Next, import Fedora's GPG key(s):
$ curl https://getfedora.org/static/fedora.gpg | gpg --import
You can verify the details of the GPG key(s) here.
Now, verify that the CHECKSUM file is valid:
$ gpg --verify-files *-CHECKSUM
The CHECKSUM file should have a good signature from one of the following keys:
34EC9CBA - Fedora 23
873529B8 - Fedora 23 secondary arches (aarch64, PPC64, PPC64le, s390 and s390x)
8E1431D5 - Fedora 22
A29CB19C - Fedora 22 secondary arches (aarch64, PPC64, PPC64le, s390 and s390x)
95A43F54 - Fedora 21
A0A7BADB - Fedora 21 secondary arches (aarch64, PPC64, PPC64le, s390 and s390x)
246110C1 - Fedora 20
EFE550F5 - Fedora 20 secondary arches (ARM, PPC64, s390)
Finally, now that the CHECKSUM file has been verified, check that the image's checksum matches:
$ sha256sum -c *-CHECKSUM
If the output states that the file is valid, then it's ready to use!
How do I verify my downloaded image on another operating system?
Read these instructions to validate your image.