The keys aren't missing. You can use gpg to verify that and gpgv to verify that you can validate the Release file using the Release.gpg signature file.
gpg --list-keys --keyring trustedkeys.gpg --verbose
gpgv --keyring=/root/.gnupg/trustedkeys.gpg Release.gpg Release
Your default Ubuntu keyring should be /root/.gnupg/pubring.kbx
It really doesn't matter what keyring you give it - it uses trustedkeys.gpg by default and ignores any instructions to the contrary.
I've spent the last several hours working with ChatGPT to troubleshoot this problem on Ubuntu Focal. I have tried both gpg1 and gpg2, gpgv1 and gpgv2. I have watched aptly download the keys to /tmp but it never does anything with them. It won't even create the rootDir. Nothing I tried made it work, save for turning off checking. ("gpgDisableVerify": true, in ~/.aptly.conf)
It appears that crypto in both version 1.50 and the older version in the Ubuntu repo is broken.
After turning off crypto verification I finally got the mirrors created and it download exactly 500 .deb files and quit.
This version is limited to 500, either by design, a bug, or maybe by trying to use and external REST service that limits you to 500.