diff --git a/Cargo.lock b/Cargo.lock
index 0ae8a99..5a14976 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1803,7 +1803,7 @@ checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
 
 [[package]]
 name = "solo2"
-version = "0.2.1"
+version = "0.2.2"
 dependencies = [
  "anyhow",
  "atty",
diff --git a/src/bin/solo2/cli.rs b/src/bin/solo2/cli.rs
index 1c57f41..8ac6339 100644
--- a/src/bin/solo2/cli.rs
+++ b/src/bin/solo2/cli.rs
@@ -58,8 +58,6 @@ pub struct GlobalOptions {
 pub enum Subcommands {
     #[clap(subcommand)]
     App(Apps),
-    #[clap(subcommand)]
-    Pki(Pki),
 
     #[clap(subcommand)]
     Bootloader(Bootloader),
@@ -71,6 +69,9 @@ pub enum Subcommands {
     #[clap(visible_alias = "ls")]
     List,
 
+    #[clap(subcommand)]
+    Pki(Pki),
+
     /// Update to latest firmware published by SoloKeys. Warns on Major updates.
     Update {
         /// Just show the version that would be installed
@@ -91,8 +92,6 @@ pub enum Subcommands {
 #[derive(Subcommand)]
 /// Interact with bootloader
 pub enum Bootloader {
-    /// Reboots (into device if firmware is valid)
-    Reboot,
     /// List all available bootloaders
     #[clap(visible_alias = "ls")]
     List,
@@ -104,6 +103,8 @@ pub enum Bootloader {
     //     /// Configuration file containing settings
     //     config: String,
     // },
+    /// Reboots (into device if firmware is valid)
+    Reboot,
 }
 
 #[derive(Subcommand)]
@@ -178,14 +179,14 @@ pub enum Apps {
 pub enum Admin {
     /// Print the application's AID
     Aid,
-    /// Reboot device (as Solo 2)
-    #[clap(alias = "reboot")]
-    Restart,
+    /// Is device locked? (not available in early firmware)
+    Locked,
     /// Switch device to maintenance mode (reboot into LPC 55 bootloader)
     #[clap(alias = "boot-to-bootrom")]
     Maintenance,
-    /// Is device locked? (not available in early firmware)
-    Locked,
+    /// Reboot device (as Solo 2)
+    #[clap(alias = "reboot")]
+    Restart,
     /// Return device UUID (not available over CTAP in early firmware)
     Uuid,
     /// Return device firmware version
@@ -222,8 +223,6 @@ pub enum Ndef {
 pub enum Oath {
     /// Print the application's AID
     Aid,
-    /// Register new credential
-    Register(OathRegister),
     // Authenticate,
     /// Delete existing credential
     Delete {
@@ -232,6 +231,8 @@ pub enum Oath {
     },
     /// List all credentials
     List,
+    /// Register new credential
+    Register(OathRegister),
     /// Reset OATH app, deleting all credentials
     Reset,
     /// Calculate TOTP for a registered credential