Mirror a CRL, and use the "This update" field as the file's mod-time

gistfile1.sh

curl http://site.com/file.crl -o /var/www/file.crl
lastmod=`openssl crl -inform DER -text -noout -in /var/www/file.crl | grep "Last Update" | awk '{ print "date -d \""$3FS$4FS$5FS$6"\" +%Y%m%d%H%M" }' | bash`
touch -mt $lastmod /var/www/file.crl

Assuming your CRLs regenerate on a fixed schedule, you can then set expires header for this MIME type to the appropriate interval. Nginx, for example:

expires modified +2d23h59m;