Also see SSH certificate authority.
The internal CA doesn't see much use anymore with the advent of Let's Encrypt. (Previously it was the main CA used to issue certificates for my own servers.)
It is still used for client authentication (VPN & PKINIT).
X.509 certificate: Nullroute_CA_r4.crt or Nullroute_CA_r4.pem
(PGP signatures: Nullroute_CA_r4.crt.asc or Nullroute_CA_r4.pem.asc)
CN=Nullroute CA r4, O=Nullroute, C=LT