A Registration Authority (RA) subsystem is the component that accepts enrollment requests and authenticates them in a local context (e.g. a department of an organization or an organization within an association). Upon successful authentication, the RA then forwards the enrollment request to the designated Certificate Authority (CA) to generate the certificate.
Depending on the type of enrollment, an RA can be set up with the appropriate authentication plugin to authenticate the request in an automated fashion. Alternatively, the RA has a local request queue where requests can be stored and reviewed by local RA agents for manual authentication.
The RA subsystem is implemented in a set of perl scripts and it runs on top of Apache.