Issue a TSS LIST for the certificate and look for the SIGNED BY. That is the signer.
TSS LIST that certificate to see if it has a SIGNED BY. If it does, then you have root chain.
TSS LIST that certificate and see if it has a SIGNED BY.
Keep doing this until you no longer have a SIGNED BY which means the end for the root chain.