An autonomous system (AS) is a collection of IP networks under a single administrative control that are advertised on the Internet via the BGP protocol. A single company may use one or more ASs, for example, to separate infrastructure, regions, or services.

For example, let's consider the AS200000 autonomous system, which is announced by the Hosting Ukraine company's router.

The aut-num object

Object aut-num in the RIPE database describes the routing policy of an autonomous system: with whom it exchanges routes and which prefixes it imports/exports.

Example:

aut-num:          AS200000
as-name:          Ukraine-AS
org:              ORG-HUL6-RIPE

import:           from AS174 action pref=100; accept ANY
import:           from AS6939 action pref=100; accept ANY

export:           to AS174 announce AS-DELTAX
export:           to AS6939 announce AS-DELTAX

Let's break down the structure:

• aut-num — unique number of the autonomous system
• as-name — AS description
• org — RIPE identifier of the organization that owns the AS
• import — from whom and which routes are accepted
• export — to whom and which routes are announced

The AS number is assigned by a regional Internet registry, such as RIPE NCC.

Practical point

When connecting a new upstream provider or peer, you must:

1. Add a line import
2. Add a line export

Please note: in the field export Instead of the autonomous system number, AS-Set (AS-DELTAX) is used, which simplifies administration.

AS-SET — a set of autonomous systems

AS-Set is an object that combines several ASs into a single logical list.

Example:

as-set:           AS-DELTAX
members:          AS200000
members:          AS47781
members:          AS200525

Why is this necessary?

If a router advertises multiple autonomous systems, instead of duplicating import/export For each AS, you can:

• combine them into an AS-Set
• specify only one object in the policy

This reduces the likelihood of errors and simplifies BGP policy support.

Route Object

A route object associates a specific IP prefix with an autonomous system.

Example:

route:   195.64.184.0/23
origin:  AS200000
mnt-by:  DELTAXUA-MNT

This object means:

• network 195.64.184.0/23
• announced by autonomous system AS200000
• controlled by DELTAXUA-MNT maintainer

Route-object is used:

• for IRR filtering
• for building filters at providers
• for automatic generation of prefix-list

Without correct route objects, your announcements may not pass filtering.

Domain Object (Reverse DNS)

Domain-object is used to configure reverse DNS (PTR).

It specifies the DNS servers that serve the reverse zone.

Why is reverse DNS necessary?

If the user performs:

dig -x 195.64.184.1

he will receive the PTR record that you have configured.

Why is this critical?

• Mail servers check for PTR records
• The absence of reverse DNS significantly increases the likelihood of emails ending up in SPAM.
• Many anti-spam systems require PTR matching. ↔ A-records

Correct rDNS is a mandatory requirement for hosting infrastructure.

RPKI — a mandatory step

After creating objects in the RIPE database, you must create a record in RPKI (ROA — Route Origin Authorization).

Without a valid RPKI record:

• most Tier-1 and major providers
• IX partners
• content networks

will not accept your announcement (Invalid state).

What does RPKI do?

• Cryptographically verifies that AS200000 has the right to announce 195.64.184.0/23
• Protects against route hijacking
• Increases trust in your network

Recommendations for network administrators

• Maintain consistency: BGP ↔ IRR ↔ RPKI
• Use AS-Set for scalability
• Automate filter generation
• Check the RPKI status before launching an announcement
• Keep track of import/export relevance when changing peer policies