The Trust Anchor Cells specified in Section 18.104.22.168 are those required on each Device type and so are the only valid targetTrustAnchorCells.
The Device shall ensure that all targetTrustAnchorCells specified in the Command instance are valid for the type of Device it is, according to the requirements of Section 22.214.171.124. A Command containing any invalid targetTrustAnchorCells shall not be processed any further by the Device.
A Command containing a certain credentialsReplacementMode is only Authorised using certain types of Public-Private Key Pairs in certain ways. The Command identifies the Public Key corresponding to the Private Key used by the authorising Remote Party in the authorisingRemotePartyTACellIdentifier structure. Table 126.96.36.199 lists the only Authorised combinations. All other combinations represent Commands not properly Authorised and shall be rejected by a Device.