When a federated file is first accessed, a SHA-1 hash is computed and cached.  This may take a while for large files.  As is the case for any Fedora node, a request may be made through a web browser or client to recompute and compare the checksum of a file. 

In the HTML view, beside the "digest" property for the content, there's a "check fixity" link which will recompute the checksum and compare it with the older SHA-1. This feature is documented.

To build a reasonable audit, one should:

1. ensure that all files are visited/accessed to ensure a baseline SHA-1 is computed. This operation can take a long time for large repositories.
2. script a periodic fixity request against each object which looks for the SUCCESS assertion in the response.