I'm using the new trust dump command for comparison purposes.
If the input to p11-kit-trust is BEGIN TRUSTED CERTIFICATE, the resulting object has
If the input is [p11-kit-object-v1], the resulting object has
Even if the attribute
is added to the [p11-kit-object-v1] input format,
the resuling object is listed as
It seems that the behavior was introduced when p11-kit persist files gained writing support:
I am not sure if it is intended, but I have opened a PR that respects "modifiable" settings from the file itself: