Kleopatra ships with Gpg4win on Windows and gives you a GUI for the same checks the gpg command line does. This reading covers the Kleopatra path.

Install Gpg4win

From gpg4win.org. Verify the installer signature per their instructions. First install requires signature check like any security software.

Import the operator key

Save the operator public key file as wtn.asc. Open Kleopatra. File → Import. Select the file. The key appears in your key list.

Verify a rotation

Save the signed rotation as rotation.txt. Right-click the file in File Explorer. Pick More GpgEX options → Verify.

A window pops up with the result. Either the signature is valid (green) or the file has been modified (red). Same principle as gpg on the command line, different button.

Reading the Kleopatra result window

Green tick and "Good signature": trust the address inside.

Red cross and "BAD signature": do not trust. Alert the community.

Yellow warning and "unknown signer": you did not import the operator key yet.

Compare the address

Open rotation.txt in Notepad. Find the onion address. Compare to the current mirror reference.