I think the general approach that's preferred is that you only really need to monitor changes to the roots, since if anybody presents you with an unfamiliar intermediate, you can pretty easily tell if it was actually signed by a root. That's why every web server is (or at least should be) configured to serve both the domain leaf certificate as well as whatever intermediate issued it, since browsers then don't need to worry about the intermediates directly.
That said, you might be able to get what you're looking for by monitoring Certificate Transparency logs. For instance, the log aggregator at crt.sh lists all the intermediates issued by ISRG Root X1 and ISRG Root X2. While I don't think you should be scraping crt.sh directly (though maybe they have an API?), you may be able to monitor the underlying Certificate Transparency logs directly? That's just my first thought. It's probably easier to just have your system not depend directly on the intermediates, though. 