Comment by geofft

They're subordinate under another CA (GlobalSign), and presumably contractually obligated to only sign their own certs. GlobalSign offers the following service to anyone willing to pay the sizable fee, undergo a sizable audit, comply by the CA/Browser forum rules, and only issue certs to themselves:

https://www.globalsign.com/certificate-authority-root-signin...

There are a few other vendors that I've seen offer similar services.