Here's a small snippet anyone can run to see how misissued these certificates are compared to the rest of the web PKI.
$ go get github.com/zmap/zlint/v3/cmd/zlint
$ cd russian-trusted-root-ca/certificates
$ for i in *.pem; do echo "==========${i}=========="; zlint --pretty ${i} | egrep -C1 "result\": \"(error|info)\""; echo; done
Here's a small snippet anyone can run to see how misissued these certificates are compared to the rest of the web PKI.