To download these files via CLI type in command "curl -o <desired_name>.crt <link_to_cert>"

PKIv2 CAs are active for 2 years, but live for 6 total years (2 preinservice, 2 active, 2 deprecated). Additional information regarding PKIv2 may be found here.

Use this root CA to validate certificates signed by the PKIv2 service's active CA.

Use this root CA to validate certificates signed by the PKIv2 service's upcoming CA.

Use this root CA to validate certificates signed by the deprecated PKIv2 CA.

Use the root CAs in this bundle to validate certificates signed by the PKIv2 service. This bundle includes all unexpired PKIv2 CAs listed above.

Use this root CA to validate certificates signed by Let's Encrypt. Note that most web browsers already trust this root.