That is incorrect. Here is my correction:
(4) However, Certificate Authorities (CAs) may publish one or more certificates of an abstract certification identity signed by whatever certification identity. A certification identity is an issuer party and keypair. (I don't know how trust stores work, but the public key could be all that matters for trust by an implemention for all I know.) One certificate of the variants may be designated as the 'primary' certificate as a matter of perspective and policy.