Also see SSH certificate authority and Cluenet's CAs.
The internal CA doesn't see much use anymore with the advent of Let's Encrypt. (Previously it was the main CA used to issue certificates for my own servers, as well as certain Cluenet services.)
It is still used for client authentication (VPN & PKINIT).
X.509 certificate: Nullroute_CA_r4.crt or Nullroute_CA_r4.pem
(PGP signatures: Nullroute_CA_r4.crt.asc or Nullroute_CA_r4.pem.asc)
/C=LT/O=Nullroute/CN=Nullroute CA r4