It solves a class of hijacks, where an autonomous system announces a prefix it is not authorized to announce. This is typically the operator error use case or uneducated bad actor use case. What it does not cover is if an autonomous system crafts an announcement containing the valid origin autonomous system in which case you would need a mechanism to validate the entire AS_PATH itself. ROA is only concerned about the origin in the AS_PATH.