That's a very bold claim, any evidence you can provide to support it? How do the governments sidestep Certificate Transparency, which makes the simple possession of the signing keys ineffective? And have there ever been reports of developers observing these rogue certificates in the wild?
My assumption was that the signed certificates are provided by governments to state owned or shell companies (China having high profile cases of this).
But if it really was this simple, it would have been noticed earlier.