RIPE Database docs
Sidebar Navigation

Introduction to the RIPE Database

RIPE Database Documentation Overview

Intended Audience

Conventions Used in the RIPE Database Documentation

What is the RIPE Database

Purpose and Content of the RIPE Database

History of the RIPE Database

Personal Data Database Management and Reponsabilities

RIPE Database Structure

Database Object

Primary and Secondary Objects

List of Primary Objects

List of Secondary Objects

The Attributes in Database Objects

Attribute Names

Attributes in an Object

Attribute Values

Attribute Properties

How to Organise Your Data

REST API Data model

RPSL Object Types

Descriptions of Primary Objects

Descriptions of Secondary Objects

Available Databases

RIPE Database

TEST Database

Release Candidate Database

Experimental Databases

Update Methods

RESTful API

Webupdates

Syncupdates

Email Updates

Updating Objects in the RIPE Database

Format of the Update Message

Accessing the Object Templates

Object Processing

Update Operations

Historical Data

Special Considerations for Object Creation

Garbage Collection

Dry run

Set Objects

Notifications

Acknowledgment Message

Notification Messages

Authorisation

Authorisation Model

Using the Authorisation Methods

Security of Data Using Authorisation

Protection of PERSON and ROLE Objects

Protection of AUT NUM Object Space

Protection of Address Space

Protection of Route Object Space

Protection of Reverse Delegation Objects

Protection of Objects with Hierarchical Names

Protecting Membership of a Set

Referencing an ORGANIZATION Object

Referencing an IRT Object

IRT Object

Force Delete Functionality

Request ENUM delegation

Request DNSSEC delegation

How to Query the RIPE Database

The Structure of a Query

Web Query Form

RESTful API Queries

Command Line Queries

Query Responses

Registration Data Access Protocol

Access to Personal Data

Types of Queries

Queries Using Primary and Lookup Keys

Queries for IP Networks

Queries for Autonomous Systems

More and Less Specific Lookups For Reverse Domains

Inverse Queries

Abuse Contacts

Grouping the RIPE Database Output

Filtering the Query Reponse

IRR Toolset Support

Persistent Connections and Keeping State

Getting All the Members of Set objects

Access Control for Queries

RIPE NCC Global Resource Service

Other Query Flags

Referenced Objects in Query Response

Historical Queries

Related Software and Tools

Geolocation in the RIPE Database

RIPE Database Mirror

Setup RIPE Database Mirror

Near Real Time Mirroring v3

Near Real Time Mirroring v4

Access to NRTM

Tables of Query Types Supported by the RIPE Database

How to Recover Access to a Maintainer Object

Installation and Development

Getting started on macOS

Getting started on Ubuntu Linux

Building whois

Configure MariaDB

Coding standard

Installation instructions

Database Support

Support Overview

Clean up of Unreferenced Data

Database Security

Configuring Reverse DNS

Database Business Rules

Highlighted Values in the RIPE Database

Create First Role Mntner

Removal of personal data

Release Notes

FAQ

Appendices

Appendix A Syntax of Object Attributes

Appendix B Copyright Statement

Appendix C RIPE Database Query Server Response Codes and Messages

Appendix-D--Route-Object-Creation-Flowchart

Appendix-E--Domain-Object-Creation-Flowchart

Appendix F Special Considerations for Object Types

Appendix G Object Types with Personal Data

Appendix H PGP Authentication Method

Appendix I Client Certificate Authentication

Appendix J Ripe Test Database

Appendix K API Keys

Glossary

Legal Information

RIPE Database Acceptable Use Policy

HTML Terms And Conditions

All Documentation Combined

On this page

Appendix H- PGP Authentication Method ​

In this section, we provide an example of the PGP authentication method. For this example we will start from the beginning, supposing that there is no previous mntner object created.

  • Create the first mntner and role object.
  • Install gpg or a similar tool. In this example, gpg will be used. brew install gpg
  • Run the next command to create public and private key gpg --gen-key. The output of this command should contain the next piece of text:
    pub   ed25519 2024-05-03 [SC] [expires: 2027-05-03]
    6A9DFE0F2C9239EF07CADA4A4BD32D1CF9C96367
  • Before creating the key-cert object gpg --export --armor 6A9DFE0F2C9239EF07CADA4A4BD32D1CF9C96367 need to be executed. This command will export the public key in plain text.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: GPGTools - http://gpgtools.org

mDMEZjSZDRYJKwYBBAHaRw8BAQdABOx/dcn6Ask5cni3zdKtiYgOG1VN3QQLHQ1c
iz16UQO0HFRlc3QgVXNlciA8bm9yZXBseUByaXBlLm5ldD6ImQQTFgoAQRYhBGqd
/g8skjnvB8raSkvTLRz5yWNnBQJmNJkNAhsDBQkFo5qABQsJCAcCAiICBhUKCQgL
AgQWAgMBAh4HAheAAAoJEEvTLRz5yWNn1YgA/3NEr9/vNPVeCr0NVh9I0DVucTbk
qNwzDy/6Fs81GxvNAP4vJq3n5S9hTFY0aQCZ4mjYXzrDHcJaY+ZKKJcIilesALg4
BGY0mQ0SCisGAQQBl1UBBQEBB0DwPQN5sgVdMCVtCYtQ1UBSq35V1VbiN5MKRT3T
P3hCAAMBCAeIfgQYFgoAJhYhBGqd/g8skjnvB8raSkvTLRz5yWNnBQJmNJkNAhsM
BQkFo5qAAAoJEEvTLRz5yWNnUfMBALG5vIKAJ2msltAPoECQuFmjB6HxFh2HX6vE
os2DfBlmAP9VdqYSQAdqzoQcUWS8j+AIkmmGe/wzKRg3lVEjX6CMBg==
=XknZ
-----END PGP PUBLIC KEY BLOCK-----
  • Now is time to create the key-cert object. For that you can use one of the update methods. It is recommended to use the last 8 digits from the 6A9DFE0F2C9239EF07CADA4A4BD32D1CF9C96367 for "key-cert:" attribute. For example:
key-cert:        PGPKEY-F9C96367
certif:          -----BEGIN PGP PUBLIC KEY BLOCK-----
certif:          Comment: GPGTools - http://gpgtools.org
certif:
certif:          mDMEZjSZDRYJKwYBBAHaRw8BAQdABOx/dcn6Ask5cni3zdKtiYgOG1VN3QQLHQ1c
certif:          iz16UQO0HFRlc3QgVXNlciA8bm9yZXBseUByaXBlLm5ldD6ImQQTFgoAQRYhBGqd
certif:          /g8skjnvB8raSkvTLRz5yWNnBQJmNJkNAhsDBQkFo5qABQsJCAcCAiICBhUKCQgL
certif:          AgQWAgMBAh4HAheAAAoJEEvTLRz5yWNn1YgA/3NEr9/vNPVeCr0NVh9I0DVucTbk
certif:          qNwzDy/6Fs81GxvNAP4vJq3n5S9hTFY0aQCZ4mjYXzrDHcJaY+ZKKJcIilesALg4
certif:          BGY0mQ0SCisGAQQBl1UBBQEBB0DwPQN5sgVdMCVtCYtQ1UBSq35V1VbiN5MKRT3T
certif:          P3hCAAMBCAeIfgQYFgoAJhYhBGqd/g8skjnvB8raSkvTLRz5yWNnBQJmNJkNAhsM
certif:          BQkFo5qAAAoJEEvTLRz5yWNnUfMBALG5vIKAJ2msltAPoECQuFmjB6HxFh2HX6vE
certif:          os2DfBlmAP9VdqYSQAdqzoQcUWS8j+AIkmmGe/wzKRg3lVEjX6CMBg==
certif:          =XknZ
certif:          -----END PGP PUBLIC KEY BLOCK-----
mnt-by:          ***-MNT
notify:          ***@ripe.net
created:         2013-12-10T17:02:02Z
last-modified:   2019-09-09T15:24:06Z
source:          RIPE
password: *****-MNT
  • Once the key-cert object is created you need to update your previous mntner object adding a new "auth:" attribute pointing to the created key-cert.
  • Finally, now that the key-cert object is created and associated with the mntner. The last step is to perform an update authenticated with the key-cert object. In this example syncupdates is used for it.
    • You need to create a file with the updated object.
    • This file must be signed by your private key running the next command: gpg --clearsign --armor --default-key F9C96367 file . This command will generate an .asc.
    gpg: using "F9C96367" as default secret key for signing
    edtop:~ $
    edtop:~ $ cat file.asc
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512
    
    person:          Name Removed
    address:         ***UPDATED***
    address:         ***
    address:         The Netherlands
    e-mail:          ***@nonexistant.org
    phone:           +31 20 ... ....
    remarks:         ***
    remarks:         ***
    remarks:         ***
    remarks:         ***
    remarks:         ***
    nic-hdl:         ****-RIPE
    mnt-by:          ****-MNT
    created:         2013-12-10T16:54:20Z
    last-modified:   2023-09-06T14:47:15Z
    source:          RIPE
    -----BEGIN PGP SIGNATURE-----
    Comment: GPGTools - http://gpgtools.org
    
    iHUEARYKAB0WIQRqnf4PLJI57wfK2kpL0y0c+cljZwUCZjSZ8QAKCRBL0y0c+clj
    Z93+AQCrvZZzcRHh8m8vj9a0Byea41xcthfKP11CQt5tmBR1ggEA4mSgCaMpClSu
    Wbpg95npLZo+LQB7PdK4Fb+ydsewGA0=
    =Hc7R
    -----END PGP SIGNATURE-----
    • The last step is to perform the update, in this example curl is used: curl -v --data-urlencode DATA@file.asc https://syncupdates.db.ripe.net. Whois will authenticate this signature using the public key in the key-cert object.

Last updated:

Pager
Previous pageAppendix G Object Types with Personal Data
Next pageAppendix I Client Certificate Authentication