Answering your questions:
1) how to download the root CA for AWS IoT ?
To download the root CA certificate, go to this link.This will take you to the certificate webpage. Copy all the contents and paste it into a file. Save the file as "AmazonRootCA1.pem". But just so you know, you need not download it because the AmazonFreeRTOS SDK takes care of this internally. If you look into the file "iot_default_root_certificates.h" in the location "amazon-freertos\libraries\c_sdk\standard\common\include\private", you will notice that the device certificate is validated with all the supported Root CAs.
2) where do we use this root CA for AWS IoT ? what's is its use case?
When you registered your IoT Device, you would have come across this page.
Your device will be assigned a public key, a private key and a certificate. The certificate is used to autenticate the AWS IoT Endpoint of the device.
For added security, we use the Root Certificate Authority (CA). They basically validates the identity of the certificate holder so that you know for sure that you are communicating with the correct source and not some impersonation of the original source.
Your application works because RooT CA is available internally and is being taken care off for you by the SDK. So, you don't need to do anything.
thank you now i understand