Just to be clear, this is presumably (judging by the filename) the private key associated with the SSL cert for https://www.certigna.fr/, rather than the CA private key (which would hopefully be in a HSM), correct?

Not that this make this look any better better, but I think some may be confused that this is a compromise of the CA itself, rather than evidence of poor key management/security practices.