Well the RIAA can't really do anything based on a signature. Anyone can sign any file, so the RIAA can't claim that just because you signed a file, you violated their copyright.

(begin paranoid rant)

What they could do, however, is notice that the community trusts your signature on ripped files, and from that infer that you're somehow aiding in the violation of their copyrights. I'm not a legal person, but I imagine the RIAA might go after those people that the music-sharing community trusts in this way.

Of course, this assumes the RIAA has some way of associating a public key with a person. If you use PGP, your public key is typically associated with your real name and email address, so this is certainly possible. If you're careful to only associate your public key with a pseudonym, this is less of a concern.

(end paranoid rant)

Regardless, supporting signatures on content is still a great idea for non-copyrighted material, such as free software distributions, public documents, and free artistic works.