Possibly I am wrong but I remember to have used a direct link without any {Policy, Signature, Key-Pair-Id} to download that image. For sure in posting that link, I did not removed anything from.
Did ever check the download url from https://shop.jolla.com/ ?
If you did not, much probably I am right.
Instead, If you did that check in the past, did you saved the link?
Go to check that link and compare with the one you get from Jolla shop. 
Suggestion: if you download it from your browser, you have such a link in downloads browser page.
UPDATE
The Policy and Key_Pair_Id are constant among releases while Signature changes.