http://www.ripe.net/ripe/docs/databaseref-manual.html 3.6.5 Protection of route object space The route object creation must satisfy several authentication criteria. It must match the authentication specified in the aut-num and the authentication specified in either a route object or, if no applicable route object is found, then an inetnum. Finally the creation must be authorised by the maintainer of the route object itself referenced by the "mnt-by:" attribute of the object. When checking for prefix authorisation, an exact route object prefix match is checked for first. If there is no exact match, then a longest prefix match that is less specific than the prefix is searched for. If the route prefix search fails, then a search is performed for an inetnum object that exactly matches the prefix or for the most specific inetnum object that is less specific than the route object submission. The aut-num object used for authentication checks is referenced by the "origin:" attribute of the route object. A route object must pass authorisation from both the referenced aut-num object and the route or inetnum object. Authorisation shall be tested using the maintainer(s) referenced in the "mnt-routes:" attribute(s) first. If that check fails, the "mnt-lower:" attributes are checked. If that check fails, the "mnt-by:" attributes are used for the authorisation check. ---------- aut-num: AS702 as-name: AS702 descr: UUNET - Commercial IP service provider in Europe .... mnt-routes: UUNETDK-MNT mnt-routes: AS1270-MNT mnt-routes: AS1849-MNT mnt-routes: AS1890-MNT mnt-routes: IWAY-NOC mnt-by: UUNET-MNT --------- I bet you didn't pass this authorization check. does this shed a light? :) BR, CCNP Boyan Krosnov Network Administrator Lirex Net phone: +359-2-91815
-----Original Message----- From: Stephen Burley [mailto:stephenb@uk.uu.net] Sent: Wednesday, December 05, 2001 12:30 PM To: lir-wg@ripe.net Cc: db-wg@ripe.net Subject: Can anyone shed some light on this?
route: 212.249.0.0/16 descr: UUNET CH origin: AS702 mnt-by: AS702-MNT password: ********* changed: jsc@ch.uu.net 20011204 source: RIPE
I send the above object to the DB and get the following error:
New FAILED: [route] 212.249.0.0/16 route: 212.249.0.0/16 descr: UUNET CH origin: AS702 mnt-by: AS702-MNT changed: stephenb@uk.uu.net 20011204 source: RIPE ***Error: Hierarchical authorisation failed, request forwarded to maintainer.
Objects in RIPE-181 format are no longer accepted. Please see http://www.ripe.net/rpsl for more information.
RIPE Database Maintenance Department
Which is strange as the mainainer is us AS702-mnt. Any help on this matter whould be appreciated as this is not the only one.
Regards Stephen Burley UUNET EMEA Hostmaster SB855-RIPE