How can I verify my download is correct and exactly what has been created by Debian?
There are files here (SHA1SUMS, SHA256SUMS, etc.) which contain checksums of the images. These checksum files are also signed - see SHA1SUMS.sign, SHA256SUMS.sign, etc. Once you've downloaded an image, you can check:
that its checksum matches that expected from the checksum file; and that the checksum file has not been tampered with.
For convenience for some users, this unofficial alternative build includes https://wiki.debian.org/Firmware">non-free firmware for extra support for some awkward hardware.