If the only interesting store is TRUSTED_ROOTS, wouldn't it be easier to just display that, rather than all the stores in your second step?
There's also a typo in the "grep" line, where you have two "-ie" arguments together, and then two parameters together, rather than alternating.
So to just show the TRUSTED_ROOTS store, and with the grep fixes, I used:
STORE="TRUSTED_ROOTS" ; echo "[*] Store :" $STORE; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $STORE --text | grep -ie "Alias" -ie "Subject" -ie "Issuer"
(the "echo" is obviously not that useful any more)
Also, is it possible to get the system to prompt for the password in the "unpublish" command, rather than having to include it in clear text on the command line?