It helps check that all rpms downloaded are verified and trusted. A lot of repositories, not just Rocky’s, use gpgchecks and packages signed with gpg to ensure they are created by those people. It makes it more difficult for someone to compromise any rpms that way, if the gpg doesn’t match, then it’s best not to use that package. Some people may think, ah let’s override and just install it, but the risk is you never know then if that package actually is what it’s meant to be, and doesn’t also install a backdoor or whatever.
Doesn’t Rocky have package epel-release in its own repos? I think it does. Hence:
sudo dnf install epel-release
(It is possible that dnf up does pull newer version from EPEL repo after that, but IMHO that is not so critical.)
EPEL does have package distribution-gpg-keys. It contains (presumably) keys of many distros. One could thus install that package and then import the relevant RPM Fusion keys – before install of those two rpmfusion*release* packages. That way you would have keys to check the packages with.