ssh-keygen and its -Z option on OpenBSD and on RHEL

tl;dr; with newer versions of OpenSSH, you should use the -n option instead of -Z to set the principals (eg. hostname or user).

Looking at the source code for ssh-keygen, the -Z option is accepted but seems to have something to do with a "format cipher"

Yes, and the reason why you don't get an error is because that openssh_format_cipher variable is not used when creating a certificate, but only when generating a key with a passphrase.

If you generate a key with ssh-keygen -f ./path -Z some_garbage and set a passphrase you will get an error.

Is ssh-keygen on RHEL 6 ... patched with RedHat-only patches that makes -Z act differently?

Yes, it used to be. You can see in the openssh-5.3p1-ssh-certificates.patch from here:

+               case 'Z':
+                       cert_principals = optarg;
+                       break;
                case 'p':

That patch is no longer used in newer rpms.