Add Danish NemID X.509 public certificate to RIPE Database


If you ever used the RIPE Database.

You know the following RIPE Maintainer Authentication methods is possible.

  1. SSO (a.k.a. single sign on)
  2. key-cert (GnuPG keys + X.509 certificate)
  3. MD5 encrypted passwords


  1. IF you have the danish NemID follow the guidelines here to configure NemID on your computer. And then for you email program.
  2. Go find your public certificate here and download it.
  3. Open the certificate locally on your computer and prepend every line with ‘certif: ‘ so it looks the example below. Remember the key-value pairs:
    • key-cert: auto
    • mnt-by: xyz
    • source: ripe


  • from older RIPE documentation.
key-cert: AUTO-1
certif: -----BEGIN CERTIFICATE-----
certif: Ew91ay5idC50ZXN0LXVzZXIxLzAtBgkqhkiG9w0BCQEWIHRlc3QtdXNlckBsaW51
certif: AQEArv3srxyl1QA3uS4dxdZbSsGrfBrMRjMb81Gnx0nqa6i+RziIf13lszB/EYy0
certif: PgLpQFdGLdhUQ52YsiGOUmMtnaWNHnEJrBUc8/fdnA6GVdfF8AEw1PTfJ6t2Cdc9
certif: 2SwaF+5kCaUDwmlOgbM333IQmU03l3I1ILs32RpQyZ+df/ovHNrVzeLc2P59isac
certif: bfjM2S0SXPQzHjuVLH40eOgVuXA/5LAYs51eXqwtKszSxFhqekf+BAEcRDrXmIT4
certif: e3zfiZOsXKe0UfaEABgHUMrYjsUCJ8NTMg6XiVSNwQQmXCdUbRvK7zOCe2iCX15y
certif: IE5DQyBDQTAdBgNVHQ4EFgQUzdajNaRorkDTAW5O6Hpa3z9pP3AwgZsGA1UdIwSB
certif: d2FyZSBQS0kgVGVzdGluZzEfMB0GCSqGSIb3DQEJARYQc29mdGllc0ByaXBlLm5l
certif: dIIBADANBgkqhkiG9w0BAQQFAAOBgQByg8L8RaiIz5k7n5jVwM/0oHSf48KRMBdn
certif: YdN2+eoEjVQbz48NtjbBTsOiUYj5AQWRHJrKtDQ+odbog0x7UsvhXjjBo/abJ6vI
certif: AupjnxP3KpSe73zmBUiMU8mvXLibPP1xuI2FPM70Y7fgeUehbmT7wdgqs7TEtYww
certif: PeUqjPPTZg==
certif: -----END CERTIFICATE-----
mnt-by: YOUR-MNT
source: RIPE

Afterwards you should be able to sign emails send to “RIPE Database” <> with your NemID certificate and the updates gets approved if your maintainer has authorization over the object you try to create/modify/delete.


My X.509 certificate

De-bogonising 2a10::/12 | RIPE

With the RIPE NCC having become the first RIR to receive an additional /12 IPv6 allocation (2a10::/12) from IANA a few months ago, we will soon begin to delegate space from this IPv6 block to LIRs. In preparation for this, in order to improve routability and minimise the risk of filtering, the RIPE NCC will perform several de-bogonising activities in the next few weeks.We plan to start announcing the full /12, as well as a few /32 or longer blocks out of 2a10::/12 from AS12654 (RIPE Routing Information System (RIS)), within the next few days. We will analyse data from RIS and RIPE Atlas and we plan to write up an analysis around this effort.We want to remind everybody to update their bogon filters and allow routes originating from 2a10::/12 in their network.

Source: RIPE NEWSRouting WG, Google (De-bogonising 2a10::/12)

Getting Ready for IPv4 Run-out — RIPE Network Coordination Centre

We currently have around 1.91 million IPv4 addresses remaining in our available pool. We expect to reach the end of this pool in the next few months, before the end of 2019. The exact date is not possible to predict as this depends on the rate at which new members/additional LIR accounts are opened.

Source: Getting Ready for IPv4 Run-out — RIPE Network Coordination Centre

Windows Title Updater for the RIPE NCC Database

View Script og GitHub

// ==UserScript==
// @name         TitleFixer - RIPE Database
// @namespace
// @version      1.1.6
// @description  Change the title to something meaningful
// @author       netravnen
// @match*&key=*-RIPE&type=person
// @match*&type=person&key=*-RIPE
// @match*&key=*&type=mntner
// @match*&type=mntner&key=*
// @match*&key=ORG-*-RIPE&type=organisation
// @match*&type=organisation&key=ORG-*-RIPE
// @grant        none
// @UpdateURL
// @homepageURL
Update 1.1.6 2018-08-08 Moved source to
Update 1.1.5 2017-10-25 Updated namespace
Update 1.1.4 2017-10-25 Updated author github nickname because was changed in the past + Added @homepageURL
Update 1.1.3 2017-04-03 [..]
Update 1.1.2 2017-04-03 Updated regex to allow for 0 numbers in -RIPE strings
Update 1.1.1 2017-04-03 Updated inflexibel regex to of person/org chars in -RIPE strings
Update 1.1.0 2017-03-14 Added types maintainer and organization
Update 1.0.0 2017-03-14 Initial Commit
// ==/UserScript==

(function() {
    'use strict';

    var type,title,identity,website;
    identity = document.getElementById( 'results' );
    website = document.getElementById( 'logo' ).getAttribute( 'alt' );
    // Person
    if (location.href.match( /search\/lookup\.html\?source=(ripe|RIPE)\&(key\=([A-Z]{2,4})([0-9]+)?\-RIPE\&type=person|type=person\&key\=([A-Z]{2,4})([0-9]+)?\-RIPE)/ )) {
        type = 'PERSON';
        title = location.href.match( /([A-Z]{2,4})([0-9]+)?\-RIPE/i )[0];
        identity = identity.querySelector( 'ul.attrblock > li:nth-child(1)' );
    // Maintainer
    else if (location.href.match( /search\/lookup\.html\?source=(ripe|RIPE)\&(key\=([a-z0-9]+)\-mnt\&type=mntner|type=mntner\&key\=([a-z0-9]+)\-mnt)/ )) {
        type = 'MAINTAINER';
        title = location.href.match( /([a-z0-9]+)\-mnt/i )[0];
        identity = identity.querySelector( 'ul.attrblock > li:nth-child(2)' );
    // Oranization
    else if (location.href.match( /search\/lookup\.html\?source=(ripe|RIPE)\&(key\=ORG\-([A-Z]{2,4})([0-9]+)?\-RIPE\&type=organisation|type=organisation\&key\=ORG\-([A-Z]{2,4})([0-9]+)?\-RIPE)/ )) {
        type = 'ORGANIZATION';
        title = location.href.match( /ORG\-([A-Z]{2,4})([0-9]+)?\-RIPE/i )[0];
        identity = identity.querySelector( 'ul.attrblock > li:nth-child(2)' );
    title = title.toUpperCase();
    identity = identity.innerHTML.split(":")[1].trim();
    document.title = title + ' - ' + identity + ' - ' + type + ' - ' + website;
    console.log("Title tag splurged - TitleFixer - RIPE Database v1.1");