The clock is not the hard part of this.
Oscillators doing 10mhz or 1pps with nanosecond accurate holdover for 24hours are easily available (for like 3k for chip-scale atomic clocks, and less for rubidium or whatever ).
Galileo et al also have publicly available cryptographic signatures so you can't actually spoof them, only jam them.
If you are trying to do navigation while jammed, the reckoning is the hard part of this, not the clock.
The first thing i said makes this sort of irrelevant, but to go down this path:
The replay attacks i'm aware of fall into two categories - cold start and warm start (mostly from https://arxiv.org/html/2501.09246v1, which has been in progress for a while)
The cold start replay attacks are irrelevant here - unless you can force-restart the gps receiver in cold start mode during flight. If you can do that, you probably don't need to spoof the signal. Especially since it requires precise timing to forge the new signal to the receiver at the right time (otherwise it detects it), etc. Seems like there are easier ways.
The warm start replay attack
A. Requires you replay valid, but out of date, signals, in real time. This is non-trivial, and also limited in effect as you can only arbitrarily spoof one receiver to a location of your choosing - maybe you can get a few receivers with really good high-signal strength directional beaming of different replays, but it requires real-time tracking and adjustment of the signal of the target anyway to be able to spoof the location accurately.
Spoofing the location inaccurately is sort of pointless in most cases.
B. The attack has to change the time (and thus location) slow enough to not trigger various protections, then keep changing it slowly enough to continue that.
C. The attack requires that your receiver is too stupid to notice that a forced revert to non-authenticated time occurred, doesn't notify you of this, and then doesn't notice that time or location jumped suddenly by more than any reasonable amount. It also has to not notice that the SNR of everything suddenly changed, etc.
Oh, also, they have to spoof all other sources of time, including local oscillators, etc, for you to not notice.
Given we just talked about how cheap and easy it is to have a high quality oscillator disciplined to time before takeoff, this kind of replay attack seems "practical" only in the sense that it is possible.
Are you aware of other replay attacks, if so, that'd be cool :)
Otherwise, yes, I agree you can spoof location in theory. I can't imagine a practical application of it in the scenario we are talking about.
The clock is not the hard part of this. Oscillators doing 10mhz or 1pps with nanosecond accurate holdover for 24hours are easily available (for like 3k for chip-scale atomic clocks, and less for rubidium or whatever ).
Galileo et al also have publicly available cryptographic signatures so you can't actually spoof them, only jam them.
If you are trying to do navigation while jammed, the reckoning is the hard part of this, not the clock.
We solved the clock enough already.