diff --git a/authority/options.go b/authority/options.go
index 2eb62e16..2d655a2b 100644
--- a/authority/options.go
+++ b/authority/options.go
@@ -113,22 +113,42 @@ func WithSSHHostSigner(s crypto.Signer) Option {
 	}
 }
 
+// WithX509RootCerts is an option that allows to define the list of root
+// certificates to use. This option will replace any root certificate defined
+// before.
+func WithX509RootCerts(rootCerts ...*x509.Certificate) Option {
+	return func(a *Authority) error {
+		a.rootX509Certs = rootCerts
+		return nil
+	}
+}
+
+// WithX509FederatedCerts is an option that allows to define the list of
+// federated certificates. This option will replace any federated certificate
+// defined before.
+func WithX509FederatedCerts(certs ...*x509.Certificate) Option {
+	return func(a *Authority) error {
+		a.federatedX509Certs = certs
+		return nil
+	}
+}
+
 // WithX509RootBundle is an option that allows to define the list of root
-// certificates.
+// certificates. This option will replace any root certificate defined before.
 func WithX509RootBundle(pemCerts []byte) Option {
 	return func(a *Authority) error {
 		certs, err := readCertificateBundle(pemCerts)
 		if err != nil {
 			return err
 		}
-		x509.NewCertPool()
 		a.rootX509Certs = certs
 		return nil
 	}
 }
 
 // WithX509FederatedBundle is an option that allows to define the list of
-// federated certificates.
+// federated certificates. This option will replace any federated certificate
+// defined before.
 func WithX509FederatedBundle(pemCerts []byte) Option {
 	return func(a *Authority) error {
 		certs, err := readCertificateBundle(pemCerts)