Verify the timestamp
As the timestamp is used to verify the time, at which the data were signed (or other digital action was taken), the validity of the timestamp itself is to be verified.
The components, which are used to perform document signature verification (TElMessageVerifier in PKCS#7, TElPDFPublicKeySecurityHandler in PDF etc.) provide access to every timestamp in the form of the instance of TElClientTSPInfo class. This class contains information about the request sent to the server and the reply received from the server.
The task of the application is to validate the certificates, included into the timestamp response. The certificates are accessible via Certificates property of TElClientTSPInfo class. Certificate validation procedure is described in the the corresponding how-to article
If the certificates are not included, the application might be able to find out the needed certificate by using the name of the TSA (in some cases, the set of allowed timestamp authorities is predefined, and the certificates, used by the TSAs, are known by the client). The TSA name can be read from TSAName property of TElTSPInfo class. Check whether the name is set using TElTSPInfo.TSANameSet property.
MS Authenticode timestamp is different from TSP response and it's verification is described in the the corresponding how-to article.