diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c
index 785e49e50..c30263be2 100644
--- a/ctaocrypt/src/asn.c
+++ b/ctaocrypt/src/asn.c
@@ -4240,7 +4240,8 @@ static int DecodeSingleResponse(byte* source,
     if (GetBasicDate(source, &idx, cs->thisDate,
                                                 &cs->thisDateFormat, size) < 0)
         return ASN_PARSE_E;
-    if (!ValidateDate(cs->thisDate, cs->thisDateFormat, BEFORE))
+    /* Check thisDate <= now, or treat thisDate > now as a failure */
+    if (ValidateDate(cs->thisDate, cs->thisDateFormat, AFTER))
         return ASN_BEFORE_DATE_E;
     
     /* The following items are optional. Only check for them if there is more