The simple check is to run
in the directory where you downloaded the tarball ../mkusb-plug-plus-tools.tar.gz.
and compare the result with the corresponding line in the checksum file ../mkusb-plug-plus-tools.tar.gz.md5.asc
Higher level of security
You may want a higher level of security. The checksum file is signed with gpg and you can verify it according to the following commands.
gpg --keyserver keyserver.ubuntu.com --recv-keys EB0FC2C8 gpg --verify mkusb-plug-plus-tools.tar.gz.md5.asc
The warning "This key is not certified with a trusted signature! There is no indication that the signature belongs to the owner." means that there is no chain of trusted keys between your computer's keyring and the key, that was used to sign the checksums (the key of sudodus). Check that the result matches with the following output, when you verify it,
lubuntu@lubuntu:~$ gpg --keyserver keyserver.ubuntu.com --recv-keys EB0FC2C8 gpg: keybox '/home/lubuntu/.gnupg/pubring.kbx' created gpg: /home/lubuntu/.gnupg/trustdb.gpg: trustdb created gpg: key BD43C742EB0FC2C8: public key "Nio Sudden Wiklund (sudodus) <email@example.com>" imported gpg: Total number processed: 1 gpg: imported: 1 lubuntu@lubuntu:~$ cd Downloads/ lubuntu@lubuntu:~/Downloads$ gpg --verify mkusb-plug-plus-tools.tar.gz.md5.asc gpg: Signature made Fri Feb 14 18:44:48 2020 UTC gpg: using RSA key 0303EA77E34C52F2295847C6BD43C742EB0FC2C8 gpg: issuer "firstname.lastname@example.org" gpg: Good signature from "Nio Sudden Wiklund (sudodus) <email@example.com>" [unknown] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 0303 EA77 E34C 52F2 2958 47C6 BD43 C742 EB0F C2C8
Then there is reason to trust that nobody else has written the checksums. The date of the signature will change at updates, and the text might be translated to your local language, but it should be clear that it is a 'Good signature from "Nio Sudden Wiklund (sudodus)"'.
Convenient way to check the md5sum
If you have the tarball and the md5sum file in the same directory, you can use the md5sum program to check it like this,
$ md5sum -c mkusb-plug-plus-tools.tar.gz.md5.asc mkusb-plug-plus-tools.tar.gz: OK md5sum: WARNING: 14 lines are improperly formatted
The 'improperly formatted lines' are the lines belonging to the gpg signature.