If you're just concerned with the fingerprint for the VPN client, then that fingerprint the one of the management server CA, not the gateway's own certificate. This is why the fingerprint doesn't change for the clients just because the gateway's certificate is renewed by the management server. HOWEVER... if you changed your management server certificate, then this WILL change.
I have a script I posted to the Toolbox that can decode it for you:
https://community.checkpoint.com/t5/Scripts/rfc1751-py/m-p/194975#M1130
Get this Python script, and you can run the inline "openssl s_client" command against your gateway which will get you the correct fingerprint you can verify.