Discord user allbits was kind enough to provide an example of using the Verus CLI tool to verify the file is associated with the identity it claims to be.
Look at the signature
cat filename.txt{ "hash": "fd58ff4f7f25a3eb2d48ce0b022c78162df66275c9f2257e071c5b97e9d94812",
"signature": "AdJ2GwABQSCjCvnuaFl4Crj1vRK7s3gPAGa7u3OktJVrSY6NQoj002JK4IcK9xx0yQue/LK0Kg7H6L+h42BTTZb9+zeLgGVs", "signer": "Verus Coin Foundation Releases@" }
Then run the Verus CLI using the signature value from the file./verus verifyfile "Verus Coin Foundation Releases@" "AdJ2GwABQSCjCvnuaFl4Crj1vRK7s3gPAGa7u3OktJVrSY6NQoj002JK4IcK9xx0yQue/LK0Kg7H6L+h42BTTZb9+zeLgGVs" ../Verus-CLI-Linux-v0.9.0-3-x86_64.tar.gz true
If it's true, then the identity and the signature match and you are assured what is claimed is true.
Here is the link to the discord message for the source of this info.
