I presume when you say expiry of CKC, you mean expiration for your offline key.
There are multiple ways you can go about this -
You get the expiration date off-band from your key server and track it yourself in the app after you create your offline key.
If you don't want to do that, you can use makeSecureTokenForExpirationDateOfPersistableContentKey:completionHandler: to query expiration date from AVFoundation. This generates a SPC which you can send to your key server to determine when it expires. Note that this involves an additional round trip to server compared to (1)
You can always delete the offline key you have in your app. Sometimes, your business rule demand that the offline key is securely deleted. You can use invalidatePersistableContentKey:options:completionHandler: or invalidateAllPersistableContentKeysForApp:options:completionHandler: to do that. When you use this, you will get a SPC which you can send to your key server and your key server can unwrap SPC and find out securely that the key was invalidated. Let's say if someone tries to reuse your offline key, after invalidation, they cannot anymore.