(where a lot of IPs changed their AS from IANA to Digital Ocean)

A couple of minor notes regarding ASNs:

1) many IPs fall under a hierarchy of ASs where a large core-network provider (e.g. Level3) advertises a block and a second client leaf-AS advertises a sub- block. Sometimes the core AS advertises the smaller blocks though that has diminished with the CIDR route consolidation initiative. Also some ASs advertise bocks and sub-blocks. This shows up often with the CYMRU lookup data

dig +short D.C.B.A.origin.asn.cymru.com txt

and DNS will rotate the multiple advertisements, so one should sort the list by CIDR size and select the smallest block (i.e. largest CIDR "/" value). Possibly MaxMind takes care of all this in their data.

2) one can likely ignore AS changes when the IP has not changed, thus avoiding problems caused by network restructuring

3) perhaps many dynamic allocations where the IP changes to different AS can be detected by examining the AS owner identifiers and looking for a match

I agree guards are special and perhaps should not be allowed to change ASs at all without loosing the flag, maybe even should stay glued to one IP to avoid any failed client connections and the negative impact that may have on anonymity.

It seems reasonable to allow dynamic-IP middle and exit relays.