From 49a7a16f751fdb69d77674b1b08e5645c78f12da Mon Sep 17 00:00:00 2001
From: job <job@openbsd.org>
Date: Tue, 26 Dec 2023 13:36:18 +0000
Subject: [PATCH] Align the other RIRs with the recent clarifications from
 AFRINIC

Following https://lists.afrinic.net/pipermail/dbwg/2023-December/000496.html
Simply apply the inverse of 'afrinic.constraints' r1.2 to the other RIR files
(since no resources can be transferred from AFRINIC to any other RIRs).

OK tb@
---
 etc/rpki/apnic.constraints  | 67 ++++++++++++++++++++-----------------
 etc/rpki/arin.constraints   | 67 ++++++++++++++++++++-----------------
 etc/rpki/lacnic.constraints | 67 ++++++++++++++++++++-----------------
 etc/rpki/ripe.constraints   | 67 ++++++++++++++++++++-----------------
 4 files changed, 148 insertions(+), 120 deletions(-)

diff --git a/etc/rpki/apnic.constraints b/etc/rpki/apnic.constraints
index 357e4d45a3e..276409ade69 100644
--- a/etc/rpki/apnic.constraints
+++ b/etc/rpki/apnic.constraints
@@ -1,4 +1,4 @@
-#	$OpenBSD: apnic.constraints,v 1.3 2023/12/19 08:10:19 job Exp $
+#	$OpenBSD: apnic.constraints,v 1.4 2023/12/26 13:36:18 job Exp $
 
 # From https://www.iana.org/assignments/ipv6-unicast-address-assignments
 allow 2001:200::/23
@@ -21,36 +21,43 @@ deny 105.0.0.0/8
 deny 154.0.0.0/16
 deny 154.16.0.0/16
 deny 154.65.0.0 - 154.255.255.255
-deny 196.0.0.0/16
-deny 196.1.0.0/24
-# hole for 196.1.1.0/24
-deny 196.1.2.0 - 196.1.67.255
-# hole for 196.1.68.0/24
-deny 196.1.69.0 - 196.1.103.255
-# hole for 196.1.104.0 - 196.1.106.255
-deny 196.1.107.0/24
-# hole for 196.1.108.0/22
-deny 196.1.112.0/24
-# hole for 196.1.113.0 - 196.1.114.255
+deny 196.0.0.0 - 196.1.0.255
+deny 196.1.4.0/24
+deny 196.1.7.0 - 196.1.63.255
+deny 196.1.71.0/24
+deny 196.1.74.0 - 196.1.103.255
 deny 196.1.115.0 - 196.1.133.255
-# hole for 196.1.134.0/24
-deny 196.1.135.0 - 196.3.64.255
-# hole for 196.3.65.0/24
-deny 196.3.66.0 - 196.3.71.255
-# hole for 196.3.72.0/24
-deny 196.3.73.0 - 196.12.31.255
-# hole for 196.12.32.0/19
-deny 196.12.64.0 - 196.15.15.255
-# hole for 196.15.16.0/20
-deny 196.15.32.0 - 196.29.63.255
-# hole for 196.29.64.0/19
-deny 196.29.96.0 - 196.32.31.255
-# hole for 196.32.32.0/19
-# hole for 196.32.64.0/19
-deny 196.32.96.0 - 196.39.255.255
-# hole for 196.40.0.0 - 196.40.95.255
-deny 196.40.96.0 - 197.255.255.254
-
+deny 196.1.137.0/24
+deny 196.1.143.0 - 196.1.159.255
+deny 196.1.176.0 - 196.1.255.255
+deny 196.2.2.0/23
+deny 196.2.8.0 - 196.2.255.255
+deny 196.3.14.0/23
+deny 196.3.57.0 - 196.3.64.255
+deny 196.3.90.0/24
+deny 196.3.92.0 - 196.3.94.255
+deny 196.3.96.0/21
+deny 196.3.105.0/24
+deny 196.3.107.0 - 196.3.131.255
+deny 196.3.148.0/22
+deny 196.3.154.0 - 196.3.183.255
+deny 196.3.224.0 - 196.4.45.255
+deny 196.4.71.0 - 196.11.171.255
+deny 196.11.174.0 - 196.11.239.255
+deny 196.11.248.0/21
+deny 196.12.10.0 - 196.12.31.255
+deny 196.12.128.0/19
+deny 196.12.192.0 - 196.15.15.255
+deny 196.15.64.0 - 196.26.255.255
+deny 196.27.64.0 - 196.28.47.255
+deny 196.28.64.0 - 196.29.63.255
+deny 196.29.96.0 - 196.31.255.255
+deny 196.32.8.0 - 196.32.31.255
+deny 196.32.96.0/19
+deny 196.32.160.0 - 196.39.255.255
+deny 196.40.96.0 - 196.41.255.255
+deny 196.42.64.0 - 196.216.0.255
+deny 196.216.2.0 - 197.255.255.255
 # From https://www.iana.org/assignments/as-numbers/
 deny 36864 - 37887
 deny 327680 - 328703
diff --git a/etc/rpki/arin.constraints b/etc/rpki/arin.constraints
index 53d20e7dd69..4eb58fd0ca3 100644
--- a/etc/rpki/arin.constraints
+++ b/etc/rpki/arin.constraints
@@ -1,4 +1,4 @@
-#	$OpenBSD: arin.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
+#	$OpenBSD: arin.constraints,v 1.3 2023/12/26 13:36:18 job Exp $
 
 # From https://www.iana.org/assignments/ipv6-unicast-address-assignments
 allow 2001:400::/23
@@ -17,36 +17,43 @@ deny 105.0.0.0/8
 deny 154.0.0.0/16
 deny 154.16.0.0/16
 deny 154.65.0.0 - 154.255.255.255
-deny 196.0.0.0/16
-deny 196.1.0.0/24
-# hole for 196.1.1.0/24
-deny 196.1.2.0 - 196.1.67.255
-# hole for 196.1.68.0/24
-deny 196.1.69.0 - 196.1.103.255
-# hole for 196.1.104.0 - 196.1.106.255
-deny 196.1.107.0/24
-# hole for 196.1.108.0/22
-deny 196.1.112.0/24
-# hole for 196.1.113.0 - 196.1.114.255
+deny 196.0.0.0 - 196.1.0.255
+deny 196.1.4.0/24
+deny 196.1.7.0 - 196.1.63.255
+deny 196.1.71.0/24
+deny 196.1.74.0 - 196.1.103.255
 deny 196.1.115.0 - 196.1.133.255
-# hole for 196.1.134.0/24
-deny 196.1.135.0 - 196.3.64.255
-# hole for 196.3.65.0/24
-deny 196.3.66.0 - 196.3.71.255
-# hole for 196.3.72.0/24
-deny 196.3.73.0 - 196.12.31.255
-# hole for 196.12.32.0/19
-deny 196.12.64.0 - 196.15.15.255
-# hole for 196.15.16.0/20
-deny 196.15.32.0 - 196.29.63.255
-# hole for 196.29.64.0/19
-deny 196.29.96.0 - 196.32.31.255
-# hole for 196.32.32.0/19
-# hole for 196.32.64.0/19
-deny 196.32.96.0 - 196.39.255.255
-# hole for 196.40.0.0 - 196.40.95.255
-deny 196.40.96.0 - 197.255.255.254
-
+deny 196.1.137.0/24
+deny 196.1.143.0 - 196.1.159.255
+deny 196.1.176.0 - 196.1.255.255
+deny 196.2.2.0/23
+deny 196.2.8.0 - 196.2.255.255
+deny 196.3.14.0/23
+deny 196.3.57.0 - 196.3.64.255
+deny 196.3.90.0/24
+deny 196.3.92.0 - 196.3.94.255
+deny 196.3.96.0/21
+deny 196.3.105.0/24
+deny 196.3.107.0 - 196.3.131.255
+deny 196.3.148.0/22
+deny 196.3.154.0 - 196.3.183.255
+deny 196.3.224.0 - 196.4.45.255
+deny 196.4.71.0 - 196.11.171.255
+deny 196.11.174.0 - 196.11.239.255
+deny 196.11.248.0/21
+deny 196.12.10.0 - 196.12.31.255
+deny 196.12.128.0/19
+deny 196.12.192.0 - 196.15.15.255
+deny 196.15.64.0 - 196.26.255.255
+deny 196.27.64.0 - 196.28.47.255
+deny 196.28.64.0 - 196.29.63.255
+deny 196.29.96.0 - 196.31.255.255
+deny 196.32.8.0 - 196.32.31.255
+deny 196.32.96.0/19
+deny 196.32.160.0 - 196.39.255.255
+deny 196.40.96.0 - 196.41.255.255
+deny 196.42.64.0 - 196.216.0.255
+deny 196.216.2.0 - 197.255.255.255
 # From https://www.iana.org/assignments/as-numbers/
 deny 36864 - 37887
 deny 327680 - 328703
diff --git a/etc/rpki/lacnic.constraints b/etc/rpki/lacnic.constraints
index 68fc2c94ed8..8c27213895f 100644
--- a/etc/rpki/lacnic.constraints
+++ b/etc/rpki/lacnic.constraints
@@ -1,4 +1,4 @@
-#	$OpenBSD: lacnic.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
+#	$OpenBSD: lacnic.constraints,v 1.3 2023/12/26 13:36:18 job Exp $
 
 # From https://www.iana.org/assignments/ipv6-unicast-address-assignments
 allow 2001:1200::/23
@@ -12,36 +12,43 @@ deny 105.0.0.0/8
 deny 154.0.0.0/16
 deny 154.16.0.0/16
 deny 154.65.0.0 - 154.255.255.255
-deny 196.0.0.0/16
-deny 196.1.0.0/24
-# hole for 196.1.1.0/24
-deny 196.1.2.0 - 196.1.67.255
-# hole for 196.1.68.0/24
-deny 196.1.69.0 - 196.1.103.255
-# hole for 196.1.104.0 - 196.1.106.255
-deny 196.1.107.0/24
-# hole for 196.1.108.0/22
-deny 196.1.112.0/24
-# hole for 196.1.113.0 - 196.1.114.255
+deny 196.0.0.0 - 196.1.0.255
+deny 196.1.4.0/24
+deny 196.1.7.0 - 196.1.63.255
+deny 196.1.71.0/24
+deny 196.1.74.0 - 196.1.103.255
 deny 196.1.115.0 - 196.1.133.255
-# hole for 196.1.134.0/24
-deny 196.1.135.0 - 196.3.64.255
-# hole for 196.3.65.0/24
-deny 196.3.66.0 - 196.3.71.255
-# hole for 196.3.72.0/24
-deny 196.3.73.0 - 196.12.31.255
-# hole for 196.12.32.0/19
-deny 196.12.64.0 - 196.15.15.255
-# hole for 196.15.16.0/20
-deny 196.15.32.0 - 196.29.63.255
-# hole for 196.29.64.0/19
-deny 196.29.96.0 - 196.32.31.255
-# hole for 196.32.32.0/19
-# hole for 196.32.64.0/19
-deny 196.32.96.0 - 196.39.255.255
-# hole for 196.40.0.0 - 196.40.95.255
-deny 196.40.96.0 - 197.255.255.254
-
+deny 196.1.137.0/24
+deny 196.1.143.0 - 196.1.159.255
+deny 196.1.176.0 - 196.1.255.255
+deny 196.2.2.0/23
+deny 196.2.8.0 - 196.2.255.255
+deny 196.3.14.0/23
+deny 196.3.57.0 - 196.3.64.255
+deny 196.3.90.0/24
+deny 196.3.92.0 - 196.3.94.255
+deny 196.3.96.0/21
+deny 196.3.105.0/24
+deny 196.3.107.0 - 196.3.131.255
+deny 196.3.148.0/22
+deny 196.3.154.0 - 196.3.183.255
+deny 196.3.224.0 - 196.4.45.255
+deny 196.4.71.0 - 196.11.171.255
+deny 196.11.174.0 - 196.11.239.255
+deny 196.11.248.0/21
+deny 196.12.10.0 - 196.12.31.255
+deny 196.12.128.0/19
+deny 196.12.192.0 - 196.15.15.255
+deny 196.15.64.0 - 196.26.255.255
+deny 196.27.64.0 - 196.28.47.255
+deny 196.28.64.0 - 196.29.63.255
+deny 196.29.96.0 - 196.31.255.255
+deny 196.32.8.0 - 196.32.31.255
+deny 196.32.96.0/19
+deny 196.32.160.0 - 196.39.255.255
+deny 196.40.96.0 - 196.41.255.255
+deny 196.42.64.0 - 196.216.0.255
+deny 196.216.2.0 - 197.255.255.255
 # From https://www.iana.org/assignments/as-numbers/
 deny 36864 - 37887
 deny 327680 - 328703
diff --git a/etc/rpki/ripe.constraints b/etc/rpki/ripe.constraints
index c3357545ea9..ae63ba1903b 100644
--- a/etc/rpki/ripe.constraints
+++ b/etc/rpki/ripe.constraints
@@ -1,4 +1,4 @@
-#	$OpenBSD: ripe.constraints,v 1.2 2023/12/19 08:10:19 job Exp $
+#	$OpenBSD: ripe.constraints,v 1.3 2023/12/26 13:36:18 job Exp $
 
 # From https://www.iana.org/assignments/ipv6-unicast-address-assignments
 allow 2001:600::/23
@@ -24,36 +24,43 @@ deny 105.0.0.0/8
 deny 154.0.0.0/16
 deny 154.16.0.0/16
 deny 154.65.0.0 - 154.255.255.255
-deny 196.0.0.0/16
-deny 196.1.0.0/24
-# hole for 196.1.1.0/24
-deny 196.1.2.0 - 196.1.67.255
-# hole for 196.1.68.0/24
-deny 196.1.69.0 - 196.1.103.255
-# hole for 196.1.104.0 - 196.1.106.255
-deny 196.1.107.0/24
-# hole for 196.1.108.0/22
-deny 196.1.112.0/24
-# hole for 196.1.113.0 - 196.1.114.255
+deny 196.0.0.0 - 196.1.0.255
+deny 196.1.4.0/24
+deny 196.1.7.0 - 196.1.63.255
+deny 196.1.71.0/24
+deny 196.1.74.0 - 196.1.103.255
 deny 196.1.115.0 - 196.1.133.255
-# hole for 196.1.134.0/24
-deny 196.1.135.0 - 196.3.64.255
-# hole for 196.3.65.0/24
-deny 196.3.66.0 - 196.3.71.255
-# hole for 196.3.72.0/24
-deny 196.3.73.0 - 196.12.31.255
-# hole for 196.12.32.0/19
-deny 196.12.64.0 - 196.15.15.255
-# hole for 196.15.16.0/20
-deny 196.15.32.0 - 196.29.63.255
-# hole for 196.29.64.0/19
-deny 196.29.96.0 - 196.32.31.255
-# hole for 196.32.32.0/19
-# hole for 196.32.64.0/19
-deny 196.32.96.0 - 196.39.255.255
-# hole for 196.40.0.0 - 196.40.95.255
-deny 196.40.96.0 - 197.255.255.254
-
+deny 196.1.137.0/24
+deny 196.1.143.0 - 196.1.159.255
+deny 196.1.176.0 - 196.1.255.255
+deny 196.2.2.0/23
+deny 196.2.8.0 - 196.2.255.255
+deny 196.3.14.0/23
+deny 196.3.57.0 - 196.3.64.255
+deny 196.3.90.0/24
+deny 196.3.92.0 - 196.3.94.255
+deny 196.3.96.0/21
+deny 196.3.105.0/24
+deny 196.3.107.0 - 196.3.131.255
+deny 196.3.148.0/22
+deny 196.3.154.0 - 196.3.183.255
+deny 196.3.224.0 - 196.4.45.255
+deny 196.4.71.0 - 196.11.171.255
+deny 196.11.174.0 - 196.11.239.255
+deny 196.11.248.0/21
+deny 196.12.10.0 - 196.12.31.255
+deny 196.12.128.0/19
+deny 196.12.192.0 - 196.15.15.255
+deny 196.15.64.0 - 196.26.255.255
+deny 196.27.64.0 - 196.28.47.255
+deny 196.28.64.0 - 196.29.63.255
+deny 196.29.96.0 - 196.31.255.255
+deny 196.32.8.0 - 196.32.31.255
+deny 196.32.96.0/19
+deny 196.32.160.0 - 196.39.255.255
+deny 196.40.96.0 - 196.41.255.255
+deny 196.42.64.0 - 196.216.0.255
+deny 196.216.2.0 - 197.255.255.255
 # From https://www.iana.org/assignments/as-numbers/
 deny 36864 - 37887
 deny 327680 - 328703
-- 
2.20.1