Reasons for disabling a root certificate may include, but are not limited to:
* Expired or Expiring CA
* Small modulus key length [http://csrc.nist.gov/groups/ST/key_mgmt/documents/Transitioning_CryptoAlgos_070209.pdf NIST recommend that 1024 bit roots be phased out by the end of 2010]
* Outdated signing key algorithm
* Transition/Rollover to new root completed