Regnr attribute: Stop Orgname Confusion in RIPE

As of 30 April 2026, the reg-nr: attribute is live in the RIPE Database to resolve identity ambiguity. (Draft ripe ncc charging scheme 2026) This update marks a critical shift from vague naming conventions to precise, government-verified corporate identification within internet registry records. The RIPE NCC executed this change following NWI-21 approval, directly addressing the confusion caused by duplicate or nearly identical org-name entries that have long plagued network operators.

Readers will learn how this new field integrates into the organisation object hierarchy to link resources like inetnum blocks to specific legal entities. The guide provides a step-by-step workflow for modifying objects, mirroring the RIPE NCC's own update of ORG-RIEN1-RIPE in late 2025.

This move comes as the IPv4 market matures; ARIN reports indicate a post-2021 correction, while RIPE NCC data shows a lagged decline, proving that accurate holder identification is now more valuable than speculative hoarding. By mandating these company registration numbers, the Database Working Group ensures that asset ownership remains transparent even as trading volumes stabilize. Ignoring these updates risks administrative deadlock when disputing resources in an increasingly litigious environment.

The Role of the reg-nr Attribute in Modern Resource Holder Identification

The reg-nr Attribute as a Verified Legal Identity Layer

Ambiguity kills operational efficiency. When two distinct firms register as "Global Tech Ltd", the database cannot distinguish them using org-name alone due to character set restrictions. The reg-nr: attribute embeds official company registration numbers into organisation objects to fix this.

Implemented on 30 April 2026 following NWI-21, this field creates a distinct verified legal identity layer separate from human-readable labels. The mechanism addresses a specific protocol constraint where the org-name attribute accepts only ASCII text for lookup operations, forcing international entities to strip diacritics or translate characters. The numeric reg-nr: value bypasses this limitation by providing a unique, language-agnostic identifier that remains stable regardless of naming conventions.

Technical integration occurs within the existing object hierarchy where secondary objects link to primary resources like `aut-num` records. Modification rights for these new fields rely entirely on the maintenance protection model, requiring a valid `mntner` reference in the `mnt-by:` attribute to prevent unauthorized edits. This design ensures that only authorized maintainers can alter the registration number, preserving data integrity without introducing new authentication protocols.

A critical limitation emerges for natural persons and governmental bodies, where privacy rules mandate publishing "Not applicable" instead of a number. Operators querying the RIPE Database must therefore handle null values programmatically rather than assuming universal coverage. The absence of a registration number does not indicate an error but reflects a deliberate policy exception for non-commercial holders. Linking resource holders to official data requires the org: attribute to bridge primary objects like `inetnum` with verified organisation records.

The mechanism resolves naming collisions by anchoring ASCII-limited `org-name` fields to unique government-issued numbers stored in `reg-nr:`. Operational linkage depends on the mandatory `org:` reference within secondary objects, ensuring every IP assignment traces back to a single registered entity. The RIPE NCC demonstrated this compliance by updating its own `ORG-RIEN1-RIPE` object in late 2025, setting a precedent for co-maintained records.

However, privacy constraints force `Not applicable` values for natural persons and governmental bodies, limiting universal coverage. This exception creates a visibility gap where law enforcement cannot automatically correlate specific IP blocks to registered companies without manual intervention. Operators must verify `mnt-by:` protections to prevent unauthorized modification of these critical identifiers. The object hierarchy enforces this security through explicit maintainer references.

Network teams should treat absent registration numbers as high-priority data quality incidents rather than optional metadata. Failure to populate this field leaves the RIPE Database vulnerable to spoofing during dispute resolution processes.

Modifying the reg-nr: value demands a valid mnt-by: reference to an authorized mntner object.

This security model prevents unauthorized edits by binding every organisation record to a specific maintenance credential. Only holders of the maintainer password can alter the registration number, effectively locking the verified legal identity layer against tampering. The underlying object hierarchy enforces strict access control.

Operators attempting updates without proper credentials face immediate rejection from the database server.

The cost of this rigidity is operational friction during staff turnover or credential loss. Recovery requires manual intervention rather than automated self-service, delaying critical data corrections. This trade-off prioritizes integrity over speed, ensuring that no rogue actor can inject false company numbers into the registry.

Funding for the automation supporting these checks came from the 2026 Budget approved on December 11, 2025. The Executive Board allocated resources specifically to maintain maintenance protection across the expanded dataset.

Privacy Exceptions for Natural Persons and Governmental Organisations

Natural persons and governmental organisations receive a reg-nr value of "Not applicable" to satisfy strict privacy compliance mandates.

The attribute scope explicitly excludes these entity types because publishing official registration numbers for individuals or state bodies creates unacceptable exposure risks. This limitation ensures the verified legal identity layer remains compliant with data protection laws. Operators must recognize that the organisation object hierarchy treats these exceptions as mandatory rather than optional configurations.

The RIPE NCC enforces this distinction within the object hierarchy by rejecting numeric inputs for excluded `org-type` classifications. Attempting to force a registration number onto a natural person object triggers an immediate syntax error during update validation. This rigid enforcement prevents accidental data leaks that could occur if maintainers misunderstood the optional nature of the field for specific sectors. The trade-off is reduced granularity for non-commercial resource holders, as no alternative unique identifier replaces the missing numeric code. Misclassified entities risk having their reg-nr data stripped or flagged during routine integrity checks by the registry automation system.

Resolving Ambiguity in Co-Maintained Objects with Similar Names

Operators should provide their company registration number to disambiguate entities sharing identical ASCII-limited `org-name` values within the object hierarchy.

The reg-nr: attribute functions as a unique numeric key that bypasses text normalization collisions common in global registries. When two distinct firms register as "Global Tech Ltd", the database cannot distinguish them using org-name alone due to character set restrictions. Adding the official government-issued number creates a verified legal identity layer. This mechanism links primary resources like `inetnum` blocks to the correct legal entity via the mandatory `org:` reference field.

Implementing this field requires the object maintainer to possess valid credentials for the associated `mntner`. Only authorized parties can modify the reg-nr value, preventing malicious re-assignment of resource ownership. The limitation arises when organizations lack a standard commercial registration number, forcing the use of the "Not applicable" placeholder. This exception preserves privacy for natural persons but removes the disambiguation benefit for those specific records. Network operators managing co-maintained objects must verify these numbers against national business registries to ensure accuracy before submission.

RIPE 91 initiated the reg-nr:

1. Contributors discussed implementation mechanics within the Database Working Group during November 2025.2. The RIPE NCC updated its internal object to prove technical feasibility before year-end.
2. Executive leadership approved the 2026 activity budget, enabling a 1% resource increase for automation.
3. Final deployment occurred on 30 April 2026, completing NWI-21 ahead of RIPE.

This schedule demonstrates that policy consensus can drive tangible software changes within single fiscal years. However, the speed of adoption creates a dependency on maintainers updating legacy objects manually. Operators must verify that their mnt-by: credentials remain current to modify these new fields. Failure to synchronize maintainer records locks the reg-nr value permanently until administrative recovery occurs.

reg-nr Attribute Syntax and ASCII Constraints in Organisation Objects

The `reg-nr:` attribute accepts only ASCII characters, rejecting any Unicode digits or special symbols during submission.

Operators must format entries as pure alphanumeric strings to satisfy the RIPE Database requirements. This strict syntax prevents parsing errors when linking secondary objects to primary resources like `inetnum` via the mandatory `org:` pointer. Unlike `org-name`, which allows limited punctuation for readability, the registration number functions as a rigid index key. Db. Ripe. A single non-ASCII character triggers an immediate update failure, leaving the legal identity layer unverified.

1. Verify the government-issued number contains only letters A-Z and digits 0-9.2. Remove all hyphens, spaces, or country prefixes before submission.
2. Confirm the `mnt-by:` reference matches an active maintainer object.
3. Submit the update through the standard web interface or email gateway.

The trade-off is manual preprocessing effort versus guaranteed ingestion success.

Executing reg-nr Updates on ORG-RIEN1-RIPE and LIR Objects

Submit a ticket to the RIPE NCC for `reg-nr:` changes because member portals lock these co-maintained fields.

1. Retrieve the official company registration number from government records, ensuring the string contains only ASCII characters.
2. Draft the updated `organisation` object text locally, inserting the numeric value into the new attribute line.
3. Email the change request to the registry team, referencing the specific `mnt-by:` protector that authorizes the modification.

Direct member edits fail on this attribute since the joint management model restricts write access to RIPE NCC staff for legal identity data. The ORG-RIEN1-RIPE update in late 2025 proved that manual intervention remains necessary despite broader automation trends. Operators must verify their maintenance protection hierarchy before submission to prevent authorization errors during the review process.

This workflow introduces a latency penalty absent in standard self-service updates, delaying disambiguation benefits for several business days. The dependency on human review creates a bottleneck that scales poorly during mass migration events.

Validation Steps for mnt-by Authorization and Privacy Exceptions

Verify the mnt-by protector before submitting any reg-nr: update to avoid immediate rejection by the RIPE Database.

1. Confirm your maintainer object holds valid authorization keys, as only referenced mntner entities can modify these fields per maintenance protection rules.
2. Check if the entity is a natural person or government body, requiring the value "Not applicable" rather than a numeric string.
3. Format the registration number as ASCII-only text, rejecting any Unicode digits that fail attribute specification.
4. Submit the change through InterLIR if the object hierarchy links to co-maintained resources.

Operators often overlook that privacy exceptions are mandatory, not optional, for non-commercial entities. Attempting to force a registration number onto a government object violates the object hierarchy constraints and flags the update for manual review. This strict enforcement prevents data pollution but delays legitimate changes if the maintainer status is ambiguous.

Direct email to [email protected] initiates the correction workflow for invalid reg-nr entries.

Operators reporting incomplete data bypass standard portal updates because joint management locks these specific fields against member editing. The object hierarchy requires human oversight. Member Services staff manually validate the submitted registration number against official government records before applying the change. This human review step introduces a latency window distinct from automated RPKI validation cycles. Natural persons and government bodies receive a Not applicable value instead of a numeric string, creating a binary validation path for the support team. The RIPE NCC absorbs the operational cost of this verification since the flat membership fee structure does not scale with ticket volume.

Delays occur when submitters fail to attach proof of legal status alongside the email request. The Member Services team resolves these tickets sequentially, prioritizing objects linked to active resource holdings.

Automated Compliance Checking Using RIPE NCC APIs for reg-nr Attributes

The RIPE NCC provides various APIs to access database information, allowing automated systems to query the new reg-nr: attributes for compliance checking. Internal scripts poll these endpoints to detect mismatches between local legal records and published organisation objects. A discrepancy triggers an alert before the error propagates to downstream peering agreements. The system must distinguish between actual data corruption and valid privacy exceptions where the value reads "Not applicable". Natural persons and governmental bodies legally require this placeholder, yet generic validators often flag it as a failure. This false-positive rate increases operational noise unless the logic explicitly whitelists the exception string. Correcting verified errors requires sending a detailed report to [email protected] since member portals lock co-maintained fields. The joint management model dictates that Member Services staff manually validate submitted numbers against government records before applying changes. This human review step introduces latency distinct from automated RPKI validation cycles. Operators cannot bypass this gate even with cryptographic proof of ownership. The maintenance protection enforced by mnt-by attributes ensures only authorized maintainers initiate the ticket. Reliance on email-based correction creates a bottleneck during mass migration events.

Operators validating reg-nr corrections must cross-reference the Database Working Group archives to confirm proposal lineage before reporting errors.

1. Inspect the target object for a numeric string or the "Not applicable" placeholder mandated for government bodies.
2. Verify that the reported discrepancy involves a commercial entity, as privacy rules exclude natural persons from numeric identification.
3. Submit findings via email only after confirming the error persists in the live database post-NWI-21.

The RIPE Labs Automated scripts polling APIs often flag valid privacy exceptions as data corruption, creating unnecessary ticket volume for Member Services. This false-positive burden stems from validators failing to distinguish between missing commercial data and intentional legal exemptions. InterLIR recommends integrating exception logic into monitoring tools to suppress alerts on government objects. Blind reporting of "incomplete" data without checking entity type wastes operational cycles and delays genuine corrections.