[B<-token_in>]
[B<-CApath> I<trusted_cert_path>]
[B<-CAfile> I<trusted_certs.pem>]
+[B<-CAstore> I<trusted_certs_uri>]
[B<-untrusted> I<cert_file.pem>]
[I<verify options>]
that the input is a DER encoded timestamp token (ContentInfo) instead
of a timestamp response (TimeStampResp). (Optional)
-=item B<-CAfile> I<file>, B<-CApath> I<dir>
+=item B<-CAfile> I<file>, B<-CApath> I<dir>, B<-CAstore> I<uri>
See L<openssl(1)/Trusted Certificate Options> for more information.
+At least one of B<-CApath>, B<-CAfile> or B<-CAstore> must be specified.
+
=item B<-untrusted> I<cert_file.pem>
Set of additional untrusted certificates in PEM format which may be
L<openssl-x509(1)>,
L<openssl-ca(1)>,
L<openssl-genrsa(1)>,
-L<config(5)>
+L<config(5)>,
+L<ossl_store-file(7)>
=head1 COPYRIGHT