The following root certificates (subject DNs below) are expiring on Jul 09 2019:
1. CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
2. CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
3. CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
The replacement root (for all 3) is "USERTrust RSA Certification Authority" (https://crt.sh/?id=1199354), which is already in the Java root store.
The first two roots can be safely removed after they expire. However, the 3rd root should be retained since there were many code signing certificates issued that chain back to this root and removing this root could break signed code that was also timestamped and is still in use. In this case, the root CA is still needed in order to properly verify the certificate chain.