Yeah, I think this is quite greedy to exclude and limit by 900. Let's work with the endpoint we have, not the one we wish we had :)
My solution was to select a low limit (10), and run the query repetitively every couple of hours, practically crawling new certs as they get issued. Not the same use-case as yours, but still.