I work for one of the big CAs out there. For those domains a human actually performs a manual WHOIS query for those TLDs and then manually enters in the email address associated with the domain contact and they are required to include a screenshot of the WHOIS details for verification of the information. A second individual then is required to perform a verification that the email address entered is correct per the attached screenshot.
All of this, plus the querying of the organization's legal registration, business address and contact is all done by trained people and due to internal efficiencies and workflows we can complete that in a matter of minutes from the time a customer places an order.
In the end, even an organizational vetted certificate is still completed just as fast as it takes customers usually to click on the approval email to authorize issuance and submit the CSR for the certificate creation.
All of this, plus the querying of the organization's legal registration, business address and contact is all done by trained people and due to internal efficiencies and workflows we can complete that in a matter of minutes from the time a customer places an order.
In the end, even an organizational vetted certificate is still completed just as fast as it takes customers usually to click on the approval email to authorize issuance and submit the CSR for the certificate creation.