ASN Prefixes
developer/v1/network/asn/prefixesReturns all IPv4 and IPv6 prefixes announced by a given Autonomous System Number (ASN) via BGP, with per-prefix RPKI Route Origin Validation status (valid/invalid/unknown — RFC 6811), announcement timelines (first_seen / last_seen), name, description, calculated IP count, and total IP space (with BigInt-serialized IPv6 totals). Data sourced from the RIPEstat Data API's live BGP routing tables and RPKI validator per RFC 4271 (BGP-4).
What It Does
Queries the RIPEstat Data API to retrieve all IP prefixes currently announced by the specified ASN in the global BGP routing table, then validates each prefix against published Route Origin Authorizations. Returns IPv4 prefixes with CIDR notation, IP count (calculated as 2^(32-prefix_length)), name, description, `first_seen` / `last_seen` timestamps from the RIPEstat timeline, and `rpki` status. IPv6 prefixes include the same fields plus `total_ips_v6` as a decimal string (totals routinely overflow JS Number.MAX_SAFE_INTEGER). Also provides aggregate counts and total IPv4 address space. RPKI checks run with parallel concurrency-capped lookups; results are cached for 1 hour.
Why It's Useful
Understanding the full IP footprint of an autonomous system is critical for security operations, threat intelligence, and network planning. Per-prefix RPKI status turns this into a hijack-and-leak detector — a prefix announced by an unauthorized AS is the canonical machine-readable signal of route hijacking (RFC 6811). Combined with `first_seen`/`last_seen` announcement timelines, the data needed for hijack alerting is in one response. Enables comprehensive blocklisting/allowlisting at the ASN level, attack surface enumeration, vendor IP space auditing, and peering capacity assessment. See RFC 6811 (BGP Prefix Origin Validation) and RFC 7908 (Route Leak Classification).
Use Cases
Threat Infrastructure Mapping
Given a malicious IP, look up its ASN and then enumerate all prefixes to identify the full scope of potentially hostile infrastructure. Cross-reference with other threat feeds to build comprehensive blocklists at the AS level.
Complete ASN-level blocklisting based on threat intelligence, covering all IP ranges an adversary controls.
Dynamic Firewall Allowlisting
Build firewall allowlists based on a vendor's ASN prefixes (e.g., AS16509 for AWS, AS13335 for Cloudflare) rather than maintaining static IP lists that go stale.
Self-updating, maintainable allowlists that automatically adapt to BGP prefix changes without manual intervention.
Attack Surface Assessment
Enumerate all externally-routed IP prefixes for an organization's ASN to map the complete attack surface. Identify forgotten subnets, shadow IT, and infrastructure outside the scope of existing security controls.
Comprehensive external attack surface discovery backed by authoritative BGP routing data.
Parameters
| Name | Type | Required | Description |
|---|---|---|---|
asn | string | Required | The Autonomous System Number (with or without "AS" prefix, e.g., "13335" or "AS13335")Example: 13335 |
Response Fields
| Field | Type | Description |
|---|---|---|
asn | number | The queried ASN |
prefixes_v4 | array | IPv4 prefixes: prefix (CIDR), ip_count, name, description |
prefixes_v4[].prefix | string | IPv4 prefix in CIDR notation (e.g., 104.16.0.0/13) |
prefixes_v4[].ip_count | number | Number of IP addresses in this prefix (2^(32-prefix_length)) |
prefixes_v4[].name | string | Prefix name from routing registry |
prefixes_v4[].description | string | Prefix description from AS holder info |
prefixes_v4[].first_seen | string | ISO timestamp of the earliest BGP announcement on record (RIPEstat timeline). Hijack/leak indicator when recent. |
prefixes_v4[].last_seen | string | ISO timestamp of the most recent BGP announcement record |
prefixes_v4[].rpki | string | RPKI Route Origin Validation status for this prefix: valid, invalid, or unknown (RFC 6811) |
prefixes_v6 | array | IPv6 prefixes: prefix (CIDR), name, description, first_seen, last_seen, rpki |
prefixes_v6[].rpki | string | RPKI status for this IPv6 prefix |
total_prefixes_v4 | number | Total number of IPv4 prefixes announced |
total_prefixes_v6 | number | Total number of IPv6 prefixes announced |
total_ips | number | Estimated total IPv4 addresses across all prefixes |
total_ips_v6 | string | Total IPv6 addresses across all IPv6 prefixes (BigInt-serialized as a decimal string — totals routinely exceed JS Number.MAX_SAFE_INTEGER) |
rpki_coverage.checked | number | How many of the announced prefixes had their RPKI status fetched fresh in this response. Capped at 100 per call. |
rpki_coverage.total | number | Total announced prefixes (v4 + v6). |
rpki_coverage.capped | boolean | True when the per-request RPKI check cap was hit. Uncovered prefixes show `rpki: "unknown"` and will be checked on subsequent calls as the 1-hour cache warms up. |
Code Examples
curl "https://api.edgedns.dev/v1/network/asn/prefixes" \
-H "Authorization: Bearer YOUR_API_KEY" \
-d "asn=13335"const response = await fetch(
'https://api.edgedns.dev/v1/network/asn/prefixes?asn=13335',
{
headers: {
'Authorization': 'Bearer YOUR_API_KEY'
}
}
);
const data = await response.json();
console.log(data);import requests
response = requests.get(
'https://api.edgedns.dev/v1/network/asn/prefixes',
headers={'Authorization': 'Bearer YOUR_API_KEY'},
params={
'asn': '13335'
}
)
data = response.json()
print(data)Read the full ASN Prefixes guide
Why it matters, real-world use cases, parameters, response fields, and how to call it from Claude, ChatGPT, or Gemini via MCP.
Read the guide →Related Endpoints
External References
Learn more about the standards and protocols behind this endpoint.
Try This Endpoint
Test the ASN Prefixes endpoint live in the playground.