Hi, Just pitching in even though I am trying to stay out of the ASN stuff, I have two unanswered tickets about ASNs with no contact information since March 2025, I have personally spoken about them with IPRAs at RIPE90, we are now in October and there is no change, those networks are still very much anonymous. Additionally, I recently noticed a new South Korean out-of-region LIR (*RIPE NCC member*). Their website seems to be a generic template that isn't accessible over HTTPS, even though they're presenting themselves as an ISP. (for the more curious: ORG-NC150-RIPE) These I believe are considered members and/or direct assignees. Perhaps there is still room for improvement with the RIPE NCC KYC. Radu On 10/8/2025 6:51 PM, Nick Hilliard wrote:
the ripe ncc already implements kyc for its members and direct assignment resource holders. You can't get a PI assignment without validating your identity, and there are comparable processes for businesses who wish to become LIRs. These are hard-enforced. If you don't comply, your application will be rejected.
In addition to this, all LIRs are subject to a periodic Assisted Registry Check.
The BEIN letter seems to confuse data about RIPE members / direct assignees with general end users of ISPs.
The confusion may be happening because the RIPE database is a mixture of several different categories of data. Some of the data is authoritative (i.e. RIPE LIR and Direct Assignments) and some is non-authoritative (i.e. LIR assignments). A good deal of the non authoritative data is of very poor quality, but the authoritative data is all subject to RIPE KYC processes and regularly audited. Mixing these two data sets up does not benefit anyone.
It's the job of the ISP to ensure that they have KYC processes with their end users.
Nick