Does that  /api-manegement/1.0/application/{appUuid}/certificates store certificates in some table in otk_db?
Should it be safe to directly query that table, as we need to return all the certificates (not only thos attaced to an APP)? We mean if that (querying directly the table) could be broken in future upgrades?

5.1.2 

The tables "portal_apikey" in the OTK DB has a based 64 encoded JWKS.

We created an application and a Key with a certificate, which we deployed. The base64 encoded value as well as the decoded JWKS value (FYI, the db query is: select label,apikey,value_xml from portal_apikey where label like "<key name>";)