Part of the headache when adding the ARA-M Certificate to a SIM is getting the correct certificate loaded,
The below command calculates it the SHA-1 Digest we need to load as the App ID on the SIM card’s ARA-M or ARA-F applet:
apksigner verify --verbose --print-certs "yourapp.apk"
You can then flash this onto the SIM with PySIM:
pySIM-shell (MF/ADF.ARA-M)> aram_store_ref_ar_do --aid FFFFFFFFFFFF --device-app-id 40b01d74cf51bfb3c90b69b6ae7cd966d6a215d4 --android-permissions 0000000000000001 --apdu-always