diff --git a/google/auth/impersonated_credentials.py b/google/auth/impersonated_credentials.py
index 7c2f18d74..ba6012123 100644
--- a/google/auth/impersonated_credentials.py
+++ b/google/auth/impersonated_credentials.py
@@ -454,4 +454,6 @@ def refresh(self, request):
 
         id_token = response.json()["token"]
         self.token = id_token
-        self.expiry = datetime.fromtimestamp(jwt.decode(id_token, verify=False)["exp"])
+        self.expiry = datetime.utcfromtimestamp(
+            jwt.decode(id_token, verify=False)["exp"]
+        )
diff --git a/tests/test_impersonated_credentials.py b/tests/test_impersonated_credentials.py
index 0c6ca0ce9..f79db8f6a 100644
--- a/tests/test_impersonated_credentials.py
+++ b/tests/test_impersonated_credentials.py
@@ -488,7 +488,7 @@ def test_id_token_success(
         id_creds.refresh(request)
 
         assert id_creds.token == ID_TOKEN_DATA
-        assert id_creds.expiry == datetime.datetime.fromtimestamp(ID_TOKEN_EXPIRY)
+        assert id_creds.expiry == datetime.datetime.utcfromtimestamp(ID_TOKEN_EXPIRY)
 
     def test_id_token_metrics(self, mock_donor_credentials):
         credentials = self.make_credentials(lifetime=None)
@@ -512,7 +512,7 @@ def test_id_token_metrics(self, mock_donor_credentials):
                 id_creds.refresh(None)
 
                 assert id_creds.token == ID_TOKEN_DATA
-                assert id_creds.expiry == datetime.datetime.fromtimestamp(
+                assert id_creds.expiry == datetime.datetime.utcfromtimestamp(
                     ID_TOKEN_EXPIRY
                 )
                 assert (
@@ -581,7 +581,7 @@ def test_id_token_with_target_audience(
         id_creds.refresh(request)
 
         assert id_creds.token == ID_TOKEN_DATA
-        assert id_creds.expiry == datetime.datetime.fromtimestamp(ID_TOKEN_EXPIRY)
+        assert id_creds.expiry == datetime.datetime.utcfromtimestamp(ID_TOKEN_EXPIRY)
         assert id_creds._include_email is True
 
     def test_id_token_invalid_cred(