Estonia blocks electronic ID cards over identity-t...

[j_s]

This is paying for revoke checking, right?

Validating the certificate the same way servers validate client certificates should be enough to verify it as a date/time-valid Estonian ID.

[AndresAlla]

Yes, this is to use OCSP. You do not have to pay if you download revocation lists manually. Ofcourse lists become stale rather quickly.

Very basic - hello world level - implementation is as simple as enabling client certificate authentication in Apache config.