Here’s quite a good overview. The short answer, I think, is that the signature is embedded into the JSON object representing the post / upvote / whatever, which then gets passed around server-to-server (and each server checks the signature against the original server’s TLS certificate). It’s not something you can get your head around just by asking a couple simple questions but it’s a pretty fascinating design when you get your head around it.