================================================================================
NOTARIZATION & TIMESTAMP MANIFEST — Speedrun SR007 Portal Submission (Exhibit B)
================================================================================

Snapshot timestamp (UTC):  2026-05-18T13-25-00Z  (filename anchor)
TSA-recorded genTime:      2026-05-18T13:25:44–49Z UTC
Created by:                Yevgen Yanovskyy <cybermediaboy@gmail.com>
Subject application:       Andreessen Horowitz Speedrun SR007
Source portal URL:         https://speedrun.a16z.com/apply/update

PURPOSE
-------
This package complements the primary ore_notarization_bundle by sealing the
complete, byte-for-byte record of the application as it appeared in the
Speedrun portal when the user saved it on May 18, 2026 at 16:21 EEST
(13:21 UTC). The submitted text in the portal is a superset of what appears
on the public website (ore-team.com) and the pitch deck PDF.

ARTIFACTS
---------
1. sr007_portal_2026-05-18T13-25-00Z.webarchive
     Safari Webarchive (Apple binary plist) saved directly from the
     authenticated portal page. The main HTML resource contains the live
     DOM after Yevgen's authenticated session injected his application data
     into the form controls. All textarea values (96, 99, 84, 96 words) and
     input values are preserved verbatim in the serialized HTML.
     Size:    4,642,598 bytes
     SHA-256: 060ba53b4cf20cfb4be056fa439771b243c19502bc2fdd84225191889f2e935d

2. sr007_portal_2026-05-18T13-25-00Z.pdf
     Browser-generated PDF print of the same authenticated page (9 pages).
     Note: textareas appear visually truncated in the PDF because the
     browser print renders the textarea control at its on-screen height
     rather than expanding to show all content; the word counters
     ("96/100 words", "99/100 words") in each PDF page confirm the full
     content was present in the form at print time. The full text is
     authoritatively captured in the webarchive (artifact 1).
     Size:    91,017 bytes
     SHA-256: 8ff0a4c5463a8854ee4aa2cfb608bbb4e628efe7a0012ff9933dc1a41c022947

3. extracted_form_values.txt
     Plain-text extraction of every input and textarea value from the
     webarchive's serialized DOM, with field labels. Provided as a
     human-readable reference; the webarchive itself is the canonical
     authoritative artifact.

RFC 3161 TIMESTAMP TOKENS  (SHA-512 input)
------------------------------------------
    pdf_digicert_2026-05-18T13-25-00Z.tsr           May 18 13:25:49 2026 GMT
    pdf_freetsa_2026-05-18T13-25-00Z.tsr            May 18 13:25:46 2026 GMT
    pdf_sectigo_2026-05-18T13-25-00Z.tsr            May 18 13:25:49 2026 GMT
    webarchive_digicert_2026-05-18T13-25-00Z.tsr    May 18 13:25:46 2026 GMT
    webarchive_freetsa_2026-05-18T13-25-00Z.tsr     May 18 13:25:44 2026 GMT
    webarchive_sectigo_2026-05-18T13-25-00Z.tsr     May 18 13:25:45 2026 GMT

CA chain (bundled): ca/freetsa_tsa.crt, ca/freetsa_cacert.pem.
Sectigo and DigiCert tokens verify against any standard OS trust store.

VERIFICATION
------------
    openssl ts -verify \
        -data sr007_portal_2026-05-18T13-25-00Z.webarchive \
        -in   webarchive_sectigo_2026-05-18T13-25-00Z.tsr \
        -CApath /etc/ssl/certs

WHAT THIS PROVES
----------------
The submitted text shown in the portal page, including the four 100-word
narrative answers and the Additional Information field, existed in the
exact form captured here on or before 2026-05-18T13:25:49Z UTC. Combined
with the primary website + pitch-deck bundle (timestamps 13:06:45–46Z),
the two packages bracket the application content from both directions:
  - Primary bundle:  prior-art proof of website source and pitch deck
  - Portal bundle:   proof of what was actually submitted to a16z

US LEGAL CITATIONS
------------------
Same framework as the primary bundle: FRE 901(b)(9), 902(13), 902(14),
ESIGN Act (15 USC § 7001), state UETA.

The submitted-text record is reinforced by a16z's own server-side records
(subpoena-available if ever required) and by the DKIM-signed confirmation
email a16z sends after submission. If the user has that confirmation email,
saving the raw .eml with full headers adds a fourth independent timestamp
authority (Google's outbound DKIM signature plus a16z.com's outbound
DKIM signature on the reply).

----- ADDENDUM: a16z submission-confirmation email -----

4. sr007_confirmation_2026-05-18T13-25-00Z.eml  (canonical, original submission)
     Raw RFC 822 message exported from Gmail via "Show original" →
     "Download Original".
     Size:        50,740 bytes
     SHA-256:     23a94342f0547f601c40b9ac4127b47371c709f90cf56957d1822f64084dbe3f

     DKIM verification (independently verified via dkimpy + live DNS):
       d=bf01.na2.hubspotemail.net  s=hs2                   VERIFIED
       d=sr-team.a16z.com           s=hs1-242173554          VERIFIED

     Google MX Authentication-Results (recorded at delivery):
       dkim=pass header.i=@sr-team.a16z.com
       spf=pass
       dmarc=pass (p=REJECT sp=REJECT)

     Sender:     a16z speedrun <noreply@sr-team.a16z.com>
     Recipient:  cybermediaboy@gmail.com
     Date:       Sun, 17 May 2026 13:49:07 -0400 (17:49:07 UTC)
     Subject:    We've received your a16z speedrun application!
     Message-ID: <1779040145379.28e03eef-7170-4639-98a0-ee63b6949995
                  @bf01.na2.hubspotemail.net>
     a16z application ID (server-issued):
                 50413120-d20e-4362-b61a-16109ef11abc

     Significance: this is the original-submission confirmation,
     received before the SR007 application deadline of
     2026-05-17 23:59 PT (2026-05-18 06:59 UTC). A second message
     from the same sender confirming a later application update
     also exists but is superseded by this canonical record for
     deadline-compliance purposes.

RFC 3161 tokens sealing the .eml (genTime 2026-05-18T13:40:24Z UTC):
     eml_freetsa_2026-05-18T13-25-00Z.tsr         Verification: OK
     eml_sectigo_2026-05-18T13-25-00Z.tsr         Verification: OK
     eml_digicert_2026-05-18T13-25-00Z.tsr        Verification: OK

EVIDENTIARY SIGNIFICANCE
------------------------
The .eml is the strongest single piece in this entire evidence package.
Two independent organizations (HubSpot's MTA and a16z directly) each
applied their RSA-2048 DKIM private keys to a canonicalized hash of this
exact message body and headers. Any modification to a single byte of the
covered headers or the body would cause both signatures to fail. The
signatures remain verifiable as long as a16z keeps the corresponding
public keys published in DNS.

Combined with Google's recorded Authentication-Results (which a third
party cannot tamper with after delivery without breaking the .eml's
internal hashes), this constitutes the digital equivalent of a notarized
acknowledgment-of-receipt from a16z, dated the day of the original
submission.
