How can oathkeeper validate token

Hello. Now I am studying a bunch of hydra + oath. And I have a question. Suppose a client received a token from hydra, sent a request with it to oathkeeper.

Can oathkeeper validate the token on its own? (For example, check it for freshness, etc.)

Or should I set introspection_url and validate the token on the Hydra side?

I think Oathkeeper would check if your token is valid, and then either fulfill the request or deny it.

So I would say you have to do the authorization part in Hydra for example.
Correct me if I am wrong here @hackerman