Bad GPG signature on Linux release binaries

[warelock2]

Wire version: 3.39.3653

Files involved:

• Wire-3.39.3653_x86_64_b6fcbacaf153678b1d30698d5d34d034.AppImage
• sha256sum.txt.asc
• 3.39.3653.tar.gz.sig
• wire-sig.txt: I extracted the GPG signature block from sha256sum.txt.asc here
• releases.key: Dowloaded from here

Expected behavior:

Run "gpg --verify" and get "Good signature" message

Actual behavior:

Run "gpg --verify" and get "Bad signature" message

Details:

$ gpg --verify wire-sig.txt ../Applications/Wire-3.39.3653_x86_64_b6fcbacaf153678b1d30698d5d34d034.AppImage 
gpg: Signature made Mon 20 Jan 2025 01:28:46 AM PST
gpg:                using RSA key ABBA007D6E14E2DB5B283C45D599C1AA126762B1
gpg: BAD signature from "Wire Releases Signing Key <releases@wire.com>" [unknown]

$ gpg --verify 3.39.3653.tar.gz.sig ../Applications/Wire-3.39.3653_x86_64_b6fcbacaf153678b1d30698d5d34d034.AppImage 
gpg: Signature made Mon 20 Jan 2025 02:52:15 AM PST
gpg:                using RSA key ABBA007D6E14E2DB5B283C45D599C1AA126762B1
gpg: BAD signature from "Wire Releases Signing Key <releases@wire.com>" [unknown]

NOTE: The sha256 checksums do match.