My1, while I agree that it is potentially harder to verify, perhaps there could be a requirement that a site be visited FROM the IP in question, in order to show control over it. As an example:
My Cisco router is at 1.2.3.4 (theoretically a public routable IP), the CA would tell me to access https://verify.CA.com/randomstring/verify.txt from IP 1.2.3.4 to confirm control. on my Cisco, I would just enter the following command in the CLI:
copy https://verify.CA.com/randomstring/verify.txt verify.txt