Also I checked the Signing Certificate and got OpenSSL::PKey::RSAError: Neither PUB key nor PRIV key: nested asn1 error. This error means invalid public key.
The “Signing Certificate” field is your public key. We also recommend that you get the Public Key from your tenant’s JWKS here: https://{yourDomain}/.well-known/jwks.json, and it’s available at https://{yourDomain}/.well-known/pem too.
I just tested it and it works correctly for me via all three options listed above. It may simply be a formatting issue with the script you are using. I also suggest JWT.io for debugging.