(And Go itself is available from https://golang.org, of course, if you don't have that installed.)
There are many opinions about what constitutes a good collection of trust anchors for various applications. Some people feel the collections provided with most OS and browser distributions are too generous, and saccrifice security for interoperability. If you're going to assemble a set of trust anchors that includes public CAs, it may be a good idea to familiarize yourself with the issues. Ivan Ristic's /Bulletproof SSL and TLS/ (available at https://feistyduck.com) has a good survey.
Distinguished Engineer, Micro Focus