PKIX certpath validation is normally performed using the current time.
It may also be requested to be performed at a specific time.
When validating a certpath using a specified time then the OCSP response
shall be checked using that time, rather than using the current time.
Specifically, the specified time should be used when validating the
OCSP response's thisUpdate and nextUpdate, rather than the current time.