BGP route origin validation is already partially deployed in the wild, I believe. I recall reading about BGP replacement protocols years back that were being developed to include even stronger route-signing. Once you have that kind of thing in place, you basically have everything you need for a decentralized, origin-focused great firewall, it's just a matter of activating it.
Do you have any links to any material/info on this topic? I'm sure some folks have begun talking about protocols.