To verify the Fedora 10 package downloads, you need the new key they’re signing the Fedora 10 packages with, but it’s only included in the -release rpm which you don’t want to install on some other machines, say your repository mirror.
This works:
rpm --import 'http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0xBF226FCC4EBFC273'
I wonder why this is different than the -newkey key. Anyway, don’t take my word for it, check the signatures to prove it for yourself.