Most zips I've seen have CERT.RSA, CERT.SF, and MANIFEST.MF in the META-INF folder. Are those not generally needed?
They are certificates from a zip signer or apk signer, I have used an apk signer to sign a zip file and it places those certificate files in the META-INF folder.