These CA certificates were obtained from Microsoft's PKI repository here.
The idea behind bundling them here is so that we can more easily verify chain of trust.
The certificates are converted from DER to PEM format for convenience.
Once bug 1607922 is resolved we can stop checking these in. These certs expire in ~4 years.