Gpg rt-4.4.3.tar.gz.asc - This key is not certified with a trusted signature!

I am trying to install RT4 on a RHEL 7 instance, and I’ve gotten to the step of validating the GPG key, but it warns me that the key is not trusted.

Is this expected, or is there something wrong? Here’s what I’m seeing:

[root@rtserver rt]# gpg rt-4.4.3.tar.gz.asc
gpg: Signature made Tue 26 Jun 2018 09:41:24 AM CDT using RSA key ID FEAC80B2
gpg: Good signature from "Sunnavy <sunnavy@bestpractical.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: C49B 372F 2BF8 4A19 0116  6027 0DF0 A283 FEAC 80B2