There is another problem too: some objects do have a mnt-by, however the mntner has auth: NONE! :( Can we assume that these objects are well maintained? My answer is: no.
I wouldn't follow that particular line of reasoning! The fact that you/he/she/someone does not *restrict access* to objects does not mean that the maintainer does not *maintain* the objects!? I think we're still mixing aspects of - access rights to objects (=access authorization) - access rights to "registry spaces" (=object creation) - authentication & identification (=credibility of data) and last but not least - object aging and checkpointing, dangling pointers, non-ref.s, duplicates etc.
Janos
PS. I have seen this with both inetnum and route objects.
Wilfried.