IP Prefix & BGP Route Lookup - Routing Intelligence

Search for

A prefix lookup examines BGP routing data for any IP block — showing the announcing AS, route paths, origin validation, and routing anomalies. Use rtsak.com to investigate prefix ownership, detect hijacks, and troubleshoot connectivity.

How BGP Routing Works

Border Gateway Protocol (BGP) is how networks share reachability information. When a network announces a prefix, that advertisement propagates globally, telling other networks how to reach those addresses.

BGP routes include:

  • Prefix - The IP address block being announced
  • AS path - The sequence of networks the announcement traversed
  • Origin AS - Which Autonomous System originated the announcement
  • RPKI status - Whether the origin is cryptographically authorized
  • Communities - Tags affecting how other networks treat the route

Why Prefix Origin Matters

IP hijacking occurs when unauthorized networks announce prefixes they don't own. Traffic intended for legitimate destinations gets misdirected — enabling interception, denial of service, or fraud.

Prefix origin validation answers: "Who is supposed to announce this prefix, and does current routing match?"

Validation Data Sources

  • Regional Internet Registry (RIR) allocations - Official IP address assignments
  • Internet Routing Registry (IRR) - Published routing policy and origin ASNs
  • RPKI ROAs - Cryptographically signed origin authorizations
  • Historical routing - Long-term patterns showing established origin

Reading Prefix Results

Authorized origin - The ASN with documented rights to announce the prefix, from IRR or RPKI data.

Observed origin - ASNs currently announcing the prefix in BGP.

Match status - Whether observed matches authorized. Mismatches warrant investigation.

ROA validity - RPKI status: Valid (matches ROA), Invalid (conflicts with ROA), or Unknown (no ROA exists).

AS path - The sequence of networks the announcement traversed. Different vantage points show different paths — this is normal BGP behavior.

Use Cases

Verify announcements - Confirm your prefixes are visible globally and through expected paths. Misconfiguration can cause partial reachability.

Detect hijacks - Unauthorized announcements create conflicting routes. Prefix lookup shows all origins advertising a prefix.

Path debugging - When traffic takes unexpected paths, examine AS paths to understand routing decisions.

Change validation - After BGP configuration changes, verify routes appear as intended.

Investigating Mismatches

Not every mismatch is malicious. Legitimate causes include:

  • Outdated IRR records after authorized transfers
  • Anycast configurations with multiple legitimate origins
  • Customer prefix announcements by upstream providers
  • Transition periods during network changes

Multiple origins for the same prefix (MOAS) isn't always malicious — legitimate scenarios include anycast, authorized co-hosting, and transitions. Context determines whether MOAS indicates a problem.

→ Look up a prefix on rtsak.com

FAQ

What's an RPKI ROA?
A Route Origin Authorization is a signed statement in the RPKI system declaring which AS is authorized to originate a prefix. It's the strongest form of origin validation.
What does AS path prepending do?
Adding your ASN multiple times to the path makes that route less preferred. It's used to influence inbound traffic engineering.
Why do I see different AS paths from different locations?
BGP routing is distributed. Each network makes independent decisions, so paths vary by vantage point. This is normal.
What causes route flapping?
Unstable links cause rapid route withdrawals and re-announcements. Persistent flapping may trigger route dampening by other networks.
Can I create ROAs for my prefixes?
If you have direct RIR allocation, you can create ROAs through your RIR's portal. If you have provider-assigned space, work with your provider.
How do I report a hijack?
Contact the RIR responsible for the prefix, your upstream providers, and the prefix owner if identifiable. Include evidence from prefix lookup.