Thanks for pointing out, I didn't realize that.
Snippet from the RFC:
The server SHOULD follow redirects when dereferencing the URL.
Clients might use redirects, for example, so that the response can be
provided by a centralized certificate management server.
I will suggest to remove that from the specification in a future version for the stated reasons, then.