Download Mageia 9 32bit

$ # You need both iso and checksum file in the same folder
$ md5sum -c Mageia-9-i586.iso.md5
Mageia-9-i586.iso: OK 

$ sha512sum -c Mageia-9-i586.iso.sha512
Mageia-9-i586.iso: OK 

$ sha3-512sum -c Mageia-9-i586.iso.sha3
Mageia-9-i586.iso: OK 

$ # You can also compare checksum directly from this web page without checksum file
$ md5sum Mageia-9-i586.iso
e70ecbef552a5776863acf5ff02d76c8  Mageia-9-i586.iso 

$ sha512sum Mageia-9-i586.iso
a6649c5d76361afdfded5bf10cc93520f705e928a1a9bd9976169d0308781a4c4a56b5b67890e2180fcb2ce7d3575104a6045d2464e4fc1762200014eb668a85  Mageia-9-i586.iso 

$ sha3-512sum Mageia-9-i586.iso
50B7FD4B556AB8A193210D1637012DA8E45465C90B2FA05527BD8779A31A6117BAC520EF2E909B87363D6CD65BE9C07543946ECE3BCA7A34FBCBFF37ADA6692B  Mageia-9-i586.iso 

If checksums do not match, DO NOT use this ISO. Double-check and try to download again.

You can also verify the signature of an ISO. They are also available for download as files: Mageia-9-i586.iso.md5.gpg, Mageia-9-i586.iso.sha512.gpg and Mageia-9-i586.iso.sha3.gpg. First you need to import the "Mageia Release" key from a PGP Public Key Server:

$ gpg --keyserver keyserver.ubuntu.com --recv-keys EDCA7A90

In response there should be one of the following lines:

gpg: key EDCA7A90: public key "Mageia Release <release@mageia.org>" imported

or if you already imported the key before:

gpg: key EDCA7A90: "Mageia Release <release@mageia.org>" not changed

Then you need to verify the signature for the ISO.

$ gpg --verify Mageia-9-i586.iso.sha512.gpg Mageia-9-i586.iso.sha512

In response there should be lines like:

gpg: Good signature from "Mageia Release <release@mageia.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B210 76A0 CBE4 D93D 66A9  D08D 835E 41F4 EDCA 7A90

The warning about uncertified signature is expected.