diff --git a/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java b/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java
index 3796dac..150a068 100644
--- a/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java
+++ b/src/com/verisignlabs/dnssec/security/DnsSecVerifier.java
@@ -211,6 +211,13 @@ public class DnsSecVerifier
       }
     }
 
+    if (rrset.getTTL() > sigrec.getOrigTTL())
+    {
+      log.fine("RRset's TTL is greater than the Signature's orignal TTL");
+      if (reasons != null) reasons.add("RRset TTL greater than RRSIG origTTL");
+      return false;
+    }
+
     return true;
   }