RPKI deployment is hindered by “benign conflicts” between BGP announcements and ROAs: although technically invalid under RPKI validation, these conflicts correspond to legitimate, operational routes—enforcing strict ROV would cause traffic loss and revenue decline, thereby discouraging adoption. This paper proposes LOV, the first mechanism enabling automatic identification and distributed whitelisting of benign conflicts at Internet scale. Its contributions are twofold: (1) a lightweight validation logic derived from empirical BGP stream analysis and conflict pattern modeling; and (2) an AS-level collaborative distribution architecture balancing scalability with operational deployability. A six-month measurement study on live infrastructure demonstrates that LOV successfully identified and whitelisted 52,846 benign-conflict routes, preventing erroneous filtering of legitimate traffic and establishing a critical bridge between security enforcement and economic incentives.

The long history of misconfigurations and errors in RPKI indicates that they cannot be easily avoided and will most probably persist also in the future. These errors create conflicts between BGP announcements and their covering ROAs, causing the RPKI validation to result in status invalid. Networks that enforce RPKI filtering with Route Origin Validation (ROV) would block such conflicting BGP announcements and as a result lose traffic from the corresponding origins. Since the business incentives of networks are tightly coupled with the traffic they relay, filtering legitimate traffic leads to a loss of revenue, reducing the motivation to filter invalid announcements with ROV. In this work, we introduce a new mechanism, LOV, designed for whitelisting benign conflicts on an Internet scale. The resulting whitelist is made available to RPKI supporting ASes to avoid filtering RPKI-invalid but benign routes. Saving legitimate traffic resolves one main obstacle towards RPKI deployment. We measure live BGP updates using LOV during a period of half a year and whitelist 52,846 routes with benign origin errors.