First of all, BGP routing doesn't work that well at all. There's thousands of BGP hijacks per year [1]; the ones you read about in the news are just the most noteworthy. There are tons of smaller and larger outages because of fat fingering and misconfigurations RPKI can help protect against.
Secondly, the RIRs also have the ability to revoke IP address allocations and AS numbers, as well as whois database objects and IRR route objects. An RPKI resource certificate is just a different representation of an RIR resource registration, it's not going to make the difference you claim.
Then, it would also be fairly stupid of a government to abuse a system that is designed to protect the internet from hijacking of critical infrastructure for censorship purposes. The RIRs have done extensive outreach to make this clear to their respective governments. Still, as soon as a government would try a stunt like this, the networking community would simply walk away from this technology in an instant.
Most importantly though, a revoked or expired certificate would result in a BGP announcement with the status 'unknown', as if the operator doesn't participate in the system and the route were never signed in the first place. The route would never become invalid, and thus unreachable.
The five Regional Internet Registries (ARIN, APNIC, LACNIC, AFRINIC and RIPE NCC), who are responsible for registering IP addresses and AS Numbers in their respective regions. They have the authoritative information on who is the legitimate holder of a resource, so it fits the model.
Secondly, the RIRs also have the ability to revoke IP address allocations and AS numbers, as well as whois database objects and IRR route objects. An RPKI resource certificate is just a different representation of an RIR resource registration, it's not going to make the difference you claim.
Then, it would also be fairly stupid of a government to abuse a system that is designed to protect the internet from hijacking of critical infrastructure for censorship purposes. The RIRs have done extensive outreach to make this clear to their respective governments. Still, as soon as a government would try a stunt like this, the networking community would simply walk away from this technology in an instant.
Most importantly though, a revoked or expired certificate would result in a BGP announcement with the status 'unknown', as if the operator doesn't participate in the system and the route were never signed in the first place. The route would never become invalid, and thus unreachable.
[1] https://www.internetsociety.org/blog/2018/01/14000-incidents...