someone getting at the root CA key at an RIR
There would still be the very similar issue of someone getting at the
certificate that the RIR bought from the third party CA.
no, as that would not be installed in my browser to be absolutely
trusted.
randy