There should be a basic validity check of bootstrap certs before sequencing them [here](https://github.com/cloudflare/azul/blob/1e563ca7070ad89b7f4b0929fd01d036bb2f2e28/crates/mtc_api/src/lib.rs#L503). Can be similar to the code in [static CT](https://github.com/cloudflare/azul/blob/1e563ca7070ad89b7f4b0929fd01d036bb2f2e28/crates/ct_worker/src/frontend_worker.rs#L207).
