The certificate chain generated by the device is valid. This means that the mobile device has hardware that is using a known Google root certificate, that there are no revoked nor expired certificates in it, and that all certificates in the chain are properly signed.
The certificate chain contains an unknown root certificate. This can occur with old devices, or new devices (like some Huawei models) that do not have a Google certified chipset.
The certificate chain contains a known Google root certificate. However, it also contains at least one revoked certificate from the certificate revocation list (CRL) published by Google here. This can occur when the device is using a compromised certificate.
The certificate chain contains a known Google root certificate, but the certificate chain could not be verified. This can occur if a rogue client is trying to mimic a trusted mobile device. It can also occur that in old devices one of the intermediate certificates in the chain has expired.
The result of the certificate validation done to know if the keys generated by the device have been generated using a chipset containing a Google root certificate
For a device to support full basic attestation, the certificate chain validation result is CertificateChainValidationResult.Success.
See
FidoUafAttestationInformation.certificateChainValidationResult