While you can grab the certificate on computer via the API serial numbers for each certificate aren't included. This serial number is unique per certificate and can help identify the certificate on the system to the entry in your PKI. This means you can't create a specific, identifiable list of certificates that are in production vs. those are aren't valid.
Exposing this via the API would allow us to gather this list of used certificates from Jamf Pro then revoke all certs that aren't used. This is needed as the Jamf Pro server doesn't revoke certificates automatically from Symantec PKI so we need to do this as a recurring manual quarterly task.