Currently, you are correct on the roles you can create. It is also important to note that you can apply multiple roles to a single user or user group. We do not currently have a role specific to managing certificates, but we do have roles that cover virtual server enable/disable, as well as pool member enable/disable.
Can you describe the roles you are looking for in detail, including what you expect that user to be able to do/see?
We are in the process of scoping additional changes to the RBAC in BIG-IQ and the more customer details/stories we can include the better.