According to the item 5.4 in SOL004 2.6.1, the option 1 and 2 of the package security allows the presence of a individual signature of any artifact present in the package: 

5.4 Signature of individual artifacts

The VNF provider may optionally digitally sign some or all artifacts individually, in particular software images. This option exists for both option 1 and option 2 described in clause 5.1 but it is recommended when no individual hashes per artifact are included (i.e. in option 2 in clause 5.1). In this case a signature file in standard format (e.g. CMS, PKCS#7) will accompany the signed artifact. The signature file shall have the same name (different extension) as the signed artifact and be a sibling of it, i.e. placed in the same folder in the archive, which could also be the root of the archive.

 Implement the verification of any artifact signature present in the package.