I don't know why it's so hard for you to understand this. /40 can be allocated to many /48s. Make full use of the IP space. Any situation is possible. Let everyone manage their own information. Why make each LIR do it? Since you are allowed to manage ROA yourself, why not allow you to manage RPKI yourself?
What I mean is to popularize security. For example, SSL certificates were sold at high prices before, but now almost everyone can use SSL certificates for free and they can be automated. Does RPKI have to be manually operated by LIR every time? 
This is like you authorize someone to use your house. You must give the key to the guest so that they can manage the security themselves, right? Do you have to ask the landlord to open the door every time? Is this necessary?
 
 
 
From: Gert Doering <gert@space.net>
To: "xiaoyu.net" <yon@xiaoyu.net>
Cc: manrs-community@elists.manrs.org
Date: Wed, 13 Nov 2024 21:10:03 +0100
Subject: Re: [manrs-community] Implementing Decentralized RPKI with Blockchain Technology
 
Hi,

On Thu, Nov 14, 2024 at 12:50:54AM +0800, xiaoyu.net via Manrs-community wrote:
> I don't agree with this view. For example, a /40 ipv6 address block is
> assigned to a person who has no connection with the LIR. Submitting RPKI
> settings to the LIR is difficult and impossible to keep up to date. Because
> updating and setting up RPKI for a large number of IPv6 prefixes to LIR is a
> very heavy task. What I mean is that the person who actually manages the use
> of the IP prefix should be allowed to set up RPKI himself in RIPE.

A /40 IPv6 can be assigned by the RIPE NCC, or by an ISP (acting for
the LIR).  So the chain of assignment is clear, and if the ISP is permitting
independent BGP announcement of said /40, they can do the RPKI ROA just
fine ("two clicks in the RIPE LIR portal") - and if not, it's their
decision to not allow that.

If the /40 is coming from the RIPE NCC, the NCC will do RPKI.

Normally the ROA setup is a one-time thing - if you have "a large number
of prefixes" and RPKI changes all the time (making it a "very heavy task"),
it sounds as if you're mostly holding it wrong.

Gert Doering
        -- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG                      Vorstand: Sebastian v. Bomhard, Ingo Lalla,
                                           Karin Schuler, Sebastian Cler
Joseph-Dollinger-Bogen 14        Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen                 HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444         USt-IdNr.: DE813185279

************************************

Our Mail Server Support IPv6 & IPv4

************************************