Next, import Fedora's GPG key(s):
$ curl https://getfedora.org/static/fedora.gpg | gpg --import
You can verify the details of the GPG key(s) here.
Now, verify that the CHECKSUM file is valid:
$ gpg --verify-files *-CHECKSUM
The CHECKSUM file should have a good signature from one of the following keys:
38AB71F4 - Fedora 36
9867C58F - Fedora 35
45719A39 - Fedora 34
DBBDCF7C - IOT 2019
Finally, now that the CHECKSUM file has been verified, check that the image's checksum matches:
$ sha256sum -c *-CHECKSUM --ignore-missing
If the output states that the file is valid, then it's ready to use!
How do I verify my downloaded image on another operating system?
Read these instructions to verify your image.