The Lyx recipe has been broken for a while now. It seems upstream released a combined x86_64_arm64 build and also changed the certificate. I verified with gpg and the published signatures on lyx.org like this:
$ wget https://lyx.mirror.garr.it/bin/2.3.7/LyX-2.3.7+qt5-x86_64-arm64-cocoa.dmg
$ wget https://lyx.mirror.garr.it/bin/2.3.7/LyX-2.3.7+qt5-x86_64-arm64-cocoa.dmg.sig
$ gpg --recv-keys --keyserver keyserver.ubuntu.com FE66471B43559707AFDAD955DE7A44FAC7FB382D
$ gpg --verify LyX-2.3.7+qt5-x86_64-arm64-cocoa.dmg.sig
gpg: Signature made Wed Jan 4 19:39:57 2023 CET
gpg: using RSA key FE66471B43559707AFDAD955DE7A44FAC7FB382D
gpg: Good signature from "LyX Release Manager (Signing LyX tarballs and binaries) <sanda@lyx.org>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: FE66 471B 4355 9707 AFDA D955 DE7A 44FA C7FB 382D
The Lyx recipe has been broken for a while now. It seems upstream released a combined x86_64_arm64 build and also changed the certificate. I verified with gpg and the published signatures on lyx.org like this: