mTLS auth by path

Hello, we have a financial system and we are willing to migrate all our domains to Cloudflare. We have some paths in our system that must be blocked / validated with mTLS. In our current infrastructure we protect the path individually so the client certificate “A” can access the path “/panel” and the client certificate “B” can only access the path “/protected” (e.g.).
We have tested the Cloudflare’s mTLS solution, but we couldn’t find a way to have specific certificate for each path or even identify on server side which certificate is being used.
Is there a way or an add-on to implement such solution (specific certificates for each app path or even send the certificate via header)?
Furthermore, is it possible to use our own CA managed and signed by our server (even if it would implicate in acquiring a higher plan)?

Regards,
Guilherme Mantovani