Can I create a maintainer with only PGP authentication?
When you have created a person and maintainer pair, your maintainer will be protected with your RIPE NCC Access account. After this, you can create the key-cert object for PGP authentication and refer to it from your maintainer.
Once this is done, you can use both the PGP key and your RIPE NCC Access account to authenticate. We recommend leaving at least one RIPE NCC Access account (optionally with two-step verification) on a maintainer as a safety net in case something happens to your PGP key. This way you can always recover lost access yourself.