We are currently managing four root certificates. Checked the ChainVerifier class code in 'App Store Server Library'. I checked that the root certificate was excluded when I called the CertPathValidator.validate method. So the root certificate is not falsified? Is it okay if I don't even check my fingerprints?

Is the Apple root certificate in the App Store Server API response always 'Apple Root CA - G3'? When isn't it? What criteria should I set for the 'performRevocationChecking' parameter value of the verifyChain method of the ChainVerifier class in the App Store Server Library? I am implementing the 'App Store Server API' call myself. Do you include the root certificate in the certificate chain verification process? Can root certificates be forged?

Currently, 'Get Transaction History', 'Get Transaction Info', 'Get All Subscription Statuses' and 'Notifications V2' are being used in the App store Server API. When I decoded the JWS received in response and checked the root certificate, it was always 'AppleRootCA-G3'. Are there cases where the root certificate is not 'AppleRootCA-G3'?

Hello, I have a few questions about the App Store Server API. According to the document, if 'OriginalTransactionIdNotFoundError(errorCode: 4040005)' is received as a response after calling the production environment API if there is no environment information, it is written to call the sandbox environment, but 'Get Transaction Info' / 'Get Transaction History' API call and when 'TransactionIdNotFoundError(errorCode: 4040010)' is received, can I call it in the sandbox environment? Is the root certificate of the X.509 certificate chain on x5c claim in JWSDecodedHeader always AppleRootCA-G3? If I add and recall the query parameter '?sort=DESCENDING' in the Get Transaction History API, will the first transaction information always have the largest expiration date?