MD5 checksum from System::SoftwareManagement.get_software_image

The chksum key in the softwareRepositoryImage object (https://devcentral.f5.com/wiki/iControl.System__SoftwareManagement__softwareRepositoryImage.ashx) is documented as being the MD5 checksum of the file. However, I'm getting a different sum back when I calculate an MD5 sum locally, for example:

!/usr/bin/env ruby

require "rubygems"
require "f5-icontrol"
require "digest/md5"

def check_md5(filename)
  repository_image_id = {"chassis_slot_id" => 0, "filename" => filename}
  remote_software = @ic["System.SoftwareManagement"].get_software_image([repository_image_id])
  p remote_software
  puts "\nlocal: {Digest::MD5.file(filename).hexdigest} remote: {remote_software[0]['chksum']}"
end

@ic = F5::IControl.new("10.2.2.12","user","pass", ["System.SoftwareManagement"]).get_interfaces

check_md5("BIGIP-11.3.0.2806.0.iso")

Returns:

leo:icontrol philh$ ./md5test.rb 
/usr/local/Cellar/ruby/1.9.3-p374/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in `require': iconv will be deprecated in the future, use Stringencode instead.
[]

local: 2e44d68102d3aeaae2b2cc52be5743b8 remote: a71aa1931585e25567844d81fd0336d1
leo:icontrol philh$

I've checked this on a 6400 running 10.2.4 and a 1600 running 11.3.0 and it's always the same. The remote 'chksum' is different to a locally generated one. It's even different to an 'md5sum /shared/images/BIGIP-11.3.0.2806.0.iso' run on the BIG-IP itself.

I just wondered if anyone else had come across this? Maybe the remote 'chksum' is run after the iso is mounted? I was hoping to make sure the file was ok before I try and install it. It looks like the 'verified' key means that the remote side has calculated it's checksum, not that the file is actually ok.

Many Thanks Phil