diff --git a/sa/model.go b/sa/model.go
index f3e0904e72e..99491e7e83a 100644
--- a/sa/model.go
+++ b/sa/model.go
@@ -1173,6 +1173,10 @@ func getAuthorizationStatuses(ctx context.Context, s db.Selector, ids []int64) (
 		return nil, err
 	}
 
+	if len(validities) != len(ids) {
+		return nil, fmt.Errorf("getAuthorizationStatuses got %d results, expected %d", len(validities), len(ids))
+	}
+
 	return validities, nil
 }
 
diff --git a/sa/sa_test.go b/sa/sa_test.go
index e6183c8e542..2166e93e8f2 100644
--- a/sa/sa_test.go
+++ b/sa/sa_test.go
@@ -2687,10 +2687,18 @@ func TestGetOrderExpired(t *testing.T) {
 	reg := createWorkingRegistration(t, sa)
 	order, err := sa.NewOrderAndAuthzs(context.Background(), &sapb.NewOrderAndAuthzsRequest{
 		NewOrder: &sapb.NewOrderRequest{
-			RegistrationID:   reg.Id,
-			Expires:          timestamppb.New(now.Add(-time.Hour)),
-			Identifiers:      []*corepb.Identifier{identifier.NewDNS("example.com").ToProto()},
-			V2Authorizations: []int64{666},
+			RegistrationID: reg.Id,
+			Expires:        timestamppb.New(now.Add(-time.Hour)),
+			Identifiers:    []*corepb.Identifier{identifier.NewDNS("example.com").ToProto()},
+		},
+		NewAuthzs: []*sapb.NewAuthzRequest{
+			{
+				Identifier:     &corepb.Identifier{Type: "dns", Value: "example.com"},
+				RegistrationID: reg.Id,
+				Expires:        timestamppb.New(now.Add(time.Hour)),
+				ChallengeTypes: []string{string(core.ChallengeTypeHTTP01)},
+				Token:          core.NewToken(),
+			},
 		},
 	})
 	test.AssertNotError(t, err, "NewOrderAndAuthzs failed")