How are Fedora RPM packagess verified in RPMFusion buildsys?

Hiyas, I just wondered how the RPM packages from Fedora used in RPMFusion buildroots are verfied on the RPMFusion builders. Fedora uses direct access to the RPM packages via a secure channel afaik, but since RPMFusion does not use Fedora infrastructure, this seems not to be possible. Also I did not found the typical RPM message about importing the GPG key that is usually displayed on my local mock builds in the RPMFusion build roots. Therefore I fear that the RPMs are not verified at all, but please don't let this be true. Regards Till