gpg key mismatch when importing

The key you are importing can be seen on the Ubuntu keyserver HTTP interface:

  • http://keyserver.ubuntu.com/pks/lookup?search=0xa48449044aad5c5d&fingerprint=on&op=index

Here you can see that the key you're requesting is actually a subkey of the one you're getting:

uid Debian Security Archive Automatic Signing Key (11/bullseye) <[email protected]>
sig  sig  a48449044aad5c5d 2021-01-17T11:17:04Z 2029-01-15T11:17:04Z ____________________ [selfsig]
sig  sig  dc30d7c23cbbabee 2021-01-17T11:26:41Z ____________________ ____________________ dc30d7c23cbbabee
sig  sig  4dfab270caa96dfa 2021-01-17T11:27:03Z ____________________ ____________________ 4dfab270caa96dfa
sig  sig  73a4f27b8dd47936 2021-01-17T11:29:50Z ____________________ ____________________ 73a4f27b8dd47936
sig  sig  bc372252ca1cf964 2021-01-17T11:42:26Z ____________________ ____________________ bc372252ca1cf964
sig  sig  db16cf5bb12525c4 2021-01-17T12:51:55Z ____________________ ____________________ db16cf5bb12525c4

sub rsa4096/ed541312a33f1128f10b1c6c54404762bbb6e853 2021-01-17T11:17:04Z            
sig sbind a48449044aad5c5d 2021-01-17T11:17:04Z ____________________ 2029-01-15T11:17:04Z []

My understanding is that Debian does this so that one key can be used for signing while the other key can be kept offline.