TLS is not decentralised, it's hierarchical. There are a fairly small number of root CAs, and an even smaller number of browser makers who define their trusted lists.
And you can install your trust root if you want, for example I can't find any Russian ones in that list, so probably the Russian government uses internal ones. (Their tax authority interestingly uses Sectigo a CA from the UK.)
