CFSSL config vs. OpenSSL config

It seems that the message digest algorithm is being selected dynamically and depends on the length of the CA private key.

func DefaultSigAlgo(priv crypto.Signer) x509.SignatureAlgorithm {
    pub := priv.Public()
    switch pub := pub.(type) {
    case *rsa.PublicKey:
        keySize := pub.N.BitLen()
        switch {
        case keySize >= 4096:
            return x509.SHA512WithRSA
        case keySize >= 3072:
            return x509.SHA384WithRSA
        case keySize >= 2048:
            return x509.SHA256WithRSA
        default:
            return x509.SHA1WithRSA
        } ...

Based on what I found in the CFSSL source on Github.

Regarding the counties, I was not able to find any restrictions in the code that limits or configures it, could assume that that all countries are allowed.