You can now see at a glance whether an IP address’s route announcement has been validated against RPKI. Look for the checkmark next to the ASN information on any IP lookup page.
This helps you quickly identify whether a route origin has been cryptographically verified, adding another layer of insight when investigating IP addresses.
Checking RPKI status for the ASN/prefix combination associated with each IP
- Displaying a validation indicator (the checkmark or “valid” label) on the IP lookup page
- Making it visible at a glance — users don’t need to go to a separate RPKI validator tool
104.21.0.1 | San Francisco, AS13335, & VPN Not Detected - IPinfo.io
104.21.0.0/20 IP range details - IPinfo.io
AS13335 Cloudflare, Inc. details - IPinfo.io
What is RPKI?
RPKI (Resource Public Key Infrastructure) is a security framework that helps prevent route hijacking on the Internet.
Imagine the internet is a giant postal system. Every network is like a post office, and IP addresses are like street addresses. When you send a letter (data), post offices pass it along until it reaches the right address.
The problem? Any post office can claim “hey, I handle mail for 123 Main Street” — and other post offices will just trust them. A bad actor could pretend to handle your mail, intercept it, or send it to the wrong place.
RPKI is like a registry of official deeds.
The original owner of 123 Main Street goes to city hall (the Regional Internet Registry) and signs a document saying “Only Bob’s Post Office is allowed to deliver my mail.” This document is stamped and stored publicly.
Now when a post office claims to handle mail for 123 Main Street, other post offices can check: “Does this match what’s on file at city hall?”
- Valid: Yep, Bob’s Post Office is authorized — deliver away
- Invalid: Nope, this isn’t Bob — something’s fishy, reject it
- Not Found: No deed on file — proceed with caution
What problem does it solve?
BGP (Border Gateway Protocol), which routes traffic across the internet, was designed in an era of implicit trust. Any network can announce that it owns an IP range, and other networks will often just believe it. This opens the door to route hijacking — whether accidental (misconfigurations) or malicious (traffic interception, denial of service).
How RPKI validation works?
Regional Internet Registries (like ARIN, RIPE, APNIC) act as trust anchors. IP address holders create Route Origin Authorizations (ROAs), which are cryptographically signed statements saying “AS12345 is authorized to announce the prefix 203.0.113.0/24.” Networks can then validate incoming BGP announcements against these ROAs.
Why RPKI validation matters?
- Prevents hijacking: Invalid routes can be rejected or deprioritized, stopping attackers from redirecting traffic
- Catches misconfigurations: Accidental “fat finger” errors that leak routes get flagged
- Builds trust: Knowing a route is RPKI-valid gives confidence the traffic is going where it should
- Industry momentum: Major networks increasingly drop invalid routes entirely