gpg: Signature made 22/12/2022 08:39:19 GMT Standard Time
gpg: using RSA key CB36D7D2EBB2E35D9B75500BCD5DC1C529CDFD3B
gpg: issuer “christoph.atteneder@gmail.com”
gpg: Good signature from “Christoph Atteneder christoph.atteneder@gmail.com” [unknown]
gpg: WARNING: The key’s User ID is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: CB36 D7D2 EBB2 E35D 9B75 500B CD5D C1C5 29CD FD3B
That depends.
It means that the message is signed, but not with a key that you, or someone you trust, has certified.
It could mean that the signature and maybe even the email isn’t from that person, or it could just mean that you haven’t trusted the key yet.
You should only trust keys that you can be reasonably certain are from the correct person, but also know that if you don’t, you will keep getting warnings like this.