Faster Knot-generated RRSIG validation
Once an RRSIG has been properly validated (i.e. the signature was generated anew and check for validity with possibly existing signature), we don't need to do the whole process again, unless the covered RR changed. Therefore, looking at the expiration time should be sufficient for planned DNSSEC events (i.e. not for reload, DDNS)