A signature can be validated by right-clicking on a created package (MSI / MSIX) and opening the Digital Signatures tab.
If a product is correctly signed and the certificate is trusted, the following information will be displayed:
If the Digital Signatures tab is missing or the signature entry is missing, this indicates that the package is not signed. The presence of Countersignatures indicates that a timestamp server was involved and that the timestamp injection was successful.