func Diff(old, new *x509.RevocationList) (*diffResult, error)
Diff returns the sets of serials that were added and removed between two CRLs. In order to be comparable, the CRLs must come from the same issuer, and be given in the correct order (the "old" CRL's Number and ThisUpdate must both precede the "new" CRL's).
func Validate(crl *x509.RevocationList, issuer *x509.Certificate, ageLimit time.Duration) error
Validate runs the given CRL through our set of lints, ensures its signature validates (if supplied with a non-nil issuer), and checks that the CRL is less than ageLimit old. It returns an error if any of these conditions are not met.