Trying to do this could get real complicated real fast.
The first issue is that there are multiple root CAs. I think it's been over a year now since they started using the newest CA, so within another year or so there shouldn't be anyone left with certificates based on the previous root CA.
The other problem is that end-user certs aren't signed directly by the root CA like OpenVPN expects. There may be a way to get OpenVPN to trust them if the intermediate CA cert was included. However, OpenVPN doesn't natively support specifying a cert chain. It may still be possible by concatenating the end-user cert with the intermediate cert into the same file, but that will require testing to be sure. That and trying to come up with easy to follow instructions for your clients to accomplish this could be a challenge too.
I agree that it's a worthwhile project, but I just wanted to point out the challenges real quick. Hopefully, I'll have more time to help figure it out someday. ;)