Assume you have a CNAME record:
travel-maps.example.com CNAME c.commondatastorage.googleapis.com.
Browser resolves name travel-maps.example.com and gets IP for c.commondatastorage.googleapis.com, then connects to port 443 of this address.
Server with this IP couldn’t possibly[1] have proper certificate for travel-maps.example.com (and all other domain names with CNAME records like this). Only example.com domain owner could get a trusted cert for his own domain.
[1] Unless you uploaded the certificate to the CDN network which is a common feature nowadays.