On March 18, 2025, at around 9:38 AM UTC, connectivity to AS131279 dropped. Shortly after, at 9:50 AM UTC, a change in the Start of Authority (SOA) record and an update to the Route Origin Authorization (ROA) were detected.

The update introduced a new ROA for 175.45.176.0/22, authorizing AS131279 as the origin but setting a maximum prefix length of /22. Previously, AS131279 had been announcing four /24s (175.45.176.0/24, 175.45.177.0/24, etc.), which had not been marked as invalid. After the change, these /24s exceeded the allowed length and were classified as RPKI Invalid.

Until these changes are fixed, anything in 175.45.176.0/22 will remain unreachable. Interestingly these errors come almost a month after some unauthorized changes were made: https://nkinternet.wordpress.com/2025/02/23/north-korea-whois-records-hijacked/

Update

Looks like as of 2025-03-19 02:15 UTC everything is coming back online. It is interesting however that it took 17 hours between when the initial connections dropped and when everything came back online.