Checking for autenthicity & integrity of .apk

I want to download the k9-5.729.apk from github.
I would like to check the file for authenticity and integrity, but I do not find a certificates neither a cheksum.
Can you provide them?

The .apk should be signed and only be installabke if the signature is correct.
.apk files are technically .zip files. Android had at least twice the bug that if you added more files and a second directory to an .apk the signature was checked for the original apk, but not for the changes made via the 2nd directory.