ahh yes you'll need to apply some filtering either in your script or with JQ. JQ can be a really useful tool, but sometimes it's not very friendly. If as part of your script for creating the registration key you create a random string for the comment (or at least something unique that can identity the new reg key) you can do something like this...
create the key with the unique comment / token:
mgmt_cli -r true set user name tempuser certificates.add.1.registration-key.comment "tempuserNEWKEY22"
Then to get the registration key which matches the unique comment:
mgmt_cli -r true show user name tempuser show-certificates true --format json | jq '.certificates[] | select(.comments == "tempuserNEWKEY22") | ."registration-key"'
That will return the reg key that matches the comment you provide.