The customer-risk team did not begin with ideology. It began with an IP address.

A bank's fraud unit had seen a burst of account-opening attempts from a small range of IPv4 addresses. The traffic was not enough to justify blocking an entire network. It was enough to ask a simpler question: who is behind this resource, and who can be contacted without waiting for a private introduction? One analyst ran an RDAP query. Another checked the older WHOIS output because the bank's internal tools still parsed that format. The security team looked for the organisation name, resource status, abuse mailbox, administrative contact, technical contact, associated ASN information, and the dates that suggested whether the record had been recently changed or left untouched for years.

The lookup produced something useful, but not something complete. It named a resource holder. It showed a path for contact. It gave enough public evidence to decide whether the case belonged in an abuse queue, a vendor-risk file, a law-enforcement referral, a customer inquiry, or a commercial discussion with an upstream provider. But it did not say whether the listed role mailbox was watched. It did not explain whether the block was being used by the holder, a lessee, a downstream customer, a reseller, or an actor who had obtained operational access through a chain of contracts the public record did not show. It did not say whether the party named in the record was financially healthy, under dispute, controlled by the same people who operated the traffic, or subject to a court order. It did not say whether AFRINIC, the registry whose record was being queried, was itself in a normal governance state.

That ambiguity is not a defect in the bank's process. It is the economic condition under which public registration data now operates. RDAP and WHOIS are not merely technical interfaces. They are market interfaces. A stranger runs a query and then decides whether to trust, contact, price, sue, route around, investigate, insure, lend to, lease from, transfer with, blacklist, whitelist, escalate or ignore a resource holder. The interface does not settle every fact. It lowers the first cost of acting in a world where most internet infrastructure relationships are between parties that will never meet.

AFRINIC is a hard test of that function because the public record in its region has had to carry extraordinary institutional stress. The African Network Information Centre is the regional internet registry for Africa and parts of the Indian Ocean. Its public materials describe a Mauritian, nonprofit, member-based organisation that distributes and manages IPv4 addresses, IPv6 prefixes and autonomous system numbers, and that lists services including WHOIS, RDAP, reverse DNS, an Internet Routing Registry and RPKI. In a quiet registry those services look like a catalogue. In AFRINIC's recent history they look like points of reliance exposed to scarcity, litigation, receivership, board legitimacy disputes, address-record corruption reporting, transfer and leasing pressure, and questions about whether a court or a new board can preserve continuity without freezing the public record into uselessness.

The subject here is narrower than the full AFRINIC crisis and narrower than the accuracy of every database field. It is not mainly about whether the underlying facts in the registry are true, although truth matters. It is not about cryptographic route-origin trust, although RPKI depends on the same recognition layer. It is not about reverse-DNS naming continuity, although reverse DNS turns records into another operational signal. It is not about the separate policy economics of abuse response, although abuse desks are among the public record's heaviest users. The question is how RDAP, WHOIS and public registration data become economic infrastructure when strangers need a legible record under institutional stress.

The lookup turns registry data into a market interface

A regional internet registry is legally small compared with the markets that depend on it. AFRINIC is incorporated in Mauritius. Many of the users of an AFRINIC record are not in Mauritius, are not AFRINIC members, and may not know the names of the people who sit on its board. They are banks, hosting customers, security vendors, cloud buyers, law firms, transit providers, corporate acquirers, universities, public-sector networks, transfer brokers, insurers, abuse desks and courts. Their point of contact with the registry is often not a meeting, a policy list or a member portal. It is a query.

That query is an economic act. If the public record shows a coherent holder, reachable role contacts, a plausible status, and no visible warning signs, the stranger can proceed with lower caution. If it shows stale contacts, odd geography, unclear delegation, a holder whose authority is disputed, or a record that does not fit the traffic being observed, the stranger adds friction. Friction may mean a lower transfer price, a bigger escrow holdback, a slower abuse escalation, a stricter customer review, an extra contractual warranty, a higher insurance premium, a manual routing exception, or a decision not to do business.

This is why the public record cannot be understood only as a transparency device. Transparency is part of it, but the market function is sharper. RDAP and WHOIS provide a common first answer to the question: what does the recognised registry say? That answer is not the same as a court judgment, a title deed, a certificate of good behaviour or a proof that every packet using the address is lawful. It is a starting point that strangers can use without joining a private correspondence chain. It makes number resources legible enough for decentralised decisions.

In the old allocation economy, such legibility mattered but carried less value. A wrong contact could delay troubleshooting. A stale organisation name could irritate a security researcher. An old assignment could make an operator's records messy. In the scarcity economy, the same public fields can support millions of dollars of reliance. IPv4 addresses are scarce and still needed for compatibility with the existing internet. They are leased, transferred, financed, bundled into hosting products, attached to customer contracts, screened by reputation systems, and examined by buyers trying to distinguish a usable asset from a litigation file. Public record ambiguity therefore has a price.

AFRINIC makes the point visible because so many questions that usually sit behind the lookup have become public. Who is the holder? What if the holder leases? What if use occurs outside the original region or business plan? What if a court freezes the registry's bank accounts? What if a receiver preserves the organisation but elections are contested? The public query does not answer all of these questions, but it is where the market first feels them.

The public record is therefore not a soft public-relations matter. It is an interface between registry law and ordinary economic action. When it works, strangers can act without asking permission from the registry for every judgement. When it fails, the registry's uncertainty spreads outward into markets that were trying to use the record precisely to avoid uncertainty.

RDAP and Whois create reliance before they settle doubt

WHOIS is old internet infrastructure. It is text-oriented, loose, familiar and deeply embedded in the tools and habits of network operators. RDAP is the modern registration data access protocol, built around HTTP and structured responses that machines can parse more reliably. The difference matters for software, access control, internationalisation, redirection, rate limits and automation. It matters for banks, vendors and security teams that want records to flow into risk systems without fragile screen scraping. It matters for registries that want a cleaner way to publish registration data than the old WHOIS habits allowed.

But the economic question is not simply which interface is more modern. The deeper question is what public proof the interface carries. A record may be delivered as text or structured data; if it tells strangers only that a name exists somewhere in a registry database, the market still asks what that name means. Is the organisation the formal holder, the operational user, the sponsoring LIR, a customer, a lease intermediary, a successor after a merger, a company whose record is being contested, or a party whose authority is being reconstructed? Does a contact have power to change the record, or only to receive mail? Does an abuse mailbox show responsibility, reachability, a role account, or a trap for complaints that no one reads? Does a status field distinguish active, disputed, frozen, transfer-pending, court-restrained, update-restricted or historically preserved?

RDAP can make these distinctions easier to expose, but it cannot force an institution to expose them. WHOIS can be crude, but a crude record that tells the market a clear dispute status may be more valuable than a beautiful RDAP response that hides the same dispute behind generic status. Format improves the cost of consuming data; governance determines the meaning of the data consumed.

This is why the public record is both indispensable and insufficient. It is indispensable because strangers need a common reference. An abuse analyst cannot wait for a private registry letter before sending a report. A transfer buyer cannot price a block without checking who appears in the public record. A court clerk cannot understand an emergency injunction over number resources without knowing what the registry shows today. A customer-risk team cannot decide whether to treat traffic as ordinary hosting, compromised infrastructure or a shadow customer without knowing the record's first answer. The market needs a queryable surface.

It is insufficient because the record has to compress more reality than it can safely reveal. Publishing every private contract, customer list, identity document, due-diligence file, correspondence thread, legal opinion, credential history and dispute memo would harm privacy, security and commercial confidentiality. Hiding every uncertainty would harm reliance. The public record must therefore perform a difficult editorial function: it must reveal enough to let strangers make rational decisions while withholding enough to prevent the registry from becoming a public dossier system.

AFRINIC's own policy environment shows this tension. Its policy manual requires public registration for ASNs in the AFRINIC WHOIS database, including administrative and technical contacts and updates when information changes. Its abuse-contact policy describes a dedicated object referenced in inetnum, inet6num and aut-num records, with an email field for personal communication and an abuse mailbox for automatic report handling, and says the object should be accessible through the WHOIS protocol. Its reverse-DNS rules link delegations to assignments or sub-allocations registered in the AFRINIC database. These are not mere website features. They are policy acknowledgements that registration data is part of how the system works.

The manual also reveals the limit. The abuse-contact section itself notes that the object will face the same data accuracy problem as other objects and that the policy is aimed at providing a place for abuse information, not automatically improving database accuracy. That is a candid institutional admission. Publication creates a channel; it does not guarantee that the channel is alive, properly staffed, legally responsible or sufficient for every complaint. A public record that confuses channel with answer will disappoint its users. A public record that refuses to publish channels will make the entire market more expensive.

The problem is therefore not solved by calling for "more transparency" in the abstract. The right question is: which public facts lower the cost of legitimate reliance without exposing private material or turning the registry into a general investigator? For AFRINIC, the answer begins with holder identity, resource range, recognised status, relevant contacts, abuse reachability, dates, update authority, transfer or dispute state, service consequences, and evidence that the record belongs to a controlled process rather than an improvisation. The answer also includes negative information: when the registry cannot say more, it should say clearly what kind of uncertainty exists.

Public proof is most valuable when it is humble. It should not pretend that one query proves ownership, innocence or compliance. It should tell strangers where the recognised record stands, what limits apply, and which next institution they must approach if the record is not enough. That modesty is what makes the record economically powerful.

Institutional stress changes what AFRINIC's public record must carry

AFRINIC would be a useful case even if it were quiet, because it serves a region where internet growth, IPv4 scarcity, cross-border business, small-operator dependence and infrastructure finance all meet. It is more revealing because it has not been quiet. Public reporting has turned the registry itself into part of the diligence file.

The facts should be separated carefully. AFRINIC is formally the RIR for Africa and parts of the Indian Ocean. Its public pages describe a mission of distributing and managing critical internet number resources, including IPv4, IPv6 and ASNs, and list services such as WHOIS, RDAP, reverse DNS, IRR and RPKI. Its exhaustion materials say it entered Soft Landing Phase 1 on March 31st 2017 and Phase 2 on January 13th 2020. In Phase 2, the maximum IPv4 allocation or assignment is /22 and the minimum is /24. In 2026, The Register reported an AFRINIC executive as saying the organisation still had 773,376 unallocated IPv4 addresses and wanted the pool to reach zero so the conversation could move to IPv6. These official and reported facts show a registry operating at the intersection of scarcity and transition.

Around that operational role sits a troubled institutional record. KrebsOnSecurity reported in 2019 on allegations that valuable African IPv4 blocks associated with dormant or defunct organisations had been altered or moved through companies linked to a senior AFRINIC figure, with researcher Ron Guilmette estimating the affected addresses at more than US$50m in market value. AFRINIC's then chief executive said the organisation was investigating. The report should not be treated as a final judicial account of every named person. It should be treated as evidence that weak public records and internal change authority can become economically valuable targets once IPv4 has a market price.

The Internet Governance Project reported in 2021 that AFRINIC's dispute with Cloud Innovation involved millions of IPv4 numbers, accusations about use outside the region or outside original purposes, and a threat by AFRINIC to terminate Cloud Innovation's registration service agreement and reclaim resources. Cloud Innovation contested the position and took legal action. IGP also reported that a Mauritius court order provisionally froze up to US$50m in AFRINIC bank accounts, a remedy it considered disproportionate before detailed evidence had been heard. Again, the lesson is not that one side's theory must be adopted in full. The lesson is that the public registry record had become connected to business survival, legal remedies and market valuation.

The governance layer then became public. The Number Resource Organization said in September 2023 that the Supreme Court of Mauritius had appointed an official receiver, with a role including preservation of the status quo, board elections and the appointment of a chief executive. It described staff continuity and continuing registry services as important. The Register later reported that AFRINIC had been unable to elect board members since 2022, that the June 2025 election was suspended and annulled after allegations involving powers of attorney and voter documentation, and that a later election in September 2025 produced directors but left legal and institutional risks unresolved. In 2026, The Register reported AFRINIC's claim that litigation and procedural roadblocks were trying to paralyse it, and Cloud Innovation's response that the structural issue was high-consequence registry power disconnected from matching liability.

This background matters for RDAP and WHOIS because the public record does not float above the institution. It is issued by it. When a stranger runs a query against AFRINIC data, the stranger is not only asking what the database says. The stranger is asking whether the institution behind the database can maintain the record, process changes, classify disputes, protect contacts, handle elections, preserve systems under receivership, and avoid using public-record status as leverage in broader conflicts.

The public record is the place where recovery can be made visible. A registry can say it is back on track. Markets will look at whether RDAP and WHOIS records show current contacts, clear status, predictable changes, visible dispute markers, durable transfer records and service continuity. The public record is not the whole institution, but it is where outsiders encounter the institution's discipline.

Scarce IPv4 made queryable registration data part of price discovery

IPv4 scarcity changed the economic meaning of public registration data. In a world of abundant supply, a registry record helped coordination and troubleshooting. In a world of scarcity, it helps price an asset-like operating input. The address still functions technically as an identifier. What changed is the cost of replacing it and the value of proving control over it.

The Internet Governance Project's 2021 AFRINIC analysis put numbers to the transition. It noted that IPv4 addresses had become a transfer-market good, with prices rising from about US$8 per address in 2017 to about US$30 at the time of its article. It described a /16, roughly 64,000 addresses, as worth about US$2m at those prices. It also emphasised that AFRINIC had historically held only a small share of global IPv4 space, making the fight over African allocation and use partly a fight over scarcity and arbitrage. Whether one accepts every policy conclusion in that analysis or not, the price signal is central. Once a public record names a holder of scarce numbers, it is no longer just a clerical label.

Price discovery begins with a query. A buyer considering an AFRINIC-administered block wants to know whether the seller is the recognised holder. A broker wants to know whether the block is clean enough to market. A lessor wants to know whether the holder can maintain contacts and service continuity for customers. A lender wants to know whether address-supported revenue can survive a registry dispute. A customer wants to know whether a hosting provider controls the addresses it claims. A court wants to know what present state it is being asked to preserve. These questions are not answered by the binary form of the address. They are answered by public and private proof, with RDAP and WHOIS as the first public layer.

The market distinguishes an address count from a legible address count. A /24 with a clear holder, current role contacts, no dispute flag, clean transfer history, stable abuse mailbox and predictable public status is not the same good as a /24 with a dead organisation name, a mailbox that bounces, an old contact, uncertain leasing arrangements and a rumour of litigation. Both blocks contain 256 addresses. They do not contain the same settlement quality. The difference shows up in escrow, warranties, discounts, indemnities, transaction delays and customer risk reviews.

AFRINIC's scarcity context makes this sharper. The exhaustion page describes a progression from Phase 1 to Phase 2, limited remaining allocations and procedures for request handling. It says requests are processed through tickets and evaluated under policy criteria, including compliance checks and utilisation standards. The free-pool process therefore operates under scarcity discipline, while the secondary market and leasing market operate under commercial pressure. The public record links the two worlds. It shows who received or holds resources under registry policy, while the market asks what those resources can do now. The registry may dislike some market behaviour, restrict transfers, dispute regional use or reject the idea that addresses are ordinary property. Those are policy debates. They do not remove the need for public legibility. When movement is constrained, every public clue about status, eligibility and dispute state matters more.

The public record also affects liquidity. Liquidity is not just the existence of buyers and sellers. It is the ability to close transactions with manageable uncertainty. A buyer who cannot rely on a public record must spend more on private investigation. A seller with a messy record must offer a lower price or stronger indemnity. A lessor whose lessee cannot be recorded may charge more to cover abuse and reputation risk. A bank that cannot interpret a holder's public status may refuse to treat the revenue as financeable. The cost of ambiguity is paid by whoever has less bargaining power, often smaller operators and customers.

Scarcity also makes stale records dangerous in a new way. A stale contact in an abundant era might be a maintenance issue. A stale contact in a scarcity era can be a hidden claim. A defunct company name might conceal unreviewed corporate succession. A historical update might have moved valuable resources without clear authority. An unrecorded customer delegation might create abuse and reputation costs. A public record that says too little forces strangers to fill gaps with suspicion. Suspicion then becomes a market tax.

The goal of RDAP and WHOIS in this economy is not to display every commercial fact. It is to make the recognised registry state sufficiently legible that markets can price real risk rather than mythology. That requires fields and practices that distinguish clean recognition, pending change, dispute, authority verification, contact failure, service restriction and court restraint. Without such distinctions, every unclear AFRINIC record trades at the price of the worst story a counterparty can imagine.

The Cloud Innovation dispute turned a public lookup into a litigation surface

Cloud Innovation matters to the public-record question because it shows how a registry lookup can become the visible edge of a much larger dispute. The public can query a block and see a holder. Behind that holder may sit millions of addresses, customer contracts, leasing arrangements, service agreements, regional-use arguments, policy interpretations, court filings and allegations about institutional overreach. The record is the place where that complexity first becomes actionable to strangers.

IGP's 2021 account reported that Cloud Innovation, registered in the Seychelles, received rights to nearly 7m IPv4 numbers from AFRINIC around 2016 and built a leasing business around them. It reported AFRINIC's concerns about discrepancies between registered usage descriptions and the countries where resources were actually being used, inconsistency between original need and actual utilisation, and an interpretation of AFRINIC bylaws requiring services to originate in the region. AFRINIC, according to that account, asked for additional information and later asserted discretion to terminate Cloud Innovation's service agreement and reclaim resources. Cloud Innovation objected that address use changes over time and that asking the registry for approval of ordinary customer and service changes would make it an intrusive regulator of network operations.

For RDAP and WHOIS, the fight highlights a basic distinction. A public record can identify the recognised holder of a resource. It can identify contacts. It can expose status. It can show enough information for abuse, diligence and coordination. But it cannot by itself resolve whether a business model is proper, whether out-of-region customer use violates a contract, whether a historical allocation purpose should bind later commercial evolution, or what remedy is proportionate if the registry and holder disagree. If the registry tries to make the public record carry all of those judgments, the record becomes a battlefield rather than a legibility layer.

That does not mean AFRINIC had no legitimate concern. A registry must be able to ask whether records match reality. It must be able to investigate fraud, false documentation, abandoned resources, compromised accounts, duplicate claims and misleading contact data. If a public record says one thing while reality is different, outsiders relying on the record are exposed. The question is where record correction ends and economic control begins.

Cloud Innovation's case made that boundary commercially visible. If a query shows Cloud Innovation or a related entity as holder, what should a stranger infer? That the company is the recognised holder? That the resources are under dispute? That certain uses are contested by AFRINIC? That customers may face continuity risk? That the registry's position is not a final court decision? That a transfer, lease or public claim tied to the resource requires extra caution? A public record that cannot express these distinctions leaves markets with two bad options: treat the record as clean when it is not, or treat every record associated with conflict as toxic when some uses may be lawful and operationally stable.

The later litigation magnified the public-record problem. IGP reported the provisional freeze of up to US$50m in AFRINIC bank accounts in 2021. The Register reported continuing disputes, including AFRINIC's 2026 claim that Cloud Innovation, Larus and associated campaigns were trying to paralyse the registry, and Cloud Innovation's argument that the structural problem was high-consequence registry power without matching liability. The Register also reported Cloud Innovation's 2025 move to seek winding up of AFRINIC after an annulled election, and ICANN's later intervention in the winding-up proceedings to argue that numbering resources administered through AFRINIC should not be treated as corporate assets available for distribution.

These episodes are not simply institutional drama. They affect how strangers read the public record. A buyer of AFRINIC-administered resources cannot ignore the possibility that a dispute about holder status, resource use or registry continuity might alter the transaction. An abuse desk looking at a block cannot assume the public holder is the operational user. A court looking at AFRINIC cannot assume a corporate liquidation would resemble the winding up of an ordinary company with ordinary assets. A customer evaluating a lessor cannot ignore whether the lessor's registry relationship is stable enough to maintain contacts and service state.

The useful public-record response is not to publish a polemic beside every queried resource. It is to expose status precisely. Is there a dispute affecting the resource? Is the dispute about holder identity, usage policy, transfer eligibility, billing, fraud, court restraint or governance? Are existing services preserved? Are updates limited? Is a transfer pending or blocked? Is the registry preserving last verified state while a court acts? Are contacts validated? Is there an independent route to correct the record? Such information lets strangers price the specific risk, not merely the name of the party.

Cloud Innovation also shows why the public record must not be used as a stigma system. If a record is marked disputed, that should mean a defined process and evidence threshold exist. It should not mean the registry dislikes the holder. If a resource is update-restricted, the restriction should be tied to a reason and a review path. If a public field shows a role contact or abuse mailbox, it should not imply that the party has accepted liability for every downstream customer. The more the record is used for labels, the more important the label discipline becomes.

The litigation surface is unavoidable. Valuable resources produce disputes. The design task is to prevent disputes from making the public record either silent or theatrical. It must remain useful under pressure.

Record-corruption reporting shows why strangers demand queryable proof

The 2019 address-record corruption reporting matters to RDAP and WHOIS because it explains why public proof is demanded in the first place. A registry record is valuable because outsiders do not have time or authority to reconstruct every historical allocation. If the record can be altered improperly, the market loses its cheapest proof layer.

KrebsOnSecurity reported that a long-running investigation by Ron Guilmette had found African IPv4 blocks associated with dormant or defunct organisations somehow in the hands of other parties, and that companies linked to Ernest Byaruhanga, an early AFRINIC employee and policy coordinator, appeared to have been involved in selling African IP address blocks. The report said Byaruhanga did not respond to requests for comment and had resigned after news of the allegations surfaced. It quoted AFRINIC chief executive Eddy Kayihura saying the organisation was aware of the allegations and investigating. It also described historic WHOIS evidence and public records as part of how the suspected movements were traced.

This episode should be handled with care. Public reporting is not a substitute for a court record. But for institutional economics, the episode is decisive even without converting it into a final verdict. It shows that when IPv4 has a market price, the public registration record becomes a custody instrument. There is no physical address to seize. The value lies in recognised control, and recognised control is expressed through registry records, contact objects, allocation history and public lookup trails.

The market response to such reporting is rational. Buyers ask for more proof. Abuse desks distrust stale contacts. Security researchers compare historic WHOIS snapshots. Operators look for inconsistencies between routing, public records and customer claims. Courts become wary of treating public entries as self-proving without understanding how they were changed. Registry staff are pushed to tighten access controls and audit logs. The public record becomes more important, not less, because it is the common evidence surface through which suspicious changes can be found.

The paradox is that corruption repair can itself create public-record uncertainty. After a scandal, a registry may audit records, ask holders for documents, place resources under review, restrict updates or correct names. Some of that is necessary. If it is not bounded, it can make every valuable record look provisional. A buyer then asks: could this block be reopened because of some old allocation defect? A lessor asks: will a customer delegation be treated as evidence of misuse? An operator asks: if a contact is wrong, can it be corrected without triggering a broader review? The public record has to show repair without turning repair into permanent fear.

RDAP and WHOIS can help by carrying evidence of process, not every piece of evidence itself. They can show last changed dates, status categories, dispute markers, contact validation state, resource type and relationship objects. They can give links or references to public policy conditions. They can reveal when a record is under a defined hold and when the hold expires or must be reviewed. They can distinguish a proven fraud hold from a routine contact update. They can show that historical information is archived and that corrections leave a trail.

They should not expose personal identity documents, private correspondence, customer lists or sensitive contracts. Nor should they hide everything behind privacy. The economic value lies between those extremes. Public records should reveal the state of authority, not the whole file behind authority. A market can tolerate that a registry holds private proof if the public state is clear, reviewable and not arbitrary.

The corruption episode also shows why old WHOIS data remains valuable even as RDAP improves the interface. Historical WHOIS records, third-party archives and public discussion helped researchers track changes. That does not mean every old snapshot is accurate. It means the market needs continuity of record history. A public record that can change without durable public or auditable traces invites both fraud and suspicion. In scarce IPv4 markets, suspicion has a price.

AFRINIC's recovery should therefore treat public-query history as institutional evidence. When a record changes, the market should be able to see enough to know that a recognised process occurred. When a record is corrected, the prior state should not vanish into memory. When a record is disputed, the public should know the current reliance state. Queryable proof is not a luxury. It is how a registry proves that its own database has not become a private market for insiders.

Receivership and election stress made member identity a public-record question

Membership files and public number-resource records look like different systems. In a crisis, they converge. If the registry cannot reliably determine who may vote for a member, who may appoint a proxy, who may sit on a nomination process, or who may be treated as a registered member under corporate law, counterparties will wonder how reliably the institution verifies who may update a resource record, transfer a block, change contacts, control reverse DNS, or speak for an ASN.

The Register's 2025 reporting made this connection visible. AFRINIC had reportedly operated without a board since 2022. A receiver arranged elections. In April 2025, The Register reported warnings about potential interference and concerns that entities obtaining multiple member credentials could manipulate voting. In June 2025, voting was suspended shortly before the in-person period ended because of questions about powers of attorney or powers given by members to delegates. ISPA South Africa alleged that authorised representatives of resource holders had found votes or powers of attorney submitted on their behalf without valid authority; AFStar also alleged fraudulent powers of attorney. The receiver annulled the election after concerns about voter documentation. AFRINIC did not immediately provide the level of explanation ICANN and others sought, according to The Register.

These allegations should not be inflated into a final finding about every vote. But they show why authority documents matter. A power of attorney, a corporate representative letter, a portal credential, a role contact and a voting delegate are not the same thing. If public systems or internal processes blur them, the risk spreads. A person authorised to receive notices may not be authorised to sell a block. A person authorised to vote may not be authorised to update RDAP data. A lawyer authorised for litigation may not be the network operator responsible for technical contact. A customer using a leased block may need public operational contactability without becoming the recognised holder. Public records that flatten these distinctions create ambiguity.

The June 2025 court episode over Cloud Innovation's status also exposed membership classification as a market issue. The Internet Governance Project reported that Cloud Innovation had been added as a registered member in Mauritian corporate documents, that challengers feared implications for control, and that the court described the classification as erroneous and not attributable in the way critics feared. The Register later reported broader debate about the relationship between AFRINIC resource members and registered members under Mauritian law. That is corporate law, but it matters to number-resource markets because the board and member structure control the institution that publishes the record.

For RDAP and WHOIS, the lesson is authority granularity. Public records should distinguish recognised holder, administrative contact, technical contact, abuse contact, sponsoring member or LIR, operational contact, delegated user where relevant, and dispute or court status. The record should not imply that every contact can bind the holder. Nor should it conceal the path by which a stranger can reach the right role. Markets need enough role clarity to know whether the person they are dealing with can actually do what they claim.

Receivership added another dimension. The NRO's 2023 statement said the receiver's role was to preserve the status quo of AFRINIC's assets, preserve the value of the business, oversee elections, facilitate a board and appoint a CEO. It also emphasised that members should keep receiving registry services and thanked staff for continued operations. That statement is useful as a factual exhibit, but the public-record question asks for more detail. During receivership, can an ordinary RDAP update proceed? Can a disputed holder change contacts? Are existing public records preserved? Are transfers paused? Are dispute markers added? Are public queries still reliable if the corporate board is absent? Who can classify the status of a record?

The public record does not need to explain every receivership order. It does need continuity modes. A record could show normal active state, receiver-preserved state, court-restrained state, transfer-pending state or dispute-isolated state. The precise terms can be designed carefully, but the idea matters. If the institution is under supervision, strangers should not have to infer from news reports whether a resource record is clean, frozen or merely being maintained.

AFRINIC's September 2025 board election and 2026 recovery claims are relevant in the same way. A board can restore budgets, management and strategic planning. The Register reported improved morale and plans for budget, action plan and 2027-2030 strategy. Good governance news may reduce risk. But markets will still test the public record. Has member authority been cleaned up? Are public records updated consistently? Are contacts validated? Are dispute histories visible enough? Are election and corporate issues isolated from resource services? The answer is measured in public-record behaviour.

The membership crisis therefore belongs inside the economics of RDAP and WHOIS. A public lookup is only as credible as the institution's ability to know who is authorised to stand behind it.

Privacy and security limits are real, but secrecy raises the ambiguity tax

Public registration data has always been pulled between two legitimate demands. Strangers need to know whom to contact and what status to trust. Resource holders and operators need protection against harassment, credential theft, surveillance, spam, commercial intelligence gathering, phishing, extortion and unnecessary exposure of private arrangements. The easy slogans on both sides are wrong. Publishing everything is reckless. Publishing too little is economically expensive.

The public record should not expose personal documents, private customer lists, full lease terms, passport numbers, legal advice, account-security details, unreleased investigation materials or sensitive commercial contracts. Such exposure would reduce willingness to update records and could create real security risks. Many operators work in jurisdictions where contact details can expose staff to pressure. Some abuse reports are themselves abusive. Some complainants use public data to threaten, scrape or harass. A registry that ignores these risks will get worse data because rational holders will minimise what they provide.

At the same time, secrecy has a price. If a public record hides the holder behind generic labels, gives no role contact, lacks status detail, and provides no reliable dates, every stranger must assume more risk. A buyer asks for more private warranties. A bank slows review. A security team blocks more broadly. A court must rely on competing affidavits. An abuse desk escalates to upstreams instead of the right operator. A small network gets misclassified because the public record gives no way to distinguish it from a reseller chain or a compromised host. Secrecy shifts cost from the record holder to everyone trying to make a decision.

The best solution is not maximal disclosure but structured disclosure. Publish organisation-level holder identity where the holder is an organisation. Publish role contacts rather than personal details where appropriate. Publish abuse contact reachability and validation state without judging the substance of abuse handling. Publish status categories and dates. Publish whether a record is disputed, transfer-pending, update-restricted or court-restrained, without publishing every allegation. Publish which public services are affected. Provide privacy-safe links to policy reasons. Preserve private evidence for review.

RDAP is useful because structured data can support this middle ground. It can separate entities, roles, remarks, events, status values and links more cleanly than old WHOIS output often did. It can make automated tools consume public status without scraping free text. But the institution must choose meaningful categories. If status fields are generic or remarks are vague, structured opacity is still opacity.

AFRINIC's case illustrates why the privacy-friction tradeoff is not theoretical. In the Cloud Innovation dispute, AFRINIC reportedly asked for detailed information about use, services and countries of service origin. Cloud Innovation objected that disclosing customer use would be intrusive and unnecessary. The market can understand both sides. A registry that cannot verify whether records reflect real use is vulnerable to manipulation. A holder that must expose customer and commercial data whenever a business model changes may face competitive and privacy harm. The public record should not require a choice between blindness and overreach.

The middle path is to record responsibility, not every customer. A holder can remain the recognised registry counterpart. An operational contact can be identified for a delegated range where appropriate. An abuse mailbox can be shown. A delegated or leased status can be recorded without publishing the lease price or every customer identity. A conflict flag can show that a claim is being reviewed. A court restraint can be marked without reproducing pleadings. A transfer status can show pending or complete without revealing confidential commercial terms.

This design reduces the ambiguity tax. Counterparties do not need to know every private fact to make better decisions. They need to know whether the public record is hiding a known uncertainty. The most dangerous record is not a record that admits doubt. It is a record that appears clean while everyone inside the process knows the reliance state is contested.

Privacy is therefore not an argument against public-record economics. It is a design constraint. A high-quality registry protects sensitive evidence while exposing public reliance states. AFRINIC's public record should be judged by that standard.

Abuse desks and law-enforcement teams need contactability without turning contact into punishment

Abuse desks are among the most frequent users of public registration data, but they need a bounded kind of help. They need to know where to send reports, how to reach a responsible role, which operator or holder is publicly associated with the resource, and whether the record gives enough context to avoid misdirecting the complaint. They do not need the registry to become a universal abuse court.

AFRINIC's policy manual recognises the contactability problem. It describes an abuse-contact object referenced by inetnum, inet6num and aut-num objects, with an email attribute for personal communication and an abuse mailbox for automatic report handling. It says the object provides a more accurate and efficient way for abuse reports to reach the correct network contact and that complaints should not be sent to the wrong contact any more. It also candidly notes that the object will face the same data accuracy problem as existing objects and will not itself improve database accuracy. Those statements are useful because they define the public-record function: reachability, not adjudication.

The distinction matters. Abuse is not one category. Spam, malware, phishing, scanning, botnet command traffic, copyright claims, fraud, harassment, child-safety reports, state requests, contract complaints, compromised customers and mistaken automated reports involve different laws, evidence standards and remedies. A registry can publish a door. It cannot decide everything that happens inside the building. If it tries, it will either fail operationally or become a dangerous enforcement body.

For public-record economics, the valuable field is a reliable contact with clear status. Does the mailbox exist? Was it recently validated? Is it inherited from a parent object or assigned to a specific resource? Is there a technical contact distinct from the abuse mailbox? Is the holder in a state where updates are possible? Is the resource under dispute? If a report bounces, where can failure be recorded? These are registry questions. They help abuse desks and law-enforcement teams route reports efficiently.

The dangerous move is to turn contact failure into resource impairment without a narrow process. A bouncing mailbox may mean neglect. It may also mean spam filtering, provider failure, a merger, a staff change, language mismatch, a temporary outage or aggressive automated reporting that triggered blocks. Treating every contact failure as evidence of bad faith would create false positives. Treating repeated failure as irrelevant would make the public record useless. The proportionate response is notice, cure period, public or internal validation flag, and support needed to fix the record. Severe actions should require a different threshold: fraud, abandonment, duplicate claim, court order or clear security necessity.

The central issue here is not the cost of abuse handling or the policy burden of responding to complaints. It is the public record as a routing table for responsibility. A mailbox in RDAP or WHOIS is not justice. It is a way to lower the first cost of reaching the party that may know what is happening.

AFRINIC's governance stress makes this function more important. If a registry is under litigation or recovering from board paralysis, abuse desks cannot wait for institutional normalcy. They need the current public record to work. If a holder is in dispute, abuse reports still need a responsible channel. If a block is leased, reports may need both the holder and operational user, or at least a holder who can route reports privately. If a transfer is pending, there should be continuity of contact so complaints do not fall into the gap between seller and buyer.

Law-enforcement contact raises the stakes. Public registration data may help an investigator identify whom to subpoena, ask or warn. It should not expose private documents to every member of the public. But it should make the publicly responsible organisation legible enough that lawful process can find the right starting point. A public record that hides or confuses responsibility makes enforcement more intrusive, because investigators will broaden requests to upstreams, hosting providers, banks or registries. A clear public record can narrow intervention.

The economic effect is reputational. Resource holders with reliable public contacts look less risky. Networks with stale or evasive contacts attract harsher treatment from customers and security vendors. A region whose registry records make contactability difficult may see broader blocks, more false positives and lower confidence in address space. Contactability is therefore not a compliance ornament. It is a market signal. AFRINIC should make it accurate, visible and bounded.

Transfer buyers and leasing markets need fields that disclose status, delegation and uncertainty

IPv4 transfers and leasing arrangements are where RDAP and WHOIS become transaction infrastructure. A transfer buyer does not rely on public records alone, but it begins there. A lessee may not have a registry account, but its customers and counterparties will still query the address. A broker may keep commercial terms private, but it cannot make a block liquid if the public record leaves everyone unsure who is recognised.

The public record has to answer several transaction questions without becoming the transaction contract. Who is the recognised holder? Is the resource transferable under current policy? Is there a dispute or hold? Are contacts current? Are there downstream assignments or delegated operational contacts? Is the holder in good standing for registry services? Are reverse DNS and RPKI service states preserved? Are there known court restraints? Has the transfer completed, or is the buyer still relying on private documents? These are not exotic questions. They are the ordinary checklist of scarce-resource diligence.

AFRINIC's policy environment and dispute history make the checklist unusually important. The IGP account of Cloud Innovation describes a business based on leasing millions of IPv4 addresses. The Register has reported continuing conflict over leasing, transfer, commercialisation and claims about whether courts have approved or not approved certain structures. AFRINIC has argued that IP addresses are not owned as traditional property and has adopted policy positions that can restrict certain transfers outside the region. Cloud Innovation and related parties have argued that IPv4 addresses have become scarce economic resources and that registry power over them requires stronger limits. A transfer buyer reading the public record does not need to resolve this entire debate. It needs to know what the current registry state is.

Leasing creates a particular public-record problem because formal holder and operational user can separate. That separation is not automatically abusive. A cloud platform, hosting company, enterprise customer, security service or regional provider may use address space through a commercial arrangement with a holder. The holder may remain responsible to the registry. The operational user may be the party whose servers generate abuse reports, need contactability, require route authorisation, or manage customer reputation. If the public record shows only the holder, strangers may misdirect reports or misprice risk. If it exposes every lessee and customer, privacy and commercial harm may follow. The record needs a middle category.

That category could be operational delegation, customer contact, leased-use contact, delegated abuse role, or another carefully designed status. The exact label is less important than the principle. The public record should be able to say that recognised control remains with one entity while operational contact for a specific range or service sits elsewhere. It should state whether the delegated contact is voluntary, required, validated, inherited or disputed. It should not turn the existence of delegation into a presumption of misconduct.

Transfer records need similar nuance. A transfer can be clean, pending, rejected, disputed, court-restrained, awaiting documents, held for fraud review, awaiting payment, or completed with service transition pending. If public records expose none of this, markets rely on rumours. If public records expose too much, private negotiation becomes impossible. A status taxonomy lowers cost because each category has known consequences. A pending document request is not the same as a fraud hold. A court restraint is not the same as a missing role email. A policy denial is not the same as a competing ownership claim.

AFRINIC's history shows why the distinction is not academic. The Cloud Innovation dispute involved allegations about usage, region and service agreements rather than simple proof that the holder never existed. The 2019 record-corruption reporting involved concerns about authority and improper movement of dormant resources. Election and membership disputes involved powers of attorney and corporate status. Each problem requires a different public status. A one-word label such as "disputed" may be a start, but mature markets need enough specificity to know whether the issue can be cured by documents, must be decided by a court, or should not affect ordinary operational contacts.

Leasing markets also need stable public contacts because customers care about continuity. A lessee buying address capacity as an operating expense wants to know that abuse contacts, route-related records and reverse-DNS arrangements will not vanish if the holder enters a registry dispute. A customer of the lessee wants to know where to send security or deliverability issues. A transfer buyer wants to know whether existing lessee relationships create claims or reputational baggage. Public records cannot replace contract diligence, but they can make diligence cheaper and more honest.

The registry benefits too. If AFRINIC provides legitimate ways to record delegation, more reality appears in the public record. If it treats delegation as inherently suspicious, holders and users will keep arrangements private, and the public record will become less accurate. A registry that wants reliable RDAP and WHOIS data should make truthful disclosure safer than concealment.

Courts and receivers need a live record, not a frozen museum

Courts encounter number resources when disputes become urgent. A litigant asks for an injunction. A receiver is appointed. A bank account is frozen. A winding-up application is filed. A corporate member status is questioned. A registry tells the court that its role is not that of an ordinary company. The court then has to understand a technical public record that is also an economic reliance system.

The risk is freezing the record in the name of preserving it. Preservation is necessary when authority is disputed. If one party claims a block should be reclaimed, another claims it should remain with the holder, and a court has not decided the merits, the registry should not casually change the record. But a frozen public record can become harmful if it blocks legitimate contact updates, security corrections, abuse-mailbox repairs, transfer status notes, or dispute markers. A museum record is not a live registry. It tells the past while markets need the present.

The NRO's 2023 statement about AFRINIC receivership used preservation language: maintain status quo, preserve the value of the business, oversee elections, facilitate a proper board, appoint a CEO, and keep members receiving registry services. As a factual exhibit, this shows the RIR system recognised continuity as the immediate goal. The public-record question asks how status quo is translated into data state. Status quo of what? Holder recognition? Public contacts? Open transfers? Existing dispute flags? Staff authority to correct errors? Ability to publish RDAP and WHOIS? Ability to mark court restraints? Ability to add a new abuse mailbox when the old one fails?

Courts also need to avoid treating number resources as ordinary corporate assets. The Register reported in May 2026 that ICANN intervened in Cloud Innovation's attempt to wind up AFRINIC to argue that numbering resources allocated through AFRINIC are not assets of AFRINIC and should not be treated as assets available for distribution in a winding-up. That proposition is important as a continuity exhibit. But even if a court accepts that number resources are not distributable corporate property, it must still manage the public record that tells the world who is recognised. The record is not an asset ledger in the ordinary liquidation sense; it is a reliance ledger.

A receiver or court clerk may ask a practical question: what public data must remain queryable at all times? At minimum, holder and resource records, contact objects, status, historical event dates, dispute flags, and service states must continue. If changes are restrained, the public should know the restraint category. If a resource is subject to a court order, the order's practical effect on registry services should be described without overexposing legal papers. If an election or board gap affects policy but not routine record maintenance, the record should show routine services remain active.

This matters because markets punish silence. If a court order exists but public records say nothing, some counterparties will assume the worst. If a receiver preserves services but public data is not updated to show preservation, customers may still worry. If a transfer is delayed because of court restraint but the record only appears stale, the seller may look dishonest. Public status reduces collateral damage by turning legal uncertainty into a bounded category.

Receivership also requires role separation. The court can supervise the organisation. The receiver can preserve operations. Registry staff can maintain public records. Independent reviewers can handle adverse actions. The public record can expose state. These roles should not collapse. If every public-record update must become a court event, the registry fails as infrastructure. If every court concern is invisible to the public record, markets are misled. The correct design is a live record with controlled update authority and status clarity.

AFRINIC's case is an opportunity to define this architecture. Future registry crises will not look identical, but they will share the same problem: how to keep the public record alive when the institution behind it is under legal stress. The answer is not a frozen museum. It is a disciplined live register.

RDAP improves machine reliance only when the institution exposes meaningful states

RDAP should matter more in stressed registry environments because machines can consume it reliably. Banks can build risk systems around it. Security vendors can ingest status. Transfer platforms can check records. Abuse tools can route reports. Courts and researchers can automate snapshots. Structured data can reduce ambiguity and lower operational cost. But structure without meaningful state is only tidier ambiguity.

The old WHOIS world often relied on human interpretation. An analyst read a block of text, noticed remarks, compared dates, and inferred whether a record looked credible. That flexibility helped humans but hurt automation. RDAP offers a cleaner model: standardised objects, roles, events, links, notices and status. For a public-record economy, this should be a major advance. It can support consistent distinctions between holder, registrant, administrative contact, technical contact, abuse contact, sponsoring entity, related resource and historical event.

The challenge is that many of the states markets need are institutional rather than purely technical. A prefix can be active but disputed. A holder can be recognised but update-restricted. A contact can be published but unvalidated. A transfer can be pending with source authority verified but destination records incomplete. A resource can be court-restrained but operationally preserved. A record can be under fraud review but protected from unrelated service disruption. A resource can be leased with formal holder recognition intact and an operational contact supplied. If RDAP does not expose such states, automated reliance remains crude.

Meaningful states should be designed around reliance, not internal convenience. The user of the public record wants to know: can I contact someone? Can I rely on this holder identity? Are ordinary updates available? Is a dispute recorded? Does the dispute affect this resource or the institution generally? Are public services preserved? Is a transfer in progress? Are there role contacts for operational use? Are there warnings about privacy limits? What date was the state last confirmed? None of these require publishing secret evidence.

RDAP can also support provenance without overexposure. Event dates can show registration, last update, last contact validation, transfer completion or dispute-state change. Notices can explain public-record limitations. Links can point to public policy pages, terms of use and service-status information. Status values can indicate defined conditions. The record becomes a map of reliance rather than a dump of private data.

WHOIS will not disappear from practice quickly. Many legacy tools and operator habits still use it. AFRINIC should therefore treat RDAP and WHOIS as parallel public-record surfaces whose meanings must be consistent. If RDAP shows a status but WHOIS remarks omit it, users will compare and distrust. If WHOIS exposes a contact not present in RDAP, tools will diverge. If rate limits or access rules make one interface more useful than the other, market participants will route around the official preference. Consistency is part of reliability.

AFRINIC's public record should therefore be judged not only by uptime but by semantic usefulness. Can a machine distinguish active from disputed? Can a human understand the same distinction? Can market participants consume public status without guessing? RDAP gives the technical shape. Institutional design must supply the content.

The public record should mark uncertainty before markets invent rumours

Many institutions fear public uncertainty. They worry that marking a record as disputed, pending or restricted will lower confidence. In the short term, it may. In the long term, unexplained uncertainty is worse. Markets invent rumours when official records hide known ambiguity. Rumours are less precise, less fair and harder to correct than public status.

AFRINIC's recent history shows the danger. When elections are suspended without immediate detailed explanation, outsiders speculate. When powers of attorney are alleged to be fraudulent but the public does not see a full account, membership confidence suffers. When Cloud Innovation appears in corporate documents in a way later described as erroneous, observers ask what else is unclear. When a registry accuses litigants of paralysis and litigants accuse the registry model of structural overreach, public records become part of a wider credibility contest. Silence rarely preserves trust under such conditions.

The same logic applies at resource level. A resource under review should not look identical to an undisputed resource if the review affects reliance. A holder whose contact has failed validation should not be silently treated as ordinary if reports are being misdirected. A transfer blocked by a court order should not appear merely dormant. A record under fraud investigation should not be publicly condemned before evidence is tested, but neither should the market be invited to rely as if no issue exists. Controlled uncertainty is better than hidden uncertainty.

Good status design has three virtues: specificity, proportionality and cure. Specificity means the label tells users what kind of uncertainty exists. Proportionality means the label does not imply more than the evidence supports. Cure means the record or holder has a path back to clean status. A generic "problem" flag fails all three. A defined "contact validation failed; cure pending" flag is specific, limited and curable. A "court restraint; no transfer updates pending order" flag tells buyers what risk they face. A "competing authority claim; operational services preserved" flag prevents panic while admitting the issue.

Public uncertainty must also be scoped. A dispute over one resource should not taint unrelated resources. A dispute over one contact should not imply the holder is fraudulent. A governance crisis at AFRINIC should not make every AFRINIC record suspect if staff and systems remain functional. Conversely, a regional service status notice should not be hidden if the registry's governance or legal state affects all users. Scope is the difference between useful warning and reputational pollution.

This principle would help in leasing and transfer markets. If a block is leased, the public record could show operational delegation without revealing all terms. If a lease is disputed, the record could show a conflict state and preserve existing customer contacts until resolution. If a transfer is pending, the record could show that the holder remains recognised until completion. If a court order restrains only transfer, the record should not imply routing or contact services are invalid. Markets can price bounded facts.

The alternative is a private rumour market. Brokers whisper that a block is risky. Security vendors label ranges based on old data. Buyers demand discounts based on hearsay. Holders complain that the registry damaged value without a formal decision. Courts receive conflicting narratives. The public record, which should have reduced uncertainty, becomes irrelevant because it says too little.

AFRINIC can reduce this risk by using public status as an institutional discipline. Every adverse or uncertain label should require evidence, reason, date, scope and review. Every removal should leave an audit trail. Every status should be defined in public policy or terms. This protects holders because labels cannot be casually applied. It protects users because silence does not conceal material uncertainty. It protects the registry because it can show that it is not improvising.

The most trusted public records are not the ones that never admit trouble. They are the ones that admit trouble in a way that lets strangers act rationally.

A credible AFRINIC public-record compact

AFRINIC does not need to solve every governance dispute before improving the economics of RDAP, WHOIS and public registration data. It needs a compact that tells markets what the public record is for and how it behaves under stress. The compact would be less glamorous than institutional reform and more useful in daily reliance.

First, roles and states should be explicit. Public records should distinguish recognised holder, administrative contact, technical contact, abuse contact, sponsoring or parent relationship, operational delegation where provided, and public service state. They should also publish meaningful categories such as active, pending update, contact validation failed, dispute recorded, court restrained, transfer pending, update restricted, fraud review or service preserved. The vocabulary should be stable and documented so users know what each state does and does not mean.

Second, disputes should be isolated and evidenced without becoming public dossiers. A dispute should affect the smallest necessary record, resource, service or holder. A governance dispute should not impair unrelated public-record services; a contact defect should not erase resource recognition. The public record should not publish private documents, but it should show that a status was applied through a defined process, with dates, event types, validation state and review paths.

Third, legal stress should activate continuity modes rather than silence. Receivership, board vacancy, election dispute, litigation or bank-account restraint should not interrupt RDAP and WHOIS publication. Existing records should be preserved, legitimate corrections should have controlled paths, and transfers or high-risk changes may be held only with a public category and consequence that courts, receivers and counterparties can understand.

Fourth, the record should remain market-neutral and historical. It should record who is recognised, how to contact them, whether delegation exists and what status applies, without becoming a moral label about leasing, transfer price, customer geography or business model unless a defined policy or lawful order creates a specific consequence. Changes should leave enough history to reconstruct who changed what, when and under which authority. RDAP and WHOIS should tell materially consistent stories.

Finally, AFRINIC should measure public-record service. Aggregate reporting on update timing, contact validation, dispute categories, transfer-status queues, access availability and correction outcomes would not expose private files. It would let members and markets judge whether the public record is becoming more reliable.

Such a compact would not decide the Cloud Innovation dispute. It would not erase the 2019 allegations. It would not make elections simple. It would not settle whether every transfer rule is wise. It would do something more practical: make the public record reliable enough that strangers can act without importing every institutional fight into every query.

The test is whether strangers can rely without joining the fight

The public record succeeds when it lets strangers make decisions without becoming insiders. A bank can send a report. A buyer can price a block. A law firm can identify the recognised holder. A customer-risk team can decide whether to escalate. A court can preserve a service state. A network operator can interpret responsibility. A lessee can show operational contactability. An abuse desk can avoid sending every complaint to the wrong place. None of these users should have to attend an AFRINIC meeting, read years of litigation, or guess which side of an institutional argument they are expected to join.

That is the economic promise of RDAP and WHOIS. They are not final truth machines. They are public coordination devices. They make enough of the registry state visible that strangers can transact, investigate and protect themselves. Their value rises as IPv4 scarcity raises the value of clean recognition. Their value rises as leasing and transfer markets separate formal holder from operational user. Their value rises as abuse and security teams need contactability at scale. Their value rises as courts and receivers encounter number resources as live infrastructure rather than ordinary corporate property.

AFRINIC is a test case because its public record must operate while the institution rebuilds credibility. The registry has public evidence of recovery: a board elected after years of trouble, reports of improved staff morale, plans for budgets and strategy, and continuing operation of registry services through receivership. It also has public evidence of continuing stress: litigation, winding-up proceedings, contested narratives, past record-corruption reporting, election legitimacy concerns, membership classification disputes, and market conflict over IPv4 leasing and transfer restrictions. A public record that ignores the stress will not be believed. A public record that dramatizes the stress will not be useful. It must make the stress legible and bounded.

The conclusion should not be the official story of any institution. Official materials are exhibits. AFRINIC's service list shows what must be maintained. The policy manual shows that public registration, contacts and WHOIS-accessible objects are part of resource governance. The exhaustion page shows why scarcity matters. The NRO statement shows receivership framed as continuity. The Register, IGP and KrebsOnSecurity reporting show litigation, record-corruption allegations, election disputes and market pressure. The analytic conclusion is institutional economics: when a private registry publishes the public record of scarce, operationally embedded number resources, that record becomes infrastructure for reliance by strangers.

The cost of ambiguity is paid widely. It is paid by the buyer who discounts a block because the record is unclear. It is paid by the small operator whose contact correction is delayed because process is overbroad. It is paid by the abuse desk that wastes time on stale data. It is paid by the customer whose vendor-risk review flags a resource because public status is opaque. It is paid by the court that must sort a technical record under emergency conditions. It is paid by AFRINIC itself, because a registry that cannot make public records credible invites markets to route around its authority.

The cure is not to turn RDAP into a courtroom, WHOIS into a customer list or public registration data into a moral instrument. The cure is to make the queryable public record precise about what the registry knows, modest about what it does not know, disciplined about uncertainty, and reliable under institutional stress. Public legibility is not the opposite of privacy. It is the alternative to rumour. It is not the opposite of due process. It is the first layer that makes due process cheaper. It is not the opposite of market restraint. It is the condition under which markets can distinguish real risk from fear.

For AFRINIC, the test is simple. When a stranger looks up one resource holder tomorrow, does the public record give enough information to decide whom to trust, contact, price, sue, route around or investigate, without pretending to settle facts it cannot settle? If the answer is yes, AFRINIC's public record is doing institutional work far larger than a database query. It is lowering the cost of economic coordination in a region where the registry itself has become part of the risk landscape.

If the answer is no, the market will still decide. It will decide through discounts, blocked transactions, private rumours, higher warranties, slower abuse response, broader security suspicion and court fights that treat public registration data as both indispensable and insufficient. That is the economics of RDAP, WHOIS and the public record. The public lookup is small; the reliance built on it is not.