This edge indicates that the principal has control over a victim principal with permission to enroll on one or more certificate templates, configured to enable certificate authentication and require the userPrincipalName (UPN) of the enrollee included in the Subject Alternative Name (SAN).