For the SDK to function properly, a trust anchor must be defined to be used for the AttestationStatement validation. Such trust anchors are the source of truth, and may have to provide information on which authenticators to trust or not to trust. Trust anchors are usually attestation root certificates (or ECDAA-issuer public keys, but the FIDO2 SDK does not support ECDAA).
You can either define such trust anchors or fetch them from the FIDO Metadata Service.
Implementing the TrustAnchorProvider interface is crucial for the verification of attestation statements.