RPM packages have a GnuPG signature. The key including the fingerprint is:
1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de> Key fingerprint = 79C1 79B2 E1C8 20C1 890F 9994 A84E DAE8 9C80 0ACA
The command rpm --checksig package-1.2.3.rpm can be used to verify the signature of an RPM package to determine whether it really originates from SUSE or from another trustworthy facility. This is especially recommended for update packages from the Internet. The SUSE public package signature key normally resides in /root/.gnupg/. The key is additionally located in the directory /usr/lib/rpm/gnupg/ to enable normal users to verify the signature of RPM packages.