RPKI Validator

Check if a BGP route announcement is authorised via RPKI. Validate prefix and origin AS against published Route Origin Authorisations (ROAs).

This tool is provided as a best-effort diagnostic aid. Results should be verified at the authoritative source before acting on them. This check runs from our infrastructure and may log queried information to improve accuracy and availability. Logs are retained for a short period and are not used for marketing.

Try:

What is RPKI?

Resource Public Key Infrastructure (RPKI) is a security framework for BGP that allows network operators to cryptographically prove they are authorised to announce specific IP prefixes. This prevents BGP hijacking, where an unauthorised network announces someone else's IP space.

Valid

A ROA exists and the prefix + origin AS match. The route is authorised.

Invalid

A ROA exists but the origin AS or prefix length does not match. The route may be hijacked.

Not Found

No ROA covers this prefix. RPKI validation cannot confirm or deny the route.

Related Tools

Looking GlassRun BGP lookups and traceroutesSubnet CalculatorCalculate CIDR notation and IP rangesWHOIS LookupCheck IP and ASN registration detailsDNSSEC ValidatorValidate DNSSEC configuration for domains

Why RPKI Matters

BGP was designed without built-in security, meaning any network can announce any prefix. RPKI adds a layer of cryptographic verification so that ISPs and networks can filter invalid route announcements. If your prefixes are covered by ROAs and your upstream providers enforce RPKI validation, your IP space is protected from accidental or malicious hijacking.

How This Tool Works

This tool queries our local RPKI validator (Routinator) which synchronises with all five Regional Internet Registry (RIR) trust anchors: APNIC, RIPE NCC, ARIN, AFRINIC, and LACNIC. The validator maintains a complete set of validated ROA payloads (VRPs) and checks your query against them in real time.