Process of verifying PGP signature

Is there a guide for verifying the PGP signatures? For example, if one looks at this webpage you'll notice at the bottom there are sha256sums sha256sums.asc and sha256sums.sig

Generally I would download sha256sums and sha256sums.asc and then run gpg --verify sha256sums.asc sha256sums.txt to confirm the validity.

What is sha256sums.sig used for?

Does this help?