That was what I was suggesting in my previous email, you can issue
signed material (similar to ROAs for ASNs) using RPKI certs that ties
the prefixes allocated from RIRs to the RLOCs you select. The issue
here is if this is an off-line or on-line (inside lisp??) exchange.
You need to approach it from the EID and not from the RLOC; show that
the ETR can speak for the EID prefix. Hence with a PKI approach you´d
need to build a certificate infrastrure based on the delegation of the
EID prefixes.
If EID assignment is rooted at the RIRs and if the RIRs participate in
the authorization system (which one might imagine that must for the "normal",
BGP-based global routing system to work), then this should fall out
naturally.