Currently Artifactory will only sign an RPM repository's repomd.xml file. It will only generate repomd.xml.asc and repomd.xml.key files under the repodata folder.
A useful feature to ensure the RPM files themselves have been signed would be to add an option to sign them. This would use Artifactory's existing GPG signing functionality, extended to .rpm files. This is already done by Bintray, and would enhance Artifactory's functionality.
As this may be a more computationally intensive task, this could probably be implemented as a toggle-able option under the Signing section of the Artifactory UI, or a system setting.