Strict CSP policy, which should allow to load scripts from origin and execute all hashed inline scripts with hashes and SRI and it works (but not for FireFox - throw it out)!

default-src 'self'; script-src 'self' 'sha256-njl7zxiKalRhsBLsWOUobG2Oj/tPLHj1uypL4dOi1K8=' 'sha256-EeTNsJLV3kvLLMz7pxGfvh9u0JY8icKG5KjWnb8IZbQ=' 'sha256-aPK+M1Ic/YyssLh6WKqbat5IIKD6wwh/hyWW5D53D9k=' 'strict-dynamic' 'unsafe-inline';

Tip: Open DevTools on the Console tab

CSP with inline script hashes page
Simple CSP policy page

Demo

inline script disabled
/root-script.js disabled
/folder/non-root-script.js disabled