BGP Origin-AS Diversion Report

Generated: 2026-05-20T00:54:44.283307+00:00 Latest BGP snapshot: 2026-05-18

Scope

European prefix space: EU-27 + EEA + UK + CH + UA (33 countries)
Russian ASNs (RIR-allocated): 5,747
Sanctioned-entity ASNs (network_attribution): 346
Combined target ASN set: 5,863

Detects origin-AS hijacks only — cases where a Russian/sanctioned ASN announces (as origin) a prefix that RIPE/etc allocated to a European entity. Does NOT detect transit-path manipulation; that requires full AS_PATH from MRT RIBs.

Known false-positive class

Each finding compares the parent RIR allocation country against the origin ASN country. RIPE-allocated blocks are routinely sub-assigned by European LIRs to Russian commercial customers (Virty.io, Selectel, etc.). Those sub-assignments are perfectly legal and announced by Russian ASNs — but they show up here as EU prefix → RU ASN. Before treating any individual finding as a diversion event, verify with RIPE WHOIS on the specific block (whois <prefix> → look for the most-specific inetnum and its country:/org:) and ideally an RPKI ROA check.

Track A v2 TODO: integrate RIPE IRR route: objects and RPKI VRP feed to automatically downgrade RPKI-valid / IRR-authorized announcements.

🔒 Premium brief — request full access

This brief's evidentiary detail, specific targets, and designation recommendations are available to subscribing compliance teams, law firms, and government analysts. The teaser above shows the headline methodology; the full document includes case-number citations, target INNs, SDN-adjacency numbers, and recommended secondary-designation scope.

Email derek.linz@linzalytics.com or click below to request access. Include your organization, role, and intended use.

Request access → See pricing tiers