Signature checking APK

Hi, I just wanted to verify this is legit as I’ve no idea how to check the PGP signature of an apk.

File: tor-browser-11.0.12-android-armv7-multi.apk
From: Tor Project | Download
SHA256: 950df58885a5e9e285869ea69861f72a7f7e0c00d35e55f61cb2cee689e58a95
MD5: b957d88dfe71338eccea4ebcab0739af

Thanks