ocsptool: no option to dermine whether a certificate corresponds to a response
OCSP responses map to a specific certificate however they way they do is very cryptic. There can be hashes of the issuer + serial number, and that mapping is not straightforward for a human. We should provide a way to automate that mapping process.