I gave you the wrong public key, sorry. This one is correct for the current builds: https://forge.yunohost.org/yunohost.asc
To check the signature:
wget https://forge.yunohost.org/yunohost.asc
gpg --import yunohost.asc
gpg --verify yunohost-buster-4.1.7.2-rpi-stable.img.zip.sig yunohost-buster-4.1.7.2-rpi-stable.img.zip
I get:
gpg: Signature made Mon Feb 22 00:36:41 2021 CET
gpg: using RSA key 1904C5B42E4856DCD4E9CF96360AAF3259A3E6FF
gpg: Good signature from "YunoHost <build@yunohost.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 1904 C5B4 2E48 56DC D4E9 CF96 360A AF32 59A3 E6FF