Fix outdated step reference in RP authentication algorithm

index.bs

@@ -2859,7 +2859,7 @@ When verifying a given {{PublicKeyCredential}} structure (|credential|) as part
 
 1. Let |hash| be the result of computing a hash over the |cData| using SHA-256.
 
-1. Using the credential public key looked up in step 1, verify that |sig| is a valid signature over the binary concatenation of
+1. Using the credential public key looked up in step 3, verify that |sig| is a valid signature over the binary concatenation of
     |aData| and |hash|.
 
 1. If the [=signature counter=] value |adata|.<code>[=signCount=]</code> is nonzero or the value stored