Open your Auth0 dashboard, and go to monitoring → logs.
There you should see the failed exchange attempt, and in the details you can see, what went wrong.
I guess in your case the exp is too large, Auth0 has the limitation of 5 minutes.
In the CURL request you want to have a token valid for the Auth0 management API (audience set to the management api identifier)?