What is an upload certificate?
When you publish on Google Play with Play App Signing, Google holds your app signing key and you sign releases with a separate upload key. That upload key lives in a Java keystore file (.jks or .keystore).
The upload certificate is the public half of that key, exported as a PEM file (upload_certificate.pem). Google Play uses it to verify that APKs and AABs you upload were signed with your upload key — without you ever sending the private key to Google.