gpg --no-default-keyring --keyring ./keyrings/ubuntu-esm-v2-keyring.gpg --verify /var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_Release{.gpg,}
gpg: Signature made Thu Apr 18 18:15:02 2019 UTC
gpg: using RSA key 4067E40313CB4B13
gpg: please do a --check-trustdb
gpg: Good signature from "Ubuntu Extended Security Maintenance Automatic Signing Key v2 <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 56F7 650A 24C9 E9EC F87C 4D8D 4067 E403 13CB 4B13
$
/var/lib/apt/lists/esm.ubuntu.com_ubuntu_dists_trusty-security_Release{.gpg,} were downloaded by apt via https. The esm.ubuntu.com https endpoint is secured with a certificate issued by cn=Let's Encrypt Authority X3, a CA we have a high degree of confidence in (and is not issued by a random other CA that might have been compromised elsewhere).
I have verified the authenticity of ubuntu- esm-v2- keyring. gpg by this method:
$ gpg --no-default- keyring --keyring ./keyrings/ ubuntu- esm-v2- keyring. gpg --list-keys ubuntu- esm-v2- keyring. gpg ------- ------- ------- ------- - 3CB4B13 2019-04-17 F1B9BA3 2019-04-17
gpg: please do a --check-trustdb
./keyrings/
-------
pub 4096R/4067E4031
uid Ubuntu Extended Security Maintenance Automatic Signing Key v2 <email address hidden>
sub 4096R/349F0F98E
gpg --no-default- keyring --keyring ./keyrings/ ubuntu- esm-v2- keyring. gpg --verify /var/lib/ apt/lists/ esm.ubuntu. com_ubuntu_ dists_trusty- security_ Release{ .gpg,}
gpg: Signature made Thu Apr 18 18:15:02 2019 UTC
gpg: using RSA key 4067E40313CB4B13
gpg: please do a --check-trustdb
gpg: Good signature from "Ubuntu Extended Security Maintenance Automatic Signing Key v2 <email address hidden>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 56F7 650A 24C9 E9EC F87C 4D8D 4067 E403 13CB 4B13
$
/var/lib/ apt/lists/ esm.ubuntu. com_ubuntu_ dists_trusty- security_ Release{ .gpg,} were downloaded by apt via https. The esm.ubuntu.com https endpoint is secured with a certificate issued by cn=Let's Encrypt Authority X3, a CA we have a high degree of confidence in (and is not issued by a random other CA that might have been compromised elsewhere).
This is enough for now.