Hi Ethan. It looks like this is a limitation of the current implementation.
Query: select identities(certificate) from certificate where id=2936539755;
Result: '002' '012' '022' '072' '102' '112' '122' '132' '142' '153' '200' '201' '205' '210' '211' '212' '217' '220' '221' '224' '231' '234' '241' '247' '254' '257' '265' '267' '270' '277' '344' '345' '346' '34
7' '351' '422' '432' '443' '452' '502' '543' '562' '643' '712' '742' '743' '752' '762' '772' 'ca' 'cn' 'email' 'nc' 'secure'
It looks like changing decode(<rawidentity>, 'escape') to convert_from(<rawidentity, 'UTF8') is what's required. Here's a quick test to prove the point...
Query: select identities_convert_from(certificate) from certificate where id=2936539755;
Result: 'ca' 'cn' 'email' 'nc' 'secure' '上海锐成信息科技有限公司' '司公限有技科息信成锐海上'
Although changing this function is trivial, it would also be necessary to rebuild the Full Text Search index afterwards, which would probably take several days and could cause service disruption. I'll make a note to do this at some point in the future, although I can't promise when this might happen.