When you open a Certificate Details window in Kleopatra it does an online check including CRL checks. This can make a usually valid certificate invalid when the CRL check fails.

The certificate is updated in the keylistmodel / keycache accordingly.

But when we then start a refreshallkeys by using View -> Redisplay, it pulls in the certificates in offline mode and that can cause an invalid certificate to show up as "green" again. Which is at least irritating.