Is there any point in a root certificate that expires after 20 years? Any compromised root certificate will almost certainly be revoked before it naturally expires.
Why not just make them root certificates indefinite and revoke them as part of the system trust anchor update process, at the same time as downloading new root certs? That way, you know that a revocation is only going to happen when it also pulls down replacement certificates.
I'm guessing root cert expiration data growth is much lower than storage density improvements. And of course you don't need to revoke a certificate that was never on the device in the first place.
Why not just make them root certificates indefinite and revoke them as part of the system trust anchor update process, at the same time as downloading new root certs? That way, you know that a revocation is only going to happen when it also pulls down replacement certificates.