security – What entities can decrypt Apple Pay token?

During Apple Pay payment, user device creates a payment token that contains a lot of encrypted information (see docs). Among other things, there is a device-specific card number (vel application PAN).

Question is: which parties can see this identifier en route to Token Service Provider (who holds the actual card number). In particular, is this information available to merchant or acquirer in both online and offline (with a physical terminal) transactions?