Because a hacked website can easily replace GPG keys, I wanted to write down for myself what the verified fingerprints of the Salt archive keyring are:

# sha256sum /usr/share/keyrings/salt-archive-keyring.gpg
ea38e0cdbd8dc53e1af154a8d711a2a321a69f81188062dc5cde9d54df2b8c47  /usr/share/keyrings/salt-archive-keyring.gpg
# gpg /usr/share/keyrings/salt-archive-keyring.gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa2048 2014-06-24 [SC]
uid           SaltStack Packaging Team <>
sub   rsa2048 2014-06-24 [E]