ID'ing the rootCA certificate

Working within the  TLS decryption we need to  identify the subCA  vrs rootCA. here's  digcert and the output from  subCA ( aka intermediate ) vrs the rootCA.

The tell-tale sign  for a rootCA certficate is that it is "Self Signed". What this means the issuer and subject line will always match.

So based on the screenshot the bottom certificate is a rootCA

NSE ( network security expert) and Route/Switching Engineer

kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^

=(  @  @ )=

         o

        /  \