...
Publish a single master file of all authority statements. If the governing authority digitally signs it and makes it available to everyone who needs it, any interested party can verify it is authentic.
Issue verifiable credentials to each governed party, where each VC asserts the authority statements governing that party. Each VC is signed by the governing authority as the issuer.
Operate a trust registry (aka trust list) from a verifiable endpoint where authority statements can be queried by any party who needs to verify them. This role of a trust registry and the typical interactions it is involved in are illustrated in figure 2:
...
Figure 2: The role of a trust registry in a digital trust ecosystem.
...