Explain the openssl commands needed to get kubernetes CA certificate hash

So, I’m studying to try my first hit at CKA certification. At one of the videos I’m watching, the instructor said to execute those commands to find the CA certificate hash for k8s:

# On the Control Plane Node, you can find the CA cert hash.
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | \
openssl rsa -pubin -outform der 2>/dev/null | \
openssl dgst -sha256 -hex | \
sed 's/^.* //'

Ok, this works just fine, but he didn’t explained what this command really does. Could someone explain each step? I’m not used to work with openssl command, and just reading the man for the command, things wasn’t exactly clear for me.

Best regards, Vitor Jr.