RFC 6960 — X.509 Internet PKI Online Certificate Status Protocol (OCSP) by node

OCSP lets a client determine the revocation status of a single X.509 certificate without downloading a full CRL. The client asks an OCSP responder about one certificate and receives a signed answer: good, revoked, or unknown.