diff --git a/external-sop/src/main/kotlin/sop/external/operation/ValidateUserIdExternal.kt b/external-sop/src/main/kotlin/sop/external/operation/ValidateUserIdExternal.kt
index 867a755..581d6f5 100644
--- a/external-sop/src/main/kotlin/sop/external/operation/ValidateUserIdExternal.kt
+++ b/external-sop/src/main/kotlin/sop/external/operation/ValidateUserIdExternal.kt
@@ -8,6 +8,7 @@ import java.io.InputStream
 import java.util.*
 import sop.external.ExternalSOP
 import sop.operation.ValidateUserId
+import sop.util.UTCUtil
 
 class ValidateUserIdExternal(binary: String, environment: Properties) : ValidateUserId {
 
@@ -35,4 +36,8 @@ class ValidateUserIdExternal(binary: String, environment: Properties) : Validate
             .bytes
         return true
     }
+
+    override fun validateAt(date: Date): ValidateUserId = apply {
+        commandList.add("--validate-at=${UTCUtil.formatUTCDate(date)}")
+    }
 }
diff --git a/sop-java-picocli/src/main/kotlin/sop/cli/picocli/commands/ValidateUserIdCmd.kt b/sop-java-picocli/src/main/kotlin/sop/cli/picocli/commands/ValidateUserIdCmd.kt
index da81a27..9a09a15 100644
--- a/sop-java-picocli/src/main/kotlin/sop/cli/picocli/commands/ValidateUserIdCmd.kt
+++ b/sop-java-picocli/src/main/kotlin/sop/cli/picocli/commands/ValidateUserIdCmd.kt
@@ -11,6 +11,7 @@ import picocli.CommandLine.Parameters
 import sop.cli.picocli.SopCLI
 import sop.exception.SOPGPException
 import sop.util.HexUtil.Companion.bytesToHex
+import java.util.*
 
 @Command(
     name = "validate-userid",
@@ -21,6 +22,8 @@ class ValidateUserIdCmd : AbstractSopCmd() {
 
     @Option(names = ["--addr-spec-only"]) var addrSpecOnly: Boolean = false
 
+    @Option(names = ["--validate-at"]) var validateAt: Date? = null
+
     @Parameters(index = "0", arity = "1", paramLabel = "USERID") lateinit var userId: String
 
     @Parameters(index = "1..*", arity = "1..*", paramLabel = "CERTS")
@@ -34,6 +37,10 @@ class ValidateUserIdCmd : AbstractSopCmd() {
             validateUserId.addrSpecOnly()
         }
 
+        if (validateAt != null) {
+            validateUserId.validateAt(validateAt!!)
+        }
+
         validateUserId.userId(userId)
 
         for (authority in authorities) {
diff --git a/sop-java/src/main/kotlin/sop/operation/ValidateUserId.kt b/sop-java/src/main/kotlin/sop/operation/ValidateUserId.kt
index 4f4c51a..fb8cab6 100644
--- a/sop-java/src/main/kotlin/sop/operation/ValidateUserId.kt
+++ b/sop-java/src/main/kotlin/sop/operation/ValidateUserId.kt
@@ -7,6 +7,7 @@ package sop.operation
 import java.io.IOException
 import java.io.InputStream
 import sop.exception.SOPGPException
+import java.util.*
 
 /** Subcommand to validate UserIDs on certificates. */
 interface ValidateUserId {
@@ -75,4 +76,6 @@ interface ValidateUserId {
     @Throws(
         SOPGPException.BadData::class, IOException::class, SOPGPException.CertUserIdNoMatch::class)
     fun subjects(certs: ByteArray): Boolean = subjects(certs.inputStream())
+
+    fun validateAt(date: Date): ValidateUserId
 }