Access token validation

There is a backend application that provides a REST API (spring boot). To access the application, you must pass the Authorization Bearer access token in the header, which is received on an external OAuth2 server (grant_type=authorization_code). How can I verify the passed access token on the application side? That is, to check that we received valid data (not changed by anyone) and this token was issued by the oauth2 server?

The access token is signed with the RS256 algorithm. Wanted to test it with JWKS uri, but in the header, the value kid is always passed the same for all access token tokens and this value is not present on the JWKS uri. Is this an oauth2 server error, or is it possible to check the access token somehow else?