I guess that happens because OCSP responses are handled and cached by CDN (Akamai). Maybe if your request hits CDN before pre-created OCSP response is available, unauthorized
result gets cached for some time?
I see that there is open issue in Boulder about setting Akamai caching headers for OCSP: https://github.com/letsencrypt/boulder/issues/2794. Maybe @jsha could shed some light on this, as he has spoken about OCSP in Let’s Encrypt few times (OCSP with LetsEncrypt Used to Work But Now Doesn’t, [Solved] OCSP server sometimes has malformed response of 5 bytes or “unauthorized”)?