One of the enhancements to JDK 10 includes, for the first time, a set of root CA (Certificate Authority) certificates incorporated into the OpenJDK source.  As specified by Java Enhancement Proposal (JEP 319), providing root CA certificates makes "OpenJDK builds more attractive to developers" and "reduces [sic] the differences between those builds and Oracle JDK builds".

Root certificates are stored, by default, in a keystore file called cacerts.  Prior to JDK 10, the source code contained an empty cacerts file, disabling the ability to establish trust and effectively rendering many important security protocols unuseable.  To work around this shortcoming, developers had to roll their own cacerts keystore by manually populating it with a set of root certificates. 

Let's examine OpenJDK 10 on a Windows desktop:

>jdk-10\bin\java --version
openjdk 10 2018-03-20
OpenJDK Runtime Environment 18.3 (build 10+46)
OpenJDK 64-Bit Server VM 18.3 (build 10+46, mixed mode)

The following command utilizes the JDK keytool utility to query the cacerts keystore and count the number of certificates:

>jdk-10\bin\keytool -cacerts -list | find "Certificate" /c
Enter keystore password:  changeit
80

By default the cacerts keystore password is changeit.  The 80 included certificates matches the number specified in JEP-319. The Certificate Authorities in question were required to sign an agreement granting Oracle the right to open-source their certificates.

Expect to see more Oracle value-add finding its way into the OpenJDK source as time marches on.