Feedback regarding FIA_X509_EXT.1 testing

FIA_X509_EXT.1 Test 1 requires cert validation to fail because the certification path terminates with an "untrusted public key." Is this simply intended to mean that the root CA cert is not in the TOE's trust store? Or does this require some sort of man-in-the-middle attack with a disguised CA+leaf certificate?