diff --git a/libkeyringctl/trust.py b/libkeyringctl/trust.py
index ec9796c..7911b60 100644
--- a/libkeyringctl/trust.py
+++ b/libkeyringctl/trust.py
@@ -85,6 +85,14 @@ def certificate_trust(  # noqa: ignore=C901
     """
 
     fingerprint: Fingerprint = Fingerprint(certificate.name)
+    keyring_root = certificate.parent.parent.parent
+
+    # collect revoked main keys
+    main_keys_revoked: Set[Fingerprint] = set()
+    for main_key in main_keys:
+        for revocation in keyring_root.glob(f"main/*/{main_key}/revocation/*.asc"):
+            if main_key.endswith(revocation.stem):
+                main_keys_revoked.add(main_key)
 
     revocations: Set[Fingerprint] = set()
     # TODO: what about direct key revocations/signatures?
@@ -131,6 +139,9 @@ def certificate_trust(  # noqa: ignore=C901
             # only take main key certifications into account
             if not contains_fingerprint(fingerprints=main_keys, fingerprint=issuer):
                 continue
+            # do not care about revoked main keys
+            if contains_fingerprint(fingerprints=main_keys_revoked, fingerprint=issuer):
+                continue
             # do not care about certifications that are revoked
             if contains_fingerprint(fingerprints=revocations, fingerprint=issuer):
                 continue
diff --git a/tests/test_trust.py b/tests/test_trust.py
index 344dfc2..014f6a4 100644
--- a/tests/test_trust.py
+++ b/tests/test_trust.py
@@ -161,6 +161,23 @@ def test_certificate_trust_three_main_signature_gives_full_trust(working_dir: Pa
     assert Trust.full == trust
 
 
+@create_certificate(username=Username("main1"), uids=[Uid("main1 <foo@bar.xyz>")], keyring_type="main")
+@create_certificate(username=Username("main2"), uids=[Uid("main2 <foo@bar.xyz>")], keyring_type="main")
+@create_certificate(username=Username("main3"), uids=[Uid("main3 <foo@bar.xyz>")], keyring_type="main")
+@create_certificate(username=Username("foobar"), uids=[Uid("foobar <foo@bar.xyz>")])
+@create_uid_certification(issuer=Username("main1"), certified=Username("foobar"), uid=Uid("foobar <foo@bar.xyz>"))
+@create_uid_certification(issuer=Username("main2"), certified=Username("foobar"), uid=Uid("foobar <foo@bar.xyz>"))
+@create_uid_certification(issuer=Username("main3"), certified=Username("foobar"), uid=Uid("foobar <foo@bar.xyz>"))
+@create_key_revocation(username=Username("main3"), keyring_type="main")
+def test_certificate_trust_three_main_signature_one_revoked(working_dir: Path, keyring_dir: Path) -> None:
+    trust = certificate_trust(
+        test_keyring_certificates[Username("foobar")][0],
+        test_main_fingerprints,
+        test_all_fingerprints,
+    )
+    assert Trust.marginal == trust
+
+
 @create_certificate(username=Username("main"), uids=[Uid("main <foo@bar.xyz>")], keyring_type="main")
 @create_certificate(username=Username("foobar"), uids=[Uid("foobar <foo@bar.xyz>")])
 @create_key_revocation(username=Username("foobar"))