In PKI, what entity is responsible for verifying the identity of certificate requestors before certificate issuance?

Correct answer: Registration Authority (RA)

Option B is correct because the Registration Authority (RA) acts as an intermediary in a PKI hierarchy, performing the identity vetting and authentication of certificate requestors before forwarding approved requests to the Certificate Authority for signing. Option A is incorrect because OCSP (Online Certificate Status Protocol) is a real-time protocol used by relying parties to check whether a certificate has been revoked; it plays no role in vetting requestor identity. Option C is incorrect because the Certificate Revocation List (CRL) is a published list of revoked certificate serial numbers used for status checking, not for identity verification of new requestors. Option D is incorrect because the Certificate Authority (CA) is responsible for signing and issuing certificates; while it ultimately issues the certificate, the identity verification step is specifically delegated to the RA to allow the CA to focus on cryptographic operations and trust anchoring.