I wouldn't be surprised if the Saudis have access to the root signing certificates themselves. They wouldn't have to put new certificates in computers' trust stores, as computers would ship from manufacturers already trusting certificates that were signed with those root signing certificates.