The home website for Bitcoin Core says
Refresh expired keys using:
gpg --keyserver hkps://keys.openpgp.org --refresh-keys
I would obtain Bitcoin Core from that bitcoincore.org website and not from bitcoin.org.
For signature checking to be more meaningful as a check on authorship or correctness rather than merely a checksum of download integrity, it is probably important to obtain your GPG public keys from a source that is as independent as possible from the website from which you download the source or binaries. Otherwise you could download doctored code and faked signatures & keys from a hacked or impostor website. This independence appears to be the case with software from bitcoincore.org and keys from openpgp.org or elsewhere (if I understand correctly).
You are correct that bitcoin.org currently (2022-02-17) has old expired keys.
After visiting https://bitcoin.org/en/download and clicking "Bitcoin Core Release Signing Keys" v0.11.0+ I also see an expired key.
C> gpg --import laanwj-releases.asc
gpg: key 36C2E964: public key "Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found
C> gpg --list-keys
----------------------------------------------
pub 4096R/36C2E964 2015-06-24 [expired: 2022-02-10]
uid Wladimir J. van der Laan (Bitcoin Core binary release signing key) <laanwj@gmail.com>
