Download Mageia 9 64bit

$ # You need both iso and checksum file in the same folder
$ md5sum -c Mageia-9-x86_64.iso.md5
Mageia-9-x86_64.iso: OK 

$ sha512sum -c Mageia-9-x86_64.iso.sha512
Mageia-9-x86_64.iso: OK 

$ sha3-512sum -c Mageia-9-x86_64.iso.sha3
Mageia-9-x86_64.iso: OK 

$ # You can also compare checksum directly from this web page without checksum file
$ md5sum Mageia-9-x86_64.iso
ba118f37b1c38b34dd1358b51b9b467d  Mageia-9-x86_64.iso 

$ sha512sum Mageia-9-x86_64.iso
f54cea751ca41a1188aa311b75b638b93a2481bb3f60caf2cfe5b85ac9b7f97632e0cfa036b930f7446192320b140cf09db25f4751f78297c3252ccac6138dbe  Mageia-9-x86_64.iso 

$ sha3-512sum Mageia-9-x86_64.iso
42FD1C7B9900A3EE71A90902EAE3B9F05141B9DB2F4E299DBC3356C02D55E25BE04CE7C6436DDF12BF8C8F6C13073CF0A8994AC608BD3919E1F701DBE9EA4877  Mageia-9-x86_64.iso 

If checksums do not match, DO NOT use this ISO. Double-check and try to download again.

You can also verify the signature of an ISO. They are also available for download as files: Mageia-9-x86_64.iso.md5.gpg, Mageia-9-x86_64.iso.sha512.gpg and Mageia-9-x86_64.iso.sha3.gpg. First you need to import the "Mageia Release" key from a PGP Public Key Server:

$ gpg --keyserver keyserver.ubuntu.com --recv-keys EDCA7A90

In response there should be one of the following lines:

gpg: key EDCA7A90: public key "Mageia Release <release@mageia.org>" imported

or if you already imported the key before:

gpg: key EDCA7A90: "Mageia Release <release@mageia.org>" not changed

Then you need to verify the signature for the ISO.

$ gpg --verify Mageia-9-x86_64.iso.sha512.gpg Mageia-9-x86_64.iso.sha512

In response there should be lines like:

gpg: Good signature from "Mageia Release <release@mageia.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B210 76A0 CBE4 D93D 66A9  D08D 835E 41F4 EDCA 7A90

The warning about uncertified signature is expected.