diff --git a/pkg/pki/tuf/tuf_test.go b/pkg/pki/tuf/tuf_test.go
index c244dc199ac44e7f0bf328b943a7822cb5192e09..0668333267dc75195a03d87efbc16677e6a590df 100644
--- a/pkg/pki/tuf/tuf_test.go
+++ b/pkg/pki/tuf/tuf_test.go
@@ -20,8 +20,22 @@ import (
 	"io"
 	"os"
 	"testing"
+	"time"
+
+	"github.com/theupdateframework/go-tuf/verify"
 )
 
+func patchIsExpired() func() {
+	// Patch out the IsExpired to make the tests stable :)
+	old := verify.IsExpired
+	verify.IsExpired = func(t time.Time) bool {
+		return false
+	}
+	return func() {
+		verify.IsExpired = old
+	}
+}
+
 func TestReadPublicKey(t *testing.T) {
 	// Tests reading a valid public key (root.json)
 	type test struct {
@@ -37,6 +51,9 @@ func TestReadPublicKey(t *testing.T) {
 		{caseDesc: "Valid TUF root.json", inputFile: "testdata/1.root.json", errorFound: false, specVersion: "1.0"},
 	}
 
+	// Patch out the expired function to make tests stable :)
+	defer patchIsExpired()()
+
 	for _, tc := range tests {
 		file, err := os.Open(tc.inputFile)
 		if err != nil {
@@ -101,6 +118,9 @@ func TestCanonicalValue(t *testing.T) {
 		t.Errorf("CanonicalValue did not error out for uninitialized key")
 	}
 
+	// Patch out the expired function to make tests stable :)
+	defer patchIsExpired()()
+
 	tests := []test{
 		{caseDesc: "root", input: "testdata/1.root.json", output: "testdata/reformat.1.root.json", match: true},
 	}
@@ -115,7 +135,7 @@ func TestCanonicalValue(t *testing.T) {
 
 		inputKey, err := NewPublicKey(inputFile)
 		if err != nil {
-			t.Errorf("%v: Error reading input for TestCanonicalValuePublicKey: %v", tc.caseDesc, err)
+			t.Errorf("%v: Error reading input for TestCanonicalValue: %v", tc.caseDesc, err)
 		}
 
 		cvInput, err := inputKey.CanonicalValue()
@@ -130,7 +150,7 @@ func TestCanonicalValue(t *testing.T) {
 
 		outputKey, err := NewPublicKey(outputFile)
 		if err != nil {
-			t.Errorf("%v: Error reading input for TestCanonicalValuePublicKey: %v", tc.caseDesc, err)
+			t.Errorf("%v: Error reading input for TestCanonicalValue: %v", tc.caseDesc, err)
 		}
 
 		cvOutput, err := outputKey.CanonicalValue()
@@ -159,6 +179,8 @@ func TestVerifySignature(t *testing.T) {
 		{caseDesc: "Valid root.json, unsigned root.json", keyFile: "testdata/1.root.json", sigFile: "testdata/unsigned_root.json", verified: false},
 	}
 
+	defer patchIsExpired()()
+
 	for _, tc := range tests {
 		keyFile, err := os.Open(tc.keyFile)
 		if err != nil {
diff --git a/pkg/types/tuf/v0.0.1/entry_test.go b/pkg/types/tuf/v0.0.1/entry_test.go
index dd1b899ba2b901d4a8dec5d001b720c48209d8e5..ffb8843cca6abe2d44a996bbd584d1d153f97d71 100644
--- a/pkg/types/tuf/v0.0.1/entry_test.go
+++ b/pkg/types/tuf/v0.0.1/entry_test.go
@@ -26,6 +26,7 @@ import (
 	"net/http/httptest"
 	"reflect"
 	"testing"
+	"time"
 
 	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
@@ -33,10 +34,22 @@ import (
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/rekor/pkg/types"
 	"github.com/theupdateframework/go-tuf/data"
+	"github.com/theupdateframework/go-tuf/verify"
 
 	"go.uber.org/goleak"
 )
 
+func patchIsExpired() func() {
+	// Patch out the IsExpired to make the tests stable :)
+	old := verify.IsExpired
+	verify.IsExpired = func(t time.Time) bool {
+		return false
+	}
+	return func() {
+		verify.IsExpired = old
+	}
+}
+
 func TestMain(m *testing.M) {
 	goleak.VerifyTestMain(m)
 }
@@ -49,6 +62,8 @@ func TestNewEntryReturnType(t *testing.T) {
 }
 
 func TestCrossFieldValidation(t *testing.T) {
+	defer patchIsExpired()()
+
 	type TestCase struct {
 		caseDesc                  string
 		entry                     V001Entry