Skip to main content

Finding and Using Geofeed Data

Document Type Active Internet-Draft (opsawg WG)
Authors Randy Bush , Massimo Candela , Warren "Ace" Kumari , Russ Housley
Last updated 2024-05-07 (Latest revision 2024-02-22)
Replaces draft-ymbk-opsawg-9092-update, draft-ymbk-9020-update
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status Proposed Standard
Additional resources Mailing list discussion
Stream WG state Submitted to IESG for Publication
Document shepherd Michael Richardson
Shepherd write-up Show Last changed 2023-11-27
IESG IESG state RFC Ed Queue
Action Holders
Consensus boilerplate Yes
Telechat date (None)
Responsible AD Robert Wilton
Send notices to
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
RFC Editor RFC Editor state RFC-EDITOR
Network Working Group                                            R. Bush
Internet-Draft                                     IIJ Research & Arrcus
Obsoletes: 9092 (if approved)                                 M. Candela
Intended status: Standards Track                                     NTT
Expires: 25 August 2024                                        W. Kumari
                                                              R. Housley
                                                          Vigil Security
                                                        22 February 2024

                     Finding and Using Geofeed Data


   This document specifies how to augment the Routing Policy
   Specification Language inetnum: class to refer specifically to
   geofeed comma-separated values (CSV) data files and describes an
   optional scheme that uses the Resource Public Key Infrastructure to
   authenticate the geofeed data files.  This document obsoletes RFC

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on 25 August 2024.

Copyright Notice

   Copyright (c) 2024 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents (
   license-info) in effect on the date of publication of this document.

Bush, et al.             Expires 25 August 2024                 [Page 1]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   Please review these documents carefully, as they describe your rights
   and restrictions with respect to this document.  Code Components
   extracted from this document must include Revised BSD License text as
   described in Section 4.e of the Trust Legal Provisions and are
   provided without warranty as described in the Revised BSD License.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
     1.1.  Requirements Language . . . . . . . . . . . . . . . . . .   3
   2.  Geofeed Files . . . . . . . . . . . . . . . . . . . . . . . .   3
   3.  inetnum: Class  . . . . . . . . . . . . . . . . . . . . . . .   4
   4.  Fetching Geofeed Data . . . . . . . . . . . . . . . . . . . .   5
   5.  Authenticating Geofeed Data (Optional)  . . . . . . . . . . .   7
   6.  Operational Considerations  . . . . . . . . . . . . . . . . .  10
   7.  Privacy Considerations  . . . . . . . . . . . . . . . . . . .  11
   8.  Implementation Status . . . . . . . . . . . . . . . . . . . .  11
   9.  Security Considerations . . . . . . . . . . . . . . . . . . .  12
   10. IANA Considerations . . . . . . . . . . . . . . . . . . . . .  12
   11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  13
   12. References  . . . . . . . . . . . . . . . . . . . . . . . . .  13
     12.1.  Normative References . . . . . . . . . . . . . . . . . .  13
     12.2.  Informative References . . . . . . . . . . . . . . . . .  15
   Appendix A.  Example  . . . . . . . . . . . . . . . . . . . . . .  17
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .  25

1.  Introduction

   Providers of Internet content and other services may wish to
   customize those services based on the geographic location of the user
   of the service.  This is often done using the source IP address used
   to contact the service, which may not point to a user, see [RFC6269],
   Section 14 in particular.  Also, infrastructure and other services
   might wish to publish the locale of their services.  [RFC8805]
   defines geofeed, a syntax to associate geographic locales with IP
   addresses, but it does not specify how to find the relevant geofeed
   data given an IP address.

   This document specifies how to augment the Routing Policy
   Specification Language (RPSL) [RFC2725] inetnum: class to refer
   specifically to geofeed data files and how to prudently use them.  In
   all places inetnum: is used, inet6num: should also be assumed

   The reader may find [INETNUM] and [INET6NUM] informative, and
   certainly more verbose, descriptions of the inetnum: database

Bush, et al.             Expires 25 August 2024                 [Page 2]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   An optional utterly awesome but slightly complex means for
   authenticating geofeed data is also defined in Section 5.

   This document obsoletes [RFC9092].  Changes from [RFC9092] include
   the following:

   *  RIPE has implemented the geofeed: attribute.
   *  Allow, but discourage, an inetnum: to have both a geofeed remarks:
      attribute and a geofeed: attribute.
   *  Rewrite Authentication Section 5 to be more formal.
   *  Geofeed file only UTF-8 CSV.
   *  Stress that authenticating geofeed data is optional.
   *  IP Address Delegation extensions must not use "inherit".
   *  If geofeed data are present, ignore geographic location hints in
      other data.

1.1.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "OPTIONAL" in this document are to be interpreted as described in BCP
   14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

2.  Geofeed Files

   Geofeed files are described in [RFC8805].  They provide a facility
   for an IP address resource "owner" to associate those IP addresses to
   geographic locales.

   Per [RFC8805], geofeed files consist of CSVs (Comma Separated Values)
   in UTF-8 text format; not HTML, richtext, or other formats.

   Content providers and other parties who wish to locate an IP address
   to a geographic locale need to find the relevant geofeed data.  In
   Section 3, this document specifies how to find the relevant geofeed
   [RFC8805] file given an IP address.

   Geofeed data for large providers with significant horizontal scale
   and high granularity can be quite large.  The size of a file can be
   even larger if an unsigned geofeed file combines data for many
   prefixes, if dual IPv4/IPv6 spaces are represented, etc.

   Geofeed data do have privacy considerations (see Section 7); this
   process makes bulk access to those data easier.

   This document also suggests an optional signature to strongly
   authenticate the data in the geofeed files.

Bush, et al.             Expires 25 August 2024                 [Page 3]
Internet-Draft       Finding and Using Geofeed Data        February 2024

3.  inetnum: Class

   The original RPSL specifications starting with [RIPE81], [RIPE181],
   and a trail of subsequent documents were written by the RIPE
   community.  The IETF standardized RPSL in [RFC2622] and [RFC4012].
   Since then, it has been modified and extensively enhanced in the
   Regional Internet Registry (RIR) community, mostly by RIPE [RIPE-DB].
   At the time of publishing this document, change control of RPSL
   effectively lies in the operator community.

   The RPSL, and [RFC2725] and [RFC4012] used by the Regional Internet
   Registries (RIRs), specify the inetnum: database class.  Each of
   these objects describes an IP address range and its attributes.  The
   inetnum: objects form a hierarchy ordered on the address space.

   Ideally, RPSL would be augmented to define a new RPSL geofeed:
   attribute in the inetnum: class.  Absent implementation of the
   geofeed: attribute in a particular RIR database, this document
   defines the syntax of a Geofeed remarks: attribute, which contains an
   HTTPS URL of a geofeed file.  The format of the inetnum: geofeed
   remarks: attribute MUST be as in this example, "remarks: Geofeed ",
   where the token "Geofeed " MUST be case sensitive, followed by a URL
   that will vary, but it MUST refer only to a single geofeed [RFC8805]

       inetnum: # example
       remarks: Geofeed

   While we leave global agreement of RPSL modification to the relevant
   parties, we specify that a proper geofeed: attribute in the inetnum:
   class MUST be "geofeed:" and MUST be followed by a single URL that
   will vary, but it MUST refer only to a single geofeed [RFC8805] file.

       inetnum: # example

   The URL uses HTTPS, so the WebPKI provides authentication, integrity,
   and confidentiality for the fetched geofeed file.  However, the
   WebPKI can not provide authentication of IP address space assignment.
   In contrast, the RPKI (see [RFC6481]) can be used to authenticate IP
   space assignment; see optional authentication in Section 5.

   Until all producers of inetnum: objects, i.e., the RIRs, state that
   they have migrated to supporting a geofeed: attribute, consumers
   looking at inetnum: objects to find geofeed URLs MUST be able to
   consume both the remarks: and geofeed: forms.

Bush, et al.             Expires 25 August 2024                 [Page 4]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   The migration not only implies that the RIRs support the geofeed:
   attribute, but that all registrants have migrated any inetnum:
   objects from remarks: to geofeed: attributes.

   Any particular inetnum: object SHOULD have, at most, one geofeed
   reference, whether a remarks: or a proper geofeed: attribute when it
   is implemented.  As the remarks: form can not be formally checked by
   the RIR, this can not be formally enforced.  A geofeed: attribute is
   preferred, of course, if the RIR supports it.  If there is more than
   one type of attribute in the intetnum: object, the geofeed: attribute
   MUST be used.

   For inetnum:s covering the same address range, a signed geofeed file
   MUST be preferred over an unsigned file.  If none are signed, or more
   than one is signed, the (signed) inetnum: with the most recent last-
   modified: attribute MUST be preferred.

   If a geofeed file describes multiple disjoint ranges of IP address
   space, there are likely to be geofeed references from multiple
   inetnum: objects.  Files with geofeed references from multiple
   inetnum: objects are not compatible with the signing procedure in
   Section 5.

   An unsigned, and only an unsigned, geofeed file MAY be referenced by
   multiple inetnum:s and MAY contain prefixes from more than one

   When fetching, the most specific inetnum: object with a geofeed
   reference MUST be used.

   It is significant that geofeed data may have finer granularity than
   the inetnum: that refers to them.  For example, an INETNUM object for
   an address range P could refer to a geofeed file in which P has been
   subdivided into one or more longer prefixes.

4.  Fetching Geofeed Data

   This document is to provides a guideline for how interested parties
   should fetch and read geofeed files.

   Historically, before [RFC9092], this was done in varied ways, at the
   discretion of the implementer, often without consistent
   authentication, where data were mostly imported from email without
   formal authorisation or validation.

Bush, et al.             Expires 25 August 2024                 [Page 5]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   To minimize the load on RIRs' WHOIS [RFC3912] services, the RIR's FTP
   [RFC0959] services SHOULD be used for large-scale access to gather
   inetnum:s with geofeed references.  This uses efficient bulk access
   instead of fetching via brute-force search through the IP space.

   When reading data from an unsigned geofeed file, one MUST ignore data
   outside the referring inetnum: object's address range.  This is to
   avoid importing data about ranges not under the control of the
   operator.  Note that signed files MUST only contain prefixes within
   the referring inetnum:'s range as mandated in Section 5.

   If geofeed files are fetched, other location information from the
   inetnum: MUST be ignored.

   Given an address range of interest, the most specific inetnum: object
   with a geofeed reference MUST be used to fetch the geofeed file.  For
   example, if the fetching party finds the following inetnum: objects:

       inetnum: # example
       remarks: Geofeed

       inetnum: # example
       remarks: Geofeed

   An application looking for geofeed data for, MUST ignore
   data in geofeed_1 because is within the more specific inetnum: covering that address range and that inetnum:
   does have a geofeed reference.

   Hints in inetnum:s such as country:, geoloc:, etc. tend to be
   administrative, and not deployment specific.  Consider large,
   possibly global, providers with headquarters very far from most of
   their deployments.  Therefore, if geofeed data are specified, either
   as a geofeed: attribute or in a geofeed remarks: attribute, other
   geographic hints such as country:, geoloc:, DNS geoloc RRsets, etc.,
   for that address range MUST be ignored.

   There is open-source code to traverse the RPSL data across all of the
   RIRs, collect all geofeed references, and process them
   [GEOFEED-FINDER].  It implements the steps above and of all the
   Operational Considerations described in Section 6, including caching.
   It produces a single geofeed file, merging all the geofeed files
   found.  This open-source code can be run daily by a cronjob, and the
   output file can be directly used.

   RIRs are converging on RDAP support which includes geofeed data, see
   [I-D.ietf-regext-rdap-geofeed].  This SHOULD NOT be used for bulk
   retrieval of geofeed data.

Bush, et al.             Expires 25 August 2024                 [Page 6]
Internet-Draft       Finding and Using Geofeed Data        February 2024

5.  Authenticating Geofeed Data (Optional)

   The question arises whether a particular geofeed [RFC8805] data set
   is valid, i.e., is authorized by the "owner" of the IP address space
   and is authoritative in some sense.  The inetnum: that points to the
   geofeed [RFC8805] file provides some assurance.  Unfortunately, the
   RPSL in some repositories is weakly authenticated at best.  An
   approach where RPSL was signed per [RFC7909] would be good, except it
   would have to be deployed by all RPSL registries, and there is a fair
   number of them.

   The remainder of this section specifies an optional authenticator for
   the geofeed data set that follows the Signed Object Template for the
   Resource Public Key Infrastructure (RPKI) [RFC6488].

   A single optional authenticator MAY be appended to a geofeed
   [RFC8805] file.  It is a digest of the main body of the file signed
   by the private key of the relevant RPKI certificate for a covering
   address range.  The following format bundles the relevant RPKI
   certificate with a signature over the geofeed text.

   The canonicalization procedure converts the data from their internal
   character representation to the UTF-8 [RFC3629] character encoding,
   and the <CRLF> sequence MUST be used to denote the end of each line
   of text.  A blank line is represented solely by the <CRLF> sequence.
   For robustness, any non-printable characters MUST NOT be changed by
   canonicalization.  Trailing blank lines MUST NOT appear at the end of
   the file.  That is, the file must not end with multiple consecutive
   <CRLF> sequences.  Any end-of-file marker used by an operating system
   is not considered to be part of the file content.  When present, such
   end-of-file markers MUST NOT be covered by the digital signature.

   If the authenticator is not in the canonical form described above,
   then, the authenticator is invalid.

   Borrowing detached signatures from [RFC5485], after file
   canonicalization, the Cryptographic Message Syntax (CMS) [RFC5652] is
   used to create a detached DER-encoded signature that is then Base64
   encoded with padding (as defined in Section 4 of [RFC4648]) and line
   wrapped to 72 or fewer characters.  The same digest algorithm MUST be
   used for calculating the message digest of the content being signed,
   which is the geofeed file, and for calculating the message digest on
   the SignerInfo SignedAttributes [RFC8933].  The message digest
   algorithm identifier MUST appear in both the CMS SignedData
   DigestAlgorithmIdentifiers and the SignerInfo
   DigestAlgorithmIdentifier [RFC5652].  The RPKI certificate covering
   the geofeed inetnum: object's address range is included in the CMS
   SignedData certificates field [RFC5652].

Bush, et al.             Expires 25 August 2024                 [Page 7]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   The address range of the signing certificate MUST cover all prefixes
   in the signed geofeed file.  If not, the authenticator is invalid.

   The signing certificate MUST NOT include the Autonomous System
   Identifier Delegation certificate extension [RFC3779].  If it is
   present, the authenticator is invalid.

   As with many other RPKI signed objects, the IP Address Delegation
   certificate extension MUST NOT use the "inherit" capability defined
   in Section of [RFC3779].  If "inherit" is used, the
   authenticator is invalid.

   An IP Address Delegation extension using "inherit" would complicate
   processing.  The implementation would have to build the certification
   path from the end-entity to the trust anchor, then validate the path
   from the trust anchor to the end-entity, and then the parameter would
   have to be remembered when the validated public key was used to
   validate a signature on a CMS object.  Having to remember things from
   certification path validation for use with CMS object processing
   would be quite complex and error prone.  And, the certificates do not
   get that much bigger by repeating the information.

   An address range A "covers" address range B if the range of B is
   identical to or a subset of A.  "Address range" is used here because
   inetnum: objects and RPKI certificates need not align on Classless
   Inter-Domain Routing (CIDR) [RFC4632] prefix boundaries, while those
   of the lines in a geofeed file do align.

   The Certificate Authority (CA) SHOULD sign only one geofeed file with
   each generated private key and SHOULD generate a new key pair for
   each new version of a perticular geofeed file.  The CA MUST generate
   a new End Entity (EE) certificate for each signing of a particular
   geofeed file.  An associated EE certificate used in this fashion is
   termed a "one-time-use" EE certificate (see Section 3 of [RFC6487]).

   Identifying the private key associated with the certificate and
   getting the department that controls the private key (which might be
   stored in a Hardware Security Module (HSM)) to generate the CMS
   signature is left as an exercise for the implementor.  On the other
   hand, verifying the signature has no similar complexity; the
   certificate, which is validated in the public RPKI, contains the
   needed public key.  The RPKI trust anchors for the RIRs are expected
   to already be available to the party performing signature validation.
   Validation of the CMS signature over the geofeed file involves:

Bush, et al.             Expires 25 August 2024                 [Page 8]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   1.  Obtaining the signer's certificate from the CMS SignedData
       CertificateSet [RFC5652].  The certificate SubjectKeyIdentifier
       extension [RFC5280] MUST match the SubjectKeyIdentifier in the
       CMS SignerInfo SignerIdentifier [RFC5652].  If the key
       identifiers do not match, then validation MUST fail.

   2.  Validating the signer's certificate MUST ensure that it is part
       of the current [RFC9286] manifest and that all resources are
       covered by the RPKI certificate.

   3.  Constructing the certification path for the signer's certificate.
       All of the needed certificates are expected to be readily
       available in the RPKI repository.  The certification path MUST be
       valid according to the validation algorithm in [RFC5280] and the
       additional checks specified in [RFC3779] associated with the IP
       Address Delegation certificate extension and the Autonomous
       System Identifier Delegation certificate extension.  If
       certification path validation is unsuccessful, then validation
       MUST fail.

   4.  Validating the CMS SignedData as specified in [RFC5652] using the
       public key from the validated signer's certificate.  If the
       signature validation is unsuccessful, then validation MUST fail.

   5.  Confirming that the eContentType object identifier (OID) is id-
       ct-geofeedCSVwithCRLF (1.2.840.113549.  This OID
       MUST appear within both the eContentType in the encapContentInfo
       object and the ContentType signed attribute in the signerInfo
       object (see [RFC6488]).

   6.  Verifying that the IP Address Delegation certificate extension
       [RFC3779] covers all of the address ranges of the geofeed file.
       If all of the address ranges are not covered, then validation
       MUST fail.

   All of the above steps MUST be successful to consider the geofeed
   file signature as valid.

   The authenticator MUST be hidden as a series of "#" comments at the
   end of the geofeed file.  The following simple example is
   cryptographically incorrect:

Bush, et al.             Expires 25 August 2024                 [Page 9]
Internet-Draft       Finding and Using Geofeed Data        February 2024

       # RPKI Signature: -
       # IhvcNAQkQAS+gggSxMIIErTCCA5WgAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZu
       # imwYkXpiMxw44EZqDjl36MiWsRDLdgoijBBcGbibwyAfGeR46k5raZCGvxG+4xa
       # O8PDTxTfIYwAnBjRBKAqAZ7yX5xHfm58jUXsZJ7Ileq1S7G6Kk=
       # End Signature: -

   A correct and full example is in Appendix A.

   The CMS signature does not cover the signature lines.

   The bracketing "# RPKI Signature:" and "# End Signature:" MUST be
   present as shown in the example.  The RPKI Signature's IP address
   range MUST match that of the geofeed URL in the inetnum: that points
   to the geofeed file.

6.  Operational Considerations

   To create the needed inetnum: objects, an operator wishing to
   register the location of their geofeed file needs to coordinate with
   their Regional Internet Registry (RIR) or National Internet Registry
   (NIR) and/or any provider Local Internet Registry (LIR) that has
   assigned address ranges to them.  RIRs/NIRs provide means for
   assignees to create and maintain inetnum: objects.  They also provide
   means of assigning or sub-assigning IP address resources and allowing
   the assignee to create WHOIS data, including inetnum: objects,
   thereby referring to geofeed files.

   The geofeed files MUST be published via and fetched using HTTPS

   When using data from a geofeed file, one MUST ignore data outside the
   referring inetnum: object's inetnum: attribute address range.

   If and only if the geofeed file is not signed per Section 5, then
   multiple inetnum: objects MAY refer to the same geofeed file, and the
   consumer MUST use only lines in the geofeed file where the prefix is
   covered by the address range of the inetnum: object's URL it has

   If the geofeed file is signed, and the signer's certificate changes,
   the signature in the geofeed file MUST be updated.

   It is good key hygiene to use a given key for only one purpose.  To
   dedicate a signing private key for signing a geofeed file, an RPKI
   Certification Authority (CA) may issue a subordinate certificate
   exclusively for the purpose shown in Appendix A.

Bush, et al.             Expires 25 August 2024                [Page 10]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   Harvesting and publishing aggregated geofeed data outside of the RPSL
   model should be avoided as it can have the effect that more specifics
   from one aggregatee could undesirably affect the less specifics of a
   different aggregatee.  Moreover, publishing aggregated geofeed data
   prevents the reader of the data to perform the checks described in
   Section 4 and Section 5.

   At the time of publishing this document, geolocation providers have
   bulk WHOIS data access at all the RIRs.  An anonymized version of
   such data is openly available for all RIRs except ARIN, which
   requires an authorization.  However, for users without such
   authorization, the same result can be achieved with extra RDAP
   effort.  There is open-source code to pass over such data across all
   RIRs, collect all geofeed references, and process them

   To prevent undue load on RPSL and geofeed servers, entity-fetching
   geofeed data using these mechanisms MUST NOT do frequent real-time
   lookups.  Section 3.4 of [RFC8805] suggests use of the HTTP Expires
   header [RFC7234] to signal when geofeed data should be refetched.  As
   the data change very infrequently, in the absence of such an HTTP
   Header signal, collectors SHOULD NOT fetch more frequently than
   weekly.  It would be polite not to fetch at magic times such as
   midnight UTC, the first of the month, etc., because too many others
   are likely to do the same.

7.  Privacy Considerations

   [RFC8805] geofeed data may reveal the approximate location of an IP
   address, which might in turn reveal the approximate location of an
   individual user.  Unfortunately, [RFC8805] provides no privacy
   guidance on avoiding or ameliorating possible damage due to this
   exposure of the user.  In publishing pointers to geofeed files as
   described in this document, the operator should be aware of this
   exposure in geofeed data and be cautious.  All the privacy
   considerations of Section 4 of [RFC8805] apply to this document.

   Where [RFC8805] provided the ability to publish location data, this
   document makes bulk access to those data readily available.  This is
   a goal, not an accident.

8.  Implementation Status

   At the time of publishing this document, the geofeed: attribute in
   inetnum objects has been implemented in the RIPE and APNIC databases.

   Registrants in databases which do not yet support the geofeed:
   attribute are using the remarks:, or equivalent, attribute.

Bush, et al.             Expires 25 August 2024                [Page 11]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   At the time of publishing this document, the registry data published
   by ARIN are not the same RPSL as that of the other registries (see
   [RFC7485] for a survey of the WHOIS Tower of Babel); therefore, when
   fetching from ARIN via FTP [RFC0959], WHOIS [RFC3912], the
   Registration Data Access Protocol (RDAP) [RFC9082], etc., the
   "NetRange" attribute/key must be treated as "inetnum", and the
   "Comment" attribute must be treated as "remarks".

   [rpki-client] can be used to authenticate a signed geofeed file.

9.  Security Considerations

   It is generally prudent for a consumer of geofeed data to also use
   other sources to cross-validate the data.  All the security
   considerations of [RFC8805] apply here as well.

   The consumer of geofeed data SHOULD fetch and process the data
   themselves.  Importing datasets produced and/or processed by a third-
   party places significant trust in the third-party.

   As mentioned in Section 5, some RPSL repositories have weak, if any,
   authentication.  This allows spoofing of inetnum: objects pointing to
   malicious geofeed files.  Section 5 suggests an unfortunately complex
   method for stronger authentication based on the RPKI.

   For example, if an inetnum: for a wide address range (e.g., a /16)
   points to an RPKI-signed geofeed file, a customer or attacker could
   publish an unsigned equal or narrower (e.g., a /24) inetnum: in a
   WHOIS registry that has weak authorization, abusing the rule that the
   most-specific inetnum: object with a geofeed reference MUST be used.

   If signatures were mandatory, the above attack would be stymied, but
   of course that is not happening anytime soon.

   The RPSL providers have had to throttle fetching from their servers
   due to too-frequent queries.  Usually, they throttle by the querying
   IP address or block.  Similar defenses will likely need to be
   deployed by geofeed file servers.

10.  IANA Considerations

   In the SMI Security for S/MIME CMS Content Type
   (1.2.840.113549. in the Structure of Management Information
   (SMI) Numbers (MIB Module Registrations) registry group located at: there is an existing
   registration for:

Bush, et al.             Expires 25 August 2024                [Page 12]
Internet-Draft       Finding and Using Geofeed Data        February 2024

           Decimal: 47
           Description: id-ct-geofeedCSVwithCRLF

   On publication of this document, that reference needs to be changed
   to the new [ RFC-to-be ].

11.  Acknowledgments

   Thanks to Rob Austein for CMS and detached signature clue, George
   Michaelson for the first and substantial external review, and Erik
   Kline who was too shy to agree to coauthorship.  Additionally, we
   express our gratitude to early implementors, including Menno
   Schepers; Flavio Luciani; Eric Dugas; and Kevin Pack.  Also, thanks
   to the following geolocation providers who are consuming geofeeds
   with this described solution: Jonathan Kosgei (, Ben
   Dowling (, and Pol Nisenblat (  For an
   amazing number of helpful reviews, we thank Job Snijders, who also
   found an ASN.1 'inherit' issue; Adrian Farrel; Antonio Prado;
   Francesca Palombini; Jean-Michel Combes (INTDIR); John Scudder; Kyle
   Rose (SECDIR); Martin Duke; Mohamed Boucadair; Murray Kucherawy; Paul
   Kyzivat (GENART); Rob Wilton; Roman Danyliw; and Ties de Kock.

12.  References

12.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,

   [RFC2622]  Alaettinoglu, C., Villamizar, C., Gerich, E., Kessens, D.,
              Meyer, D., Bates, T., Karrenberg, D., and M. Terpstra,
              "Routing Policy Specification Language (RPSL)", RFC 2622,
              DOI 10.17487/RFC2622, June 1999,

   [RFC2725]  Villamizar, C., Alaettinoglu, C., Meyer, D., and S.
              Murphy, "Routing Policy System Security", RFC 2725,
              DOI 10.17487/RFC2725, December 1999,

   [RFC3629]  Yergeau, F., "UTF-8, a transformation format of ISO
              10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
              2003, <>.

Bush, et al.             Expires 25 August 2024                [Page 13]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   [RFC3779]  Lynn, C., Kent, S., and K. Seo, "X.509 Extensions for IP
              Addresses and AS Identifiers", RFC 3779,
              DOI 10.17487/RFC3779, June 2004,

   [RFC4012]  Blunk, L., Damas, J., Parent, F., and A. Robachevsky,
              "Routing Policy Specification Language next generation
              (RPSLng)", RFC 4012, DOI 10.17487/RFC4012, March 2005,

   [RFC4648]  Josefsson, S., "The Base16, Base32, and Base64 Data
              Encodings", RFC 4648, DOI 10.17487/RFC4648, October 2006,

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,

   [RFC5652]  Housley, R., "Cryptographic Message Syntax (CMS)", STD 70,
              RFC 5652, DOI 10.17487/RFC5652, September 2009,

   [RFC6481]  Huston, G., Loomans, R., and G. Michaelson, "A Profile for
              Resource Certificate Repository Structure", RFC 6481,
              DOI 10.17487/RFC6481, February 2012,

   [RFC6487]  Huston, G., Michaelson, G., and R. Loomans, "A Profile for
              X.509 PKIX Resource Certificates", RFC 6487,
              DOI 10.17487/RFC6487, February 2012,

   [RFC6488]  Lepinski, M., Chi, A., and S. Kent, "Signed Object
              Template for the Resource Public Key Infrastructure
              (RPKI)", RFC 6488, DOI 10.17487/RFC6488, February 2012,

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <>.

   [RFC8805]  Kline, E., Duleba, K., Szamonek, Z., Moser, S., and W.
              Kumari, "A Format for Self-Published IP Geolocation
              Feeds", RFC 8805, DOI 10.17487/RFC8805, August 2020,

Bush, et al.             Expires 25 August 2024                [Page 14]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   [RFC8933]  Housley, R., "Update to the Cryptographic Message Syntax
              (CMS) for Algorithm Identifier Protection", RFC 8933,
              DOI 10.17487/RFC8933, October 2020,

   [RFC9110]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
              Ed., "HTTP Semantics", STD 97, RFC 9110,
              DOI 10.17487/RFC9110, June 2022,

   [RFC9286]  Austein, R., Huston, G., Kent, S., and M. Lepinski,
              "Manifests for the Resource Public Key Infrastructure
              (RPKI)", RFC 9286, DOI 10.17487/RFC9286, June 2022,

12.2.  Informative References

              "geofeed-finder", commit 5f557a4, June 2021,

              Singh, J. and T. Harrison, "An RDAP Extension for Geofeed
              Data", Work in Progress, Internet-Draft, draft-ietf-
              regext-rdap-geofeed-01, 17 December 2023,

   [INET6NUM] RIPE NCC, "Description of the INET6NUM Object", October
              2019, <

   [INETNUM]  RIPE NCC, "Description of the INETNUM Object", June 2020,

   [RFC0959]  Postel, J. and J. Reynolds, "File Transfer Protocol",
              STD 9, RFC 959, DOI 10.17487/RFC0959, October 1985,

   [RFC3912]  Daigle, L., "WHOIS Protocol Specification", RFC 3912,
              DOI 10.17487/RFC3912, September 2004,

Bush, et al.             Expires 25 August 2024                [Page 15]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   [RFC4632]  Fuller, V. and T. Li, "Classless Inter-domain Routing
              (CIDR): The Internet Address Assignment and Aggregation
              Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August
              2006, <>.

   [RFC5485]  Housley, R., "Digital Signatures on Internet-Draft
              Documents", RFC 5485, DOI 10.17487/RFC5485, March 2009,

   [RFC6269]  Ford, M., Ed., Boucadair, M., Durand, A., Levis, P., and
              P. Roberts, "Issues with IP Address Sharing", RFC 6269,
              DOI 10.17487/RFC6269, June 2011,

   [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
              Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
              RFC 7234, DOI 10.17487/RFC7234, June 2014,

   [RFC7485]  Zhou, L., Kong, N., Shen, S., Sheng, S., and A. Servin,
              "Inventory and Analysis of WHOIS Registration Objects",
              RFC 7485, DOI 10.17487/RFC7485, March 2015,

   [RFC7909]  Kisteleki, R. and B. Haberman, "Securing Routing Policy
              Specification Language (RPSL) Objects with Resource Public
              Key Infrastructure (RPKI) Signatures", RFC 7909,
              DOI 10.17487/RFC7909, June 2016,

   [RFC9082]  Hollenbeck, S. and A. Newton, "Registration Data Access
              Protocol (RDAP) Query Format", STD 95, RFC 9082,
              DOI 10.17487/RFC9082, June 2021,

   [RFC9092]  Bush, R., Candela, M., Kumari, W., and R. Housley,
              "Finding and Using Geofeed Data", RFC 9092,
              DOI 10.17487/RFC9092, July 2021,

   [RIPE-DB]  RIPE NCC, "RIPE Database Documentation",

   [RIPE181]  RIPE NCC, "Representation Of IP Routing Policies In A
              Routing Registry", October 1994,

Bush, et al.             Expires 25 August 2024                [Page 16]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   [RIPE81]   RIPE NCC, "Representation Of IP Routing Policies In The
              RIPE Database", February 1993,

              Snijders, J., "Example on how to use rpki-client to
              authenticate a signed Geofeed", September 2023,

Appendix A.  Example

   This appendix provides an example, including a trust anchor, a
   Certificate Revocation List (CRL) signed by the trust anchor, a CA
   certificate subordinate to the trust anchor, a CRL signed by the CA,
   an end-entity certificate subordinate to the CA for signing the
   geofeed, and a detached signature.

   The trust anchor is represented by a self-signed certificate.  As
   usual in the RPKI, the trust anchor has authority over all IPv4
   address blocks, all IPv6 address blocks, and all Autonomous Systam
   (AS) numbers.

      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----

Bush, et al.             Expires 25 August 2024                [Page 17]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   The CRL issued by the trust anchor.

      -----BEGIN X509 CRL-----
      -----END X509 CRL-----

   The CA certificate is issued by the trust anchor.  This certificate
   grants authority over one IPv4 address block ( and two
   AS numbers (64496 and 64497).

      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----

Bush, et al.             Expires 25 August 2024                [Page 18]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   The CRL issued by the CA.

      -----BEGIN X509 CRL-----
      -----END X509 CRL-----

   The end-entity certificate is issued by the CA.  This certificate
   grants signature authority for one IPv4 address block (
   Signature authority for AS numbers is not needed for geofeed data
   signatures, so no AS numbers are included in the end-entity

      -----BEGIN CERTIFICATE-----
      -----END CERTIFICATE-----

Bush, et al.             Expires 25 August 2024                [Page 19]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   The end-entity certificate is displayed below in detail.  For
   brevity, the other two certificates are not.

         0 1110: SEQUENCE {
         4  830:  SEQUENCE {
         8    3:   [0] {
        10    1:    INTEGER 2
               :     }
        13   20:   INTEGER
               :    27 AD 39 40 83 D7 F2 B5 B9 9B 86 70 C7 75 B2 B9
               :    6E E1 66 F0
        35   13:   SEQUENCE {
        37    9:    OBJECT IDENTIFIER
               :     sha256WithRSAEncryption (1 2 840 113549 1 1 11)
        48    0:    NULL
               :     }
        50   51:   SEQUENCE {
        52   49:    SET {
        54   47:     SEQUENCE {
        56    3:      OBJECT IDENTIFIER commonName (2 5 4 3)
        61   40:      PrintableString
               :       '3ACE2CEF4FB21B7D11E3E184EFC1E297B3778642'
               :       }
               :      }
               :     }
       103   30:   SEQUENCE {
       105   13:    UTCTime 23/09/2023 15:55:38 GMT
       120   13:    UTCTime 19/07/2024 15:55:38 GMT
               :     }
       135   51:   SEQUENCE {
       137   49:    SET {
       139   47:     SEQUENCE {
       141    3:      OBJECT IDENTIFIER commonName (2 5 4 3)
       146   40:      PrintableString
               :       '914652A3BD51C144260198889F5C45ABF053A187'
               :       }
               :      }
               :     }
       188  290:   SEQUENCE {
       192   13:    SEQUENCE {
       194    9:     OBJECT IDENTIFIER
               :      rsaEncryption (1 2 840 113549 1 1 1)
       205    0:     NULL
               :      }
       207  271:    BIT STRING, encapsulates {
       212  266:     SEQUENCE {
       216  257:      INTEGER
               :      00 B2 71 34 2B 39 BF EA 07 65 B7 8B 72 A2 F0 F8

Bush, et al.             Expires 25 August 2024                [Page 20]
Internet-Draft       Finding and Using Geofeed Data        February 2024

               :      40 FC 31 16 CA 28 B6 4E 01 A8 F6 98 02 C0 EF 65
               :      B0 84 48 E9 96 FF 93 E6 92 89 65 8F F6 44 9C CE
               :      57 10 82 D3 C2 57 0A FA DA 14 D0 64 22 28 C0 13
               :      74 04 BD 1C 2B 4F F9 93 58 A6 25 D8 B9 A9 D3 37
               :      9E F2 AC C0 CF 02 9E 84 75 D6 F0 7C A5 01 70 AE
               :      E6 66 AF 9C 69 85 74 6F 13 E9 B3 B8 95 4B 82 ED
               :      95 D6 EA 66 05 7B 96 96 87 B2 9A E7 61 E9 65 89
               :      F8 60 E3 C0 F5 CE DD 18 97 05 E8 C1 AC E1 4D 5E
               :      16 85 2D ED 3C CB 80 CF 7E BF D2 FE D5 C9 38 19
               :      BB 43 34 29 B6 66 CF 2D 8B 46 7E 9A D8 BB 8E 65
               :      88 51 6A A8 FF 78 51 E2 E9 21 27 D7 77 7E 80 28
               :      6C EA 4C 50 9C 73 71 16 F6 5E 54 14 4D 4C 14 B9
               :      67 A0 4A 20 AA DA 0B A0 A0 01 B7 42 24 38 51 8A
               :      78 2F C4 81 E6 81 75 62 DE E3 AF 5D 74 2F 6B 41
               :      FB 79 C3 A8 3A 72 6C 46 F9 A6 03 74 81 01 DF 8C
               :      EB
       477    3:      INTEGER 65537
               :       }
               :      }
               :     }
       482  352:   [3] {
       486  348:    SEQUENCE {
       490   29:     SEQUENCE {
       492    3:      OBJECT IDENTIFIER
               :       subjectKeyIdentifier (2 5 29 14)
       497   22:      OCTET STRING, encapsulates {
       499   20:       OCTET STRING
               :      91 46 52 A3 BD 51 C1 44 26 01 98 88 9F 5C 45 AB
               :      F0 53 A1 87
               :        }
               :       }
       521   31:     SEQUENCE {
       523    3:      OBJECT IDENTIFIER
               :       authorityKeyIdentifier (2 5 29 35)
       528   24:      OCTET STRING, encapsulates {
       530   22:       SEQUENCE {
       532   20:        [0]
               :      3A CE 2C EF 4F B2 1B 7D 11 E3 E1 84 EF C1 E2 97
               :      B3 77 86 42
               :         }
               :        }
               :       }
       554   14:     SEQUENCE {
       556    3:      OBJECT IDENTIFIER keyUsage (2 5 29 15)
       561    1:      BOOLEAN TRUE
       564    4:      OCTET STRING, encapsulates {
       566    2:       BIT STRING 7 unused bits
               :        '1'B (bit 0)

Bush, et al.             Expires 25 August 2024                [Page 21]
Internet-Draft       Finding and Using Geofeed Data        February 2024

               :        }
               :       }
       570   24:     SEQUENCE {
       572    3:      OBJECT IDENTIFIER certificatePolicies (2 5 29 32)
       577    1:      BOOLEAN TRUE
       580   14:      OCTET STRING, encapsulates {
       582   12:       SEQUENCE {
       584   10:        SEQUENCE {
       586    8:         OBJECT IDENTIFIER
               :          resourceCertificatePolicy (1 3 6 1 5 5 7 14 2)
               :          }
               :         }
               :        }
               :       }
       596   97:     SEQUENCE {
       598    3:      OBJECT IDENTIFIER
               :       cRLDistributionPoints (2 5 29 31)
       603   90:      OCTET STRING, encapsulates {
       605   88:       SEQUENCE {
       607   86:        SEQUENCE {
       609   84:         [0] {
       611   82:          [0] {
       613   80:           [6]
               :          'rsync://'
               :          '2CEF4FB21B7D11E3E184EFC1E297B3778642.crl'
               :            }
               :           }
               :          }
               :         }
               :        }
               :       }
       695  108:     SEQUENCE {
       697    8:      OBJECT IDENTIFIER
               :       authorityInfoAccess (1 3 6 1 5 5 7 1 1)
       707   96:      OCTET STRING, encapsulates {
       709   94:       SEQUENCE {
       711   92:        SEQUENCE {
       713    8:         OBJECT IDENTIFIER
               :          caIssuers (1 3 6 1 5 5 7 48 2)
       723   80:         [6]
               :          'rsync://'
               :          '2CEF4FB21B7D11E3E184EFC1E297B3778642.cer'
               :          }
               :         }
               :        }
               :       }
       805   31:     SEQUENCE {
       807    8:      OBJECT IDENTIFIER

Bush, et al.             Expires 25 August 2024                [Page 22]
Internet-Draft       Finding and Using Geofeed Data        February 2024

               :       ipAddrBlocks (1 3 6 1 5 5 7 1 7)
       817    1:      BOOLEAN TRUE
       820   16:      OCTET STRING, encapsulates {
       822   14:       SEQUENCE {
       824   12:        SEQUENCE {
       826    2:         OCTET STRING 00 01
       830    6:         SEQUENCE {
       832    4:          BIT STRING
               :           '010000000000000000000011'B
               :           }
               :          }
               :         }
               :        }
               :       }
               :      }
               :     }
               :    }
       838   13:  SEQUENCE {
       840    9:   OBJECT IDENTIFIER
               :    sha256WithRSAEncryption (1 2 840 113549 1 1 11)
       851    0:   NULL
               :    }
       853  257:  BIT STRING
               :   97 1B 76 E4 55 1E 7B 4F AE 0A 27 53 1F EE 29 EC
               :   0B 77 BB 69 DC 80 77 06 4E C6 A0 DD 47 28 3E 37
               :   04 FC 8D 49 81 02 51 BB D4 E2 33 88 8D 07 50 BB
               :   2D B7 5D D7 7D 60 31 D9 62 2F 91 90 DC FE 10 7C
               :   A9 DF 92 E3 D1 E9 2D 55 F2 CB AA E9 94 F5 29 04
               :   72 2C 9C 7E 10 F8 03 37 6A DB FE 28 E2 D1 33 8A
               :   E9 12 8F 34 17 46 95 75 4B 8E D8 78 C7 FB AE D4
               :   EE 15 E7 81 8B 12 10 C0 3D 00 BC 21 49 B9 8A 7B
               :   4B FC 7C 75 33 5C 76 A6 D3 7F FA 3E 47 0F 75 D4
               :   5D DD F1 D7 7C A2 B3 AB BB E7 C9 DB 03 B3 43 E3
               :   42 4D 84 61 B9 24 D1 90 80 37 21 2F 82 10 CC 88
               :   72 94 C3 42 F9 B2 94 8B 2C 8C 1F 3D CC AA 85 40
               :   92 52 01 F3 A2 16 51 CB FB D8 C7 A4 AB E8 B8 E9
               :   3F F0 DD 19 DA 1A 7E 31 ED 10 09 72 D5 49 5B 0D
               :   DE E5 83 2B 16 74 1C BA E6 86 3A CD 10 72 8C 56
               :   EC 18 B8 5B B1 20 F1 F2 B5 7D DF DF E9 F8 D9 F7
               :   }

   To allow reproduction of the signature results, the end-entity
   private key is provided.  For brevity, the other two private keys are

Bush, et al.             Expires 25 August 2024                [Page 23]
Internet-Draft       Finding and Using Geofeed Data        February 2024

      -----BEGIN RSA PRIVATE KEY-----
      -----END RSA PRIVATE KEY-----

   Signing of ",US,WA,Seattle," (terminated by CR and LF),
   yields the following detached CMS signature.

Bush, et al.             Expires 25 August 2024                [Page 24]
Internet-Draft       Finding and Using Geofeed Data        February 2024

      # RPKI Signature:
      # IhvcNAQkQAS+gggRaMIIEVjCCAz6gAwIBAgIUJ605QIPX8rW5m4Zwx3WyuW7hZv
      # QrOb/qB2W3i3Ki8PhA/DEWyii2TgGo9pgCwO9lsIRI6Zb/k+aSiWWP9kSczlcQg
      # tPCVwr62hTQZCIowBN0BL0cK0/5k1imJdi5qdM3nvKswM8CnoR11vB8pQFwruZm
      # r5xphXRvE+mzuJVLgu2V1upmBXuWloeymudh6WWJ+GDjwPXO3RiXBejBrOFNXha
      # FLe08y4DPfr/S/tXJOBm7QzQptmbPLYtGfprYu45liFFqqP94UeLpISfXd36AKG
      # zqTFCcc3EW9l5UFE1MFLlnoEogqtoLoKABt0IkOFGKeC/EgeaBdWLe469ddC9rQ
      # ft5w6g6cmxG+aYDdIEB34zrAgMBAAGjggFgMIIBXDAdBgNVHQ4EFgQUkUZSo71R
      # wUQmAZiIn1xFq/BToYcwHwYDVR0jBBgwFoAUOs4s70+yG30R4+GE78Hil7N3hkI
      # 0fBFowWDBWoFSgUoZQcnN5bmM6Ly9ycGtpLmV4YW1wbGUubmV0L3JlcG9zaXRvc
      # jANBgkqhkiG9w0BAQsFAAOCAQEAlxt25FUee0+uCidTH+4p7At3u2ncgHcGTsag
      # 3UcoPjcE/I1JgQJRu9TiM4iNB1C7Lbdd131gMdliL5GQ3P4QfKnfkuPR6S1V8su
      # q6ZT1KQRyLJx+EPgDN2rb/iji0TOK6RKPNBdGlXVLjth4x/uu1O4V54GLEhDAPQ
      # C8IUm5intL/Hx1M1x2ptN/+j5HD3XUXd3x13yis6u758nbA7ND40JNhGG5JNGQg
      # DchL4IQzIhylMNC+bKUiyyMHz3MqoVAklIB86IWUcv72Mekq+i46T/w3RnaGn4x
      # 7RAJctVJWw3e5YMrFnQcuuaGOs0QcoxW7Bi4W7Eg8fK1fd/f6fjZ9zGCAaowggG
      # mAgEDgBSRRlKjvVHBRCYBmIifXEWr8FOhhzALBglghkgBZQMEAgGgazAaBgkqhk
      # TUzOFowLwYJKoZIhvcNAQkEMSIEICvi8p5S8ckg2wTRhDBQzGijjyqs5T6I+4Vt
      # 0WULMc+o6gRJFt3wmKNW2nYPrDbocJ+Q/rDMGxbp4QetJ0MQtn1+AYAS8v5jPDO
      # 4a63U4/mJ2D3wSnQsDP0lUVknqRzfnS66HgHqiOVdHB0U+OnMEJuqHNTLx0dknb
      # L3zwxyDJTHdo+dMB0U9xdcjwpsPM3xqg57EXj5EIQK5JbardXCjrsysAnEdktUY
      # oyayGNbbQelANYJcOmuHhSXArR+qqzvNP2MDRqqKEcpd65YW6FSnqlVMIBH2M3P
      # D2F0p3sdm4IeGAZWaERVB4AXO1PUFDNdhamr4XpIwqIoAig7xiLm7j8qu5Oc=
      # End Signature:

Authors' Addresses

   Randy Bush
   IIJ Research & Arrcus
   5147 Crystal Springs
   Bainbridge Island, Washington 98110
   United States of America

Bush, et al.             Expires 25 August 2024                [Page 25]
Internet-Draft       Finding and Using Geofeed Data        February 2024

   Massimo Candela
   Veemweg 23
   3771 MT Barneveld

   Warren Kumari
   1600 Amphitheatre Parkway
   Mountain View, CA 94043
   United States of America

   Russ Housley
   Vigil Security, LLC
   516 Dranesville Road
   Herndon, VA 20170
   United States of America

Bush, et al.             Expires 25 August 2024                [Page 26]