It's been a while since I was on the sharp-end of BGP, but there are/were some issues with that. It wasn't so much a router limitation given the route filters would be generated off the router. Not sure if Cisco/Juniper include tools to try and do that automagically now though. But the biggest challenge is assuming there's a reliable route object registered to build filters from. In RIPE-land, or anyone but ARIN, that was vaguely doable. In ARIN-space, often route objects didn't exist, especially for retail users. They often had no idea what a route object was, or how to go about creating one.
But for route filtering to work, it really needs to be applied at the upstream, so-
import: from AS31133 accept ANY
export: to AS31133 announce AS39523
import: from AS3216 accept ANY
export: to AS3216 announce AS39523
So Megafon's one of DV-LINK's upstreams/transit provider, and has a corresponding entry in it's AS object rather than a more specific to only accept DV-LINK's assigned address space. That's the first line of defence against advertising bogus routes from your downstreams. The report doesn't mention the specific routes that were advertised, but if those don't have route objects defined, auto-rule building wouldn't work.
DV-LINK looks like a Russian ISP though, so this may just have been some fat-fingering rather than anything malicious.