Client certificate revocation with custom root CA

Hi, the docs from Access were not clear about how to do client certificate revocation when you bring your own root CA to use with mTLS.

Has anyone faced this same issue? mTLS without proper certificate revocation does not seems that much useful