[1] RFC 6125 - Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS) (2015-03-13 22:27:53 +09:00 版) https://tools.ietf.org/html/rfc6125#section-1.8

source domain: The fully qualified DNS domain name that a client
expects an application service to present in the certificate
(e.g., "www.example.com"), typically input by a human user,
configured into a client, or provided by reference such as in a
hyperlink. The combination of a source domain and, optionally, an
application service type enables a client to construct one or more
reference identifiers.