Per the draft 9 spec, “The server MUST consider at least the following accounts authorized for a given certificate: the account that issued the certificate.”
However, using the acmev2 staging server, if I revoke using that account, I get a 403 with the detail of “JWK embedded in revocation request must be the same public key as the cert to be revoked”.
Looks like you might need to use the kid method if the signer is the ACME Account Key, whereas JWK is used when the signer is the Certificate Private Key.