But, anyway, it is a hijack by perception: the LIR managing the
prefixes didn't authorize the split announcement. Also, frankly, it's
not really clear if it's an optimizer just *leaking* or that's on
purpose.

Has this route split (not including 25s) been visible globally? Hijacks or simular behavior happening only in scope of certain IXP are undoubtfully problematic in terms of automated issue escalation as IXP members probably had some sort of agreement on traffic engineering and whatever else being used within a limited scope. The 2019-03 is not about having a purpose or not and I highly doubt that it will be possible to define legal matters for hijacks with limited visibility scope as no trusted parties could observe it at a time. Covering all possible misuses of a global routing table certainly seems possible when we are describing global leaks, because everything else is a matter of trusted route propagation and not the application of a policy where trusted actors not always be able detect the problem at all.

tl;dr - don't try to fix all possible leak scenarios with the policy, consider only ones been globally (a bad term, yeah) visible where space owner has a complaint against the leak