Next, import Fedora's GPG key(s):
$ curl https://getfedora.org/static/fedora.gpg | gpg --import
You can verify the details of the GPG key(s) here.
Now, verify that the CHECKSUM file is valid:
$ gpg --verify-files *-CHECKSUM
The CHECKSUM file should have a good signature from one of the following keys:
12C944D0 - Fedora 32
3C3359C4 - Fedora 31
CFC659B9 - Fedora 30
DBBDCF7C - IOT 2019
Finally, now that the CHECKSUM file has been verified, check that the image's checksum matches:
$ sha256sum -c *-CHECKSUM
If the output states that the file is valid, then it's ready to use!
How do I verify my downloaded image on another operating system?
Read these instructions to verify your image.