net.rpki-validity

RPKI Route Origin Validation for a (BGP origin AS, prefix) pair — answers whether an AS is legitimately authorized to originate a prefix. Pass asn (e.g. AS15169) and prefix (CIDR, e.g. 8.8.8.0/24). Returns status (valid = a ROA authorizes it; invalid = a ROA exists but does NOT authorize this origin — a possible hijack/route-leak that RPKI-enforcing networks will drop; unknown = no covering ROA), a hijackSignal boolean, the validating ROAs (origin, prefix, maxLength), and a plain-English description. Live RIR/RPKI data via RIPEstat (keyless) — un-derivable by an LLM. The core BGP-security check; complements net.asn.

price
$0.0014 USDC per call
method
GET/api/net/rpki-validity
payment
x402 v2 · USDC on Base (EIP-3009) or Solana (SPL transfer)
auth
None. Sign the payment, retry with PAYMENT-SIGNATURE.

Overview

The rpki validity API is a pay-per-call net endpoint built for AI agents and autonomous software. RPKI Route Origin Validation for a (BGP origin AS, prefix) pair — answers whether an AS is legitimately authorized to originate a prefix.

There is no signup and no API key. An agent (or any HTTP client) hits the endpoint, receives an x402 "402 Payment Required" challenge, signs a sub-cent USDC payment on Base or Solana, and retries — the data comes back on the paid request. That makes it a drop-in rpki validity data source for an agent tool-use loop, an MCP host, or a backend that needs net data on demand without onboarding to yet another vendor portal.

Use cases

Parameters

NameTypeDescription
asnrequiredstring
min 1 chars · max 20 chars
prefixrequiredstring
min 4 chars · max 49 chars

Code samples

cURLbash
# 1. Probe with no auth → 402 envelope with PaymentRequirements
curl -sS 'https://2s.io/api/net/rpki-validity?asn=example&prefix=xxxx'

# 2. Sign + retry with PAYMENT-SIGNATURE:
curl -sS 'https://2s.io/api/net/rpki-validity?asn=example&prefix=xxxx' \
  -H 'PAYMENT-SIGNATURE: <base64-json-payload>'

# Or use the canonical runner (handles probe → sign → retry):
#   EVM_PRIVATE_KEY=0x... node --env-file=.env.local \
#     --experimental-strip-types scripts/x402-pay.ts \
#     'https://2s.io/api/net/rpki-validity?asn=example&prefix=xxxx'
TypeScript / Node — @2sio/sdktypescript
import { TwoS } from '@2sio/sdk'

const client = new TwoS({
  privateKey: process.env.EVM_PRIVATE_KEY as `0x${string}`,
})

const result = await client.net.rpkiValidity({
  "asn": "example",
  "prefix": "xxxx"
})

console.log('endpoint:', result.endpoint)
console.log('cost:', result.costUsd, 'USDC')
console.log('tx:', result.settlement?.txHash)
console.log('data:', result.data)
Python — 2siopython
import os
from twosio import TwoS

client = TwoS(private_key=os.environ["EVM_PRIVATE_KEY"])

result = client.net.rpki_validity(asn="example", prefix="xxxx")

print("endpoint:", result.endpoint)
print("cost:", result.cost_usd, "USDC")
print("tx:", (result.settlement or {}).get("tx_hash"))
print("data:", result.data)
MCP — Claude Desktop / AgentKit / any MCP hostjson
// 1. Add @2sio/mcp to your MCP host config (Claude Desktop example below).
//    EVM_PRIVATE_KEY funds x402 payments per call.

// claude_desktop_config.json
{
  "mcpServers": {
    "2sio": {
      "command": "npx",
      "args": ["-y", "@2sio/mcp"],
      "env": { "EVM_PRIVATE_KEY": "0x..." }
    }
  }
}

// 2. Once the server is running, agents call this tool via standard MCP:

{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "net.rpki-validity",
    "arguments": {
      "asn": "example",
      "prefix": "xxxx"
    }
  }
}

Response

FieldTypeDescription
okboolean
one of: true
itemsarray
totalintegerTotal matching rows upstream; null when unknown.
sourceobject
Example response datajson
{
  "ok": true,
  "items": [
    {
      "asn": 1,
      "prefix": "example",
      "status": "example",
      "hijackSignal": false,
      "validatingRoas": [
        {
          "origin": 1,
          "prefix": "example",
          "maxLength": 1,
          "validity": "example"
        }
      ],
      "description": "example"
    }
  ],
  "total": 1,
  "source": {
    "provider": "example",
    "url": "example",
    "license": "example"
  }
}

FAQ

Do I need an API key to use the rpki validity API?
No. net.rpki-validity is x402-native — there is no signup and no API key. Your client makes the call, receives a 402 with payment requirements, signs a USDC payment, and retries. Funds come from a wallet you control.
How much does the rpki validity API cost?
$0.00144 USDC per call, charged per request. There are no monthly fees, seats, or minimums — you pay only for the calls you make.
Can I try the rpki validity API for free first?
Yes. Add ?trial=1 (or the header X-2s-Trial: 1) to get a free real call per endpoint per hour, so you can verify the response shape before wiring payment.
Which networks and tokens are supported?
USDC on Base (via EIP-3009 transferWithAuthorization) or Solana (SPL transfer), using the open x402 payment protocol.
How do I call net.rpki-validity from an AI agent or MCP host?
Use @2sio/sdk (TypeScript), 2sio (Python), or the @2sio/mcp server for any MCP host — each handles the probe → sign → retry loop for you. See the code samples on this page.

Discovery

Related: rpki validity api · net rpki validity api · rpki validity api for ai agents · x402 net api · rpki validity api no api key · pay per call rpki validity api · net api