This directory contains the set of known active and legacy root certificates operated by WoSign CA Limited, including those of its wholly owned subisiary StartCom.
Trust in these root certificates is being phased out, as described at https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
The files in this directory are organized by the SHA-256 hash of the certificate file, while the policies are based on the SHA-256 hash of the subjectPublicKeyInfo contained within the certificate.
The following command can be used to extract the key hashes:
for f in *.pem; do openssl x509 -noout -pubkey -in "${f}" | openssl asn1parse -inform pem -out /tmp/pubkey.out -noout; digest=`cat /tmp/pubkey.out | openssl dgst -sha256 -c | sed s/:/,0x/g `; echo "0x${digest} ${f##*/}"; done | sort