This document defines a profile of the Cryptographic Message Syntax
(CMS) signed-data object for use with the Resource Public Key
Infrastructure (RPKI).

I find Security Considerations section to be reasonable; it describes
the expected security properties of RPKI signed objects (including a
lack of confidentiality), and rightfully defers to the CMS
specification for additional security considerations.

Someone more familiar with CMS than I am should check whether the
structure version numbers correspond to those specified in RFC 5652;
they appear correct to me, though.