A new brief on Linzalytics documents 1,163 candidate /24-class prefixes where the BGP origin AS, the RIR-allocated prefix, the RPKI ROA, and the IRR route object all present as non-Russian, while the more-specific RIPE WHOIS inetnum (netname, maintainer, descr, org) identifies the operator as Russian. The candidates concentrate under a small set of ASes including Timeweb's Kazakhstan-allocated AS210976 (274 prefixes, allocated April 2025), OFAC-sanctioned AEZA's AS210644 (216 prefixes still announced eleven months after designation), and UK-, Serbian-, French-, and Dutch-allocated ASes carrying Russian sub-tenants.
For compliance and sanctions analysts, the practical consequence is that a screening workflow keyed on origin-AS country, prefix-country, RPKI validity, or IRR authorization will return clean at every layer for this infrastructure. Only a per-prefix lookup of the more-specific inetnum surfaces the Russian operator. The Timeweb KZ-AS allocation three years into the sanctions regime, and the survival of AEZA's EU-registered prefix layer after OFAC designation, are both visible in the data and have direct implications for how prefix-level due diligence and post-designation enforcement need to be structured.
The full brief is at /intel/bgp-jurisdiction-laundering.html. It includes the per-AS operator attribution table, the operator-jurisdiction × prefix-country flow counts, the three-vantage live-traffic classification separating active Russian-language operations from parked, legally-blocked, and dormant address space, and the Timeweb and AEZA case studies in full.