Expect-Staple reports contain the time when the report was generated, but this is not necessarily the time that the OCSP response was verified; for example, due to the CachingCertVerifier, the response could have been verified up to 30 minutes before. This can be confusing to a site owner, who might receive a report indicating that the response was an invalid date/time even though the client timestamp appears to fall within the response's valid range.

One way to fix this is to add a verification_time to OCSPVerifyResult, recording the time that the response was actually verified, and then include that in the report instead of generating the timestamp when we send the report.