diff --git a/sa/db/00-create-databases.sql b/sa/db/00-create-databases.sql
index 69127068a2e..b77bd7f5c1f 100644
--- a/sa/db/00-create-databases.sql
+++ b/sa/db/00-create-databases.sql
@@ -2,3 +2,6 @@ CREATE DATABASE boulder_sa;
 CREATE DATABASE incidents_sa;
 CREATE DATABASE boulder_sa_next;
 CREATE DATABASE incidents_sa_next;
+
+-- ISRG(44947) dev-reserved(4) MTCA1(1) logs(0) 44
+CREATE DATABASE mtcmeta_44947_4_1_0_44;
diff --git a/sa/db/01-boulder_sa_next.sql b/sa/db/01-boulder_sa_next.sql
index bd39c37a948..a33ae2fed2b 100644
--- a/sa/db/01-boulder_sa_next.sql
+++ b/sa/db/01-boulder_sa_next.sql
@@ -1,7 +1,7 @@
 -- For easy diffability, the main part of this schema
 -- should be identical with 01-boulder_sa.sql. Any differences
 -- for the "next" schema should be expressed as ALTER TABLE
--- commands at the end of the file.
+-- or CREATE TABLE commands at the end of the file.
 USE boulder_sa_next;
 
 CREATE TABLE `authz2` (
@@ -247,3 +247,8 @@ CREATE TABLE `serials` (
 ALTER TABLE `certificateStatus` DROP COLUMN `subscriberApproved`;
 ALTER TABLE `certificateStatus` DROP COLUMN `LockCol`;
 ALTER TABLE `revokedCertificates` ADD KEY `serial` (`serial`);
+
+ALTER TABLE `orders`
+  ADD COLUMN `isMTC` bool NOT NULL DEFAULT FALSE,
+  ADD COLUMN `mtcaID` varchar(255) DEFAULT NULL,
+  ADD COLUMN `mtcSerialNumber` bigint(20) unsigned DEFAULT NULL;
diff --git a/sa/db/01-mtca.sql b/sa/db/01-mtca.sql
new file mode 100644
index 00000000000..425d4961f09
--- /dev/null
+++ b/sa/db/01-mtca.sql
@@ -0,0 +1,46 @@
+USE mtcmeta_44947_4_1_0_44;
+
+CREATE TABLE `checkpoints` (
+    `id` bigint(20) NOT NULL AUTO_INCREMENT,
+    -- ASCII-format OID relative to 1.3.6.1.4.1
+    -- https://tlswg.org/tls-trust-anchor-ids/draft-ietf-tls-trust-anchor-ids.html#name-trust-anchor-identifiers
+    -- https://ietf-plants-wg.github.io/merkle-tree-certs/draft-ietf-plants-merkle-tree-certs.html#ca-ids
+    -- This is redundant with the database/keyspace name and will be used for extra checks to ensure
+    -- configuration errors can't result in using the wrong database/keyspace.
+    `mtcLogID` varchar(255) NOT NULL,
+    `mtcaSignature` mediumblob NOT NULL,
+    -- For simplicity we start out with a hardcoded assumption of one mirror signature,
+    -- the planned CQRP requirement. If requirements increase we can add more fields.
+    -- `mirrorID` is an ASCII-format OID relative to 1.3.6.1.4.1.
+    -- Note: these two fields start empty and are filled later.
+    `mirrorID` varchar(255),
+    `mirrorSignature` mediumblob,
+
+    -- Signed-over data: https://ietf-plants-wg.github.io/merkle-tree-certs/draft-ietf-plants-merkle-tree-certs.html#section-5.3.1
+    -- Note that `log_origin` and `cosigner_name` in the link above are derived from `mtcLogID` and `mirrorID` respectively.
+    -- Also, for checkpoint signatures start == 0 and end == tree size.
+    -- `treeSize` will be strictly increasing over time, enforced by the application.
+    -- Appending to this table will involve a check (in a transaction) that the treeSize and root hash of the
+    -- highest-sized checkpoint match what the CA expects.
+    `treeSize` bigint(20) unsigned NOT NULL,
+    `rootHash` binary(32) NOT NULL,
+
+    `created` datetime DEFAULT current_timestamp(),
+    PRIMARY KEY (`id`),
+    KEY `mtcLogID_treeSize` (`mtcLogID`, `treeSize`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
+
+CREATE TABLE `landmarks` (
+    `id` bigint(20) NOT NULL AUTO_INCREMENT,
+    -- ASCII-format OID relative to 1.3.6.1.4.1
+    `mtcLogID` varchar(255) NOT NULL,
+    -- Each newly added landmark must have a strictly larger landmarkNumber
+    -- than the previous one. We'll enforce this at the application level,
+    -- not the database level.
+    `landmarkNumber` bigint(20) unsigned NOT NULL,
+    `treeSize` bigint(20) unsigned NOT NULL,
+    `created` datetime DEFAULT current_timestamp(),
+    PRIMARY KEY (`id`),
+    KEY `mtcLogID_landmarkNumber` (`mtcLogID`, `landmarkNumber`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_general_ci;
+
diff --git a/sa/vtschema/mtcmeta_44947_4_1_0_44/vschema.json b/sa/vtschema/mtcmeta_44947_4_1_0_44/vschema.json
new file mode 100644
index 00000000000..a7e1d84d71a
--- /dev/null
+++ b/sa/vtschema/mtcmeta_44947_4_1_0_44/vschema.json
@@ -0,0 +1,12 @@
+{
+  "sharded":true,
+  "vindexes": {
+    "xxhash": {
+      "type": "xxhash"
+    }
+  },
+  "tables": {
+    "checkpoints": { "column_vindexes": [ { "column": "id", "name": "xxhash" } ] },
+    "landmarks": { "column_vindexes": [ { "column": "id", "name": "xxhash" } ] }
+  }
+}