the certs are just fine exact what you mention so this is something to do with the translation Nat in Ipsec it wont allow to communicate with the router.
same Cert are working okey in PPP SSTP ,
what could be wrong i wonder since everything else works Mac Android and Ios ,Linux as Well ok
Note : I will try this solution from old post here
http://forum.mikrotik.com/t/ikev2-setup-on-6-40-4/113465/1
will make new Ca certificate and change issue from and to field so will tell you what is outcome,
mine wish in future is Mikrotik to make sd card radius open source package and easy way to implement it with some Wizzard using localy created or lets encrypt jointventure so users can automate this setup on windows machine ,
for me win10 is pain in the ass how and why routes cannot be added and pushed automaticly i wonder if will work when Radius is properly installed,
if we need radius we need then no workaround with certificates