Take a look at fingerbank it may help you finding the DHCP signatures.
You can also use the debugging logs on the controller:
enable debugging:
conf t
logging level debugging network subcat dhcp
show the logs:
show log network 30 (for the last 30 line)
you may also use the include parameter to search for something
this will show you the dhcp process that includes the fingerprint what you can use for role derivation.