[Solved] Verifying virtual machine images for Whonix-10.0.0.5.5 fails

I am getting

$ gpg --verify-options show-notations --verify Whonix-Gateway-*.ova.asc Whonix-Gateway-*.ova
gpg: Signature made Sat 18 Apr 2015 08:19:41 AM EEST using RSA key ID 77BB3C48
gpg: BAD signature from "Patrick Schleizer <adrelanos@riseup.net>"

After importing the key

Here are my image checksums for reference (I wonder why won’t you add checksums to the Downloads page as well):

$ sha256sum Whonix-Gateway-10.0.0.5.5.ova 
c22dbeb97da9b08a320fe39487b817f2d2616eaf32ba83c6c741fe9220439e41  Whonix-Gateway-10.0.0.5.5.ova
$ sha256sum Whonix-Workstation-10.0.0.5.5.ova 
5c6abbb993d9ff670c82201dd048a18c7c8d8a8b4606d69c396d39492f2c09dc  Whonix-Workstation-10.0.0.5.5.ova

Tried re-download both image and signature?

Download table on download page contains sha512 hash files btw.

My fault, I have used the signatures for the torrent files against the actual images by mistake.