The key pair at the top of this chain, or the Root Zone Signing Key, is what ICANN is changing for the first time.
“If you had this key, and were able to, for example, generate your own version of the root zone, you would be in the position to redirect a tremendous amount of traffic,” Larson said.
“We want to roll the key because it's good cryptographic hygiene,” he added. ICANN To Change Cryptographic Key Pairs For The First Time [motherboard.vice.com]