to the best of my knowledge this is possible, but we would not be able to provide the SSL cert for the subdomain if we are not the DNS for the apex domain.
As long as the subdomain is not www (which is a special subdomain that is typically synonymous to the apex), then there shouldn’t be any issues with providing a certificate only for those subdomains hosted on Netlify. And, of course, we won’t be able to provide any certificates for any sites not hosted on Netlify.