In order to protect their reputation, Red Hat as "signed" all the RPM files in their repositories with a GPG key. The "public" part of the key is freely available (see the RH site for details of how to install the public key), and it is needed to validate the RPM file you're downloading.
As a temporary work-around (if you wish to take the risk), you can use the --nogpgcheck option to the yum command. But you're more secure if you install the public keys.
Note: RH changed all their keys a few months ago because the integrity of the old keys was compromised, so any older keys you had installed will need to be replaced, or any keys installed with an old distribution.