RIPE Database docs
Sidebar Navigation

Introduction to the RIPE Database

RIPE Database Documentation Overview

Intended Audience

Conventions Used in the RIPE Database Documentation

What is the RIPE Database

Purpose and Content of the RIPE Database

History of the RIPE Database

Personal Data Database Management and Reponsabilities

RIPE Database Structure

Database Object

Primary and Secondary Objects

List of Primary Objects

List of Secondary Objects

The Attributes in Database Objects

Attribute Names

Attributes in an Object

Attribute Values

Attribute Properties

How to Organise Your Data

REST API Data model

RPSL Object Types

Descriptions of Primary Objects

Descriptions of Secondary Objects

Available Databases

RIPE Database

TEST Database

Release Candidate Database

Experimental Databases

Update Methods

RESTful API

Webupdates

Syncupdates

Email Updates

Updating Objects in the RIPE Database

Format of the Update Message

Accessing the Object Templates

Object Processing

Update Operations

Historical Data

Special Considerations for Object Creation

Garbage Collection

Dry run

Set Objects

Notifications

Acknowledgment Message

Notification Messages

Authorisation

Authorisation Model

Using the Authorisation Methods

Security of Data Using Authorisation

Protection of PERSON and ROLE Objects

Protection of AUT NUM Object Space

Protection of Address Space

Protection of Route Object Space

Protection of Reverse Delegation Objects

Protection of Objects with Hierarchical Names

Protecting Membership of a Set

Referencing an ORGANIZATION Object

Referencing an IRT Object

IRT Object

Force Delete Functionality

Request ENUM delegation

Request DNSSEC delegation

How to Query the RIPE Database

The Structure of a Query

Web Query Form

RESTful API Queries

Command Line Queries

Query Responses

Registration Data Access Protocol

Access to Personal Data

Types of Queries

Queries Using Primary and Lookup Keys

Queries for IP Networks

Queries for Autonomous Systems

More and Less Specific Lookups For Reverse Domains

Inverse Queries

Abuse Contacts

Grouping the RIPE Database Output

Filtering the Query Reponse

IRR Toolset Support

Persistent Connections and Keeping State

Getting All the Members of Set objects

Access Control for Queries

RIPE NCC Global Resource Service

Other Query Flags

Referenced Objects in Query Response

Historical Queries

Related Software and Tools

Geolocation in the RIPE Database

RIPE Database Mirror

Setup RIPE Database Mirror

Near Real Time Mirroring v3

Near Real Time Mirroring v4

Access to NRTM

Tables of Query Types Supported by the RIPE Database

How to Recover Access to a Maintainer Object

Installation and Development

Getting started on macOS

Getting started on Ubuntu Linux

Building whois

Configure MariaDB

Coding standard

Installation instructions

Database Support

Support Overview

Clean up of Unreferenced Data

Database Security

Configuring Reverse DNS

Database Business Rules

Highlighted Values in the RIPE Database

Create First Role Mntner

Removal of personal data

Release Notes

FAQ

Appendices

Appendix A Syntax of Object Attributes

Appendix B Copyright Statement

Appendix C RIPE Database Query Server Response Codes and Messages

Appendix-D--Route-Object-Creation-Flowchart

Appendix-E--Domain-Object-Creation-Flowchart

Appendix F Special Considerations for Object Types

Appendix G Object Types with Personal Data

Appendix H PGP Authentication Method

Appendix I Client Certificate Authentication

Appendix J Ripe Test Database

Appendix K API Keys

Glossary

Legal Information

RIPE Database Acceptable Use Policy

HTML Terms And Conditions

All Documentation Combined

On this page

Database Business Rules ​

The RIPE Database contains objects formatted according to the Routing Policy Specification Language (RPSL), which has a set of syntax rules you have to comply with when creating, updating or deleting objects. In addition, the RIPE NCC enforces certain business rules to ensure data integrity and registry accuracy. This document gives an overview of all current business rules.

Applies To Object TypeOn ActionBusiness Rule
allCreateAn object cannot be created if it already exists. The creation will fail if another object of the same type and with the same primary key is already present in the RIPE Database.
allCreate, UpdateOnly the RIPE NCC is authorised to add or remove RIPE NCC maintainers.
allCreate, UpdateOn objects where the "language:" or "country:" attribute is used, the value must be a valid two-letter ISO 3166 code.
allCreate, UpdateWhen creating or updating an object in the RIPE Database, all references to other objects must exist, such as mntner, person and role objects.
allCreate, UpdateA warning is displayed if the object refers to a person or role object that does not have a maintainer.
allCreate, UpdateA warning is displayed if the maintainer that is used for the object refers to a person or role object that does not have a maintainer.
allCreate, UpdateComments are not allowed in the "source:" attribute.
allDeleteAn object can only be deleted if the submitted object matches exactly the current object in the RIPE Database.
allDeleteIf an object has a RIPE NCC maintainer as one of the maintainers, the object can only be deleted by RIPE NCC.
allDeleteAn object can only be deleted if it is no longer referenced. An exception to this rule is made for aut-num objects. They may be deleted even if references in "import:" and "export:" attributes exist. When an aut-num object is deleted, a warning email is automatically sent to all maintainers of objects that still reference the associated AS Number.
allCreate, UpdateThe "mnt-routes:" attribute refers to a maintainer, followed by an optional list of prefix ranges inside of curly braces, or the keyword "ANY". It is not allowed to have the "ANY" value on every "mnt-routes:" attribute in the object.
inetnum, inet6numUpdateOn Provider Independent address space assignments, the End User maintainer cannot be removed.
inetnum, inet6numCreateinet(6)num objects cannot overlap, meaning two objects that cover the same range and have the same status cannot exist.
inetnum, inet6numUpdateOn an inetnum object with the status "ALLOCATED PA" or "ALLOCATED-ASSIGNED PA", the RIPE NCC has specified a "mnt-lower:" attribute. It cannot be removed and another "mnt-lower:" attribute cannot be added. The same applies to an inet6num object with the status "ALLOCATED-BY-RIR".
inetnum, inet6numCreate, UpdateWhen submitting a route object that is authorised by a "mnt-routes:" attribute on a matching inet(6)num object, the prefix should be within the same range as the one in the submitted object.
inetnum, inet6numCreate, UpdateOn inet(6)num objects for allocations or End User assignments made by the RIPE NCC, the "org:" attribute is mandatory.
inetnum, inet6numCreate, UpdateWhen creating an inet(6)num object, the "status:" attribute must be set correctly in relation to surrounding objects. For example, the status "ASSIGNED PA" may only be used if the object is a child of an inetnum object with the status "ALLOCATED PA".
inet6numCreate, UpdateWhen creating or updating an inet6num object for an assignment, all first-level children must have the same prefix size. In addition, the assignment size should not be larger than a /128 and not smaller than the prefix length of the parent object.
inetnum, inet6num, aut-numUpdateIf the object has a RIPE NCC maintainer as one of the maintainers, only the RIPE NCC can change the value of the "org:" attribute.
inetnum, inet6num, aut-numCreate, UpdateOnly the RIPE NCC can add, change or remove the "sponsoring-org:" attribute. It must reference an organisation of type "LIR".
organisationCreate, UpdateThe "abuse-c:" attribute must reference a role object that has an "abuse-mailbox:" attribute. Once set, the attribute cannot be removed if the organisation is referenced by any object that has a RIPE NCC maintainer present.
organisationCreate, UpdateIn an organisation object, only the value "OTHER" can be used for the "org-type:" attribute. Only the RIPE NCC can use other org-types, such as "LIR".
organisationUpdateIf the organisation object has a RIPE NCC maintainer present, only the RIPE NCC can change the value of the "org-name:" attribute after an LIR submits a change request. In addition, LIRs cannot change the "e-mail:", "phone:", and "fax-no:" value; these must be changed in the LIR Portal.
roleCreate, UpdateWhen creating a role object that has an "abuse-mailbox:" attribute specified, or adding this attribute to an existing role object, a warning is displayed that no rate limiting is applied to this attribute.
roleUpdate, DeleteThe "abuse-mailbox:" attribute cannot be removed from a role object if it's referenced as an "abuse-c:" attribute in any organisation object.
roleCreate, UpdateThe "admin-c:" and "tech-c:" of a role object cannot refer to itself.
domainCreatedomain objects of the e164.arpa type need to be authenticated against one of the designated enum maintainers.
domainCreateThe domain object that is submitted cannot have have an existing parent or child object for the reverse IP.
domainCreate, UpdateThe server that is listed in the "nserver:" attribute must have a valid glue record, if required.
mntnerCreate, UpdateMaintainer names cannot use reserved names.
key-certUpdateIt is not allowed to use "AUTO-1" for the primary key value of a key-cert object. A unique value must be explicitly set.
poemCreate, UpdateA poem object must be maintained by LIM-MNT only.
route, route6Create, UpdateWhen using the "holes:" and "pingable:" attributes, the specified IP must lie within the prefix of the route.
peering-setCreate, UpdateA peering-set object must include either a "peering:" or an "mp-peering:" attribute. One of these must exist, but both attributes cannot be present at the same time.
filter-setCreate, UpdateA filter-set object must include either a "filter:" or an "mp-filter:" attribute. One of these must exist, but both attributes cannot be present at the same time.
as-set, filter-set, peering-setCreateWhen creating an as-set, filter-set or peering-set object, a parent object must be present in the RIPE Database and it is required to authenticate against its maintainer.
as-set, route-set, rtr-setDeleteAn as-set, route-set or rtr-set cannot be deleted if the "member-of:" attribute is referenced.
aut-num, route, route6, inet-rtrCreate, UpdateIf the aut-num, route(6) or inet-rtr object is part of an as-set, route-set or rtr-set object that has a "mbrs-by-ref:" attribute set, the maintainers on the objects need to match.
as-blockCreate, UpdateOnly the RIPE NCC is authorised to create and update as-block objects.

Last updated:

Pager
Previous pageConfiguring Reverse DNS
Next pageHighlighted Values in the RIPE Database