How to Look Up an IP Address's BGP Route
Every public IP address on the internet is covered by a BGP route. This route tells the internet's routers how to deliver traffic to that address. By looking up the BGP route for an IP, you can discover which network owns it, how traffic reaches it, and whether the route is properly secured.
Step 1: Enter an IP Address
To look up a BGP route, enter any public IP address into the search box. You can enter:
- An IPv4 address like 8.8.8.8
- An IPv6 address like 2606:4700::1111
- A domain name like google.com (it will be resolved to an IP first)
The tool will find the most specific BGP prefix covering that IP address and show you all available routing information.
Step 2: Understanding the Results
Here's what each field in the results means:
IP Address & Geolocation
The top of the results shows the queried IP, whether it's IPv4 or IPv6, and its approximate geographic location based on MaxMind's GeoLite database. If you looked up a domain, it also shows what IP the domain resolved to.
Reverse DNS (PTR Record)
The PTR record shows the hostname associated with the IP address. For example, 8.8.8.8 has the PTR record dns.google. Not all IPs have PTR records.
Origin AS
The autonomous system that originates the route — this is the network that claims ownership of the IP address block. For example, 8.8.8.8 is originated by AS15169 (Google).
AS Path
The AS path shows the sequence of networks traffic traverses from the route collector to the origin. It reads left to right: the first ASN is the route collector's neighbor, and the last ASN is the origin. A shorter AS path generally means a more direct route.
Prefix
The IP address block (in CIDR notation) that covers the queried IP. For example, 8.8.8.8 falls within the prefix 8.8.8.0/24, which covers all addresses from 8.8.8.0 to 8.8.8.255.
RPKI Status
If the prefix has an RPKI Route Origin Authorization (ROA), the tool shows the validation status:
- Valid — The origin AS is authorized to announce this prefix. This is the ideal state.
- Invalid — The origin AS does not match the ROA. This could indicate a hijack or misconfiguration.
- Unknown — No ROA exists for this prefix.
Route Table
The route table shows all BGP routes collected for the queried IP. Each row is a route from a different vantage point (peer/collector), showing potentially different AS paths. Multiple routes for the same prefix are normal — they show how different parts of the internet see the route.
Step 3: Exploring Further
From the results, you can click on any element to dig deeper:
- Click an ASN to see all prefixes announced by that network
- Click a prefix to look up that specific IP block
- Click a domain to resolve and look up another hostname
Common Lookups
Here are some interesting IP addresses to explore:
- 8.8.8.8 — Google Public DNS
- 1.1.1.1 — Cloudflare DNS
- 9.9.9.9 — Quad9 DNS
- 208.67.222.222 — OpenDNS (Cisco)
- 2606:4700::1111 — Cloudflare DNS (IPv6)