http://en.wikipedia.org/wiki/Deepness_in_the_sky#Interstellar_culture

In Iron sky, the Nazis obviously had no programming skills, things were hardwired:

http://felixpearce.files.wordpress.com/2012/11/richter_and_the_computer-copy_resized.jpg

Actually, all country trust roots (not _signatures_) end up in an international database, and terminals SHOULD check that passports are signed by one of those. The "hack" does not work for this reason (and relevant countries' terminals do check, even if the standard-testing software does not).

FYI, country certs are also published on human-readable pages, such as these:

http://www.bsi.bund.de/english/topics/csca/index.htm
http://www.bmi.gv.at/csca/startseite.asp

So hypothetically, you could collect these (they won't be changed more than once every few years) and perform your own verification.