In case anyone wants another example of how to set up revoked host keys:

  # Add this to the top of ~/.ssh/config
  RevokedHostKeys /home/username/.ssh/revoked_host_keys

then

  cd ~/.ssh
  mkdir revoked_host_keys.d

  echo 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==' > revoked_host_keys.d/github-leak-2023.03.23

  ssh-keygen -k -f revoked_host_keys revoked_host_keys.d/*

the last command combines all keys in the subdirectory into the one properly-formatted binary file. So, you can add more keys into the subdirectory later (but you do have to remember to rerun it -- personally I saved it into a one-line script at ~/.ssh/revoked_host_keys.sh so I don't forget)