[knot-resolver-users] When knot delete old ksk key ?

Hello, I have problem with ksk rotation keys. I've rotated shared KEY, submit by hand and rotate the key. I did setting of delete-delay, but after reaching time nothing happends. keymgr profivh.cz list 4a32ef440c27342c1aca748e0ff3236c41c9dff0 ksk=yes zsk=no tag=11739 algorithm=13 size=256 public-only=no pre-active=0 publish=1660242640 ready=1660246540 active=1660587842 retire-active=0 retire=0 post-active=0 revoke=0 remove=0 55c0eb5bbc46ffc5b0355311384e32957f369bf3 ksk=no zsk=yes tag=51831 algorithm=13 size=256 public-only=no pre-active=0 publish=1659353890 ready=0 active=1659357790 retire-active=0 retire=0 post-active=0 revoke=0 remove=0 a85ffe2752572a3e057c1dca6f1173e2d4f4a6b7 ksk=yes zsk=no tag=14655 algorithm=13 size=256 public-only=no pre-active=0 publish=1641666021 ready=1641666021 active=1655760727 retire-active=1660587842 retire=0 post-active=0 revoke=0 remove=1660587842 but time is over and knot didnt remove the key, list at current time : date +%s 1660838273 with policy setting : policy: - id: "signing_policy_prod" manual: "off" single-type-signing: "off" algorithm: "ecdsap256sha256" ksk-size: "256" zsk-size: "256" ksk-shared: "on" dnskey-ttl: "7200" ksk-lifetime: "0" zsk-lifetime: "2592000" delete-delay: "86400" propagation-delay: "14400" rrsig-lifetime: "1209600" rrsig-refresh: "604800" rrsig-pre-refresh: "3600" nsec3: "on" cds-cdnskey-publish: "none" with template : - id: "signed-zones" storage: "/var/lib/knot/szones" file: "%s" notify: [ "XXX.XXX.cz", "XXX.XXX.cz" ] acl: [ "sec1-transfer", "sec2-transfer" ] zonefile-sync: "0" zonefile-load: "whole" journal-content: "changes" dnssec-signing: "on" dnssec-policy: "signing_policy_prod" serial-policy: "unixtime" it is any normal behavior or is something wrong ? knotc (Knot DNS), version 3.1.9 Thanks for help.