You are here: Home > Manage IPs and ASNs > RIPE Database > Database Support > RIPE Database Documents > RIPE Database Documentation > Appendices > Appendix A- Syntax of Object Attributes

Appendix A- Syntax of Object Attributes

The syntax definitions of the object attributes that the RIPE Database supports are shown below.

The value of an attribute has a type. Some of the most commonly used and complex types are shown in the table below. Others are explained in the descriptions of the attributes.

Commonly Used Attribute Types

Type

Description

<quad>

<xdigit>.){1,4}

<dlabel>

Domain name label as specified in RFC 1034. The total length should not exceed 63 characters (octets)

<alnum>((-|<alnum>)*<alnum>)?

<action>

Please see RPSL RFC 2622

<address-prefix>

An address prefix is represented as an IPv4 address followed by the character slash "/" followed by an integer in the range from 0 to 32. The following are valid address prefixes: 128.9.128.5/32, 128.9.0.0/16, 0.0.0.0/0. The following address prefixes are invalid: 0/0, 128.9/16 since 0 or 128.9 are not strings containing four integers.

<ipv4-address>/<integer>

<address-prefix-range>

An address prefix range is an address prefix followed by an optional range operator. Please see RPSL RFC 2622.

<as-expression>

Please see RPSL RFC 2622

<as-number>

An "AS" string followed by a 32-bit integer

AS<integer>

<condition>

Please see RPSL RFC 2622

<domain-name>

Domain name as specified in RFC 1034 without a trailing dot ("."). The total length should not exceed 255 characters (octets)

<dlabel>(\.<dlabel>)*

<e-mail>

Email address specification as defined in RPSL RFC 2822

<filter>

Please see RPSL RFC 2622

<freeform>

A sequence of Latin 1 characters

<inet-rtr-name>

Specifies the name of an inet-rtr object.
It is a <domain-name>.

<ipv4-address>

An IPv4 address is represented as a sequence of four integers in the range from 0 to 255, separated by the character dot ("."). For example, 128.9.128.5 represents a valid IPv4 address.

[0-9]+(\.[0-9]+){3,3}

<ipv6-address>

<quad>(:<quad>){7,7}

<ipv6-address-prefix>

An IPv6 address prefix is represented as an IPv6 address followed by the character slash "/" followed by an integer in the range from 0 to 128.

<ipv6-address>/integer

<ipv6-filter>

Please see RPSLng RFC 4012

<irt-name>

Specifies the name of an irt object. It is an <object-name> starting with the prefix "IRT-" that is reserved for this object type.

<mntner-name>

<object-name>

<nic-handle>

From two to four characters, optionally followed by up to five digits, optionally followed by either a source specification of up to nine characters or two-letter country code. Source specification and country codes start with "-".

(<alpha>{2,4}([1-9]<digit>{0,5})?(-<alpha>

([a-zA-Z0-9_-]{0,7}<alnum>))?)|

(AUTO-<digit>+(<alpha>{2,4})?)

<object-name>

Many objects in RPSL have a name. An <object-name> is made up of letters, digits, the character underscore "_", and the character hyphen "-". The first character of a name must be a letter and the last character of a name must be a letter or a digit. The following words are reserved by RPSL, and they can not be used as names:
any, as-any, RS-any, peeras, and, or, not, atomic, from, to, at, action, accept, announce, except, refine, networks, into, inbound, outbound.

Names starting with certain prefixes are reserved for certain object types.
Names starting with "as-" are reserved for as-set names.
Names starting with "rs" are reserved for route-set names.
Names starting with "rtrs-" are reserved for rtr-set names.
Names starting with "fltr-" are reserved for filter-set names.
Names starting with "prng-" are reserved for peering-set names.
Names starting with "irt-" are reserved for irt object names.

<org-id>

The 'org-' string followed by two to four characters, followed by up to five digits, followed by a source specification. The first digit must not be "0". Source specification starts with "-" followed by a source name up to nine-characters in length.

org-<alpha>{2,4}([1-9]<digit>{0,4})-<registry-name>

<organisation-name>

A list of up to 12 words, each with up to 64 characters. Words can contain alphanumeric characters in addition to any of the following: asterisk, plus and minus signs, forward slash and backslash, dash, quotes, at sign, comma, dot, underscore, ampersand, exclamation mark, colon, semicolon, brackets and square brackets.

<peering>

Please see RPSL RFC 2622

<person-name>

A list of at least two words separated by white space. The first and the last word cannot end with dot ("."). A word is made up of letters, digits, the character underscore "_", and the character hyphen "-". The first character of a name must be a letter and the last character of a name must be a letter or digit.

<protocol>

Please see RPSL RFC 2622

<registry-name>

RIPE

<role-name>

Is a list of up to 12 words, each up to 64 characters. Words can contain alphanumeric characters in addition to the following: asterisk, plus and minus signs, forward slash and backslash, dash, quotes, at sign, comma, dot, underscore, ampersand, exclamation mark, colon, semicolon, brackets and square brackets.

<router-expression>

Please see RPSL RFC 2622 and RPSLng RFC 4012

<telephone-number>

Contact telephone number. Can take one of these forms:

+<integer-list>

+<integer-list> \(<integer-list> \)<integer-list>

+<integer-list> ext.<integer-list>

+<integer-list> \( integer-list \) <integer-list> ext. <integer-list>

<integer>

An integer

<alpha>

Any alphabetical character.

[A-Za-z]

<alnum>

Any alphabetical or numerical character.

[A-Za-z0-9]

list

of

A list of words separated by a comma (","). Cannot be empty.

ripe-list

of

A list of words separated by white space. Cannot be empty.

<integer-list>

A list of integers separated by white space or a dash ("-").

Descriptions of the attributes are listed below in the following format:

<attribute_name> <attribute_value(type)>
<description>

abuse-c: <nic-handle>
References a role object holding contact details of an abuse role.

address: <freeform>
Full postal address of a contact.

admin-c: <nic-handle>
References an on-site administrative contact.

aggr-bndry: <as-expression>
Defines a set of ASNs which forms the aggregation boundary.

aggr-mtd: inbound | outbound [<as-expression>]
Specifies how the aggregate is generated. Please see RPSL RFC 2622 for more information.

alias: <domain-name>
Specifies a canonical DNS name for the router.

as-block: <as-number> - <as-number>
Specifies the range of ASNs that the as-block object represents. Please see RPSS RFC 2725 for more information.

as-name: <object-name>
A descriptive name associated with an AS Number.

as-set: <object-name>
Defines the name of the set.

auth: <auth-scheme> <scheme-info>
Defines an authorisation scheme to be used. For a description, see the section, 'Authorisation Model'
<auth-scheme> and <scheme-info> can take the values listed below:

Authorisation Schemes

<auth-scheme>

<scheme-info>

MD5-PW

$1$abcd4321$HyM/GVhPqXkkIMVerxxQ3z

PGPKEY-<id>

1380K9U1

SSO

dbtest _at_ example _dot_ net

author: <nic-handle>
References a poem author.

aut-num: <as-number>
The autonomous system number.

certif: <public-key>
Contains the public key for a PGP key or an X509 certificate. The value of the public key is exported from your local key ring in ASCII-armored format or the certificate from your browser. All the lines of the exported key must be included. For PGP, this includes the begin and end markers and the empty line that separates the header from the key body. For X509 certificates, this includes the BEGIN CERTIFICATE and END CERTIFICATE lines.

components: [ATOMIC] [[<filter>] [protocol <protocol> <filter> ...]]

or: [ATOMIC] [[<ipv6-filter>] [protocol <protocol> <ipv6-

filter> ...]]
The "components:" attribute defines what component routes are used to form the aggregate.
<protocol> is a routing protocol name such as BGP4, OSPF or RIP, and <filter> or <ipv6-filter> is a policy expression.
Please refer to RPSL RFC 2622 and RPSLng RFC 4012 for more information.

country: <country-code>
Identifies a country. <country-code> must be a valid two-letter ISO 3166 country code.

default: to <peering> [action <action>] [networks <filter>]
Specifies default routing policies. Please refer to RPSL RFC 2622 for more information.

descr: <freeform>
A short description that is related to the object.

domain: <reverse-domain-name>
Reverse delegation for IPv4 or IPv6 address space.

e-mail: <e-mail>
Specifies an email address of a person, role, organisation or IRT team.

encryption: PGPKEY-<id>
References a key-cert object representing a Computer Security Incident Report Team (CSIRT) public key used to encrypt correspondence sent to the CSIRT. <id> is the key-id of the PGP public key in eight-digit hexadecimal format without "0x" prefix.

export: to <peering-1> [action <action-1>]
. . .
to <peering-N> [action <action-N>]
announce <filter>
Specifies an export policy expression. Please refer to RPSL RFC 2622 for more information.

export-comps: <filter> or <ipv6-filter>
Specifies an RPSL filter that matches the more specifics that need to be exported outside the aggregation boundary. Please refer to RPSL RFC 2622 and RPSLng RFC 4012 for more information.

export-via: [protocol <protocol-1>] [into <protocol-2>]

afi <afi-list>

<peering-1>

to <peering-2> [action <action-1>; <action-2>; ... <action-N>;]

<peering-3>

to <peering-M> [action <action-1>; <action-2>; ... <action-N>;]

announce <filter>

Specifies export policy expression for non-adjacent networks. Please refer to the RFC on export-via for more information.

fax-no: <telephone-number>
The fax number of a contact.

filter: <filter>
Defines the set's policy filter, a logical expression which, when applied to a set of routes, returns a subset of these routes. Please refer to RPSL RFC 2622 for more information.

filter-set: <object-name>
Defines the name of the filter. Please refer to RPSL RFC 2622 for more information.

fingerpr: <generated>
A fingerprint of a key certificate generated by the database. Please refer to RFC 2726 for a detailed description of this attribute.

form: FORM <string>
Specifies the identifier of a registered poem object.

holes: list of <address-prefix> or <ipv6-address-prefix>
Lists the component address prefixes that are not reachable through the aggregate route (possibly because that part of the address space is unallocated). Please refer to RPSL RFC 2622 and RPSLng RFC 4012 for more information.

ifaddr: <ipv4-address> masklen <integer> [action <action>]
Specifies an interface address within an Internet router. Please refer to RPSL RFC 2622 for more information.

import: [protocol <protocol-1>] [into <protocol-2>]
from <peering-1> [action <action-1>]
. . .
from <peering-N> [action <action-N>]
accept <filter>
Specifies import policy expression. Please refer to RPSL RFC 2622 for more information.

import-via: [protocol <protocol-1>] [into <protocol-2>]

afi <afi-list>

<peering-1>

from <peering-2> [action <action-1>; <action-2>; ... <action-N>;]

<peering-3>

from <peering-M> [action <action-1>; <action-2>; ... <action-N>;]

accept (<filter>|<filter> except <importexpression>|

<filter> refine <importexpression>)

Specifies import policy expression for non-adjacent networks. Please refer to RPSL RFC 2622 for import-via for more information.

inetnum: <ipv4-address> - <ipv4-address>
Specifies a range of IPv4 addresses. The end address should be greater than or equal to the start address..

inet6num: <ipv6-address>/<prefix-length>
Specifies a range of IPv6 addresses in prefix notation. The <prefix length> is an integer in the range from 0 to 128.

inet-rtr: <domain-name>
Fully qualified DNS name of the inet-rtr, written without a trailing dot ".". Please refer to RPSL RFC 2622 for more information.

inject: [at <router-expression>]
[action <action>]
[upon <condition>]
Specifies which routers perform the aggregation and when they perform it. In route objects, the router expression can contain only IPv4 expressions. In route6 objects, it can only contain IPv6 expressions. Please refer to RPSL RFC 2622 and RPSLng RFC 4012 for more information.

interface: <ipv4-address> or <ipv6-address> masklen <masklen> <integer> [action <action>]

[tunnel <remote-endpoint-address>,<encapsulation>]

Specifies a multiprotocol interface address within an Internet router. Please refer to RPSLng RFC 4012 for more information.

irt: <irt-name>
A unique identifier of an irt object. The name should start with the prefix "irt-", reserved for this type of object.

irt-nfy: <e-mail>
Specifies the email address to be notified when a reference to the irt object is added or removed.

key-cert: PGPKEY-<id>
Defines the public key stored in the database. <id> is the ID of the PGP public key in eight-digit hexadecimal format without "0x" prefix.

local-as: <as-number>
Specifies the autonomous system that operates the router. Please refer to RPSL RFC 2622 for more information.

method: <generated>
Defines the type of the public key. Currently, the only methods supported are "PGP" and "X509". Please refer to RFC 2726 for detailed description of this attribute.

member-of: list of <set-name>
This attribute can be used in the route, route6, aut-num and inet-rtr objects. The value of the "member-of:" attribute identifies a set object that this object wants to be a member of. This claim to membership, however, should be acknowledged by a respective "mbrs-by-ref:" attribute in the referenced object. Please refer to RPSL RFC 2622 for more information.

members: list of <as-number> or <as-set-name>
or
members: list of <address-prefix-range>or
<route-set-name><range-operator>
or
members: list of <inet-rtr-name> or <rtr-set-name> or
<ipv4 address>

Lists the members of the set. The first form appears in the as-set object. The syntax of <as-set-name> is the same as the syntax of <object-name>. The second form appears in the route-set object. The syntax of <route-set-name> is the same as the syntax of <object-name>. The third form appears in the rtr-set object. The syntax of <inet-rtr-name> is the same as the syntax of <object-name>. Please refer to RPSL RFC 2622 for more information.

mbrs-by-ref: list of <mntner-name> | ANY
This attribute can be used in all the set objects. It allows indirect population of a set. If this attribute is used, the set also includes objects of the corresponding type (aut-num objects for as-set, for example) that are protected by one of these maintainers and whose "member-of:" attributes refer to the name of the set. If the value of a "mbrs-by-ref:" attribute is ‘ANY', any object of the corresponding type that refers to the set is a member of the set. If the "mbrs-by-ref:" attribute is missing, the set is defined explicitly by the "members:" attribute.

mntner: <object-name>
A unique identifier of the mntner object.

mnt-by: list of <mntner-name>
Specifies the identifier of a registered mntner object used for the authorisation of operations performed on the object containing this attribute.

mnt-domains: list of <mntner-name>

Specifies the identifier of a registered mntner object used for reverse domain authorisation. Controls creation of domain objects. The authorisation method of this mntner object will be used to authorise the creation of an exact match or more specific reverse domain object.

mnt-irt: list of <irt-name>
May appear in an inetnum or inet6num object. It references an existing irt object representing a CSIRT that handles security incidents for the address space specified by the inetnum or inet6num object.

mnt-lower: list of <mntner-name>
Specifies the identifier of a registered mntner object used for hierarchical authorisation. Controls creation of objects that are one level more specific in the hierarchy of an object type (i.e. inetnum, inet6num, as-block, aut-num, route, route6 objects). The authorisation method of this mntner object will then be used to authorise the creation of any object one level more specific to the object that contains the "mnt-lower:" attribute.

mnt-nfy: <e-mail>
Specifies the email address to be notified when an object protected by a mntner is successfully updated.

mnt-ref: list of <mntner-name>

This attribute is only in an organisation object. It specifies the mntner objects that can authorise the addition of references to the organisation object from other objects.

mnt-routes: <mnt-name> [ { list of <address-prefix-range> } | ANY ]
May be used in an aut-num, inetnum, inet6num, route or route6 object. Specifies the identifier of a registered mntner object that controls the authorisation of the creation of route and route6 objects. After the reference to the maintainer, an optional list of prefix ranges inside of curly brackets ‘{}' or the keyword ‘ANY' may follow. The default, when no additional set items are specified, is ‘ANY' or all more specifics. The address prefix range can contain only IPv4 prefix ranges in inetnum and route objects, only IPv6 prefix ranges in inet6num and route6 objects, and it can contain both IPv4 and IPv6 prefix ranges in aut-num objects. Please refer to RPSL RFC 2622 and RPSLng RFC 4012 for more information.

mp-default: to <peering> [action <action>] [networks <filter>]

Specifies default multiprotocol routing policies. Please refer to RPSLng RFC 4012 for more information.

mp-export:

[protocol <protocol-1>] [into <protocol-1>]

afi <afi-list>

to <peering-1> [action <action-1>]

.

.

.

to <peering-N> [action <action-N>]

announce <filter>

Specifies a multiprotocol export policy expression. Please refer to RPSLng RFC 4012 for more information.

mp-filter:

Defines the set's multiprotocol policy filter. Please refer to RPSLng RFC 4012 for more information.

mp-import: [protocol <protocol-1>] [into <protocol-1>]

afi <afi-list>

from <peering-1> [action <action-1>]

.

.

.

from <peering-N> [action <action-N>]

accept (<filter>|<filter> except <importexpression>|

<filter> refine <importexpression>)

Specifies multiprotocol import policy expression. Please refer to RPSLng RFC 4012 for more information.

mp-members: afi <afi-list> list of <address-prefix-range> or

<route-set-name> or

<route-set-name><range-operator>

Lists the multiprotocol members of the set. Refer to RPSLng RFC 4012 for more information.

mp-peer: <protocol> afi <afi> <ipv4- or ipv6- address> <options>

| <protocol> <inet-rtr-name> <options>

| <protocol> <rtr-set-name> <options>

| <protocol> <peering-set-name> <options>

Specifies the details of any (interior or exterior) multiprotocol router peerings. Please refer to RPSLng RFC 4012 for more information.

mp-peering: <as-expression> [<mp-router-expression-1>] [at <mp-router-expression-2>] | <peering-set-name>

Defines a multiprotocol peering that can be used for importing or exporting routes. Please see RPSLng RFC 4012 for more information.

netname: <netname>
Specifies the name of a range of IP address space. The syntax of the <netname> attribute is the same as the syntax of the <object-name> attribute, but it does not have a restriction on RPSL-reserved prefixes.

nic-hdl: <nic-handle>
Specifies the NIC handle of a role or person object. When creating an object, one can also specify an "AUTO" NIC handle by setting the value of the attribute to "AUTO-1" or AUTO-1 <initials>. In these cases, the database software will assign the NIC handle automatically.

notify: <e-mail>
Specifies the email address to which notifications of changes to this object should be sent.

nserver: <domain-name> [ <ipv4-address> | <ipv6-address> ]
Specifies the name servers of the domain, optionally followed by a glue record.

org: <org-id>

This optional attribute may be used in any object type. It references an existing organisation object. For some resource objects, it is a required attribute. In these cases, the referenced organisation object represents the entity that holds the resource. In other objects, it can be used to specify a business relationship. The value of this attribute is the ID of the organisation object. It is required in the inetnum and inet6num objects with ‘ALLOCATED-BY-RIR', ‘ALLOCATED PA', ‘ALLOCATED PI' and ‘ALLOCATED UNSPECIFIED' status values.

The "org:" attribute is single-valued in the inetnum, inet6num and aut-num objects, and it is multi-valued in all other objects.

org-name: <organisation-name>

Specifies the name of the organisation that this organisation object represents in the RIPE Database. This is an ASCII-only text attribute. This restriction is because the attribute is a look-up key and the RIPE Database protocol does not allow specifying character sets in queries. The user can put the name of the organisation using Latin 1 character set in the "descr:" attribute if required. But any use of non-ASCII characters in any object may cause problems during the update process.

org-type:

Specifies the type of the organisation. The possible values are shown in the section 'Description of the ORGANISATION Object'.

organisation: <org-id>

Specifies the ID of an organisation object. When creating this object, the value of this attribute is automatically generated. The user has to specify an "AUTO" ID by setting the value to "AUTO-1" or "AUTO-1<letterCombination>, so that the database will assign the ID automatically.

origin: <as-number>
Specifies the AS Number that originates the route. The corresponding aut-num object should exist in the database.

owner: <generated>
Specifies the owner of the public key. Please refer to RFC 2726 for a detailed description of this attribute.

peer:

<protocol><ipv4-address><options>

<protocol><inet-rtr-name><options>

<protocol><rtr-set-name><options>

<protocol><peering-set-name><options>

May appear in an inet-rtr object. Specifies a protocol peering with another router. Please refer to RPSL RFC 2622 for more information.

peering: <peering>
Defines a peering that can be used for importing or exporting routes. Please refer to RPSL RFC 2622 for more information.

peering-set: <object-name>
Specifies the name of the peering-set. Please refer to RPSL RFC 2622 for more information.

person: <person-name>
Specifies the full name of an administrative, technical or zone contact person for other objects in the database.

peering-set: <object-name>
Specifies the name of the peering-set. Please refer to RPSL RFC 2622 for more information.

phone: <telephone-number>
Specifies a telephone number of the contact.

poem: POEM <string>
Specifies the title of a poem.

poetic-form: FORM <string>
Specifies the poem type.

ref-nfy: <e-mail>
Specifies the email address, as defined in RFC 2822, to be notified when a reference to the organisation object is added or removed.

remarks: <freeform>
Contains remarks.

role: <role-name>
Specifies the full name of a role entity, e.g. RIPE DBM.

role-name: <role-name>

Specifies the name of the role in the RIPE Database. This is an ASCII-only text attribute. This restriction is because the attribute is a look-up key and the RIPE Database protocol does not allow specifying character sets in queries. Any use of non-ASCII characters in any object may cause problems during the update process.

route: <address-prefix>
Specifies the prefix of the interAS route. Together with the "origin:" attribute, it constitutes a primary key of the route object.

route6: <ipv6-address>/<prefix-length>
Specifies an IPv6 prefix. The <prefix length> is an integer in the range from 0 to 128. This is the prefix of the interAS route. Together with the "origin:" attribute, it constitutes a primary key of the route6 object.

route-set: <object-name>
Specifies the name of the route set. It is a primary key for the route-set object. Please refer to RPSL RFC 2622 for more information.

rtr-set: <object-name>
Defines the name of the rtr-set. Please refer to RPSL RFC 2622 for more information.

signature: PGPKEY-<id>
References a key-cert object representing a CSIRT public key used by the team to sign their correspondence. <id> is the key-id of the PGP public key in eight-digit hexadecimal format without "0x" prefix.

source: <registry-name>
Specifies the registry where the object is registered. This should be "RIPE" for the RIPE Database.

status: <status>
Specifies the status of the address range represented by an inetnum or inet6num object or the status of an AS Number represented by an aut-num object. For the possible values, see the sections 'Description of the INETNUM Object', 'Description of the INET6NUM Object' and 'Description of the AUT-NUM Object'.

Please refer to the RIPE Document ripe-622, "IPv4 Address Allocation and Assignment Policies in the RIPE NCC Service Region", for further information.

tech-c: <nic-handle>
References a technical contact.

text: <freeform>
Contains text of the poem. Should be humorous, but must not be malicious or insulting.

upd-to: <e-mail>
Specifies the email address to be notified when an object protected by a mntner is unsuccessfully updated. See also the section, 'Notifications'.

zone-c: <nic-handle>
References a zone contact.

This documentation is in draft status.
Please send any feedback or feature requests to ripe-dbm@ripe.net.