When you receive a file that contains a digital signature from a certificate authority that is not recognized by your operating system, you may need to obtain the root certificate (the highest level of certificate in a certificate chain) before you can determine if the digital ID in the digital signature is valid.
Digital IDs work on the basis of a trust hierarchy. In a trust hierarchy, the root certificate is the digital ID of the issuing certificate authority. Popular browsers such as Microsoft Internet Explorer already include the root certificates of the major certificate vendors, making those digital IDs automatically trusted.
When you receive a file that is signed with a digital ID issued by someone other than a major vendor (for example, your company's internal IT department), you cannot validate the digital ID until you receive the root certificate.