eventually, the rpki will give you the first half, authentication of the owner of the ip space. this leaves, as smb hinted, securing the request path from the black-hole requestor to the service and of the service to the users.
smb: > You can't do this without authoritative knowledge of exactly who > owns any prefix; you also have to be able to authenticate the > request to blackhole it. Those two points are *hard*. randy
