Certificate authority in known_hosts file not recognized - OpenSSH

I am working on establishing an SSH connection between a host server and a client using the SSH certificates, as a first step of the process I used the CA key (generated using a separate CA server) to sign the host public key (host_key.pub), this process generates the host_key-cert.pub and I also configured the sshd_config file adding the HostCertificate line.As a 2nd step I wanted to make the client trust the hosts that have the key signed by CA, so i added the CA public key to the known_hosts file like this :

@cert-authority * ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCN5ww1PiSgrdbLG4wyI3h1p+0YWhIMCu9gP7QSO3ypwafqfVRhpEJmN9Dwv2gORHrU0Fn61+AU3ppLnrsvmyJGO3lPlic/5TaNKACenbr5KdaBI9mFt23tEfOsYhMTMrjPpmujYu0sWbEB+re5uwKViTqLbNaaEWwvFB9QzZGNuJTPJ16P2YhxjdTgk/NlrEp7RjUeIy4U0KTFK8mgj0uBRiykuBtfLBBcRDStZmhdnYP0gjx2pTZRuNjRm0xZ/P75SNgBvkxHAhJ+cIMDc9w+fLX0QQ8BwuvlcsXBzN5ga3/SQ18quNL1ETVNDQoRud9bcpAg+2QcTRfrABvjLVVEnYVZreDsQz7iZko09xUvFIeWFpOOh+AhCmTSUrW6FBc8zFKr0Cvxw68hPfEWNULxL0JU/fL05TykE/02Fog9rpoYFu4lzENMp90AKDKJVnoR53hjhEekf2XKD5DoG0qzvrsFZB/URbLjx+UGpQPXCQSIpcNaf9dn41NLYjlFjJs= badreddine1906@ubuntu-CA

I wanted to test if the client will trust the host before completing the signing of the user keys so I tried to log in to the server and see if that usual ssh msg of first time use would still pop up (it shoundl't normally since I added the CA public key to the known_hosts file so the client will automatically trust any host that presents a host_key signed by the CA) but the msg keeps popping up and asks me if I want to trust the host because it is unknown :

The authenticity of host 'ubuntu.server.ssh (10.10.10.20)' can't beestablished. ED25519 key fingerprint isSHA256:3nM02/5BE1HKfdLbtUHOurBiS4FGb7QY5ww1cCkhnR8. This key is notknown by any other names Are you sure you want to continue connecting(yes/no/[fingerprint])?

the problem is that when I enter the -vvv flag to understand what is the issue, the error doesnt say unvalid certificate or some sort of thingIt seems like it doesnt even read the line in the known_hosts file for some reason :

badreddine1906@ubuntu-SSH-client:~/.ssh$ ssh -vvv ubuntu.server.sshOpenSSH_8.9p1 Ubuntu-3ubuntu0.10, OpenSSL 3.0.2 15 Mar 2022debug1: Reading configuration data /etc/ssh/ssh_configdebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no filesdebug1: /etc/ssh/ssh_config line 21: Applying options for *debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/badreddine1906/.ssh/known_hosts'debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/badreddine1906/.ssh/known_hosts2'debug2: resolving "ubuntu.server.ssh" port 22debug3: resolve_host: lookup ubuntu.server.ssh:22debug3: ssh_connect_direct: enteringdebug1: Connecting to ubuntu.server.ssh [10.10.10.20] port 22.debug3: set_sock_tos: set socket 3 IP_TOS 0x10debug1: Connection established.debug1: identity file /home/badreddine1906/.ssh/id_rsa type -1debug1: identity file /home/badreddine1906/.ssh/id_rsa-cert type -1debug1: identity file /home/badreddine1906/.ssh/id_ecdsa type -1debug1: identity file /home/badreddine1906/.ssh/id_ecdsa-cert type -1debug1: identity file /home/badreddine1906/.ssh/id_ecdsa_sk type -1debug1: identity file /home/badreddine1906/.ssh/id_ecdsa_sk-cert type -1debug1: identity file /home/badreddine1906/.ssh/id_ed25519 type -1debug1: identity file /home/badreddine1906/.ssh/id_ed25519-cert type -1debug1: identity file /home/badreddine1906/.ssh/id_ed25519_sk type -1debug1: identity file /home/badreddine1906/.ssh/id_ed25519_sk-cert type -1debug1: identity file /home/badreddine1906/.ssh/id_xmss type -1debug1: identity file /home/badreddine1906/.ssh/id_xmss-cert type -1debug1: identity file /home/badreddine1906/.ssh/id_dsa type -1debug1: identity file /home/badreddine1906/.ssh/id_dsa-cert type -1debug1: Local version string SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3ubuntu0.10debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 pat OpenSSH* compat 0x04000000debug2: fd 3 setting O_NONBLOCKdebug1: Authenticating to ubuntu.server.ssh:22 as 'badreddine1906'debug3: record_hostkey: found ca key type RSA in file /home/badreddine1906/.ssh/known_hosts:1debug3: load_hostkeys_file: loaded 1 keys from ubuntu.server.sshdebug1: load_hostkeys: fopen /home/badreddine1906/.ssh/known_hosts2: No such file or directorydebug3: record_hostkey: found ca key type RSA in file /etc/ssh/ssh_known_hosts:1debug3: load_hostkeys_file: loaded 1 keys from ubuntu.server.sshdebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directorydebug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.comdebug3: send packet: type 20debug1: SSH2_MSG_KEXINIT sentdebug3: receive packet: type 20debug1: SSH2_MSG_KEXINIT receiveddebug2: local client KEXINIT proposaldebug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.comdebug2: host key algorithms: ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-ed25519@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,rsa-sha2-512,rsa-sha2-256debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.comdebug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.comdebug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1debug2: compression ctos: none,zlib@openssh.com,zlibdebug2: compression stoc: none,zlib@openssh.com,zlibdebug2: languages ctos:debug2: languages stoc:debug2: first_kex_follows 0debug2: reserved 0debug2: peer server KEXINIT proposaldebug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x25519-sha512@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,kex-strict-s-v00@openssh.comdebug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.comdebug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.comdebug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1debug2: compression ctos: none,zlib@openssh.comdebug2: compression stoc: none,zlib@openssh.comdebug2: languages ctos:debug2: languages stoc:debug2: first_kex_follows 0debug2: reserved 0debug3: kex_choose_conf: will use strict KEX orderingdebug1: kex: algorithm: curve25519-sha256debug1: kex: host key algorithm: ssh-ed25519debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: nonedebug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: nonedebug3: send packet: type 30debug1: expecting SSH2_MSG_KEX_ECDH_REPLYdebug3: receive packet: type 31debug1: SSH2_MSG_KEX_ECDH_REPLY receiveddebug1: Server host key: ssh-ed25519 SHA256:3nM02/5BE1HKfdLbtUHOurBiS4FGb7QY5ww1cCkhnR8debug3: record_hostkey: found ca key type RSA in file /home/badreddine1906/.ssh/known_hosts:1debug3: load_hostkeys_file: loaded 1 keys from ubuntu.server.sshdebug1: load_hostkeys: fopen /home/badreddine1906/.ssh/known_hosts2: No such file or directorydebug3: record_hostkey: found ca key type RSA in file /etc/ssh/ssh_known_hosts:1debug3: load_hostkeys_file: loaded 1 keys from ubuntu.server.sshdebug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directorydebug3: hostkeys_find_by_key_hostfile: trying user hostfile "/home/badreddine1906/.ssh/known_hosts"debug3: hostkeys_foreach: reading file "/home/badreddine1906/.ssh/known_hosts"debug3: hostkeys_find_by_key_hostfile: trying user hostfile "/home/badreddine1906/.ssh/known_hosts2"debug1: hostkeys_find_by_key_hostfile: hostkeys file /home/badreddine1906/.ssh/known_hosts2 does not existdebug3: hostkeys_find_by_key_hostfile: trying system hostfile "/etc/ssh/ssh_known_hosts"debug3: hostkeys_foreach: reading file "/etc/ssh/ssh_known_hosts"debug3: hostkeys_find_by_key_hostfile: trying system hostfile "/etc/ssh/ssh_known_hosts2"debug1: hostkeys_find_by_key_hostfile: hostkeys file /etc/ssh/ssh_known_hosts2 does not existThe authenticity of host 'ubuntu.server.ssh (10.10.10.20)' can't be established.ED25519 key fingerprint is SHA256:3nM02/5BE1HKfdLbtUHOurBiS4FGb7QY5ww1cCkhnR8.This key is not known by any other namesAre you sure you want to continue connecting (yes/no/[fingerprint])?

what might be the issue causing the client not to recognize the certificate( and i am sure that the CA is correct, otherwise if it wasnt correct an error would indicate an invalid certificate)