ARIN Billing Maintenance, May 2026: A 20-Hour Window, Not a Blackout
On its face this is the most skippable item in your inbox: a registry says its billing page will be down for an evening. The notice is six lines long. ARIN will take its billing systems down from 8:00 PM ET on Friday, 1 May, until 4:00 PM ET on Saturday, 2 May 2026. During that window customers may not be able to view, download, or pay invoices. Every other ARIN service stays up. Mark Kosters, the CTO, signs off and thanks you for your patience. That is the whole announcement, posted 24 April 2026.
The routine surface is exactly why it deserves a second look. The real stakes here are not the downtime; they are what the downtime does and does not reach, and what a notice like this lets a fraudster imitate.
I want to argue for taking it exactly that literally. The temptation, especially for anyone who sells into this market, is to inflate a routine maintenance window into a crisis, and that inflation does nobody any good. The correct operator response fits on an index card: pull your open invoices before Friday evening, and do not schedule a payment you cannot defer twenty hours. What is genuinely worth understanding is *why* a billing outage leaves your provisioning untouched, and why a notice like this is a small but real social-engineering opportunity. Those two things are where an operator can actually get something wrong.
This piece walks through what the window does and does not break, the one architectural fact that explains the whole scope of the outage, and a short verification habit for any registry notice that touches money.
Why provisioning keeps running while billing stops
The sentence doing the heavy lifting in ARIN's notice is "all other ARIN services will remain available." That line is more than reassurance; it reflects how the platform is actually partitioned. Billing in ARIN Online is a distinct module. You log in, open Payments & Billing, and it manages your Org ID billing contacts, invoice history, and payment authorization. It is deliberately separated from the technical resource records.
The technical side runs on the RESTful Provisioning System, which automates reassignment reporting (SWIPs) and IRR object management programmatically, without touching the billing module at all. So during this window an engineer can keep registering reassignments, editing route and route6 objects, and pushing IRR updates through the API. A finance person, meanwhile, cannot pull an invoice PDF. The two functions are decoupled, and the maintenance is scoped to one of them.
There is also a payment-architecture detail that makes the scope sharper. ARIN does not store card data itself; payment details are handed directly to a third-party processing vendor at the time of payment. A billing-system maintenance window almost certainly involves backend work on that boundary, which is exactly why there is no workaround. You cannot route around an offline payment path by trying an alternate channel, because the channel is the thing under maintenance.
| Function during the window | Status | What it means for you |
|---|---|---|
| View / download / pay invoices | Unavailable | Pull what you need before 8:00 PM ET Friday |
| RESTful Provisioning (SWIPs, IRR) | Available | API automation continues normally |
| Whois / RDAP lookups | Available | Public registry data unaffected |
| Resource requests | Available | Submission and processing continue |
The practical takeaway is narrow and worth stating plainly. The only thing you lose for twenty hours is the ability to look at or settle invoices. If your month-end close or an audit deadline lands across that Friday night, archive your invoice copies in advance. If it does not, this window costs you nothing.
The one real risk: a notice is a template an attacker can copy
Here is where I think operators should spend their attention, and the outage itself is the wrong place for it. A maintenance notice that asks you to act on money, with phrasing like "settle before the window" or "verify your billing contact," is precisely the shape a finance-targeted phishing message wants to wear. The legitimate version is signed by Mark Kosters as Chief Technology Officer. A fraudulent version copies the format, swaps in a payment demand or a "click here to avoid suspension" link, and counts on the urgency the real notice creates.
So the verification move is the skill worth keeping, and the panic is worth dropping. Confirm the signatory against ARIN's actual leadership: the CTO is Mark Kosters, the CEO is John Curran, the COO is Richard Jimmerson. A notice that invents a title, comes from a look-alike domain, or demands an out-of-band payment has given itself away. The genuine notice never asks you to pay through a new link. It tells you a window exists and points you at the normal ARIN Online portal you already use.
I will say this as someone whose day job is moving IP resources between organizations: the registries earned their authority by being boring. A real ARIN service update is neutral, short, and asks for nothing but patience. The moment a "registry notice" feels dramatic or pushes a transaction, that drama is your warning sign.
There is a discipline that holds this together, and it is worth running every time a registry message touches money. Five things should be true before you act on a billing notice, and each one is a quick check rather than a project.
First, the signatory and title match the registry's published leadership, here Mark Kosters as CTO. Second, the sending domain is the registry's own and not a near-miss look-alike. Third, the notice points you to the normal portal you already log into, never to a new payment link. Fourth, the dates are internally consistent and in the future, because a maintenance window cannot "resume" on a date before the notice was posted. Fifth, any dollar figure in the message matches the published fee schedule rather than a number the message invents.
That fourth check matters more than it looks. The single fastest way to catch a tampered or garbled notice is a date that does not make sense: a window that supposedly ends before it was announced, or a "deadline" stitched onto an unrelated event. If the timeline does not hold together, stop and verify before you pay anything.
The fifth check has a concrete anchor, because ARIN's 2026 schedule is public. The entry-level 3X-Small tier is $275 a year, X-Small is $1,100, and the legacy-holder cap for pre-2024 LRSAs is $250. A notice quoting a figure that contradicts the published schedule is either wrong or hostile. Neither deserves your payment details.
What I would actually do this Friday
Concretely: before 8:00 PM ET on Friday, 1 May, log into ARIN Online, open Payments & Billing, and download any open invoice you might need over the weekend for reconciliation or an audit trail. If you have a payment due, clear it Friday afternoon rather than gambling on the reopening time. Then ignore the window. Your SWIPs, IRR updates, and Whois queries run the whole time. At 4:00 PM ET Saturday the billing module returns, and you can resume normal invoice work.
That is the entire operational footprint of this event. Anything framing it as a financial emergency is selling you something.
About
I am Alexei Krylov, Head of Sales at InterLIR, a Berlin-based IPv4 marketplace. My days are spent working with Regional Internet Registries and helping organizations buy, sell, and lease IPv4 space. That means I read a lot of registry notices and watch how they land with finance and network teams on the client side.
My background is in B2B sales with a legal grounding in IP-resource ownership. The habit I try to pass to clients is calm literalism: read what the registry actually said, verify the source, and do not let a routine maintenance window turn into a fire drill. The value in a notice like ARIN's is the chance to practice the verification discipline that protects you when a fake one shows up.
Conclusion
The bottom line is short enough to remember without notes. ARIN's May 2026 billing maintenance is a planned, twenty-hour interruption to one module: invoices. Provisioning, IRR, Whois, and resource requests all keep running, because the billing system is architecturally separate and because card handling lives with a third-party processor that the maintenance touches but your provisioning path does not.
So the only preparation that matters is pulling your invoices before Friday evening and deferring any non-urgent payment. The more durable thing to keep is the verification habit: confirm the signatory, distrust any notice that pushes a payment link or quotes an off-schedule figure, and treat an impossible date as a red flag. Read these announcements at face value and they cost you almost nothing.
Frequently Asked Questions
Only invoice functions. During the window from 8:00 PM ET on 1 May to 4:00 PM ET on 2 May 2026, customers may not be able to view, download, or pay invoices. ARIN states that all other services remain available.
Yes. The RESTful Provisioning System, IRR object management, Whois, RDAP, and resource requests all keep running. The maintenance is scoped to the billing module, which is architecturally separate from the technical provisioning records.
Before 8:00 PM ET on Friday, log into ARIN Online, open Payments & Billing, and download any invoices you may need over the weekend. If a payment is due, settle it Friday afternoon rather than relying on the exact reopening time.
Check that the signatory matches ARIN's published leadership, here Mark Kosters as CTO. Confirm the sending domain is genuinely ARIN, and be suspicious of any notice that includes a new payment link or demands an out-of-band transaction. The real notice only points you to the normal portal.
Not directly. The window is a twenty-hour billing pause, not a service outage, and the notice does not tie it to any other deadline. Plan your invoice work around Friday evening and the rest of your registry activity continues as normal.
