I found this on stack overflow, so I am just recapturing here since i found it so useful.
First, unzip the APK and extract the file /META-INF/ANDROID_.RSA (this file may also be CERT.RSA, but there should only be one .RSA file).
Then issue this command:
keytool -printcert -file ANDROID_.RSA
You will get certificate fingerprints like this:
MD5: B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB SHA1: 16:59:E7:E3:0C:AA:7A:0D:F2:0D:05:20:12:A8:85:0B:32:C5:4F:68 Signature algorithm name: SHA1withRSA
Then use the keytool again to print out all the aliases of your signing keystore:
keytool -list -keystore my-signing-key.keystore
You will get a list of aliases and their certificate fingerprint:
android_key, Jan 23, 2010, PrivateKeyEntry, Certificate fingerprint (MD5): B3:4F:BE:07:AA:78:24:DC:CA:92:36:FF:AE:8C:17:DB
Voila! we can now determined the apk has been signed with this keystore, and with the alias ‘android_key’.
Keytool is part of Java, so make sure your PATH has Java installation dir in it.