The thing to be checked are the installed GPG keys that are trusted for package signing.