diff --git a/CODEOWNERS b/CODEOWNERS
index baae6299d6..efe8d40f4e 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -76,6 +76,7 @@
 /builtin/logical/pki/                                @hashicorp/vault-crypto
 /builtin/logical/pkiext/                             @hashicorp/vault-crypto
 /website/content/docs/secrets/pki/                   @hashicorp/vault-crypto @hashicorp/vault-education-approvers
+/website/content/api-docs/secret/pki/                @hashicorp/vault-crypto @hashicorp/vault-education-approvers
 /website/content/api-docs/secret/pki.mdx             @hashicorp/vault-crypto @hashicorp/vault-education-approvers
 /builtin/credential/cert/                            @hashicorp/vault-crypto
 /website/content/docs/auth/cert.mdx                  @hashicorp/vault-crypto @hashicorp/vault-education-approvers
diff --git a/website/content/api-docs/secret/pki/issuance.mdx b/website/content/api-docs/secret/pki/issuance.mdx
index 35fa7ff720..9f55e9815f 100644
--- a/website/content/api-docs/secret/pki/issuance.mdx
+++ b/website/content/api-docs/secret/pki/issuance.mdx
@@ -681,6 +681,14 @@ for issuing and renewing leaf certificates.
 These are the CMP protocol API paths currently supported from Vault's authentication
 point of view.
 
+| Path                   | Default Path Policy | Issuer                | Role          |
+|:-----------------------|:--------------------|:----------------------|:--------------|
+| `/pki/cmp`             | `sign-verbatim`     | `default`             | Sign-Verbatim |
+| `/pki/cmp`             | `role:role_ref`     | Specified by the role | `:role_ref`   |
+| `/pki/roles/:role/cmp` | (any)               | Specified by the role | `:role`       |
+
+The Default Path Policy is specified in the [CMPv2 configuration](#set-cmpv2-configuration).
+When a role is not explicitly specified within the path, the behavior is specified by the `default_path_policy` field.
 
 ### Read CMPv2 Configuration <EnterpriseAlert inline="true" />