According to the EFF SSL Observatory datasets, the following countries have control of certificate authorities that are trusted by modern browsers. These are the two-letter ISO country codes included in the CA certificate. The fact that the certificate lists this country code is not a guarantee that the private key is actually in that country, or that the CA could be compelled to sign things by that country's government or laws, but it is highly indicative of that situation. ['AE', 'AT', 'AU', 'BE', 'BG', 'BM', 'BR', 'CA', 'CH', 'CL', 'CN', 'CO', 'CZ', 'DE', 'DK', 'EE', 'ES', 'EU', 'FI', 'FR', 'GB', 'HK', 'HU', 'IE', 'IL', 'IN', 'IS', 'IT', 'JP', 'KR', 'LT', 'LV', 'MK', 'MO', 'MX', 'MY', 'NL', 'NO', 'PL', 'PT', 'RO', 'RU', 'SE', 'SG', 'SI', 'SK', 'TN', 'TR', 'TW', 'UK', 'US', 'UY', 'WW', 'ZA']