Hi there,
When you login to the RODC site using user account, RODC forward this to the writable domain controller in its own domain and then writable domain controller makes it referral to the RWDC in domain and in turn via RWDC in domain A, rodc allows user to authenticate. RODC doesn't store trust password, so it has to contact RWDC to obtain referral ticket. Also, rodc can't issue kerberos ticket.
You can get more understanding from here https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/understanding-8220-read-only-domain-controller-8221/ba-p/395031
--If the reply is helpful, please Upvote and Accept it as an answer--