If you have any cert authority in the U.S. they already been compromised and can be muted with a security letter.
Unless you run whatever future certt out of a military type environment, you will be infiltrated with keyboard bugs, monitor bugs, cable taps, etc.
Why do you think the Russians went back to typewriters? Anything electronic can be snooped, the level of compromise so great that it
is nearly impossible to protect against attacks.
So what can you do? Set up multiple checks across the globe, out of control. If there is discrepancy, then consider yourself compromised or a target.
The fact that the PGP fakes have shown up means that there have been man in the middle attacks.
Your personal router has a back door? Probably if it is commercially sold.
Your internet provider has been backdoored? Most likely, or is easily done with a device brought in the front door with a security letter.
Your local internet backbone has an intercept? Definitely
You can be served faked certs and ip addresses, fake windows updates? Proven
Commercial routers have back door? Proven, the very fabric of the internet is polluted.
You have to containerize your internet now via VPN, and those keys can be secured in the U.S. with a security letter. With quantum computing, it can be broken.