RIPE NCC Archives - NETRAVNEN BLOGGING

Add Danish NemID X.509 public certificate to RIPE Database

General

If you ever used the RIPE Database.

You know the following RIPE Maintainer Authentication methods is possible.

SSO (a.k.a. single sign on)
key-cert (GnuPG keys + X.509 certificate)
MD5 encrypted passwords

NemID

IF you have the danish NemID follow the guidelines here to configure NemID on your computer. And then for you email program.
Go find your public certificate here and download it.
Open the certificate locally on your computer and prepend every line with ‘certif: ‘ so it looks the example below. Remember the key-value pairs:
- key-cert: auto
- mnt-by: xyz
- source: ripe

Example

from older RIPE documentation.

key-cert: AUTO-1
certif: -----BEGIN CERTIFICATE-----
certif: MIID8zCCA1ygAwIBAgICAIIwDQYJKoZIhvcNAQEEBQAwcTELMAkGA1UEBhMCRVUx
certif: EDAOBgNVBAgTB0hvbGxhbmQxEDAOBgNVBAoTB25jY0RFTU8xHTAbBgNVBAMTFFNv
certif: ZnR3YXJlIFBLSSBUZXN0aW5nMR8wHQYJKoZIhvcNAQkBFhBzb2Z0aWVzQHJpcGUu
certif: bmV0MB4XDTAzMDkwODEwMjYxMloXDTA0MDkwNzEwMjYxMlowfTELMAkGA1UEBhMC
certif: TkwxETAPBgNVBAoTCFJJUEUgTkNDMRAwDgYDVQQLEwdNZW1iZXJzMRgwFgYDVQQD
certif: Ew91ay5idC50ZXN0LXVzZXIxLzAtBgkqhkiG9w0BCQEWIHRlc3QtdXNlckBsaW51
certif: eC50ZXN0bGFiLnJpcGUubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
certif: AQEArv3srxyl1QA3uS4dxdZbSsGrfBrMRjMb81Gnx0nqa6i+RziIf13lszB/EYy0
certif: PgLpQFdGLdhUQ52YsiGOUmMtnaWNHnEJrBUc8/fdnA6GVdfF8AEw1PTfJ6t2Cdc9
certif: 2SwaF+5kCaUDwmlOgbM333IQmU03l3I1ILs32RpQyZ+df/ovHNrVzeLc2P59isac
certif: bfjM2S0SXPQzHjuVLH40eOgVuXA/5LAYs51eXqwtKszSxFhqekf+BAEcRDrXmIT4
certif: e3zfiZOsXKe0UfaEABgHUMrYjsUCJ8NTMg6XiVSNwQQmXCdUbRvK7zOCe2iCX15y
certif: 9hNXxhY/q/IW54W5it7jGXq/7wIDAQABo4IBCDCCAQQwCQYDVR0TBAIwADARBglg
certif: hkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMBoGCWCGSAGG+EIBDQQNFgtSSVBF
certif: IE5DQyBDQTAdBgNVHQ4EFgQUzdajNaRorkDTAW5O6Hpa3z9pP3AwgZsGA1UdIwSB
certif: kzCBkIAUHpLUfvaBVfxXVCcT0kh9NJeH7ouhdaRzMHExCzAJBgNVBAYTAkVVMRAw
certif: DgYDVQQIEwdIb2xsYW5kMRAwDgYDVQQKEwduY2NERU1PMR0wGwYDVQQDExRTb2Z0
certif: d2FyZSBQS0kgVGVzdGluZzEfMB0GCSqGSIb3DQEJARYQc29mdGllc0ByaXBlLm5l
certif: dIIBADANBgkqhkiG9w0BAQQFAAOBgQByg8L8RaiIz5k7n5jVwM/0oHSf48KRMBdn
certif: YdN2+eoEjVQbz48NtjbBTsOiUYj5AQWRHJrKtDQ+odbog0x7UsvhXjjBo/abJ6vI
certif: AupjnxP3KpSe73zmBUiMU8mvXLibPP1xuI2FPM70Y7fgeUehbmT7wdgqs7TEtYww
certif: PeUqjPPTZg==
certif: -----END CERTIFICATE-----
mnt-by: YOUR-MNT
source: RIPE

Afterwards you should be able to sign emails send to “RIPE Database” <auto-dbm@ripe.net> with your NemID certificate and the updates gets approved if your maintainer has authorization over the object you try to create/modify/delete.

My X.509 certificate

Documents: RIPE NCC Webinar Thursday 12 October 2017

RIPE NCC: IPv6 in the RIPE Database Webinar Slides

RIPE NCC: IPv6 Address Plan

RIPE NCC: IPv6 CIDR Chart (2015)

RIPE NCC: IPv4 CIDR Chart (2015)

RIPE NCC: Database Objects Overview Diagram

De-bogonising 2a10::/12 | RIPE

With the RIPE NCC having become the first RIR to receive an additional /12 IPv6 allocation (2a10::/12) from IANA a few months ago, we will soon begin to delegate space from this IPv6 block to LIRs. In preparation for this, in order to improve routability and minimise the risk of filtering, the RIPE NCC will perform several de-bogonising activities in the next few weeks.We plan to start announcing the full /12, as well as a few /32 or longer blocks out of 2a10::/12 from AS12654 (RIPE Routing Information System (RIS)), within the next few days. We will analyse data from RIS and RIPE Atlas and we plan to write up an analysis around this effort.We want to remind everybody to update their bogon filters and allow routes originating from 2a10::/12 in their network.

Source: RIPE NEWS, Routing WG, Google (De-bogonising 2a10::/12)

Getting Ready for IPv4 Run-out — RIPE Network Coordination Centre

We currently have around 1.91 million IPv4 addresses remaining in our available pool. We expect to reach the end of this pool in the next few months, before the end of 2019. The exact date is not possible to predict as this depends on the rate at which new members/additional LIR accounts are opened.

Source: Getting Ready for IPv4 Run-out — RIPE Network Coordination Centre

Windows Title Updater for the RIPE NCC Database

View Script og GitHub

// ==UserScript==
// @name         TitleFixer - RIPE Database
// @namespace    https://github.com/netravnen/UserJSScripts
// @version      1.1.6
// @description  Change the title to something meaningful
// @author       netravnen
// @match        https://apps.db.ripe.net/search/lookup.html?source=*&key=*-RIPE&type=person
// @match        https://apps.db.ripe.net/search/lookup.html?source=*&type=person&key=*-RIPE
//
// @match        https://apps.db.ripe.net/search/lookup.html?source=*&key=*&type=mntner
// @match        https://apps.db.ripe.net/search/lookup.html?source=*&type=mntner&key=*
//
// @match        https://apps.db.ripe.net/search/lookup.html?source=*&key=ORG-*-RIPE&type=organisation
// @match        https://apps.db.ripe.net/search/lookup.html?source=*&type=organisation&key=ORG-*-RIPE
// @grant        none
// @UpdateURL    https://github.com/netravnen/UserJSScripts/raw/master/TitleFixer_RIPE_Database.user.js
// @homepageURL  https://github.com/netravnen/UserJSScripts/raw/master/TitleFixer_RIPE_Database.user.js
/**
Update 1.1.6 2018-08-08 Moved source to https://github.com/netravnen/UserJSScripts/
Update 1.1.5 2017-10-25 Updated namespace
Update 1.1.4 2017-10-25 Updated author github nickname because was changed in the past + Added @homepageURL
Update 1.1.3 2017-04-03 [..]
Update 1.1.2 2017-04-03 Updated regex to allow for 0 numbers in -RIPE strings
Update 1.1.1 2017-04-03 Updated inflexibel regex to of person/org chars in -RIPE strings
Update 1.1.0 2017-03-14 Added types maintainer and organization
Update 1.0.0 2017-03-14 Initial Commit
 */
// ==/UserScript==

(function() {
    'use strict';

    var type,title,identity,website;
    identity = document.getElementById( 'results' );
    website = document.getElementById( 'logo' ).getAttribute( 'alt' );
    // Person
    if (location.href.match( /search\/lookup\.html\?source=(ripe|RIPE)\&(key\=([A-Z]{2,4})([0-9]+)?\-RIPE\&type=person|type=person\&key\=([A-Z]{2,4})([0-9]+)?\-RIPE)/ )) {
        type = 'PERSON';
        title = location.href.match( /([A-Z]{2,4})([0-9]+)?\-RIPE/i )[0];
        identity = identity.querySelector( 'ul.attrblock > li:nth-child(1)' );
    }
    // Maintainer
    else if (location.href.match( /search\/lookup\.html\?source=(ripe|RIPE)\&(key\=([a-z0-9]+)\-mnt\&type=mntner|type=mntner\&key\=([a-z0-9]+)\-mnt)/ )) {
        type = 'MAINTAINER';
        title = location.href.match( /([a-z0-9]+)\-mnt/i )[0];
        identity = identity.querySelector( 'ul.attrblock > li:nth-child(2)' );
    }
    // Oranization
    else if (location.href.match( /search\/lookup\.html\?source=(ripe|RIPE)\&(key\=ORG\-([A-Z]{2,4})([0-9]+)?\-RIPE\&type=organisation|type=organisation\&key\=ORG\-([A-Z]{2,4})([0-9]+)?\-RIPE)/ )) {
        type = 'ORGANIZATION';
        title = location.href.match( /ORG\-([A-Z]{2,4})([0-9]+)?\-RIPE/i )[0];
        identity = identity.querySelector( 'ul.attrblock > li:nth-child(2)' );
    }
    title = title.toUpperCase();
    identity = identity.innerHTML.split(":")[1].trim();
    document.title = title + ' - ' + identity + ' - ' + type + ' - ' + website;
    console.log("Title tag splurged - TitleFixer - RIPE Database v1.1");
})();