Broken SonarQube download / Checksums?

A recent attempt to download SonarQube Enterprise 8.9.8 resulted in a possibly broken ZIP file. When unzipping the file, I got a warning about unexpected data after the ZIP header, although the extraction of the files themselves seemed to work. I re-downloaded the file a few days later on another machine and compared the SHA1 sums, and they did not match.
Are there vendor-supplied checksums for the archives? I haven’t been able to find any.

You can find various hashes at SonarSource Downloads-CDN

2022-04-04T09:13:14.000Z 328.1 MB sonarqube-enterprise-8.9.8.54436.zip
2022-04-04T09:13:19.000Z 0.8 kB sonarqube-enterprise-8.9.8.54436.zip.asc
2022-04-04T09:13:18.000Z 0.1 kB sonarqube-enterprise-8.9.8.54436.zip.md5
2022-04-04T09:13:19.000Z 0.1 kB sonarqube-enterprise-8.9.8.54436.zip.sha1
2022-04-04T09:13:19.000Z 0.1 kB sonarqube-enterprise-8.9.8.54436.zip.sha256

Thanks for the prompt reply! Where can I find the fingerprint of the signing key? Otherwise, I will just use the hash files.

It should be this.

https://binaries.sonarsource.com/sonarsource-public.key