when there is no roa for the arriving prefix, a roa for the covering prefix is used. see draft-pmohapat-sidr-pfx-validate-07.txt. Ahh, very good. I think that was the only concern. Presumably that would invalidate the route and it would be discarded vs deprefed.
well, i am not sure you want to discard it. this is where the op has to make a decision. in a world of partial deployment and ops and customers still learning how to deal with this stuff, should it be discarded? again from draft-ietf-sidr-rpki-origin-ops-04.txt Local policy using relative preference is suggested to manage the uncertainty associated with a system in flux, applying local policy to eliminate the threat of unroutability of prefixes due to ill- advised certification policies and/or incorrect certification data. E.g. until the community feels comfortable relying on RPKI data, routing on Invalid origin validity, though at a low preference, will likely be prevalent for a long time. but you configure your routers as you think best. randy