rir_audit_org
Audit an organization's global IP blocks and ASNs across all regional internet registries (RIRs) to identify internet resource ownership for due diligence, security research, or policy analysis.
Instructions
Find all IP blocks and ASNs registered to an organization across all RIRs.
Searches RDAP entity databases at AFRINIC, APNIC, ARIN, and RIPE (LACNIC does not support RDAP entity search — a limitation is noted). Aggregates results into a unified inventory.
Use cases:
M&A due diligence: What internet resources does Company X own globally?
Security research: What is the full IP footprint of an organization?
ICANN/RIR policy: Are resources distributed across multiple RIRs?
Incident response: Did this org transfer/sell IP space recently?
Tips:
Use org handles for precision (e.g. 'GOOGL-ARIN' not 'Google')
Partial name matching is supported (e.g. 'Cloudflare' finds 'Cloudflare Inc.')
Results are cached for 6 hours.
Args: params (OrgAuditInput): - org_name (str): Organization name or handle (e.g. 'Cloudflare', 'GOOGL-ARIN') - response_format (str): 'markdown' (default) or 'json'
Returns: str: Summary of all IP blocks and ASNs by RIR, with handles, names, countries, and allocation dates. JSON schema: { "org_query": str, "total_resources": int, "ip_blocks": [{"rir": str, "handle": str, "prefix_or_asn": str, "name": str, "country": str}], "asns": [...], "rirs_found_in": [str], "errors": [str] }
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| params | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |