How to validate the hostname of JWS?

[KrishnaPG]

Able to get the signing key with below code for a JWS

JOSE.JWS.createVerify().
    verify(response, { allowEmbeddedKey: true }).

But it is not clear how to validate that the signing key that was returned indeed belongs to a certain host. The returned key has this structure:

Object {kty: "RSA", kid: "attest.android.com", x5t: "AANhoKVTU0xnqBHMlONT54Suni8", n: "na5Ilx95ICy2kcW-HxdonrQfZge3y961tVFvrj38bdG8HlHs5F…", e: "AQAB"}
e:"AQAB"
kid:"attest.android.com"
kty:"RSA"
n:"na5Ilx95ICy2kcW-HxdonrQfZge3y961tVFvrj38bdG8HlHs5FqLRSpKlCD4kMlys9zNVdSl8w7-n3IejefN0I4fI2FoAL7Khr2uRYo4Vl6pHTw3fHW4u3KEpDfUmPVuTtqbLRE93HXSs7ayuuATqjUT3QsRuoUafqFESFjvAkjKljtjFkTadBWTYUiqYf5Py8I1O4k3FVGG5w6imXeWEJa0F9dCby-qQmbhTSuL1TyBMhfzsUpSAu_xYIQ3cNBi183n6rVo9Az2pJGx3bDNzyl6r8zrY2_-ockwqVT57Of1VhePSqu0f0ct6TRWoeLzYYY55sDKOnz4JigkgeYg_w"
x5t:"AANhoKVTU0xnqBHMlONT54Suni8"

Is there any API or mechanism to check if the key or the certificate in x5c belongs to a certain host (e.g. attest.android.com)?

In some other packages, there is this kind of mechanism:

var attCert = (validatedToken.SigningKey as X509SecurityKey).Certificate;
var subject = attCert.GetNameInfo(X509NameType.DnsName, false);
if (false == ("attest.android.com").Equals(subject))
  throw new Fido2VerificationException("Safetynet DnsName is not attest.android.com");

Could not find equivalent of GetNameInfo for JWK in this library

[matiishyn]

I have exactly same question :) @KrishnaPG how did you resolve this?

[KrishnaPG]

Sorry, @matiishyn Was unable to solve it.