ASN / BGP WHOIS Lookup

Q: What is RPKI and why does it matter?

Resource Public Key Infrastructure (RPKI) is a cryptographic framework that lets network operators sign Route Origin Authorizations (ROAs) asserting that their ASN is permitted to announce specific IP prefixes. RPKI-valid routes are less susceptible to BGP hijacking. An ROA Invalid result means the announced prefix does not match any valid ROA — a potential hijack or misconfiguration.

Look up an Autonomous System Number (ASN) to see BGP prefix data, RPKI status, and network registration details.

Run a live ASN lookup from global worker nodes Try ASN lookup on QueryBox →

TL;DR

An ASN lookup queries the RIR WHOIS database for an Autonomous System Number and returns the organisation, registered prefixes, and RPKI validation status. It answers: who controls this part of the internet's routing table, and are their routes cryptographically signed?

What it is

The internet is not a single network. It is a mesh of thousands of independently managed networks called Autonomous Systems (ASes). Each AS gets a unique number — an Autonomous System Number (ASN) — and connects to others by exchanging routing information using BGP (Border Gateway Protocol).

When your traffic travels across the internet, it passes through a sequence of these autonomous systems. Each hop announces reachability to IP prefixes. An ASN lookup reveals the network at the other end of a traceroute, the operator behind an IP block, and whether their routing announcements are authorised via RPKI.

How it works

ASNs are allocated by RIRs (ARIN, RIPE, APNIC, LACNIC, AFRINIC) in the same way IP address blocks are. Each RIR maintains WHOIS and RDAP records for the ASNs it has issued. An ASN lookup:

Queries the responsible RIR (determined by the ASN range or by bootstrapping from RDAP)
Returns the registration record: organisation, abuse contacts, description, and status
Queries a BGP route collector (e.g. RIPE RIS, RouteViews) to enumerate prefixes the ASN currently announces
Checks RPKI validity for each announced prefix: Valid, Invalid, or NotFound

When to use it

Identify who operates a network that appears in traceroute output
Enumerate all IP prefixes belonging to a provider or organisation
Check RPKI coverage and validity for a network
Investigate an IP involved in an attack or abuse
Understand peering and transit relationships by inspecting AS paths
Validate that your own ASN's route announcements have valid ROAs
Research ISP or CDN infrastructure topology

Running it on networktoolkit.io

Select asn_whois, enter an ASN (e.g. AS15169) or an IP address to find its ASN, and the lookup runs from each of our distributed workers against both RIR WHOIS and live BGP data. Sample output:

Query: AS15169

RIR:      ARIN
Handle:   AS15169
Name:     GOOGLE
Org:      Google LLC
Country:  US
Abuse:    network-abuse@google.com

BGP prefixes announced (sample):
  8.8.8.0/24            RPKI: Valid
  8.8.4.0/24            RPKI: Valid
  2001:4860::/32        RPKI: Valid
  64.233.160.0/19       RPKI: Valid
  216.58.192.0/19       RPKI: Valid
  ... (900+ total prefixes)

RPKI summary:
  Valid:    897
  Invalid:    0
  NotFound:   6

To look up the ASN for an IP address:

Query: 1.1.1.1

Origin ASN:  AS13335
Name:        CLOUDFLARENET
Prefix:      1.1.1.0/24
RPKI:        Valid (ROA: AS13335 → 1.1.1.0/24, maxLength /24)

Reading the results

Field	Meaning
Handle	The ASN in canonical form (e.g. `AS15169`)
Name / Org	The organisation registered as the ASN holder at the RIR
Prefixes announced	IP prefixes currently visible in global BGP tables from this ASN
RPKI: Valid	A valid ROA exists authorising this ASN to announce this prefix
RPKI: Invalid	A ROA exists but the ASN or prefix length does not match — possible hijack or misconfiguration
RPKI: NotFound	No ROA covers this prefix — route is unprotected but not necessarily wrong
Origin ASN	The ASN at the end of the AS path, where the prefix originates

RPKI validation

Resource Public Key Infrastructure (RPKI) is the system that lets network operators cryptographically sign Route Origin Authorizations (ROAs) — records that say "ASN X is authorised to announce prefix Y up to length /Z". Routers running RPKI validation can reject Invalid routes.

RPKI adoption is growing but not universal. A NotFound status means the prefix has no ROA, which is the default state for older or smaller networks — it does not mean the route is hijacked. RPKI Invalid is the warning sign: a mismatch between an existing ROA and what is being announced.

Limitations & gotchas

BGP data is a snapshot. The routing table changes continuously. Prefix counts and RPKI results reflect the moment of the query.
BGP hijacks are rare but real. Even with RPKI, not all networks enforce it. An Invalid RPKI status does not guarantee traffic is being redirected — most routers still accept it.
ASN consolidation. After acquisitions, an organisation may operate several ASNs. All may appear in traceroutes even though the same company owns them.
Private ASNs (64512–65534, 4200000000–4294967294) are used internally and do not appear in global routing tables. You may see them in private peering or lab environments.
AS paths can be prepended. Some network operators prepend their own ASN multiple times in the AS path to influence route selection. This affects path length but not the origin AS.

Standards & references

RFC 4271 — BGP-4
RFC 6480 — RPKI Architecture
RFC 6482 — Route Origin Authorizations (ROAs)
RFC 6996 — Autonomous System (AS) Reservation for Private Use
RIPE Routing Information Service (RIS)
University of Oregon Route Views Project

FAQ

What is the difference between IP WHOIS and ASN WHOIS?

IP WHOIS queries a specific address or prefix and returns its allocation details from the responsible RIR. ASN WHOIS queries an Autonomous System Number and returns details about the organisation that operates it, including all prefixes it has registered to announce. An IP lookup may return the ASN; an ASN lookup returns the broader network context.

Can one organisation have multiple ASNs?

Yes. Large organisations often hold multiple ASNs for different regions, business units, or historical acquisitions. Cloud providers and telecoms may operate dozens. The ASN structure is about routing policy, not organisational unity.

What is RPKI and why does it matter?

RPKI lets network operators cryptographically sign Route Origin Authorizations (ROAs) asserting that their ASN is permitted to announce specific IP prefixes. RPKI-valid routes are less susceptible to BGP hijacking. RPKI Invalid means the announced prefix does not match any valid ROA — a potential hijack or misconfiguration.

What is BGP hijacking?

BGP hijacking occurs when an ASN announces IP prefixes it does not own or is not authorised to route. Because BGP was designed without authentication, rogue announcements can propagate globally and redirect traffic. RPKI is the primary defence.

What is an origin ASN?

The origin AS is the last ASN in the AS Path attribute of a BGP route — the ASN that originally announced the prefix into the routing table. It should match the network registered in WHOIS, and ideally has a valid RPKI ROA.