The .sin files are apparently just plain tar achives. Once you extract it, you'll notice that "boot_X-FLASH-ALL-8A63.sin" consists of "boot.000" and "boot.cms". The first one is the actual partition data, while boot.cms is a digital signature sort of thing (I don't know the details). I've compared "Customized EEA_62.0.A.3.163" with "Vodafone LC Not Net Locked_62.0.A.3.163" and the "boot.000" files are bit-for-bit identical, only the signature file differs. (See https://xdaforums.com/t/tool-window...-any-sony-firmware-file.3530077/post-72587162 for another post which mentions these .cms files)
My guess is that Sony signs each customized firmware bundle individually, resulting in multiple different signatures for the same data.
My guess is that Sony signs each customized firmware bundle individually, resulting in multiple different signatures for the same data.