The admin tool should gain a subcommand to list the currently attached OpenPGP subkeys and allow a comparison to the public OpenSSH host keys available on the system.
This subcommand should allow detecting any discrepancies between the two (e.g. in case the OpenSSH host keys have been re-generated).