This document describes techniques and apparatuses for base station location authentication. In particular, a base-station-location server 264 provides protection against a Global Navigation Satellite System (GNSS) spoofing attack or a cellular-network spoofing attack by auditing processed locations 504 of base stations 120 within a cellular network. The base-station-location server 264 maintains a list of authenticated base stations, generates a security key 321 for a base station 120 that is authenticated, and sends the security key 321 to the base station 120 in an authentication message 522. The authenticated base station 120 uses the security key 321 to generate an encrypted positioning reference signal that protects timing information and/or a location 504 of the base station 120. The encrypted positioning reference signal also enables a user equipment (UE) to determine that the base station 120 is authenticated by the base-station-location server 264.