Comment # 2 on bug 1191480 from 
The kernel is signed but pesign signatures are apprently write-only there is no
tool to tell you with which key specifically.

sbverify --list
kernel-default-5.14.10-2.1.g2878fd1.x86_64/usr/lib/modules/5.14.10-2.g2878fd1-default/vmlinuz 
signature 1
image signature issuers:
 - /CN=Kernel OBS Project/emailAddress=Kernel@build.opensuse.org
image signature certificates:
 - subject: /CN=Kernel OBS Project/emailAddress=Kernel@build.opensuse.org
   issuer:  /CN=Kernel OBS Project/emailAddress=Kernel@build.opensuse.org

It verifies with the project certificate here:
https://build.opensuse.org/projects/Kernel:stable/ssl_certificate

sbverify --cert ~/Downloads/ssl_certificate.txt
~/Downloads/kernel-default-5.14.10-2.1.g2878fd1.x86_64/usr/lib/modules/5.14.10-2.g2878fd1-default/vmlinuz 
Signature verification OK

The kernel package contains etc/uefi/certs/6A4E915C.crt so you can check that

mokutil --list contains a certificate with hash starting with 6A4E915C and
enroll it if not.

Verifies with this certificate as well:

openssl x509 --inform DER --outform PEM --in
~/Downloads/kernel-default-5.14.10-2.1.g2878fd1.x86_64/etc/uefi/certs/6A4E915C.crt
> /tmp/cert
sbverify --cert /tmp/cert
~/Downloads/kernel-default-5.14.10-2.1.g2878fd1.x86_64/usr/lib/modules/5.14.10-2.g2878fd1-default/vmlinuz 
Signature verification OK

You are receiving this mail because: