ARIN is a useful place to study IPv4 leasing because it is not an obvious institutional failure case. The American Registry for Internet Numbers serves a wealthy and operationally dense region: the United States, Canada and a defined set of Caribbean and North Atlantic territories. Its members include carriers, cloud platforms, hosting firms, universities, security vendors, enterprises, legacy holders, brokers and buyers sophisticated enough to price IPv4 as a scarce production input. Its public documentation is comparatively orderly. Its transfer categories are known. Its legacy-resource boundary is unusually explicit. If the regional Internet registry model can adapt cleanly to a market in which address space is priced, leased and financed, ARIN should be one of the easier places to see that adaptation.
Yet the North American market also shows why leasing emerged. ARIN's free IPv4 pool reached depletion in September 2015. The registry did not disappear. It continued to maintain the record, process requests, run a waiting list, recognise transfers and publish procedures. What ended was the ordinary assumption that a qualified operator could obtain meaningful new IPv4 supply from a common administrative pool on the timetable of network growth. Operator demand did not pause for that administrative fact. Customers still had to be served. Hosting density still had to be maintained. Mail infrastructure, access networks, VPN services, security platforms, cloud workloads, customer allowlists and old IPv4-only systems still needed usable addresses.
Once registry allocation logic no longer matched operator timetables, the market built another layer. That layer includes lease contracts, letters of authorisation, route objects, Route Origin Authorisations, reverse-DNS arrangements, geolocation tickets, abuse desks, reputation remediation, renewal clauses, upstream acceptance checks and the daily reality that one organisation may remain the registered holder while another uses the addresses in production. The registry ledger may show the lessor. The live network may belong to the lessee. The address block has moved economically even if the registered-holder field has not changed.
That is the shadow allocation economy. The word "shadow" should not be read as illicit. Much leasing is ordinary commercial adaptation to scarcity. A holder owns or controls address space. Another operator needs capacity without buying a block, waiting for residual registry supply or taking every registry-facing risk into its own operating company. The parties contract. The holder authorises use. Routing and security records are adjusted. Abuse responsibility, reverse DNS, reputation and renewal are handled by agreement. The allocation has not moved in the classical registry sense. It has moved in the economic sense.
The institutional question is whether ARIN and the wider RIR model can recognise that economic reality without destroying the ledger discipline that makes number resources useful. A registry that abandons verification would damage the market. A registry that tries to police all economic use would drive more demand into private workarounds. The hard task is to protect the record without pretending that the record is the source of the capital beneath it.
The allocator ran dry, but demand did not
IPv4 scarcity is a design fact before it is a policy controversy. IPv4 uses a 32-bit address space, fewer than 4.3 billion theoretical addresses before reservations, special-use ranges and operational constraints. For the early Internet this looked vast. For the commercial Internet of access networks, mobile devices, hosting platforms, cloud regions, enterprise firewalls, VPN products, mail systems, content networks and security appliances, it became finite. CIDR, NAT and more disciplined address management slowed exhaustion. IPv6 created a parallel long-term path. None of those changes removed the need for IPv4 compatibility.
ARIN's archived depletion announcement is therefore a historical marker. It said the final IPv4 addresses in the ARIN free pool had been issued and pointed applicants toward the waiting list and the transfer market. The administrative language was controlled. The economic change was large. From that point, ordinary address growth in the ARIN region increasingly depended on recycling, return, revocation, acquisition, transfer, leasing, corporate restructuring, private inventory management or costly engineering around scarcity.
The waiting list illustrates the new constraint. ARIN's public waiting-list guidance treats the list as a residual path to IPv4, not as a replacement for industrial supply. Eligibility is limited. An organisation holding more than a /20 equivalent of IPv4 address space is generally excluded. The maximum aggregate an organisation may qualify for at one time is a /22, and only one request may sit on the list. Address space distributed from the waiting list is subject to a five-year transfer restriction except in merger, acquisition or reorganisation contexts. These rules are intelligible as fairness and anti-arbitrage devices. They also reveal the scale of scarcity. A /22 can matter to a small network. It is not an answer to the address needs of a scaled hosting platform, a carrier, a cloud operator or a fast-growing regional operator.
A queue is also a way of allocating delay. It decides who can plan, who must wait, who must buy, who must lease and who must redesign around scarcity. Recovered blocks arrive in limited and irregular quantities. The network that needs addresses for a customer contract, data-centre migration, security product, acquisition integration or new access build cannot treat an uncertain queue as a reliable supply chain. This is not a criticism of ARIN's staff processing. It is the economic meaning of a depleted pool.
Transfers solve part of the problem but not all of it. ARIN's transfer guide describes merger and reorganisation transfers, specified-recipient transfers inside the ARIN region and inter-RIR transfers with compatible partners. It also preserves recipient qualification requirements. Its policy manual contains the grammar behind those categories: minimum transfer sizes, operational-use expectations, utilisation thresholds, 24-month need demonstrations and reciprocal policy compatibility for cross-registry movement. The result is an administered market. Buyers and sellers may negotiate privately, but the registry must recognise the movement before the public record settles.
That recognition has value because it cleans the ledger. It also creates a bottleneck because the transaction remains subject to policy, documentation, agreement status, fees and timing. In the allocation era, a needs test rationed access to a low-cost common pool. In the transfer era, the same logic can become a control over movement of already-issued capital. A buyer paying market price is not asking the registry to distribute free supply. It is asking the registry to record a private movement of recognised control. The old vocabulary of need, conservation and stewardship still shapes the process, but its economic effects have changed.
Leasing appears in the space between rationing and purchase. It supplies operational access without requiring the lessee to acquire registered control. It lets holders monetise idle or underused inventory without permanently selling it. It converts a scarce capital input into a recurring operating cost. It lets operators test demand, bridge migration, serve customers, preserve cash, avoid transfer friction or keep registry-facing complexity upstream. Leasing is not an anomaly in a post-exhaustion market. It is the predictable form taken by scarcity when official allocation no longer clears demand.
ARIN as the clean North American test
ARIN is analytically important not because it is uniquely defective, but because it is comparatively clean. Its region contains deep capital markets, large technology firms, carriers, hosting businesses, universities, enterprises, lawyers, brokers and legacy-resource holders. It has a public policy process. It recognises transfers. It publishes guidance on the waiting list, transfer categories, legacy resources, fees, agreements, routing-security services and resource review. These facts make the ARIN region a useful laboratory for post-exhaustion registry economics.
The central tension is the same as in other regions. A body designed to coordinate unique number records now sits above resources that markets treat as operational capital. An IPv4 address block is not land, spectrum or equipment. It is a set of unique numerical identifiers whose value depends on non-conflicting registration, routing acceptance, continuity of use and the services built above it. But markets do not wait for legal vocabulary to settle. If something is scarce, durable, transferable under rules, useful in production and priced by counterparties, it behaves economically as an asset. IPv4 now behaves in that way.
ARIN's official materials are therefore best used as factual exhibits. They show what procedure exists. They do not prove that the procedure is economically neutral. A registry's self-description can explain its mandate. It cannot settle whether the mandate has expanded too far. The same is true of RIR and NRO language more broadly. It is relevant evidence of institutional self-understanding, not the conclusion.
The post-exhaustion question is not whether ARIN permits transfers. It plainly does. Nor is the question whether ARIN should maintain accurate records, verify authority or prevent fraud. It must. The sharper question is which controls protect the ledger and which controls preserve allocation-era authority after the economic role of the resource has changed. Source authentication protects the ledger. Dispute checks protect the ledger. Officer acknowledgement protects the ledger. Accurate RDAP, Whois, reverse DNS, RPKI and IRR support protect the ledger-adjacent infrastructure on which counterparties rely. Broad future-need forecasting, business-model judgment, regional policy compatibility and service leverage require a different justification because they shape capital movement.
That distinction matters more in ARIN precisely because ARIN is mature. A crisis registry can distract attention with collapse. A stable registry reveals the shape of inherited power. ARIN's strength is that it can choose precision. It does not need to defend every old doctrine of the RIR system. Its strongest institutional case is narrow: maintain a reliable record, verify authority, prevent duplicate claims, support publication services, recognise valid transfers predictably, isolate disputes and reduce operational damage to running networks. Leasing tests whether that narrow case is enough.
If operators increasingly rely on leases because purchase capital is scarce, transfers are slow, needs assessment is restrictive, legacy-service boundaries create contract leverage or direct holding feels risky, leasing is not peripheral. It is market feedback. It shows where registry design, transfer timing and operator demand do not align.
Why leasing emerged
Leasing emerged because operators faced a practical mismatch. They needed IPv4 capacity in increments, timeframes and risk profiles that the registry-transfer system did not always supply. Buying a block can require substantial upfront capital. It can require transfer eligibility, registry approval, agreement execution, fees, documentation, diligence on source authority, history cleanup and routing-security transition. It may expose the operating company directly to registry contracts, policy changes, resource review, payment obligations, account-security duties and future interpretation. For some firms, purchase is right. For others, especially smaller, project-based or cash-constrained operators, leasing is more rational.
The economic logic is simple. A lease converts a scarce capital input into a recurring operating expense. It lets a network obtain use without buying the underlying block. It can be matched to block size, customer demand and contract term. It can preserve cash for routers, fibre, colocation, power, engineering, customer acquisition and security. It can bridge a business until demand is clearer or transfer financing is available. It lets a holder earn yield from underused addresses without permanently surrendering future upside.
The institutional logic is just as important. A lease places registry-facing complexity somewhere else. Direct holding can feel safer because the operator's name appears in the database. But direct holding also places the operating company inside the registry framework: policy, agreements, payment, audit, account access, resource review, possible service boundaries and future rule changes. A lessor with large pools, registry experience, routing staff and abuse processes can sometimes carry that interface more efficiently than the lessee.
This is the theme visible in public commercial material from first-party leasing firms. LARUS, for example, describes leasing not simply as capacity rental but as a continuity structure: first-party address pool, registry exposure kept upstream, routing validity, reverse DNS, abuse process, geolocation support, support commitments and renewal certainty. That material is commercial and should be read as an interested claim, not neutral ground truth. It is nonetheless a useful market signal. Firms sell continuity because customers fear discontinuity. They sell first-party pools because broker chains can fail under stress. They sell registry-risk placement because the registry layer has become a business risk.
Leasing also emerged because the old moral distinction between "using" and "holding" became less useful. A block may be held by one organisation and used by another organisation's customers. It may be announced through the lessee's ASN or an upstream arrangement. It may be covered by an LOA rather than by a registered-holder change. Its ROAs may be created by the holder. Its route objects may be maintained by the lessor or by an agreed operations team. Its reverse DNS may be delegated or managed on behalf of the lessee. This is not allocation in the classical registry sense. It is allocation in the economic sense: scarce capacity has been assigned to productive use through contract.
For critics, that can look like evasion. For operators, it often looks like survival. The difference is not ideological. It is the difference between viewing IPv4 as a policy-administered entitlement and viewing it as an input into production. Operators face customer deadlines, not philosophical purity. If the registry system gives them an expensive, slow or uncertain route to purchase, and the lease market gives them usable capacity with manageable terms, many will lease. They are not necessarily rejecting the registry. They are routing around a mismatch.
The risk is that leasing can hide too much. A lease that lacks clear authority, abuse handling, routing-security support, reassignment visibility, reputation diligence and renewal discipline can create operational fragility. A lessee may discover that the lessor cannot or will not create ROAs, update IRR objects, delegate reverse DNS, handle geolocation correction or respond to abuse pressure. Upstreams may reject a route if the LOA is weak. A block may carry bad reputation. The lessor may sell, withdraw or reprice the space. Leasing solves scarcity only when it is embedded in a serious continuity framework. Otherwise it shifts risk rather than reducing it.
What an IPv4 lease really buys
An IPv4 lease is often described as renting addresses. That is too thin. In production, the customer is buying a bundle of permissions, records, services and risk placements. The numbers are the centre of the bundle, but they are not the whole product. A block that cannot be announced, cannot pass filters, cannot receive accurate reverse DNS, cannot sustain mail reputation, cannot be covered by coherent RPKI, cannot be explained to upstreams and cannot be renewed on predictable terms is not useful capacity. It is a problem with a number on it.
The first item in the bundle is authorisation. In many leasing structures the registered holder or lessor issues a letter of authorisation to the lessee, the lessee's upstream or the network that will originate the prefix. The LOA is a commercial-operational instrument, not title. It tells counterparties that the recognised holder has authorised the announced use. Transit networks, data centres, route-filter administrators and security teams may require it. Its value depends on credibility: the signer must be recognised, the block must match, the term must be clear, the authorised ASN or network must be specified and the document must be accepted by the relevant counterparties.
The second item is routing-security state. RPKI Route Origin Authorisations can strengthen the claim that a particular ASN is authorised to originate a prefix. In a leasing model, the question becomes who creates and maintains the ROA. If the registered holder controls RPKI access, the lessee depends on the holder or lessor to publish accurate ROAs, remove stale ROAs, avoid maxLength errors and respond quickly when routing changes. If hosted RPKI access depends on an ARIN agreement, agreement status becomes part of the service. ARIN's legacy-resource guidance matters here because basic legacy registry services and advanced services such as hosted RPKI and IRR are not always the same thing for non-contracted holders.
The third item is IRR and filtering hygiene. Many networks still use Internet Routing Registry route objects and AS-SET data in filtering and provisioning. A leased block may need route objects, maintainer coordination, AS-SET updates and cleanup of stale records. IRR data is imperfect, but for many operators it remains part of routability. If the lessor cannot manage IRR state, the lessee may face route acceptance problems even when it has a signed LOA.
The fourth item is reverse DNS. RDNS is unglamorous but important for mail, enterprise acceptance, security systems, logging and customer trust. A leased block used for hosting, email or business services may require delegated reverse DNS or lessor-managed zones. Delays, misdelegations and stale data create operational cost. The registry ledger, the lessor's DNS process and the lessee's customer needs meet at this point. A capacity lease without RDNS discipline is often not production-ready.
The fifth item is reputation and abuse handling. IPv4 addresses carry history. A block may have appeared on spam lists, hosted malware, been geolocated incorrectly, been used for VPN exit traffic, attracted complaints or acquired poor standing with major platforms. A buyer can diligence and discount for that history. A lessee must also care, often with less control. If abuse contacts point to the lessor, the lessor must operate a credible process. If complaints reach the lessee, the lessee needs authority to respond. Reputation is not a side issue. It is part of the lease economics.
The sixth item is renewal certainty. For many workloads the cost of losing a block is not the lease invoice. It is renumbering a live network. Customers must be migrated, firewall rules changed, allowlists updated, mail reputation rebuilt, geolocation corrected, DNS adjusted and contracts explained. A short lease may be acceptable for testing. It is dangerous for production if renewal terms are vague. This is why serious lessors increasingly frame continuity as the product. The market is learning that address use is not a spot commodity when customers are built on it.
The final item is registry-facing risk placement. If the registered holder remains upstream, the lessee may avoid direct exposure to registry process. That can be valuable. It can also create dependency. The quality of the lease depends on the lessor's registry standing, account security, contract status, policy exposure, governance posture and ability to defend continuity if challenged. The better lessors therefore sell more than addresses. They sell a controlled interface to the registry layer.
LOA, RPKI and IRR translate contracts into network reality
The shadow allocation economy works only because private contracts can be translated into operational signals. A lease agreement by itself is invisible to the routing system. The Internet does not read commercial contracts. It reads BGP announcements, route filters, RPKI validation state, IRR objects, DNS delegations, registry data and operational trust. The hard work of leasing is turning a private right to use addresses into a public-enough set of signals that networks will carry traffic.
The LOA is usually the first bridge. It is also the weakest if treated casually. A generic letter saying a customer may use a block is not enough in a serious environment. It should identify the resource, the authorised ASN or network, the term, the holder, the signer and the scope. It should align with the intended routing pattern. It should be revocable only under known conditions. It should be available to the upstreams that need it. If the lease changes origin ASN, upstream, route length or customer entity, the LOA process must change with it.
RPKI is a stronger technical signal, but it is not automatic. In a lease, the lessee often cannot create ROAs directly because the registered holder controls the certification path. The lessee depends on the holder or lessor to publish an ROA covering the agreed origin. That dependence is manageable when the lessor is responsive and disciplined. It is dangerous when the lessor treats RPKI as an afterthought. A stale ROA can invalidate a new route. An overly broad maxLength can create security exposure. A missing ROA can reduce acceptance in networks that use route-origin validation as part of their policy. A lease that includes no RPKI operating commitments leaves the lessee exposed.
IRR has a different problem. It is older, fragmented and variable in data quality, but many networks still rely on route objects and AS-SET data. A leased block may need objects in ARIN's IRR, RADb or other registries depending on routing practice. Stale objects can persist after lease end. Conflicting objects can confuse filters. Maintainer credentials can sit with the wrong party. The lessor and lessee must know who can create, update and remove records, and how quickly. Otherwise the lease ends in a residue of stale authority.
Reverse DNS connects the registry layer to everyday service quality. Mail systems, enterprise logs, security tooling and abuse desks care about reverse mappings. A lessee running customer mail cannot wait weeks for a lessor to update a PTR zone. A hosting operator cannot allow stale reverse DNS from a prior user to persist into a new lease. A security vendor cannot have RDNS contradict its customer-facing service. Whether RDNS is delegated to the lessee or managed by the lessor, the SLA matters.
Abuse handling is the other bridge. Abuse contacts in registry records, delegated contacts, ticketing systems and contract clauses must line up. If the lessor receives complaints, it needs a process for forwarding, escalation, suspension and cure. If the lessee receives complaints, it needs authority to investigate and respond. If the lessee has downstream customers, the contract must define how customer misuse affects renewal, route state and termination. A lease without abuse architecture is deferred conflict.
The commercial continuity logic is broader than any one tool. A production IPv4 lease should answer five questions before traffic starts. Who is authorised to announce the prefix? Who can change RPKI and IRR state? Who handles reverse DNS? Who receives and acts on abuse complaints? What happens when the lease ends or renews? If those questions are not answered in the contract and operations plan, they will be answered during a failure, when bargaining power is worse.
For ARIN, the lesson is indirect but important. Registry policy tends to focus on registered control, needs and transfer eligibility. The market increasingly focuses on deployability. Deployability includes registry status, but it also includes reputation, RPKI, IRR, RDNS, abuse and renewal. If registry policy ignores deployability, it will misunderstand why operators choose leasing, why they pay premiums for managed continuity and why registered transfer is not always the preferred path.
Transfer versus lease
The choice between transfer and lease is not simply a choice between ownership and rental. It is a choice about capital, timing, control, registry exposure, operational capability and optionality. In a frictionless market, a firm with durable need and enough capital might prefer to buy. IPv4 is not a frictionless market. Registry recognition, scarcity premiums, block reputation, routing-security state and uncertain demand all affect the decision.
A transfer offers stronger long-term control if it completes cleanly. The recipient becomes the recognised holder or resource customer. It can manage services directly, subject to agreement and policy. It may avoid renewal risk. It may capture appreciation. It can integrate the block into corporate planning, acquisitions, financing narratives and long-term network design. For a large operator with predictable demand, legal capacity, registry experience and sufficient capital, purchase can be the rational choice.
But transfer carries costs. The buyer must deploy capital upfront. It must qualify under recipient rules where applicable. It must diligence the source, corporate authority, history, reputation, RPKI and IRR state. It must pass registry process and accept the relevant agreement. It may face delays, documentation rounds, fees and uncertainty. It takes registry-facing risk onto its own operating company. It may buy more address space than current demand requires or less than future demand will need. If policy changes or resource review becomes more intrusive, the holder bears that exposure.
A lease offers speed and flexibility. It can match a project, customer segment, product launch, migration, testing environment or temporary capacity need. It can avoid a large upfront cash outlay. It can let a firm grow while preserving capital for physical infrastructure. It can place registry interaction, RPKI administration, RDNS, abuse and renewal management with a specialist lessor. It can also bridge a buyer until transfer supply, financing or business certainty improves. For small operators, leasing may be the only realistic way to obtain enough IPv4 to serve customers without waiting for residual registry allocations.
Leasing carries its own risks. The lessee does not control the underlying registered resource unless the contract grants strong practical rights. Renewal may be uncertain. Price may rise. The lessor may change strategy, sell the block, face registry pressure, mishandle RPKI or fail to resolve abuse disputes. The lessee may be forced to renumber if the relationship ends. If the lease is brokered through multiple layers, accountability becomes diffuse. If the LOA is weak, the lessee may have trouble with upstreams. If the block reputation is poor, the lessee may pay for unusable capacity.
The tradeoff is therefore not moral. It is a risk-placement decision. Purchase takes more control and more registry exposure. Leasing shifts some control and some registry exposure to the lessor. Purchase uses capital and seeks permanence. Leasing uses recurring cash and seeks flexibility. Purchase is better when long-term need, transfer certainty and operational capability are strong. Leasing is better when speed, cash preservation, temporary demand or specialist continuity support matter more.
ARIN's transfer rules influence this decision even when ARIN does not directly regulate leases. Needs assessment, processing time, agreement status, inter-RIR compatibility, waiting-list consequences and legacy-service boundaries can make purchase less attractive for certain users. Residual registry supply is capped and uncertain. Resource-review anxiety can make direct holding less appealing. The result is demand for leases. The more permissioned the transfer market feels, the more valuable capital-light access becomes.
This does not mean ARIN should abolish all transfer controls. Fraud controls, source verification, dispute checks, sanctions compliance and routing-security transition discipline are essential. It does mean every non-ledger friction has an external effect. If legitimate buyers lease because transfer recognition is too burdensome, shadow allocation is no longer marginal. It is an alternative settlement layer.
Small operators and capital-light access
Small operators are often invoked in registry debates, but they are not always well served by systems built in their name. A small ISP, hosting operator, managed-service company, regional infrastructure operator or Caribbean network faces a different address economy from a hyperscaler or national carrier. It has less cash, less policy staff, less legal capacity, less tolerance for delay and fewer ways to diversify supply. A fixed registry fee, broker fee, legal review or documentation cycle consumes a larger share of its address plan. A delayed /24 can be the difference between taking and losing customers.
The old needs-based model can look pro-small because it restricts large actors from taking everything. In the waiting-list context, that argument has force. Residual returned space should not simply flow to the largest balance sheet. But in the broader market, procedural gatekeeping can become regressive. Large operators can hire counsel, maintain ARIN Online discipline, prepare utilisation models, buy in larger blocks, run parallel transfer and lease strategies and absorb delay. Small operators often cannot. They experience the same gate as a higher tax.
Leasing gives small operators a capital-light path. They can obtain a /24, /23 or /22 for production without paying the full purchase price. They can test demand before committing to acquisition. They can match cost to revenue. They can avoid the administrative burden of direct registry holding. They can rely on a lessor's RPKI, RDNS, abuse and geolocation support if the lessor is competent. In markets where address purchase prices are high, this can preserve the operator's ability to spend on fibre, radio, routers, power, colocation, customer support and security.
This is the strongest pro-leasing argument. It is not speculation. It is access. If IPv4 scarcity is real, and if transfer purchase is expensive and permissioned, a lease can let smaller networks compete. It can turn a locked capital requirement into a recurring operating input. It can allow a new entrant to enter a market otherwise dominated by legacy holders. It can help a regional network avoid selling itself because it lacks address inventory. It can give customers service now rather than a lecture about transition.
The quality of the leasing market therefore matters as much as its existence. Standard terms, clear LOA practice, renewal options, abuse procedures, RPKI and IRR support, RDNS delegation, reputation disclosure and lease-end transition rules all reduce dependency. So does first-party leasing, where the lessor controls the pool directly rather than passing the customer through a chain of brokers and sub-lessors. The fewer the layers, the clearer the accountability.
ARIN can help small operators indirectly by making the official market less dependent on insider navigation. Objective transfer pathways, clear small-block processes, aggregate processing data, predictable service boundaries and reduced discretionary business-plan review would make purchase more accessible. But even in a better transfer market, leasing will remain useful. Not every operator wants to own every input. The policy question is not how to eliminate leasing. It is how to ensure that leasing strengthens operational continuity rather than becoming opaque private rationing.
Shadow allocation and recognition gaps
The phrase "shadow allocation" describes a structural gap between registry recognition and operational use. In the registry ledger, a block may remain registered to the holder. In the market, a lease contract may allocate use to another party. In routing, an ASN associated with the lessee may originate the prefix. In RPKI, the holder may publish a ROA for that ASN. In IRR, route objects may show the intended origin. In reverse DNS, the lessee may control the zone. In abuse processes, complaints may flow through both parties. The address is economically allocated to the lessee, but registry recognition has not moved in the same way as a transfer.
This gap exists because the registry ledger was built primarily to record registered control, not every layer of commercial use. Reassignments and SWIP-like practices can expose some downstream use, but they do not fully describe commercial rights, renewal terms, risk placement or operational dependencies. Nor should the registry necessarily become a database of private contracts. There are confidentiality, complexity and overreach concerns. But a market with large leased capacity cannot be understood solely through registered-holder data.
The gap has benefits. It allows flexible use. It lets a lessor keep a stable registry relationship while customers change underneath. It reduces the need for repeated transfers. It permits short-term and medium-term access. It can keep address space active that might otherwise remain dormant. It lets small operators buy time. It lets holders monetise idle inventory without losing long-term control. In economic terms, shadow allocation can increase utilisation and liquidity.
The gap also has risks. Accountability can blur. A registry contact may not know the end customer. An abuse desk may chase the wrong party. A lessee may not be able to update RPKI quickly. Upstreams may rely on stale LOAs. A lessor may over-allocate or fail to coordinate route changes. Customers may build dependencies on addresses they cannot renew. If a dispute arises, the registry sees the holder, the network sees the origin ASN, the contract points to the lease and the harmed party may not know whom to pressure. Shadow allocation can improve market efficiency or create operational opacity.
The right response is not to moralise the gap but to govern the risk points. If a leased block is used in production, there should be clear authority to originate. If RPKI is used, ROAs should match the agreed route. If IRR objects exist, they should be maintained and removed at lease end. If abuse complaints arise, the responsible path should be defined. If customers require RDNS, delegation should be clear. If the lease ends, route withdrawal, ROA cleanup, IRR cleanup, RDNS changes and reputation responsibilities should be planned. If the lessee is large or customer-facing, some public reassignment or contact visibility may be appropriate.
ARIN's official framework can influence these practices even without directly regulating leases. If ARIN-hosted RPKI or IRR access depends on agreement status, lessors with appropriate agreement coverage can offer services that non-contracted legacy holders may not. If transfer policy remains permissioned, leasing remains attractive. If resource review or contract leverage is perceived as broad, direct holding becomes less attractive. If the public record is useful and stable, lessors can support customers more easily. Registry design shapes the shadow layer.
The deeper institutional lesson is that a registry ledger can be accurate and incomplete at the same time. It may accurately show the recognised registrant. It may not show the economic user, operational risk bearer or customer dependency. That is not necessarily a flaw. It is a reminder that the ledger should not be treated as the whole truth of the market. A mature policy discussion must account for both layers: registry control and operational allocation.
Reputation, abuse and the hidden cost of dirty space
IPv4 leasing also exposes a fact that transfer policy often understates: not all addresses with the same prefix length are commercially equivalent. A clean /24 and a dirty /24 do not carry the same value. A block with stable history, correct geolocation, responsive abuse handling, clean mail reputation, usable RDNS and coherent routing-security state is a different product from a block that has moved through opaque broker chains, accumulated blocklist entries, hosted malware, carried VPN exits or retained stale objects from prior users.
This matters because leasing is often chosen for speed. A lessee may need addresses now, not after months of remediation. If the block is used for mail, the lessee may face deliverability problems that cannot be solved by an LOA. If it is used for hosting, customers may inherit reputation from prior tenants. If it is geolocated incorrectly, applications may break, content rights may misfire and customer support costs may rise. If abuse contacts remain with the wrong party, complaints may escalate before the lessee even knows they exist.
A serious lessor therefore operates as a reputation manager. It screens customers, monitors abuse, coordinates delisting, maintains RDNS, handles geolocation tickets, removes stale records and plans lease-end cleanup. It also manages incentives. A lessor that leases to any customer at the highest short-term price may damage the pool for future users. A lessor that invests in screening and remediation can charge a premium because it supplies deployable continuity, not just numeric capacity.
Abuse handling is particularly sensitive because it sits at the boundary between public accountability and private contract. Registries want contactability. Operators want not to be punished for every downstream customer mistake. Lessors want to preserve pool reputation. Lessees want service continuity and fair cure periods. End users want complaints resolved. The wrong design either hides abuse behind contractual layers or turns every abuse report into a pretext for disproportionate action. The right design separates reporting, investigation, remediation, escalation and lease termination.
This is another reason official registry records alone do not describe the market. The ledger may show a clean holder record while the operational reputation is poor. Or the ledger may show a holder that is not the live customer while the lessor operates a strong abuse process. Market participants increasingly diligence the deployability layer: blocklists, geolocation, prior use, ROAs, IRR, RDNS, complaints and renewal history. A registry that focuses only on registered control will miss the reason some leases are valuable and others are dangerous.
The reputation layer also changes the transfer-versus-lease tradeoff. A buyer may prefer to purchase a dirty block at a discount and clean it over time if the long-term economics justify the work. A lessee may not have that luxury because the lease term is shorter and customers need service immediately. Conversely, a lessor with specialist remediation capacity may deliver cleaner usable space than a small buyer could find on its own. Leasing can therefore be either a reputation shortcut or a reputation trap. The difference is operating discipline.
Capital-control risk without a ministry
Capital control usually suggests state action: exchange controls, investment approvals, quotas, export restrictions or licensing. IPv4 has no capital-control ministry. Yet registry policy can create capital-control effects when a scarce, priced, productive resource cannot move or be recognised without administrative approval. ARIN's controls are rule-bound and public. They are still controls.
The most obvious example is needs-based transfer review. In ARIN's framework, specified-recipient and inter-RIR transfers require recipient qualification. The policy logic descends from conservation: resources should go to operational networks with documented need. In a depleted market, however, the resource is often not coming from ARIN's free pool. It is moving from one holder to another. The buyer's willingness to pay market price is itself evidence of economic demand. When the registry substitutes administrative need for price signals, it is not merely recording. It is governing capital movement.
Inter-RIR compatibility creates another form of control. ARIN recognises transfers only with RIRs whose policies are compatible and reciprocal in the relevant ways. Its public transfer materials have listed APNIC, LACNIC and RIPE NCC as compatible partners, while AFRINIC has not been approved for ARIN-compatible transfers. That fact matters because IPv4 routes globally while registry records move through regional institutions. The packet has no passport, but the registration does. A block's mobility can therefore depend on whether two registry policy systems recognise each other.
Waiting-list restrictions are more defensible but still control movement. Space obtained from the ARIN waiting list is restricted from transfer for five years, except in merger and reorganisation contexts. The rule prevents subsidised or rationed space from becoming immediate market inventory. That is a plausible anti-arbitrage design. It also reduces liquidity. A recipient receives operational capacity, not freely movable capital. If the recipient's business changes, policy still conditions movement.
Legacy-service boundaries and agreement status add a softer control. A legacy holder may maintain basic records without signing a modern agreement, but certain advanced services can require agreement coverage. As RPKI and IRR become more important in production, service boundaries become economic pressure. A holder may sign not because it accepts every broader contractual implication, but because operational norms make the service necessary. That may be justified. It should still be described honestly as an economic lever, not as a neutral technical detail.
Capital-control risk is not a conspiracy claim. It is a consequence of institutional position. If ARIN can affect whether a block moves, how long it takes, which services attach and what contract status applies, then ARIN affects the value of IPv4 capital. The issue is whether each control is narrow, evidence-based and proportionate to a ledger harm. Source authentication prevents fraud. Dispute checks prevent conflicting claims. Sanctions and court-order compliance reflect legal constraints. But business-model judgment, broad future-need forecasting and discretionary service leverage require heavier justification.
The danger of broad control is that it pushes demand into the shadows it seeks to discipline. If purchase is too slow or uncertain, operators lease. If transfer is hard across regions, parties preserve corporate shells, use acquisitions, create operating affiliates or source addresses through less visible channels. If needs tests penalise strategic inventory, buyers describe demand in the language that satisfies policy rather than in the language that explains economic reality. The registry may preserve the appearance of stewardship while the market develops private substitutes.
A narrow registry would treat this as feedback. It would ask which controls protect the ledger and which preserve allocation-era authority. It would publish aggregate friction data: processing times, documentation rounds, denials, abandonment, reasons for delay and review outcomes. It would make transfer rules more objective where possible. It would recognise that liquidity, not just conservation, is a public value after exhaustion. Scarce resources trapped by administrative friction do not serve the Internet better than scarce resources trapped by hoarding.
Ledger versus gatekeeper
The useful institutional distinction is ledger versus gatekeeper. A ledger preserves uniqueness, accuracy, history, publication and security-relevant state. It tells the market who is recognised, what has changed, what is disputed, which contacts exist, where reverse DNS is delegated and what routing-security objects can be anchored. A gatekeeper decides who deserves access, whether a business plan is acceptable, whether capital may move, whether services attach to contractual status and whether old holdings must be drawn into new terms.
No registry can be purely ledger. It must verify authority. It must reject forged documents. It must respond to court orders. It must handle disputes. It must prevent duplicate registration. It must protect publication systems. It must manage contracts for services. But the closer it stays to objective record protection, the stronger its legitimacy. The closer it moves to discretionary economic judgment, the more it becomes a gatekeeper.
Public notes by Lu Heng and materials from the Number Resource Society frame this as a continuity problem: protect the ledger, not the gatekeeper. Those sources are interested-party interventions and should be read as such. Their usefulness lies in the distinction they sharpen. Number uniqueness is real. Registration accuracy is real. RDAP, Whois, reverse DNS, RPKI and IRR continuity matter. Running networks and downstream customers must not be collateral damage. But none of that requires treating every claimed institutional power of a registry as necessary to continuity. The database needs continuity. The authority to moralise leasing does not.
This distinction fits the ARIN leasing problem. ARIN's ledger role is essential to the market. Lessors, lessees, buyers and sellers all rely on the registry record at some level. A lessor's ability to issue credible LOAs depends on recognised control. RPKI and IRR services may depend on registry status. Transfer buyers rely on ARIN recognition. Legacy holders rely on record maintenance. Small operators rely on accurate contacts and predictable services. A weak ledger would make leasing more dangerous, not less.
But a gatekeeping registry can also make leasing more necessary. If the transfer market is heavily permissioned, if recipient need must be documented through allocation-era categories, if advanced services create contract leverage, if inter-RIR borders behave like policy customs posts and if resource review chills movement, operators will seek contractual use without registered transfer. Shadow allocation is what happens when the ledger is useful but the gate is costly.
The best answer is not anti-registry. It is pro-ledger. ARIN should be strongest where the market needs a shared record and weakest where the market can allocate risk through contract, price and operational discipline. It should verify source authority, maintain accurate RDAP and Whois, support reverse DNS, enable robust routing-security publication, record transfers quickly, isolate disputes without unnecessary disruption and publish enough process data that participants can price risk. It should be cautious about deciding whether a buyer's future business plan is good enough or whether leasing is morally inferior to direct holding.
The policy vocabulary should change accordingly. "Need" should not do the same work in a private transfer that it did in free-pool allocation. "Stewardship" should mean maintaining the conditions for reliable use, not retaining broad discretion over scarce capital. "Community" should not be invoked as if a small active policy class can consent on behalf of every operator and customer affected by liquidity rules. "Stability" should mean continuity of records and running networks, not immunity for every inherited institutional practice.
ARIN is well placed to adopt that narrower vocabulary. Its maturity gives it the option to lead. A crisis registry may defend itself by invoking survival. ARIN does not need that posture. It can say that the market exists, leasing exists, IPv4 has asset value and the registry's legitimacy depends on reducing uncertainty rather than denying economic reality. That would not weaken ARIN. It would make its strongest functions harder to challenge.
What the shadow layer says about the future
The growth of leasing says three things about the future of IPv4 governance. First, IPv4 will remain economically relevant for longer than transition slogans suggest. IPv6 adoption may grow, but dual-stack reality means IPv4 remains a production input, and leasing is one way markets price that input. Second, the registry record is no longer the only allocation map. The official ledger remains essential for recognised control, but operational allocation also happens through contracts, LOAs, ROAs, route objects, RDNS, abuse desks and customer assignments. Any analysis that looks only at registered transfers will miss a significant part of address mobility.
Third, lessors are becoming quasi-infrastructure operators. A serious lessor must manage routing validity, reverse DNS, reputation, abuse, geolocation, renewal, customer screening, registry interface and sometimes legal continuity. The business begins to resemble infrastructure risk management rather than simple brokerage. Thin brokers can still introduce supply and demand, but they do not necessarily carry the failure domain. The market will increasingly distinguish among listing inventory, closing paperwork and guaranteeing operational continuity.
These changes make capital-control risk harder to hide. A rule that delays movement will be priced as delay. A rule that narrows buyers will be priced as illiquidity. A service boundary that pressures agreement will be priced as contract leverage. A cross-region incompatibility will be priced as trapped capital. Public NRS materials argue for decentralisation, portability and reduced dependence on centralised human discretion because markets want neutral records, verifiable control, continuity and exit from discretionary choke points. One need not accept every claim to see the demand signal.
ARIN can interpret leasing as a threat or as evidence. If it treats leasing mainly as a way operators avoid policy morality, it will be tempted toward enforcement creep. If it treats leasing as market evidence of unmet demand, transfer friction, capital constraints and continuity needs, it can adapt. Leasing shows where the official system does not clear demand. Shadow allocation shows where the registry record does not capture operational reality. Those are not reasons to abolish the ledger. They are reasons to make the ledger narrower, cleaner and more trusted.
The next policy frontier is not whether leasing should exist. It already does. The question is how visible, accountable and operationally safe the leased layer becomes. A market that relies on private leases but cannot state who may originate a route, who handles abuse, who maintains RPKI, who controls reverse DNS and how renewal works is fragile. A market that uses leases with clear authority, clean records, disciplined operations and predictable registry boundaries can increase access without corrupting the ledger.
What to watch
The first watchpoint is transfer friction. Processing time, documentation rounds, abandonment, denial reasons and small-buyer participation will matter more than transfer volume alone. A market can tolerate process if it can price it. It struggles with discretionary uncertainty. ARIN would strengthen confidence by publishing more aggregate data about transfer timing, request outcomes and reasons requests fail or are withdrawn.
The second watchpoint is needs assessment. If ARIN narrows needs review for market transfers, it will signal recognition that private reallocation differs from free-pool distribution. If it tightens review, leasing and other workarounds become more attractive. The central test is whether a rule prevents a concrete ledger harm or merely preserves rationing logic.
The third watchpoint is RPKI and IRR access for legacy and leased resources. As route-origin validation becomes more operationally relevant, service eligibility becomes market infrastructure. If security publication is treated mainly as contract leverage, holders and lessors will price that leverage. If it is treated as part of public continuity, the ledger becomes more valuable.
The fourth watchpoint is LOA and reassignment practice. The market needs clearer norms for letters of authorisation, downstream contact visibility, lease-term authority and lease-end cleanup, without turning ARIN into the police of every lease. The fifth is abuse and reputation. Lessors that invest in abuse processes, customer screening, delisting support, geolocation correction and renewal discipline will be treated differently from thin intermediaries, and their competence will reduce pressure for overbroad registry intervention.
The sixth watchpoint is small-operator economics. Waiting-list distributions, small-block transfer pathways, lease pricing and renewal terms will show whether post-exhaustion IPv4 access is broadening or narrowing. The seventh is inter-RIR mobility. ARIN-compatible transfers with some RIRs and not others show that registry borders remain economic borders. The final watchpoint is language. If ARIN and the wider RIR community describe IPv4 as registry-recognised operational capital requiring accurate, neutral and accountable ledger services, they can preserve coordination without denying the asset economy. If they continue to describe market movement through allocation-era moral language, the shadow layer will grow.
Conclusion: the market has already adapted
IPv4 leasing exists because the market has already adapted to the question registry language tried to postpone. Operators treat IPv4 as valuable. Holders monetise it. Buyers pay for it. Lessees rent it. Lessors build continuity services around it. Brokers and facilitators professionalise access to it. Addresses are not merely lines in a registry database. They are operational capital embedded in customer relationships and network design.
ARIN did not create this reality, and it cannot abolish it by vocabulary. Its task is more practical. It should preserve the ledger that makes the market safer while avoiding the gatekeeper instinct that makes the market route around it. The registry is strongest when it verifies authority, protects uniqueness, publishes accurate records, supports security continuity and recognises valid changes predictably. It is weakest when it mistakes post-exhaustion capital movement for an allocation problem that only administrative need can solve.
Leasing and shadow allocation are therefore not signs that the registry function has become irrelevant. They are signs that the registry function must be narrowed to what the market actually needs from it. The market needs a reliable record. It needs clean transfer recognition. It needs routing-security support. It needs dispute isolation. It needs accurate contacts and publication continuity. It does not need a moral theory of why every productive use must pass through allocation-era categories.
The North American lesson is institutional rather than ideological. A mature registry can remain legitimate in an asset world only if it reduces uncertainty around the asset. ARIN has the documentation, market depth and institutional capacity to do that. But the growth of leasing shows that operators will not wait for perfect registry adaptation. They will buy use, rent capacity, structure continuity and build private allocation layers wherever the official system is too slow, too capital-intensive or too uncertain.
That is the shadow allocation economy. It is not the opposite of the ledger. It is the market's response to a ledger that remains necessary but incomplete. The future of ARIN's legitimacy will depend on whether it sees that response as a problem to suppress or as information to learn from. Protect the ledger, make the shadow layer safer where it touches public routing, and let capital move toward productive use. That is the stable bargain for IPv4 after exhaustion.

