$ podman run -it quay.io/fedora/fedora:38
[root@90ee9b7b2b69 /]# cd
[root@28d602a686d8 ~]# curl -sO https://access.redhat.com/security/data/csaf/v2/advisories/2005/rhsa-2005_586.json
[root@28d602a686d8 ~]# curl -sO https://access.redhat.com/security/data/csaf/v2/advisories/2005/rhsa-2005_586.json.asc
[root@28d602a686d8 ~]# curl -sO https://access.redhat.com/sites/default/files/pages/attachments/dce3823597f5eac4.txt
[root@28d602a686d8 ~]# gpg --import dce3823597f5eac4.txt 
gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key DCE3823597F5EAC4: public key "Red Hat, Inc. (Product Security) <secalert@redhat.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1
[root@28d602a686d8 ~]# gpg -vv --verify rhsa-2005_586.json.asc 
gpg: enabled compatibility flags:
gpg: armor: BEGIN PGP SIGNATURE
gpg: armor header: Version: GnuPG v1
# off=0 ctb=89 tag=2 hlen=3 plen=533
:signature packet: algo 1, keyid DCE3823597F5EAC4
	version 3, created 1684248004, md5len 5, sigclass 0x00
	digest algo 8, begin of digest 63 18
	data: [4094 bits]
gpg: assuming signed data in 'rhsa-2005_586.json'
gpg: Signature made Tue May 16 14:40:04 2023 UTC
gpg:                using RSA key DCE3823597F5EAC4
gpg: using pgp trust model
gpg: Good signature from "Red Hat, Inc. (Product Security) <secalert@redhat.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 77E7 9ABE 9367 3533 ED09  EBE2 DCE3 8235 97F5 EAC4
gpg: binary signature, digest algorithm SHA256, key algorithm rsa4096