3.1.5 Processing Events and Sequencing Rules
OCSP request creation MUST adhere to [RFC5019] section 2.1.<3>
When an OCSP Extensions client processes the response from a responder, it enforces that the response is signed by one of the following keys:
The private key that was used to sign the inspected certificate.
A private key with a corresponding certificate that was signed by using the same private key that was used to sign the inspected certificate.