Understanding Your Scores
The Observatory scores each ASN across four categories. The current month's report is regenerated daily as a month-to-date figure, so a score reflects everything observed since the start of the month, updated through yesterday.
| Category | Metrics | What it measures | Data sources |
|---|---|---|---|
| Filtering | M1 to M4 | Route leaks, hijacks, and bogon announcements originated by you or your customers | GRIP, BGP archives |
| Anti-Spoofing | M5 | Whether spoofed-source packets can leave your network | CAIDA Spoofer tests |
| Routing Information (IRR / RPKI) | M7IRR, M7RPKI | Announced routes covered by IRR route objects and valid ROAs | IRR databases, RPKI repositories |
| Coordination | M8 | Up-to-date, registered contact information | RIR WHOIS, PeeringDB |
Metric reference
| Metric | Meaning |
|---|---|
| M1 / M1C | Route leaks by your ASN / by a customer ASN |
| M2 / M2C | Route misoriginations (hijacks) by your ASN / by a customer ASN |
| M3 / M3C | Bogon prefix announcements |
| M4 / M4C | Bogon ASN announcements |
| M5 | Anti-spoofing (CAIDA Spoofer test results) |
| M7IRR | Announced routes registered in an IRR |
| M7RPKI | Announced routes covered by a valid ROA |
| M8 | Contact information registered and current |
| M9 | RPKI deployment (route origin validation) |
The C ("customer") variants track incidents caused by your customer cone. MANRS expects you to filter customer announcements, so these count against your score at reduced weight.
Severity bands
| Category | OK | Warning | Fail |
|---|---|---|---|
| Filtering | ≥ 80% | ≥ 60% | < 60% |
| Anti-Spoofing | > 60% | 60% | < 60% |
| Routing Information | ≥ 90% | ≥ 50% | < 50% |
| Coordination | 100% | n/a | < 100% |
A dash (-) means no data. For Anti-Spoofing this means no Spoofer tests were observed from your network that month (see Anti-Spoofing).
Why did my score change?
- A new incident (leak, hijack, bogon) was attributed to your ASN or a customer ASN this month.
- A Spoofer test from your network leaked spoofed packets, or no tests ran at all.
- Announced prefixes lost IRR/ROA coverage, or a ROA became invalid.
- Incident scores reset each calendar month, so last month's clean record doesn't carry forward.
Common score values
- Anti-Spoofing 49%: exactly one prefix in your network passed spoofed traffic during a test. See Anti-Spoofing.
- Anti-Spoofing
-: no test data for the month. Run tests monthly. - Filtering 80%: incidents totalling a small raw penalty. Short incidents (under 30 min) cost half as much as longer ones.