Hi,
None of this information is easily obtainable through the registry because they are stored in blobs in the registry.
My C3 Inventory content has a fixlet and analysis which probes the certificate store and places the data in the registry in a way that is easy to consume using BigFix. You can find that content either via BigFix.Me or Github with links here: C3 - Free BigFix Community Content Libraries
The direct links to the probe and analysis on github:
Probe: https://github.com/strawgate/C3-Inventory/blob/master/Fixlets/Invoke%20-%20Certificate%20Store%20Probe%20-%20Windows.bes
Analysis: https://github.com/strawgate/C3-Inventory/blob/master/Analyses/Certificates%20-%20Windows.bes