For some reason searching the Internet didn't me help much. So here are the steps to verify the integrity of a file you have downloaded on the Internet.
gpg --verify-files emacs-24.3.tar.gz.sig gpg: Signature made Mon Mar 11 03:04:35 2013 CET using RSA key ID A0B0F199 gpg: Can't check signature: No public key
This means you need to import the public key A0B0F199.
gpg --recv-keys A0B0F199 gpg: requesting key A0B0F199 from hkp server keys.gnupg.net gpg: key A0B0F199: public key "Glenn Morris <email@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1)
Now that you have received the public key, you can verify the file.
gpg --verify-files emacs-24.3.tar.gz.sig gpg: Signature made Mon Mar 11 03:04:35 2013 CET using RSA key ID A0B0F199 gpg: Good signature from "Glenn Morris <firstname.lastname@example.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B294 26DE FB07 724C 3C35 E5D3 6592 E9A3 A0B0 F199
The file is good. The warning just means you haven't met Glenn in person for a key exchange. It is very unlikely that the file you have downloaded is infected.