It looks like the cert you get from the /pem endpoint is a public certificate that contains other information in addition to the public key. If you decode it, you can see other information.
The result from your openSSL command extracts the public key from the original cert.
My original response said you could get the PEM formatted public key from the /pem endpoint, which is not exactly correct. It looks like you get a PEM formatted cert that contains the public key. I’ll edit it.