xref: /openbsd/etc/rpki/lacnic.constraints (revision 9ea232b5) 
1#	$OpenBSD: lacnic.constraints,v 1.4 2024/01/30 03:40:01 job Exp $
2
3# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
4allow 2001:1200::/23
5allow 2800::/12
6
7# From https://www.iana.org/assignments/as-numbers/
8allow 27648 - 28671
9allow 52224 - 53247
10allow 61440 - 61951
11allow 64099 - 64197
12allow 262144 - 273820
13
14# AFRINIC Internet Number Resources cannot be transferred
15# From https://www.iana.org/assignments/ipv4-address-space/
16deny 41.0.0.0/8
17deny 102.0.0.0/8
18deny 105.0.0.0/8
19deny 154.0.0.0/16
20deny 154.16.0.0/16
21deny 154.65.0.0 - 154.255.255.255
22deny 196.0.0.0 - 196.1.0.255
23deny 196.1.4.0/24
24deny 196.1.7.0 - 196.1.63.255
25deny 196.1.71.0/24
26deny 196.1.74.0 - 196.1.103.255
27deny 196.1.115.0 - 196.1.133.255
28deny 196.1.137.0/24
29deny 196.1.143.0 - 196.1.159.255
30deny 196.1.176.0 - 196.1.255.255
31deny 196.2.2.0/23
32deny 196.2.8.0 - 196.2.255.255
33deny 196.3.14.0/23
34deny 196.3.57.0 - 196.3.64.255
35deny 196.3.90.0/24
36deny 196.3.92.0 - 196.3.94.255
37deny 196.3.96.0/21
38deny 196.3.105.0/24
39deny 196.3.107.0 - 196.3.131.255
40deny 196.3.148.0/22
41deny 196.3.154.0 - 196.3.183.255
42deny 196.3.224.0 - 196.4.45.255
43deny 196.4.71.0 - 196.11.171.255
44deny 196.11.174.0 - 196.11.239.255
45deny 196.11.248.0/21
46deny 196.12.10.0 - 196.12.31.255
47deny 196.12.128.0/19
48deny 196.12.192.0 - 196.15.15.255
49deny 196.15.64.0 - 196.26.255.255
50deny 196.27.64.0 - 196.28.47.255
51deny 196.28.64.0 - 196.29.63.255
52deny 196.29.96.0 - 196.31.255.255
53deny 196.32.8.0 - 196.32.31.255
54deny 196.32.96.0/19
55deny 196.32.160.0 - 196.39.255.255
56deny 196.40.96.0 - 196.41.255.255
57deny 196.42.64.0 - 196.216.0.255
58deny 196.216.2.0 - 197.255.255.255
59
60# Private use IPv4 & IPv6 addresses and ASNs
61deny 0.0.0.0/8               # RFC 1122 Local Identification
62deny 10.0.0.0/8              # RFC 1918 private space
63deny 100.64.0.0/10           # RFC 6598 Carrier Grade NAT
64deny 127.0.0.0/8             # RFC 1122 localhost
65deny 169.254.0.0/16          # RFC 3927 link local
66deny 172.16.0.0/12           # RFC 1918 private space
67deny 192.0.2.0/24            # RFC 5737 TEST-NET-1
68deny 192.88.99.0/24          # RFC 7526 6to4 anycast relay
69deny 192.168.0.0/16          # RFC 1918 private space
70deny 198.18.0.0/15           # RFC 2544 benchmarking
71deny 198.51.100.0/24         # RFC 5737 TEST-NET-2
72deny 203.0.113.0/24          # RFC 5737 TEST-NET-3
73deny 224.0.0.0/4             # Multicast
74deny 240.0.0.0/4             # Reserved
75
76# LACNIC supports only IPv4 transfers: allow the complement of what is denied
77allow 0.0.0.0/0
78