my result below :
$ gpg --verify KaOS-2020.05-x86_64.iso.sig
gpg: assuming signed data in 'KaOS-2020.05-x86_64.iso'
gpg: Signature made Sun 03 May 2020 05:54:05 PM IST
gpg: using RSA key 5960AC137A7DAAACCDB75E5715D73D41A809E038
gpg: Good signature from "Anke Boersma <email@example.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5960 AC13 7A7D AAAC CDB7 5E57 15D7 3D41 A809 E038
KaOS-2020.05-x86_64.iso is the ISO file downloaded KaOS-2020.05-x86_64.iso.sig is the sig file
I assume this is ok to use as installation media?