Public Key Infrastructure (PKI) is the combination of authorities, certificate formats, and policies that lets you trust that a given public key really belongs to a named entity. Without it, a public key is just a number; PKI is what attaches a verifiable identity to it. The dominant standard for Internet PKI is the X.509 certificate profile defined in RFC 5280.
The central data object is the digital certificate. A certificate binds a public key to a subject identity (such as a domain name) and includes fields like the issuer, the validity period, and the public key itself. RFC 5280 profiles the structure of X.509 v3 certificates and v2 certificate revocation lists (CRLs) used across the Internet.
Trust flows from a hierarchy. A certificate is signed by a certificate authority, whose own certificate may in turn be signed by a higher authority, forming a chain back to a trusted root. RFC 5280 specifies a certification path validation algorithm for verifying these chains, and defines mechanisms such as CRLs for indicating when a certificate has been revoked before its expiry.
PKI is what makes HTTPS trustworthy. When a browser connects to a secure site, it relies on this infrastructure to confirm that the public key it received genuinely belongs to that site rather than to an impostor, which is what allows the encrypted session that follows to be meaningful.