Hello,
In simple words, there are two things:-
1) Sender's public key is used to decrypt the signature (hash of the doc) and then authenticate using HMAC for example.
This way receiver knows that sender is the owner of private key.
2) CA who signed sender's certificate ensures that it is indeed the specific sender who owns the public key.
By this non-repudiation is achieved in PKI.
Regards,
Rushi