Route hijacks are estimated based on RPKI validation data. If an announcement is identified as invalid, it is considered a potential route hijack. There are two possible reasons for this: the origin autonomous system is not authorized to announce the route, or the announced prefix is too specific (the maximum length is exceeded). But what about the announcements that are not covered by RPKI? For these cases, we use information from the Internet Route Registries (
) to validate whether the announcements are registered. If there is a record in the IRR that matches the announcement (same origin ASN and same prefix length), then it is labeled as IRR-valid. If there are records but these records contradict this information, then it is considered as IRR-invalid. If the prefix is not registered in an IRR, it is considered as IRR-not found. In such cases, potential route hijacks are not considered, but they are reported as anomalies.
Calculations are performed based on unique Prefix/Origin AS pairs.