Cryptography

How is public key certification formed?

There is a standard asymmetric encryption algorithm (let it be RSA).
A question regarding the certification of public keys by a certification authority for organizing end-to-end encryption.

Question - how does certification occur and the signature is verified?
Wiki excerpt:

A public key certificate is issued by a certification authority and consists of such fields as:

- the public key of the certificate owner itself,
the validity period,
- the name of the issuer (certificate authority),
- the name of the certificate owner
- and, the most important part, the digital signature.
The digital signature ensures that the certificate cannot be tampered with. It is the result of a cryptographic hash function of the certificate data, encrypted with the CA's private key.

As I understood the principle of operation:
User A generates public and private keys. The public key is sent to the CA. It generates a DTO like this:

{
    "public_key": "здесь открытый, для которого и создаётся сертификат",
    "sertification_center_name": "название центра сертификации",
    "sertificate_owner_name": "имя владельца сертификата",
    "sign": "MD5 хэш всех этих данных после того, как они были зашифрованы закрытым ключом центра сертификации"

We send this certificate to the interlocutor. It decrypts the certificate signature, then calculates the hash function of all its fields (except for the signature itself) and compares the hashes. If they match - everything is OK, you can encrypt with the public key.

All right? If so, then the question arises: what is the additional security? What prevents replacing not the usual sent public key, but the certificate itself with a certificate of another key?