We can aggregate all of 202.32/16, but we either have to lie to the NSF and claim all customers in that block are AUP compliant or all the customers in that block can't get to the NSFnet. Actually, the best way to get another AS and split your aggregations that way.
There's no need to get another AS for this since the NSFnet does not care about ASes in this context - just use different CIDR blocks. But what happens when the NSFnet turns down a customer's request for AUP compliant access after we've allocated the address from the compliant block (hey, it could happen :-))? Or if the customer changes his mind and goes from compliant to non-compliant? We're going to tell him "renumber" - pretty good incentive to keep people AUP compliant (at least saying they are AUP compliant), no?
Use AS to define policy.
IIJ does. We have a single policy and with a single AS. The problem is that the biggest (?) network is interested in individual routes, not ASes. Of course, the NSF could de-aggregate all incoming CIDR blocks, then filter - after all, they're the ones who care :-) Thanks, -drc