So no, you probably could replace your giant trust bundle with fewer than... 20 or so root CA certs and not notice a difference, I'd guess.
But whether that's a good thing, whether it's wise for the entire internet to place all -- well, >99% -- of its certificates/eggs into fewer than 10 CAs/baskets seems more than questionable.
And that's it for today - thanks for playing "Whose Cert Is It Anyway?" โ๏ธ
This thread is available as a blog post here:
https://www.netmeister.org/blog/caa-diversity.html