So i have generated a new key pair with genCAPair and load it with setupCustomCA. All good. I generate a signature for the app with
loadApp --offline --signApp --signPrivateKey with the private key returned from genCAPair.

After this i try to load the app with loadApp. It works and loads if i do not specify anything for the --signature flag. It loads and gives the expected not genuine warning. However if i attempt to provide the app signature with the --signature flag, the load fails and returns an error of "Invalid Status 6986".

However, if i sign and load the app in one step with
loadApp --signApp --signPrivateKey
it will sign it and load it and no error is returned and the not genuine warning is no longer present.

So to summarise, I can get the desired behaviour of loading a signed application on a custom CA by specifying
loadApp --signApp --signPrivateKey
but i get an invalid status error 6986 if i attempt to load a signature generated in a seperate step with
loadApp --offline --signApp --signPrivateKey <private_key>
loadApp --signature <app_signature>