@samspin, I don’t believe that fullchain.pem references the ISRG root. I originally wrote the code that originally creates it and the definition of fullchain.pem was cert.pem and chain.pem in a single file. The fullchain.pem file is intended for using in Nginx and Apache 2.4 (and other web servers that expect the end-entity certificate and certificate chain to be provided in a single file), while chain.pem and cert.pem are intended for Apache 2.2 (and other web servers that expect the end-entity certificate and certificate chain to be provided in separate files).
Currently both files should be based on the same chain provided by the Let’s Encrypt CA, which would use the IdenTrust signature rather than the Let’s Encrypt root signature (if that’s changed at some point, please let me know!).