It's necessary to save the DNSKEY TTL and zone maximal TTL at the time of previous rollover step, so that the next step corresponds with TTLs in resolvers' caches.