RPM packages are usually signed by a gpg key to verify that they were created by the person or organization that it claims to be from. You can run into this error if you are trying to install an RPM that was not signed (e.g. a local build). If you need to install an unsigned package which you trust, pass the --nogpgcheck flag, e.g.:

sudo yum install --nogpgcheck package-name.rpm

MongoDB does sign their packages, so this may be a matter of misconfiguration. To install MongoDB from their upstream yum repository, first create a file named /etc/yum.repos.d/mongodb-org-3.2.repo with the contents:

[mongodb-org-3.2]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.2/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.2.asc

Notice that gpgcheck is enabled and we point to MongoDB’s public signing package key. You should now be able to install it with:

sudo yum install -y mongodb-org