JSON Web Token

How to validate a JWT token using public.key?

Hello. I'm trying to make authorization through JWT tokens with the RS256 algorithm (namely, the keycloak tool). Reached the stage of token validation on the server or in the browser. If the token signature generation process is quite clear:

RSASHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload), PRIVATE.KEY)

At the same time, the algorithm for checking the signature and validity of the access_token using Public.key is generally incomprehensible. And nowhere is there much information. I found libraries, but it only shows how to validate tokens using ready-made methods. I would like to know the algorithm myself. And in general, what is checked by the public key - the token itself or its signature. And if the signature, then if it is valid, then the payload of the token is manually decoded and its validity is calculated from the timestamps. Or somehow differently?

And yet, I’ll take this opportunity to ask - where is it better to validate the token in the case of a SPA application: on the frontend with each request to the server, or on the backend do I receive an access_token from the front with each request?
Thank you!