Where does Keycloak store a user's password expiry time?

On Keycloak you can set the “Expire Password” password policy with a set number of days.
Where does Keycloak store the information regarding the last time a user updated their password so that it has reference on when to take action?

Also, is there a way to surface this information in the Admin API data about a user?