RFC 6125 refrence

When referencing RFC 6125 you need to provide more details. In particular, you need to pretty much answer every question in section 3 of RFC 6125: https://tools.ietf.org/html/rfc6125#section-3

One example of how this might look like is in Section 9.2 of https://datatracker.ietf.org/doc/draft-ietf-sidr-rpki-rtr-rfc6810-bis/?include_text=1. For your convenience the relevant text is pasted below:

Routers MUST also verify the cache's TLS server certificate, using subjectAltName dNSName identities as described in [RFC6125], to avoid man-in-the-middle attacks. The rules and guidelines defined in [RFC6125] apply here, with the following considerations:

 Support for DNS-ID identifier type (that is, the dNSName identity
 in the subjectAltName extension) is REQUIRED in rpki-rtr server
 and client implementations which use TLS.  Certification
 authorities which issue rpki-rtr server certificates MUST support
 the DNS-ID identifier type, and the DNS-ID identifier type MUST

be present in rpki-rtr server certificates.

 DNS names in rpki-rtr server certificates SHOULD NOT contain the
 wildcard character "*".

 rpki-rtr implementations which use TLS MUST NOT use CN-ID
 identifiers; a CN field may be present in the server

certificate's subject name, but MUST NOT be used for authentication within the rules described in [RFC6125].

The only thing missing from the above is explicit mentioning that SRV-ID and URI-ID are not used. (I think the same should apply to your document.)