The "InCommon RSA Server CA [PEM]" (Expires October 5, 2024) from Internet2(link is external).
The SHA-2 Root: USERTrust RSA Certification Authority" (Expires Jan 2038) from Sectigo(link is external).
For unusual cases, Sectigo has offered a cross signing option with its AAA root, which does not expire until 2028.