Just to get to the bottom of ripe-policy-addressable parts of this issue... are there any statistics on the legitimate and necessary usage of RIPE-NCC-RPSL-MNT? How reasonable would it be to do either one (or a combination) of these: a) deprecate this mechanism entirely b) devise a way to (manually and/or automagically) check if the respective usage in a certain case is legitimate c) check existing objects for likeliness of fraudulent usage (in coordination with the legitimate address space users) It seems that all route-objects in the ripe db that can be viewed via "whois -i or AS201640" were "authenticated" via RIPE-NCC-RPSL-MNT. From my point of view, this would be an obvious "it's about time"-thing to tackle by means of a policy change or change of operational procedures, employing the above mentioned measures, in order to combat the potential abuse of this aged and imperfect puzzle piece of RPSL goodness. A quick check however revealed that there is a humongous amount of objects affected. So any of those proposed options but a) will result in significant workload. Holy dingus, is this database a mess... -mh