I am getting
$ gpg --verify-options show-notations --verify Whonix-Gateway-*.ova.asc Whonix-Gateway-*.ova
gpg: Signature made Sat 18 Apr 2015 08:19:41 AM EEST using RSA key ID 77BB3C48
gpg: BAD signature from "Patrick Schleizer <adrelanos@riseup.net>"
After importing the key
Here are my image checksums for reference (I wonder why won’t you add checksums to the Downloads page as well):
$ sha256sum Whonix-Gateway-10.0.0.5.5.ova
c22dbeb97da9b08a320fe39487b817f2d2616eaf32ba83c6c741fe9220439e41 Whonix-Gateway-10.0.0.5.5.ova
$ sha256sum Whonix-Workstation-10.0.0.5.5.ova
5c6abbb993d9ff670c82201dd048a18c7c8d8a8b4606d69c396d39492f2c09dc Whonix-Workstation-10.0.0.5.5.ova