I just got blocked for 24 hours as well. After opening https://pcr.euprava.gov.rs/validate.php?cqcode=1641591150Q!A... just fine -tried to see what happens when you change the digits to cqcode=1641591151... :)

While I guess in these cases governments don't really worry about enumeration aka https://en.wikipedia.org/wiki/German_tank_problem - it's still often a security risk that means you usually try to avoid it.

Even when internally you have auto-incremental ID - you can provide a non-sequential public ID (e.g. at least use SkipJack/Skip32 of that incremental value).