Check installed packages for checksum mismatches ("pkg check")

The command "pkg check -s -a" verify the checksums against installed packages. I've tried both an Internet-connected VM and another Internet-disconnected VM and the command passes and completes without errors.

1. How does it verify the the packages? (Is it similar to "shasum -a 256 ..." and compare to a checksum?)
2. Where exactly is the checksum file?
3. If the package installed is an older version compared to the one on the remote repository, will it pass or fail the verification test?