RIPE NCC Certification Service Terms and Conditions

This document will stipulate the Terms and Conditions for the RIPE NCC Certification Service. The RIPE NCC Certification Service is based on Internet Engineering Task Force (IETF) standards, in particular RFC3647, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework", RFC3779, "X.509 Extensions for IP Addresses and AS Identifiers", and the "Certificate Policy (CP) for the Resource PKI (RPKI)".

Introduction

This document will stipulate the Terms and Conditions for the RIPE NCC Certification Service. The RIPE NCC Certification Service is based on Internet Engineering Task Force (IETF) standards, in particular RFC3647, "Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework", RFC3779, "X.509 Extensions for IP Addresses and AS Identifiers", and the "Certificate Policy (CP) for the Resource PKI (RPKI)".

Article 1 - Definitions

In the Terms and Conditions, the following terms shall be understood to have the meanings assigned to them below:

RIPE NCC - Réseaux IP Européens Network Coordination Centre, a membership association under Dutch law, operating from its registered office in Amsterdam, the Netherlands.

Member – A natural person or a legal entity that has entered into the RIPE NCC Standard Service Agreement with the RIPE NCC.

Certificate – Digitally signed data object generated by the RIPE NCC Certification Service.

Internet number resources – Globally unique IP addresses (IPv4 and IPv6) and Autonomous System Numbers (ASNs) registered with an Internet Number Registry, such as the RIPE NCC, that allocates Internet number resources and holds and publishes details of Internet number resource information.

RPKI-signed objects – Digitally signed data objects created using the Certificate, such as Route Origin Authorisation (ROA) objects.

ROA object – Route Origin Authorisation object, an RPKI-signed object that binds a set of IP address blocks to an ASN.

LIR Portal – The secure web interface through which Members access various RIPE NCC services.

Repository – A publicly accessible location where all Certificates, Certificate Revocation Lists (CRLs) and RPKI-signed objects are published and available to download by third parties for validation purposes.

RIPE community - RIPE (Réseaux IP Européens) is a collaborative forum open to all parties interested in wide area IP networks in Europe and beyond. The objective of RIPE is to ensure the administrative and technical coordination necessary to enable the operation of a pan-European IP network.

Article 2 – General

The Terms and Conditions come into effect by means of an offer and an acceptance.

By clicking the button “I accept. Create my Certificate Authority” in the LIR Portal, Members confirm that that they have read, understood and agree to be bound by these Terms and Conditions.

The RIPE NCC reserves the right to amend these Terms and Conditions. The RIPE NCC shall notify the Member of such amendments. After such amendments, a Member may continue to use the RIPE NCC Certification Service, provided they read, understand and agree to the amended Terms and Conditions.

These Terms and Conditions prevail over explanatory documents regarding the RIPE NCC Certification Service, including the Certification Practice Statement, which exists for convenience and informational purposes only and does not affect the interpretation of these Terms and Conditions.

Article 3 – Use of the RIPE NCC Certification Service

Upon the Member agreeing to these Terms and Conditions, the RIPE NCC shall generate a Certificate for the Member. The Certificate will reflect the registration of the Member’s Internet number resources according to the RIPE NCC’s registration records. Certificates may not be available for all types of Internet number resources. The RIPE NCC will not attach any other data to the Certificate (including personal data or data referring to the name, trade name or operations of the Member).

The Member shall use the RIPE NCC Certification Service for the following purposes only:

  • To assert that the Internet number resources indicated in the Certificate are registered with the Member

  • To configure specifications for creating ROA objects

Use of the RIPE NCC Certification Service or of Certificates for any other purpose, including identification purposes, is not recognised.

The Member shall be responsible for any use of the RIPE NCC Certification Service or of the Certificate.

The use of the RIPE NCC Certification Service or the Certificate does not support claims of alleged "ownership" of Internet number resources. Internet number resources registered by the RIPE NCC are subject to and exclusively governed by the policies adopted by the RIPE community.

The RIPE NCC Certification Service and the Certificate(s) will be available on a best effort basis and the RIPE NCC may suspend its operation or liability to the Member for technical, legal, anti-abuse or any other reasons within the scope of managing the operations of the RIPE NCC Certification Service.

The RIPE NCC shall publish the generated Certificate and any RPKI-signed objects created using this Certificate in the Repository.

Article 4 – Control of Use

The RIPE NCC is entitled to restrict any unauthorised use or to correct unauthorised use of the Service. For this purpose the RIPE NCC may perform security checks and audits.

Members must assist the RIPE NCC with security checks and audits as appropriate.

Article 5 – Revocation of Certificates

The RIPE NCC shall revoke a Certificate without any notice if any of the following cases occur:

  • The Certificate is inconsistent with the RIPE NCC registration records of the Member’s Internet number resources. In this case, the RIPE NCC will replace the revoked Certificate with a Certificate that matches the registration of the Member’s Internet number resources. The Member will not receive notice of the replacement of the Certificate. Any RPKI-signed objects created by the revoked Certificate for Internet number resources that are not indicated in the new Certificate shall be invalid.

  • For technical or security reasons, for example in case the Certificate is compromised. In this case, the RIPE NCC will replace the revoked Certificate with a new Certificate. The Member will not receive notice of the replacement of the Certificate.

  • The Member violates these Terms and Conditions.

The RIPE NCC shall publish the revoked Certificates in a Certificate Revocation List (CRL).

The RIPE NCC shall publish all CRLs in the Repository.

Article 6 – Liability

Use of the RIPE NCC Certification Service is at the Member’s own risk.

The Member shall be liable for all aspects of their use of the RIPE NCC Certification Service and the Certificate.

The RIPE NCC is in no way liable for any damages, including, but not limited to, damages to the Member’s business, loss of profit, damages to third parties, personal injury or damages to property, except in cases involving willful misconduct or gross negligence on the part of the RIPE NCC.

The RIPE NCC shall, in any event, not be liable for non-performance or damages due to force majeure, including but not limited to industrial action, strikes, occupations and sit-ins, blockades, embargoes, governmental measures, denial of service attacks, war, revolutions or comparable situations, power failures, defects in electronic lines of communication, fire, explosions, damage caused by water, floods and earthquakes.

The RIPE NCC is not liable in the case that local legislation prohibits the use of the RIPE NCC Certification Service or of the Certificate or the use of any technical aspects of the RIPE NCC Certification Service or of the Certificate.

The Member shall indemnify the RIPE NCC against any and all third party claims filed against the RIPE NCC in relation to the Member’s use of the RIPE NCC Certification Service or the Certificate.

Any rights on the part of the Member towards the RIPE NCC in connection with the generation or replacement of the Certificate and the use thereof shall finally and unconditionally lapse one year from the date on which the Member became aware of (or could in all fairness have been aware of) the existence of such rights. This one-year term can only be barred or interrupted by actual legal action instituted by the Member against the RIPE NCC.

Article 7 - Miscellaneous

The RIPE NCC's intellectual property (agreements, documents, software, databases, website, etc.) may only be used, reproduced and made available to third parties upon prior written authorisation from the RIPE NCC.

The RIPE NCC Certification Service is only available via the LIR Portal and a precondition for authorised access to the RIPE NCC Certification Service is authorised access to the LIR Portal.

If any provision contained in the Terms and Conditions is held to be invalid by a court of law, this shall not in any way affect the validity of the remaining provisions.

Article 8 - Governing Law

These Terms and Conditions shall be exclusively governed by the laws of the Netherlands. The competent court in Amsterdam shall have exclusive jurisdiction with regard to disputes arising from these Terms and Conditions.