4.1.1. ASN.1 Specification of the OCSP Request
...
CertID ::= SEQUENCE {
hashAlgorithm AlgorithmIdentifier,
issuerNameHash OCTET STRING, -- Hash of issuer's DN
issuerKeyHash OCTET STRING, -- Hash of issuer's public key
serialNumber CertificateSerialNumber }
...
The contents of CertID include the following fields:
...
o issuerNameHash is the hash of the issuer's distinguished name
(DN). The hash shall be calculated over the DER encoding of the
issuer's name field in the certificate being checked.
o issuerKeyHash is the hash of the issuer's public key. The hash
shall be calculated over the value (excluding tag and length) of
the subject public key field in the issuer's certificate.
o serialNumber is the serial number of the certificate for which
status is being requested.
4.2.2.2.1. Revocation Checking of an Authorized Responder
...
A CA may specify that an OCSP client can trust a responder for the
lifetime of the responder's certificate. The CA does so by
including the extension id-pkix-ocsp-nocheck.
From https://datatracker.ietf.org/doc/html/rfc6960#section-4.1.1:
From https://datatracker.ietf.org/doc/html/rfc6960#section-4.2.2.2.1: