The PKCS#11 module supports reading the device and device issuer certificate and also allows reading the CSR with attestation:
asc@caprese:~/share/projects/sc-hsm-embedded$ pkcs11-tool --module src/pkcs11/.libs/libsc-hsm-pkcs11.so -O
Using slot 0 with a present token (0x5)
Certificate Object; type = unknown cert type
label: C.DevAut
Certificate Object; type = unknown cert type
label: C.DICA
pkcs11-tool from OpenSC reports “unknown cert type”, because it does not support CVCs.
For Java you can use the OCF module or the SmartCard-HSM JCE-Provider.