diff --git a/.gitlab/README.md.template b/.gitlab/README.md.template
index 7a09bf94776d18abe41e6c85c6309c4f96aabf73..2bc45df2b0153c88884399c76224fed2d522737b 100644
--- a/.gitlab/README.md.template
+++ b/.gitlab/README.md.template
@@ -333,10 +333,23 @@ See https://github.com/distribution/distribution/issues/1201*
 Every released image is [signed](https://docs.gitlab.com/ee/ci/yaml/signing_examples.html)
 using [`sigstore/cosign`](https://github.com/sigstore/cosign).
 
-Check the following docs to learn more about verifying the signature:
+You can use the following command to verify the signatures:
 
-- https://docs.sigstore.dev/cosign/verifying/verify/
-- https://docs.gitlab.com/ee/ci/yaml/signing_examples.html#verification
+```shell
+VERSION=X.Y.Z # put a released components/opentofu version here
+IMAGE_REF=... # put a released components/opentofu image reference here
+cosign verify "${IMAGE_REF}" --certificate-identity="https://gitlab.com/components/opentofu//.gitlab-ci.yml@refs/tags/${VERSION}" --certificate-oidc-issuer="https://gitlab.com"
+```
+
+For example, for image ref `registry.gitlab.com/components/opentofu/gitlab-opentofu:0.34.0-opentofu1.6.0-alpine` and version `0.34.0`:
+
+```shell
+cosign verify "registry.gitlab.com/components/opentofu/gitlab-opentofu:0.34.0-opentofu1.6.0-alpine" \
+    --certificate-identity "https://gitlab.com/components/opentofu//.gitlab-ci.yml@refs/tags/0.34.0" \
+    --certificate-oidc-issuer "https://gitlab.com"
+```
+
+For self-managed mirrors the OIDC issuer must be changed, too.
 
 ### Using with Renovate
 
diff --git a/.gitlab/release-notes.md.template b/.gitlab/release-notes.md.template
index 40dedc61692c7eccb7b50ef102e99d8bdf4a44f0..6a3da5b59de91634f638799294b6f28f546ff1ef 100644
--- a/.gitlab/release-notes.md.template
+++ b/.gitlab/release-notes.md.template
@@ -43,7 +43,14 @@ And with the follow base OS images:
 - `alpine`, use `base_os: alpine` input to use it (default).
 - `debian`, use `base_os: debian` input to use it.
 
-The images have been signed with `cosign`.
+The images have been signed with `cosign` and can be verified with the following command:
+
+```shell
+cosign verify \
+  "$CI_REGISTRY_IMAGE/gitlab-opentofu:$CI_COMMIT_TAG-alpine" \
+  --certificate-identity "$CI_PROJECT_URL//.gitlab-ci.yml@refs/tags/$CI_COMMIT_TAG" \
+  --certificate-oidc-issuer "https://gitlab.com"
+```
 
 > **Note:**
 >
diff --git a/README.md b/README.md
index 0402b3ce4ce485b089bcd6311605805f394202e1..754a0b82e28fcacfcb89cad5dcd6d44fc7729eb9 100644
--- a/README.md
+++ b/README.md
@@ -352,10 +352,23 @@ See https://github.com/distribution/distribution/issues/1201*
 Every released image is [signed](https://docs.gitlab.com/ee/ci/yaml/signing_examples.html)
 using [`sigstore/cosign`](https://github.com/sigstore/cosign).
 
-Check the following docs to learn more about verifying the signature:
+You can use the following command to verify the signatures:
 
-- https://docs.sigstore.dev/cosign/verifying/verify/
-- https://docs.gitlab.com/ee/ci/yaml/signing_examples.html#verification
+```shell
+VERSION=X.Y.Z # put a released components/opentofu version here
+IMAGE_REF=... # put a released components/opentofu image reference here
+cosign verify "${IMAGE_REF}" --certificate-identity="https://gitlab.com/components/opentofu//.gitlab-ci.yml@refs/tags/${VERSION}" --certificate-oidc-issuer="https://gitlab.com"
+```
+
+For example, for image ref `registry.gitlab.com/components/opentofu/gitlab-opentofu:0.34.0-opentofu1.6.0-alpine` and version `0.34.0`:
+
+```shell
+cosign verify "registry.gitlab.com/components/opentofu/gitlab-opentofu:0.34.0-opentofu1.6.0-alpine" \
+    --certificate-identity "https://gitlab.com/components/opentofu//.gitlab-ci.yml@refs/tags/0.34.0" \
+    --certificate-oidc-issuer "https://gitlab.com"
+```
+
+For self-managed mirrors the OIDC issuer must be changed, too.
 
 ### Using with Renovate