RFC 5280 says:
"The removeFromCRL (8) reasonCode value may only appear in delta CRLs and indicates that a certificate is to be removed from a CRL because either the certificate expired or was removed from hold."
My question is: in which scenarion is an expired certificate removed from a CRL where it was placed? Is this for dealing with an error created by a revocation issued after a certificate expiration? I honestly don't see any other reason for removing an expired certificate from a CRL.
