ASN Prefixes: a beginner's guide
Get all IPv4/IPv6 prefixes announced by an ASN
ASN prefixes: the full list of IP addresses a network owns
An ASN prefix is one of the IP address blocks (in CIDR notation, like `1.1.1.0/24`) that an Autonomous System Number announces as belonging to its network. Every ASN on the internet typically owns dozens or hundreds of these prefixes. The full list is what gets exchanged through the BGP (Border Gateway Protocol) routing system, and it is the basis for how internet traffic actually finds its way from one network to another. When a packet for `1.1.1.1` leaves your computer, every router it passes consults its BGP table, finds the prefix `1.1.1.0/24` belongs to AS13335 (Cloudflare), and forwards the packet toward the next-hop router that announced that prefix.
You should care because ASN prefixes are how you build precise allowlists, blocklists, and routing decisions at the network level. If your security policy says "only allow traffic from AWS," you need the full list of AWS-owned prefixes to translate that policy into a firewall rule. If you want to identify all the IP addresses your competitor's hosting provider runs, you start with their ASN and pull every prefix. If you need to write a routing policy that prefers one peering relationship over another, you need to know which prefixes each ASN announces.
The five things every ASN prefix lookup returns:
The IPv4 prefixes. A list of CIDR blocks like `1.1.1.0/24`, `1.0.0.0/24`, `104.16.0.0/12`.
The IPv6 prefixes. A separate list for IPv6, like `2606:4700::/32`.
The total address count. A `/24` is 256 addresses, a `/16` is 65,536, a `/12` is over a million. This adds up fast.
Recently announced prefixes. Prefixes that started being announced in the last few days are sometimes a sign of a new deployment or a hijack.
Withdrawn prefixes. Prefixes that used to be announced but no longer are — useful for forensics.
Three questions an ASN prefixes lookup answers:
What is the complete list of IP addresses owned by this network?
Is this prefix legitimately announced by the right ASN, or is it being hijacked?
For a firewall allowlist, what is the smallest set of CIDR blocks that covers all of this provider's traffic?
The cost of guessing prefix ownership is firewall rules built on incomplete data. The fix is to query the routing data directly. The most useful public source is bgp.he.net, which exposes per-ASN prefix lists and historical data for free. For automated workflows, the regional internet registries (ARIN, RIPE, APNIC, LACNIC, AFRINIC) all publish daily snapshots.
The ASN Prefixes endpoint, in plain language
In one sentence: Get all IPv4/IPv6 prefixes announced by an [ASN (Autonomous System Number)](/guides/network-asn)
Returns all IPv4 (Internet Protocol version 4) and IPv6 (Internet Protocol version 6) prefixes announced by a given Autonomous System Number (ASN) via BGP. Includes prefix CIDR (Classless Inter-Domain Routing), name, description, country code, calculated IP (Internet Protocol address) count per prefix, and total IP space. Data sourced from the RIPEstat Data API (Application Programming Interface)'s live BGP routing tables per the official internet standard (BGP-4).
Don't worry if some of the words above are still unfamiliar — there's a plain-language glossary at the bottom of this page, and most of the terms link to their own beginner guides if you want to learn more.
What is actually happening when you call it
Here's what's actually happening behind the scenes when you call this endpoint:
Queries the RIPEstat Data API (Application Programming Interface) to retrieve all IP (Internet Protocol address) prefixes currently announced by the specified ASN (Autonomous System Number) in the global BGP routing table. Returns IPv4 (Internet Protocol version 4) prefixes with CIDR (Classless Inter-Domain Routing) notation, IP count (calculated as 2^(32-prefix_length)), name, description, and country code. IPv6 (Internet Protocol version 6) prefixes include CIDR, name, description, and country code. Also provides aggregate totals of prefixes and estimated total IPv4 addresses. Results are cached for 1 hour since BGP prefix changes are infrequent.
If you're using an AI assistant through MCP, you don't need to understand any of the technical details — the assistant calls the tool and translates the result for you.
Why this specific tool matters
Let's skip the marketing fluff and answer the only question that actually matters: why should you, a real human with a real to-do list, care about the ASN Prefixes tool? Here's the plain-English version, written the way you'd hear it from a friend who happens to do this for a living.
Understanding the full IP (Internet Protocol address) footprint of an autonomous system is critical for security operations, threat intelligence, and network planning. It enables comprehensive blocklisting/allowlisting at the ASN (Autonomous System Number) level, attack surface enumeration, vendor IP space auditing, and peering capacity assessment. This is the foundation of ASN-based security intelligence — knowing every IP range an organization controls. See the official internet standard (BGP Prefix Origin Validation) and the official internet standard (Route Leak Classification) for related security standards.
Picture this in real life. Imagine a threat analyst. Here's the situation they're walking into: Given a malicious IP (Internet Protocol address), look up its ASN (Autonomous System Number) and then enumerate all prefixes to identify the full scope of potentially hostile infrastructure. Cross-reference with other threat feeds to build comprehensive blocklists at the AS level. Without the right tool, that person would be stuck copy-pasting between five browser tabs, reading documentation written for engineers, and crossing their fingers that the answer they cobble together is correct. With the ASN Prefixes tool, the same person gets a clear answer in seconds — no spreadsheets, no guessing, no waiting for someone on the infrastructure team to free up.
Three questions this tool answers in plain English. If any of these have ever crossed your mind, the ASN Prefixes tool is built for you:
Where in the world is this server actually located, and who runs the network it sits on?
How fast does traffic move between my users and my service?
Is the IP address I am looking at part of a residential network, a data center, or something suspicious?
You can either click the tool and get the answer yourself, or ask your AI assistant — connected through MCP (Model Context Protocol) — to ask the question for you and translate the answer into something you can paste into Slack.
Who gets the most out of this. Network engineers, IT admins, sales teams qualifying enterprise prospects, and product teams building geo-personalization or fraud rules. If you see yourself in that list, this is one of the EdgeDNS tools you should bookmark today.
What happens if you skip this entirely. Skip it and you can't tell where your users actually are, who runs the network they're on, or why they're seeing slow page loads. That's why running this check — even once a month — is one of the cheapest forms of insurance you can give your domain.
Available on the developer plan. The technical details: `GET /v1/network/asn/prefixes`.
When would I actually use this?
If you're still on the fence about whether the ASN Prefixes tool belongs in your toolbox, this section is for you. Below you'll meet three real people — a threat analyst, a security engineer, and a penetration tester — facing three real situations where this tool turns a stressful afternoon into a five-minute task. Read whichever story sounds closest to your week.
Story 1: Threat Infrastructure Mapping
Imagine you're a threat analyst. Given a malicious IP (Internet Protocol address), look up its ASN (Autonomous System Number) and then enumerate all prefixes to identify the full scope of potentially hostile infrastructure. Cross-reference with other threat feeds to build comprehensive blocklists at the AS level.
Why it matters: Complete ASN-level blocklisting based on threat intelligence, covering all IP (Internet Protocol address) ranges an adversary controls.
Story 2: Dynamic Firewall Allowlisting
Imagine you're a security engineer. Build firewall allowlists based on a vendor's ASN (Autonomous System Number) prefixes (e.g., AS16509 for AWS, AS13335 for Cloudflare) rather than maintaining static IP (Internet Protocol address) lists that go stale.
Why it matters: Self-updating, maintainable allowlists that automatically adapt to BGP prefix changes without manual intervention.
Story 3: Attack Surface Assessment
Imagine you're a penetration tester. Enumerate all externally-routed IP (Internet Protocol address) prefixes for an organization's ASN (Autonomous System Number) to map the complete attack surface. Identify forgotten subnets, shadow IT, and infrastructure outside the scope of existing security controls.
Why it matters: Comprehensive external attack surface discovery backed by authoritative BGP routing data.
Common situations across teams. Beyond the three stories above, here are the everyday workplace moments when people across the company reach for the ASN Prefixes tool — or one of the tools right next to it in this category. If any of these are on your calendar this month, that's your sign:
When a customer reports that your site is slow specifically from their region.
When you need to know whether traffic is coming from a residential network or a data center.
When planning a CDN, points of presence, or geographic expansion.
During an outage, to see exactly where in the route packets are getting lost.
If you can see yourself in even one of those bullets, the ASN Prefixes tool will pay for itself the first time you use it.
Still not sure? Here's the easiest test in the world. Open Claude, ChatGPT, Gemini, or any other AI assistant connected to the EdgeDNS MCP server and ask, in your own words: "Is the ASN Prefixes tool useful for my job?" The assistant will look at the tool, ask you a couple of follow-up questions about what you're trying to accomplish, and give you a straight answer in plain English. No commitment, no signup forms, no jargon.
The easiest way: just ask your AI assistant
If you've connected the EdgeDNS MCP server to Claude, ChatGPT, Gemini, Cursor, or any other AI assistant, you don't need to write any code. Just ask in plain English:
"Use the ASN Prefixes tool to check example.com and explain anything that looks wrong in plain language."
The AI will figure out which tool to call, fill in the right parameters, run it, and then explain the result back to you. No copy-pasting between tabs. No reading raw JSON. No memorizing endpoint names.
MCP (Model Context Protocol) access is free on every plan, including the free tier. One API key works for both REST and AI — you do not have to choose.
The technical way: call it from code
If you're a developer and want to call the endpoint from a script or your own application, here's the simplest possible example. Replace the placeholder API key with the real one from your dashboard.
# Replace edns_live_YOUR_KEY with your real API key from the dashboard
curl -H "Authorization: Bearer edns_live_YOUR_KEY" \
"https://api.edgedns.dev/v1/network/asn/prefixes?asn=13335"What you need to provide
There's just one piece of information you need to provide. The table below explains exactly what it is and what a real value looks like.
| Field | Type | Required? | What it means | Example |
|---|---|---|---|---|
asn | string | Yes | The Autonomous System Number (with or without "AS" prefix, e.g., "13335" or "AS13335") | 13335 |
What you get back
When you call this tool, you'll get back a JSON object with the fields below. If you're talking to it through an AI assistant, the assistant reads these for you and explains them in plain language — you don't need to memorize them.
| Field | Type | What you'll see in it |
|---|---|---|
asn | number | The queried ASN (Autonomous System Number) |
prefixes_v4 | array | IPv4 (Internet Protocol version 4) prefixes: prefix (CIDR (Classless Inter-Domain Routing)), ip_count, name, description |
prefixes_v4[].prefix | string | IPv4 (Internet Protocol version 4) prefix in CIDR (Classless Inter-Domain Routing) notation (e.g., 104.16.0.0/13) |
prefixes_v4[].ip_count | number | Number of IP (Internet Protocol address) addresses in this prefix (2^(32-prefix_length)) |
prefixes_v4[].name | string | Prefix name from routing registry |
prefixes_v4[].description | string | Prefix description from AS holder info |
prefixes_v6 | array | IPv6 (Internet Protocol version 6) prefixes: prefix (CIDR (Classless Inter-Domain Routing)), name, description |
total_prefixes_v4 | number | Total number of IPv4 (Internet Protocol version 4) prefixes announced |
total_prefixes_v6 | number | Total number of IPv6 (Internet Protocol version 6) prefixes announced |
total_ips | number | Estimated total IPv4 (Internet Protocol version 4) addresses across all prefixes |
Words you might be wondering about
If any words on this page felt like jargon, here's a plain-language version. Click any linked term to read a full beginner-friendly guide.
IP (Internet Protocol address) — A unique number that identifies a computer on the internet, like a phone number for a server.
API (Application Programming Interface) — A way for one program to ask another program for something — like a waiter taking your order to the kitchen.
ASN (Autonomous System Number) — A unique number assigned to a big network operator (like an ISP or cloud provider). Tells you who owns a chunk of the internet.
CIDR (Classless Inter-Domain Routing) — A shorthand way of describing a range of IP addresses, like 192.168.1.0/24. The number after the slash says how many addresses are in the range.
IPv4 (Internet Protocol version 4) — The original kind of internet address — four numbers separated by dots, like 203.0.113.10. The internet has run out of new ones, which is why IPv6 exists.
IPv6 (Internet Protocol version 6) — The newer, longer kind of internet address. Looks like 2001:0db8:85a3::8a2e:0370:7334. Designed because the world ran out of IPv4 addresses.
RFC (Request for Comments) — The official internet standards documents. When someone says 'RFC 8484' they mean a specific numbered standards document — in that case, the one defining DNS over HTTPS.
Need Programmatic Access?
Automate domain intelligence with 100+ API endpoints and a free MCP server for AI integration.