This is how the EU (and some associated countries) have it set up. One obviously would like to centralize the signing just so for some basic auditing and to limit the number of public keys that get installed. But that just means a central signing service, it does not need to have persistent storage in said central location. In practice having the generated certs in a central DB is very useful for the users though, since it makes it trivial to install the certs on a new phone etc.
