Hello Rishabh,
You can use the "check-cert" command. It "examines the expiration date of each certificate stored on the BIG-IP system, including CA bundles. By default, the check-cert command checks for SSL certificates that have expired or will expire within 30 days."
Check this article:
https://support.f5.com/csp/article/K14318
So you can run the following command that gives you expired certificates PLUS certificate expiring in 30 days. If you want to limit it to certificate that will expire in 30 days you can use a simple grep. Like that :
tmsh run /sys crypto check-cert | grep "expire "
PLease give me a feedback
Regards