MD5

Comodo provides a nice tool crt.sh (and source for it if you'd rather run your own, click their github logo) which monitors the Certificate Transparency logs and shoves everything into a queryable database.

Everything crt.sh is showing is in some sense "in" the logs, but it is not the purpose of log servers themselves to offer arbitrary data mining, whereas a monitor can do whatever it likes.

CACert aren't obliged to log stuff, indeed nobody is actually _obliged_ to log their certificates except:

1. For any certs a CA wants given the EV (Extended Validation) treatment in which the certificate's country code and the organisation name are shown on a nice green bar, Chrome requires the cert to be in the logs on top of the other criteria. No logs? No green bar - pages still load, but given the green bar is the _whole point_ of spending hundreds of dollars and likely hours of employee time on an EV cert...

2. Symantec. Symantec inherited very old CA roots like Verisign and Thawte. Last year they managed to issue a laughably bogus cert. Google caught them and asked them to investigate. Symantec's "investigation" basically involved scapegoating an employee and claiming all was now well. So Google produced evidence of further problems and asked them to investigate _again_. But also, Google unilaterally demanded Symantec log absolutely every certificate or Chrome might start telling users Symantec's certs are bogus and that would ruin Symantec a long time before it'd hurt Google.

Everybody else is doing it voluntarily, at least in the same sense people voluntarily show their passports at immigration. In principle they do have a choice, but it seems pretty obvious what happens if they choose wrong.