@tyf is spot on; that’s exactly what’s happening 
Auth0 typically generates both an ID Token and an Access Token: the ID Token being designed for use by an application in order to build the application level session; the Access Token being designed for use by your own API. Without the OAuth 2 audience parameter, the (Access) Token returned is designed only for use with the Auth0 /userinfo endpoint (here). Whilst it is a JWT, it uses an alternate encoding algorithm so is effectively opaque, and not designed to be decoded by jwt.io.
Typically, any Access Token you pass to your own API should have been generated by defining a (custom) API in Auth0 - see here for more details. You will typically specify a custom audience (a.k.a. Identifier) for your API and also typically define scopes; both of which your API will typically validate. The Access Tokens generated for the (custom) audience can then be used to call your API securely and your API can also use it to call the Auth0 /userinfo endpoint too: all (custom) API tokens generated in Auth0 typically support two intended audiences, the custom one you define and also the Auth0 /userinfo endpoint.
Hope that helps 