When making an API call to /user/:userid/monetary-account to fetch a list of monetary accounts, I get a response from the Bunq API that includes an X-Bunq-Server-Signature header, but when attempting to verify the signature with the public key that I acquired in the POST /installation endpoint, verifying the signature fails.

The code itself seems to work fine, as I use the same logic for verifying the server signature when fetching an access token, and that signature passes verification as expected.

Does bunq use a different RSA keypair for endpoints such as /user/:userid/monetary-account? if yes, where can I find the public key to verify these signatures?

For completeness, here's the code I currently use for verifying the server signature:

private bool VerifyResponseSignature(string content, string signature)
    {
        var contentBytes = Encoding.UTF8.GetBytes(content);
        var signatureBytes = Convert.FromBase64String(signature);

        var rsa = RSA.Create();
        rsa.ImportFromPem(_bunqConfig.BunqPublicKey);

        return rsa.VerifyData(contentBytes, signatureBytes, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
    }