I think you could just put a signed PaymentRequest into an NFC tag and try reading it from that. It's the same underlying radio tech so the transfer speeds should be similar, I'd think.

Common X.509 certs are bigger than they need to be for sure, but a lot of the bulk comes from the use of RSA rather than ECC. An RSA signature alone can be 256 bytes! There's nothing that states you have to use RSA for certificates and ECC certs are out there (Google uses one), but I think they are harder to get hold of. I guess over time SSL will migrate to mostly ECC (secp256r1) based certs.