I downloaded the installation files for Data Protector 23.4.
DP_234_GPG_Certificate.zip contains the PGP key "public_key_Micro_Focus_Group_Limited_RSA-2048-4.asc", but "DP_234_GPLx86_64.tar.gz.sig" actually used key "Micro Focus Group Limited RSA-2048-2 (7A6F 1651 B5CE B980)" to sign (that key is used for the other signatures as well). So IMHO that certificate ZIP is useless.
Didn't OpenText try to verify the signatures they made? Also considering that both keys were created in August 2018, I wonder why there are two of them (both valid until August 2028).