That’s exactly how it works in Sigstore too: if you update your trust root first (which is done by default in online mode), you’ll always have timely key material.
My interpretation of the PEP’s point is that neither PGP nor Sigstore (nor any signing mechanism) can discover revocations while offline, not that you can’t check revocations that have already been discovered while online.