mmdebstrap-image fails to build bookworm images on maint-14.5

The following are logs from mmdebstrap-image running under arm64, but I tested the same thing happens in an amd64 ubuntu 22.04.3 container:

I: chroot architecture arm64 is equal to the host's architecture
I: finding correct signed-by value...
I: automatically chosen format: tar
I: using /tmp/mmdebstrap.OTzx_mfTnF as tempdir
I: running apt-get update...
Get:1 http://security.debian.org/debian-security bookworm-security InRelease [48.0 kB]
Get:2 http://deb.debian.org/debian bookworm InRelease [151 kB]
Get:3 http://security.debian.org/debian-security bookworm-security/main arm64 Packages [270 kB]
Get:4 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
Err:4 http://deb.debian.org/debian bookworm-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY 78DBA3BC47EF2265
Get:5 http://deb.debian.org/debian bookworm/main arm64 Packages [8693 kB]
Reading package lists...
W: GPG error: http://deb.debian.org/debian bookworm-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6ED0E7B82643E131 NO_PUBKEY 78DBA3BC47EF2265
E: The repository 'http://deb.debian.org/debian bookworm-updates InRelease' is not signed.
E: apt-get update --error-on=any -oAPT::Status-Fd=<$fd> -oDpkg::Use-Pty=false failed

I think verification fails because ubuntu 22.0.3 ships debian-archive-keyring 2021.1.1ubuntu2, and bookworm keys were possibly rotated after the trixie release to keys not present in that version. As a result, unless mmdebstrap-image's artifacts are cached, the browsers fail to build from source.