We add the issuing root CA certificate (and - recommended - intermediate CA certificates) so that the ASA itself and any clients can verify a complete chain of trust for the ASA's certificate. Some auditors and third party checkers (like Qualys) will tell you your ASA is less secure if you don't present the entire chain to a connecting client.

Client-ASA
SSL use cert to make client auth the ASA and ASA auth the client.
so ASA have it is identity cert.
Now if client send cert to ASA how the ASA know that this cert is valid or not?
hmm
it need CA cert, but why?
simply the CA cert contain public CA key, when ASA receive the client cert there is digital signature in end of cert which is type of hash process, and this hash process use private key of CA.
note:- any hash use private key we can use public key to valid it, reverse process.
NOW the ASA has CA public and it receive the client cert, 
it use public key of CA to check digital signature "hash" it valid or not.
that why we need CA cert.

I think I misunderstood the original question.

When the CLIENT is authenticating using a certificate, the ASA needs to know that it can trust that certificate. The way it does so is by examining the certificate presented by the client to ascertain the issuing root CA. Only if it trusts the issuing root CA does it accept the client's certificate as trusted for authentication purposes. An ASA by default doesn't trust any third party root CAs, thus we need to add them onto the ASA.

Clients themselves don't usually have this problem when connecting to the ASA (assuming you've used a well-known public CA for your ASA identity certificate) since they rely on the operating system Trusted Root CA store which is updated by the OS vendor (Microsoft, Apple etc.) to include the most public CAs.