It has been like this since approximately 14:00 CET, since they updated the list of packages. It's not a problem with the servers, the problem is a simply signature mismatch.
App Center always downloads two files from the same URLs from the same QNAP servers. The first one is the list of all packages (last versions), and the second one is a sign of the first file, the sign is needed to make sure that the first one has not been modified. App Center calculates a SHA1 hash of the first file (the package list) and verify against the SHA1 inside of the signature. If both hash matches, the list is valid, and we can install or update the applications, if there is a missmatch, App Center deletes the recently downloaded list and sign and continues working with the previous one.
The SHA1 of the current list is:
eseeb3c294455a5bb883ae125aacfc993e012719a1
The SHA1 in the signature is:
c732268e5ac0ba2acded5271c2e332e3c5e85ac5
Because is a missmatch, App Center delete both for security measures.
There can be two causes:
-First, the signature was generated incorrectly, so QNAP only have to resign the package list.
-Second, the package list file was altered (maliciously or not) after the signature was generated. In this case, QNAP only have to check the list, and once all are correct, resign the list.
Remember that a digital sign will be broken if a single bit has been modified. What is currently happening with App Center is nothing more than a basic security measure to ensure that ALL software downloaded from the official Store is legitimate.
anyway, the only two changes from the new package list (2022/24/22) was CayinMedia Player and MalwareScanner, both can be downloaded from AppCenter website.