As mentioned in the main README, communication between the eUICC and the SM-DP+ or SM-DS uses HTTPS, as mandated by the relevant standards. The GSMA root certificates were created specifically for TLS certificate verification of such communication. These certificates are placed in the certs/ directory along with the root certificates of specific SM-DP+s that use their own chain of trust (having done so prior to GSMA creating the standard root CI). Hermes exclusively uses these root certificates for HTTPS communication between remote SIM provisioning entities.
The certificates currently used by Hermes are: