nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqv3pcsng4d6373d3etttyhkccuaaxawfljcc4ql4ws5m76s22tcnsc0cvp3 (nprofile…cvp3) nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqxf9vg389u2wcfmelv4ml57tjpcvckmz8uak8pafhyxd8dpf7hdlscgjlxe (nprofile…jlxe) GrapheneOS deploys RPKI to cryptographically sign which networks are allowed to announce our IP space (only our own) and ASPA to sign which networks are valid upstreams from us. We currently permit Vultr (our ns1 network), Misaka.io (our ns2 network), BuyVM (staging servers for testing only) and Xenyth to act as our upstreams. We're going to move our staging servers from BuyVM to Xenyth though.
Our upstreams need to deploy ASPA themselves to sign their upstreams.
GrapheneOS
npub123…g0ht5
2026-01-30 00:18:28 UTC
in reply to nevent1q…evrs
Author Public Key
npub1235tem4hfn34edqh8hxfja9amty73998f0eagnuu4zm423s9e8ksdg0ht5Seen on
wss://relay.mostr.pubPublished at
2026-01-30 00:18:28 UTCEvent JSON
{
"id": "7e5b89e1f029dc36e99a89faf3713408cb0588d1f0cbaa93cb312a2290222693",
"pubkey": "5468bceeb74ce35cb4173dcc9974bddac9e894a74bf3d44f9ca8b7554605c9ed",
"created_at": 1769732308,
"kind": 1,
"tags": [
[
"p",
"6443884d156ea3e8b6395ad64bdb18e77a6eb93f9631507eae8537ed414a5e27",
"wss://relay.ditto.pub"
],
[
"p",
"324ac444e5e29d84ef3f6577fa79720e198b6c47e76c70f537219a76853ebb7f",
"wss://relay.ditto.pub"
],
[
"p",
"f4d5c2696e7f2d888e7546df61354ea07140bbf4d5542c56954ccaa20bbc43bc",
"wss://relay.ditto.pub"
],
[
"p",
"39a017084564978d7de7cb77a5d85ead3e3a00ebcd5f33be8ce4188a674065b3",
"wss://relay.ditto.pub"
],
[
"e",
"a104bf7e8e8e9a36c106144131b618ebeb370c57100edc68262f7170b31deddc",
"wss://relay.ditto.pub",
"reply"
],
[
"proxy",
"https://grapheneos.social/users/GrapheneOS/statuses/115981176566791711",
"activitypub"
],
[
"client",
"Mostr",
"31990:6be38f8c63df7dbf84db7ec4a6e6fbbd8d19dca3b980efad18585c46f04b26f9:mostr",
"wss://relay.ditto.pub"
]
],
"content": "nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqv3pcsng4d6373d3etttyhkccuaaxawfljcc4ql4ws5m76s22tcnsc0cvp3 nostr:nprofile1qy2hwumn8ghj7un9d3shjtnyd968gmewwp6kyqpqxf9vg389u2wcfmelv4ml57tjpcvckmz8uak8pafhyxd8dpf7hdlscgjlxe GrapheneOS deploys RPKI to cryptographically sign which networks are allowed to announce our IP space (only our own) and ASPA to sign which networks are valid upstreams from us. We currently permit Vultr (our ns1 network), Misaka.io (our ns2 network), BuyVM (staging servers for testing only) and Xenyth to act as our upstreams. We're going to move our staging servers from BuyVM to Xenyth though.\n\nOur upstreams need to deploy ASPA themselves to sign their upstreams.",
"sig": "15baaa25a14885725baba8ce0efd63499d012bf730c63ff2fa87f2b0b35b31b505d8ba99c847929c9be50eb44533a29e1aa5fde4f3addcfa5d5df0f2547ff755"
}