If the cacert.pem really is based on Mozilla’s certdata.txt and is not handrolled by Epic, then there have been quite a few updates to the source certdata.txt file since cacert.pem was generated.
Thanks for bringing this to our attention. The source of cacert.pem is curl - Extract CA Certs from Mozilla and there have been several revisions since the version we released. I will work on updating this file in a future Engine release.