The signature itself is valid, the problem is the key. You should go to a gpg-keysigning-party and meet someone from Nextcloud, once you are sure to trust the Nextcloud key, there is no problem. In gpg there is no central infrastructure for trust and/or verification of trust.
1 Like