>it would be a grave error to issue an IP cert without active insight into BGP

Why? Even regular certs are handed out via IP address.