Getting the biggest/smallest/longest/shortest is one of the most annoying things to do in Relevance. Something like this should get you started:
value "Subject" of item 0 of it whose ((value "Not After Date" of it as string as date & (value "Not After Time" of it as string as time_of_day & local time zone)) of item 0 of it = item 1 of it) of ((keys of keys "HKEY_LOCAL_MACHINE\Software\C3 Inventory\Certificate Store\LocalMachine\Root" of native registry), it) of (maximum of (value "Not After Date" of it as string as date & (value "Not After Time" of it as string as time_of_day & local time zone)) of keys of keys "HKEY_LOCAL_MACHINE\Software\C3 Inventory\Certificate Store\LocalMachine\Root" of native registry)
This will pull the root cert with the longest expiration date, you should be able to change this to cover other cases. Just swap LocalMachine\Root
with the type of cert you’re checking and if you want to do filtering on the certs to consider for the comparison then you’d add that towards the end like this:
keys whose (value "subject" of it as string starts with "CN=Bill") of keys "HKEY_LOCAL_MACHINE\Software\C3 Inventory\Certificate Store\LocalMachine\Root" of native registry