However, there could be a RIPEMD-160 hash collision of two different ECDSA pubkey point. That would have two different privkeys with one pubkey.
their would be 2 keypairs, where the hash of the public keys would be equal.
keypair A: (Apub, Apriv)
keypair B: (Bpub, Bpriv)
Apub != Bpub and Apriv != Bpriv
BUT!!!!!
hash(Apub) == hash(Bpub)
Yes. However, that would mean that the bitcoin address itself would be the same. Funds sent to that bitcoin address could be spent by either private key; the txout script only checks the hash of the pubkey key, not the public key itself.