x509 - Server Authentication - no CN, just subject alternative Names

Hi

Where (in wchich RFC) can I find information about what should be
checked in the certificate that is used to server authentication?
What I need is to know when, according to the standard, i should check
the Subject CN and when Subject Alternative Name and if it is possible
that there's no Subject CN in the valid certificate but just the
dNSname(s) (if yes, then which RFS defines it).

Best regards,
xavier