opening a new issue