How should Unknown/Not Found ROA validation statuses be handled in typical policy?

Unknown/Not Found ROA validation status means there is no ROA entry for the given prefix and origin AS in the RPKI data. Because there’s no proof of authorization, you can’t assume it’s legitimate or illegitimate. The right approach is to follow your established policy, which typically allows handling unknowns by either accepting with caution (monitoring, tagging, or applying stricter filtering) or rejecting the route. This avoids blindly trusting unknown routes or treating them as definitively valid. The other options force a single, absolute stance—always reject, always accept, or automatically convert to valid—that doesn’t reflect the uncertainty inherent in an unknown ROA status and can lead to security or connectivity problems.