At its Düsseldorf site, the Bundesbank operates a Public Key Infrastructure (PKI). This PKI uses a two-stage certification structure with self-signed root certificates. The root CA certificates certify only downstream specialist CAs.