Its to do with the approval chain.
Each certificate is signed by a master certificate and those are signed by another certificate.
This goes back up the line to one of the CA's which has browser approval.
Its a bit like the laying on of hands in ordination in the church.
Its a sort of apostolic succession.
Last time I looked it was about $50,000 to get a licence to use one of the root certifivates to sign your own.