diff --git a/lib/firebase_id_token/signature.rb b/lib/firebase_id_token/signature.rb
index ac2ca52..f787f54 100644
--- a/lib/firebase_id_token/signature.rb
+++ b/lib/firebase_id_token/signature.rb
@@ -78,7 +78,20 @@ def initialize(jwt_token, raise_error: false)
 
     # @see Signature.verify
     def verify
-      certificate = firebase_id_token_certificates.find(@kid, raise_error: @raise_error)
+      var_name = :_firebase_id_token_cert
+      Thread.current[var_name] ||= {
+        cert: nil,
+        expires_at: Time.now.utc - 1
+      }
+
+      if Thread.current[var_name][:expires_at] <= Time.now.utc
+        Thread.current[var_name] = {
+          cert: firebase_id_token_certificates.find(@kid, raise_error: @raise_error),
+          expires_at: Time.now.utc + firebase_id_token_certificates.ttl
+        }
+      end
+
+      certificate = Thread.current[var_name][:cert]
       return unless certificate
 
       payload = decode_jwt_payload(@jwt_token, certificate.public_key)
diff --git a/lib/firebase_id_token/testing/certificates.rb b/lib/firebase_id_token/testing/certificates.rb
index eed40fa..2fb1c42 100644
--- a/lib/firebase_id_token/testing/certificates.rb
+++ b/lib/firebase_id_token/testing/certificates.rb
@@ -80,6 +80,10 @@ def self.read_jwt_file
           )
         )
       end
+
+      def self.ttl
+        10
+      end
     end
   end
 end
diff --git a/lib/firebase_id_token/version.rb b/lib/firebase_id_token/version.rb
index 6868796..174ff8d 100644
--- a/lib/firebase_id_token/version.rb
+++ b/lib/firebase_id_token/version.rb
@@ -1,3 +1,3 @@
 module FirebaseIdToken
-  VERSION = '2.4.0'
+  VERSION = '2.5.1'
 end