$ cat ../media.1/media openSUSE - openSUSE-Leap-15.6-x86_64-aarch64-ppc64le-s390x-Build696.2-Media openSUSE-Leap-15.6-x86_64-aarch64-ppc64le-s390x-Build696.2 1 $ gpg --keyid-format=long --show-keys --with-fingerprint repomd.xml.key pub rsa2048/B88B2FD43DBDC284 2008-11-07 [SC] [expired: 2024-05-02] Key fingerprint = 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 uid openSUSE Project Signing Key <opensuse@opensuse.org> $ gpg --verify repomd.xml.asc gpg: assuming signed data in 'repomd.xml' gpg: Signature made Thu 16 May 2024 02:26:21 PM CST gpg: using RSA key 35A2F86E29B700A4 gpg: Can't check signature: No public key this is what I get from Build696.2's asset repo on openqa, it has an old key still looks likely...