From my perspective it has to have something to do with the Schema Registry client because the kafka consumer is able to actually retrieve data from kafka, the step failing is the validation of the avro schema against the schema registry, but I am very sure it is picking the right certs for that schema registry

Your analysis is on point, kafka consumers are fine but the schema registry deserializer is not taking consideration of your truststore. Would have to look into the details of confluent’s deserializer.

Just to make sure I wasn't providing bad certs, I went into aiven, got the user/key certs from a user with full access to both topics and schema registry and performed the same operation, the results were the same