What about CA certificates?

PKI Services can be used to create other subordinate certificate authority certificates. Since revocation activity against these CA certificates is normally low, PKI Services, by default, does not partition authority revocation lists (ARLs). You can choose to create a distribution point ARL in a single partition for checking the revocation status of CA certificates. (See Creating a distribution point ARL.) When you choose to create a DP ARL, your CA certificates contain a CRLDistributionPoints extension.

When you do not choose to create a DP ARL (ARLDist=F), applications wanting to check the revocation status of a CA certificate must check the global ARL. In addition, when ARLDist=F, CA certificates do not contain a CRLDistributionPoints extension, although they are treated as if they had the extension when determining the partitioning of the global CRL. For instance, with ARLDist=F and CRLDistSize=10, if you issue 10 CA certificates plus one non-CA certificate, the non-CA certificate information would be published to the second distribution point CRL. (The first DP CRL would remain empty.)

Parent topic: How distribution point CRLs/ARLs work