This is the challenge token.
The challenge token must be transformed into another value before publishing it to the DNS record. The details can be found in the RFC8555 document.
To do this, there is a validation method on the DNS Challenge. You pass the account key (jose.JWK) to this method, and it will return a str which you should then publish to the DNS record.