latest release signature key expired

$ gpg2 --verify libidn2-2.3.2.tar.gz{.sig,}
gpg: Signature made 2021 Jul 20 Tue 00:32:10 MST
gpg:                using RSA key 99415CE1905D0E55A9F88026860B7FBB32F8119D
gpg: Good signature from "Simon Josefsson <simon@josefsson.org>" [expired]
gpg:                 aka "Simon Josefsson <simon@yubico.com>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 9AA9 BDB1 1BB1 B99A 2128  5A33 0664 A769 5426 5E8C
     Subkey fingerprint: 9941 5CE1 905D 0E55 A9F8  8026 860B 7FBB 32F8 119D