You could just rune trace from a cisco router (or do a trace from a looking glass). It shows the AS numbers along the path. Just pick out the last one. It also has the advantage of telling you who is really  announcing it at this time rather then who 'should' be announcing it.
Guessing a script could be written using RANCID or some code from  lookingglass quite quickly.

Tracing the route to w2.scd.yahoo.com (66.218.71.81)

  1 sjc3-core5-pos6-0.atlas.algx.net (165.117.48.62) 204 msec 204 msec 200 msec
  2 sjc3-yahoo.peer.algx.net (165.117.67.110) 200 msec 200 msec 4 msec
  3 ge-0-0-0-p32.pat2.pao.yahoo.com (216.115.100.76) [AS 10310] 200 msec 0 msec
    ge-0-0-0-p31.pat2.pao.yahoo.com (216.115.100.68) [AS 10310] 200 msec
  4 vl28.bas1.scd.yahoo.com (216.115.101.42) [AS 10310] 200 msec 204 msec 200 msec
  5 w2.scd.yahoo.com (66.218.71.81) [AS 26101] 0 msec 204 msec 228 msec

At 08:09 AM 2/20/2003 -0500, William Allen Simpson wrote:

Anybody have a pointer to scripts to map IP to AS?

There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
and I'd like to start blocking routing to those irresponsible AS's
that haven't blocked their miscreant customers.

http://isc.sans.org/port_details.html?port=1434
--
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32

-tdawson
-tdawson@sprintlabs.com