Because a hacked website can easily replace GPG keys, I wanted to write down for myself what the verified fingerprints of the Salt archive keyring are:

# sha256sum /usr/share/keyrings/salt-archive-keyring.gpg
ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47  /usr/share/keyrings/salt-archive-keyring.gpg
 
 
# gpg /usr/share/keyrings/salt-archive-keyring.gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa2048 2014-06-24 [SC]
      754A1A7AE731F165D5E6D4BD0E08A149DE57BFBE
uid           SaltStack Packaging Team <packaging@saltstack.com>
sub   rsa2048 2014-06-24 [E]