We used to report the subkect keyid as fingerprint, but that clashes with openssl's certificate fingerprint. We now report both the keyid and the cert fingerprint.
