When you connect to the internet, your traffic doesn't take a single path from your device to its destination. It hops between independent networks — your ISP's network, a backbone provider, maybe a CDN, then the destination's network. Each of these networks is an Autonomous System, and every Autonomous System has a number: an ASN.
ASNs are the building blocks of internet routing. Without them, there would be no way to manage the routing relationships between thousands of independent networks that collectively make up the internet.
What Is an Autonomous System?
An Autonomous System (AS) is a network or collection of networks under a single administrative control that presents a unified routing policy to the outside world. Think of it as a country in the internet's geopolitical map — each one manages its own internal routing however it wants, and negotiates connections with neighbouring countries at the borders.
Examples of Autonomous Systems:
- A large ISP (Comcast, Deutsche Telekom, Jio)
- A cloud provider (AWS, Google Cloud, Azure — each has multiple ASes)
- A university or research network
- A large enterprise with its own internet presence
- A content delivery network (Cloudflare, Akamai, Fastly)
Cloudflare, for example, operates AS13335. Google has several ASes including AS15169. Your home ISP has an ASN too — it's how your ISP announces to the rest of the internet that it's responsible for delivering traffic to your IP address range.
What Is an ASN Used For?
ASNs exist primarily for BGP — the Border Gateway Protocol. BGP is the routing protocol that stitches together all the world's Autonomous Systems into a functional internet. It's often described as the postal system of the internet: it doesn't move packets directly, but it determines which paths are available and which routes traffic should take.
When your data leaves your ISP's network, BGP determines the next hop — which other Autonomous System to hand it off to. That system then hands it to the next, and so on until the packet reaches the destination network.
Each AS advertises the IP prefixes it's responsible for using BGP route announcements. If Cloudflare's AS13335 announces that it handles traffic for 104.16.0.0/12, then every other AS in the world knows to send that traffic toward AS13335.
ASN Format
ASNs were originally 16-bit numbers (1–65535), which gave a maximum of 65,535 possible ASNs. As the internet grew, this proved insufficient — 32-bit ASNs were standardised (supporting over 4 billion), and the transition has been underway since the mid-2000s.
ASNs are often written with an "AS" prefix: AS15169, AS13335, AS7922.
Special ranges:
- 64512–65534: Private ASNs (like RFC 1918 for IP addresses) — used internally, never advertised to the public internet
- 23456: A reserved "AS number transition" used during the 16-to-32-bit migration
How to Look Up an ASN
There are two common lookups:
Find the ASN for a domain or IP address: Enter any IP or domain into the ASN Lookup tool. It returns the ASN, the organisation that owns it, and the IP prefix being used.
Find the IP ranges announced by an ASN: Useful when you need to know all the IP addresses belonging to a specific company or provider. Security teams use this for firewall rules, threat intelligence, and blocking entire cloud provider ranges.
From the command line:
# Whois an IP to find its ASN
whois 1.1.1.1 | grep -i "aut-num\|origin"
# Using dig to find ASN via Team Cymru's service
dig +short 1.1.1.1.origin.asn.cymru.com TXTThe dig command above returns the ASN, prefix, country code, registry, and allocation date for any IP address.
BGP and What Happens When It Goes Wrong
BGP is a trusting protocol by design — Autonomous Systems can announce routes for IP prefixes they don't actually own, and other ASes will often accept those announcements. This has led to some spectacular internet incidents.
BGP hijacking occurs when an AS maliciously or accidentally announces prefixes it doesn't own, diverting traffic through its network. In 2010, China Telecom (AS4134) briefly announced routes for thousands of IP prefixes belonging to US government agencies, military contractors, and major companies — diverting their traffic through China for roughly 18 minutes.
BGP route leaks are less malicious but equally disruptive. In 2019, a small European network (AS37282) accidentally leaked millions of routes learned from Cloudflare to their transit provider, causing large portions of internet traffic to route through them and creating widespread slowdowns.
RPKI (Resource Public Key Infrastructure) is the modern solution — a cryptographic system that lets IP address holders sign their route announcements, allowing other ASes to reject invalid routes. Adoption has grown significantly in recent years but isn't universal.
Reading an ASN Lookup Result
When you look up an IP address's ASN, you typically get:
- ASN: The Autonomous System Number (e.g., AS13335)
- Organisation: Who owns/operates this AS (e.g., CLOUDFLARENET)
- Prefix: The IP block being announced (e.g., 104.16.0.0/12)
- Registry: Which Regional Internet Registry allocated this (ARIN, RIPE, APNIC, etc.)
- Country: The country where the AS is registered
This information is useful for:
Security investigations: If you see traffic from an unexpected ASN, knowing who operates it can tell you whether it's a legitimate cloud provider, a VPN, a residential ISP, or something more concerning.
Geolocation and routing: ASN data is more reliable than IP geolocation for determining which network a connection originates from. A VPN user might appear to be in another country via geolocation, but their ASN reveals the VPN provider's network.
Infrastructure research: Understanding which ASNs a company uses reveals their hosting footprint. A site might run on AS16509 (Amazon AWS) even if the domain doesn't obviously point there.
Threat intelligence: Many threat feeds and firewall systems operate on ASN-level blocks — blocking all traffic from an AS associated with bulletproof hosting or known-malicious infrastructure.
Peering and Transit: How ASes Connect
Autonomous Systems connect to each other in two ways:
Transit: One AS pays another for internet access. Your home ISP is a customer of a larger transit provider. Money flows from the customer to the provider.
Peering: Two ASes exchange traffic directly, usually at mutual benefit, without payment. Large networks at similar scale often peer at Internet Exchange Points (IXPs) — physical facilities where many networks connect.
Internet Exchange Points (like DE-CIX in Frankfurt, AMS-IX in Amsterdam, and Equinix in various cities) host thousands of peering connections. By peering at an IXP, a network can reach many other networks directly without paying transit costs for that traffic.
The Bottom Line
ASNs are how the internet stays organised as a collection of independent networks. Every ISP, cloud provider, and network operator has one. BGP uses ASNs to build a global routing map and direct traffic across the internet's boundaries.
For practical use, ASN lookups tell you which network an IP address belongs to — useful in security analysis, infrastructure research, and understanding routing anomalies. Look up any IP or domain with the ASN Lookup tool.