If you want a resource server to contact an authorization server for validating an OAuth token, you can encrypt the token by using Access Manager keys. This is the default encryption method.
Access Manager encrypts a token by using a random symmetric key, then the encrypted token is signed by using an Access Manager private key. When resource server consumes an access token, it requests Identity Server to validate the token.