1h is bonkers for certs in https, but it's not unreasonable for authorized user certs, if your issuance path is available enough.
replyIMHO, if you're pushing revocation lists at low latency, you could also push authorized keys updates at low latency.