Based on your image, you are granting the permission by RBAC on azure. However from APIM you need to have the permission to list , so you can start checking the Access settings:
If It's setup on "vault access policy" you need to add the get and list permission on access policy option (Here rbac role it doesn't matter). On the other hand if you already have enable "Azure role-based access control" you can go to Access Control (AIM ) and click on check access for your service principal :
Finally if you don't have the proper access to KV you need to require to the Key vault administrator grant the permission because as per your image you don't have the permission to do it. The rbac role Key Vault Certificates user is enough to get and list the certificates.: https://learn.microsoft.com/en-us/azure/key-vault/general/rbac-guide?tabs=azure-cli
Let me know if this help you or if you have any additional doubt.
Regards, Luis
If the information helped address your question, please Accept the answer.