JWT plugin token expiration validation

So I configured the JWT plugin on some routes, along with exp claim verification. I try testing with an expired token, and it doesn’t seem to work, the request pass through anyway.

I’m wondering how the JWT plugin verifies the claim, i.e. which timezone it uses to compare “now” with the token’s exp, and if there’s a way to configure that. My token expiration use utc time.