# Database Business Rules
The RIPE Database contains objects formatted according to the Routing Policy Specification Language (RPSL), which has a set of syntax rules you have to comply with when creating, updating or deleting objects. In addition, the RIPE NCC enforces certain business rules to ensure data integrity and registry accuracy. This document gives an overview of all current business rules.
| Applies To Object Type | On Action | Business Rule |
|---|---|---|
| all | Create | An object cannot be created if it already exists. The creation will fail if another object of the same type and with the same primary key is already present in the RIPE Database. |
| all | Create, Update | Only the RIPE NCC is authorised to add or remove RIPE NCC maintainers. |
| all | Create, Update | On objects where the "language:" or "country:" attribute is used, the value must be a valid two-letter ISO 3166 code (opens new window). |
| all | Create, Update | When creating or updating an object in the RIPE Database, all references to other objects must exist, such as mntner, person and role objects. |
| all | Create, Update | A warning is displayed if the object refers to a person or role object that does not have a maintainer. |
| all | Create, Update | A warning is displayed if the maintainer that is used for the object refers to a person or role object that does not have a maintainer. |
| all | Create, Update | Comments are not allowed in the "source:" attribute. |
| all | Delete | An object can only be deleted if the submitted object matches exactly the current object in the RIPE Database. |
| all | Delete | If an object has a RIPE NCC maintainer as one of the maintainers, the object can only be deleted by RIPE NCC. |
| all | Delete | An object can only be deleted if it is no longer referenced. An exception to this rule is made for aut-num objects. They may be deleted even if references in "import:" and "export:" attributes exist. When an aut-num object is deleted, a warning email is automatically sent to all maintainers of objects that still reference the associated AS Number. |
| all | Create, Update | The "mnt-routes:" attribute refers to a maintainer, followed by an optional list of prefix ranges inside of curly braces, or the keyword "ANY". It is not allowed to have the "ANY" value on every "mnt-routes:" attribute in the object. |
| inetnum, inet6num | Update | On Provider Independent address space assignments, the End User maintainer cannot be removed. |
| inetnum, inet6num | Create | inet(6)num objects cannot overlap, meaning two objects that cover the same range and have the same status cannot exist. |
| inetnum, inet6num | Update | On an inetnum object with the status "ALLOCATED PA" or "ALLOCATED-ASSIGNED PA", the RIPE NCC has specified a "mnt-lower:" attribute. It cannot be removed and another "mnt-lower:" attribute cannot be added. The same applies to an inet6num object with the status "ALLOCATED-BY-RIR". |
| inetnum, inet6num | Create, Update | When submitting a route object that is authorised by a "mnt-routes:" attribute on a matching inet(6)num object, the prefix should be within the same range as the one in the submitted object. |
| inetnum, inet6num | Create, Update | On inet(6)num objects for allocations or End User assignments made by the RIPE NCC, the "org:" attribute is mandatory. |
| inetnum, inet6num | Create, Update | When creating an inet(6)num object, the "status:" attribute must be set correctly in relation to surrounding objects. For example, the status "ASSIGNED PA" may only be used if the object is a child of an inetnum object with the status "ALLOCATED PA". |
| inet6num | Create, Update | When creating or updating an inet6num object for an assignment, all first-level children must have the same prefix size. In addition, the assignment size should not be larger than a /128 and not smaller than the prefix length of the parent object. |
| inetnum, inet6num, aut-num | Update | If the object has a RIPE NCC maintainer as one of the maintainers, only the RIPE NCC can change the value of the "org:" attribute. |
| inetnum, inet6num, aut-num | Create, Update | Only the RIPE NCC can add, change or remove the "sponsoring-org:" attribute. It must reference an organisation of type "LIR". |
| organisation | Create, Update | The "abuse-c:" attribute must reference a role object that has an "abuse-mailbox:" attribute. Once set, the attribute cannot be removed if the organisation is referenced by any object that has a RIPE NCC maintainer present. |
| organisation | Create, Update | In an organisation object, only the value "OTHER" can be used for the "org-type:" attribute. Only the RIPE NCC can use other org-types, such as "LIR". |
| organisation | Update | If the organisation object has a RIPE NCC maintainer present, only the RIPE NCC can change the value of the "org-name:" attribute after an LIR submits a change request. In addition, LIRs cannot change the "e-mail:", "phone:", and "fax-no:" value; these must be changed in the LIR Portal. |
| role | Create, Update | When creating a role object that has an "abuse-mailbox:" attribute specified, or adding this attribute to an existing role object, a warning is displayed that no rate limiting is applied to this attribute. |
| role | Update, Delete | The "abuse-mailbox:" attribute cannot be removed from a role object if it's referenced as an "abuse-c:" attribute in any organisation object. |
| role | Create, Update | The "admin-c:" and "tech-c:" of a role object cannot refer to itself. |
| domain | Create | domain objects of the e164.arpa type need to be authenticated against one of the designated enum maintainers. |
| domain | Create | The domain object that is submitted cannot have have an existing parent or child object for the reverse IP. |
| domain | Create, Update | The server that is listed in the "nserver:" attribute must have a valid glue record, if required. |
| mntner | Create, Update | Maintainer names cannot use reserved names. |
| key-cert | Update | It is not allowed to use "AUTO-1" for the primary key value of a key-cert object. A unique value must be explicitly set. |
| poem | Create, Update | A poem object must be maintained by LIM-MNT (opens new window) only. |
| route, route6 | Create, Update | When using the "holes:" and "pingable:" attributes, the specified IP must lie within the prefix of the route. |
| peering-set | Create, Update | A peering-set object must include either a "peering:" or an "mp-peering:" attribute. One of these must exist, but both attributes cannot be present at the same time. |
| filter-set | Create, Update | A filter-set object must include either a "filter:" or an "mp-filter:" attribute. One of these must exist, but both attributes cannot be present at the same time. |
| as-set, filter-set, peering-set | Create | When creating an as-set, filter-set or peering-set object, a parent object must be present in the RIPE Database and it is required to authenticate against its maintainer. |
| as-set, route-set, rtr-set | Delete | An as-set, route-set or rtr-set cannot be deleted if the "member-of:" attribute is referenced. |
| aut-num, route, route6, inet-rtr | Create, Update | If the aut-num, route(6) or inet-rtr object is part of an as-set, route-set or rtr-set object that has a "mbrs-by-ref:" attribute set, the maintainers on the objects need to match. |
| as-block | Create, Update | Only the RIPE NCC is authorised to create and update as-block objects. |