You can - temporarily work around the gpg issue by loosing the package check in pacman.conf
# By default, pacman accepts packages signed by keys that its local keyring
# trusts (see pacman-key and its man page), as well as unsigned packages.
SigLevel = Required DatabaseOptional
This should not be necessary but as a last resort.
Change SigLevel to read SigLevel = TrustAll - do remember to set it back when
You can use manjaro-get-iso (CLI) or manjaro-iso-downloader (GUI) package to download and verify the iso.
→ Pacman troubleshooting - Manjaro
→ [root tip] [How To] Mitigate and prevent GPGME error when syncing your system
The get-iso script is a single python script source at