diff --git a/Makefile b/Makefile
index 475a4d605d..a0aa24d05f 100644
--- a/Makefile
+++ b/Makefile
@@ -464,7 +464,7 @@ sign: ## Sign an AKO multi-architecture image
 	IMG=$(IMG) SIGNATURE_REPO=$(SIGNATURE_REPO) ./scripts/sign-multiarch.sh
 
 cosign:
-	@which cosign || go install github.com/sigstore/cosign/cmd/cosign@latest
+	@which cosign || go install github.com/sigstore/cosign/v2/cmd/cosign@latest
 
 ./ako.pem:
 	curl $(AKO_SIGN_PUBKEY) > $@
diff --git a/scripts/sign-multiarch.sh b/scripts/sign-multiarch.sh
index 75c3f97b06..715c9f7f8a 100755
--- a/scripts/sign-multiarch.sh
+++ b/scripts/sign-multiarch.sh
@@ -9,14 +9,14 @@ action=${1:-sign}
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 
 docker pull "${img}"
-MULTIARCH_IMG_SHA=$(docker inspect "${img}" |jq -rc '.[0].Id')
+MULTIARCH_IMG_SHA=$(docker inspect --format='{{index .RepoDigests 0}}' "${img}" |awk -F@ '{print $2}')
 IMG_PLATFORMS_SHAS=$(docker manifest inspect "${img}" | \
   jq -rc '.manifests[] | select(.platform.os != "unknown" and .platform.architecture != "unknown") | .digest')
 
-echo "${action} parent multiarch image ${img}@${MULTIARCH_IMG_SHA}..."
-IMG="${img}@${MULTIARCH_IMG_SHA}" "${SCRIPT_DIR}/${action}.sh"
-
 for platform_sha in ${IMG_PLATFORMS_SHAS}; do
   echo "${action} platform image ${img}@${platform_sha}..."
   IMG="${img}@${platform_sha}" "${SCRIPT_DIR}/${action}.sh"
 done
+
+echo "${action} parent multiarch image ${img}@${MULTIARCH_IMG_SHA}..."
+IMG="${img}@${MULTIARCH_IMG_SHA}" "${SCRIPT_DIR}/${action}.sh"