To find all certificates in keychain file /Library/Keychains/System.keychain with a given name and export in PEM format to a file, execute the commands below, replacing CA_CERT_NAME as needed.

CA_CERT_NAME='CA_CERT_NAME'

CA_CERT="$(echo ${CA_CERT_NAME} | sed 's/ /_/g').pem"

security \
    find-certificate \
    -a \
    -c "${CA_CERT_NAME}" \
    -p \
    /Library/Keychains/System.keychain \
    >"${CA_CERT}"