To better understand the relationships between root and intermediate CAs, we extracted from each certificate chain the path of intermediate CAs up to the root and then merged all paths into one single graph—the tree of trust.
In this graph, each node represents a CA, where red nodes correspond to root CAs and green nodes to intermediates. The node diameter scales logarithmically with the number of certificates signed by the node. Similarly, the color of the green nodes scales proportional to the diameter. For example, large and deep green nodes represent intermediate CAs which have signed a large number of certificates, as opposed to small and light green nodes.
We provide an interactive version of the tree of trust for easier navigation. Hovering over a node highlights all intermediate CAs for the corresponding root CA. Clicking on a node displays additional information in a side bar, including the exact number of certificates issued by that CA, the value of the issuer field, the validity period, key size and signature algorithm of the associated public key. Moreover, the search bar allows for quick location of a CA by name.