Signed cookies are HS256 JWTs with the header omitted to keep the cookies small. To inspect the cookies as regular JWTs, this header needs to be prepended to the cookie value with a period separator. Like this:

const token = await decodeJwt(COOKIE_JWT_HEADER + "." + value, secretKey);
// === ["cookie-name", "cookie-value", <epoch time of cookie expiration>?]

The header JSON is { "alg": "HS256" }.