Hi,
Technically, yes....
The certificate policy does include client authentication..
However, depending on your limit of authentication level (e.g. verify CA, verify intermediate CA, verify hostname (cn) ), you might not want to use a trusted CA / intermediate CA with the authentication....
Because if you misconfigured the system, all persons / servers with an Let's Encrypt certificate (or much worse, A DST issued certificate) could pass the validation.
It's much more better to generate a private CA (and intermediate CA as well as client certificate) to use with authentication.
For now, the best (and complete) guide to this is
Thank you