The audit meeting where an address block becomes a board problem

The discovery usually starts in a room that was not convened for Internet governance. A bank is preparing for a regulatory technology audit. An insurer is reconciling disaster-recovery assets after a merger. A logistics group is reviewing externally reachable systems accumulated through two decades of acquisitions. A mining company is carving a regional subsidiary out of a larger group. An airline is answering a cyber-insurance questionnaire that asks for a precise map of public network exposure across airport, ticketing and cargo systems. In the evidence pack is a block of public IPv4 addresses that nobody in the room quite owns in the managerial sense, although the company may have used it, paid for services around it, or carried it in technical records for decades.

The network team sees reserve capacity and risk. It remembers old routers, partner tunnels, remote-office circuits, disaster-recovery runbooks, firewall exceptions and monitoring rules that were built around the range. Treasury sees a scarce position that may be worth real money, even if the fixed-asset register never treated it like land, spectrum, aircraft parts or software licenses. Legal sees another thing again: a record at a regional Internet registry, possible gaps in title evidence, old letters of authority, corporate succession questions, sanctions screening, anti-abuse exposure and reputational risk. Compliance asks whether critical systems depend on undocumented public addressing. Corporate development asks whether a divested subsidiary should receive a slice, temporary use, compensation or nothing. A business unit asks whether the block is needed for resilience. Nobody is wrong. That is why the issue has become a board problem.

This is the economics of enterprise legacy holders. The holder is not a specialist Internet-infrastructure business whose address inventory is the product. It is a non-network enterprise: a bank, insurer, industrial group, conglomerate, airline, logistics operator, retailer, payment network, government-linked enterprise, mining or oil group, or large private company that obtained or inherited public IPv4 when allocation was administrative rather than market-priced. The addresses may be live, partly live, poorly documented or effectively idle. They may be crucial to a few old systems and irrelevant to everything else. They may have survived acquisitions because disturbing a working network was always easier to postpone than explain.

The corporate question is not simply whether to keep or sell. It is how to value an option whose recognized control is maintained outside the company, under registry processes that were not designed for an asset-grade market. The address block offers choices: keep it, renumber out of it, lease it, sell it, transfer it, reserve it for failover, contribute it to a joint venture, divide it during M&A, or treat it as a collateral-like form of operational capital. Each choice depends on evidence. Who is the recognized holder? Can the chain of custody be proven? Does the registry record match corporate history? Would a counterparty accept the paperwork? Would the registry process the transfer? Could a rule originally meant for technical coordination become a modern enforcement lever? In ordinary asset markets such questions are tedious but routine. In IPv4 they can determine whether a balance-sheet option is real, discounted or unusable.

AFRINIC matters here not because every enterprise legacy holder sits in its service region, and not because any official registry narrative should be treated as the final word. It matters because AFRINIC has made the registry layer visible. Address-theft reporting in 2019, the contested Cloud Innovation litigation, receivership and election discontinuity all show what happens when scarce value depends on a record system whose authority, process and continuity become contested. For an enterprise executive, the lesson is narrower than the politics around AFRINIC. Registry certainty is part of value. When the record layer is trusted, IPv4 becomes more financeable. When it is uncertain, the block remains an option, but an option with a discount.

How administrative residue became corporate capital

IPv4 addresses did not enter corporate life as conventional assets. They were unique technical identifiers required for networks to communicate. In the earlier Internet, allocation logic was administrative: prove need, receive space, configure systems, keep services reachable. Many large enterprises acquired public space because they had real connectivity needs at a time when abundance made opportunity cost look small. The administrative act did not feel like the grant of a scarce economic position. It felt like a coordination record.

Scarcity changed the nature of that record. The finite supply of IPv4, the slow and uneven adoption of IPv6, and the persistence of dual-stack economics turned old public address blocks into something more than technical convenience. Transfer markets gave them visible prices. Leasing gave them yield. Network dependence gave them operational embeddedness. Litigation gave them legal salience. Security filtering, reputation systems, routing policy and anti-abuse practices gave them quality differences. The old registry entry acquired the features of capital without the institutional infrastructure that normally surrounds capital.

That transformation is awkward for enterprises because internal systems were not built to see it. Fixed-asset registers may list buildings, turbines, vehicles, aircraft spares, data-centre equipment, core banking software and spectrum licenses. They often do not list a legacy IPv4 block as a strategic asset. The network team may track it in IP address management software, router configurations or spreadsheets. Legal may hold an allocation letter, a merger file or nothing at all. Treasury may never have been told the block exists. Internal audit may classify it as an information-technology control item rather than a monetizable reserve. Corporate development may encounter it only when a subsidiary separation forces questions about routes, reverse DNS, registry contacts and associated provider contracts.

The result is a mismatch between economic reality and corporate memory. A company may be sitting on a scarce asset whose market value is material while treating it as obsolete technical residue. Or it may overstate the simplicity of monetization, assuming that because addresses have market value they can be sold like inventory. Both mistakes are expensive. Under-recognition leaves capital idle and exposed to poor control. Over-recognition invites legal, operational and registry-process risk.

The more useful frame is a bundle of internal options. An old public block can support business continuity, reduce dependence on external providers, give a subsidiary independent network footing, supply temporary capacity during a migration, or create liquidity in a stressed balance-sheet environment. It can be leased if the company accepts reputation and counterparty management. It can be sold if the business can renumber and establish clean transfer evidence. It can be held against future public-reachability needs even if current utilization is modest.

Options, however, require exercisability. A call option that cannot be settled is worth less than one that can. A legacy IPv4 block whose holder identity is clear, whose corporate approvals are documented, whose registry contacts are current, whose routing history is clean and whose transfer path is predictable will command a different valuation from a block with stale contacts, disputed succession, missing evidence, spam reputation problems or uncertain registry treatment. The asset is not only the address range. It is the address range plus confidence that the recognized claim can endure, move and be relied upon.

Why non-network enterprises are reluctant suppliers

Enterprise legacy holders are often described as latent supply, and the description is correct as far as it goes. Large non-network organizations control or inherited address space that may exceed current operational need. Banks consolidated data centres. Insurers moved claims and customer systems into managed environments. Airlines outsourced parts of reservation, cargo and loyalty infrastructure. Retail groups modernized payment and point-of-sale platforms. Industrial companies closed plants, sold divisions or placed operational technology behind private addressing and tightly controlled gateways. A public block that once supported thousands of directly numbered endpoints may now support a few remote-access gateways, partner allowlists, monitoring probes and old firewall assumptions.

Yet latent supply is not the same as available supply. Enterprise holders are reluctant because their decision calculus differs from that of professional address-market participants. They do not wake up each morning trying to optimize IPv4 yield. They are trying to keep payment systems, logistics chains, aircraft operations, claims platforms, mine sites, refineries, customer portals, treasury links and compliance interfaces working. A network executive who proposes selling a block may inherit every future outage blamed on renumbering. A treasurer who pushes leasing may create reputational exposure if lessees abuse the space. A legal department that approves a transfer may fear later claims from a subsidiary, joint venture, creditor or regulator. A chief information security officer may dislike the unknown behavior of counterparties. The board may see a transaction whose financial upside is modest compared with the potential embarrassment of operational failure.

This reluctance is economically rational. The enterprise values optionality, not only cash. If a block can be sold for a known amount but gives up future flexibility under uncertainty, the immediate price must compensate for lost options. If leasing generates yield but risks blacklisting, abuse complaints, law-enforcement inquiries or registry questions, the yield must compensate for those burdens. If renumbering requires changes across firewall rules, supplier allowlists, disaster-recovery plans, audit documentation, industrial-control connections and decades of undocumented exceptions, the cost is not limited to engineering hours. It includes organizational risk.

Internal IT inertia is often criticized as laziness. In legacy IPv4 matters it is frequently a form of institutional risk management. A payment-switch partner may still trust a fixed public source range. A customs interface may be allowlisted by address rather than modern identity. A remote mine site may rely on brittle routing assumptions in satellite or carrier services. A manufacturing group may have acquired a plant whose network documentation is incomplete but whose production line works. Renumbering is not a spreadsheet exercise. It is a campaign through contracts, suppliers, firewalls, monitoring tools, incident-response plans and people who have forgotten why exceptions were created.

The consequence for the broader market is that enterprise supply emerges slowly, unevenly and only when uncertainty becomes manageable. A holder may sell a clean slice but retain the rest. It may lease through a managed structure rather than transfer control. It may wait for an acquisition, restructuring, data-centre exit or audit finding to create a natural decision point. It may do nothing because doing nothing preserves the option and avoids accountability. In asset markets, inertia is often a price signal. Here it is also an evidence signal. Enterprises become suppliers when proof, process and liability allocation are strong enough for a cautious institution to act.

The internal option is only as strong as evidence

The strongest corporate case for treating a legacy IPv4 block as capital is not that it can be sold tomorrow. It is that it gives management choices under changing conditions. This menu is most visible in stress. A bank facing a data-centre exit may need public addressing for temporary parallel operation. An insurer recovering from a cyber incident may want an internally controlled range for rebuilt services. A logistics company separating a regional unit may need to divide addresses between parent and buyer without disrupting tracking systems. A mining group operating in remote regions may value independent address resources as a hedge against provider changes. A retailer rolling out a payment or loyalty platform may need stable public sources for partner integrations.

Some of these uses are mundane. Some are strategic. All have option value. The enterprise does not need to believe IPv4 will appreciate forever to value the reserve. It only needs to believe that public reachability, reputation, routing independence and transition flexibility can matter at inconvenient moments. A scarce block is a hedge against dependence on suppliers whose pricing, routing, abuse policy or service continuity may change. It is also a hedge against corporate events. During M&A, a buyer may ask whether the acquired business has independent network resources or merely borrowed ranges from the parent. During insolvency or restructuring, creditors may ask whether address resources can be monetized. During a regulatory technology audit, supervisors may ask whether critical services depend on undocumented external arrangements.

The internal option has several branches. Keeping the block preserves maximum flexibility but may leave value idle. Renumbering out of the block converts operational complexity into saleability, but it consumes management time and can create outage risk. Leasing keeps ownership-like control while producing income, but it requires counterparty screening, abuse management, routing hygiene and clarity over registry expectations. Selling produces liquidity and removes administration, but it gives up future optionality. Transferring part of the block to a subsidiary may solve an M&A problem while weakening group-level continuity. Holding it for disaster recovery may be prudent for a high-resilience business and wasteful for one with no plausible need.

The phrase "collateral-like" should be used carefully. Many legal systems and registry contracts avoid treating IPv4 addresses as ordinary property. Yet markets can still attach financing logic to scarce, transferable, income-producing positions. A lender does not need metaphysics; it needs control, priority, valuation, a liquidation path and confidence that a registry or court will not make enforcement impossible. If those conditions are weak, collateral value collapses even if the block has a visible market price. If they are strong, the block becomes part of the enterprise's financial flexibility.

Enterprise holders should therefore begin not with "What is our block worth?" but with "What choices does this block give us, what evidence makes those choices exercisable, and what risks would make those choices fail?" A large range with many theoretical uses but poor registry evidence is a weak option. A smaller range with clean chain of custody, current contacts, documented approvals, known routing history and a tested transfer or leasing path may be more valuable in practice. Scarcity matters. Institutional confidence decides how much of that scarcity can be converted into cash, resilience or bargaining power.

The most important work is therefore not market sounding but reconstruction. The company must know how the range entered the group, which legal entity was recognized, how mergers or name changes affected the claim, who had authority to update registry records, and whether current operating use matches public registration. In a bank with a century of mergers, an insurer with absorbed regional subsidiaries, a conglomerate with privatized state assets or an industrial group that bought and sold plants across several jurisdictions, this can be tedious. Tedious does not mean optional.

Chain of custody turns a technical holding into a defensible asset. It should include allocation letters, registry correspondence, corporate name-change records, merger documents, board or officer approvals, provider contracts, reverse-DNS arrangements, route-origin records, RPKI status where applicable, IP address management exports and evidence of current operational control. It should also record which business units rely on the space and which subsidiaries believe they have rights to it. The goal is not to create a museum. It is to ensure that when a buyer, lender, auditor or registry asks "why are you the recognized holder?", the enterprise can answer without improvising.

Poor evidence has three costs: transaction discount, internal friction and vulnerability. Buyers and brokers will lower offers or walk away if the seller cannot establish authority. Legal will delay, finance will question valuation, and IT will resist changes if nobody can prove the range is free of hidden obligations. Dormant space with stale contacts and ambiguous ownership-like claims is easier to misdirect, misuse or dispute. Once dependencies are mapped, the board may discover that part of the range is essential, part is idle and part is merely feared because nobody has checked. None of these findings should be left for the closing week of a sale.

The best practice is to appoint an internal owner before monetization is considered. Network, treasury, legal, compliance and corporate development should agree who controls evidence, who can approve changes, who maintains registry contacts, who handles abuse reports, who speaks to brokers or counterparties, and who decides whether reserve use outweighs cash value. Legacy IPv4 is not a normal IT asset, but it should not remain an orphan. The first step toward liquidity is governance inside the holder.

How registry uncertainty becomes a liquidity discount

Every market with uncertain title develops discounts. Real estate with unclear boundaries trades poorly. Receivables subject to dispute are financed at lower advance rates. Ships with murky liens and aircraft with incomplete maintenance records attract fewer buyers. IPv4 is no different. The price quoted for clean, transferable addresses is only the starting point. A legacy enterprise block must pass diligence that can reveal stale registry records, missing corporate authority, inconsistent naming, old assignments to divested entities, reputation problems, unclear routing history or regional rules that complicate transfer.

Registry uncertainty is different from ordinary technical uncertainty. A company can test routing, scan its own dependencies, audit firewall rules and clean reputation over time. But the registry record is the public recognition layer. If it is wrong, stale or exposed to discretionary reinterpretation, internal confidence is not enough. Buyers, lessees, lenders, auditors and acquirers need to know that the recognized position matches the enterprise's claimed control. They also need to know that legitimate changes can be processed without converting administrative review into a judgment on the company's business model.

The discount is not always visible in headline price data. It appears in failed transactions, longer closing periods, indemnity demands, escrow holdbacks, conservative valuations, board reluctance and quiet decisions not to bring supply to market. A buyer may prefer a more expensive block from a cleaner record environment. A lender may refuse to lend against addresses whose transfer path is unpredictable. A lessee may demand short terms because continuity depends on registry treatment. An enterprise may conclude that the asset is valuable but not worth the internal trouble of monetizing. In each case, uncertainty taxes liquidity.

This tax compounds because enterprises are sensitive to asymmetric risk. The upside of a transaction may be a few million dollars or a modest annual lease yield. The downside, in a risk committee's imagination, may be an outage, regulatory question, reputational incident or lawsuit. If the registry layer adds an unquantifiable risk that a transaction can be delayed, challenged or reframed, the decision often defaults to inaction. Inaction is not proof that the asset lacks value. It is proof that the exercise cost is too high.

Good registries create value by being predictable. They maintain accurate records, publish stable data, process legitimate changes, prevent fraud, preserve security services and keep enforcement ambitions narrow. They do not need to endorse every market narrative or use ownership language. They simply need to provide enough certainty that private parties can price risk. The moment registry discretion becomes a political or moral instrument, finance retreats. Scarcity remains, but scarcity cannot express itself cleanly. Price discovery gives way to permission risk.

AFRINIC as registry-layer evidence, not a morality tale

AFRINIC is the regional Internet registry serving Africa and parts of the Indian Ocean region, operating under the legal framework of Mauritius. Its public role includes allocation and management of IPv4, IPv6 and autonomous system numbers, along with services such as WHOIS, RDAP, reverse DNS, routing registry functions and RPKI. For enterprise holders, the relevance is evidentiary. AFRINIC shows how a registry crisis can move from specialist governance debate into the risk models of anyone who depends on the recognized record for scarce address resources.

AFRINIC arrived late in the history of IPv4. By the time scarcity became undeniable, much of the global address space had already been distributed. Public analyses of the AFRINIC crisis have noted that the registry held a relatively small share of total IPv4 compared with earlier direct allocations and other regions, but its remaining pool became unusually important because other regions had exhausted large free pools and because the market price of IPv4 made low-fee administrative allocation economically attractive. The point for enterprise holders is not to adjudicate every allocation controversy. It is that scarcity turned a coordination function into a high-stakes economic interface.

That position is institutionally fragile. A registry can describe itself as a neutral coordinator, but when its decisions affect resources worth meaningful sums, neutrality must be demonstrated through process, transparency, continuity and restraint. Counterparties begin to ask ordinary institutional-economics questions. Who controls the record? What evidence is accepted? Who supervises discretion? What remedies exist after error? Can old contracts or policy commitments be reinterpreted after businesses have relied on them? Can a registry freeze, revoke or delay changes without bearing the downstream cost?

The AFRINIC record does not answer those questions for every region. It does make the hidden surface visible. If an African bank, insurer, airline, industrial group or government-linked enterprise discovered a legacy block in its archives, recent AFRINIC history would become part of diligence. A buyer would ask whether the record is accurate. A lessee would ask whether commercial use could be challenged. A lender would ask whether institutional instability affects enforceability. A board would ask whether a sale or lease could pull the company into a controversy it does not understand.

That is why AFRINIC should be treated here as registry-layer evidence, not as a general crisis story. The issue is not whether every contested claim is right or wrong. The issue is that old enterprise allocations depend on an external institution whose processes can amplify or reduce value. Address-theft reporting, litigation, receivership and election discontinuity are not side anecdotes. They are examples of the risks that make a cautious holder keep dormant supply dormant until the record environment looks safer.

Address-theft reporting and the value of dormant records

The most concrete warning for enterprise legacy holders is the risk that dormant or poorly defended address space can be misappropriated. KrebsOnSecurity reported in December 2019 on allegations that African IPv4 address blocks with an estimated market value above $50 million had been improperly taken or sold, following a years-long investigation by researcher Ron Guilmette and reporting in South Africa. The reporting described blocks associated with businesses that were defunct or had been acquired, and alleged that records had been altered in ways that changed apparent control. AFRINIC said at the time that it was investigating. The details belong to those allegations and should be treated with that attribution. The corporate lesson is broader.

Dormant assets invite agency problems. If a block is operationally forgotten, the people best positioned to notice changes may no longer work for the enterprise. If a company was acquired, renamed or folded into a state body, the old registry evidence may not map cleanly to the current legal entity. If the block is absent from the balance sheet, treasury will not monitor it. If legal does not know it exists, no one will preserve title documents. If security sees only traffic and not economic value, suspicious routing may be treated as an abuse issue rather than an asset-control event. Weak chain of custody creates a gap between economic interest and public appearance.

The 2019 reporting is especially relevant because it involved situations corporate executives understand: businesses that changed over time, assets that outlived corporate forms, and records that could be exploited because the old administrative world did not anticipate modern market value. In a world where each IPv4 address can have a market price, an old large block is no longer a dusty technical artifact. It is a pot of value. If the recognized record can be manipulated, or if the rightful successor cannot prove continuity, that value can leak before the board knows it exists.

Enterprise holders should treat this as an asset-control problem. A company would not ignore share certificates in a subsidiary, mineral rights attached to land, aircraft parts with resale value or dormant bank accounts created by a predecessor. It should not ignore public address blocks. The work is unglamorous: identify all registered ranges, map them to current legal entities, preserve allocation letters and registry correspondence, update authorized contacts, document officer authority, compare registry data with internal systems, review routing history, check reputation and record how the block relates to business units and subsidiaries.

This does not mean every dormant block has been stolen or every registry is corrupt. It means scarcity changes the attack surface. What was once too obscure to target can become worth targeting. What was once too small for a board agenda can become large enough for litigation. The enterprise that waits until a transaction to establish chain of custody will negotiate from weakness. The enterprise that cleans evidence before deciding whether to transact preserves option value.

Cloud Innovation and the price of contested interpretation

The dispute between AFRINIC and Cloud Innovation is not the subject of this enterprise-holder analysis, but it is an unavoidable example of registry-layer risk. Public accounts describe a conflict that began with AFRINIC's concerns about Cloud Innovation's use of a large IPv4 holding and escalated into litigation in Mauritius. Internet Governance Project analysis in 2021 described AFRINIC as alleging policy and contractual violations, including concerns about out-of-region use and consistency with stated need. Cloud Innovation contested the allegations and treated potential revocation as an existential threat to its business. Court actions followed, including orders that affected AFRINIC's bank accounts and operations.

For enterprise executives, the lesson is not to choose a hero. It is to observe the risk channel. A registry's interpretation of usage, need, geography or contract purpose can become a direct threat to an address-dependent business. A holder's legal response can in turn threaten the registry's functioning. Courts, injunctions, bank accounts, elections and global coordination bodies can all become entangled. What began as a dispute about records and resource use can become a systemic controversy.

That matters to a bank or industrial group because diligence is forward-looking. A buyer of enterprise legacy space will ask not only whether the seller has addresses, but whether the registry can later revisit the basis on which the addresses are held or used. A board approving a leasing program will ask whether customer geography or commercial use could be framed as a violation. A company separating a subsidiary will ask whether transfer approval criteria are stable. A treasury team considering an asset-backed facility will ask whether registry liability is proportionate to the economic harm caused by a mistaken or delayed action.

Ordinary commercial tools help but do not solve the problem. Warranties, indemnities, escrow and insurance can allocate losses between private parties. They cannot always preserve operational continuity if the recognized record is frozen, altered, disputed or delayed. A customer outage cannot be fully repaired with damages. A failed transfer can destroy a transaction window. A lender may not want a litigation claim; it wants a clear realization path.

Litigation also changes institutional behavior. After theft allegations, a registry may become more aggressive in audits. After being sued, it may become more defensive. After criticism from other governance bodies, it may seek broader authority. After political attention, it may treat narrow administrative decisions as symbols of regional control. Each response may be understandable from inside the institution. Each can still increase uncertainty for enterprise holders whose practical question is whether an old block can be retained, transferred or monetized without becoming a test case. The diligence conclusion is simple: the registry layer is not background plumbing. It is a risk factor.

Receivership, elections and institutional continuity

AFRINIC's governance crisis adds a second layer of evidence. Even if a holder has good documents, the institution maintaining the record can face discontinuity of its own. The Number Resource Organization stated in September 2023 that the Bankruptcy Division of the Supreme Court of Mauritius had appointed an official receiver for AFRINIC, with the receiver tasked to preserve assets, oversee elections, facilitate formation of a proper board and appoint a chief executive. Commentary at the time described receivership as a mechanism to preserve organizational stability. Later public reporting described years in which AFRINIC struggled to appoint a CEO or elect board members, a suspended and annulled June 2025 election process amid concerns about voting documentation, and later attempts to rebuild governance.

The details are specialized, but the institutional signal is not. A registry can suffer governance discontinuity while its technical services remain important. It can operate under court supervision. It can have bank accounts frozen or constrained. It can lack a board. It can face winding-up litigation. It can become the focus of intervention by global coordination bodies. It can later appear to stabilize while disputes continue. For a corporate holder, registry certainty includes institutional continuity, not just database accuracy.

The effects are practical. If an enterprise wants to sell or transfer a block during a period of registry dysfunction, timelines may be uncertain. If it wants to update contacts, correct old records or split a block for a divestiture, it may face process delays or unclear authority. If a buyer is evaluating the block, the buyer may ask whether the registry is capable of processing the transaction, whether litigation could affect services, and whether another body might intervene if the registry fails. If a lender is considering financing, it will ask what happens to the registration claim during receivership, derecognition or successor arrangements.

Institutional discontinuity does not necessarily destroy value. Receivership can be read as evidence that legal mechanisms exist to preserve continuity. Technical staff may keep services running. Courts may prevent asset-stripping. Other registries and coordination bodies may plan emergency support. Policy work on registry lifecycle and derecognition can reduce future improvisation. These are reasons not to dramatize every governance problem as collapse.

But continuity mechanisms are not the same as a liquid market. Markets prefer boring institutions because boring institutions reduce diligence cost. If a registry requires a court-appointed receiver to maintain governance, the record may still function, but buyers and sellers add risk premiums. If elections are annulled or challenged, counterparties ask whether authority is settled. If a winding-up application is pending, even if opposed, lawyers must analyze what happens to services and records. The asset may remain valid, but the transaction becomes heavier.

The enterprise lesson is to separate operational survival from market confidence. The first asks whether networks keep running. The second asks whether private parties can transact without abnormal institutional risk. Enterprise supply requires both.

The treasurer's valuation problem

The treasurer approaches an old IPv4 block with familiar discipline: identify cash value, estimate carrying cost, assess liquidity, model tax and accounting treatment, and consider whether monetization improves capital efficiency. IPv4 resists the standard framework. It has a market price but imperfect title language. It can be leased but may create operational and reputational liabilities. It can be sold but only if the company can renumber and pass registry process. It may not appear on the balance sheet, but it can affect enterprise value. It may be critical to operations, but scarcity makes it tempting as a source of cash.

The first valuation mistake is to multiply addresses by a headline market price and call the result realizable value. A large block that is fully used by old systems, hard to renumber, subject to unclear registry records or carrying poor reputation will not realize that price quickly. A block whose chain of custody is clean, whose dependencies are mapped, whose reputation is good and whose transfer path is understood deserves a smaller discount. The treasurer must value not only quantity but liquidity quality.

The second mistake is to ignore internal option value. Suppose a company could sell a range for a meaningful sum but would lose an independent reserve for disaster recovery, M&A separation or future network redesign. The sale price should be compared with those options, even if accounting rules do not recognize them. A bank or payment network may rationally keep more public space than current utilization suggests because the cost of being unable to stand up emergency infrastructure during a crisis is high. An industrial group may keep space to avoid dependence on a single telecom provider in remote sites. An airline may value continuity across airport integrations more than a one-time gain.

The third mistake is to treat leasing yield as pure income. Leasing can be attractive for idle blocks, but yield must be adjusted for abuse handling, counterparty risk, routing reputation, contract enforcement, registry expectations and the possibility that a lessee contaminates the holder's asset. A treasury product that creates security and legal noise may not be worth its coupon. If leasing is used, it should be structured as controlled inventory management, not casual rental. The company needs contracts, monitoring, termination rights, abuse response, routing policy, sanctions screening and an internal owner.

Title confidence is the hinge. It includes registry recognition, corporate authority, documentary continuity, absence of known disputes, transferability, clarity over related subsidiaries and confidence that no administrative actor can retroactively destroy the economics without due process. If title confidence is low, the block may still have technical use, but its financial value is impaired. If title confidence is high, the block can become part of treasury strategy.

The treasurer's recommendation should be staged: establish evidence, map dependency, obtain legal analysis, estimate value under several liquidity discounts, then decide whether to keep, reserve, lease, sell or restructure. The exercise resembles surplus real-estate or mineral-rights review more than routine IT asset disposal. It should be slow enough to avoid mistakes and fast enough to prevent dormant value from being lost through neglect.

The CTO's renumbering problem

The chief technology officer sees the part of the asset that finance often underestimates. IPv4 addresses are not only numbers in a registry. They are woven into systems. They sit in routing tables, firewall rules, partner allowlists, monitoring thresholds, load balancers, VPN profiles, certificates, fraud systems, payment gateways, industrial-control networks, disaster-recovery runbooks, old diagrams and the memories of engineers who may have left years ago. Renumbering can be done. The question is at what cost, with what risk, and for what reward.

For non-network enterprises, the difficulty is often not scale but obscurity. A telecom operator knows address management because address management is part of the business. A bank may have excellent core infrastructure documentation and still harbor exceptions created for a correspondent banking link in 2009. A logistics group may have public addresses embedded in depot systems acquired from a regional company. An airline may have airport integrations dependent on third-party allowlists controlled by contractors. A mining company may have remote operational technology links whose public exposure is small but whose downtime cost is large. The old public block survives because it works, and because nobody has yet priced the risk of disturbing it.

The CTO must separate three categories: truly idle space, operationally used space and psychologically reserved space. Truly idle space is not routed, not depended upon and not needed for plausible continuity. It is a candidate for sale or leasing once evidence is clean. Operationally used space supports live systems and requires a renumbering program before monetization. Psychologically reserved space is held because teams are uncertain. It may be idle in fact but treated as dangerous because documentation is poor. A large share of value creation lies in converting psychological reserve into documented reserve or available supply.

That work is technical and organizational. The company should map all advertisements, internal assignments, NAT rules, externally facing services, DNS dependencies, reverse DNS, RPKI status, provider relationships and security tooling. It should identify partner allowlists and contractual dependencies. It should test whether services can move to provider-assigned space, private addressing, IPv6 where useful, or smaller public ranges. It should document what must remain stable for disaster recovery. It should create a clean boundary between addresses needed for resilience and addresses available for monetization.

The CTO should also resist the idea that IPv6 automatically makes the old block irrelevant. IPv6 may reduce future dependence on IPv4 in some systems, but many partners, customers, security processes and public Internet services still require IPv4 reachability. Dual-stack can be a long operating tax, not a magic exit. The rational enterprise strategy is not ideological. It is to use IPv6 where it lowers cost and complexity while treating IPv4 as scarce operational capital until the business no longer needs it.

Registry certainty enters the CTO's world through continuity. If a registry dispute can threaten RPKI, WHOIS or RDAP accuracy, reverse DNS or recognized control, then the technical risk is not only internal. The CTO needs assurance that a live network will not become collateral damage in an administrative or legal fight. The cleanest asset is not simply the one with the highest price. It is the one whose operational identity can survive stress.

M&A, carve-outs and the politics of splitting space

Mergers, acquisitions and divestitures are where many enterprise legacy blocks become visible. A buyer asks what network resources come with the business. A seller wants to keep a central block because it supports other units. A carved-out subsidiary has used addresses from the parent for years but has no registry relationship of its own. A conglomerate sells an industrial division whose plant systems are hard-coded to public ranges. A bank merges with another bank and discovers overlapping assumptions about address control. A government privatizes or restructures an enterprise whose old Internet resources were never treated as separable assets.

IPv4 does not always follow corporate boundaries cleanly. Addresses may be assigned by function, geography, historical accident or engineer preference rather than legal entity. A single block may support several subsidiaries. A subsidiary may announce part of a parent block. Reverse DNS may sit with a shared network team. RPKI objects may be created centrally. Provider contracts may refer to the parent. Security tooling may treat the range as one perimeter. When corporate development asks for a clean asset schedule, the network tells a more complicated story.

A sale agreement that ignores this complexity creates post-closing disputes. The buyer may assume addresses necessary to operate the business are included. The seller may assume it is only granting temporary use. The registry may require evidence of transfer that the parties did not prepare. A transition-services agreement may allow use for twelve months, while renumbering takes longer. A lender financing the acquisition may value the business assuming independent network control. A regulator may care if critical services depend on a former parent. What looked like a minor IT schedule becomes a negotiation issue.

Enterprise holders should handle IPv4 in M&A with the seriousness applied to permits, licenses, spectrum, domain names, software licenses and real estate. The diligence pack should state which ranges are used by the target, which entity is the recognized holder, whether registry transfer is required, whether the range is included, excluded or temporarily licensed, what renumbering obligations exist, what happens if registry approval is delayed, who maintains reverse DNS and RPKI, and how abuse or reputation issues are handled during transition. If addresses are retained by the seller, the buyer needs a credible migration plan. If addresses are transferred, the seller needs evidence and protections.

Splitting a block can be especially difficult. Technically, a range can be subnetted and routed in parts, but registry recognition, routing aggregation, reputation and operational dependency may not divide neatly. A seller may want to transfer a slice to the buyer while keeping the rest. The registry may have minimum transfer sizes or documentation requirements. The market may value a clean aggregate more highly than fragments. The buyer may need only a small amount but require continuity for specific services. The optimal answer may be staged: temporary use, renumbering assistance, later transfer of a clean block, or compensation instead of address transfer.

AFRINIC's troubles make the M&A lesson sharper. If registry authority is uncertain, court-supervised or politically contested, transaction lawyers become more conservative. They may require conditions precedent, longer transition periods, escrow, indemnities or alternative addressing plans. That conservatism reduces the value of enterprise supply. Corporate assets move through corporate events, not only through specialized IPv4 trades. The record system must be able to handle succession, carve-outs and transfers as ordinary commercial facts rather than exceptional policy dramas.

Market opacity and scarcity politics

IPv4 markets are more opaque than mature financial or commodity markets. Prices vary by block size, reputation, region, registry process, seller urgency, buyer need, transfer complexity and whether the transaction is a sale or lease. Public quotes conceal wide dispersion. Enterprise holders, entering the market rarely, are at an informational disadvantage. They may not know whether an offer reflects fair value, a documentation discount, a broker's margin, a buyer's fear of registry process, or the market's view of the block's reputation. This opacity reinforces reluctance.

Opacity also affects internal politics. Treasury may hear that addresses sell for a high price and accuse IT of sitting on value. IT may hear that buyers discount heavily and conclude the market is opportunistic. Legal may see inconsistent terminology and advise delay. Business units may resist because the value of keeping the block is not priced. Professional intermediaries can help with buyers, documents, escrow, leasing demand and benchmarks, but they do not eliminate the central question: who protects continuity and evidence if the process becomes contested?

Enterprise sellers differ from habitual market participants. A specialized IPv4 lessor may be willing to litigate, absorb abuse handling and manage registry politics. A bank or insurer usually is not. It wants a clean exit or a low-noise yield. A mining company does not want a public controversy about address monetization. An airline does not want its operational network discussed in governance forums. A retailer does not want customer data or payment systems pulled into a dispute about address use. The enterprise discount therefore includes a reputational component.

The phrase "unused IPv4" invites political temptation. If enterprises hold more space than they need, why not force the space into circulation, reclaim dormant blocks, impose use obligations or treat legacy holders as hoarders? The argument is emotionally simple and economically dangerous. Non-network enterprises obtained or inherited addresses under earlier rules. They built systems around them, carried risks and sometimes forgot value because the market had not yet matured. Forced redistribution would undermine title confidence across the entire market. If holders believe that a registry or community process can retroactively decide that their reserve is excessive, they will resist disclosure, avoid transactions, litigate or route around the system.

A healthier scarcity economics starts from incentives. If holders can trust that recognized claims will be respected, they have reasons to bring supply out voluntarily when price exceeds internal option value. If transfer and leasing processes are predictable, they can monetize without fear of arbitrary punishment. If fraud prevention is strong, buyers trust supply. If abuse handling is contractual and operational rather than punitive toward the record itself, reputational risk can be priced. Scarcity means different users value the resource differently: a bank may keep space for resilience, a logistics company for partner integration, an insurer for disaster recovery and a mining group for remote redundancy.

Enterprise holders are therefore a test of whether IPv4 scarcity will be handled through markets or permission. If the system respects their claims and gives them clean pathways to transact, latent supply can emerge gradually. If it treats them as targets for reclamation or moral pressure, they will retreat. The irony is that heavy-handed control can preserve the very idleness it denounces. Trust mobilizes dormant assets. Fear immobilizes them.

What a safer market would require

A safer market for enterprise legacy IPv4 does not require every jurisdiction to settle the metaphysics of property. It requires enough certainty that enterprises, buyers, lessees and lenders can act. The first requirement is accurate, auditable chain of custody. Registry records should preserve history, corporate changes, authorized contacts and dispute metadata in a way that allows legitimate succession to be proven without turning every old allocation into a discretionary negotiation.

The second requirement is separation between recordkeeping and enforcement. Registries should prevent duplicate claims, correct fraud, publish accurate data and maintain security services. They should not use deregistration or revocation threats as general-purpose punishment for commercial behavior unless an independent legal authority has required it and operational continuity has been protected. Abuse, fraud and contractual breach require remedies, but remedies should be proportionate and adjudicated. The address record should not become police station, courthouse and execution chamber.

The third requirement is non-destructive dispute handling. If a resource claim is disputed, the registry should preserve the last verified operational state while preventing conflicting transfers or fraudulent changes. It should record the dispute, require evidence and direct parties to an independent forum. It should not destabilize running networks or downstream customers simply because a holder and registry disagree. Enterprise boards will not monetize assets if doing so exposes critical services to administrative self-help.

The fourth requirement is service continuity independent of institutional immortality. RDAP, WHOIS, reverse DNS, RPKI and related publication services should have tested failover arrangements. Records should be replicated under secure and auditable conditions. RPKI succession should be designed before crisis, not improvised during one. If a registry enters receivership, insolvency, derecognition or governance paralysis, the records and security chain should survive. The administrator should be replaceable precisely because the function is critical.

The fifth requirement is predictable transfer and leasing procedure. Enterprises need to know what evidence is required, how long review takes, what objections are valid, and what rights exist if a registry delays or refuses. Buyers need assurance that closing is not a political event. Lessors need clarity about commercial use and abuse obligations. Lenders need a realization path. Uncertainty can be priced only when its boundaries are known.

Finally, the architecture should respect portability without compromising uniqueness. A resource holder should not be trapped under one fragile institution if the function can be provided by a qualified successor under coordinated rules. Portability does not mean duplicate registries or chaos. It means continuity belongs to the recognized record and the live network, not to the incumbent corporate shell. For enterprise legacy holders, that would convert a trapped administrative record into a more bankable asset. It would reduce the discount by lowering dependence on a single institutional point of failure.

Enterprise legacy holders are not villains of IPv4 scarcity. They are rational institutions holding scarce options in an uncertain governance environment. Some have too much space relative to current use. Some have old blocks that could be monetized without harming operations. Some have reserves that are prudent. Some have records that need urgent cleanup. Some do not yet know what they hold. Their collective importance lies in the fact that they represent one of the few sources of additional IPv4 supply that does not require new allocation. The supply exists, but it is locked behind corporate caution, operational memory and registry confidence.

AFRINIC's experience should be read as a warning about that confidence. The 2019 address-theft reporting shows why chain of custody matters when dormant enterprise space becomes valuable. The Cloud Innovation dispute shows how contested interpretation can become existential for an address-dependent business. Receivership and election discontinuity show that the institution maintaining the record can itself become unstable. Later efforts to rebuild show that continuity is possible, but also that markets remember stress. Each episode adds a fact to the enterprise diligence file: the value of an old block depends on the credibility of the system around it.

For a corporate board, the practical response is neither panic nor passivity. The company should inventory public IPv4 holdings, establish chain of custody, update registry contacts, map operational dependencies, clean reputation, classify reserve needs, value transaction scenarios and decide who owns the asset internally. It should treat the block as a strategic option rather than a forgotten technical line. It should avoid both ideological extremes: refusing to monetize because addresses are not assets and rushing to sell because addresses have a price. The right decision depends on evidence, optionality and risk-adjusted value.

For registries and governance bodies, the lesson is that enterprise supply will not be bullied into liquidity. It will emerge when holders trust the rules. The more registries expand into discretionary control over commercial choices, the more cautious enterprises become. The more they preserve accurate records, process legitimate changes, prevent fraud and stay out of capital-allocation decisions, the easier it becomes for dormant supply to move. Liquidity is not created by moral pressure. It is created by confidence that a transaction will be recognized and that running networks will not be damaged by administrative ambition.

The boardroom scene therefore ends without a simple answer. The network executive is right to protect continuity. The treasurer is right to see value. The lawyer is right to demand evidence. The compliance officer is right to worry about exposure. The business unit is right to ask for flexibility. The mistake would be to let the old administrative category decide the future. A legacy IPv4 block is no longer mere residue. It is an option on scarcity, continuity and institutional trust. AFRINIC's recent history shows what happens when that trust is strained. Enterprise holders will unlock supply only when the record is strong enough, and modest enough, to let capital move.