Thank you for that hint.
After refreshing the the signing keys via the keyservers, the check of the downloaded bundles now runs fine with gpg.
It was a little confusing, because I couldn't see any information about that shot-term subkeys on the explaining page on how to check the integrity of that bundles with gpg.
But now it makes sense to me.
More information about formatting options
Drupal Design and Maintenance by New Eon Media
Drupal Development by Chapter Three