On 17 Nov 2025, at 13:48, Marco Schmidt <mschmidt@ripe.net> wrote: [..] On 17/11/2025 12:18, Sasha Romijn wrote:
Hi Marco,
Thanks for working on this proposal.
On 17 Nov 2025, at 12:01, Marco Schmidt <mschmidt@ripe.net> wrote:
Introduce a new reg-nr: attribute for RIPE NCC co-maintained organisation objects, containing verified company registration numbers issued by national authorities. Will this have some kind of scope to a country/registry? If I see a number, how do I know where to look it up? It might even be ambiguous without scope, as the same number might be used in different company registries. I don't know if all countries have a single registry. For countries with multiple regional company registries, such as Germany or the USA, we would specify which registry contains the legal entity’s record. For countries with a single national registry, the existing attribute with country code of legal registration together with the new company registration number attribute should be sufficient to identify the resource holder.
This sounds like a good thing to have. Can we get that in WHOIS and then also have that as a dump for easy ingestion? An example WHOIS entry on how this could look like could be a good example. I think having both the URL of the company register (so that one does not have to figure out what it is), be that a link to a contact address that one has to call to get details, or that has a public lookup interface can help a lot. Eg Switzerland has https://zefix.admin.ch <https://zefix.admin.ch/> enter the name and one can see what is behind the company and if that looks like something that is legal or barely legal. At least, it will solve the big problem of companies claiming to have a POBox in one country and then having their "company" registered in the fun countries that do not seem to have any legal process or escalation paths whatsoever. Unfortunately there are many of those. One additional thing would be as it is not GPDR sensitive, that this information is also exposed in a DB dump, so that one can easily take such a dump, and mark prefixes as 'fun traffic'. This will help with scoring in various locations to what extent traffic might actually just be anonymous / disrespecting of the law or not. And yes, it sucks then for entities that are actually located in those countries, they are trying to get by and sucked into that too :(... Greets, Jeroen