[44net] Concerning over undocumented BGP announcements

Hello all, Over the last few months I have noticed some odd BGP announcements of prefixes which have no allocations in the AMPRnet portal. After spotting 5 or 6 of these it made me wonder how many existed. This evening I took a snapshot of the RIPE RIS data for announcements within 44.0.0.0/9 and 44.128.0.0/10, which took place in 2021. Then scraped the allocations from the AMPRnet portal, compared prefixes directly and then used a radix tree to find a best match. The resulting data https://docs.google.com/spreadsheets/d/1nb4cTYVG1tm4HpxgPp7TAcgZ_qOlcej1whd… At first glance there are some expected entries, for example users with a /22 or /23 announcing a more specific /24. What really worries me is the amount of announcements of /24s where the closest portal documented prefix is a /16. Are these being used legitimately? do AMPR co-ordinators what details about them? or have they been hijacked? Look for example at /24 announcements within country assignments, but no specific description! I would like to start a discussion around these specific prefixes. The scripts I wrote are here https://github.com/natm/amprnet-observer Kind regards, Nat. -- Nat https://nat.ms +44 7531 750292