Once you have the operator key imported, verifying a rotation is two commands and one comparison.

Save the signed message

Copy the whole signed rotation from the operator announcement, including the envelope headers. Save into a file called rotation.txt. Do not strip anything. The signature covers every byte between -----BEGIN PGP SIGNED MESSAGE----- and -----END PGP SIGNATURE-----. Extra whitespace, missing newlines, or stray copy-paste artefacts break the check.

Run the verify

gpg --verify rotation.txt

The output tells you whether the signature is good. Look for a line that reads:

gpg: Good signature from "WeTheNorth <operator@...>"

That is success.

Ignore the trust warning

You will almost always also see a line like:

gpg: WARNING: This key is not certified with a trusted signature

This is expected. It only means you have not personally signed the operator key with your own PGP key. Ignore.

Compare the address inside

Open rotation.txt in a text editor. Find the onion address in the message body. Compare it to the current mirror reference on this site. Match means the address is trustworthy. Mismatch means either the reference is out of date (unlikely on this site) or you copied the wrong rotation message.