Hi! I know a little about RPKI, but do not operate a network so I am in theoretical land here. I also reviewed the mail list traffic related to this I-D.

Since this is an I-D and I'm supposed to comment, I wracked my brain and came up with nothing security-related. To me, it seems that the recommendation to configure your ROAs so that they align exactly with your BGP announcements seems pretty reasonable. Obviously, the more you tighten the screws the more operation impacts there are, but the I-D addresses some of those impacts.