Is such behavior
it contractually permissible, within the RIPE region?

The NCC's contracts do not forbid individuals/organizations from hijacking prefixes that do not belong to them*. That isn't their job.
The NCC is tasked with guaranteeing uniqueness. They are not tasked with enforcing implementation constraints on others, especially not on a legal basis.
Doing so would be far too costly and would likely increase the amount of hijacking we see (can't enforce a contract with someone who hasn't signed it).
This isn't unique. The ARIN RSA holds no such stipulations. While I've never seen their agreements, I'd be willing to bet the other regions are similar.

Is this the accepted norm in the RIPE region?
 
It isn't the norm, nor is it considered acceptable. From the few times I've had to deal with hijacking, large ISPs are generally very willing to cooperate when prefix holders contact them.

Ultimately, the solution is likely proper enforcement of RPKI and/or "trusted" route objects (those signed by a RIR with an authoritative database over the prefix who will not accept prefixes without authorization), not contractual enforcement by the RIRs.


*A given LIR might include such a clause, though I've never seen it done.




On Tue, Jun 26, 2018 at 12:18 AM, Ronald F. Guilmette <rfg@tristatelogic.com> wrote:

Please excuse me for this rather naive question, but I really
don't know the answer.   (And in the present context, I would
very much like to know.)

Do the contracts that various entities, including but not
limited to LiRs, sign with RIPE, in exchange for being issued
RIPE number reources, include any sort of a stipulation or
condition that the parties agree not to deliberately and
with malice aforethought announce routes either (a) using
AS numbers which have not been issued to them by one of the
five Regional Internet Registries and/or (b) covering IP
address space that has not been formally issued to them, or
to any of their legitimate customers by one of the five
Regional Internet Registries?

I guess that another way of expressing this question would be:
Do RIPE contracts allow anyone to announce whatever the hell they
want, willy nilly, and with no concern whatsoever for the formal
allocation process?

I wouldn't ask, but it appears that certain RIPE members do not
feel particularly constrained to avoid announcing routes to IP
address space that they are clearly and deliberately stealing from
other parties.

Is this the accepted norm in the RIPE region?  Is such behavior
it contractually permissible, within the RIPE region?