From 725db1e1279b5d9f25600e92f2835d29a895caf3 Mon Sep 17 00:00:00 2001 From: Sebastian Tiedtke Date: Tue, 26 Mar 2019 13:44:31 -0700 Subject: [PATCH 01/13] Add docs for OIDC with Gsuite --- docs/GETTING_STARTED.md | 64 ++++++++++++++++++++++++++++++++++++++++ docs/oidc1.png | Bin 0 -> 60362 bytes docs/oidc2.png | Bin 0 -> 73412 bytes docs/oidc3.png | Bin 0 -> 58719 bytes 4 files changed, 64 insertions(+) create mode 100644 docs/oidc1.png create mode 100644 docs/oidc2.png create mode 100644 docs/oidc3.png diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md index f08c1a06..af79c470 100644 --- a/docs/GETTING_STARTED.md +++ b/docs/GETTING_STARTED.md @@ -453,6 +453,70 @@ $ step ca renew site.crt site.key error renewing certificate: Unauthorized ``` +## Leverage G-Suite's OAuth OIDC as authenticate personal certificates for users + +To authenticate users with the CA you can leverage services that expose OAuth OpenID +Connect identity providers. One of the most common provider and the one we'll use in +this example is G-Suite. + +Navigate to the Google APIs developer console and pick a suitable project from the +top navbar's dropdown. + +![Google Dev Console](oidc1.png) + +In the masthead navigation click **Credentials** (key symbol) and then "OAuth consent +screen" from the subnav. Fill out naming details, all mandatory fields, and decide if +your app is of type **Public** or **Internal**. Internal will make sure the access scope +is bound to your G-Suite organization. **Publi** will let anybody with a Google Account +log in, incl. `gmail.com` accounts. + +Move back to **Credentials** on the subnav and choose "OAuth client ID" from the +**Create credentials** dropdown. Since OIDC will be used from the `step CLI` pick **Other** +from the available options and pick a name (e.g. **Step CLI**). + +![Create credential](oidc2.png) + +On successful completion, a confirmation modal with both `clientID` and `clientSecret` will +be presented. Please note that the `clientSecret` will allow applications access to the configured +OAuth consent screen. However, it will not allow direct authentication of users without their own +MfA credentials per account. + +![OIDC credentials](oidc3.png) + +Now using `clientID` and `clientSecret` run following command to add G-Suite as a provisioner to +`step certificates`. Please see [`step ca provisioner add`](https://smallstep.com/docs/cli/ca/provisioner/add/)'s docs for all available configuration options and descriptions. + +```bash +$ step ca provisioner add Google --type oidc --ca-config $(step path)/config/ca.json \ + --client-id 972437157139-ssiqna0g4ibuhafl3pkrrcb52tbroekt.apps.googleusercontent.com \ + --client-secret RjEk-GwKBvdsFAICiJhn_RiF \ + --configuration-endpoint https://accounts.google.com/.well-known/openid-configuration \ + --domain yourdomain.com --domain gmail.com +``` + +Start up the online CA or send a HUP signal if it's already running to pick up the new provisioner. +Now users should be able to fetch certificates using the familiar `step ca certificate` flow: + +```bash +$ step ca certificate sebastian@smallstep.com personal.crt personal.key +Use the arrow keys to navigate: ↓ ↑ → ← +What provisioner key do you want to use? + fYDoiQdYueq_LAXx2kqA4N_Yjf_eybe-wari7Js5iXI (admin) + ▸ 972437157139-ssiqna0g4ibuhafl3pkrrcb52tbroekt.apps.googleusercontent.com (Google) +✔ Key ID: 972437157139-ssiqna0g4ibuhafl3pkrrcb52tbroekt.apps.googleusercontent.com (Google) +✔ CA: https://localhost +✔ Certificate: personal.crt +✔ Private Key: personal.key + +$ step certificate inspect --short localhost.crt +X.509v3 TLS Certificate (ECDSA P-256) [Serial: 2295...5799] + Subject: localhost + Issuer: Local CA Intermediate CA + Provisioner: admin [ID: fYDo...5iXI] + Valid from: 2019-03-26T19:02:58Z + to: 2019-03-27T19:02:58Z +``` + ## Notes on Securing the Step CA and your PKI. In this section we recommend a few best practices when it comes to diff --git a/docs/oidc1.png b/docs/oidc1.png new file mode 100644 index 0000000000000000000000000000000000000000..37b543706148c358c363d108c024b3b3343de1b9 GIT binary patch literal 60362 zcmZU)b9^OF_CFlkp4he~wr$%twrxyoXTph-iEZ1O*tYd#_OsvJ{k@+1Pj^=x)u~fe z=e)abgo2znJPbAr5D*Z&q=bkP5D>@;5D@SQ6vS7{jP%zt5Jo6KSXe<)SeQ`3(asED zZ3+aW5t6I{siHEGaKRn_%}hdgQW(o|lJhVN9Qo_I0+gR0m_Q2s%O4mS983@_*#Ia$ z3tce~3W_=s3S>0qgQl~|%k|MZ+o`0hsMY*=}pT$aidc?L@H# z2uOv4nR6BqD2p{@3g>iRd?u)1Jj4j<9svs6zb7-0t>bMZDdiqURE&p|^b8X}&%kiX zZ)W$=j*IuvIbp=t>nXS4jhy=3|JRj)WAEp!%iAUz3hu2r0?K~RvpDvel2)Ydw1`65 z3O>Spef>)iXuIFo=imp^Ac9|wdQ#39!I|vh_ca_GYrqHOD+E@?*>MDW?PrirKHS;I z)-dB*M~gSfz4M2GjcMo1W<4 zqpKZi)Lk_a?W|WHUlY#X%t31T&)XQP0+@d*mVXLob=vTuDraJ6oH4$$vg;BQn9;(;9YP`Kcwgm@+aJPKg+0b^TS&EO~9y7mP1 zK_y$9SU?2^C^A7FHE?P@-)rCnk+6G(!NTEp0>FrvBrudhS&2Z0aes$o5g`sE!h{&* z2~RUo;*ADG<}v?5X@y@8TK#E0O?U^A5s;F{FpU9+(AR@ysKbaN15*q)7m(g_W(aBE zTLYy*e8xcwss=?9wjRvZyJ|RPSWp94X12yd*qXOD<3OedRu4VxsobKs*LNpnCc-`VPwU`3zTOLXTHx=9ueK~cqT?>M21PFjK+o_nq!|8xm!9RjDg%0gXy4$qF@?qx& zRQL1ub`9FiB3Y0EWGvbN2^Nt6Y(S_5->i`ZIKahX-2xSG3pfS50@RNfok_WPxtQ0H zTa8-1oOhj1@4!62dD6Tfy|CPUKgyk9V9xs{0S5uM0XOuGo`uIKjiej;4U9Jsa~o?L zW*gct2YG<9-=Y_5IBn8Bsy5akIU+zZXC$5~r!?&tc#f4NE4|;k7k4~sL}!R+uzjF+ zAir;?&oQGY!!+D9C^<+qb0Lf^x*^mh$t5Z}b;6%6oG$a6ehrN~P&a8klsD#`_!ad5 z9YG9%4S^wsHHIrDHH%SBQBHd@C@YoIi({#!x#dT5Z_A_;?~c~C*}>ug!rtV*?{G)I z@Yc*8^w!8eVBceEtiQYuXIy*uHO(z~Sdx`|5NRyjr{9K;h!3(8trNSG%9pl_xr@P% z-VgG#3@Fw=q?;&!Iv_O=OVCu%uLq<@t_MB=X(Ylq!8x^_vY*<7IEhk)>`n@cp@IyT zNQa(>I1oh<0~)1;keLt$RTb$TlMdq?Gbn;854mD25RcYJ)Ke)`a8QL@v{>^Xs^V8gs&(yIIIiBL z0=;CFkEWC%hCL8MeN2tN#Zq6TLT zC0k8c-dcHC>Cfp+BhNt3x0K#0s%w2$Y7%r4mRG&3(aYr1*_7ay?V9rM>F&uJ-fAGq z{h4c+yj>O_I3rlVZd_QK?$CJM44oR0Dp@pAR+?~ZI5%X*!NOffT&L-zcq?&h2AdXA zI=~sFo)VbyGsUgaKRIH7vz*F`=oIP{11BlELAG{+Tl?FZaAUSB7`Iy+j_c-`%Q?$A z1zs?o5iS=l08bZ>2Jd^;UAALZ@uTE9cl%`vOPiCwQzGo@z|4Ne*o$w_yT|LHF1n7g z?hpbLUO4~Nc=S5m@_7JvCHG3l2I%qjoz{3*agHR{Lh@X6jKNdK#7z<_XsV*PY6qWSIIFvBmdgs%G+F>VA?v zJxXB`Kx27h4A+91&O+0D@BF*fM3NHVxxkk6k;3)BI7a@X4Vd8 zW?9BMK0H3&7T)rK7QM&8AtHVK<&emb9SE+t#Q0pE76&zx+rLSsk*7%TB;O>55)Tri z6RHUY@Zq^uGl{bk5^wI)=4uaib%qjSr?MHj6qBVAvD3MHmCpByl*5&QOJ3y0viba8 z%ro4y+*+MIeP1TORkN&{n@(cntWR7`9F3`rx2J`S!c1U~Esl2P2fzO2;gvcI(Pnu_MQr$3M(=F0fQEk(5>i%};sjk(R?s_O7t~YvVJ-;7HmP$_k z&S7Vw)>CFwmSWqwf!kc-&zscLf(NfKRDmnb?)F*FZ$F%Ce^0@ zsuSilv{&F0D~7+ubKzz5P zZ=iF~x9Fo7I62@z@V+NZSWEc4@1;*(Tt+M>Rx1V}hVzH)kG2?jd3Sl*PAK2&XVbH> z^N~IEVReAAv+{E_r+#V|vWGHDCC9sgm|wB^qOGgrq?PTn&HP&S^X}!<gXUp#v5H)RNq?FygE!*{fklYUd%sWQ|wKsBXsLbHExBJn_T_X+>z?eZoJLLkXVgl(vWY&n{G*|rRM z{Vl?9L|h4eR^8;c3E~*|C^xkQO(ZpPl55hTs;A23ujF3@b5Qg33$ybWOWQN1iv@E- zScGuCShiS|*bEsmnR03O>HM|LcA9oBV=tkyMd$Es+7E09O?ao-Cy(n6ox4h1U6c0@ z0oYC0k6f|jj&0_#OR$%2eEL3a@1>w=pwEH*f#^c@LbAQMy*|V{#8YCrQMS?P;qSPy zl3TJWToxX~r}l60^@V|ZvjwJ9sWIsIQ#|n*o>wOQRGV}3fRtk{bF@hqb9*yp6Gd}l z$6r%3`@av6ZwFxZVA&>d&@|Dwlg_%fT$qlOoB@uSY91^5p)~92n>w$a*<}g0p(@E2 zvSHf33)gHVmbZ4POR5V?n*du28*j%)P36muo`ac`h}T5K4Ib~c)<2CKz<&LA8cz`~ z%BOPGRn6vrb+Rcd&s8tT*Wy=xxC%sD_;WbBSnHUoSRedPffXAk27P(CcI=E3pY{8L zk-NF{i{hH%oA@v5KZie#YiT;#UhO_oMQ(_fC_nt<*`l6hq6eUN;4R(&EXQ0&OHe33 zE@TeV#Wk+2G0rGBRyn#HqOO~7bBH#!adtncC8T%Ih@nwMHAG8AzYmxVypm>+F-T{} z$0T3JvBf8*n8$zqyi%*xE*0ZcCsSOIl~vC!6fCN(;QX~v=%Y!Y{autnj(@p(ZhB^T zTw_jTFlqD02(C>h;CkaGc_GgwRW|HgxDDf#JPcw;tE9|lDQiq8^5L*Ghu40VZh&`$ zBqD1k{lI0it-qwVX|Z~wi!P6*hTnqqNp*N_I=N;7N`+K9$-UloymNWF+4ve9`a7yN zA_AVLmpdI)=oq;S3}v)cbbx02Potrt!y;o-yRoI}ysF=NsFey`wwlMjB<W{c^F=??uFT&LjCb8jb=PtcDq8Ll3&YcGB`?=?r9 zDC(fgsPnUg^)F@r0_>m!$v%^#bwGT>dRwiZncEWm+iS3jDs%5i! z&$Z+teII#$3&#v6k4=U%lo_1)lHQWOrk$o?sYRtFy%N5ha0Yhvj2j-qBbW8MoRzMN z^{}fm1DOZP|EIIf&fPkpsl#AHg|EJI+&Al^A4n#p(M@~;&Y5^Er<>l=`Z*@Ro^uq-sQELC z1&gnV?{LP1Z!(L6Esq=VrRax9kI44Zb8UY7&UQi%>^r6x!+kPBN_4WkBJ=vmLM2SU zi#ORE`~~%_?1=WwLK&M@gJ;wIDcs5Zw$MWvjEG;A#@iqT<#-=E4dp1;TeF75JDtT-q*t0LmCoBC@H4|L0rMf1h7HD zA`__&m!)FS$$%HhaRt5$oXhcs&kd~)MC~xlGR|Zb73K2^h81#4#uo4o zbq^>=DiAv}b1~5~k})c?r2eL?g{y(6Gh8WKrd#Q9OtQyzsB%bl)V8;~R=MIritiWe z6!0bfln&q#)J6$lrB)$5BO)ff5vC(am*&&x(NR>3 z&`!@2Dv&A}%$J*wo1LHiJ%=#QS*2aPRK;%|&W^&y&H~NIYp7zEVmM(|V0dbr z3fSDKky#m2o1~(5dzd0HaAk3hz5PWj?^Wxu_H6Qs@PZ2R0G26ESOFNOGHg% z*LcThb8wBq8GoK*-d%*f^x>C`)Vf0pYLmQFR%^;&ww`-RTzs}@ZnjqpZxfGxe%^k& z=!}l!tmua{s3`^gsZNN#mn-jK=&S6prTfI#n%hYo4)Mk6pG4cAo&2vgKj|8bH;u1L zY9>d_qo-~?jbC*kT*8XPLxxQCIb<;8Y~+U~FUE6qOg#KB*yCmNs&3IB;hF@XmcES)y}g_jX3$mp9!L<^My zY8B8Cgu2ywh4lpgqz#5FD5fJ?LAW0;Ijo0qSX0>RzO;y-3u2NxJ&bPO82^*Id#%Ok68oLMg3NA(A^J3B31%P!0Cr&YVi@}1`` zXLM(~huX)FL;`$Q5(;im+7=2L+F;ry*7NQ^JkOHdSA+W^2oU2Dhqm$W^xr6S%(LvSF+eap zsKHn^vot&r!bLZQtk_z=CSg5bl?S*0){dQzb7nK=VwvN<@gc`B&N8Mjk1+F^x|)8B zCX7%|uJ&P!${E;gUu~OgS?|Ie9_-_9agNfAy~b#an-9tNed-YEP6vv}dlIS8;}Yi+ zN21}OwGrYI{v?e^@g`EG^AQ@9Ra1?TwUz#85GpYWQcAvYNw!?TXu!Y!7EMQIW&@t> z(<**PeHRA5E#^3=N3K~sVOEEMCH;*C^E8p&%_jA%1uqNNDGMU&Sm*5FuuZPHw(atf zlBnxp=MmwqWf$^U8!`#f7EC)tCB(2#m{_d9x!}|&WJd~>12qcK0iRwTMb=hghMV27 zm*3@3MGc#& zzfAU*Q)|Ke@C;a6(=78xUPnVd?|u9$YP#GntGu>)ir-Tf{^nP&SIZW=?lVyZi9eNd z?EaX)9iSXc(akf+R`|ynmDB4_dVigH@45i)hoKJrkJy{!#P@7I!Yq2A;ia}VD^j3o zPN28pjrDc<&GmPObS3L{kUYAl+_u-vmQVzLT$GB3V*90}W4|`xPsDS3+Xf!sr_?Wa zIvb#(;jAGm!)0t|LvLteXJkt6Ze#z2RRaO>xO08o+L$^U61v-1+d6T%^Ai7yg6r%4 zZ!-fi;lD_nt$2wwWEBX7?Ho-B+2~p68HxE|2nh*!98Ju)ltje-&HnYoOKjonY|q8O z;O6E=@5VxJ=V;Er#L3CYz{t$N%uM%1LFeRQ>ul&wXX`}rkC6Y9BVy`g>57I{$l0%+sdT?a5uHq z5CPbj+B$vd;QP+Z$@4Gz|6k94HU1B$=6^X^IT`<#^M88&&B?>?cL4u0pntseuhuVj z@xkyg{KxftFzZ;$I6y!GK$0SYD(=8%y5Roks+fFsLAoinar6L%xC^mXG|{4d0dQb& zKO7{HfkJ5!6;g1p!nQ(Dt=6{8%1`gdb02QIhx<-l*KJ&PZkDFQOm3D<-p4;IDSbn7 z;)&segiuf*f&Tx!Ji!M5btRL6L;pXme`$mSBpRK;1O;49l^ymK!5#T{WN;n5~$A}7HE|eBNo-Mv1YBE6v0}BWi01En}fd90UO74QC+u@s7 zrPn4oGxNKVo9HTq8T=o+bVvxx)R&$(eoVyEB_dge4NK$^#yKNN!E*%`G*W2 z3`FR6hX}9m3oBXz@$#5Xg3j02zFM2rnNCTG|Iaa`?0?Awa2c#EhD5$t37-k$_;f9$ zh(LGuoO%k2{$(@|>0dwW2o=kcurKR%lSzUHkOm28HO^rCM;!_(Fwu%$9v&{~sYr*v zbOH>BBm}TK5X%1&RB!U6NMlB@+Y*k&RHFGj&2@plnE64mYGL4)}S}A|fzQ`## za-tb_Jhsa(f35JC!`yeIjwjQ$iA0z`Xapa%r8+ z6hiwTDOJlaUK!lWk zc`LeII(fJqIbJ2A>E?lome3q4dbHVI{M48K5L?T4Q?$^)3hA%E#BaL1IA2p)R7%hr zzXwT{(fw0!GahksIAVy9VEh$e668?0oWA7g^(q-u|4haeBjHwU3l!@z;WDROZr;3R zT>=^U8V3Ye8NmZ`C`X~9`j|0>f}&>_Q&}klcg*eZDN7KKeMFI#5H z*GPr4wLOjbFKOm-egrF@Nl>gAmLF8m5o^Rcd#U{YyP&$D++}_n2En5u zFqq{cCVhi0aiOT`35^JkS6M?gP8!?80wi@bW`g{SRJNv|z#Vg$xVlFeA0O|$f1(lof0{%7NWI?S^>}o%PouXlX&do+ z|C)4#`kxpchjMREK#anrTk)779In2PP43xI02uX{(T&P!GlYvIDQ}C$0DBng>;Tv+ zP|J<^wj7hQA6nADMkf{nOvVCxzBwLD`1K7&~_gQ>w&dS zf59FeoqT#KKh2Q1x&#w&iEM|7DLti3Bz=?_Q}ZTM^yh~9qI7hRi}@0Tsyoj(ez&hmIT&NT^l zn(+6ld3ied#$6kdh|S!f)1XsLWz%4~xF3UC&gXS($Y&SJzxatMQ+x`=?n`jF z-fnMi&)1vccsANtdA2xFtUaHvw595K6||i<8w7yNCsa$<6-QGsGRFDlGDkn0Z_2;( zzb~f@CT2734$i%GVU!iZpDYzLZMd%k8gCC7rl*lf01GE<)UxTbMMu#~`b9efk(?8| zHvP}Am`8WVEGo4^9(HwQcUV9ir|MNZ-eu!MGGVc}4@@N{sQ>J8?#swm8j0^Upz#Wa zC2Y&;8>gjEjUoJz@n!GQN!zdSNrp!jQujiTFr(>-vv=-8i(q!p4-4f>7V9tYk*v8~ zKC5am8{gR8AhkH`5PbM*_-#H92{M>%T4Qbi+)0v7mpQx^lLT|g5AGAIE^=e(k4qq; zHR6sqYINE%cCKF05bz(f)mrBu&$lyW`_c($JrIPMO&aFT2Mikhs8ox<1ikn4RU_@3 zehN#e+%v%u{A;t~w-$`-Y>v&Tb>>sE)rlq3!Pmw|O_KaG^T#YlXDv>0EHPMY8F>J) zcWI2t5{l8JV!KWp%O$yzblxA`{?vS6ZBt$Z(@CWcuhhLrkok1~-N;q{uHjKx0-vf>JbMHmP;&GzqYy0yCaGR3*t( zt(%t!8utf#ppLIF9 zGW0C)l25kl?w&gC0&SNg6icDg|2Zn^1Dbxe8Oc=H?7a`;b3f5UJ+;>HdSze|Ho0@_ zdi;BTzCoHI*>5U`*L6R*b_GSIeD<0vz*4mgiFGO}m9{}T2vmM8Imeue5R+b~5EK%z z)CaE^LB=lzk6%!pPf=`v02@UJkGoyO&do28*jUCkYr7tBi^0aiWORph@}P!@zkL34 z#&~E&O1w+-v(^0?MYq{KKCfX31W^R4&0#lmuCr)PC`h+ON%X~Po0vNvJ}{cGpL5Rf zl-Y#l{|;>)iNAAw6%?IXXjB$ib3@P|sxZz6Nf>>TetuA~1&L$(LPur`%Zmho)^tD@KCO$66HKjlwk7nuifG^o zI5YH)rqgqLis_Om^|Azt@m55ZeyJr3j2le;-oA`>e!S47*4lFjJcij@+Vm~4TB@2; z4}zSTi^f*+BOjoopr%fc%i@vb{#cjH^;^sxP4-D}+#f9+73j2=t25X(3QPxu0L5Hp z6|{=t$GHPHoy>~pe70mXolHo7fyXMG)oF8$e(_-spZLByy%q3&JRD!Z>h}SHCeAOL zRd^QWhszylxm5OZ+%OBCSq0*|pTI^c_SW$6B7@u#Bk;LM|N*j&|mo2nnBZW-xU8hCqe zAA?%8dD37-<+JKM|Cqg@^21kQo@KY5~(ShsPewYSB=XpSFM()t}0A_<1C>~Hu+l!jUbFe|cc z8XUknG#{(e^NkuzM<@4UUwHfzlOjTwukiDz8bOhRG9e#p-TRB{s>{3oLLU@Vn{Q%) z&s*Ebc~G@=p{z_qr%MKiyR6x0S@d~X<@*ABn=!5m9hwBFwv!PeI5{w3eh?%=9@3(O zP@8w$dAp!*z4b`{&1}#X-f&-6{>kDdn2l1jrR~@fLxx?ESJLiM7KZ9@4Kb z_n^oCE2vjuFR0!*SwAp4om|SG)nO%~)*q6D`pWZv+_BvIdXb?(sig z`FLhEtcSp&7kb=&Dy=HoXs@51Ur52m^b?jlaekz;R{{^% zdWGutrgC#hww|8K}{3jlV#PnXD+B)rduH6uTW!j|iQ!KZ; zyZn;7=gsIqo;)RXS88`|CjqyJ4|xOe@93x1_*wl^*x#R$MpC& zc|Nh-9(96+RNQA_mXd3xj9c4(TCT~&y)DFiejEfI8?(Bd@r$A6R`b2g^VTC*ZM0JE zb*3UP8;Aiv8$L;Bmui?;kgnWnXlF+HqzeZvm-a=?w*yeMwK_l@-{hv609WezG?!?E zIe7Y>Ob8yhkGo(}eZe=ccA?Y#l3ml>KA$B}e4{-^QsN-+$B3HYpp6&*IS7|$k*#?zg4dEg1{UZ;r zvwA~3=H||HY90ik+`-k5&cpoyLSx3v=;TizV{dPpi-7g@#(&B=0`+7xhc`3YV7FOi z1f||_0lQ4C0S3`NM&Z6J8QGem$!=Xu%eqZ~^FK8tzR}-}x?8|!r1sXzIsM&0pUF?H z!s~j_G&4UB$y~9jBYc^9R&u4u+-Ml<9UpnbfIPjR9~n6)&oK+({LK zTWxyqojHm|o`7#tNTapky?w3QCg01;8UdxM2KC8oX^?K`SN=<5_icLE_4rSOTo#Aq zdTZB&NO_?!j^^^W!>LsH71N+BH}`9Bt>4ZqT6>T-?8A)plZ1m}0ncHYaRdjLes-%O z(kZkBc3mH{S;6>z?KQI|#)<^2uSjV!-QHjhY?`-xHJ>F8H-b(d6YBbul^im*8?Rd= z4I1+&jk6iJP~o@iUV#oOjTGmBrBlZ&=D)Zy54LW% z3D2tQ9upWsy@k)0vxaEXD${t)tA2wHbwfSeq%jG+K72mrN@tCmZgco`zOlYewK$(W zIq*$oCPlNYngJs)vR$kFASWI!XIs_kJGb$;mb{c;sbpJD^o`-xM#^m^t^TLT7q}7c zrb&pNQ^mGf1QWxl4_Kw{!{kU3Hs-p=DrIon&OurFpHFZeuqDc1^}8t`i9{u(jj9 z@n&>~zKdxi(be#p6oYB<$v8#JA_6>saU1A5gnW}WeDk+WCi9p_!I~9M8ce}A7IP|Y z4>(umTNjtm#1>jy$eX~8S)SouIGD*b#caTA;Q{bCI(t(~`3uZjPv&c6i#16Pd%_8% zWc`Fq(%&NbUkk1K8;HYZ_oR|k^AeOrzD~XcB6&{;WgzD5y%tk==;tks4R=@AM@vmC z`B{dbPs)eH_6+i!JNrYY;xgC8jEAmjtL43=sW5Cp5qJ(U_HRT>B>YS)n{}Ij2ksgI z2xRYCW6ZM6UlGJom0GM#^8Mm;8Q)FU)++ACofs4ggG|B${s1%1v?>Ai&x#F+tR zDoVAEpzH`-aM;y~iKnlOu1N}g+FUDuc?Id#_@vi2F9r%bezQ$VX42HELtEJ7nkggG zVbe&<2oN;V>2sH_Hs4h$P(ZJqxC++*lAx5)UmuGJWFZ3UX)=@TT z)aH-!404bldtnq>&#?UNcxtdxU+9%^1GTVNW5O|L?15Mj!`kT&$-Ryo?fmy5QWEZV zd|C#$UA7f29zZVUym>gf>wZ6T5Coap>=e1Iz?KQC&bHSO`-mI8lg)0T(&qYLHj%*( zgGS{*TD5S0oG!+gEDIXMB^_$tn$q-i2W=ULC96f6j_<}1$3o?iO~Wg?W`{EslD5Lg zBH=>=-Lb(~mb3D*b@~&;^H8s=kp?5n2BDn;HLhXbVMt(yq0W&$=jn6?_!RqeJSd)0 z&8lnsf?ozTlcu(f=yzD06BPdi5ryFcS5JuIdy2ey2NFi7VNYSFMEF{Bq?zGq2t~zI z{v;t><7pqsW`|rD(M?}P2MAFG;nVgEmKwusuCwyZ2K0MK?Zx3Y_D({v@8HE71`mm6 zB_E&QCKC5RK;$%z%?ZX1E+ljQpviLf)o;u}D9l2(oD|D$d~*CC=h^B*z*FS z7YZjGAoSm{gChC`#zJC}3%9bq4RF0qg?Poueo+Prpa=my+P^rLCMrY~QvEv#LS*?; zy{@w!7iaK6>Ph{*lvL}lU{H|bxngoA97zOqsa49qHhk^tUt*)I!Z96VD$;cd<0$_Q z#TIIBI7Jd-a^yT;((7NCm_#U4c&>GyC@dUQ-qseOR8QBubr%&j11QID8mKQM)F4`P z@D4zwI;zm>aEcHTCO+-+Au1}$OKMJ8LiEp+#GxV8TrEMK^Yf>nX_49dCmr~=-xHWX zjOY`7Fyyf6{`K+y&AA{UfS8b!8=!{?NdCtY|3A!|-Z3_|lLw|3dDuP0Ic zvdVPZnE4b^s3vg*Jn;bLKbU;Ca2QZh_LfPNh(sfebAkr0jEG23c0YY2tN4FMk1q+< zJ<>gq6%l7`K1|wUzibfoHOc>r^+N`DJziX6f8Ug~*L7f78YIPU{2Wa#XSKgVf-!te znu7G+F{J+_U#oFo5v^J6d{Z{1VkPbG3gMD)#9ukyGoWDbuVQaY{QKWsN!gj<~U3wuLg z6|ap%p>1zbwApP}^G_=EDkJ4pgE9jOIB&R6mSYD>l#H1Hfj-AKrc&|5;A|E8-}wff zvmTdgcmEd7TwjH(=~zl~VBj0Gul;Hc-seSrb>~Np>&1rf7ZRaTkY^9^?G+LMKYzh$ zQ90&p#o~VTp4G31*m9-4bnZ7#M01~(wZ6Ch=6>l9ezS?6Bg(~dH|XU@vqjP>H3ovY z*P3;%c(0Lg`SpM~_t`TMdDMY9cB@63yb4WbW&0nQ*<(CVe`=jD_eY;K@|%V-VeB^A zC7li@3;wh?U5}c6!lB9M^2vUsfV@r-N{SjQzx;`?)fBuk~lP( zhxnAoL*6DB0L_n5iGyVtOhXilOp|Wwq0vcvK3v?Us5QN>eKH0}otIspcT+Lh-kW>} zi-=e0b%z#97afskoZJ+C+ZPqyPVS_BI6H68w@F<0K?56q=-q~-pM7w#u`>vL22)>0 zbiLlu5#^XYMp-kihpbyY&#{e>gv4VBN?hJHHX6(slIe95gwmwRQ?@$OSdYJRdEQ|y zRA{arS{5|pij#8d$;?aCu$YcZ5WH8%PQm}M8!Q>+mCS6iRu;io3!b<5oIw0DvrGO9 za&a#DMESk7fyy`(?gWiqzeVT^St=QjPMw=ZF4*+pEG#1B06{A_5T25Y(&m#4EM?s8F3TiakZVHCLVC2=*Bq7||{b^T4 zei?E!al^{h2q0v%u$mllRA{XSr1$F_TGfYsL20ED>}c=}W$H!a=`5w>6I+^#bLNxO zO8Cb;GRNB_;(*)5bCnh&kCKu-hCkVA2H^squZNr2Cx5ooD)rX2R4RsdL(wFi9$%ty z>YbMGi?VLTb9)Gpe0ZJ6PhIZ!eWhp%eKR;B9JDRDIN&sT7N!xScj{yxilkGMBfj3* zL>hE$hB2E+*wJz;J~9!{_hVz*h&JyU8t+zIf4AGnC!qMq&tKzzgln)`TNSH8hWfpJ zk-n(%Tg1U!)Ey6>fF<5$t#O9MMoYJy>AN=3;~}jzrM-C{eZ0VMkHP7&N4Ly zAJuyP@JKJ#jvK%6?baRR{;UOdKL2=bzFm@}_txWNT(fZwtcU(p1aNYsa$t9Nd?_Tn;n1V++q{*8I`j6bi?UVa{9UUx?VvPCIdCBKbUo>?u-J^!FB+L zS)6*cra9)}c>qb(K_a;}@)<)Y66=a&fPobu>x`U4G`n>;Bbj=qj%HEMq6ScZ)td%Ld6}27- z`q)~w>#dd6ospPy`GJ$!+~WF(&lx4fi!_Np#43{gUeEC@R}r8mb9kkNJ6|%`t(WtP z32<0{$=kX3jbUuIYr=Y--!EC4q)9tWii^k=Qj3MBcQ!Q8fNv(QjGhWkdygY6A;}m5f)`~gjvhy{D zYYCD6Eu6VfUjFjIV@d5IZN}K*d!`6H-a`<~Z87gfjrG?Tg!dNH;ZDL32?S}L zGW568D4s#j>`9&@^=7=c1&abuTAg_o&*cQ%kwxP?}siY-PVpHrAZ zr>(H0-g?uKE`=%i+Je|eE1gMLv6Z?I02;OoI;)G0U}N6d?xFIsT`;8l1q2=GFK%qV zBje)suTH~6ZV>^GBbmK1h3Q#t$^lg6bGT%!mOdv6uRw}Sz@@%2f?rz6%PUlSOdF?I z^HV#Tt+$x;WxvOGpTQEAp^NhkNA2%V*oyY)bj!e!y?+0oo48T6dP;Yc0ASXcP6*wf z%+~`T;-PFZ9+!ykc?2^vSR6tm^HRJXFXv3i;V|j-b_9L%sMmg7hX`5HABw*N17j?* z^NY!9W|ou;PBBB!Jd?#bg&v#!416w?o4}Sb^lvqvNEbJ4=~!E-2c4U(?)(#!c8IChk&S5}M)Z2D6vW@1dJe2M|1Qpg^BTZ&W(ogf+f zcyh`LaqIa5sb@}%;Gl+Clg;&xm~1xD+O?u$f%?6cf^(zl*bQqtZuG}Xa|xhYO{8;AY{qm_vAtkC8{sTvnlwwb|+6eR5P zbMIZjlcgv!kXBpknQis!vBBJ(QQjZro)EVJP_qSxZLa*m#~f!~G}0;b>aK}jaD*a5 z&`6iODq@S!+f~IkVgC#^j||INA5?scDIQ}sS*jrs$Y9*S)Ly|x-66_G=VPUl{aUw6 zK5RC#tjHmiyI(WA?kZjpdfwX}+ct#WSt{+!GtT7u*Y@Vr-CW_>zS_XDd zuii4TJBDjTw_}k8L5%HBJFu)_5vyqA1W5gE?xiGxudz>DE~nEBU2mfY81F6)&Ob`( zA>eWQ`{@bpFV>@MZ~b@M?7Gyi-IpIP?qi6VbK!9XRMWS7UjY28LqT9r5MpE)Ir6F-8aPkm7pVb9K!gchCV3E8{X1D(GJ*VV7Io{}iTyOJ>^}Ood zhLD$hV5!IRfN=Eidt-`PZL}!}UoJ~7KO!MtieomFD(A?81Vbbn+4D2vig}`Z#j#wFlqZi6ykrpl&zME*x_+QS@#<-`D%^*i1&G$y-j|EvI9a z_Q8T!5Nt^Dlb}mSsghj^_a_S~UC&_?MO>~&7G8kXa$!}Ir(O8TVTde+%>^rU==VaY zpPq>$bGf%+f%^mbQ-6ugM_8%Gc1hSRFm zdb*yS@3*Xmz4G;*4IL?0Pb12fgwf0f^uTR;77c>5hDO&*y=37^fqV@{3tFvXpl=jU zzF}MVe2#a`t3&SybP6Uah0L5FhMheO{akNwBZ(BL%!(YYZ^2Sg{0Ck>C*v!TS$uz>g_a1nlX%A&aqF91j$*3hZ{;uW3cw=5Fd-k8f0|J3f@-ld&=k2)G1SPr=b)WdT{iWextw{dMMr!{N>#zuU9MG{}Xs z1b-$t=s@TE+3azOac&+0{{&M1l6F1dWrki|9tZ@9be>$kRCXH9r~@lswPdMwuy<$$ z9fEoh;lgvZ1hNzTh+b%!9C_lom7!9qA_x!B+Z-#TvjC1_(H_HQR8@NIEA(wcPkm1k zs%3DBa-0L~w~=*E?*OaylSFIx@YYH)Velm^WZv?sJ%&v%xg ziz-vhqCNV?@i0auk{}5wj?$uG>RJ|aaMikw1@by39b7_JohU zufF#+S>j@oO~!~;gB26!S@})jZt6nY<((q7jK#cQuf9hE%~$3l`(Ad#Zagjn!un?# zOfLPU&GV<=-16;t&fV@4G=fd>P|P>!=?dSwnXoeYA6J=dHgaPrbS31n*yW77xnCGl zc^_b|xJ(d1B4gK7xKP@Dt>;vC#j*cVD*W^DZ8^- zEhe2TmWp%8X9cAw7KoP~^Wh37B6@6xJXiuBDF66Y-!@IojS@HHd4DqVebcuxU%TEy z4xL8jH<^nY{EH_>^|U7Fy9DZAMAD`5ND-2ZAy9$3?zjqGMmWw1-{EQETR7EmSK@qc_B!(_+%< zS<+y@vS_o}&8Z=(Ho%gU->pgIC#T6Umz+msDA>J=EChI(=2@Bqj=ZZ?qDi$D!7F{=| z*@X+>h)cm)+z9_ay52cFuV#J!j&0jXV>D=NqhVtkcWm2i)Y!Ju#tb$+gM3{VgNQ`K4=R%18^-wbY2e+uH;Cbz%5=Lhq`!#k{} zt@<_f6oAwt%u_b&R=M1k!=VO`&sisEQy>TgKEq#s#)c1dR5X1bXHND zK^%(Q86F3Y3p`UToa>{2`MVn|PB1N-ieb}hma+X<*FDPXu~e;=-ldWyLvaWT{s69k zMy^|BCc8+OOi>A7pTm;596yv;39U6b)P&BDKkG`|T1o7TJ3A+C>KUj{`DQ}@Mrm7w zuQx=BXi8%*FI}b#G8zEa^zxPQ;4nKMAIU(?A7Do2EIhwUW=O*=gEgd_)RO)c?~p!+8XmSZIOb9lX}Tuy9z9N_Ni)yQahvHS4^wIWSjJ*1g>bjVK37C zr`}FCw0O{lG-@wd@lG2v8pR7e`ub-G@X$v$8I=}q` zLur^=73KnvkZoBJPv#YcB#?+zDb&!-Ap%~vp#8;BD1MqxFG1`6Dy~4@-W`lxmgHcY z(`;CbfyZXN37AO*{z=fEG!d-~OF^~pR1~ZRpP&udrP6mrvk7K(OXMI5s zG}{I7Y-3hD35PiLgsBdzYFbI~vns0PK_j9|tK~jJ;K#o#telq*PDp2;E>X=|cX$tl z!V?o+HG_Cexy?GZSbd?yhW$+t-%n=V@*6Ck&5%Dh^!zVDWk4c1Z_aEyof;#4x43$6 z1SUo|VCE-{KeO8I^~q-{@iAvzgf5n_lAbqd_%ITf(glZKJh31$ej}P4UhX3M!TJHFOEzKoBl+Zp@qwbccxg<}WN9dgJpCeg4r zIa!bZZJ{Z+qTgG7AtBoyh{3p{!ILDb<8Ds;`s7$#mb^7s~l zcCl<|(g|Xtoj|)d`4nlvUK=cVJAuhbF&I;Z2K^Qya3t?o(ls|-PM`0^7wf~5opOqJ z4sq*+fXL|7&!3$!6s@P#T4gM4DL`#y2=@ zM#<{-nc(bl(ksi5MT(bpSI_tb(|mNF#36X1Xbzi+34(l0>mSiSOn=qcpWS5aJ7Z^2 zI#RhPyF`4w3`9YeQUhCUwMX|UlIHa;D|XT@bj1pV4#-E1ufK&Qv~f~4@`7>KV!F0u zK)DX-b24ooc{?Mrt)nuBw^D5`FQt@a0`A^3^;Bw^taLsRtxQ#@lw!!ZT-F5?Np#v> zfptr+Xr$-jvJ8fX6sde8`3nEqZ3T5_sR|8o7ES3@a&YXDp;yxqVVE|7z9@#`b z_cSd)I&f`Y!CsxpYH|?jemaWJF{}w6>m=UYJEzTG^0WEu3PZ-x)4pOg{Ie3v_U9~t74WlGELL}@tecNC z3FcqwqiKu$7x&x#*vJc}Uz^Euxdoa`Pn|zz?W>-HsFu~!b0FW~-EZ9w9h`WZ2DqcP zH+G`h%sa`oRQistodiU1Al`bG_*r8XRBC<4xq|~kW0%@tgm&~tK%!Y>X_anBz-O<; zSv>HCInTY9gt*b-gv{}T>I??_^|am>K-!E_E}TmC#8noFE~Y*b{OF*6CiP2!tUMhB`%OrjXQQDYzFKM_M%i+e^r-R4N94@KcU zBuK+2M98+eKpjAu*7hMBqY(8^vYMF;jGHOCoDDpWTR7=WpUqrxA|p_Z?ZBRM+QRT= znoqwB@SE^56@YWOs(gCp8p36pJJhR54>iT7A`*DJ<`I%1LW}RYCzyLky~^+dwPXEy zhW`S0JZP^X+u6e+x*O=d=9r~jO)~H`lJ4|7)b9qsz9qY(0Yz%oLg5LEt#fNM4oP(V ziRHw_K9yntL@^Tz3bmA{hWrmII8ZI}JKej%P|(n`}^HM`#xfneIE+uJuh zp7&2;MXL=qg=;Wma*uCzn7~)8qDP~ZS?CC^k;Z|yqkwQ5p9u4BJG%^;g!ym8VH}c( z{K5%KqN_sn03p+WO1_vSv_41Z$Ya4e>}!<*o_NFu_txbiB)s&;IKUE^iB|(E6iCB{YprI0;!%y{ zbY_?MHMhL85Gyd+?rpL#*YXYDj1_eIxrET$_FQq%o5Kic=B5{rq9?=tWxR538t zP9E}6*gvOu^E)ygCrak;Z0r08fA6MgA1wcscTLJIfvG-W8A~kQPt1+)7<3Ysf!W7b zuS!iTzR(~-ZbBl?l zw4klsMjo3&x&pvr-C8hk10o4wWl7hb_Ruxk&L=!V~v8QUEt_5+;vy z2-*jj3rNWL9Pv=TPwcJQ6_wBZ&K(~)vOGhJu$x=zj~Rh~5vQph)u$d2Q&FTGPO zaefCzSW8j2RCNKh#>;TUzeCdTh{gO53an3(zs|a&p>{Ea?vXtU!L^N9a5QW_M8q+;pi@h96FaE_7)vYMd;)G^C%^ik} zb|5fZCA|&mfb6i+k~Du`k7aZsRX~=st3bl_giMCO^?WUSD;lEdq$b#Ar69Ej#2&@fO~T9s&TD56>Vp+%WB zvDalTEjSecimP*pXo$eM9fzJPy`fm=@p^glXT-F-L3)#u>c%kjtrzS`>8_WdBDr*x z5AcZ<#!ZDriB{(MF7J>R75E|0F=oMMLG#5L(^dLQM1;<<%TT_f=F*76F0BxaoZMH7 z8RPx$U`?AP$iL$`J5 z>NPk)MjMgE-Wz@28%`*m=fZ1TbipMc5bVC;5vZQ(*eo7b32gsdC|#B)pG;E;LwaiM zA8YxEi8*M17(9?*xe~$-o++&#Y;w6G=hvhryBZieHq1!hFQ(n2i*?WY{^0)g$Ym>CfM#5m=z_fP4#lqPo_6{ntT21_Ea^< zgCy2-OR#O1j-@LBdgfRA9!G64O?Hhi@(k*Ja1OEAOR?;pg5!5cJ=JT^X?Yo<*i?Js!@5a405UtVpAYUdYqUW!1zU3@Tm3d?em_ z>m~CCqGIz?ZY17X5Gu$=lPSv`RId;{1$%8*Zc{CpLpb&NP}OcU6DsKzM0rZh8>}JH ziJhj1C?UEBe(joEI~4zz8#KSf6qDsTj-B43>IQc}Uqv(A=N2EWZd=pXpZ@t&*Dsv$ zviIzNQld@I$v191`JH6KY#UmIARHDf)hAvr<7B~BA*kh|wOvK&u|H!J`P{a{1U=%S zQ`Mj*wr3}lM!E6}4h%<;J;|XSP6quBE_h<_v>W7t9S1;vzM@ALl?mBAmUK!RcRZjb zjc~Eo`~({8X*cK!0xbwKl+$LeBzGn;4`JzREG|!)V2>w@fqz$3i{6L)e8+oWFtuis zg0WF+hY&DOONefMx@6C5ofXaPblO$5pQSupn*-=F13#3}mHd@r-9&2FxbS^e&`Cp+ zXV(ABTqr~^<}&d9Es_a(wc+y7 zWFpaQuU8uH%Xes6n1YuR+mNLqHPoe__C{hOY0b=xaHI~4L=CGwd+<9n$+jJLR1E4h zT}^JtcpoEeOK?g}0F40rc2e1>?EoY<7x!QAOlXbqb~-<#32urxkOTamwkDzJPW6@F zEjr}^@EQi5NOJWH&p`7X^c7Qs4)3QYayWcQ8s>n9I}I2U_iCAx8uoPT-**j_@v`YiU_Wiuhp@3Brn2#TSh_ufl6De}CjLnyY?^eElZ4BGi~Mrivp& zd9VZQn&QCHyeyC>GsM1g*V3ekF$6l-EY4YQ9~PKg@WU65-Ek7f5!O z=-r6BY;bK(8YD0igOTe5JrNPMFd=Nbc?0K!7uwG`p5)w?ma5mv4oH=)H4&KG-4KFcfTy5U20{cw@YZsIRrP z3b++8i;E-TIJ$(uz{IRf)N)(o{;VggsRuzke)R0{DO980u`_g4<);wQ?yHhkGISB&A-Se-a283%0DLUM zdER|6R+Pt~%t0SzAzj5p4W)gZC^W>D*iHtY#>htIH8#m=pMtChX zPM(%?;INGc=VDTk!~v0Xw0WIp1DZ zBtjWm3Pvnvlw@_#>=ah>BGk6&W0zRp@jsrh( zIQNpyQr-Nt3bc!{F_5X}xng($6OVlbcH2d4an~j?)YK3a&;U7`A-2Ri&?6?3=yE{e zy9Y`lpj#5>z!lsdGeNX>KGCn}1xMxOdZE$S6tk0{nNsfv-OT|{^d2MG@bx$SR{@k7 zPB?f&{n0{5y3?Dzh|GzFZI5z3pF^V?Eco*sa#II0#!>t{aIcJ{-(iVh*k(u0JYJ-W z+|}jxhin6tpVV6{nPAetK;S!*$L4=VwW081zUr=kYS^r44Sj+$h3~ z51N`Ul={UPht4^;KK~@9t?C)``e($Kg);!L&DkXx6WVUeWX1$Km=VSJ!RvvMqvjt5 zD7N*P5LL^_$2^a~B0tJv?aYb?V0NV4zq@glte;P$27!OIkCjt zfQRc(^5`c`vN7TSNN-%$B0DXNDsMP!j`IPq0Isuj?gYT7QTG- zb$LHu(yQwyKYW)Vj^fqk1M<1z-K^>eF=-881G}uVI;3piNis?8gRHZdnM-vm%jzkJ zLPbPCtqZ<$3Tp*H$22ox$I>MQU5SHmTqMzcYjW(yz7Y1N2DyL0cQe>i9XfUEc z$0~>knO9@)9!)K5@fYjl24pBugt5E9z%d4tcx!PASYji%eXR88u)kA>Brv>g5K6VF zVdRr!=BaP5U4gdc4PB66Kf`Et4d@Q@%)`V?>P$j%D2b zF8L2m7E}m$Ef8XjP2Kx@fqzh1Z6I;GO391%?-cz1^NVnc6`Trqf^VCo|QY z(SX%mPSdcV{hRjvzl$D2{8AzxL(=#D+0Q5t8Gr8b|9?RoVAC!^`|sT9pEfB2tIHEC zPWHd|-u&Ynfo~Hp^N*epM6vsWR~Ju72K}A+{R4#I1L0`zUO9*VHN5zW3gduBjtcxQ zar!W#5)ujTlJ`Lk{?9=vq{PrK>ph}$j>W^3Rj2T;<(peP(>w?YzcXA zc}N2WObQ$n<;)KxHA4K$@Mgm6m=ibaPLvKmUKc!3mSyz5i5{j-*OB4wtTc}_TzU~kS6u>U^ z7X_MhxR8M|%>VPT^Kt{>b|0sz#*ET`G+&SmSPaj1zhujQb|VoXM4!A1Z`Iw|%k=HV zuq3x9L&SLqx`~`s?iwz5iNbZ z6S6?gBDbheS)sU$6oUZg3;(a6TWzkPg*og<_Tu8Yq&mXUe-ZM)2L5ZDIR1IGgH&I~ z?s%qem)m$6_DjG`ttF$K625HYH$wMV46zziY=6yC<#M0d%SnaCDrE&9{wm4k^~n78 z_OMwN0YqVxhvO-AR38S3eW%u2T?va|;o)_OmjcBoboO&?b7(YTetx$4K#&v z>8cXLe;Hu>2Q=^eGaN-Y<#odIHk55=pYRo%2uyCE6l)3m6Pc7jf(vV=zDIs{dKAX6 z<|GhuT}s@0+^2pvzbC|7B~4<8J>?YN8v0J&1cPGZO0k-})ID*w+I+O>`%wr~S`^09 z*!St|keK61{yPUH)&ERCKPEu+W;(7+4QpZD)Ti;@5+_DatvK4?3OikWGX6OB4K*8y z*&J0GzLM?fuV6}E=WAS$!ut9o>uv4{jJj=-sjOx$@CXeX8g<6Cg{`g^M1*`EiC?pL zrOYNWax1l(m7cEmt*`3-PNoYQk^q|uo+v@zDKlj(^0}~SY6x3dae-|@PO#2y&2_R+ zY2{Rfv<_m1uun5GlR=9kpcFdh>L$pzSUx)|Zj##ldM|f8{mU#+!8x4D6}jz0mshZ} zt6>TM<1g~>N7@B0zSa5ho*xzlOx%LY1CrjWscv}|%<#cG^t80n?StQ`Xh!c&7XQj! z9S(J&f*T%acq{u>js}690*=F;`d+mMk?uvm)?X!}4wk~?JD+S_p@Ra@5txDNUNHZ; z5db4{y+3M3zC0L1m=DZ|egYhW8hT%D2{{{O3HW9?9E=^cpdwRa;XS~jQ!UMJ08Jo! z1cmmdg+RQWfMT^ug*wYfw!lZeSe19Yf0~gmqM!8y-?|7xL{EV~obgjiXvgm83G?4Em-Th&P9&J3C!a^=oL#^B9 z77%|*>Dfa=yRvdSP^hHfPk&EE=EGHbXdc1q9YMyVo8#wnL`|&+IvLsSnw4iuyo)Nx ztTB_c?KO7J7gr7#ad=Y2*qkYIT1vTU88?XHYLl)Ek$*V82-a`7mIweF=bHj5dG z7^+ou3y0N@7X^Bua^6unO;uZaU;NBAoEZw zl;-$SGNPj)`S9IDE0NOVYu(&C9$-FjSm$U7#1>zAd#VtKh3#~m{!y@vKFrk>I zvFJd6*7jqd$%=bXE`PCEtNCu_sw>Kj*l4rP&27IERHpYK^rkMT(QKm=pb^n&0?eni zhv7JW1io)dT`x9n_Y&lvTctzyyKUZ9Z95AYby`Xsol_1`k^7wXclsk?tw7KMj0JWs zM~?ou?vRIdd0wwbu(2iLaRAJbd~yb@7Ah1WR@cIuDwz8{=Q}H=wPnUw z8pf52WbM(?8v>E*2T>Rb9k@fSE>b1$Qwj607jR`)GmgMv?pNZpI^_z|(FaPrZ?Z4> zS`RHdA81TwlM|a3Jzb`!u~ilJV$MYsAI^I0QM`X+h+Vuy7qH&b;}JW-5vsz0d#gQ;7Zm$gDQIrOz9N;Tr{!x>utf6pN^eN`j)U8k{NcX49BIFV= zY{8ny2G8-d-^%((myxvM5Ws|F$&ENIEOonZ_Jp}!me+WkLONd$rFAPXgqhTkb3IQ~ zS5Z%=(wwOaG#To;WCI#kn}3fPqY;X^9*h^|fCW=mh~a+&+-9Q7)@(MR0%TfdjECoA zZcK6yPk3mKmqhcz@G-oddBo12Qov-qE3dZ+JZfKr1Qx5=Ic-xn(Z7KZb9xh#kCk6zDx#jc8;%-(zDU4$HIc=`dDCyP2bz} zyUDQxdrn~3!eRy9f6gii&QxpvGK?IQgKQ!tU?46pkFM!AX6%gTRC2t{mf?y!nx%U90piK?qACO6+74v<&`+>*SE#RKcVNLCPJlEtj z;c|bzE(4E6udrdv+~v=(QK3;^qEskt*v%pB!ezwja z&+7SVvwRXXI%UR}=T>t2P=T?CDTys1vyC=)%X{d@T}ntVW(AQK1*A(*o1aWk0akt; z{{B?g!pg`5Vt*}kBw-*J^*UtreBT-~D;sOGpb+s&M9fSFm>~%{04ZmL`eW(pFK)g) zMQi51XC*ej%QPfPiEEitl+1tOpKG?3&;D9D{v3sOT4R<~%vSwSV*+2QngHu6*K*Bh zRlcl>PlZd9&h|-0fmw{$VB9tF4xBzYDv74%RK2Oc$x@9$!!1{^>NmBaH+tS>Ifl0> zqZsy~c(Mv4tjm7rBV7`T7mgW*r^N7(4Gbyf4f?ksV#(?chsYkIq1=#*-x|o` zv*jO399AYg6PLzZElX8gVmj^8uBMX(HBFPs`pFedZZ}9{EF|iCWe z5_RMIJ2()?qKNrYu6gWpB&+KB{`l(fFbcvjD~p}Jz9v{ZC0>30y#8(8kK3UxQc%c5 zvY2$L4e*XGAPjBp9%sPUT``N%fCBI{dv@x3CD@A$FQZQcjvbanr>1(261`83ID}VV zyV>FNXT7YMOvPXNDzzIp|bQ{wh?$!g|$C&ba)p9Pj`;ue`GSJTVPj!5WfOI8h-{-4q0{6Y+50V8(;M=6FmtJ#ZLRR0g-8>_ z`~Ynyv<_Vw3^()EK=m_T_sUiRi_I&+{9=(d+_5?(#YDC0clA|MH~er;CqJ?nB2_Wq z_gTV1H`?lR+)lUyhGzA5X>{i^TC3P*=Ixk*l6qf_awHfNhC4Nm0Bb9GNh~<(Il2Sp zwD5c0#?C~kreq>#5o-voPy?3VH<;_`!lF7IqNox`r2v`{UJLRiPT(l$ERM8JrwxdP zm_~gaeqyI{!nALi(mz3h3jh^Z9>`ueJqrGA4;Kd8WhiA%7%d=s7TD%4T%#EE{+Z(V z<7QF-v$lVyx13j9Qquiq{7b3%be?^gAkGd6pT}*^e7V}{n|}3KY1_+rD=p0shgX;t zlR$O*eVWIRfg*KB7HoG9BEhaz>JpfUo4^y0X`2g(dAj+HUWJMEfqTIdCySz>O^344 zWW7p@Ep8f6OdI|LZdjrgc2ezX_&i0A6P8Oz;!_hoz>dr9RAPw@Q=}+ZV*n1#06QW~ zlvoMvxRDs_2=+Zxjz6qaBWHhL3-TzLN$)GOV!#59H`3Ag{TsKy1b)*++;Y7cot9|B z{3+?M*6Z}AoNv%jmp_9(`wLVNGK;L*oiT%e@S`9k3)bYa_rSxyfwQ9jJYZ_SjhAN< z8WR@0xfn%u|Mx2a38o7_@l!l?8bJ1FH#iC9diYcJlHAoxYs~diKq3{+evi#BaC8d^ zu=q1c{fJtJPIfAMtM9!Zt7bA-N`>6$CWE^f7?d)z>y+>+D=-}0l8OQBb*NwFYbkZ4 z^5OtZ4pBVGxAIF!2Et&=t_x*(NIPX^7*1Zpbl5O?Qf<^TKpmXhJQ8W_yK-v%ng;Wt z%~d`n8)fi9Y4z!FU?fI;;g^dp1c+G%lqeV-*wdyAi$tM1p`sn~%X&n^n8}tv-he0z zLnvj`IH0@1u5v6F6Wc+)L@d>nCYvqB}xTQEf+n>2vJeH<7GD*^s!wTySgyC}WIXuUCV##6w&)?2L!q&mdbN zH$E?C&DJY`2Fx_ilqK^kEZ;eJ(C^a2lK=9(l!69Ld3Gm@!Ts@x zi}*WRv^3PJQrXq}h;t%SbhAFKjAT7C_-0Q2H!Q7s zN{?Hvsrg&+aQtVN?!uTaw(Q~Tp*-B;nr0NMiXM7Bf(=6V%wn@c@4hzd#edDp+@`Jp5M-E3(T@ zpa2%6&=%bWb&JiGzYwx1yWr(`pvo<396;OCR*K^od>YE)KG7V$n?sipm~v0#1HtPY z@;#Bz)SNQ6zC3tYP7*jd+D^w-xXlo6IJ7$@+sA)fJlDAg9uD&gHN3e&tQ*!npY62X zS~xyXpzTkZR1=1}8<0Yn2qt(lX(2gB37`(fuH29FY`+*<%YbttuiY%~Es(BOxqo_o zu3E}TR7JE!y0>(Aw#0bpk5Sdjm9?m0Ukpc1Z;Ls!+vOn9a@i%-5EiCsaN#RoXi3;!Q>ELi=ZaW=o%d*uw-{8)ro%F*Q{(XN10Q>q7pS$CyurPmCK7 zDIPZczOD@w(-y2f|tf^RA5vq>y81ml~s?PG<6CG{Gr6Z14qQPcXs`p}B-2BhSqHE=in;l3o z>Cg*@B$FE`mm`N5BRbsU@~Y3mo*tt>*_W(|pS!V8;tGpas{4vad;zW1_aAGhU(ZGc z*{$u(XamN&gNf9vqg#BUbI>L^56s|3G9{9%UV8EBJn8A>RE4q1 zvgKq#kcM)se$#X$%p&ULAkY+v!!s{uS+9b`wFUO}u!GOxCuH4@SSZsd|^AnlwF#DsnAukRN19xVJS*w?3E zc*t%vJtJ-wsi2XfQjM*Uz~pD$zy=fB4_;LRRMHY z*h+_0U%QZHj)bot1~G%B;KlO)6J#T{s;)&rt2^kl^DtPGOPe?#x4VG`1^u|trjT3r z%I22)DWymMQ$(E})?)O2MZVVhi>QS!ejPLlR@{6!afi(J--ewY81C-`IzGP{B04-J z3PCjx$86>+p!SY(dfYTfTdz-qrqvKa9=^L$UuS>80BtrM6Hcx`oM)8PzD#u;lDE1* zg96b^L7&Zea#dM%PMKvuw|YER?ZK_~584_((&$Wwni=Z#cNHw zBMo12b4X(oxAj;dzObL#Oj1TNO;V6T_Qmp|21l03XO5%%;Pr}cAVBD*N8DNs;q&QX zAX`m!@LMg9zXkNEpFui2Xl+1d-8}%*5hQGZ%8CgS#`CzexJEJCYjIYW6N(@G)7OSs z+1>{6Rv}Tm6qBwZoFe8+zH>=7|6XBb`s-P+YYU7sF_W1BsR8{)5>!*(jWB`H01l!6 zp-4rUSWtABIu1FOX8G2SK=IXichA7iUr6$?jp_7DWmere=sxD8G0$0Fe;=u$TRVD? zE}4q%{n>cNql396w_e)>EK75~NMgvjIDk!PXwlViJcj;Onue~onFWR`BeY|+?SEW4 zQX)!2C^xU4JG-5a(*_0f%#!HBR?jc~dYT_~^4Bd!d*C~jpz?8=>x5W=TyNlnl!2KyW zWYldoFww1We8732hc`b5Q5~Ta`)HeB%Losr>s5GF9RG%M^}$S|3p%Ce70S(^2m~C$ z?FNJqN1qd|@91VgAKK+EW?~ipm2iGn3a1L)uHR5KWk%lx6r6g^%nrSDyoi@(^c$XB zLt}Ik3P8W^zR1vErX#_`%OR&U@k7%4sSH_cc9da!Ze_$RdsGVxpKJ%obn)`BA9 z#f|*V_jY+jRmvuoaBBhEB9Q&?zUkk?;4=kAW{Q3kQa*GS+W{MB=gfe2J*?xn~K!c$MfE)oB-gcq)d} z6`MgO5C+9P!_FfmN;5!FO^LuME^*eq!8!uc(-l}#2G3&fV<-)TjYy8okhu%S8dkR7 zp$#rGt|kROmX_ZP6XEiXhxNO3)(_mwLv`G%1qp^=+x)x4GO7cP=-n>6unC21^pU{p z!o}QHs_=+Y{iE?=ydTcjlS<*(9xk{1q5EAoz0Gc35D@9Y3aOUNu}6YTv58o3Szhe| z-CEF=!gtehbW+3wxqv|cW$XE;DRBfp1rC^8s#TH_lGj6GO|7bC?&_x{ViVj^(KluT zFdKCq5YX>I>AXfCGiTFUZWn^QRj~Xufj0wwd*#&~bz0gdH1DRZmh0l}^LNKa*2pnF zh&PzG(0t52U65JY`lA=})1vq$hI)S~Wd3_GexFPWu(FPwgfQR0yL*M}qRqA23FSUA z!g9P{x$f#0^N;X|cZvDaH&S33u(&tudpAPM^9ruK7#$qBzL z`&eHGcx+{BF%7UTg1#7dMGa=IH*#gy8_h)q2dd8qk>k`JqkuI zCy_Q}UaABHN4ah37m)#>I~QZcA4VI;LTIKO`q)u*TNk)#Ru!~g()&PIQ!e!t^r?~$ z>edNg>gl5yR`$p5W`0*<<8fQn)4gWyUvUsrp{@CSmfzicqD-f_@~87Hr&Ws_YBV`_0HJJP_H)^}NZ8=D}bL{LFbo zpM%m~KOFhR!TR}HaW+x9{*Br2GG|gM0nh-BXK9UXWrNM%wgbq`<~j@H<%kE^u7DC~ zHkjwKbw9Q-HvF10?G=RzBv?8NtN{AhZ2VDZwE8I8N#Y)1wz!b%qAE4CzXQgYeV_J! z9A_F#{74ym4zwI_s*-I2%EVr!4!{s`LmD>V-Xbyn7`u7J@?=3& z6wNu+E#Yg8H;1u!Gg~4}<1VBXcPzkLq{~et4?;H6s@bMRbm{20n)$e~}p$K6`BIq`RV~{PJ35JS7F%S!SiB8u!j;y4UIfLo#n2U97nic(W$V>weMA zOm$X^jQf!Uk+|DQ;4W+8p0;`;iM+8KU{c$VujYE7T%JN(+Y*A+HyXObvg6BO?>U1*!ozIZp=m>&h zIU^{TftR4;=+nG^2YOZAlW#&ofC!Nc|G9Qp8_r@V-|tU-wrNMX_$7ggnt5vns1;N)?|*M$`$raKFpSql34;d1x=O%7zNIK9*}?<;)v3KpUJEQH?&lxx zG3~a(CJ6#iQqWj8=(t&V1&FHkOqf<_`r!Ve>@E7ZjT z=3vV;ASMjFeQYlRP|Me65O8_3;gN+ zNk3`(|E+&Yq$KhGivO>`#|sbur|th=bzHcv5c!`PGYpsy(1WWf8#HO>pJFluu+s zpcb_5(?8T~5||Ve7%&5f@Q`0HqA-oHq_f*V0hL-Vjjc$53n=^lM=AbG!Zk!ypwL1G zK)?^jKn_k5v3-;(7rS6k8vOUh{~A8Rg3HE6^68NW0_Aiy~cIQox;@Bdws{bwGT2^Mnx)#ZPC0Fq6&|9Bd}Km9+C zB_W~Edj8LZ{ZGelnE_|+3$6mq*T1#wPl+(spCEuoB(RxH5UjMiGOc%bud1@WN}CPE z`2#&-Ysn9RS#xO6HD?GDE+H>{y{=rwiG;MWC6g{ zvmo&09yvR6cxc|@_4JuRvms2d?@#z##&LfH6OYvtVg09lFIJK3pF>q{k7n6y);N!6 z3gP!Bv-Ko~7yP<_COeouKCWwoxYvYYNbkroLBE~KY^@crCw(ibJ$2cCH%K4?Np$+zVCPiWDAPGp^>J5zBF|F;U- z6a*AT5CjZmh|fQRX1Nq==I6XSP{rb~-gfUrWIm$bXkIhPQT`yOiR(?NPZc1jK3 zdUIk6$#L-G?X0{U+_`o0x+yZ>ZJakSlA5I1-&_0ZQI+T8{h{-LNvl$`v5q{3vxom_ z5B+5;5cxDw`D?8l$8ujQo{3{stiRw=kvz|_<#p|i=!ZPv$oUK;t{4>1=XLK1V zt5+$XeB2)e22ylOss*YdD{G~9AGhzvgWO$)!3A1$t36y^vRk!osD?#6-*488JwHbG z`4U<_RWH|upZ&7eT5WTMw^HcLnq*3>f500*ogr71=ax{H8m9vwZz8`rGiW92EG6FR ztk)fHxm4n7RL`fceCKJXPts!W7G+dVsmcG~8~FXUnb5jSTlvF=Siq!X{doripUWm@ zT&JdQ;cRWJ>11^U>1};PYJaG~;cOTEbhg&<^g*k__^r8oY1Cy0cqqrfshGZ_ z)~Da@^ZDqf^;eFkOFF8JI$tb}{LMIj9M_s$BscAIGgyz$rv;7UcGj25P|LT-dbGCa zc|0B`ub5hX#L#`ILtF&dgxai5;C(4GEB@GY zEo`d_P*%)_~rGfc1>gz75Zd%z_|^Pt@JPDx0^!7fglp=tav( zRr-P@Ev3`P+rtCgarXP|C(rF*?Bk%6#G@_7+XXFKjZUApS8$(R#4l_bg?gT6jTM+X z@Jww}zvnx=J(YEp36QCgd-R7zv~z`gM7 zU8r-Z-K^5WyM?1Z`0F;ja~h8?O+t7lW5ZkZBh}HI(%daBw@0$CQ0Xb;R>MP82SCXMPOXY*BR?re;gX@T*2*eZhfE>`K93L;Gb$Ikgv zWS+`8FSQY+CTG}vDXz8Zi0>3S>7{R*b|aVV)gOkFIy0lHHp^2RE^yaOtUgsa##TUI zKZf@Af}h1k)i=DC15Ec9#h)x#;-xwnZht>@&bBO@S~aujbmp$-iPi>RP%#mLbJ#sP z@mypP8+wjW`PNP8ei(==sH?)r0vXKsXc`n+?ruSH*mgQkZ0Pgz0(`M3 z-)F-YAi4DT1B^x6ecxE-8>eK)ZC%&NzLH6NW9R46ve)e;pjP-IG%}(GSkU#f)-p*N zL*B6?*z6Y)ggXoTeOscilq`3$nj$qCjW6)p)>WWDRPQ)%-8n>~#Dwt1Fmf~9T&${4 z*ZY-bv-rb@J)Om@ww>Lw=VaT_=l+!&>B=ol`O26$q)gbuGLP!gf zC-L~_#TL+tq|)lpuI?|8exGschQxj}p(z9cVwa=rPt9-ls}iA7_7&102)Ks$fEs_G zE5f3L|FX#soi@X=4G5a`AfanU_#)7*%FILPyL{tFnfJ%@ zV&_ii<33ZzW6#B`56uBu`;@s3)}zX_pFT|oZNi!b@N>s%d$kZ5fbpa<-1N%*H88xe zfo><(gK5u@Tuf^}{DG}7EAVcIlmxQD`34G;|86!#&DO`KPK~y_Y+b*YezcA@vh4Z? z<=voOvP4h>@#g=>-dl!6_4V(g1}dm@DJUS)Y0yZ6z#uhri-dHC#DIv1bc0IAfHaKc zkb+1FNOv=I_rL&W&GUPn=ga?`cjv`loCL$l~LJF0wkjI{i9eK|-7xlSK>tbKIap6PX_qPv=ag|qWmPuG|K_3U$ zrgn{w4XtsN3xp_|?T!d5Y>9~^v4<`6nyq~ezrPymtD~78{dd!eSkR|ZV`Kfg=3d~$ z@%ln&pk^f(bVO~Oe$bYs>?@gB`Gp%Sf$G*vLCOStB!5IvV1k%#o_f9mLbqX!%p!jBvQ;!tJ6@$-)SuuJw6^ficJk_(S4>dg7ee{YJIvM%X zpC=vo9=L^_b@q=0bs9mQ#|3Q=$;qZM#M)E`#U`>qIyoyR=JH{Gp0>UVU_I6m+itwh z`#aqsSc1&0^jTB}%MGKB%z}LAP!ruNou;EPYwpgh_1}AO8O$!A(+gUU*AqU@L zd6Tp@c_bFO3yvl8VTt?tx)HagF)ey8P?en3=!K%G6Ifft*Es2FTlFEq2!MJw02 zK($(yb5E~QdDH^*EhFLW^y$bJvFda=^J-kaU4JEJc4&eN8a{rQ=&Tm)qU*7;=jogC z7h-r~fxH-MaG!L|uvSF`?#=cvWd7!c{TziGC1x>LyV_W}W8gJsTLX5RGEZv4J?n7F zY=#<_GN<1cX&hKA%ghCIdZH^BYRyT^HS;9sYVu2{?tjXygfNv9P zCUn>Hu180}6&;9puYe>20c&M62!_WDeb8pKQkd2J;=>0C+1;BB7-}=dI62EAHt!U& zpOKo^jm9esJk`|q30Uo*^=46;NqZgAcBD`UIbv(lefoeFo=}V^_&rFB7HHV*U^n!8 z0Y*^W2cPxQR!;?o?Cnpt)7^no=(NAh(+7xJPtB?Wz9&fgvjV9Qq-L$ChK)={^;K3< z=WULtI}rta&~S2HRf=;uzl098uPogdWuG6!BxA%4d;XG z`%X`D?a)d8vK-PRvvT{&#Yde54YvePqS`*q63{HZ z&a@J($^xi1j89My!UG{{uBtmdLo57Ou{atD@z5;|hBA;#fJ> z(Y!>CgIwq&5`(VT%D7tasF=`Ro8L0glfx92`qVw>N2BtQzf_!CE56>Tlqqj~#G$g? zUB80UoUH0E{Wm2G6P#u)6O6DxFP3WlU#}$=RdrT zQHkdRE$92wJLfI3t}%?K7E8@sM^voixHwjjw4ovzonPmt(-$X^P6#XW#|Vnms#~<) zf7yd~rNR_SDq1Sz)(}lQ@?^T)+DWK6y53HRnLmYD;n3^m?Wkxb{;PE(FV6P+MI#ir z>jv1}d>ES>(iS>5=r)--7&Ry?&@!FK#4sHGh)7L}*;Td?p$ff9yD0;vsxNIvy2KE& z>-syRyj9N!2k8fN?AUKTbWvgXutdetAAB{Hs$PZSc&)fW6k6i?I)X;TX05RD&|_I& zBFnooPS$BTJ@8YPWdrYPHTt#siT6#Na6{2~J4WLfbJtE<`m;82#?ShN`-n8Ye&$4) z&kh{Z0Se-qggeSs3H6XEILsu5gt>Y>J++T5cI;^V8SNW%N6}bzx^sxd3TG*FYN0iW z4L{k@fswLBI=+c+OMpE+c62pZpKk8pualW5Vvuv~N4MC!r8^CXNv`uT!uK&-RSWB9 z2}s>6_G0=_i^gT6!;P6vCY18^`$tHZvK#E4$oU15o!wRi1BOHA`d=ihNzt-N5ne*7 z2E~p(e@W0zz7;mFUn9#_D%v?EGjLf}vXHL5uCZe@x#+w?^00-8n)*t=&e*r;<<7d7 z8I*Tm3}f6ryOZ$`N;Fz1@f(`YoRh1fmXU3m(9W7@YVZ4|kB{h2G4MLfo$%e*tt!k& z<>`1rZ>NM@CqGV})N8bcW^yLt6+67pxOp`>Lq3K{9-<%+chj5K-Vk<2PM|)v9;JZU zZYDfsYY(IQd~-~mHMT_qVytg`*K(gT0aqvNdC*PO4oSVZ_1eAesSQa@J)JOA1!B@| z+yk`_qJ!MkZHtD2ksVKqz|}O&0y{_VpJY$Gm}@LYVI9)Jo1kOuXnl^;D&Dx zvOV)NJHqhQ0+e(jbjs({HZ>Vj-rU$8>6^&cStv@yl6y5oBI|Dsb!@IvCw*~(j7~bE z6K9m%)ri2~n&5%yh=QHnIIXS7Zf>x?96UQry}-0qCi~d$G7qOIq6#m_U5P_-o6cEI0ZT5H5bKaR1OX!mP>iN2a zLD-_!{?OE;__boc#Uym^OoOG)t~0jhxb)1Er&5I9a&3Y=+oOed zd`+^55K6@etI_087Lavab($QFk=tYtvoBcNWb3_J@l60{nM< z&gR4B*Ux;5^;Sw*bKa0&BlcUhZ0t4G;BIrJ)7H*cs(TTjPxb-DWfRw@9(TZ<#TmE- z(uH2+nFCeFnN6s%)b>H#_-Av{fwXEDdfyc~#GBw6jvS|r&w2t<-(04l*Wj-@ud(^g z&o~#C#CpT~C)>79ZfhZ+nWtn&Y9)gI6aKASnRQp9*!iFg`J~&d_CcM zKApzm@Pa-k{I9&$@$S~DDV~ma+}tbO>7%mq5H}>xm|Nr3TO)YPNizm7c_P)WKSoJD zj#5z8*zJ|2MKgRIQ@Z}le;^CvX&l9?HynkTK2TNu=t;N#flkbefgk4?Yjfyo3yig+9RG4R3iJr3UY+)*5Q^8Lu$MlvK@!+f| zQm@!_4K*i98Ldq34j+(Xd;~k*oYxOu2+p9Su8zl1)&6C`g&8ZJ zI$yFI>cGboLb6oE<~-?ys%a=&tP=)}xOms96S81jv>W6Xs$9^}f=OJQJcYEOSQ|wa z5{{nTLM7KTIV}~|CyDm;9%Txel4uu&m3)X!2mzaa0La)7$ul$4G+-@o8kZxlmQi0+ zivA|rk0jGU6-#_T3_vVnNZ60)U@6|a^7dW$!xBhup7|W;bnwd3->7B7 z8(LGZjCX0})UU!wB-)};O_`K;tBaRgD1Alw51wxE6I5ft5gXFJn{O8R?X=! z+2U|D`Fo|7)XivBm!$9G&v!k($9litHSLDQ85K!)DA;xc$MYs4+E>w~Ke{_wX0PV3 z1SWjCVHddoGN}!onMx>;JKhsDubAct$;H(9d+&E~Y}sYd1pGMM`a)LuA}i_{x9|F$ z&C{ngdHZ_CIOHeF85ORT>$jo(NcA?B=9@YxyaeL)3xxH8gW*o~-5c?WyP1a94ct=& zj2v0JqC50unpi8`NY`2F-k4d_)5??(Z+RJ>wp0f7S-$y3`%JnX554R)$QPF3y!Asy z?*fsvaa-g*gQD6e18=D`=(X}})7D!xxrt)bjC#SEpV?F`b35PV#HKewI}ovb>QTjI zWal{CotYw*y2pMUM(-D6E9oje^4*#d6ua{)-hx!o?Odk9T9EaXwD_gO#?-k-M1eu zO74NiUzF&N3NBE=`IM4ncps2@Hy=c2PGx+HH;Q__ud0_jEX5_s_5;(%EAZplP&$V< zCD&Da?}?+WOm?zu`eDZUzGsZgt~oaw+mj#B{Cx8><6|9LZ1w})ZDcjQXr&^P(M@b6)0;qn@ zL#IchLptaE?KIu1T<-T+vsa{F9M#*DwdYZfsT$wl7A#OhF8GwZ0boK@;*Q$v_FUg& zHS?s)o8jYZ3mrT9%6gs_!ur_!-suSa$79TJp#d2?VW*H>NVv=JY>g38-Zv?uE;W(p z``a8QpX}c=pB{^O1gM9GFcCNd@I5~8_Cot*j@dJ{_)?XISjDx zI=ROnEfqDWpHVd+;fHUze+DFfiK}`KdqezUjbyZYL&6!VTGZo|KT~tv5D|Tx7p{gr z*iDPTbTbaJHWX2oe-+KsA}WVZSbo51*e>aI-y!;}$Iknn`yjKbaffH;o4j$|FU21; z(knb3p&S*_$xt#I+tV|IgjaBQx-t>#3!zFf8}z8vx7C{NWg0~d8g418`{gv1G@ojr z{hYd*MGoEH;(0aDx6uJx?{u0G1wXWC>pn%mIm|STQNQHtw=0u}CTkAZ61V>21rYgh zzWFGov+3dH+MH!hFjCK@{W`)kM9e1VxAeUGmICo9uw_nEG&s(h39U$d57qaDuxGYuJH zi7bXn8_ns{lQk+;GIF#=r?MeQpS8{_XeTDKraN}ghyO>8`LEdM;x%5DkvaD>+Ws1S zHf5Y^8YJ4_{2Y2pT1rh0$Ia@cm#ObkHjQa)wWxA%UM_{wX1z|D*x$VSnCqin6RVx)Aw!apEj+-10+QN|9(lQvbYs{aK(l3>i8q#XXCnGN=I5B? zcE*!?T$<3DvNcHo0+3?9!dG)1!WWyrvgBhj7It7l?iwB|jVksz3(QG(6q>5_k1_gX zp&y;iI>#r(qDP}t&c(TkDJxVN^u zw;zDFbSsr~{rMsXiT2n0&wVV{ zAfFXD#a>slw9#`axIwvZ1>$8W0K9DFSOICmYh1EWeHlD1hVi@I-Oan zzCZoNAggcY%dl6azZjjCRK4v{g-EMt>Yysi5~gccaZP2#{ZV8~I_Iq|TrJv^0d%1? z_=R%RZCeJ$%Bp&d46B!ttH zHwACfqMno#A?D{#p_z3bVbJV@52WVbV!eVzqnioECdjq~tHM5-KpWyJB_}7n_qtSd zQLKzQt!&RekMaLXnF4{mqN?b#pr*f;+i)gFRrEfTUhI$#N(Z+H{4!_k^?8Mh|G~pd zBJUGTns3rfEVB?=0rNSM-GNfi-pJ3gLU@m^NToaqGmPe$jntP_58tNGZKHMi8B|#u zo~wjLi4`YA&6sD@x)KCsRJAEGmcQ^}zHoww6FQ?kS2N9Ut`WVzf&&Q=7jdOs%77pq zD3s!7JTaCiGdT5c+oiZE@SAy91v4`rAtuVud7S*s==VoE+1dwj@J_eXo0%H$8S_Lf zR=65NXxi(}1}$O{EBfH$M~u21mWq<%*(v=7(~J7vwJioQi>7-Y9(6W2>+QtsnOeh? zMC`eSd7u6P?r|{hjSl+qkItGom|Zjltq!JzndR&ecm02O%J296bVInHKjs|NOGzS8 z&uJQ}vkz4E!))jsOcNXQ*_y7Avl8?0b`Sr*{)c5p!5?l%U4ghg zs<>_T;eURFz06{Djb&73(wmItzxRr#5#gnoQohMoVfq)Z`maa&WiY*uHW=uVo&8TW z{`Y~{hW>XO;)fvjJ=id{9(%hk=1O<|=Q_6GRPN%e!axE}&>I$uN3o9GNrFSQ9?sSy zk?t{)7K9!Degd{FXg>FZRk3fWs3i&Q$bk)QfbB^6r8tn zcw|&a^kst6qFCtv+r@3quig}0tiCEB^50AE#aD>M+qvra;4d#d#RK$Z^3u(j{Y%&2 zvR4>u_QztWB>ovi3tz#2NuhqWw{iJ)BhN3zciV0So zQ11U0cEzt2RH>WVQ|a!d((KUMg)0H_dbjUxfM7e@h@@(Ex7>A43e>`KJsz zdvNdGrxeo5wPXXegxcz?-uS1CNPcWBrFw!c%>YOoXrbH+j)O~6s*M`lTbsW0>vHQt zKW%P&?3~Vo!7AVE$XT!AG{X8%kkLUqw7F6(^pigi996c)EsnX9K~UJ^Dcg zFR|f?F{OxTSABBrcO^Opl7C+0D(*tGxCF~6G#jq2P)+d6-cPNJ_N?poMQFyuFWdP4 zG>XatoZTW*<|ISdV1NHBh-==Tl+^9b#}NO2uQ~s!N18V7fn*d+8-ELRM}+eE5g~{6CiXDF zp77Bkc)Np$wPBOncv|j(eqof6@BZ1SA=++`XKU+*%-;es;!8c8inDt5>~UD?OU?v2 zJGv!&?N$4_c~8ZSP?6+vp=Lq2!}M|AU9b5)k0IN^Pi`B=>^dP#U!mZ@N7+PR!*0Fz z_S^ zTi%HIAA;v*N19Wd((e~y3Uz4tmyrW9rfGY_^&T^SK2LtzpdNFz+cr_l2^}tfvRzsf zEuWTx z%UghphW%FEQ3^Q3tQSzN-H*nRs87HzAH6&Hydz&P3(2!6=8sf z+JdxQ1f}7-M<&QOlaC0L#m>sWv1WZj?wdBg7pK$xnlcbYEaX)${k3~rW0W@&RypaG zh|SUl*_Zr!Ak%*%$+^1}P;d8AEb+boVb>oTpJU^3%ba8zP=oGBwzEaxVmokhv}NzL zUK&`p->0xbO5UhxK$thLXJ2Oq^lBx5_v<@9tZYCh9NL5&^(%{wQdt+w#w2vuEB_9O zQ5GE?Udc|hLx6NO^N?m)3u~5UYGD`uVx2zzhY8IvCydUx9G3wRd)Uo5k8yv z%57LcUsde&Yp7S^L(R-7@0!4NgogUXyAs()H<0>_wc;O7OwtJ$;(gybcY)}TzoLt8 zd<5vcGOjm(gPbl%j&@pUK^BTFnJxEGKoBYO80b_B5R2!8(TI%AYXeqIfh5G!#|N}4 z^PnO(g|f&&EDR7**hI@L7^=((5S3#0mD|bDaPEHP(*dt2p2AAFM{B_;r4z$?ih?A=cmp2yix@ zBj>|~qn~r^@#-v}0~Y+{Z8z3=fxSP^VFz45p4Q(vrey>}4f}$mTu592)I0;3drOsz z7R9z&tr{V{x>PkEz9;t~z=+*L4IwrEeR!9)r)S$|WbAOiMDRS*3~g?7x_(!SxbP9t zd+};gZL>Iybs!7+Vc&2zlyy%-mV!fj#()*Ph=_f8EaC|`ES2R>b@GH$CujY*o*iY) zR(*}g1!k|;M`zn@#Q4@Ym`0hlx_^-s)(sPP%WA=VJK43I%LB86NCA81jDIeWTdpOnUw(^-jYaQf4gE=82mbSQ~@Dy}+*+R{%y zaZFk%pG^&B17%>I3RiV)E&=k0#^tZX;a@32G$l3T0CG%pLa%HCjO?TF{lqvRW&K@L zy-4M|@zE>(E}<(UDbuTxnoVS9>gM;%a9tnWuH!FTJ+dZ?3~u$iIltm5FTU)L&IYHF z(0V^--a_5+_WANcWR`|)6LrH61OSSStX7_9N&@atkdQfGPAdc-Y!!Ks;X1tW@S)e3 zWsc0alrHSzsNv$kazgRN812Ia3Q64~aiuD1+cKJpRIknIodrQ1w_qce6g4G5#@U-h z=m@n>q`*h(l^4O1)cuE{i@I(MeCOb0THU6wHY43C+KZW%5yW=*a8gpGa&*@~t9?mEZo7`}5^# z^R#jq*Wv6~FWRNJ;Eo{BGkAMUC@A->?Ao=vsbE}Iv}nFPcq(m-DSA;=SUC8I+isqX z0_?M6iLSagA57LE_VrzQW$Mj$t7B_{MAQu|b+VmUwI2rxE6b`oeLt-e=DYcG=8P{n z+8`_wp^zuxDPhX$vr#^bk=5kPaS1fI-(be;M3`;SsB=$zm5f|?AyNwCxQS{qJ=2;Z zdAJAGpkvf3X54Mub^~m^_x+UyCyTrpc9+h;Fjh=rP^vzf4%prTpOw!A(9z@S<{!J7 zr(lk)kXl40Vy0aU;7<5;cu2zmFFJ)CtlB3+%`|*a%Sc3*@cI{j08VwS~ZB)cldduo>}gCA|qHl zidwb^eN4j7>wq|TO1B<#wpV3c9zsKK;?5W4Y>Ad#GtI0V^?`O?<)``wfFn}a7AbEFW^R>Y8W1}p^9`fL|TLo-0L*==Q{OYg=c ze6)MVY7)KOL=pR>p)~$no;cRNLYn&{K6N(#l}}y)6J0Jnxmv|3?(Ux{*}*DR_sR*Z zVu^;I;i0SUS;~CF;3TtAj!xz?;1;(p4}X$xs3DK>ne*&?@x0EWdg^_a)WL2MWel(n zIgu!*a(N(qdtFn{7ByMrlIppX>|U!XeacIxqpG+N&rIx9ooVslQwC>HOO!0l%F*Cr z!wgdfW$OTvJT#i~inY7dLfqP&BWn}bkcE2Ut2Sx?9GF}Kc^vY2uy^-mgTsNEhMiyn)fp)K5gi&$t2W`+;C#+;~iNG65-BEKOLN%mBNo?r*&r?9Qs#k3X4 z)GhJoZ^9IxpC$;gn&tYhNoEo1SRcIMkbw+G8{$~2WsL+lEBqw5ZHIKeNqhb( zo!0dg*J_?2d);>nqHOQqaGTYnRo*;&RST7~^8@VxnTBM8NEIFiM8L80~O1t zMcRwwK(Vl~M;caJtdXAC9K&#Z`vKUBG>;CA8U- z2`Ky7CD|+KlH9Jrs&9nA+{AO-@mG-0fY=KZF-T2gkGJ7JG-*SxYH6O_8*5Tj^_go0;-tQft3v@PJN6 zug*K#fp(8w@SORvKm9kkXW?~tQO}QyggS2b%1ofb#nZ%bO{rPwr70ad)YP41S{#mK z#BLi0!)o4)j5)s_2PmF5l245=zQTXyM&kUy;K z5j|xf^JvjI$5dQkmc&$%AVzTM5_m9^eOF<4XHIJ%JuF_;?NZ1>rKC;R zE0bjJSf)7a@Z!yf;QtzTayRX6y zfQ&9UxKK{a556fOq5pl*q9)^7^$tTX(kmUW-RXQ|LNkNUL4@0Kk3V)TFK(?7mr;0w z_t#6@g@E^oj@{EUdADbmkbB<9WB)N7jf_MSmfEJRm023QIpmHoyLD5`9KJjW(zunD z#Is~YBF{uW!J-Mh|FU(sBD&Dw4cEDii%*=yY_QP-BsEYUNrd&a1D|1(VA&uOv%kN>NZ}A(kU=@#RA&_PBu#Dd z)dh-p8>uV8{ng}#+(l`^3eNj_y-%yZ=S#XG+vth=w}lH8;m^wJ)5GJE)sBLX72-nf z#i$4NhZ*x&H>MKkc&9DgFOqLO5RV>o_;Mgof z(f-9%gf+70uN(!=;{QM?55i2l=7^%fQYiCMe71$mitU&`hhlnC@oa(f8?>6M=@UFf z%+rGQrPj(R^m{mVLZp^g4*4VLD52e9-jLuis6Na?YC#Hy!%EgmS$a! zu!b~n<9~7H{$Y8m)3TunW4WCvYV6>2mB%rFzODQxYlCWR>;O)6Uj7%WKKOCt_<%FY z%fM$YubBR`Y4prIr}>KX`5@K8D%o=AtTZYkb6I6qhZ{$tz33%-nyJ=xivJ`U2{NSp zMC`6<;R@pOI8zLi1-~Ou{#sekkz1r8G1M81LGz01o{xVEatGV&qScZQBM~6_GZ$|! zy2%kO`9I*QlbpE!S(df}Po$FnEJOo)YkB&dMWA2k+369#%svYRwpfMq|68#-=aS!L z0`}O=SaXn?KsFE?w>_ts!T78GI`yKdD;&-!1a34Ex3wR6q?&RM;L zN0v(gJkqTyn*F~&doO;U6d=X_uYZ?jyp~-awYj z@BRbIUAbn?GOB;$(vOJRo&x0b!F5LA%RpqBsWbj%poy*(z_reIW7jW3Veg~6c>jZ} zVL>*(2cR_wIy8i#+ONlpo)87LQJB%cF zSeU2~;4^$6=B5T7irjqw&atu`D=P*09OK_rGcgq)>1^m5k7aZZy|dlrMpBojD~22b zb=~Hjk#wm*xppARUICl6EYm<+Xss$jgyu53O7`UHgv{+KM;59}-S0>Oy1&~kbKp|t zZ-54>c~2dfaS56wV+NfxXTuMGzJ_ORj z%6i!8(DDemhy`%g`mSMXW|kLs1aRgb|=Ttelo_)A~o( zHQ~1ZLr}!t@T>jR9v@x1_{}>0#%ngbOX#c*&TfY3tv~a>!}gww-dx+qp!YU%Qhj!7 z03zcmw)1LYbrP;XX+83!ScX7m2}HF2ptJY!7F=iM0dsBVKH(S`_E30;QiY2_cbK^< z2JGya#+U-A!M6Or<4-)Dv@Ji{VA+9%_MeMaaI7Rj<1q~g+`RngI3lnR;1JaO_h#@M zAlhIVM}crKFeN_USbbRRk|OR227e#UN2vL`UHxc>{R={Fbg5OQHm)##};{ zW9hLZijBtVWvWOEOQN*&v|lDsu)HK|1)J+-5``U0qRcHVTxt`z9B5E7y*Qyuqj3RC zz!>g0JN+{o{GbegL{!O1 zJ#kmu+Kcm3J^-R*Nx4nK+{fR9a7I^@Vt2N5q<+8+a-4TqU(NUkn}`ASTe&64_;6*= z4Ey6>sKCcWgD5f@22fCDxK)2PKE#cLSQ9LM9k_qMw!R4_z0xDJ#u2;T(HOTaIw1q8 za?HIv<9)FFSfKFRe;7C-7Guyoj1yJr`2W5q0f`Z>y8*0k8zdn=!Ugl=d>DWMUpbA4=K_cFGcYn% z;~S$H6>LCmaRHHHRvvU6ApVD7hje<&RKs!E#>)%Z`3(-1G61~98~BbjuiwW$7S4Zlb(}cRb*zI< zt^`}!oK1-Cun%0#Gs_!yh6@^2@!KGasste?1nk96LE4AS$^J?OSn+gIMPV74Jl_|9 z_VVDA_iq6Z*@FpxWFdBksEynY$i5~B1Q#O9Mnw)sOx!>!N6uvHOY9i-YXk&_DYboV z=}L7x8$f@N?)?4y&<8j^$FsM@zLy&}e;NW==~R?dj5Sot!8+|U&&^+r(fXPVCeT^| z3v+e_XeJD-$%s2#RgFar=O@eWlGlJ6>d_kiq)SY)u^(AyN7{E!Cg7fnN6uqVB zm~psjwDRBf zcEEX#NQIk{ylfdypJIX8aO{o{oKeo9t6aGavSwuxu_?4z%&IIU|HcYSdTToPfJSX% z?FMQ#D#q8BQhh68l!V&BfkV0ntmFnCmEG=Q4KY9dC_;V~X<_y~=}#q-$<|FxF!apT zWb*{MwCXIa;Jdrp13FeqV}!C}BX&)fmGG-%BWq|7>}Zl7d6;xS#d06_v&ONa<^ik; zkJ+>>po@q_@fskBbejSe_Zo(FB@rX&zfT^kaKPeQL@>SIbom!UjK%enJO}_;5A65i%M$JHuGe<+2Y81;(z~vhR%uG(SNmw6gl{FX*QNV|CS>j@ zM1|iSha@+GI&B%qLh4f3p$*`jfmM$f>z(R~4qhIOEMb=43Pft%lZ1f**=n-kSO2L6P+ z-{--;4*_iDN5JQk7JlbCIq#3SfDg!OYIaYjw^$BoQ52`3E{Y{0Xc#b3Ze!~j0 zwtYbkwa-hA3Tg+2Y&mh7ahzTuf9C_*(x$bn59*0=u^S~@l0!W=fk=8B^DpP zz!S_*Qp9cJr_L4i3#9RE<7rpUv!E}j`jCtS`=cYg6|z2Z zmsD*JRGeCj^xCt-uzOFNvf30VgV$cF(pLgD=!O0JDB_o%s>st6mpHH=|8vV_TXg)` z z=>Tg+{pT96978XZ-19-^aS@xmUo++{AzxBK)X|H0r;vy2Vd(-yRpJN$xnsfycZ7xx z23X}8G?JC^lJDqB9(^9*bJr~U1u&|IsFrIueZ&sI>H*fw2fBGSllc3}3AQ@63J2{J z+$(r}>`)XSL0~tglaNRoiS`bPE!wSYW>h*11AZ4`W z8$R0P2p2*#XF}DOf5n2g{Tl&4xCOZry(ya6CWR&5>cH$H4~GHitT%Tu@@v05axXXG z59@limvmlRUSTO6;K{63xrQEH@zbTB33U=(qV>g;Hf`yP7=W%Sm~H_7nwIf&a%vt0 zsZ)|YWbw5-lHBy_@qW3P`uxEdJi(AkGjj`k#sqb{&1XUL@V;H%6S2u%*<0nJAHME7 z*e=aYc^y5wFm_9zys4o0-c^GcE|Smo?5xFLI2*;zf?HRPR??T~d5<@gMbTMX!5ZUi zwNVpN3lREVKG*xVdI{%2xPFvR#gjqgyGl~@s{6&>AB!W93u<<|g{hJZ{e@l3m7A4p zJlTEfKHMa|7O!nfY%+|On$7r+IG<%FW7p{0RNLF|I5y}TLV=n016@7_M@0BU)*$74 z>}=;W)Th}~;8W3?vqeDhs?#!IDe@qi@4yHIf&W0@FVAOQ4QLN`7yS~=N^pYBdL^u0 zM|7?O#y!<2-ib?#0_WNaZW}x;`-m8o&}H*urCTp=oNQVAlVFff>dwForlI|{xZp#7WKut8tk)yF^`ieNbk{XP^~6TzM5aot zefu3qcz)+j66Vzz5?y%pBZv@6wCd;LRQ}pe>hq7={5Up`zw@!tb=cso@7bDBW*?S~ z?p1u*(Rw&;zjc(0Z!oO1zsP#Qz&eoov~qANzW@P=HS%uAE(zZXA!(tAEhh5}+HC;d z;EEoAUmX+WEB0<6>w1=t zsA-bG2QIONv%iD+ZqkrK`R|WezaJ~P*B^g;B)ncCm9w>V zwi}Uw7*}^CtvAs$&EX!{TrPZiPZPf4W0HG4wRzNqRz5+rUW{YS3y{aXR?AQV>iuU$ zs^{rm+UcTdaqBKiYTD&MC^7iFW9CgmENwnX5;--qxc6C~E9=hrETQlA z(9&xSO?wR{Rq;=B*d+NnkOXVY+b$!`Jr`Z&HA*b|fEYd~>H7BFfQWR)&&gm>dJ#F& zA-N-+qPSy*@(X*+@lMo-$!h1f_SKq|A=$$e>S0r{+)0VQ(hl!5-`D)|{^df)mQb?t z{_VGhGBTNX>T|`D84;9P#yh{_9N5l^n7J|n%mWL8T#+|qyLJi zr2n$>mu!XK;ZNY=9Jh*iKh-y|LBge5-l-(KvCxcq0fLSxF~niFojjqN!2;O+0X^TG z=GF`!NwL{Pv9Jqw>rsxL=4a9Bgxo}J!uezW7cbHdIGj{t`yO`lfxSyBj_K>cFSXmd z`4Zhuc=+?VJVlbT2RyjXl9!LG+TJB9H62GC!x*RbQZ~QjRajmzQz?P>ueKOTP?~yw zcV^Vv!DS3KxJS0G;`gprEsUg#;TNJyI@_+&x8rk#sgdFwNa(F_j?ji z6QrLTaND_`eZKj^l1S1vy%Cs#XOho=LfDV~F;VJ1WXNpN z=!3;v;LL8iEnp&yN8)z$NN3yLWIxFQ2W0W-B<)9rotjuD;fa{ue~P$%tz7bTqHRSG z*-Vwfvc#>2>MLkd6oC_nWwoCyf3n?O3lCfjX{fcvXzF`t$<^D)JXZ^(y!!A57-h17 z9dSk7oTEF$;|TA(8YOR}0n{b%HBWZmbH%^pxGCYUfv*ECcCP+o`#AnJe9yOJUv!f2X3K>b~es zBX6F}ci*2RKc9jpadB6GeSbA$+H}tE1=eS>ksz2uO1dCQxV`gb*(R9F6jlAn>a}Lm zQN<7GGv&opxZ^e-pG>Zur$05bLr`5r?Wmmoh^xBwDO}ZsSZ8K1rsymCntuC`qSlZF zs|*!B6)iCp8{E<}s)-r+YX{V+>UB63*rm8Y6E$s_vdy$P_@$h=pxv+*_lpm7i;byPUx zpZtxFWj1$Q2Ot7g3GeTkI5O(_jA;aIlAd(2)w`)Asd<$ikQ6zZkc6Qk9iK>ZM3*Y1 zt_Dx2!eax8e4Ir3ndOpeLU2D83^?7AXa2^^ys5=(4WF`VV&0UE*?d=FrYvqBDlyk- zoLD~}^D|3nH;u?(*Cf{8SD(jG8aD#I@dy(hKkt#H8#H%1*D1uMCWv%dc@sQbC{gCv z8*%EoSdor&Ny6uEx>42eBOgKI%v+Ub?YjG{Y(aFk@u_TVZ&Pkpf(V#_kB^f8&&M~ zFLdDHRg!5v*-k3PJndGhvh1IsNMi~_L%DYws)4zMR-TD&T23c`=V~Zdk@shBPFK#A zK=Gsl@3JdPAH_FFBU8(eE-0;sz5+#UUtPDN4-^R9Tc%zD#AJ?%j&|({ZAhqN?x&i8 zu@#z`ePjD8MQpaKrN#zF*+d^DKAEo2duSk}eg>nc8Edq4gPs13<%7F1B-)$Yk<(5N zZvP-e0FSr}AgpLh2pe{X|8LAvg#`yo@{~8nG|GytLR1^@2e@zrWZ=z#xJkC0R_euans0}pPg}@X~v%yE^ zw0WZ1*>>Q&DjxvHtOxVrY!U5DLkKekqXlq~;|Z(*vl~(f5W$KT3O()SPwkb%5uzt; z0JK=$ix^fL2Y*%&-feqa2+jc6F~F|qGB0Ohs7C< zmW+%^EgS&aXrwtJ!;#dtGB@O}NvMhqReY{FFa9Y7SX?jm2$n<*BgaatBrvv?*H??AZt7dM=br2v2UahHC@OiBma8c>=dWDf)&=0Kwr zq?jboJ7nYw^ECqdePJxp=rb+6Rcm5^bSVYtDWgDzW`i|wz`7o0dj;P(#@&EH_{w!SkyWxOC-QaeU%>{M zg+P~mKKl-M8ht7F3y>HdojfJ6Gndqa0w`7zjJ1=m7}B*K#cG62eutLIgiyfEgn>7w z@XY(`uWnz={PeGD;)Z*HfUe**zH;JKYEWz~$uam|D<1jl{4m#GY5mb7Y7LZ-Q4hVh zfBH-}`dzpEnI3?t4&e>NpeNHvvbCiYukLWc#d}~wwzXdHqkETP(-$*O3%c~~ z%Lp1A#VD(=e`+50AtK>EtSb=+w@{o0P=mW=J#BKm_@z5gPhzOziB2)o9 zIi|)K%?!905pLM*x{7x@bMKtuLA9zAiEq5ti?n5{qVaN; z@mYI&@hE-5*VTD#!(RD?6$k^j(H1d%vE!NRM)k)Yu$LIXx!w+bZ}_))i)ZRO6Y6+5 zGa|f$&1iKyk?<(uxK8Sbo^?dX4uBAqK$+S~n{PI$yuTZfDEILP3xx_IB;%`FE<_PYh_&dq!ywiqk0gj3L>RaZ&1e9F1*Kv&abM2_bO zfltP6d4Z9=N6zaK(VWF7-8*PwCBTOvUDp60VK)5+zvgVY0DreBA zB$`lEbN{*daTv5Q51AbuVa`d3lZT8jbtb?s8nV|D(E|I*a;)_DyhXS5_ZBy$=W+9OIE*#-ivEzZm}LG|kYy+qr+A=y z{hISq*MX>e7&ZUl<`v$y4^o8E`QhP)oX%f=t(5_pg1}V}U@jGoAYOOQ!MA{~Am;|%pV$H` zSlp>x;bSGQYjxi*PR5IUj5;+r!`$RTay9uiU1@Vy7pT_XjoVhDz1pgmQm7A-$}M`E z*a!Zv&aOP1%I<4(GE1g|5DqyZV?vXelc9`>bRuQQJVud-+xt`pf0Yv-h)~z1O<;y6?3X&-{~X0h-b#CGOKzg7hma zgnbUfb+tFA_+@QEQ=#(e(^0qT@B37K9vxJ5d8|hHOT5BqH~s~Mbi+9g9Tn5-QPm_ z(3)Q7@_0Hr?Rab@x?0HMyW$fw&1;uyJ*9J+vpXsVAozZRqO8#_c;Z%T-tZ=>R#!bS zNnFS3XiCo-rv**gS_X+QADfZcx+rjeiF2N2sn!UWDY-cBS(6CKk87uORsqL+ zt-L-n8c!B4tbCs=@Aie3FBOE+zx<&w=HjndGfUqrv+66Lt>^vLyjNjtP;lrHYW7M( z%EYp>b)fd#z_kK9oAloF%Q3O6Uto($L4*BTKsq9xKhHQX{#kYW5{6}kv5gYQNpUrL-EIl+^WPy6Cu}`n54}|Dl*uc7ICpgz$o+4N#ct}p$o?DM< zz#G1kcT9JWFgt_q`Xp>#h?U_FRJEn*u6^c2=oJYG(qKpo@PE#sr0FVDqD(6u!+(`$ zw^%MolUZI#hQrff@I}et79M=`dT7H{F@ZsWGU@V%<_R9=p6Xmhy&Mj>%&w}-gD0U_ zuF7HWT^1_Zt85+e>0DA_>V!sGXet-qP*63;x@K|0s8rjMoMKZ~&9Heg-AdZe0}@=j03bV-QS181TgCetuZ}p#Rl43SQNRbs+s)xFL6|e z?Mvs*(R{+%QLjbF?`U?TQRX~5ZOBiDrG)|&CV4(#4M$|Z6(8=qXRMBcA$AG>ysf&6 z-rh5srGXiL?2c6n1IAWU^#Y%We#)d%UX+_C*|z(qNx3kh_1N0A@!JS$hA?0W1-dDjHdm-i}NicH~`D z&I4UGJyVlH2ZfQDV4Vltg}La2S*;qIg!dpgAdjoR8z~>qD99p;!&F9K4Xq8a|6Efj z0^j3+L+6>*mfSwYP?#d6JPl#{6qztTZ4!?kGmgOQg$Gji;;^(Bf_4D6Ktxfes4Nhk zh9%ZAXM$A==wwE%3$$aHsag{$4k{U-dPTq zYBUJrwi#lC0t|l7MvM>h=I5ECE;@R+C~5dHNqQlL3vT8>3cCv$6+cAwI*yOjN{Jm?UyqiMBx92-~A&dQl&)svuTZKqJQ=UtX-BG#p9Xx_F9fc zR_KBCJi(t;)9C2o1z8n%2)9-5!aD7wi2xFo($4=4ht5Kv>M9$o{DR9hM@t?mcP_De zKAD_<9ys=(9@@M*1D52_Ep{JK?-EJPZc=~jYzxW4eOBa(L+Q1aRmFe^NDD#9%bxV60&G}*)SdV5Ht)xpPPaguNQrm?Lrz?gJ+B8RrhHR9MOT7mQ)&Ail zralGh#+|3I&q2DNxo&FVeR{q^lA7o{%ySc@=gwmjThp7=2i8 zeJh|vo-!NzQE}?+vF@5b@_{WPvBE9L$LXW4$gie6wbkdejEy@hxS7v?;jQ`0R@!fC zD!HugoK~h`+t$(0IJ>X`6=BGc{5HJy>~cx?v=;!|zC*+Qqmk#Ke0mL`20rn=*A{hs zB{B0*k$o}Y_#%VX6aSlp5Hf!p0~|J0H9%T2(Cy~de)f-v*#s_Cwwf|P^Wkdd?X5y>7PugFgENE;XckhbvzrN`}p zLn@I1B#fUJeUT-DKB2{K%KO0O*057ks%*+DP+Ln02YY8s#d8xo!hH(qZcYAUG{|wRqbgatM=N`^aLXbGCBJ`7F(m6$_M-$&f{)i53k+C7w*Q!GqnriXc0gM@HJHIZ6Mbb!p z`fOaL$hI3@VNGpPC!u>M|A~eixJ_Kd%RnPj6|u0^;nGV6vFnt^DO6)_lGENtw;X0q zMH*Gh+~b+d*50e_!B!t*kurN6{^&n}EKxR0^6LY!CM0I+W9;RhKfbk*d)=uY$F|L2 zhth%dNN-HfeyyQ;@S4N7aGIRoUfoe$wSfA9&&$gNRPrsc*2rM%BllvM2*!OnMqy%`$V`+GJYO6{!&|ENf%Ed#OZlOewul_n zRJoY^erfPT<2^&&r2FVse1Tu&kUk2GLBqWhJ*~GW=7elJ-B)K&pQ6C;dZ>MkUidJIa zY|5HCZUufkuyV4672~Y~uB$q;y=t3lhS}))n9CiE5B^tYmVE-|@2&IDYnxmyjv7D> znvIPGJ2<53eQ#G0vjd}`(hu=mV0afC-5iNp=vVhuy?E&2WYF;#Y0Pr8RfBO$?Ct(b zW%+-vD&U;|wK9NO63dR5ky&8e5(mfq41s46Vkp0za97Y!1brN;gCb&w(E7Sc>R%U( zx`s~TwWnirfz`rbi!I)NIrqmGfxU#;;9p22KhXUr3=7~H5A*-uE2I2-HYEkfL0hm- z__K&Ap-~iF)*vAB5o)qKgXQgolKDXDwxhJKIt?V?AO5oT!O#3*HaiNS$4JHRydx}QqUYM$#Mp5lgi&xRa*mug+|$;()}TO zi(1%A=}=YZ67sxE^ve9u z;B6*eyW#6AsRp@jV!b7HTi{&59rr(2h+do_cO8e2m4zmcg0p?>KD~uDPkc0oKVS|L zTxUa|SNH(22btLP(RFm9RQa(E6bK zI%It>C%)XsD(NaN3`L&U$l9p;Gdhp2yG-NCJTW|1d#X=Qx3U*kn9|8P^+|jsobkjon`wR?Y(kxuOhms{Ltb%rf=FsUYV(@6@8V*Spa|^1Uue|EjU+rODw@*Sjjze2V_u!_N zK|6H8lRMh>99zTI6!oFGhXVIUUL2 z_*fmAPxXP8YNpwB(Ds`A8ybSFVsio1?q4`OI85ivK)CIPWheGyt%*+{5qg9wf34$2 zxS|jj_I1y%QGu=9Oeu@>Kh5O8jO2Ejh?08(2)|Jkpc-zLs3r5DAo;1gSnDePypq=a zMkZ`kfvDDlcrOGkRY)k4UV5R!kuaiN3S7XR-g3-Azk zc^^Ojzz_B}Pl+_PGtg5oZK~#&_t&x9+^I@dIFFTR+nQZ7>JviSmhj#X%Z{NwsVX># zU0{Mc8oa=q&}*`59M3k-8~|sF%YD>P?$2!kv0q3qz1_ouij}S7ZqgdI1gv&*z6Low z0U!&fOP7&59d;*j2uV-Va7S=yViOZ@9>oTwB-kBrS(AI&LDK6_8GkT+7cw;T;x=%f zz;W(Pq@+SM*OI<_5a>PqpRn3@R~qSu3x{k1fxF;43w4BhvyEIA^vo(DPVy0CHdbh_ z?&3QtjPH#27RtKUADaf<2t;PP7<7H8g`Kxu7Mt;uVhvTsw;x~qOpp5P_~uuXzEomT%}7-e!G)$l*IlLAAnrHPhh^Bi|N~0qb2N!eZy&ofiowd^vFk#U4trD$il< z`1zMxL(nlOw!8g^g$iVX*R(ZTM=IHYv2RaWL6wtrGnz$2$=nBucVOg2(zpedtTbB+ zj%eHuhT0Hx2bI5uShUemwLS=-Ii?I{7FchA5$cE93_STNpkgE0cc$AbePEP*#OGd5 zsQ?<<`8%mnTM%w0Lr5I)DLw-pO;2o|1^o>Ijz2jTfenH(kfizWfc0?`9N|Z()?$Zp zR*oLoKI2{<82cL?<4`n#IAZdubqI6}xn_m@@Qu{BeGk*ljjZXd))%%I%W*Owk#VOuSCW8U1bZ(Wn7W4YQGmlCf}AOqG~sCrV$mXKzSIvF+6Qs@jTd#wYA?NeR2d=M zd4U?KYY&}!J)0tHt9##5m>16709`P*Ko7MN)Z6gPRbC1Si0p_KQ#}8*zUgoQcxzd) zH|PD&OC^jeunAn|Ug!>%8yt8Og+iOPptukvQ|{cp=R!0-fg!Gd6rX33hVY21LVOw4 zPNyIg&w*S@jK1JF(TD)If=kfwDyGM4(5P*%p9mgG{?~(@cLDMND5%J8i#!cnSUr@V z+bmB%T){B@y8u(RR3HKuaM|Cy@YN5>dU$)6;*_Yu69O(8od*ghzA>{P&$B&Qz7#3B z7gL$dYpxzhnDGyoNZEEO9?;ipEVRj+7RBerEkeW-|AXGq*C2?7X=aO3G|WUP_X#(V P0{-a`^fe3At#17fy>0Kq literal 0 HcmV?d00001 diff --git a/docs/oidc2.png b/docs/oidc2.png new file mode 100644 index 0000000000000000000000000000000000000000..5e12ae9e2f14d0d6bb9c5d0ec7346a23bb223605 GIT binary patch literal 73412 zcmZU31yCGKw>H7uE$AY_-QC@t;1*yPcXxMp5AG5mxCEEr8rRg69T&xQ80X&4fi$VjWDW$X9|SZ24su9ed6Q>;e$P+DcgeTJ)&vs-k0kpteY^htZVW`{xoqHVPU{Uv~3)P(1X#hYa&Kt~7I80FJLwm+!?m+D8FBs0qh+w!$~Q(@Zu7D|jX-Aw`r?jGI*C_JAqUQe^%HWtAoM+LcPhQ?27qSlB6 zSq5Atd~%h@R=ck8&Z_vyj|}GV4S#TQEUmA(*`Drn-8}~#z07@Xw4LCvCH4;NVnO!2 z+MH_jbPR^kIUjz8#6P_(Fh0E-kWl5=S+AS-JZFltvUr7oa5MzF`NTL0@d<$W;D;(y zd~-wHL4}GOK;01p%zZd8K$t;5Pz*!7xQ^YM`!1G+QX^fOTF6yX*$@Q}*0pt?ds=7q z%*#Ns_tw=8JL0AufqBwnK%|A}XJ#+6xbiZJp#I# z`^lyoCCDE#4k|(j38-4h38m3Z#09~*0rf(CCmFzH2TK4|1|a@~idMnau;L>;VNx%(whJQ*P<0LjBa_=u(BV8tRIrw748UOTO zCq^)aKDDr4Nl&=wAT(fULsx^?dzOqQj0$Q&i!4@z$Q!eEW?X0tpEN^`e^qTT*crHy zzrgY#<)AQzYW8MsW?vXRuz5kf5&DauqPD}r1>yDJZu(t_hyh{%@bVIp1*%i~Q=C&(2P8Lq9*Ged5uq|EBXJ|aG)XkU zG`UC6bE4%WUZYJnV>1niSW^#gNMD@`{gYZV|wRej`C(2eNKk=R+ zpW)jiL(V|W*|>pn5sSJ8|ATW9Dw%{6&QnvG%rbu`So&su;)0HzbO6R(rnhpvmI zi_w?C7v{YjEY>f$o5Y{SKQ#bX*i_i}7x*uQUq}h4!{JT|PN@x4eKg-llc?0b+{oZE zR(>HM(PiKx4M11MhC^=wumIpO)KPD7=&?_60>h~zpu+S}@i8SMD#Ah|QX^w!H^`mH zjlYzWn~|q~8T+D2elFvagdXP*Kaz5k^h8|+Af)pa_fQED9#EqYFV@P_ zBhVjLVvw$uKC5p}Yma>qe}sby2ngwI_lKCRDJrXrCKVqKL zrWQxjN+V5kuijZfQ!Y_4U*@BdsDz->_WfrmL*ZG0kGQu&pkiR9axrt&aK+(wt#a-v z@mW&KWXmy&YfDc{gBkrvv?;jRma=PQO>It*tQtObJN&p5j{NmmEIFT|sS0atwQnjh__VC|@_mtMhqT^k=pUB(G~5zRUWF z^C{~oC1DVuF#!(&h)|D^mXI^+Cfgya_+I*yxBa|@wawAbF%e;@e`+^l^vNgi)%|&2 z4@*~7Zx9)lFih~`cl0X#;;BDx74M&pHHgE_9s6FBP%Ci;${NoMw-mQ(k3)AXH+oM? z&wUTZN8rQG1Koqg!`=hK6X+rPTIXuvYU17iZW4hC{(%5U;6`mnHbhfO3gld*Zl(yL z=_A|GrxFD!9c(k5)jrhzva7q8y*PxO3u_OXld2!GR92exFD(X2j0l%eN^tFo{g$gV zv$8)i%QDgR=JWOfdMO3~dk%ww#d`ZHV9;PXkX;B!iFiDKd$r@6KgcH0Cdde-U!(^U z_Y$KMYKZ%Zka(6dNwX6YuWr+3>h`vE2NPo_vYB|4lVuX|(s_JTPIrn_!&E<&JSmK3 z3-~^nXSiy+wmNzEJdJ;@VO=#h9mmdD9lIDi7*+e-o)$a;KZZ9tKhl{anwyx$>N>uq zYrFr>$ zOmZ?Om+d!=U**Q-DK@QZ1kFXh6=mA_t(74y6dl;J1GAl7r}mzed$&&KW;5AhoZ*`}lBsxqE)Og?J53i0vUh_nLm2t#7q;eskQ}Uu86(U!14u9PvH< z+NAIMO24ywC$U7aymxy(vd-I-^%MK&w#y`Mu%MU^+dJFyqXp+TSI#T~={IjoKUJc% z8b&Y!8nA9&2%)^J)Vk+)Zi9EqU(}%}xJAxElR&AtZh+#_Uh-r7{Nal{|<{kFg%lSnVoLHKP1kXqt&0-|= zyloNY@^iS+u%rsowC1-T-%v)OMtEs}v=KCDNiIqI>K z^93`5xBx^STpQdfJjM*UOog=Dbiul2TP<7X(WemkqEn*D{DSh{u4w04$LP5&0g19&geu(g_K@NSo;N zuvdau=?!@`9-#ZsvE562Lt((qbb%>#Y77?91YdlH$Hlik>h&20P|6{XIp#RLxt$ry zH)V4Zhti3u-5+~s*ZuH22<+qdm|B>;Nhe(!&ddiYP9O&@4fj90A+)QS>$=Y#+2sk> zA!^BI@}W9DbC>KT7T30^3+i(V>mVDTwU@)amg;%Ouf3_1@aII7H9oK9)|H=YpM3jn zzCMIMsU9oTR5zQ0R=-SGdMtUuJQqI;B37cl~7`P5kY58Y$T=Oj0-u@vq`#;+*|v{m6A%uYkpCllb6@bE)*`RtK=@7EA-Z))Zr9oR1jS3 zo|&8)`u%lAY#?bpYM8*f6Lh(Dl{}Z{oGKrBD%ytqOc4q_s9jR-y^uAk8*#Van!|55 zP2bNyOctKCmA>aZ-qu&r(==Z*+(n;9TPp};dr%)*o=mPCgH%3n`Q5oV*=%wN z1;>e@gMv)x;pxT?mlDM=1%DL4NoDXRH*99@@H zS5~)Ud`r0d;MEMmI2Lv;BV##TH9e@=?%jB>XurtB)OK{CCa?O3K1P*NmyOn;4_Q0S zquG4b^if6zOyg>kQBqScDE$Z9Vq>(AQteQzNTsx_L0;whV@%@?W%`{_hS zMOvQBHji9+SKmY78{a@p8m=l!@n< z0ikWZbj!2gEPESqdyU9~sEGFke=svB^C`V0eOV{%tA#eTw(Os<#e@^clShKE7(Rup z=f$jaJ>0u(-6@zn2*H)kHd{BVgr*L|H8p{T&fh*+Z+&1YdB8ZeTB|UTQkgW3X5}FH zLQgd}CkHtfE3K8&ho3=jePw~8p&YT@3AMw`1!E@mre-zYtz=JQ;73kyE0R6_r_5 zkLIf2`<%VL%pjf7Ov?}JT+NlUYd3l{-5w(z-JTzC068sI)U8!oDHrJGNL_Mo{LV>S zX(jO`d0j)h$-)O^6rFOlop_wx1rW|+ymMw9%Q@R>YTvhn{un+g9oh{`{Q};7eR{YI z?`7Q550QWBx=M5KvA!ShSTY*`%{ww|S&w+FwH+hSM|Q~0oOe|M1ekmt^K<6_!DGtpc4GY`r-0mD$aubs5~kv23`S@OB?f>_qPnd^vV$=KgsZ5g1VUdR z%K5XyBA}6|4-vr!PUpcNP_vNI5@)HtL@+;v6eL7)XS@17Yj9PTNj8$}^^w$zUl^J9O zzW&lx)(F>0&l4$-DH+IDn2npBo&GU{Jj-3JQ@l_uXdcFa&d$LK$HZ@>VX#QyY?2CE->Q}SGpaF8&ER@BL2T&4>J)ojN~-8t=f3>-?HTzA1N;su1-dGzG}tVN zUJO@ELu}h*%XocYnbL`9mTT5cjHB$XR8D5qz6GO6Q6{T3WguJMEhR2KTRb=0Glsv3 z&mccCv z$NIna?e$fBK_^El!Y$e>%KXOi&3mU|mwUGfs~D45`AREYCf=e>yTzk%0Al3+B>S$K zAvCAFv*MR>uS|jP_IdG&nfBfpb|^jLSN?{a#{R|Or8e#?XRm{XJ-V%}maawTMWo~E zZ8XKs)0PwZlkI(-!+R1TfeR@mS6CgO(pMcwoo`mNZc!d5$!<$Qz2U?t@hFPqf5`8P z(}<7xjk0;1M(%D5TX)mX5VwDiTP0?7>V~#2KnVxyh?~oV;b=2(r@qnEv~IaX7a13_ z)Qs$6*Lf7(>FX^KHc32EymSPo%)_))37lTVc5knhe9Lj- zLS`hw#QK%15^Nsc6U96Pzk7Q_{Xz>8rw2+o$Ss(h^fj(=h%kw|9QPK^+ON}Ztg084NCrNECY_21Rsv z8>uN?4u>8==Y2H|Jm!wON{NAby1^6I{jF=eM@@M42}Nw;_HOS>d(c1fDJ9Q zwONvbO>%?146UuMGOVw@+NY~nwS(u;KjgMOueXFC`w^g5-WA&|Bpv#;iN2$p+SxSn zeR@a*1N)Q>Qv2%kRbGzA#MYX@=$oyvDTAB!2X6gw@wxGQ+*+GD83Ej^t!x~5-1tfV zq2T$r|J%$+3iyY_$&#P+tGp6G)Yiciz|O$Nz(gtl4*&r89KMOC{>n8nwsm&mCnf!>=)c#0#%byX`d>{pj{i>UV}gu-dl)}r4C8-gf3WiXZRJq{ zxtUsh6$4qD+Bkmb5a3{8wh`fx!C_N=l|*Xmy?h2?*#tOg#Kf# ze_B7xB>>OI_+Qftz~3(E6M}&Wfk}%AtGRtT(S!2CQpXWkmZjI5Ud;onMi({&fCuEK z`T2c!=`q000&i{4&bVl`l2-AW|`x zAv&%}OfX{Fe4=hDcc-wly}b#o+d86= z*ZK3Wu;o>QXbP)@8d>M_=sx8nn^&$(tbgGf*m0oy7#1AlC-(;#00hYx>cB33+!D59EPkrV#ar2h!@fyYPdh26Bc%j%YWBHd!}YGm4OelS|_tv z?}b4rt<;qE_+lna`NiCW z8pMT#j0`n3R~&;P&6n=LT|8(tw`cUTXnZjE}|qBrNogPGLYX zEEl;QQ>MuE9zJHDDeIZ&X&ZW-!2wQ z#2+DjN0~rLM;FCl(1KoLEk>BhVf$TafQ;kE`TDEV_5hN4-yXfr;lNmC9ks$0g)$^G z5}wpU*vC%x16(wq*-35G8VWzQ`+ucQ3969_Db$WO`RVs#Jzak#FM#lM6AEEzf9xm0 zvV%HaNAoXbErJ**gpqxu(_R>Z6@dy3S{4G(%@(w5`NM1E(|3D>E{}AZJGbbwn3rUc zx93<=B7O?9&zKG`T&vIC%+BOxoQ_$p z*gs3Hi2o@R@(jdDS2th7Zp$fnBu!GHkbq-Ll~LYXk@U77pXBoZl$oo;c-$Kj2CcnM zE{R*KG(vN6FrU0|od%p`? zoh{lDSBx@DM>Qw?MMDV&GRY)ft}y7IJQ-eJw(pY|ZS{|qUaQ@TBpTMW)}0`qQP z4^%Tayv-WuU`2IBNbINZs6PF(llh?j?&L;w*qS}^-Rh#Z3ua%*C)+Yuf&K`!LTBoB zby$r|nmX!GQN(>3q>tUbNCR0Rul`&)cCAt@D@#a~s)kqSjh;U&z36X`X@5)?AIn+v z?88-bHXryR%P;%(MMm|g+E#fWd}f%^+$NLau${xdIMMU|Y$__f{&4s1l*%@TPi98* zhZx*b`#U9M74o;=&2VhSJHVs0ZNgjOMdtaZj@xlhnbGSrn2v+rS~fa`a!;1<&Tfqe zjphm5_R|J5H+|uWv&X$YH-4H|KP~QAte5LVgKKmfwTpu1t%fw$C%t1h5qjP-c%tEG z8_cv-3g7An@?mVI!PmZh>)tP41->WKY7V3M#0)t1^hvY1zOCQ%Dt1j~+IC3_q7Vyn z>ZPUl@0ZP(A8dT@b$WY&D*D{vdfqu|^YHwvx+{YPVvcQ#@7u&R3KPXc``1SzfFr{Z z+`0E^kYton)N; zZWLlU)mK*ATtQF2wPs6=Af9fveQ2zPYHicxu#}ft>DqZ*cMh0oyzX;48i1E73Ja+M zXA7ZkoZirhmAy%<=Ez42B~3Ed*C^{M)D+=Ow(G^h2FOJ&*4i_gqR=zLi6uZZ%eUVS z{F4^-4`D$ zN8X#yT@RLPLZ%U-@uoLOdXu{J+}v=p`CS!2qM^)0{SjE-bA3O5FF#o-Vomn#Bxtl< z4tcse1KEV=?6X&BmITHZu2dlwiv@P#iipGGF6cUNVf|gGx#IH(l`q zpa%PGXIr=@u4Tg9D+6q?@-^~3>cVNk=_19w-Ib{TS+>+T}R=1073DNoR9X;B965&WMq#&^rO${vF)? z`Y8fa9e-I(=Xtq}W1p)`donbnVXMz(Xl%Jjt=!y!Z=3BFL2gaEV^O52#p#iSP|!ZW z=kb!a=-0vYqx#X}A$tHLVc5n^S>hZLwphDy@RgjDi)vlIIJM`URfOH{c(QDAz0Wp9 zxzd}v#bRC#kL}Enxb}||VvB{Jjq*B9_>RnQY!RHX&W9>rs_?SLDu-z_8emO#Pk|Qm zr4syF+xIrHO+yRA%Zz#c%uSi5sS{ytxoL)1K*^(Cp9TvXu`B;zIV68nV(muciGm>MH zGHwp>^R((ut3SWRTb=a_rAWZzp&tFUG!X_)hvLbel2k6R`GOHHZ6{;8chXWcjqhJ; zQ`zUEax3iV`(B~Zf(vDmGYoqqGxM^c>Tb>GS(j2XaQKXbF|Y&j-VdjX)ZI6TP_ePA zV^$vv!ttaCc0dW7bQ*R$=kwvdk`lwYjDkpbY>T+$ga7#PKH87BI?JOM+;-Y?Dm&VX zwbchd@IQ~A@E`T<>*8zhZB4rIv1_GkmWJ-jL1gQO%h6sY*Bl|Z-)ml5ZkiHBh$J;J zx#hB{MJ2FYuXdzq;sm>TowyeV6-M7)VP=hHaIC}U>r4izEaxk4o)<40PI7m7T6!Js z&sHUuf1c+-M`voyY=N0c6B83#ek~qqv3q%d>lrgZm^LahZ!A|=L-pDb0yB&VzC#N# z+^=4Z5If?_@!B8G*7+i-lV|D`Bu+;0=Z7=z?cuFIJDZ{n0(T>H8nVzpwSI@phw}uI zIkWu^%;*LMAml@aSE&E$reVGBm0D90fSopn=<5ESkS`bTosbQIt(3`I!3@c`C<5!? zw5gRgAEfZ{X2oL{enpVtesVosa&C2b<*{CDjt7TOWeP`B>uZtP?6HumH?NP=*}1;H z-sZlN!Xa7z$F8v8_CbE4;GtJ@_}KcMi8dDkwwz-%)8%8@h$sd{MQgQ6l_+}K-fPv{ z>e{I&I<5YiAk*6yb#1p^k#jF%u@0HzAL6WNnl;lA)B`BsEGh@RnGKsgMix1L@=t}e zDxNQi+~TixUktUK$&-FSxgP>j*C%s??wHb9(7EU=x{)R}qv_s}3Ut#U_OcoZg6pq6akCxqkI5-(|5x^WNTAO_}8CA+D9#l_>{4V2a2l zlZZm=C6Br8$)#hukoms;fwm2rCX&-pEg4gSgjaa@I_YQ484yTJ1D?!c3LoIR*m{d! zsSaHy0T+b8X$KqO(N&drY})eMLyDyEd2|k9 z`6E&g=wNu)YaE4>$*D?A=iw)fy&T}zT&dS2eCinbR>eXm!_+jY+f{#UaY755+tu;> zrVe=$xaJKs=3P32%O%bwwUTUWHq1bL5)+^Oc3zqS(+%;aAkK`aGPVq#yb(T z^9%8Qt?GGg9G`+~sqjFHt?S2y@Qr)(dc1OYt|5!~{m_E9;2kx`vxW}UX)T*Vzuk}3 zpPkVn9KxvITFDj+*t|cl&n?e1CbtDxJ>Yt8t~OTo zH{LR%=SJ=J&vdui{7Kq4He%{I)T1^&YYoR&J{e8>(7|F2MWkA03$>&D;X6~9M z{(UMiM1DW`uFRz>W41`g74L4>uw1{22BV(AB9g`6sF_(YeC)Q zR-#YJwQovIp@*}j&bFOW`&Z_swu%tY$i+Cz4XUS>b64Vxt=K^W>4rwo z*s<+zd&?H1IOZU_xJfDa35L&u~H*5up(E6Pfev zB-QGp*gw$c&@Rv!J`#apIhs6U-IqsAlHX{##$JG-fiz?!ytdO~dka@Qx;)9b%NDaJp4ak0!8?McY1Ljq$f; zrDW?XQVQ=ZQqpKDxs)eXurxAG2dO*^M74jX^$;(nT>T-r7PtN<`m@4;gulzkiL7}P zCs80^hmEe3X`sdNM7nK-TCv1l4Be@{<6N!sb7VN5{8h*uPtW9xy|Y@(XAHqR^%dU@ z0At*6{vK7s_(hGAWL9)!J(uf9Oa<(LnbFBVHfT81r1i>F)`!SbVr(h=_L+K z7%)W!mOGDl7(k^SA=K(An6|!)FBAJ1sJRyYPX-v5rCft`=52)I3xu?o*izT zyPQt`;P<%s3R+zmCx`ndNdCp!gaOhY1Po}1mQp|}C_%3zSZx~l4?Of=Y|Nk1-;d7N z4V`K*ADP6q4ovX}{C||ff=gq53>ePM(1-(TOb46@0Lu6usOuu>V}AEZey%0j5AFXk z(LcuU0~ksGBn0d@ZP)Ti47?>j`F~QzHN*v!SrGk)KD*2DxkH~A_Zj#%}~+9k~8ps;_<@z0;3 zM7If27KQDC?aGFFyy8TiK-BPZZzu}rIY#g10!fdNX+En8PZ6W5du=kMrS^$>>kQ`RgDLyYn^v41Q1K)ecY2@eH@k9;ggf zbA_zr{mMMTW!K61DxK^v@m##HeS^)*Wfb}WF6XO~IE;ER&VO9b*9uH&HKqb#l)H2^ zgO{GG+D0&z9|+s-CO@LJiB8na3#~>?5dsb)w|oJay`Cdy)wtu;EQrTxN6`C8tc&=< z`SXIg;=rF3A(PyREPly~1#2eC@Ki^tu$-imwP(iD*L%OgId`#*s2zHf5Ja|(?M@<1 zT+PopjQ3g7?fh`)O~H-cf=KVtXUs;P-<7?eF58UQ>{qC6f7us6-(vdXzAXc_d+=Hp zBbM?~!=>fEy#Mz62E_>d7!bS+nWdbFnPk` z2T7OPCHBnP2QF^+C&bgG`q-D(f`(dNm(ya=(A;sT(L{l@X8XiW+!rXlNYN}NjX)Uh zO=(u+ESI;JM>gBDcHDi%>d)IIE4h#<&EKoEn&N$r>s(K{e7495`J966L|rsbUguZG z@MoL=D53AXcrzzcSA<+nX)(Ecrbu1AD7Nosf>MBiv!VG@Ubsbf(u(=Yl1LkLF~yO_ z)cF-b)Z6UJ#b)Q{pB+0k!JnTIMLI%<6|9ob2V|x?qcfXSV0GFX{Av}m1tNV2*)_be z8FkPo9raUf&poeGtRXA%OSU-t+k9R_SUynY;-O_qZ))!+r<{2l^Fs&-h^oDr2Xgz5 z8mQzFgR;WK)vb)a(RL<+rBKoK6eec5$y)r2EM`+k{~ds%ct)?yMR|FiQRQc))@+G& zCXNwrcu3aVrU2y`lo`A=LZ4CBg#UJ5qLT~N% z>cL55AKoIWyKb9uczHR~VSnVaC0`D`YDBB+shoHurb8Q@XP0vmD`i}e&d;;F)tBzF zFI4h)9@n=Fv&}}{gqS7kwF&;@*z_t~3Zu?yX)V4n)BS8O{btc+gZMSdfHvFyVBO8o zeQT?J1Z1Dmh+ff=m*B`ppRL~erxdk%4|Sd%NS~?cMOw40#{1~%>{6ZmnDK^IU4S$AGG>`Bs2~Hw8o7K7r#WgynlU{pIOw`5bh;HUl8)OAQB;LsIzc;2g=t+X7@yyYq#PN(q167ovCXFdsPH(Ido zGREa*uv^P8{`8t!%2}1m@qK&5;Tgg4C*XEaYICtJlV9f8+1)jjH{na`Pm@pQNoJ@| zFPBSaxtSV#rLtXXA0X!#Jf5#Eh$oYrN@q1MwV0z(E0V#=bkptjC48gZZq*&z&WJM4 z6(BC}ygL{4n=X-+^nSXl+k5oBId|IV7RGx!W~BL@c-P$X!*o<*woQ{!`-c;Cl~#wu z=G68nky?qu?D+hfT;_2#ONt7W~56a=0DtkdUz>Qj9--JN%a&_?=BeQ)P9OX(-* z=?~U#Kr??{H~Fw=bi>ws-}z}YtFt0BxNKIWzQ`oym8ll1EH!}2%xh4F)+cg9u64Ox z&j>mmj1fFuqZb~V(q(YUY`$r+nEx2pOZyQ+#6M2EON`z_t4TNU*4?81gjO)9d|RFj zB(_Yod%w88-hF^qT(9Y;9NOFb`EWBq9t)qg=MhY41N8k=AOq-t(A}adcV%>%aRd`2&o;ridQWe@BJ+#PJd3R89OZt=Dd#MsnyY8nbTkIX@Prd!baxIlEe~ z9uI5R-4Z*F9!Mwb21tV$AHclMt>HE5)d-Bw#GNXJy z1n)`J-X{#2OZC0eIjrM)5WV18d^ge0ngk~{C5~49@QH#0FQ?8+dB2ZfzbcA+v288N z=rbY_^#X3WTnD48bm`B^ODud8AnjGV2wJ-EKT*QNz52=VuY4v1IEaG|xd=RIMl~z9 zh}(!8H$Hr6oa#HLUWaERz@XhiVof)b-QC|}u5z3+5MZ(Vv#~s%U|mf34gk;?eAr@+ zR-Y+)98^wWgb!WJV){5QpdnHeD3FLXb=-3HDB2$Na->#p+@}XT*b2>8ua`1JNF4LiflM-*}jD`olpwJ zw@CT8Ky|*iECKI~5aiDzg(Qr(XRDFk+(eU#f^U^u-#?O=V^QbC7l$DnwdCQMZvVgo zCJZH5SliU`nkk4g&l-LHN9f$_5IZf$bgRY0M>&_S7l*LcDW4&7gyOk{RwwoAC4Gow2wnS#OC18<6=iz57QK;A3F&8xlN>9W>K4H}$}jh6G%U=%iSET%FQT-E~J&rbgG z!wFy1+9^-%VMZ|q6(=Q$z2!6?DUf==4(IAqNu#&~oR5-vXiX!M9l@Kww-ql zUhkmhAD(6NMuaiwH>Bx%Rw2xlYKfw077nM-}V8kOceQi~aLiC65BiJTJH9oC6& znqruHs;|pJEmV$24O);Dh)0S>VBJxxPB}S8OI}mJu|c1MiR; zUet$idhIKe;NV~uv!VwhzF-HzPwoM_tzN+?HM+fGYl`toFDV;c(7E!ku+^3g#GMqOn( zu@~dAZUluw{>E6*(X7<27#T_BY*L4K;iDy|VVZ*2tXA7}uLwbT)x1xWVu9Q3cBW8t zTO3NH#M%9Q8I>V9Vp+n_ys&9O%qk~8u4<- zGg11dEYb=p1=M7_a5uc??W-6e?{grrkZzSifA=xmPNf1N40=kM0k)?dbPO9v`r=A}Os# zwZ=EF9VGDgKIy~~CEHxr`=~gazaYP0%E*nu%sV1tcYFhjEUNHh6)9O zBdxv{%NK3+(^J^poFCV88HwEZs~4zLxX@D&y{hFjc##}j8yOV2`%|Doo=2b6s5V;6 z&6d#knh(Y47X_Ok<3)jH-b-@kzmpt33M=9X+JHA&V0n*6J$fSwld%~J`6hRHJ??82 zEM#d^>x#=~uxS_#2(p_0Rx4pOlhcI6$D>9SKvfyS;;?;xy$65t+Ss3MZ7k|Ud~p)E zxb}C7&xJgmuNvKP!aZGSiKMB+h7&u4ejmWUz!l;H#kPGF!Dn+>!BzM9AS&}{#A7oV zK*Zy7i<^cPzUJ9#GQiRw%U~~Rbv{CS3Ksx=X7@;%mfIk}lad;YA#}6ZDct|e3M|Tl zs;2}{+#byp5c|C7i#GwMvS>8IS~Z%FLYtaWrw8s%7c}`%^H5Ps?@sme=PEQ+3nZd3 zAMG_lTl8`^qS_}jgo_n(i-}6@5LaTD(*4Zb=qzzR4oyIF`9HVnV8-8{*V&F&M2HOi z);H=aK^9Xl;=xAy4B2SnALT;H?J?&h0%LpLc#U3HwGEv%txBzsKoS3R1|iUQ@3(DC(%H+z?>W#d`Ip zD(I)7$WO{Stz%f@q8gIP3!&|Aigxn%ru2sF6d?}`-MC;l1-i{{@fP9&-vUd&=h}9x zse^V6iCzL5eF3e2r0xRKYl?`Z?Iq~w4cK|ZQ=^2^XA`<*FRL2g13}2bBH@muBd#oB z%Blk?)2wXY;#QSO(Q6^=zTUYl^wt=3l2rCG>-`+Ghjzf+A`dj|%S zmW&qbiRr~Wb(fdN#=%af(}s`1tgB)a7^)xaB}AnnigP(T48cBg%A`P?5x- zKD~6?F6ReWNM95|IxWLwerU(sM___o`9h&=npU~H{bQ52DH#s?sB(Zp*jj(A=jfD< zopo8w^=1+77PAmS*sDgjMF#13PFa{zF-r+jCXp3#YajvzG6NB{GG9Eh-0_8a@W^o} zowcM25;=pN{^Q75HB_@kzo;h|fwpSZ?=5$VWgh6)=MOB}j6{RnQ%_qkw3t#!AJrb) z6TODF$qKXz0Aw@*_ZJ(i6l3ZnptMDSl8r*NMQ|(WL->Qx9K3JO=Up_z^c;`EN}7-G zyXu(>OqXE(I-}oUUq>@JYbg&Qp2ZawJMF|y!1c+Kf7)O*)Qx-CoQ~=ot1ypTdT;{SKogqu-g+L=J%MzgC-DO z13ckVsM9}QF@N5G0i*wl38`A}#@}-T5sj>ouq6RM#s-OpPVbJi9potjeV5)jmH|^= zsE{oKlFFOwwHSVRyiyT=BeY1woW}P(zGw>uvV?CFRKmFjdnZM!gwaE4+v)ike){zL zE9xn%FBZySeCj=EFnl@J%O`2}5v;c{(LCu{hty|`0R~2oH^9nbweAXoqQ<4@cz+}KJ~ zWQIC=i=D&MgjhvaHQJ>7`Sg&JEl2z6q8*I7e?+Z$#}9MgJh}**FR5##x>3OS;nYHo z-JiCPTt4z{9kLn_9Rukm)D}@U+c%Sj-KU7~`v4o?!hGx+=BBh_St)%obiwU;=B2--m4xIYgN^Hs%mxB zob#EzfPqf%itVZid#zY0>OZ_o(Pyg=fs70S}}KjQ&VIu`1Lx|c1dOt5w!yu!lBoUI+dCq9IjZqkn%)n zl|D#BAeYh(rO<2amG6<9;g~Z~?A%c1(p%7!eTQ2+hM8QD%prm2MRULQ_MI(sW?tiM+Q4u%_xgy@z_hO1fG#ySfFjZ?NRu-m2RTG_P(Ldh-vtsr`d^iAo#mNw*MGr z9iqM@vz0l55COBXESsd0X@c5{NI>S)Sr~LblLsWT)7MDkC;aGOVexyI{QgGo`J-uWnvl8X3b54XaQ6Tq$NAwH1psTvD>8^K1@~R}L z0!`7PG!xp%^a?ivB_VW0Qb&9+avxmh=y>6_$wP{V8W1P(XQlu|2 z?*JC}s~;u7{XLcAp?v0n5a1;{@I9_-py}k*v7P%|ax(j8C(;0h0Y~StJ-|CQA9g$>7u0Ep> zt2I@IQh$-Q__TxAnc%MSc_Ah;t}tQ|q^elmN~rifSXU zEGZ2?&oS9?icUW9qCJhX>$hl_KrqBbK`-?%7HWoqv5yr+J3NQUM?r3woYYOdolUvm zgx=LHII@ri%!SXDWUnUSKqE!ZpBL=+xg`zjZDl^wQB^sIL&W&#c~^HUkBCyL8bkG% zBjhPhwnkYDuTrT?RKbccHYK(JI}BH6nH+|QQNv>=TJOA)=*Gb=b%)f(zm+sabGTG3 z`LQb$P6sxqRPc@(F~Ru$<|4JUT?X`{G1b_U29+d!<#o zsZZh*L4bN}7zEy4^}YC2>haf{r(y z3)Bsg!k};{ny7RXT&VGhJAI=8FY^FX8nSH*bk*(-EBy54gTzaA52H-vMj;N>t? z=MTKqxF`+B2XPS_)v5_2dwJ7HLHts==`Fh;-T-tZ9p4$YZ1`EEB{s9-PQ<{M8xI*D zz?9&e>&C<=J1{=Ctp<(%=BhwgkCl}M;e^%5D|W}{0jctMm>;6oh7EXAG4g?Pm`leP zjj0eOtROSdJU1-*zA9$$m3V&7*GH&Z?d+~$z%P;(elq|3RTFp$ri!NE%;7iCdhjdU zI9|v?N|cKsr*e)dFF_bSd$iJo{GturF`qs4i9uKEkDiBR2%odpQE{bCR#LaB$sm;$N3_lup~qA<*YG9x>v@oGj%#q5Tv&BQ9!mr^J*v6gu z?sa9(?lOkC9PXXCAc`)+%7$nwV{-M`)RKf{3Nx9zoNtoXH@xGzF~6hSphTHWI^`xv zK+Lw^rReZloK;{ju>-R_5cGza&GcD?c_F+BQ+a2ZY60xKm{x{_T2b8)-9{&2;_u2Q z$MlQCyqK7kOm9Thue?Jb=f8fxSvbBVm;nxSP0<2X?Pv=kyJ@DrdE z&cODeRkk=y-^R3j(7QF^Hi1jmGVWU?k5gSnBZu@&;j?$YS8ACu#M)+!e@W=pBb$g{ zz2|nEP&CUQ^q9sl)o*rtL45KHd?}t?uyDCsa<4_iX5XR_RjCm4wR2wRP&YZ$XZov- zvn5O3V4UWvL22GnwXQY0y+*aX=VF7S-2;sE0b=Pd&)+253U?#Ng43`;IvMj~&s;W4 zMv3`rp`+k3+%*d>+W`;HuFmxrwPNmwK%5W5MTz$$O~m*h+baS~^!a+B&T0A)-+5Kb zZ6bP+wsrkNf8o}J&rxA3ALu>MpqF?8PMr}XO&3=^UMX1LB?xq#!DX36jB^e*>rj!=KS1NT`oMZyLUw&b zcv~?4w$EG|x%4h>P9U@gtJeFLj;cdic;u#J(d>amyRM3(tLq3&3LQniiuL_#Y4(!Y zoyuO#68Fmr3Iv{GVL5xVH{@53Lgsazsh^us_tB#KuzUM!o>7Tqo(%80R4#l!o8V~V zp<~_^I;7gh#@EgO)>IcP!REc+IQA@!rco1(E0Q#h^$TbJcYTwR{>i-OWCWj`jEp~y zThJaOf5?>o7=Iuo#4#60&(1Yi7Qvu%_0jb=}kjbH5e6>$mF3Yu7P5u7<)!*iKr1 zc290>T&cM_Gz|>7VzE%79SB`$hqbpN=Bcs?uj<6kdS>$tauq_PwB_yFT?}Y&a3&O6>;jT zeTZn8GsLDS1pT2AC_e8U*PF+b-Z3KR0Us5E1^F8+*S=(fWIwZW;v9785`{20-3YS*Q9 zCJQe2gLZNL`65OrGARNK?%mk@cUwf7-p1x!lCFL>RD~t-BpZ+JRE3fx`8e1jGWcQM2jGbN-soZk{3 zz`(9dMTLY+y1S9^JyKdh^@^C{4Rd=(CLKQ)Taod^nVh2yvD*_?I0_ItgQ&pzo}4XK%4@p-M? z7M0=%6ve{f5M`k2#V(IFPH|jI@M2jXVWbe`+6omjF{!QE;*sm>Hke5QbM~{AeZ9BE zTvb6Y<##nv4@#Tp6IC-FS3mVA7L=6{mj>R${xF{iX6${WQ&SQYnUl-YIh3w8?di{& zb!E)K%{aHdyCmf!kCR`DKE0eCh^;d93TH=0H(2Yl5`XTBzV-(EkGKhslH%BB zD_NhWk?Wylc>`q`{#U((O%2Gyus5stoTe=HBYG8j*9@8dX!|=3AYh8|SejlIZKY7* zJIX;jAib=`{-f>9r?xlQMdMJZBf?AkR0tEE9$2U0t-k*!Xi zf1#a#Ed|2(ugVRE^0|xCP^g7Yr_EtyU)`xHSQt6s{d2kq0&eC56{F7x$$2X0SKZhX z?!&6~8Yc8JIqygH2Ygu&{}>h*U|4ouF&%z{;S*%1)N7wHZi1hDl!zKZyI%)jeb@tkn-wj-g8}Cw9 zp#!-IL)wq1Q>*jhlm}yvQ+>kRCSv7mm2h>oY@N|1a0$#=sI6j&=8TY=DMiRTS`~dN zv28;vK6`UPL=1AF{D9lbae$~OwHnUaJjmrks>`jEOa4dXXG#D}x!0y4UlwI*i~0?E zHI2`G&Qdf5N-6^Cf!K@riXDx#OsU9s}N92I6 zDS^Xs;FY4)Z^DI^p-fJL4RT>$sS@SfLie4K@t!yW+nteI%{G4@`&QC_SA`tbQ@bxO z8nrNxi1}oDr;NEyQ#DgwBv@1^TP5D^e$eE|~!m1$0I`a^e~V z{iu+hm^@0??7mZcu-G^`UL>=7b+U23Upx9XFE5Whh7{#rbt7_!_j4CE%L=2fJjTJH zF+-n1Vt&bw)DU^>1{#|WtPdORFY@e9Zilz--n`N7&wkl;%`1yf4ajP=VZCn7Z2?J% zVf=6Y_#ijI$6THLmfxBB07`B1%AXX1+3=uN0C{boN~31o-A^~Z#g_DIT{toP8H zwE2H8*_e2eu|@+3egYI=o)|}nZJEFXtyk18gBX#j-r*m6dq3XM2U!`^mR2*fizG(p zSE20C?=NVbDrcwppKW`!f0EImTko*7N)OyjZ9v_z*!~&0WPWy-aJ!bmisS6FZjAr+ zV7N(|u+VlAxgm>yexSL9atqF|pu@XQ7(CC6|XANutF-+BKoRxV*a!daWFU zR)rMi%ChbLa`AkHkqQ4FFMtujBh^}~;q}(QjGO8ztE=O+bAasc@wryd2WA*`0BAh| z`oe0ifiy|qRlh`csq@TxRJld;fE9VZJ)JT%tb*+tk5#U8!Sh4#UVXV)Z&>s#E!|zW zY;03o$j=ir`xKp6(#_NoMxUKMs1S?5ILJ1;X&1{;0AK!iGR*WuI@dfwdfo*1b%fZ+F*xv%}CAwgo;xTRd{R5b< zLb(7LPS8L+u?DQy??WR-SNHk_T>X{=65a_wgM`LhoAJ7uunr)WGYNasW!Ah(ZW!TmL4c$lls9+?j{duvZQ-+5R&Eq2$QOve`wIHfxa+Jt20Ddc%vJkZV0bYYIzET?Fz~WIEMz2 zZa$>McsO?+?akfMZmtHlaR0=SA3v8y-n)3CU{QZG7tBp#j^<+n(&R%;1a;`7u~!K1$W(sw_Xuhd$= zzr5zIYdyTCTzs2e<9&Q|rS@q)7KC#REyabMD3-=)LLp$GQzGSZdk=0vnQ!qd8-P7c z6Zz&oyn6WKE1pkR8Wr${D~KoJR0r8h7bJucz1|u~l^2AqFf>H2<4**+X7f6~#w9CR z8}nHIjpPM-?s8cGAJb>3^r_hUwjxaxSR=B^U_L9l??@5-ZK3Dk(xJjZ1OGetbq8D@yp~&~IQmEP$(8f$!7d(XZc(cxKHhj#9E3an{cpBrZQ+ zSkJ&idByau5uF4U5T*&=xehDqqJ_WYiCSLGcC2R8e5i z`Et{nlw!oj>6lx zc>uT;$~`g;bC(2}YXM=9=mV0wV#QKOu&d+C9{EK$MD(AZ3j?Uo17uSfE)B+>y#rp{ zWf)bC6CYw0s4ze`z--lF^c)Y?D$}N4zd0RbHQ-LP=>jn2CppRa5a*~WKu3R)eM32O zsr+6@@1O*6cnaVRr@UeMcpMj0fh3EHT~abq0gq^WR^##p|Bw~)gN1q|zdNnZnlbPF z4*BgH6w+D7PqzklSArh3E*c%?-*UX_&tEq?jr>luTR?AA^D2g;y-0~nz@y6UwWrx( z3UDVq_hT@UEb}(}P1H4LMUgqf4{8N`yTxAdIxWprFuR~rh?Eb61+m>ETsx^4u8G=C zP;<+SRl=j-CohMV_?&Gc=b@4Ci~-WW)NEL;7U*zm1$ytZGdK(;LO~nC$r{F}r=)yp z7Em~ps262hni)ef$Nr;-fb~iXYSA{cuPhxuSnL}*5AxMdx898Dx7W;U)s=64C~r2S?4n> zNVIL^?h*{r-aQr;mhe5)2~#aywo zo5v_KyTDs=Y|u#Oz3d=AzioN?J*S7*S!AqCWv$A&trYr(gc`vX_*!;v=0o&(hSdMI z$Ms$yZ>Bt?AJD_luke#0CK&pI7k)o6Q={*N5Ac)tl6f)1R7CHmXohD^f+}vTaDJ}7 z0vKP-_P~Jbxg?RB=-xy!1)~-ZwLl{Q>}=AFuycsSTqJz=GZf}{*id-NXSVMM(W5>8F;(yqgrOdCG%V zd>Qn3&r5Xg{DYYhkZOFm4YL@+nqv3(smd54=(ZWXQ24S$vImO)p$W+7=Q&_|A8Z=> zlL+23qlfJ7_VU1kIsewnTAwTKBZB3 zW4g5RzGS)yE|E3V-Pj1L*--E&Oz@y*mZD9m*WICP#IDvc`Q`R7)hsVor&2+w*7iy_ zmDu-=F5Ww6-#_4D|5q#3-nh93ys>R zR?H9xrw_qCo)2*cwNrtBaR*3w@YWNqVpA!~%&d11k6B7JYW^0z-8EN2gJ-{7DuWnAsAG348u#j z0c?E)KxpBDn`qK|ygd1VOUGs{-T2gv8PUBZt+$6?HS27~ZL}b$u9$pv7VwQHlV$1T z8#a1H@X&O0STq!T4>1xrpN#}wT)l`=@8wn>28XFnYVvSVjk*x#e!Tw0yr75Dx)2CC zVOis{uR?B_;vFIg;Q(X|thW3H$HmVHDdOv-NU{{#ixR4$L(9PMB&3mo$Pb>CJ~NXv zqIwyxdI0Ogj$FwKVFGgMwJo2I?$6gwOFohTDcwORNt6RAw4R@Uo(DbE!;+&@S%kK9xLqK3~POw0hsQfb!j+6&RGHz zf2=cY{_im;$>aN5)VA@313MR5#7wUu^K@xxY%f8ek@rxc=I!VgG>rD`5)Xn7O8BZD z1>Uh)#k}rre`V|2{#E_ExLKADelx`AwG5lbFXHTm z)5|`qLmx18MvfHTd545?A_)f$5g)u0j^a2$VAV6NP3~Z1gNL6f{c`vFE*7`8n3n>| z6`M`oy_~R^LB1HzHxV8JU3*DJ(jnpo0Z2}QEP{~6Ns8gt2bV*+kP>L4?c(s6 zHE|W+kD>3ngCuZ3u&@q8^H4Kt4Sf!=vR=1_j;{DL&8&gGA5xjS1r6(7O=eMBw0G&2w@!~de!W? z)$&TN0PaSX7)&j@1xS@l$pq`r0lZGZuZ4=!Ebr-+OjB&9@gVkzKrYw7 z_DMl>5k|RQ>!g9dcR5TX9BbI4subG}Qo?}DL*k0+>J|yEmi#Aa!RysGTiZk_or7y> z&u#ffQl*4qeSg~=Peg<#;jh3((7j-70ha^D1s|jJg$g!?SF#|PT?e^T6;!a+tO1Ih zV(atSQeoL@{hl z-Dg4Yj{49t!4oG<@IWxaq1w#;9%+!oXig1zHiiT`MGboE3xMm%wi>j5)sp;#8fZWX+BbCSz1Gv`h9}HX6NV9C|fQk-;CJ3l~fa4dyQ# z)^l>9Ar!@GV5i`1UizP{O>$kWk@xTF^+A;H1WO)wfJSLF5CPLdLy z$_wZA!26UKLJ{Y&pKEX-2&408+BjSl9h^MmyaAkRY`q(VG>)r?hHB|*aKG=)Mj16I zCd3(kDxULj+F;;+vk5^!qPSveVRY5Q2a8C(qx5qOroqF2(_bA#s(9W#-6iI5GV3XD z6G=~Srtkd2La~GZw}X^i!!^Ad$tRA!^Q{VIbfQ=*CLfT)DUWA(Q%VDiy6AN5? zIlSj+#%#0Ly#@v#&GI3;MAS_@&9^$)hb7T|eRS)W%l!#{XnJe3UUvlc!Cu>0drjEc zGCTV<4uYq@moe>3mM8G-B}7~-MWprHLnE{dx{j8t3@QjLukKY&hf^1IRw}% z39TJ{g!c}+f}W$BaMhZch=cJ<#3r|7&EwjO+&uXL4UT8SXt4CHHnatAD)_6XeZNw= zN-Uq-^fy8>Q+M zM6*=%B^`u=FCw;36|{7=uYjngUl!S_o&qoRQ~OZ__x1dGNqAKiWBP7y)RB63muU_I z<>tHLLaft~A94}w3hM__%O%m-_?+p;s3^r%!p@9tB_lrKVLEA%dze-xtqUlpeUVWh zw^H~@IY|QevW8!5Q7eiIRlK>_Bi=jNtaRs6DJF&>`xz&UYsHJ*8QO0ZD8xfswr8cB z2N5Gh&M6Sx_cjI|fjTP?afl5>(B+)hjx0Z50)?n9DY@)aC?QHT-8BR@@k05IOz?Hx z*G$&C%+;eUdDFx0u6LJOT}mW@W(&WO4fMq7@D;z%NE6n*NW0djp>qzCjM*Y*Smch?GWqFKd|gu@M{Q zIgcHIS!E=GLbmIfi*8Lu*bZ@lT5eds zQ6`&L_3FajZnVyx%;3xb)$Mb@>J;*{>`vep%~JZ|+kkSPZ#8GHDR-BUdgy z^B&i0Z*D@gqDETPj^vRAgAygs$?|_Ww|+J**vh75{Zc6`r^}6kB`JuTGeH;F+EG-=$pU9Iiw6+mz0vN18iRqDFNvPWp+Zj!ch4zVA|uPW<}OxR$T za92w#=M=nf4HX;0iY9=KDmm$HL7oO%#*m7fThC5$1$I&Cw;okrkd^jw-SDZrbgnm_ zUS=$9odl^xuJleGu--7j%3!VGzCMf}`P>$8wpCJ>hw&nhDRR2lc=;|e;sp2gD(5og zrn7S2UTsu*2A#C+aTT_Dn^tyGuyCjJ2%<(9?2^u9QF!N3G(m|DO1aW`B7x*ezL;d&ra?_ z4M}X-$_ciZQ6v3kvk@<XwmG4csO6#gLiPBGr z;)htr=I+5gG=x!>w0N-A;h-bDAMQLU=x2;|EI(rM7yT21ytT9~XcTnoRuhG+ut7n* zSKoX-D#-*!#J)9&Q4bH8$&u?0)4+AL;*eevme|aWZJof~xVy88jKABYDD|mLf4uny z&iZ=Gejw`1Zcy;es0?9D&bWIluRacQ9}lti*HjmNlzlj!e0utTb?uM2$>IZgjW-yq zZcy^qiOXxTZrClsy5dEk$s!uQlX0slIOdes<-D^nLChI^M%T@mXZ!+D*F>AR+rl!N zu$#m*TuN@9dQH@(o-91Sxt&X3VZ-n$jwQn$3AoB30a?^PIranWVbK$q?yB-nIxdNi zz2HhYvtvSth87?>Rukr5{H@Jg_0oFr4^CgTdbD2@!pIzWMz$9Ty^pjI#NVfi5{Z7I zcGjgJ#$ZzaS9KN+hFzgsSCwgZeV(~7^+Gm3)UT?2rV~r3?yl?jy~QSR<*CwjZ!>il z&<-++yplTG2j5HvO6=vmf%;6aB$L~WCqDvmCry1io3*M&GBB4vxj5))Xr62=mn5OW z^>6$v^)y0En`?JJafgw1)5Cg)b$2Hu*^sfe{amDjpJsJBNtjFxKUGGZJCz!&ZCG|eGckCn z`Q0iiw6`leDeALV?gR984*teh?V>ZSKxE)Z_C9b|QeZHS2*P%6wVD1SPKXF($})9y zH^tpaOJ5DgHFDL00tf^Up3T4 z$44d$&cE*?&JfIORG^A0?#CZ_Mc8^u^=WEyWuFae!K?iB@PEZXR`-d7)7`)-shAHE ziErDgkg97K*5$iw@hee=XbsWI>r%1&<%aqfZ9|O!ph7Pq)ncVdy5`hdPISQsf&|6J zXL$XGF03i%C3X@1CvNcn_}>A|$c8`FA09@d^yDe=pLRnw6M}QmXx{QdCj9=}6TtIT z;E8&?0n6R~bLG_DF2`c0mRGW>DkV)-d_G?vjh20&88B7cP$boKign0{msZ^0KAtqtd#P99VLKB z{d|hlPb%sIoIjd^0(>YR4#bV&kLMJVkP!nLN>Dtv{lh2~3`+y@-xNU^_R+!ij2>kL*@YhQvW6RLO{{M&RJZx<-^$6))5lu ze-4T)@Z)XVE=Ua#6KsEm6$C>9O2Nociq83$diu|_u>tvOe2^_5rrVwb2`f+V{drS4 z_zGZ63{*D%HkSRzUv`aZ_1DJ6yJG`-=6@->zxq%Gm~V_ANBo!GdYTb@n8z2FX^plo z5)0mH|2bDo#l_~bhd_U}h)o3BW^8O6Q~rIz@XzwMynro?!tw^|H(=HNGg+mgfe9qV zXEX8Yzn97`KaJJ@7Z*BHI@EIMJ@HyVO1mUreo%x*cMh*XO5ka&ttV%po>4$ex@0YeB{TzX@ zYynLrvfCNa4(ypqBZWNwQzQU}rPr@$LIMJE8)N5E$la+dW@GaS`QjpB#SCGWP{_NA zvSHh*&VDvgcm6#&&sD*A@NX8$B_A4uod1lWuVfaI2H)r!vcYIOQhzF7gdh9Tzx3|Ogv z^-xAZ{~RzBxeYMk(u2TYU6|$gi_$ZhFV3M7anKdU@o!gdb2NDF-92Gh?mc|y0xZQV zV?#iD3irw!Rzsg+^%@+A00c4i_2ClHr1^`#-y+YbFxx*9RYDb)1A~M)Efsd&*+2oX zs+_~Upo80PD&HjVx~JFL79dw+hXBknFYxw&7a-ttLVuFf(d)Ib=ZHe>nXAcw%4UD_J}EjZ9dF{ygIKMI=R!`!BlNmPA9DP3+>&ChnZ z;!T>(u|dT;G?Fz3n5y>4;GqwOBcQ`_IvL6V5Is`2D$2IP3RZ{BW3iEbnLunQxr~W{CJBJVF0z2#gyzcC+3}iWC)zIn z7h*syo&`K#C)T>6Ds0bT1`x5riLlTwMnJr}SD6*M)u9c}E6PB+SG^oMGh|OV=%JOH z)KN^=#ifdS$om*zZ0J`QuP%Mu;1GE*O*wr|Uy+av-tF->QFqiQSOzCQ2&q1vK(QE_ayWM{Ar|Xl!eG^da~9zG2K{QpBK|8<0HWI zN}isb)yiS0gMhCuanl4?O2b+!B|H!;7V|Aa0zxASsN+XG-(jEY)^ z)aV7P$o3v!Q$GL%J#bzSF)fe)5=|@2F44tus=Q%pY$s_*B;wnkqb`7kfM)}v^Y)-| zW#P&sln=;x)0}PwoIQSZf{kdm2Y}q%N-#^^z{?KO4#c*&pI(M2+a4=z0k(h?{xiif zvm-zl80t`M{l}ee6F9q}8LB^b9xLp)L!<{>GP=I2ma4z#OaN14bi{{}@N4r++sK9xhhLfT|4@R`VAA~RTzm8Lix=GZPw zVL9MKW19=$i(PX1b|~S>mskMLj?dUqT7S!ipaAn=2$!zePm&+rD;r0naIMda zU0q`Au9;{8$IFi=p+soBUSOw9cw}7FzALx`h_b*DoU$ zZ`}d&cKfQ#I(;fi47bhx0W zw#?=3q>QbI*#cZgq~25VxV(j>qP!T@MWV%H*ZhSu zI5_jG+tvUBda+h*>&1+L_Gu(veAo=K#N-VZ{0DM#e@ySJgEuXIZH8qXz}=Y$BeKiS zBy4m+XqhtpJE@)TjJt9n!{gvvE*&qjgWXTqOD|i z_I^GOtqhA>jt5(AKM0{Fq%E{n%z$VG_N-=p2lL8CoMPxi0DZ-v!9lIW7b}t--7L%0 zr{xVZm-kq_c>XR|Hfh24PQrynhTiv9by6|d^4SD9l(zdC4oMeY|Y}T zX|<R z`vSj}pdJwNdgP~=(_#KeF-9JDGV^AK(>?Ih7?iE=!QuPUIwsuKp59JV6J{qN)k)im zbSrP5)bS1ZM{_mZSUmk->LmfqS|dK#W$46tus6Ev86HO?V3@LZZ; z^}v$AIaI^peeH3=g~JnvL6VlIx4jfy(HpV2JpA_MHHFY|&Zzb8W!``wufrkdk<1Jc z6Xo`x(7Wr=yYr89<|es8JumCzaQ5^*MvF;7EHlF$aWMthr+@4_JKg9VhkBP4M^>9%aXW?fb)*xqy2B2RIdY~a0 zHmP|Ks?_Th7_|M4=#&|R>zEct$=Jo`+;i5EgkrLRP($`HKY75)G(3+X5%t`qaUD{V zM2V_Wl9bhCGpV^QbDAwcd~*x6eHgdhZ8LPxCK-vb&>~-q+OL~bE)5v#RK9DwJv_70 zz(;2*5a!A=Pt#N@>^fo#2+Z@@&NRI1_7l+HE~~i}eRsfa{kF2@7Rvqzefe9lt2N3> zn%g3o{=Jflrs-E4dT`!tTktzLdL zHEcZZ8=jinLIz)KD*O;<-6a&mpBm7SvQ#Y?=rL_mm#AH)tu*J6QKOE2sa7(`Sd0{46WAOJEtaZ?v2f46sOLI;L@3=^WG?G$eciuV?YU_-O zoDFe`1c1Gy;nm}s^O|#}XfLTgygx>tZ>*v;IMb|iz+d?*ARoy>Lb3RQ^|WOTzrH@W zYfi&t5>U`4{X8E#62mF(>26ekDfe!8nqs1hT}Hk}Rz=X4E5PGJiv$KUY8EeAnXSwI zG@#4LU9eErxhxeW=~p)fxp6u!a9x~c4@e;FD(-4#TKA2yNN_M`!HTJ&4K7tGF-tJ;hyL(qP=Hlu; zIi)f=OosD>ut5?VMl#imY*L*kg?Kaxar+o9QF_C6 z+2{wesa&*o_5L3yge`QscDYN-3%*8fA=4!LBCwDmrPsCa$6Nf441R73CWQSCX4=_q zO`-PFNgT~}R+g(!c5GGG+I1h8_*w-cmC+YgnvCbMdnr1IFD#2@;Fv!iJK`Ew9P%BL zvTNCG-iD2>)~u#*BMS4SpwmRu+_+h-vo4Qy;LE`e?LO!NL10p!7r9BF*BE`_QP3?A zRR>RU%J8rp6y6 zuzz(_lN>fK0;;x@+?`u*ZNzVvjmL0A&-CIys~hI8j|WMx<{l5_u1i-=?9}J#oHvag zVwrh=J>=idN`$HFK-`47#pe9yeW)Q!Sad%rBbf$GJ5c{q)!!d(Vok|E0Z~s#T{K1yuXn!z`LkB7tgkeIl`?HW8VhXAxTnTW*Be3#RFDp*i$C>eq4`r> z*jwQl!~TpeKTrV+VinV;KMQ-F;$rTNqK)up4FCTGHpC9d?PrN}``>u6foh~oo3Uy2 zBI`~6d4&JWUFqQ9Ox3v67rI#g^!KUT{qR71oAWKr{wKb$Px0+gsG|ID9D<)Gqddh| ze6aI>;tP6;Z)m!y^nc?3BMBjRif?FI#Q($>{1jghYe($=#FynMzVOT__J76~>nXlq z<50Z+iLc>Pd{OlAXa0;Y-3cubSiBMq=d9lWQhd$E>M5|cu@fwHE?Q{ez^Jd z#f`qAsuOvl-hS5YuxF3$RX?WBY6#-1IOc|AK&JRzn!tz}xb!2b@6Uo%^-Tby?{^zy z-g%TgP7-}cE~{*jR~EhZnD^dDV0@8eh*PlfMg61vXGITH*0!s{{icn?W|~xF6Lob; zA^Rtk*-7D)M*ls(`*#1g-^+}&IWD1GK+4TTY%k*V;n$;qeDSbX6CdPiuD7!XUoSe+ z{wl9kb|A+Py{kec;ZX$aMri<$Hwo?CrY_Mam*oI1uywZH1U9f2^QtqBjX$)t0VTu- z2g~kgtWyB<8$4d?vfN75Nh5nbCw{pS6l4;GO@#-g(sxElmTso@Y4oqH!*H#k9>7hb za%lggk~yG2W)8g>m!bF$po%Pvl}&{XRUHU!{m-LhzxiHten1J#D=nYLUj>q6($Y-= z=Nn6z4H}qm(7f)nZ1S}AEb##8!^k8L6(DD={xW;JUz>zb|BE9Q3jF;X(C#+-|Nh}M z@mY&;-lizwRg&;!GN9j2^D{?~^;&X`+6T;DYbKQiQ_n^>F%KTqAY&MBSPkjrkSjxO z&qhTpXUg^3Y7243L`7mhYF%Z_8aNBv0tn?t;ZA_)U;*S>ehl9h>g{h4Y6I_Y=o@={ zH~||x{_PBlCv>%R$^qai7Nl=s4ZPq5-4Nl3u&AG7ar z0o2RyEk5%jK;mpB@GfI=y~k`b{8%^&n$K^|3%Jarbp&A7#-pX5t&l=j4j?7wdgbw9 z$5rSU3ir{hEAsSwQsve<5ygbAQDS;AHl>kpFlE<=+-DQ38Nk(quy$_eT)NPS@E1T^74U~I^QMwsmeDiw`z1m1b)$?#+BVCsl4XKyR(v$6iRW{R7p)- zvWP)!V>?i0hP7HX@>3*BK>00_@IlC>WaQ;Wgsn@GcC3qy=KsUpTeij7HQl-i5Zv7* zSa5fDcXtTZ5Zs;M?(V@M1P#I69U2Ypn&9s1;#u#z?)%w4VSnudn&#>`XVt7x=cqXD zE!bBght7H3FT+5A)@Xu$vJAxvz(W=S??@0{Rj4Y-j}&f- z&C(Ypp8afRv;7?R)FdUr#f1Q%8b6%HUT8Jg9>*+C^|xDQ*}xW~xdg*kvm-*j=Qb>~ z3DB`FHp57$8VHt@RBjKu77V>@Jr9f1p4?LyQ68usQflg1=gy=(2f7v!HN-{R@ zpuZ9sCp4e+AUv~2l&M1ctoc3K8Z|0wgZ)AitCZAiXxMh68;*;_d}WR%5$r^fNGMKn zal~M5fg`n~O+|#*|LNRNWB4fy;2ZBIPJpeSP}#6F!bMx&bpnlQJP2l=y86a2!_KS+ z)Hj*2t^xVrwuJs2@Aa%&d%3EDBoyz)SIC_q@;Lbr6#IG;Q9efM&k+?=icm*GR78Jwv{mkim)(wO65J{3kJFIOQ!%+kXt93`;E4=(A8P)x; zBu`3n+%kXEPs_e6&gSgzJWufiPgffWDe3k+ope0fDXmqvp74?+t4sh|Na9C^^czL~ zbMbPu(%4%m=UIRmNEUJpWfj+0=UVsqIYmacpzj>BzzJ3%duw)EAXVW4LdLEPTqb1- zb*@Lj7%0k1)Hed79+XZjmPBts-?I*E{oHVXg7}D)0u6D|>n#>D;jN}Xf1TvC4up`7 zZc=pokT7Dep{zT)3whml&?tk%-al;Gujh|;IIN$9*$AoQ%LifzN_)^O0GZ+zi5N)@ z^YP{Raa7N~osyqxPaybi))U(2K|!^Xner0341;~jW(E$CS0P{!bM^zft8^=-`ckyx3g>j{z)6kfASK;aM}83 z065hD{0iQMU~>6dj~445N_7wHO-8lO?Jcl7APG+_DDk?E>8Ru*)~CdaL5(8%ijIay za7M%MP$92>N1n<9$gK5=x1#^id}UUH(%39?pKsyf>}iu5fphas-r+;)*?k?25!K28 zLWW=QI*;$%2ORy4@g)<(mC`>(o?%P#-!v4C8hhBS>`^bm~v~GLYZIOoE}{HpokUZa}J9D00)@1Hu`tmcC=ikJgix zm!Jn=rT0*LK0P${bOglUGYg8@e0CdDmRvT2`vcfJhp7hUg&1#2F%yf$tv)v87hwHO zyJwP>hqx&7fM1ji@jd_E7!$y|`GkLffZG*=4?%$*S4m?u@bS{^1{TEr=;R8uJPOE! zG-}MmL=lc?jIs6aR?-&Fy|5G37(PGDP9Q(21<3zS8V!~uhL40`(qmeN`X1%orMWuj ziYyWKlnA{{w3)24=sj9DAuO6m7bg1fAdDjL*(*-9y9H@yd5#7xvTU)hWzl$#B1eE( zf4-}WKwjp%AHa8XZ$r6m2|rV+mVa5|S9Y+4)e*(LiC5@c=yD>Nh@C8nqKXiTYAm^g z$Sj)Qae<5nr=|oxQ%M7j-TPVnK0ILgLOHiAzphwvdJBY$o9j%;jJCUugQ;@=rPvU2 zxXi+&q=-eNAy+7i zut7}WdFYkQ$j79|V!(Fr(Nk*wrXOG9QUF=#07jrl7YbRI~2sQyBeN#TtazZIr`v=l;oFP^v8&U-xk<}#U@wZ%?OXbsFON?-Ev#RpKVuL ze&xM}aw#-363eN-7L;S7LP1FH;**XC5jLaPfLq_k?n3`8U ze@{!BUf=;Pd$Mv#2MtNR!E&i^vSFhL!W<(*Sot=z@nYF}{w zk!;qR*S~{F-gZpItSerzz6yitDU~&aCbOhLtPQe5V9z=r16ddhD@=8_cXyL+8BxZ` zkZIVmUazxJcAA8odt2>43j@`Ye&UNtHRDVhk#BE2)$hIcOa&)Sq}u;A&vW*Qh@PVG zS;N+go$(msh1a-fd?P39T7G-#^bCf~;;SsTL+qCd(oooA{B$)YT#z!?G~6@c?z~rs zPHs2CDdzD1TUGMM4J9%p*|UwHbepOS2eEUA!(fc5I2ER{^(*t)@iJgx_14HdYvP7_ zuYG_|;Z~sX<#jb|hNIH?;f08dT4}0V-ENxcpYiZ2pROgBv$7nPKV!C@kz3>H?UAtgoq{IZ2#3c~AIkLK1O75pypQAlzU)a!wA zRF(66pnOO}2t=i0Dp?E;0?~+kb`dv?kyHqYLu}Nic=AXA9qL0LK_S5*`Ft|*)o_oI zBPYV5EM$j=MIzW!R)1b%DSQ^|9d_=Ifi1KudCa+zKipDoWLcPIF4i-Uuq2_(kX=b0 z>fbG-crOGk7;Sj(r{Rs0Xbp=YN~FA*RcPB4OhCQp!((%C3rW2 zPHdJTi&f&+8LHk=e@zVhvicG&Z1>Me!9NTry6e|O;-m2=T&}6^U5`7@%$-Pq(Ps*5 zW#81suLSEn6`w6clhl4IN{yD6L@KYodnf!(MqEVw6rOdsF%ZP3#IqgjP_IxghAJ%m z5yDWO3{E0~)isrK7r46K*qY%=p5i%NA~S!PSu?TwKycj0p}&HK?g==4KYCRlq~Io- z1?lK}9j;*hEP9D(TC86-d5*hbIJ}5^Fz-QPpz4{$!k zOJVb)z@%sWYq)NX3LX^)JDW{sydwK)4P-sJ07Wl;o==w`5Rnup@?%}DAc1r6@vt))fZg$l=MkuhRcNfj)9%8 zI)oo#;0p3%V*_W}Efx5(DiqT#pcG7rWC>NwIjBg;mf(4VlnCAMp8|;-f)yZ)!0jXHyO1uF>QZnB;Tb6#8M#bgDjh`)dA(ytaj}aQ?rFA-ws0st4|jui zv^s>X5DPoH}KY}l2< zXV8LHj8_?h03oLr4v_4?R8sD0#uN!A872vOU87W6_jC~!;0HHZsvZmDYMpv&J{>-3 zJfepV$`2R0%Uh-=;)={L&v=S#Fb|@IHjDDAZZGyq>RyiQe?Nsl(l1L8H7(IC1hue3 zBu5Nn+|j1XqK-r>D}lbHU!uWN5C}PFum~}rDsg+o$fbow zK41!xSJd9c;yF^o5p}q2we)aUnS2#w!e@~m3$MD1bX(K4zxFNuV#?~U_VNklG_BNn zCPlWQ$v^sbqe{@;2ibH8aj3C!DKA5A&Ai;YBIJO6l9t`W;?97BnqOENaW10pxMc-< z`0rw^3bl6vWn%Arq&d^eLui&cN!6Yw8di}<^G*cS2vXp<7?_UVjl4@adsO49s*l;p zD1SxSE^1w9fTA;&-uT3&eYjR#F92f95XA@;lN;cTl_$2P(k5I z&*;w1feMRFa;9Q}4OvuX&1c{VBtNisxKkrF9$(kfCqzxK2&^u_0yn=+JDlO@hJb~;bDQ^bUmatTRcx0NSWsDobPh<*;tP2&Za@2T?IpolLO-$;sA{U?JsEKfB zHH};F@W{^Sn=ZwD*JLx;jG1%Dvex*!f8Y!z7!;G2OX{jfbHddYY<6M$kTPYdlWJ}&74*@n}>#Eu?aFaviQa@J;#|9Q=S{> z-9%S{Pj_Zr4QujQ`c-_>+vR2W>iIh-j{KcP8Qq4`a(-}+W$qbM9;-x>DxuCnKNpb*`TIDr?B1Vz@`HagJEeE}V(u%Eo`-$aUk>V$`kv(6t9^#+mcgiSb zqsF75hcZ3c>fyw9YL+0jW=q}hiHiBA?_?s*3NQqIYVkrBbNxK{)M<3O`@r3AWx$n$tjKR6X+H#7~B%!8o_hL+o@iPRTIweLr(af!T2uH*1ku%j{NmRH$XgVZ4+yVQD zkAJ$~C^Da;BYD>spkWQWBr55*wCOz<^6J4U%}yuCf->dth1aBMDuxF;n)~kHAQ~^< z6koXxTBT^FHz%c%o_(WPbhBL~zU-+;3})C{MTA_I{|Mpei=Yd>X%0#sTWwi@qA(u| zzE8cDqo@up+|MJtpMUWzvsD7ih7gy6p&P<7NL>YuMCa{B4B0CU~ILQ`r50?4UhR0xkpky$m!oHJe z4`&OEXFkFahsY1wGAO~QXR!9$SS>H-jO4L8`w_g$SLi4OqW83nc1rl)m8Dt@j-2MK z`JC!BHBckVQF6=u*c|9SmO($E=<9WAF8$2^3jKSlYd7( zoh5vH7CQLeOs#X~*Rtd9vMj^iC)N}u47*vlA@u8jhuEnSa8<<(&sZEMi@__2)&O@S zvqDMhS*}$YSX^zvv+;_pjqZo*EYV)`CJxpb%{mPv2|Hi{#l9u^_}X+)o@MBpYnQBw zxs`4mF*BrIMqkDD$?<5^$%>m)j_{1KN{!Z$$iCSpJgAevF%`rEn-<5drVFX*U zrG4Q-Zt;xgJ$KRXWpQ`_>kPL$CfP-WJmcb+qeH*#d{zaQMq#`;mMpWjwrZvQ{3r{* zBiTr4*O$6uFd&dtgP-7@P>zVNS$)zwiSHeg zI-$uOBWwE~knXGu*Hk2Lso&t-vQ5WZRU_ikcMljFr&ls7#?ZFePMs2PVc8>?X;`wJ z!A#}{gbHMD+e?4}_YpMWBD|N;W6xFFE8*@iaS zeR7Zv%a9zJg$8lAmw2ZENm-_1!-D*7)E2e^*GX1HD0n^NK?^DEPl_A60biD_SH=VT zlXK-{lmsM>d8uQkNlKX}-N(&OR5V1AFozfAARd=BP5qaQ5vfJooT8-2)VO-Q{=OKq zt&11}gT4@iRorGXuUMDUuk~FYtrRo%igj_GiQ2!HQy&rE@&OMh?|&W;h@)Uh<9hTu z6Ry`MmnMysV*Gp<3!@`SeqFL&KjX+e+n;k?vE?+4)$IEM*eSI0|6ZXF*St$Eq-I9; z+&QfV1oYC~&~L^l&6y-8#w02t22jSKmwvlU$}IUvVR@36+|zoI^oJj^B`cJ=1RwHk z9hMf?WH4ceI=rakGQ#}?Dw@$ifmmu3@4<4$E^PB>^Q3x*%P!fo{537TSe30bF4wBB z`LDu^hkBa_pqLyL+9iQt(fL1uGB9HDfKW$cf>u{EiCi9TXrABT#{u(osOPF<5TPPo z({u(bnMZouVUq%4fDfuR^0kp5T3QLW;`5>HJSYcut`F|=3>UmOh#3~!j0cet^{ztc zepC}fzqwh@xyXCKKC@pj87IL(bCpO()I6)6=>Xm?7eO^g~kleOz+sQ2CgU zx7)Sj{rp`Btxme1o>)L~42c zfX|$XL($A3>&L?}casxu05PA|BCcaFhSZ&-Jl^tG2SfVO9-G{wKJSVwV z$BRECKYi-2^=4Bi9@$eBmgk3Q@ov%_mVM;rXrtT=!<}32^1&CE2N@UBSYIqs>}sLB zHZMDOQ7?89E^#tG))i584hcuy9!kLZmInK;bG=y@t8rFrbqLY@9jAUXR%H5#=v zg=%At6VsI+Kxzy4qmY2!B$cQI3zQNGpR zTshO0TCe9EqMly7xmS)tJ**KImtw`XKPuD8mH3O0%1-3#|a3_p2h&7ms@x(DIbb+;oNd-5TJ!z!;UZNU2B{UWwg!E_>_{x4x)Y|ZSI7dXzQuQEewb7ChpH={2$C?J zl9t3PTgTiV#N0VFac9lbbH~htx5g<70w4VQ)n_(zu%c{626%q(DGdblx($Stg zSE7ZqQtmvH(#xu9C!?npxA`@vIo<4RS-mUv7E>SRTgk+(iV-@yUn(A`Rpd|Gr!{ z0UU9gf&h={`hcKqy8mnqwRrF!Gs{Sq z@xq9nHOxC?m#NSWV% ziX8taJOb>8221Z2E%V@Lodj)yQFehQ)XTv?4mErw^7!wcmCyDeRp&TP2xCtsQZLW% z%NAF?Q#3TsEgAu(8XT7mAarEZc|LVQ#yMh**Ij0AeI*G?fI9sAeu~gBka_E46>(Ws zRkon$SzH_Uw~RO}6DZH8^TEg7#`~OcXEenSNrv(<{7}dZ8a8c5D7Y{V64zN3RbZy= zdX3||yT=n@mte?wPs7+6lVk$?j>`lZ_r{GSG*qf?qBc7&~t@UM)jU z%4_7|EU|(@sbYt&C%_eLXItNSoTDSUO%8v?u-&V84eq^SIM3fTDVJ9dMK`;B++2XP zC}j|ul;l1_B6sf(vs?%&D!w9e{f~J8KMSEo59NXBtBqf(xTT?yS2a&8%~_ z418L!fqa9%R@hws{$`nMBzoxlu7o~O(( z#2q00n2i`$JQnH$`qVaS+>iK<-zQcPg9zJ0@3(LIag6R76rP8LXqEWSgY7Y9bHuvH z_%k{ra_Op`k=CsM$WhH!;28=g&iSGniECwJS;ICdaYQ%+lb9?@C_xQ^~DvDn^6^bu+;^&Fi#+@^`0GfBaH3D`t}) zC#_PP)~@TwoHjJCi}b=uCNS?y+wSg#rhk|q86iVdDp!18@pr3W-4l&@>Ythx*%OKN zXsM#3^tRK~vhxN2#lIt~j&Tyln|!epBBA#D&CMRJIgf$X8)bKIogS~k!2AZ~Hx>Cg6=F(9 zgb>$cE6yu(BIq8PmR-@MgKN#BFb^j16&QeP42_*@IGg~~MGLI^tFQzB#c&0QiPL3a6PI5S&8DB&42WnuMFgzK>5Fq;< z$q?Vh8?3Pv#jtaWp{h>8a?utcc>bBn4?2B1SJLu}QECq$JfjDM&<_6Rs~Nwms+SZ; z3A*=!vl7y>(uQ?3yOy6^KeOwtO!YTo0%FJ25DoGaC%q=6Kf7CMSiD=k@HbuOV1_i!PP@?swC) z$F`1S8`d?`1#e|M&Au;#T}Y?+F)k5#Xd~z*q0lPADN>j+sgkbAct9bZQUFIFV{J@; zly$|IB_oF@t$}Ws-wNH4n`Hl4cXW7Vpw z;Q7?U>6g3YQu@sI`l7-@iE(ctUM}O2<*G%$-|2R_n*&`vYb228vZpr0wBwe?pqc94 znUnc351;C=C4`Nk(`znMwNX(cpv*~$N5hYRiw>LmdV%ip%mO^}GR8ZkK|%_4 zvuN6D(`P^~ZsS6t&cP~F+xsX21*U%n8oJEK;4Slf8y14kz?(|c6J$L;KABWYcq4&( zP@BDTy&gYlO5=83SY#zD`gTln;aKZ0C-@!}DcHS>y%`ncst-rxaVbAX*W(3(z@U2i(eRkC&zLCCW0|@jBQ9i@C>y{s* ztq!}tuVOfzErYWNnRWiz8hC{bR;Gtp%eb{0ASt)m=TGW8u)ZLtr;qr__@sS{pyz8}Q8TOwNAS+%V zUXX8a)@`a>Fci75ZLG`l4=H!7A$J26O!?*Seq7h%ts;)eT{tCB)HRqlXiv>{-}oN; z`v=93EA=gWDsHbW8>OW=r zG1CU!XMEN6Bd6RlClW?@nI0N4o>P9yT=LF#sRzr0wka1Pq-y-%v@O=3P2TxckSNX- zpaH#Q6P^gvo)wE~mnP~1WhA!Ik>7t^b5RLn39<`nZ;^uhQOAH_IgL7=_jm^RX6Ac} z2=vhD2szEy9}p%|WI0*u=O%>i7RCu)^oc8k-i2L$oEAtcDPE8_4-Gf|jxdR)jt-Rz zqO>Yg|FjK+_rLx}KIoE_phMJS<8D-R5na$<(&p$FFd-|gL^8L~#Sr;gG`wfqJ05REJz>U@*HW3AS`Icd}S%J;LWzFGf&a6 z9(&E1p_^qumr)oAdYb;v!V5nDIwYRI%XNGpia)$9*mP>AN@0q8f11II`pax5(Wv2? zlu?1b16J2K<%}Q5$m9u3CW!D?lzZF_hwNGMSc7+?TT2bhg~z@nbW_>#X(FBAQJ6n; z{9=+lDyPubC7~ zk5iI!NQ_YuX&u148tYgDzc_-%mtq~eq8=KoZ>}dryzZD;CzOqcp^6W`#4e5Jd@>~+ z!a8SlLaL3*xZ^41m%w1)N#@+QyO?_qN;JaV5TH9_f-7xGsWA(JzWm$jf9w1_Wmtu~ zL5M9@t1TQHuCAuEZ>S7`L-{4a=`Jt&D;b|jShQ4w9`%8lOFfs%Lw>wn_S9xO(3H65 zBh?X4o8yd$L)@r8A`=$liExa5$%b3W3gP{?b}%t<@*r0sqtK!rR3HPT@e4IwxUdL8 z0Y!BCgGta|-@DB)!=T|I5;cYknA7FhyiLTE^Z{Mmm*!5|pESTl7WZNJRg|M37fl;&OzPDY@u| z8&M7KHpKv1ns+A&s|?X@>f>eOl6A$sJtC4v$*FhO*Y_{ry5rIghduCv;+KX{J%h!O zN>TpNaRxq%QfT1PFSgUcHRufymI?>ayYjQ2lFajyS?=aaCrFT>v1)t&$VAkxb5qv5 zEi5*N@(Vq?W8J4MywYNE-c`W@d2ac7RMQ%R?CIlLmY&v-;KFu!^u19s|JD%9{F)r; z!j>oxMG?5{SYWdpn0eTC{ZcObty0P6E+<9CKE22(>mv?}RIZ4<&!yXR0Ohqp#uCpp zrk75cK!GIon`c*5aclt8md+f_32!o+Rc)qb!9WtM$?++jMCDiwnb(yaS~eMs%l~xN zyM`&%8;lw!vqu|k#zG#1f`saENaC!-Z24KR`zf*{+J_V&-HL_ft1~B*;yPKO&RmZQ z45@WwUMk#A_C2(EUl6AIqB)L`7UFBsMMbE_j5fL!dzrK z8T{LgxIKg)>D~i`@@t**2|k@1)5sDtQ5DYVB|}Lq-B&PJIVDpyCSsk5nyWwCHE$YI z%I(7X(pd}gCBFG&BrE7gH@^v>!lQvu-Q@lHim0nZN1dgMJ? zN(>ShFq_2047S$@*)P@yZEP(i>gNjB_;Wl19U3F?3iu|tN3d#k+V2Lld9YTOLO3;- zYl=?wo_`*fwg_-)zGSc{3I1)ank_T@uAtkj$YJkh>Lk$9^RC`uta2Keq%yf8^+QrB zqtedLywXudf|SHkyq_b9(V#sfB0TWi_dCi2w)zO`+}TQ1UG^$81x3y;de#Zv%g1rp z=-k*^HPYKdL~{Em$WN}JMy_64c6Pdx&{2D%wbqynxH~7G8+#g6R;>-c41b?V(fTyU ze+0kC?0hp@5x%mkiEY}_zEd;D|6VC=-uhZLFAM8udIeeo+WSJ(q`HSe7n;3IsbX`% zWx(xrLyFdA2<%&#P90FQg?Nl)lKyFAO>hxbmkb|KQ(N>CNLyKL#qJBCd>yW28aDv{u^$4GLjUBHsO~OJAp>ub%;k470X->C zAJ9y2tz^00Xm8XBpPUjMoL?)Z2ia|5hmP^6L)s&7>GazUf^7+yhIshPFrNMe*L6Ap z+?{W=i#Lq&6Tf1Xw1!>Nv7nE5D^>=!&4W7qWhk$HP90tZA*9VibIyImR zn0v3^vO!KGFR^k-L%xo33gIMAUA~hw0reTmuZ?af&6U z4tKj^@;`4peM(yK*`R-|ea}EOzMpM%;ng@y@0shhKU81qzFbuGwA;Yl{5lSIv39Fg zoTS%{Pi@&emurNaL$=T)LGa_NIryFPL_wX%=#o>B-p=__m;cU%)ZiVf18omnBjT-| z^S4TIW*+j5UkQ5M<^DfvD34$A6mOPO{vM5l>0e%H=bdUOMW>h`a4FpopO8#OyP zlR9D7pT=tQ@Vi;js}ym~Lzx^RaehWUGYg@Iuv+gQhup#Qd>#9uzLK6)rmBoY2q-(5 z8cr=2(F2s2v_cqbR#3^(B2>(L-_Jy-;E3i@vMBIag4EQXuvtnk5KN?6$( zU!vJ2&ibUNb1wB=3SjkMzdaZAhDD2XFu%8g>Gcj=5ox&Z&HI2BJ&z{elg_aC@NQG! z2%9kdP?38RYF(!GB4ywFs?zz)CwPP8H0*8`4)*u`e%>jETfF{w9yA(6&%1YUwOhnK zWL`ETz1Z&#M@Z%#Bxkm{ay|sZwq3BChU}6Hh_7B{Rz(-HjJ%ZoEct0%OhShYq^8GO zFDy-)8QpkWqa(WGYb3`+gX~uT^h6) zIla{@d@ZfI`-b}H%-EN`?{@m&hti5=6aJIsM*GwKu0t2tv(lKGf#@|J^ye}y#b*_Q!T~UEnT_P4eE2pDvt~bY*x-4zi z7_UOEtF>UJmLDB8Myn(}COO$@2ey*O--0FK=>-oHL-38(^A&zfVdr&b6{4dRu+|Ty zK)1NxL{mK(9bhbvAfsC2<=5R?{A5Rqv@{v&&b}=~ZL4Or7d(H?hagz^NY8xWC(pJo zq}jszF-W+k$`Jt-b*KlLVfAx(9MxkIHZjjSgHNR6WdP30Ocm!}M=Ukh*2^nwr%ZC& zqEQl0Qhaw4)p7)CWS{MN6VNx*k#Cs|>ZI;$rZ*6s0&sTOKOE!+u>oAd`)0uOga~S1 zqjc_LyW5xfgwfRolJpet1(L&#lU$=OeAb?1NKAr&ic4@b2H|gnxJr5L{Ea9%A=pORKYP@m;?UD6*Mo@)P~=l5kltLN}JqAWRU(;8px(F{$2tB)B;_CKseXY8I>hR)z2UU zmjMci=`<3WR&glrR;&=48pINjHGVm;DGjMq8h6M^GOYem#D0&+tTkYgib-vBt3NXI z2yuDv_{|WUv8T7j{rA$Bc&oU=*;uY!`n&Vu4uRI1sE^*^k(;*S(Wh(5<%ZB(Y41e) zcI3-F!%kE7gBI$~>Ot~;sMQCe;mnoX`eLsxw})#y=N_kRg*MAUAVZmBdv^Vn^~F@O zv{NB9f;8ZqyKZKVVqIsjn=2ONBiLqj6g<%`;qK(-QlOhj(I}(iOT27c#%xUG)7j|l zo&oAwJ!r@rxBbNdhv)@ZIUAFjpZ;2M9mHM(-`mZ~2ftd8w@tw>C(y`EmcC4aLtjXM zt0rksj~4S)$U;-TDg<@f5-_k68;4}&9cNIC7;W5uiUl*6LD-@?e_&3k{TSxkS&);6 z{k!Uau+K%ZcaElD<>W4NoMllwh-R{y(-g61eU=F#qW!(?)jv1k+rdE#t<_j^tgOYv z=uPq_)=1Y!0*LnzT&*zy zi&Z=NjrsO*e*PYLYdLy55^I5G$DAlo03A3dwQMkh0%_gLWzNSF z&iEh(JfRsIHF-|_O{-7SX`nIXr63xsr2;Q73?*Dgh+NG+rLF{!v z_682BPTm3*r$r}pmlgoVbODSn(XdEN{jZ1M`S!#K#lIA%XeI(3F7(xbR1z&)k#sx$ zua9}RegL3U3`mBehFB@UENF#LM7%`VJs|4DYiJp0yp`~h^~_hrFTekAVIcZP!Pe$P z)3$-CQpyu#1zZ%Gw`2Lt0C%JhBF-}kTqyvKq|*RgMBq#P0X$}u_s@?c+5Ij^lw^QH zGk9b0oGN}~feceps)|kj;jKrhAm*?KO`idv?E>(Q8IGi@I*?f*ux}#++}=7TA6id4 zk^&%MMmU#k$RVK-<1^SSM-07>DgRV9=H3D(Rtx5DC?i;s0PYqTxsVcs%qxx0Wv5?t z01QS*scc-+{jQ;Rr48WfsQ~M#lxpPX84wJZ+kL{a2c~HWP6AW7h5***@KV3VIACD| za9*1T>*a3+p2;vg-4D_%+lGvdYF5w`={?|!2AJH?)&UQ52q;AUX@7aTRC@CPE&@ih zUA(bim8-LMhs7n<7UwM~)mIBn8xYWuP4HbV&>9NtU_qe+AeV}a!04XP{x zYQC)gFM!wIC{wXQ7N^reewZxaS*B+73jDPTfYtQk%8g>C`e)D7Ad)H9;qD~LG1553 zr*MDVs)iwS5T;!K@Io)Hr(PkcJ0DyrpOGev0jqA=Y|hC?=hLC=PJiH@>+@TR*t74| zZ!3a&q~8~y{o2-n`kBGR=?GmleFmSqT?Bb1jnD~EH$8wa7P>p{DU!UV>e11v8Z z|5lcN>kZiRlE~7ShAt1Q?USQt8#3$CBRr#PaOnie#0FJ^-`)Qi1CK z5}yEIj&-zK4T3N9On}zDK3!i=lgqm-N>aSY6#Q5)T(kl-%3hlvEL7(`0Rzogopz*o zj_YUIZesfh-?XmDQeZ^gi}mY2-Uh~t!rwNaCahZ8?oWY=YT9n9o+7Wy!A62}W(_Os z39x+LbUL9)#6XB{c=N_pwDzB@!35A*cOTn1lWB+70BFus-;h>alQkm6YjvWNxtHr@*&xcDoZ& zjs*dey14U)d`akEo1Yd{n_cIJaQ_@u{u?YzE&n~g1)xn;&FIH6J#By?MsLJi$CwWr zQm?Es)VLO}$j^{^o5g9P`$0nXoG`c3_FFF`q9w*5Q$|*|zuF{iz!ohB0fu)ioncU{ zN=&rCz8vy8hc=6u`voEbU^j*8gc&EP83XeajW!HA9al%#%ZqfqaF7mZ+2)Gysnx%q zc)9quZ}?3S7}W540_>vnvR{4jc>>uFd!Qv0aA1t#``Cwi-ebd*l?fpb#{;OYPW$I- z`70^Gm%Huc&a6VJG()d)qfd_AA8b7-E5?*8n!Ng&~5W^#A8xF$xXwVXn($ zK#Z~NOjM<(&wj6~_9IaBB~h>)bzJk@9|i#fsEj(fMyw>sGi}$Dut3(Q$MP}ZJK(v97;Xutzk7I?3nTeb|&H9 z=A5I1+cI2$$w)VQ`a`UGzewXP)$NZznOrpHEuFq;+HoF{fwA3ie;dQ<6yK9Z{mdlo$c*F=364%P-W!>}V zJJyI8pw1=Nri|716q1U4vR|PIBli~cH7GuU%`jSx?97Tv)eSjnAeQNOcLuAPe>Shw ztJ!#7@nJvpd()-XpAbefob)|_`>>^D$+cCy)TiXZg!)7=WS+i9HMhnMGOWG~MY$Dh zigG8%SD@Fq^yzrupX?#k4=QyVjgUtBvr{h;7c8B!&fl*C(J5uT_EDm>ad=A%D`;ci z{~o4B)r=(j&JZrr;2VC)GSZF_m`)f5K_e9ymao70>dgX9tJd>BGMq;DsWKNz z^ZaO+?OH3pqTtJ8Ve@Rn4yU%!c!R9x9cD_EZlffDDRG60ZvVKG1eikw1ZD!pt>K=! zWS&t2mMPYPiHyV*;z_|5MdbE|krB=B>zTl?!Uyp(o zDzypDwOn)*{{Q2IQq#xbAn`TezpYS;;RE`4VPgBCkE z+kM{a80)6P-UKn+l$)XmVEl9Z+?{@`(UvbGtV5R313D9)i+md1t6V@|t!xhj`}Uxw zaxY3(8@4~4YXc^DvLB>+2f=E>Bg;*`Q1HXFZtrpKGGIId=lP{~0|UaKZ0+jE8!1^!dl~Qf z0!($6W*>|!uUSf&VUqtRXnboz{q!lobb`QQ#%C0XVGa>%AX_3=51~X4>6@zU0w}!e zVXv@|BC&e`durRU1YC;1`O(On`M)kt!09GTNu~^ljZ%}@jW+D|;C(V=M;Y=Q;Va!n zyBuEm+?uy!hY;vU5nKYsV{KH&a|Qd(q7Kah{%mv=Kk6czw!c4VMC74tyf~)PQ4=}T z@LNW=khhJb<8lycO^EGAt1F-|dqA+-emEW0vph!2zwATwI0kMDqg zFv(c<&0j*G86U{(nl5FZP0oN)VY5&{)ZKsDUP^#u@MS4q3}&;&1KIO+CrQbyFoyF2 zzcik?pu6{Pq>x#ZX{Bh-4uic=WLpdY}b&yu`%1HR%?_ODPu;%B}txP8$Kt^`wyJ}@6Uim_&J(0!O{o#JG(%Tj|bc`U_gz8G!Ns7EQyVz^oJ*rz{xir)x3Lac2ldZPRyQ!4G zYBCzh%i@^VE_};^*T&J9NnU_d;G*+>KRnKT`#v5>Vd~7@g3)be#|-Dg`pFOj$$aJB zHShyNdJ*IXFYYB5hnGAIhO~a^d3x$wGo8TgM)hSP_-GYq7CQiu&lbWL5gR z<|y4R0m4LE|EpP4-i-Fcnd9pPjgdYtxUPnqf+EJzaculw2OmyAAUZd%8|Q(!ccf2n z(_$iIz3p2PIB5Z7ua{cvhHtkuY6tFvNR4_G*vyZX=-0PTro}W+F`oM2Rb@N53<~Lb zrMmnp>e}~kR{Vfr%A0AzT82iZN<@{5`2^t(+w53~$bLvdx{EX^ z`4Mo^82|3GlTdW7|E2Pm51RHtzAiT`)nu2C=)WR_wht`kZ14zJ8w9$*+DeqFI`7LNYQ>n7ID!0f9RvCnxLv9Mj_gM`NDgt>lj97RCU^ULQ}-!FKcM>6!wG@z zp%?rY=gW?#k1##8w<{P*{ABck!Ym+Fc_-jj_dps(bJz42gQv(4U{w9bX)%BVfoG*nBo1%Sdi*Eg z1+v?d^)GKWOw{+Kjx_1qNrgt*U7v&XL%8W>Nn>pK#+@%Q4pwPLSi5teM_OCeK8!Re zr8DR609K7Ren1qi4I)<%jGpQ8yah~i)>^kG*A3iPHK=0FU=VQA$Er;L*I^(3Q+6jo z+$h|6px+K%idYR;oHQn6?+T)DwQcgPl&Kog=N~Vb^wrORw|H=S`$*chuzU!EZMr?8;e_~cX7}iP{+kqzdBtfVPdjFKtC<*Y(~$u}ayMLR$NKvEoWih7o zC~AC8uB?nf8wY7+V#ExKC(f9J`hVJc%cv^1sBIV!kPtxuQIJriQ>7b3kl1ucgGzTd z2pA{=A|(yd-MQ&*knZk=O>OdB+asLwj_(`akMGy}j`5ryXN<#vz3+S7_geFs*SzL6 zKjk&ju{kF);$_<{__N}ro3)bYsd*7oS(bf9*~M(rSZU#RUX+^hjmxQwXuoMKB|h~k zZZK7BN~pf^Y6rZ2hCvWryZahA5$%t$ag@C*Y^3k~-f103;_*Q*nbP_{7l5!aZKss8 z!Z-Ozm3eOz|Jx=Ps}}tipS*nMkE=|Oqo1S)-1F^Sk}CDO>i!mkcZjAY z{>1__HGZ{ksH`rver~q?mm5ptL%rvRS-khvlJ^`c{K`A`d(T&<-fRRle?jtliyb5# zZ;f{j&fv#jfHD4|0YivYJUBsW2iGa?uQ7L@eh}kF9b`Cfcbi@KqvYH00;->-wJxmT|^OF_Oa4dp8p|KbTQrw z31dFAonnnzdV8A+fnhZ2CPpjlP07#NXyO?0{ewxlUdNsfy&}pc8p}_MZ?av^z#3zn zOqFTK^CXSJ2}ajrJ<7m4M0iT1z5;H6y)Z0noWbY^xGNH2rEe6fr*DI3Wl>p{k^ zxYWtuIoDJPr+NmO41^PjLNOJW+B&(h-xc^>0*(EY#^ft(&a-~ZS;KPH%WiE7AJ4ee z{=S{EpijJ0DlzSv%biTS))x_5BPJBKS`iYC)qY2($D_|&>Z5B_-zC|Sz=zEwUX@6{ zKGnNQ3>c*_2<-0Mh&p_>%tX?qL7+5;7tYp4%A34PVF>nB*8bX{)E|TaXvHKjbS=H| zsgKRj$`_hgT3r79?}5M&>-p*=v~&Yxloy;y0j!-8FG@xYNIVBU0amI4;@cM-qwnw^ zuo-IP?SZu(ugpZ&7jEQVXoiK2?tE2raChpM6iXNF0t^3O*OBKDqJ&fP;g70ocC5ut{41t1=aQhf=IHNSy3J z=4?X|w)42I56%M6G41bi>sCLuStF&?|IjaLzuv2~#hn?-X8QUCvxij?4Oc@;*WrRW z&?A1o2+w^~>YzCpoK?LoO&d(Lu-SR85(MQbeO2xW8^2Y)zeBwTq>=Bc?iDZmM#iuD z#6(D8;}iC6pPa9>SZFEs^j*RJrCGr~Uw%1@YC~v7hgR-4*`|tvkJho3o8uPxt4B2@ zHnWc)3!rAQ@X3%U2!bMOkD9+O4_QQ64h-83(WZR&aWPX8h$`FdTR4Ls6fSjq#0`*4 zHs!n`KWhsD5IeO+KYxr(2P8-DC;_3HJDg&G zRF5Xn7!3yt?36ueoEo!)sS+pP-rm%L>`$W3i$NC2fePDPin3%z0K{l82;rI4jL;X# z?;u=O;^JD1j+X*Ao(>4-Ix{AH^a$6XGPuii`3ADC$3HMnQcR+xfHJE)ddfWAnx$Zp3!G* zOPKWUt_X+M&3980d|4iEG4R~YcxL33E_V3qvsh+uoNEhik#D4Ud%wk1Z1vK|^K$y6 zAc32K%BXWUoC#U<^kY1HjwOUh+o>)}>_utW>63zcL>z0)lKpZivMhrNO~&L5B183j z`yN9R3L=9ZKB1KnzzoA;ZYj^5_e^JXW62NE7Zq(=n=w`N<;#zz+bSNU1#jf5pVS9LK}}_4O9t2HGXqA5K3V9Q5+FZ!NcNYa7^6;qi17%! zqI>ZIX0dYgZh!Jce(FQ@GBZ)t+-Io}swlW4iFr|w8%PQ7cE9a+pMSl97YYWGyQKD3 zMnVLB+wF6vh=U$9<%QRV^#e8TC9g-L1OzXvBaeU)gXZ(46g_RNzCNeLHIKT+(`i{I z#Sq+yhg|ohSp!*Q#&T3nDl>UK-Bohz#dc*nnBcdEYt)%$_<9g#- zKgd4Y5JW(@mP15mBzs4cc?4z4T7Q}l8y&trs18JNR>j&6sr}Yn^thZWL2`yg6~Knn zq1@)3vOXbCEwdsucFUIy?5om?wt4Xvcd^GY{D{b$OuhGAtfOhTZ&XLE72CY~UX(3f z-if_n^&`sGahha)ae!C69TUnC;?-bqY%W|T`{PAvHqB8bhjxV^w@Nct@GANiocsZ+ z1bR6d(Y9u3$$*XM(7y<9=ni0K5L}!-h@QLKBt}QnQS}ZOoLiE&Q;=QsE{Hu7@~md(8X{k9cQY;aRVSWj$lgQO z_2BC-<9NVjk;ywDTfh2GFv5y{)m@$*Flg+N* zl}Q#fx!U65@tmIazKoNdlo`(qimPc}Q@JNDw?#Sm21~limpXOUImhV-m?h@`v~_+9cRNQ|{ph8Nl3U|YXS5Xn|g zMx`A;-gv1B#zQqW;r_Nm*oOt;X11O|Ss@&g`W^nCu!*ogco>aSL;Y>$&+4tD=E(fE zKG50f6B?>?y&P!>s9Jb!Y3B-Lbjb~*VS9Sb9VQs-*NchOhFRXp3_T`=Y>8ntOFwI^F zsC^T4qcll10Zi5sn{rua;s*AHXObfm2?h86`-=oO5%{}Zz$%Mt(X8(i&g7$oEhDB$ z5!Cx-EjWS*Vzj(9O+N8VUL{(v-S{RT9Ku2C3uR~{u$Ensm700yo2-T~)fzR)%sva! z`sfi*liCwJ$xQNC)}1xIS558Y-){pp=V&xmMpGk=;lcMs`ofgN5TD=JB}Oe9%jmjQ zp31l1`@#lT`Z+)51jezR0;?bzhePg4z5EF(Gwq~~6OV4(yd44vsq7j3SWcaHa|6!L z>dqtnWF>!KzR)fOU=>@UIXSkw3>CEzVD%ZMdO8?v)DD^wsEM@ff~;!!j?6IJF5t`I zegeQ5RhY6=x6b>S$HR~8woB4pc(=*;%D$1G4kIR6Ewbrs7`H4nV2o7(pG=9R9>-3@ zgj?hSninUT`<*iO*twKq-|*^1JMMn^eF{z`xJFS3uE23TPijtxCxE_Wg`n)BeE}>} zL&!NpLJeOuzyZNjVhJ!`w8 zI(N?Jk|K@O_k^zR;bqSR>(_tzS3evtZ{|1e_pSCsI3i0|@bN#FB?TG3od!)08X)Uo zGyeVSCH({G0t85p_rm@n4ZMsOK&k0q7L?+t0W%&3a3k+aw$ce3DL5G3zz3%!i{vYE z>5Nk>-z*tl=zQL@F9^Cw)IF`v5fBN$%veX$iL!iz`ql=p<4$kBP!iW8z&$WcTyGHC zzs2r^9I zmeT}qmqk?Y+rWoyOalIx31MrTRoKmQ;h1wt!I?VEu0SF3>YOmM?cA{Rhf3zqeofqo z)sOv+qtu$^=}1U;_&87Tcj|-8j+=tgu+M#*mP!r5rCnn~K^nZ-%upQxQ4VuO@oJLY zTpCB^Ohy{UPQiu6k1#XiK94m7HL(vxYA}QcJh?1Ms%ZZU;(; z2aBU1*?otoCky+aw}JUgTN0sn8Q2`Yi?tsBg0U57Y$<+<(^>v-1N^JN`P%?)vD-W= z6y&!=?uW_>z(ut^&+RY2feK`z(CcYX$yZ`!S_e!h&3D-%&(vre$#%hTk|KrFed0$9 zj5^9LalaLEc&j5if3oW^yIFK8<;wJHrK zMz*7UW|R2;$|%qS|6~+2wmt68)J{A()LddmH2)+mn&}l22kpm7Sphi{HRs$KGLA{v zp2O_#w!2irpgJThmLB|6grA~5*=I`NhBs?>Uv}uEbPUP{ggTh!%yif{S7%}@RxTgB zTn+nTCU^}7MIOy`8l&MGeqyvvsjKX#0W}wV@$ZruD%t7?i{(^omATen++|-4`sjXX zXHG|S(=X36Pfh`(;aS|ir{Giy+VmbTE=h+>nFFWk9ScMm`Es)}C7o5qPjxN;mBD&x zBt#>a8X_4Wc;R$89wFi$4YdAji_=xEj@ul1^&dhsocfcc!k-!QyiqG?CN>Q*s#d=M zUf@)O<{KmV0$l;5ye_3cbCRX07DN3T>VN;~V?tTW=r4Ki=AV1gmY*kEuPH5^oY4eV zT@t-WNuF@sKW%_QqMwz%^FBR2Zb_$7H0YFq$GMH~{MckZYrFJt?Ij>TOsrE>yimN1 zS)R0T+X@UJF_sHBs*d_$(;wxjId(jGu=nd(HO$<&qDtpn$|sZ$ej!S3vGOy5DzUle z@MxHin`2SXwHsyIVZ^?nQsaoG`FJ|udrG~g)#Wx-R1AOFyOYkB7B}t4)j_v`U~2uy zb%f00!UNgIAit3Ik|I^+PkB%=vhtv>rynr;;A~C*ljqLTsGiMBE zS1U|;=(bZwho4lTnqKfK0!-wTir{y3poi3FRiCWYPw;+tiO~wUnvLAE2BmMh_w?B< zXgf{cc1KbAd)y}R0I75#CmQcv+HvzzEqX3LL8YJKt!~`n-2-hp4F!8T{}jK!=dltXr8k9gQd>6(tUE8xHGmc7GH|%|F6dAM<1pMHG{gCL}q4tYK@@ZAffC{D|* zU=QH=d^Y!ymAo_cr=;3|+?_9B)5aS~V*W1|D29vFXuVhiWxgb)+$o)z2STa?+limh zRM-(4pY5gyO6r!&$7mj$I>qFqTdnmYZv{ofu^fXv6Na<`ez(c<;~4sf#m|Rw!WZ}_Dh~`w`8`@xTjg6!+74pWlPq03uB|oVln&66%5Y%r;si10QE^65a!1f zs4GH}R+03uaaD9gGL*(YPzQu2et+^L`Y73$E`OeQDpOFEO%u^`I{gFnR~gXRI6Y5^ zWMbF8Pt%R#$#g@VLmC>QT1x4~h?pCt-%4UVF?WmE2DE0KnjTw%847qM$a)^pcgp}% zGmuOFlH^O?uM$v))nk**0I^VGyQGU_9AiAV@ry~=&zfc(TC*1GT|G#WW%!T>!*^aC z=E?N{b5WO=F%gr&w7F6g?l+%LVrkv?=hEHDx$``~H+%}h%+XA&oS=|?b)BDN8$>C_IK{2Xy&&)~YJDCGgBpIwb$YVFG|-}0L%$Llwt%CQ-D zlvvfHB^EqJv zvrax$!tmS)w~+o0`jfO0^Z7$*q9^dvd3`9&&mMCP)&q$yiXBGDz9%)2r%Y5BN)i|p z?~zb28r9>CE;H@%k`<9s>>-5TjRh6D#GFd73<&l&C!xcAeSP&TgeE%dmeu5%31qYj z5MuWX&!(7P@+uE*_J=KKD6vC`Qk;3FrR$kL1rp=%ZaPSz-?*XFKo}^IC~F!<=Q8R> zUgqRR)BXW`8HLpfc4N|skk?OdEGEZfOjGtfd9O&>v0-kle*Oy1O$u+$IC71DRt!&Q zM(&=k3%&_gteBNa^>g-V<9ILJIf6XnqI8oF1C}}Q$%XZ>cbD(qyDhGW|0FB>QI)C= zVUPQS`=iwzx8LG2(6!x4g@O7fd~HY#9IH@9(@9n!~`WrRpyI zm2~x!_xQ9YJ5U{Daq==9ua?BCAJ=+#{XFpMAE1cLl!m2&nWAlwwuCxtN#f3#Wwri= zsz~+3G+521CppLUUpzv5n^M<}REli6A5KhDonDjbItOSfExLXK;caY+yNmbNRVg@TPf#fxl^Zq3$E^hZ4xTCu?!p`sW1w zl1KuZT@!{;K2)hDO3eBl!`qm#40`saA=b+#=*teMJxm&l%=8zwC&nY?0D*;t-Z4mA zr`fAgQd7tC^cqC!qV^OixWGgkSD@9^`kpEzDFz|Rh5|TS%Hug3YU88=`(yO32cA(`GI;UX zqm{#-4s+gy$HlI7PhRdxo^rodR9a12A~f%up|*&TbMzMcyC38>P~^=;2ESqx=UL@R z^w0k7McjmC4JktlMUa&D2~KTtZYxjYptmGnZF)pQuu z&*5f2f}xRGj)dvmAXhU9RgfH=f6=$GB}F_IpqsEy5_{6df6^yTqP26FN>;p?t)UTF za(V8efmdeU6?8B}@v{P6kIr#cd1F1I`&2L09|whUQ6t3;Gm6#TJiyR~JgxjFt|4;t zg{R2|N;NcA=RpWn#~|61s~Y7v!N5L0?Bb;NttVD{)w{tS2W7mXDhFHab$dH@*S(nH z!>wqh1lJemGg&5*VlGwx>#ATIm~ z4qqAZ29abs^v@&FW)8CUXeIZ2$j3^|PyJdH6amQ%#*#xf!AN&AFgONbd@}-ukGusU zc?X~SHpA`bj}!T1&N$PA6=5q(L_?+X8p<}pGI8DPnz}`gj4JpJcO;pSpeNtPhVoR@ zNG6^SN}`!3SbiLArCWzyjP!PIYEG)NOJkn*rTLMlhsWQOfyX*avxldm6jb(g2|wUr z%hsJ7Q?*{~buUFPb}%_n?wYg~7RcCDR4Ck-3x#I)><*gC$<2q|V>?~bPL}8&D$l-r z?qQ^Ok^yQ(nZ3G2;bPP>#0gMEe((6|2<46B)?3J$$fl#&``t zMQ8{nQP{43T`R9oDPJ8e{>X_A`6-Y-{j={Yj%$`Xo?MqkMgIlgmUvW^leiJ9s90|i zaV)(mEuqKCAw#I3RgOU~V`dRUEA)-z!u?9=^c(K$1ZH&U#zUzC@zhL;F~i>b`YsO7 zZNlTZhiMMF6k!>W9~y!qE#3QU+vmTHS0ALBxyr$oVK_1GZeBf7Wr_^sXx!S{9KO6i zkq|J_PKexX$1BFJPl7v-jaEd$hh8P?_3TN9F=__75W+s`ydTLIWc>{WU6G3^gl$2> z$TzFWN8Vc$Gg6sZd6Q+TCT3MV9C+>TqL&m?J$j6V(65hB8pMX^cQKo;K99e_#h=Od^#?&- z6%bt?0uP|6ll|4Vk?Rnz8NrKP-2TR@`DTCHQTxrYK^&#~Pv3mV)`AWV4yAvRIif?_ zm?*c66+CVGwV8s9J-fQ1+h{b6pD|t*KYvLo+;Xuf9Bd4Y*BPmqp4PSX2{_-LoNSk| zP#vYNgpQMWy80)h)%DaEW;rHu4x6_{s5({Wj|e{g8I}Z*8yfbJ&&aS|ceYb@HF0s6 zF7=abv-lC9bo(G2%5&e^b#%p!gy2>yE%`t*|4uu-DFJHUyiZW+lfMz#H$X_~Mj4nP zQ|>%-+kpNKdz^_H6Xa6DU7-(@6?7nC7!0*Ox_tFaIlEcx2p zvpf)dY7FKgng^2u*lQcRbUxHVJRB_oFr4`Dg1bK_$fZ&}+DSPE5 z>Cv-jZ$6&WIaAe@A$tFNyn&ege(pmK)wh_bl30&<$mSWG$3S_CIrHWzZZ!2p46B|uLSAT*Z~{o%4)k01b%6%t%?hv4fT@8&iU#&z93SXv zmYpVu2f(Vv4l&dVvS%2D>1*#_$xgsK3T; z%D7JvXcn7|K0}4|nr3cB91VXCD26p1@lMoOhHVz;xvy22Mz*T@bua{aFMWjWHj|iN zoWTzPgQ6D2VLkyv3|~Tsmzd)q$IuI!{<#dH6(sfxCm9XU0R1GkB zkBOa~-EL}osUdsGm3wUN$b#eMiT2g2tm=Q1ic0tP>J+-otrgGlAU>E`ts5l$I2O0wvX z`re}?SJMp8vcB)<7x?qWtW8xxjmb*cO@|ilKRN-eXHao>oigveFLqU+F^t*rARh)P zAbuc)L?q#7dv)j7h&#`Go&U>xx|)BVj6X2P#FLK-s-wR0ZX_UQl`IYsvS~qe=Y zTSM%HJ_2&kYnEe-SC3FLQy*v*83p-+zJ`mP&w?MwhV2KFCc(x?DW7+vS9@mpsXK-@ z3Pl*rE%IxUVNYy|ha(noXxbOp*Q<4;P(hK`k(A1$qrKnHM)FcZomi?ah^w8h>-i#PsOhMohz`1=Sz#%kHq{2lk3aX%SIvh z#H;eN&OJI33$d#mh36ZJgshpB1i#+r@jp>9X1-$nxQdvF7YnbpNiuT!`pUmbyhqCU zNzsOWeO&)v{vq*pPZw=p85CMh3ji;R7_cL{9JZ&-K?6fR5D}I8edv15d3}YqT&=8?lS}{ zN+7Bbvzxp#9m>M25(e>;cN##J-g2i=`Hx8^Q*Jvc)cr#sw*-AoS)gPc78Ygz%3I&Y?w4OXg=RKYmZviEm*A`3@ zWm15SOJ+vyd6wT5%g<{Uh*DHK<OcY*8GSVW+`CK|#y$qZcq?Cg2-0nbZmzwT52F#qDoI7{(gguMOmbhWyExAzMOvB@9xQ z*Lk&QW*KdYy(xT%)11g|6`8%~UdY+Zhl!(AN2SvgYNf&IMHy%Q@Kb?+>nNndfLADB zW%4E(KtEF8qvimbl9y;pBbj(Xn{%WrI0$3r)suWCAQ_-(9&7RtG!<01qnTzLz$DyP z9JVG_abXkma^qmzvE-PtW&iMQctt65@bF(;^iil2g{!I)n4`Z1vu9&KZ!J#?6qxq9 zZ@u=p&o(l%ni}VD1J7ncsr3c~mM{Q{f}G(|-u(Wb24_A1g+qlY{QS3@We^G%&d=VO z${(?m*YGzV&sPmU!!rV4u}K`0-u!LOl)77z^DTj;`EOgsKtt<OIyt$~k!qm>sZ0ucaQK<6rLxa( zji;w85Yw5>)Ov9^ZfO$T2kH7#1qbeKIu@qDWa{aiBpXwTms?0ON2?w>pLPsK#IMeI z1adMK{i?3(e^*&ZDMz#XmjLmu2a{{Ed`2WqP8!{jdfJ*{s(J~)ho8fKzhN5qm0=@z z#f5wp(nPar+7)Sv_#A08oUO6El-zHEjkQ)(6o$e%*qoe_q5xBgo>}<#H`08(OYxq8 z0H5=EWp^p9;%(K>LcaX?!|(t3*8-&wQaJAI@V|)}l9v+!#e2V&T#<j1H@1M z|6RQ`el6&l=m5=kWTyQo{-Lz;^@#F6LdIdfJyrFnG%Jg-qqP--RNQnKVaM?Yo2JQA zW`Ys02b<%=)xa*ew+9^RZNM}@_wwSX=EbrN$SQnr1%95gUDX%f*XG{yjY6^jZ^>b4 z&3Tu{5p;SKv?c)(hrJMiy#ZH&@6uLtageK$DCXa5&E{ax6Kjqb2i_I&yam{g>ml@) z2;OA~^gAHP{!c!o)KIl_icOSbhs&?BSB!^QLP|7yOlAp6i3bz5J)^)> ziacZR4`(b9Or4`*FwCX>R+C3dooc`HEC7Pcw^OZA`aueCk%=y-v)EE#$%o4FdenJA`x8<<2u0J zgA^DZJdzb&L?M0xge5POirJ$-yQt^(ei^ zq+T}m98F%bBb=oa2zy3ANX!xsB+F4#?uxdohNplAy(u(}*_wx#Z*8H4uCHJ0go^?jk-gqyP#u?K^ zf==aZ^+EQSwMdgb(3|E?)M=b21cta~fh>yyxRg3-3rEQ!diT~fhQU-~D3EAPt^yyF zak=Z0&0SfQZd9 zd#_Me+DR%ho@7TDldZ-%oz{sE7$Ggg(-w0H&T5h2a~Ti`CM=E%FNpt5(X~-;i*nTH zePJsT^1)+6QNDria=5X20kVR23(#?S3Jysv9F48VCTn++fwYN3JdQm^k!cbf@I_IS zaAJOl@(*5i^Ra=L6Cn261RW6_)^Lz&7LoEgjDRN@H_vyK-@O;g`m<;uBp|Na_z-~L z{P0=t0IB3`zqQem3|Xw55Vk#~L~-}N)_$-GrwtF;oe-(rGCM?KD@ph^@nikWI3&FfT)Y8d z$}-7ueEBTkhHi61VtMuIQ2~Q|Gy&UMnh8vKA}?4DfaN&wbk&NTMUJZhgr^AtS*RvD zHW8|hAdG2E(AnP$BN8lFX+^eJt;x(wCmx^@*HpAP=03a*&Tj}YQg(dR*POb}M3zZA z`%AWgVazBIs#&DsI~`W@)@lmYaU!<3PkR_ADVx|PixUS=-!_-QbleXHt7T$%%57a_ zhQYg~=*V`X)va4m3$ zUD1!ha_{` zNHz7g_un8X@d(5}g1Crq(ZBio3y@W9$(=-2V*ib9Pd*AMi6_KPRDU&QN52k&?}c_T zMeXUb=NPEDukQoH30y!G>c9I(7=+Hd3oqoQuVPv)NIsk~|3&QHhzo4}{Ojk{+xnh} z;yvu{zlRv=9g6o--*I0)y?T3)S%i?5sYb4A)|ijM4N#DOeRKU2?e|FCQh6`0Fvnd{ zz$OX{5H$V0LuAxSB;@FD-D`I7i7yDN-fpyCuTxYfWE3uzx@#Kn6&?u0sBk#~{HtfX z0}z0=_f?gK;yVTSZ_K>}TIwrAFoT9MQ~5s&fkE*<3-R~O{(mlnqvV!kzQ{)`l^PFsDG3Q~C7qz7e~t!@Uq?5RRDpskfO4-$+xFJ@BP{6 zjk!qfGae0=iIJs%1~~gfb!_gbz8#xY99WahR}+9ZSH7uzj=UH8KJK*PITbJ4|9z&%PlAc^?Hew)L-Pa=ngjm5bP(Cx#}7UPBw6sV+Lx6SBi591!X>0Oxap4Va(k_viM zp6>>F+KoEWF$CIvwrhEJsai<)hi;-HY(W`Um3O5%#-FP0}1*YHN(bsHkPuJAM z0Mm&QKovP^BM$<97Clf6DFiK=uR&(AvD-rK*t6!L1&qqV!I+-k0QcwvyqyQwEj2MQ zFRpu~Q?ZX)o5d})%@wc%jcj2N9NvS^DYVj7lD2vaoiMxsz1TqvS`0#r< z4^>LV)TDHZ$CsG+dmT+qbEI95{2)VcUwRcmj7k?$t;rnj%-GG57=1!T$+0zvYj#U3 z+EB3;p{uU0A`#Ns^5MIU!b~!)Ig>rRvm+0j%`^N$A0bl9sUSU{7G`VV8DBxR0lG~2 z@}er9f>14(Q$^-E1Fh_l+^x$_kYmxS=4=ez#<^5uYB~TtHXmd_#oDtJ_%4oy&?!#b z1ttyl;pgxkPX}QYupX1{Sm+=pFaU~W*ak2Z&PQ|s=aerI^Ui+2Hv_g&TNfaOD9bk4 zWv<#+IGO;4cqVafdtX)~yAdujz{~6{^l;2nE06O{qpuwI6%6xQ!EB62mnqhTUz!fm zHhD|3YE;?`vuu&>4&XZU;lRum(fv(2bL1IF1_sV+aEC_ImOTrAjAt`J7-DX@Bmg~y z>vMRto2dF7T3N{)Ihv^bMzib~zBCILtQ;ZpF#o8W`FhM^W4w0i%+BYaW?N&N1l297 z)UfQlr)E-JHx{ibki}5${TnF;m8?AV;@hYR&iZbH%Bm6GRf@9wgOMEOCZGafTPhPL zz`y?rOi$868V30&Cx!?SB7Jc@2g7b`#;xa@f#=TP&Lo%~l|rpX#Xe2{-3>@U0deTS z0c1?;eaU{j+ZHppe-VPH7R3p>)z|WYo6K?M!DDn=FNZC=T8{*B6DT&yDc&nqH}sh5 z5`WmK?daGTyhIZg+u;@G$R$9v2+fk%v?=kB`ZReuXXAR=(N*Hmp?&&zMaOZrEnOI9 z`f?m@8^&~IovM!p@yjUIIPRA@IzyuwZ10AJQuIU!$JT9s*pp^56wJZ)ZgZPzsmf(B zdupDkl>P>Y8;bc|4_^a*71pUtsTk+F#SH}>nwoN;9L(XE8~MszL0dpMO|A~@-5OEq zK1iD?sE2l@<#1wTGprS3TOQhe6VwOgJ%?oxn(L>Vh9xTaUNNcA(i1hjMWt9r(%)yM z^`)5e#Igm}g_&G@sh|#;iX>6%q5xJIt>_&%C^FWAXT%(-9` zn#OW>%!?z_?_Od_8M5Pm8QwJMpq7a?LR4x2+dR?Lk|JPJO&-Z2cf7r-d2Ej(hfzbO zEpQ%t(qw${V+S@1|Fj&gDsWNxA5D%n1v+vx*1S(r>o}UA!I3M>=WhLW&Bi{DgUzXl z!+hg@UMbIa+0kdCbz?Vm%u6O+3+uP!gEwT>AM8h+o__Qogiqerxfy3&>kO(Lin1dwlFcQJ+DDkGU0S7}x{4LN#WqRQPNF7l69Yk}f2)`ne z^6`D;k-{&rjq~b);W?K-8oV0CNFHuZPkfyxf#jVR3_(6 znafsJ(c7sdLR8I0-g*k8dhv43r6(W4OGmrDnAmj16r`fG324a0mT%D~sv;qwQ%Hyk zE5)4`w^Sc8)MTUIr!`WrHGuCeA`;<3fG|dH;PTCwG$ME)u28!~X@sRBqFy_pL=M`- zpbW7o*t_u4Jux28N0F(890b7ge^FZO?I+U)EjYVvA!%CU%EduM z93`a!<1<@bIquKHkES{q#|hYG*Cx=k6erIE7g`H7zb`vL+0rnTU)65rIgB*a<#D|mUgN@OCG;5C!=_njHJY~moev>`)Gkx!Brojo5b{}hh zPm(6a?uQ1JR1aciNCF>05?wl6r7l4%o8DIuQB~zXp7F8JDfW=`SigPj^EbI`qL+J| zM%wn^0pZ)jWR{c8G1PwB70>0levJ4!x`Ucv=J8ny}QOxEndw?eu+M?K?J{I&@*@05a-rSVc-`C`X zxxzE33pa&H-s*7KmbhY_6TODryqlUg`7Jw%z43R$(P-!D-L_A?+e=3RIycYvpT+WX z=yV|rPC?(8EJgHoHaBxdVC0f(CU`YsZxFNTSpx12RvAm#z<2x1GK86wyBpX=RUx#+ z3JL``6BdFX)v3h}8Ik&b1=|#IPF`hLGj2j5>e=6vX;s@j)S*y0FP&rCj7xc2)2;XN zT`B%P^68O4!Ao8}C|ZMK5?V~fV5^<0mMqQsc+d>Ox~zG8UJmPVf7peTvlGX8vHj$| z-=(D}=AZ0yPL{%EP%=O4xslm~PK)ZuW<{5)O-MXfYzM~D7b%_4$x#6X59rZ5^ty4D z+}vrKc*dYuMPV3E+&tADm+u=iBeI%Sz+@;;QG z`caKr>&2Ae{>?NC(B9mw-OPQDU2$%h`fl{zp$zxL&ces{Tk8i(an zbkSWG$C@dVzQ;Rr|6Iny4?;?(we}_|Z7R8=#>$du@Bz+*jF8WV6rZwBCDl_62(ix| z0?xlQltHyZnGmZIj#nvM7j^53!;)k3O3P`?(}gpWa0yHrBwMnmr{6uZK+D0u$zI5T z(?N3_CFk~cVSU9B{QB;3{eLKTJLHpEsuQB5v%jnI-45jI5=U*$de=__WcZ?&-XY|F z*ZqeKAPrUpxLK~mMqii#&9I{LeeZAaM5qsxqp2oomOuU_CMbS`l>hEIwt~miXYzp0 zOgdetWc?fRpHu*z;g_dy`<3oOf(Cr1U0gKL-#WOLC?G$i_E}!RuRe1X@FzdEf?@Sn z7rp{6{L2Lz-BnTKNeuYRK6e}K`+qO|t`@lP-!&B1xmFTB_{<8~ZtSZI{{<+R{}UFY b_VQ+b4$m-8Ddr<2@Q=hx8POaOUGM(|xzAqd literal 0 HcmV?d00001 diff --git a/docs/oidc3.png b/docs/oidc3.png new file mode 100644 index 0000000000000000000000000000000000000000..da46dc20a39c3fea7b6971d4bfba693176445b54 GIT binary patch literal 58719 zcmeFYWkX!c)-?(Nf;$0%yF+6M?(V^YYjAgWcXxMp2@u@fA-G#`8h36dd!J|TbKbvj z`O;9ms@9rPbB-};5&A_|3=s|o4h#$oQ9@i;0SxS2HW(QA4$OPdh~cIK01ON>$W%z^ zi-eF6(HA>wBU1}QFfi4?L{(@drSZ5kuGo)8;zAQb*me^f2N_VPpwA_+yga`+GT0Iy za8xKr0mwvMu-J?b@_sNdG+{9BMxtJ6JDS{`?kqCxi#w}ItExKY9m~tXb=Sy(gQ0tW zfx*B=Mm2nz*;_j}=?Tw*K=FZiPXr4&q%FV2`Sa(#kD&Lmcd_+13{yBnsppxSjkhr(8oIH09al>Bj_t}ll6f`eBB^SDOJ#SZz&l?zMcvr?qXnWlc zVmK=b>S0<_!e3IB2#{_X8Xo;2+Pp{K240y4ki2VD60$}KPh@_wt>EHXn7%?ky~j>F zISl<=`{wVNhj8+`ImEcq-r_-e{ z;-oraoq&&dz-iJe`wQt>=M~ObB@fw=&QDz3I=0Wt8|yCCr@NiEPXR~I^B)_nCqG*g zdir-VBe`F0P5*GW4}{h@AAW+wJq70LpWY6LDt_MGsQu}F&KP51_5uxIuM2h!4w!-f zC&IY*LE$gDzNT)cLP7GQZVxcYzW=2IKMM~p7lLqc6}>;7E1ZE`Em4wOz+PR^5CI3) zxqX*?T5I&g#X!9O+Svv(;-VaeanhqhpoZXMWGlJ2`aFvM1=8mSwoejAb;{79w@Zi) zpSTZHgAZyAxK$T&fG=bWR2V;^iDCsC)YmQob_ljjsAuY1F+X-27(A#_B76g1?k|uG zzN4F*%}_^OS~i3Y{>7Ud*kJj(Xwv?!H3(n3*=i64P;h#LAVUzheIbdN#4#0uScxHq z@ah6Hh>?eo;R5w@gr=CN@JD>Za+pideju*-FXtLh5naDa^G(VDOkpA*^>$Zo z!xbUS`lfcD=t1jx)xfBdoUqeDe1)M6UJLltv#d9%mtSML$ZUa+v^i&E#E!}Ut`cg$xK*=}q6tywJO6^?-WC_Z37zX@h|c!0Ex>^0^QcCW<1OAPPfS zK#dF;4AJXD(Ek8L4;8Z`>5nNBN8jZwAY?{L4I2~F7Wzz-O(Yh3HDpbN5%!ThKtb?h zeulhniGK-83495T60RA_r(kul{AmjlriS;+a5AD|`HIsA(`?g~zlg87-QvU2!h$7} zMq)++X%c7xX|j*r&kL0imqC?TBH)Xn6PiR z>659-FGdG4P99F?HPj#aKinO59FDIc-9Ea}KB7FbT(kYko(3@Id=y7`kFbs~_>qBy zTR(-g3-%e3#}8`@dkbz0Rxb;+pQ_KK2YV=G!X>;m+BPxNS0ZaTmO866lcx3Xp4}A!I`YFQ- z2A7{!!dehd)Ca{ZI33hpbe+td0B;6w=(jSkXrI6?VqY5HWIt>HLjmvZcipnxh;b;xp$>5l$qiI} zGzKIIR7&L6lGuO>ay(*925u5RGPjMfI!_Tdg&=_eB?^%u zwf*pll8R)D+LI7G?TIf85>*ms^=&C_(a$0euuy(}fjts|NP&c5l3}r7^I=kw?<5H% z$t8D2B1V3W7$>wU#nAkqk)XL#?kJ}z6D|K)>ZK6>1zw>w_j?IL!CAhSh^MT-oPULU z5mV)G`C+bF8Aqka9Eo|N`MBAYxx2Z}to9V@H0)eU>6N^SI-5e1fU}UC@_CJRIp`%1+}TR-+|4r$)U*-g~Mf~aff=dgGTHu zT=gXNYWDJ1;#WrSDS@T^9N{WSeo47W&Xqoiq4ON&)aJy;Fvpm<36YI5wc}hGA6JCF zXF5T0Ik)0EZJaosvYb-l2jJ`DapIZcYvI%4vt?Xo+GP~oNt|-Eowu;G+WXkY!!P$w z@1>1CdilS&J{@R%&{WhKM1sK&;ky`%T%%t+_2sJMT54a1INaK`?fn*PA;Lge?Vje6 zR#M{Fgc3k|Gn) z5rI-lQTBb|G3g2;3)>T;jBlEr+@2mL9&&yrJ%<5-!o7Xv(5TSuNKSYp1e|Ur`!y3= zb)-|Mlce|(&k}?2`|*)+)r9>7h@8vmB$;vXmp3W1wfj4ogYnUmnT(wBiIVX+shnO4 zr@MuUA&TI|kFukgyxxz-Y0m1-KOEe=9w$Clv#c2#PGDxOjbDua8dVx=O9>o-8^;;_ zInt3OlpUYK;ykgf`HjKaO8sns`>xIS;qoCFt_F$;YBq2`Q04$?!Z>q-`VxRc|C7Fo zdW()jtIoFjsb@;$G<-g}nW0c;nFf(6lZu7LoQ^W_Ku1(7s{Q#aY$tJ|d_;w|x>iT3 z^ERKPLI3f`>CIrGWMU#4yS2gB?lS$dBmc+G|0<)!L*KPrM+DB3aS2Ie|CPi@^R zCMv4(wOcwKqc$_+-U|w;lg_0~HM=dmojJtY&u;R}y5o>(SNuLy$dH~WJ zoLk9!*g3yAzr=FEq`@-8ItP4YKy2H1^YY^GaCIlYfp`gyi|!#j_n3K|tN&r`_-em< zum&*xx%iW&W5oMZwMpCig?@MCR&<$SW&h@UWP__I<2&Z}9j7U-Kt5qF);HFt2QxMU zXSNJHiC0eyA4P(cY5c@ zD1Gi=>AJ2_4K6!bmhd-GTp1NfKG__jIRi<9Dm^t_bVEve44YefQdbNY&ybHEj?Y5x z2qhSaarD$t%|?>XTNj~$A4Bzq#S{={R1E42kVm0LxM)mh!)Q$wx$h#=Fbjd6CrqETVYq?0Mew>Wm9fa`D&Z3)vO&yAA@8HPZ3)+Za*P4 z;U8xn-L2Vn>?m}0PTbu3;xyshaYj?vwHik+z@Izw>UcW8ltQFHJoxqbeGqIAlKc45#*y)nyR znsmr%j4=UcY-7Z1AaDH5u4Hn0uWldpsvm9_{?i05h8hM}!b#_*BhxPh2U9z>udYjb zL9}Zs8=6mUnPqWTK}v~dGQk>N^T1EVW>?n93(E5g8>Ut!mL7I@YKrIW-TTu?p-=J1 z>)akIKUTl5gM0T~tKNq`Djv&LS2Y`(u8~igyDhszKNUUkAygn+A)X>wM_WWyMSBvw z@h@5019aqM+i=p3JlAgahp%T-&z5pqN}Hsvj^U?BtU_;i-s*P4MxfiHDYD1D-tdij z={;N;R$d)H+~imv;j-dde>U%+v|h46Z{j;|cpG{>tfg&leX@Q{7QQ4|pnCO|`xO2l z9oY}NjcD?0%5up0YXJr=;!OG=RZJCVfq6p7zRccf8xCx~$|7Fh!rghJ5trJ=Ab~{} zQ57i_Ve2>Qe7;UA(x+*kx|Jk5Gbsz;3%0d z@KmGJU=snz@-24FPE8Musm=-yBy20<*0DI%{0#^N%Z9FjjD+vz?!p6`6u~1I@5dFyd3$xgfG$<4NC_>+!?Bj|HPH(w z{c|ZHqIoQauG6A3qsuagH zz4A+^mD-^fX&cRh(a*}6qqH>W#__??ZuW=DXO(5APkI$AeFTGDS5-wFXxQ)+o8PUE0Xx z;&ft*hpLCI+lpR{dyJ9C3)|__s@)dqrs~-nueV+%;LaeP#AYaml}jfD6Yy(VKVLO^ zwqLKrA}+|xpI2;jS|VC6oMpVA-p|@3zjfZfc}KnRzDttNqz*%S%ccUJ_sfrQ^h6%W zA0U!oUhwQ@f4G;(!y{xwZ7Yn!PMW)FhK zs7%uA`H1x>9mhTmLfvxthI7GD>L%>w3V|6x4u>3fFg+msF|{RiMI%MkOr2U?YAIwf z?gaAW0WTzqTQ=iqF(XwA`*ufj8afApZ?&V<+QlNSsaFQvcE5&(U3RHN(yMDHtJfA{zvR9MiGt z_Ln`S4YN$9yAI(jBgPLbCM;eCUPEc)UWqKWR@}}c=OVAd-NIY<54Cx*+gown@Gn^I zfSW|5q{u`$dFHjF`AWDxM-TE@#50;1nPH8~`La*yjc!dh#|TF^=f6Iiu$iqYTPpmZ zT%emLamv2-IVX0e6~h(dat`hy4IPw}bI4YA;B<85g+Gh(%$l<=V{5IhdE4e+(tY@H zXfrI{ZE~yncn=Ki1#D{v$vk#mrr3E|-VL}d8x5HLv}f419PwChJ%*v{Og9p`OB<@ofdyPz7OATMaK48eqTr$rhOY}HO!Pj1>ZTUa z23n6OR6#Mx|NRAmwC^VvcvNELAp$u6nH;!Z)U3!t-2r<03F_4`3LBMOOPd21!Y+s& zsKorGb5%r`v2h9N6%Zofm;CejrBejIFloM)xs)Yi(@R4Y%5wU>@Sn=^gv<`E^@nc* zW*Db43Jddi1cD2=B%<^A2D|#dNPHo2VCH0EU?gW$WJ#{0szs=IU$3`Rwn)F!X_sJw zV_RjLXs2Og4OF_|M2YPa?cnz!d6V+x7SKTRWu;LfJ0T_^yA){9rW4SVdPhDDP@~%e zRMH92Ux|K~XOQAm?bek48mf_+BbYB)Jdh_l7c(dS4k(5@-}aFN`hxRe0yyw*JPz3Z(`8=N>B%hoh- z^}h1oDsIw|t&*~ATOPU3eS3NW4!+TKzEq0?J3rY#5N|RLffeQua6`rGeh?H|jX^U& zgc2y7GAzMQ3ld=TN+G6$NrEufc*I3NZ^6lUeqq?ZtA8CsToS=h1LNjybY{0 z9A^A#0AxT?Ag*wn$aueM-+o^?IT{&aA$H+@VY&gcf#+_+9>-qOhawC@`AfA_$yl>m z^%l3r0f>>ilg!&HhTyESj`D8#Udeoco%5nqBlZ0=%wT$eDo;aJWB=mtaw|uMqsOm? zeY)-Kmd-`TMa1K(9aOoF)0PwZlbr*N!#iSr-V5^mdNgkQV5TE^fEaeMsBZlf9$26A?%DzSj1;^Xa=_}KnVnDh!{(TV5u{3 zB)`&C|JZhlEYvSxt{&OLtaU5A)z(_ZZxVf=cy13&`U%}q$$NSk-L>UKrCyYc+SH~4nE z0i3+!dKK~>d_$LfCe;&UWKm_W0Q(8&j%*x++qJW)e4z%3)dM9T;1Wni@)FZHgr7iN zhJ6ET>C@q}USOAF)>Wg6q_S(%h=x~@dlRg{G z9P^PEHHvYDF^PGYna9w{@O30^m}X+R7jr~b*Lv$>%V5)D2ku~hk6@Eygm&~PN_EV5 zP_Fk)lSpgIPgu^4Scw6TB#$Hv10SQ6h=3@UEHuf3Sef2aa6sm(a+Hjf)N7+)vA(}T z;-zDv**s<=!Oh1=dU_*Es7%ivV%Id+!H8R;b_3cJYDMEl^_bXFA8E0U<3BrFCZDw6 zXW-dqyw5n)Jh?q+m2IwVJ-?$O?!4W;L%MF+fqu|{PJp(8)Cg1x)aw-@5zTkVKh_W2 zmPBVq4@b5oV30$Tu@ax=`fS(3=Xjv>6^E()wnB8Eo^J5O`C$9X=0OGS)1(|GVOy6c z(AHFyV{)&y-1P%Pq95B&YbRx$GMN(lANg}b(~zxAGt93!?TvXnH?dFXsj?;JIjs$p zb(1DO#urZ)izYiR)8YB?xr$lVtH#g!X#11&a{!qNpJ@GZ2Av5HP|thOGUd7*Y}a{> zzD$gN$>b%mFfeWxPSCHG zh7Ni}E|wNn_M9#}B!8~p1pWSd7(hbw=Mo2V9uifVFGNDtc7{Zs7+4t?NqFIih={oD z42(Dxghl_J4*H9S#KghDh7$mAc6MfPW?`_lGX^kmaBu(^nE}kq^q?!~?Om-L^jzqz z>`DJx)Tkx)@rh3Y%IQTG@l{!TXtwiTls>|Iau7-0@#C)&7~u%Fgod zng9Cc@0r|y-v<24pufEJXB6ZvUN~;R|GAzQ4ti7T1q_TIOhQ;d$p!o*6RP<`|I=Xb zdsG2_Nt77IuAVObeoPHiE=Ktiev8_!ufi`Y_$iCe!c1UH-NJ>!P>=-$LYuD#EXmHP ztF%^?M!q>6d|l z#+ZjOP6Fhms}jIC=n)x$XKug5x&ESbE3>Z^s2&$k-QR>gP4c~23`7%J|8PD( zTPA$CV45sA+c}D0KYW^b8-{l!x4L9;zqMd-yEd6^u{WM=bG7GNp@3rxg^n(ecvf)Y zt7%Z2fmqP%4QgQ~aF`P4X!1x2I9`*hHp_}xM}+uFlb13QX%e^EUNBbz^T%Pjs27A^ z<$Vk;`4gL67|B8S+Egz&K^sp#>yvrXM-ID!!@1JidgQxeqzUNfA$GEi#{lukaAMKvH}kbOgRc^`M3ltfu4dM zUK-vF2I;n*KJ?Dg8kBVij>tHNW8SI>s&qiM_iM|jT&vURSe@Z0-UGQsZxEuV^#opE z<1Q9*-#9W?Hrb=6t3Tpr8`G&|E{9(+fJjCTq=i;OXWjtF43AoMc)oln+hj%wU#IvuN^HO z$&&WS?-a7_5c9WJp7v`xrO%o+yxduwPE=X+`(UslLba0_v{sMA6>xaF5sD9kE$2#N z4;O3mfltf^O`cD;4xOG!cpy z)d!i1!~Qt4ROWVUnxyKPitw;NgC!anG+WXp(9*U6Z1@v<@x4?8ztF{(lK9)a*d+#= z^4k`#!g~f{Crcp7nMqJkxmxtk)BAO3o|L?{w=a83)IiUV0WLy>1CE48r`^WB%w(|A zU^i0O?YJB=k~_`( zlb%~!uV$m%zXjAAimFldx$%bi#=rH~VVWP2?XZLLO$9;A_{b(H~ z`#oN~^-ky(MsUQWHQR(CM$%QWrM(~fufc2N8QwQ9!Q=8@i+&#G&GBpOigGq76JpfRmp0BB}hX zyi-eu{agI1XQ$cMKUSxs>gpyl#jD_aGMynqjVej3?&Cia0NrbZ?w#Ok9`n#W%HG+^ zFgA%-{%W7>bI`fON)tNEtsp=CLjufhSTMW&qRd(T^OMv4Rbh^m7v5jX@}sH-`$Uv$ zP6u3WAA7&OIA;c9D^{vEu7;Ps1Pe!~G=gsK%N*eo0dDL0@vbI4AXjyJ;Db95aC?u+ zH5TFxFscga+X)W#`T7BQs~q0&tuM=cgYIte;kM%=pZFq!NA@x8%Ue&793S~j>7Vp? z;O|<{XBM5v=HsK^mN;|~xQQc|l0IE-92L|1lpMyNM7kN@LPezjBwOv-+SBfN@al`m zuHk!IXN#viBd^dTuLghUdnXpFWVGsWXR~0ppU@Pk9_(0o%>Iw$tP->*)JesMe^R73nJ%V!e z+wFNRx_eL1_@V@k7yC)9?xgXVlGs6WPy zAiVfCTny}C{x%T7y~}b^b@#g^+@fAQd6lgO4MM>lpo{g4E)rLZUA}Bhv=d^zKD%#3 zc%$Cu_I-?z<0iHHz;dTgsbaemRC{HtJKzYrF}ynyirnJay=e^ zdN%Zl{q#&|-yMbJ3@vuj9ek=q5e(%x3T}OV zhUtktZvXeghw=9dcO66|e7SXgEbK>i7uO_RH@4rfFXBes_eA1j;=zMaC&)zfhhU(+4*J#(T z{ohd~az_c-3E*|^!=r58BhHr3^5h!33=da2{cnHMP`vAb=zV6?RNug7d*fxd*%b?N zn!WqAu_L#BzRP|1|0EXCxjPo~p}jCz%m=${l_1~JA7=Aq{OQyLftqOGMpYeZtG%&@ z|LaN-Fr*aYw<6C(wC7sML>kwI^zC3;ytwiaTy~kUKAt81P}gUdsz8@oY0C= zBA*{bnkmRjoR$)3^SG;c(nH2N=}WrlZxg1Qyte+Xu`5i_zeTQ*I_#G@gBUkn6yVl9f2+Z=qw)IR;sHcOLHcFi ztAwY30(^noRm5v~B=C45YpT)tPsRRE(yPK?Bv8WHR!Tymg=+c^v8m7vjX0UQoYN$N zTJ0yrMzeW^;S*5vHNL+GtClU%Zg(r)6+l=1KXZLA1Ho2f7ifs}F?p$Pn?=lcZBdA0 zp8KjQw1zh}yx%N49*<~Q%;ueNm0*!{_$W!0bGr!5Cu`)Rx%`qkG zc)7;*rPTM2)Gv=j^>6f>V_$dn%10Hv|61$fx5T-o%5Pwvf6hGwPm&A>HOeQoz9L@ zji#yx5VM&@Qo$pTLN}HV59Xt=ndG@k$#hyCX0={ljeXgsY8v#pp_w;yK&f(|lS-FR}`-5!nu|ySZQzZ6HFc#;t zRgW{h@Wa{SbkHsNYP@zL+1}a9~sSYjde}J#AcA zJqJA+pv**yEDIjcHnr;YbSk^D3JL(41Pe{<-Maha*4@p5ju^+^E%{G=Vz9j9rMwZC`pDsuGw(9(!>VhEA~>|akBMBz;R72T>GP zCHYZk0N1Jn4(ZRGFSi<3qkzs7`leOp=nabw-(4N2CBr2I-z2SndJ!6mkIDmdM9(_@ z0|L72nJ3o><+}f|cjnC~-O>n&>x5AV z2QTO{xqQR*0H4Kp0bZ!{UeX5D_1vJ@v}_-d^wcjOUBx2(PXt`O-l#8}hgsXFDtK4o1Qs zJ1ow&0x|#1XX#AN`MvD)rFvs7E+oD+*MrOnkF%D8G*G-YQg7t`aiQdU@NCksCCaSD zhr8XfnQ^v_j9zebyp|EUGY*FyWcR9*#=hqv(&z-~QW6CL++j2>bvbdVy%At5v@ADJ z`08>L(5kxlG_03bli_*06qO+uqxwBqmFM}Q_pI-(Lam-ehmEXS;Ao|(x&>rNuRP~W z;68@sF>Q6*Hfv*EC8GO2*d(F%^Hv3M9?FJ466a8?3XF~_C;;3nHk(~Fjwd`1n~a#i zAj4T1wofq+_)d$&Hk`XLLU>GlXP^W@I63clvJ!Gd9jcJKHNi4T%fB7*qg}zdUA3Pi zV)!o2kBu6_oe~^qgQ9SRJJY)1^%U3+c_&T4?ojkEY|tOfU#;DackTxbloVyhR$&ri zt&Pw2CQR9>gMLUL^kPhg+PdcKLl-zs33J&Fo?RlzTT5`SLSb&m6Q9iD$^49r7Pxua z4Nb^yulM%D>C~*M^VQA%_2B?oKDWCMXFDaVPWfL3={(P4E zv|(2NTN^0V#~c^5u$uF`MdHJ23{KIHyA+4I^k_$XYpy$YqPX7kx01y>^6my`w^>)U-!5}Y(Lj2S_>rOxQBf8gJ&4p@l4ioV$!f|OssdmT{6CE9!4yF3v|&RT*x#a>Eh8KR{9Tc z2eEe#5|sV4#6oO6=vu(&!iCgS{w2=(?$OiM9Cx+8;1t-S-5Ap#WE0*Twdt0~!&X~8 z9({GpTDhNZj>kX8Tk5aR#tCkjX}@Usnmn%QzE3Z z#h9AFg7@|OAH|ih@4Q=YyE6cu=F!U|@%nr<*)=MPYl)GwHX6?;Sv7mHfY-VN^-xqT_0_SoxDdG!wsq~rVL&f;t@^|qGe zWO!U;x&<6|sEJ(sb#u2teCL$qM)Lz8+RbATH-RK@U_)xSl{bHg63}66O{IYr#dEtD zVLuwaE8^nI1GrQ9HzFrO^4;u`&j_wF@t%>Ogj(9haGo1JCznb}kz!~eyBPdENei8_ z0(E=aksog;^zos%=|yp^PA*Obyf)x`G==HgYB7f=7t@pbM~+DCj5?6+3wb`)c3jnZ z*1r_g?p*2ynL}dfKI`Svf+qS?mK-qoFwx~-6g0&## zdjuQt{Fhw=)?hy(-gpWbW)G5jsbq#AtVU9g+TiRE6QP#mJEJg-`;qX?y~2Y_X1C`d z^Kf>H-n$77j>%UA@zai{Gu$YOX5&!aNqZODB=Wl&9UXn8ULm*FhqL%&JM& zXC==ySuD+bp|FXKKYV$-vEPUQm~gg{Ccb3B7#_su>5hJezSxtJS&jE9dja7T?~86| zXj7o4o9twLCI7$p0Z6#mOY*oRxqp3mN_XDyWSeB`g|chNj}e4PdNU&w4>Nh1;5@Eq z7>e<*if;yiEyrZY^Q~R?omXNCynFS@ooGG+6TW=jw_#`b-Yw07bsZ)4jB=IgGmrij zcX@Ww*KVKly6^$zXB(d|=afrkckjt^6k+dhFuiA1&$s5Av$d7>q>(oSs@oXZq0jD8 zFAy4Dt6psZ0v=o&04uty;KtFi2gr{f{ zxnAwJv?t?S$LF&IP?fBKY!Slf0JC0b4y}& z?JswS_d$@1mWj^$^}!faur?A@-S((+Q}lcBWPmJHDA_mVWy zKnH&77B$`PeLW?xiT23Vumb57Wo4tl&q32MK9`}v@>#EQU;WCDPUH1_ObJ57O%hLo zlGp`V&x&i+oV#RJUI~ZBecVfSlMg~_DfSZ_gIjY|T3q&hsA35;Mzktbtb`sHz7Jc$ zgk$HOZ&sg|O-SoOR5IQ3ZmmiD3G;C3RgPm1V>VADoP^rmr466Qt-*Ca)p!i_U{)ac zFF7UXja&R0?=r?zJ$JL4zTkO3-TL!*IvbmDmaCC&v@h(j4BJ}5V3lkpXA$Tuaevbv z+35vi@WP&4&WF`%sJBM1cMJprjs}#n2Ky%KrA1JwRMIAY(;|n%8S?v=r}IuD;C6pE zk5!}j0>iwz7Rbq~5Z}FC9z~L(K^nx*Rgm;i3#8XEETqKGCJUbu`FSb?Y_(a%_m_;b9VdIWoR<3AE_&d9JjTAa zTG}qujFmIW3?^_hx%l>Z4U|`#1Z+k&9sJ)xhq`+jdrWU2Y8gZbVHC$WD*BW*0yt!W zxBgk7mh}s!cLoIqP6u>+y9LAQwAIEe&ItDVH2A%DN@`*;EeKz>a-7ukj)CrKdG_O& z0n4Jx2b}sUnlj18crq&!@X=@tMPr27eqTB{+as$23jN)Cw#$sDFC9wFeq6v`qU23ryq&L4Y_q9WXi7v+ApuvhvM#uE`95r zGX!}9D@xz6fpNtbF5#jV1@W@Xy2s(WOjV~3UQCpYP|pFgXc1k$mjx@6q7m47IG@af z6ZSzNa9+638H~dBH>PxiIy8zXj8c$LNKdW-$s2(hp-t;8`p9C`?4Cr)(D`gP+ibhzG0aHC^LoEy z^#CSj6ah;6PEw~Wa>%5O>gH{@CWK|s>$F%{nK5d75U_Pu6I`w2%tkXpK?t@|=wlVV zu7(3Nqolh{D%ILi!d4(c$B-rcI&@V#NO1g}o__!enlFl4u_)!~tQFvrQm5&CR9gIl z-2GWV6I1|B-cw!re@Oz_w?SXX1e4FKP^rpT^b@4u(d~>`0 zg-SP`!voymI&0n;0~L+4JZWV>jQB;~I;CvJulE8oB=`+Opo-QW?r#YP(obp+r*i$T z0IuY8IA4&QPMqvn zaQ)UZUuM)6I}6+-k7i4k36_Z)+~at624lqt4jIWkmlr_di2g4{m{a(75H0))iJxY@ zAZyVrKR6DMWwZ%5dW%!;N%y&muLg-~&=uzjG<-UQfUfFzJ#Tlw|v$sIpXa6wcm0OOrQ3Z2$`7X9V35MI&lsKG)>xX&xE&=pK&k80s>#w0~RdV^b+dsIy6mr zSt=M#pJy1TC7p#xh>X7t zMmY))*`Q>A`uEbR?I6BYCw6mvMnHigU>9qwy6sXDD~PA}M1a&9H`AzlP#EGkRMLPVWk`!AWo*!LXwn_5ai!< zVK}~VATsxQ2|X)#+x7^-#0fp=pJM^rUv5_>+>1QX{E&S~CJW@=aO zi!GUIoSYYNqp&Vx?!b6{Yz1}GR$j-Kn+2}66fhzQ!|?{fHBe?($;Ck*%~Dcq-OBOx zBI&=gg2s1x|R`%%{)PfS237 zWF4eO10`%%2FJ72C7yDk_yi6K13auq(?#zxPzH^@_(Bu>8oE?g(b|LgbXrt0As}2> z?6e2(3n#-ny_jR_gJ8QU`d%sote%k-bu5E8$b{L|M2tRGfZ!La3Hp=`zhH}8;|b|F z*kzYRVmARjk<=H2j;+F&lD4mv>hq>*OZBiH`Q6o0+BLZ|VoEGw=qh8O8@}(ND+K+F zh7L7RhJlYVN$CQYc~4Rxyw2#8RA9OCJ*XR*UOGd(jr-RWd;a`xP7;EbNtMec(5DYs z$^|9>PNGIzGA(!s(D}SgU|?cb0;q{v-XVto{jZ#f#!0Fm zI(#m_iJY{_6w+stsjgW1?Rai3xm!S4NB?+d5pH%sZl!%)2J|OGL8|Z=_!BBNOW!)d z2$OW(sIPv(mqW3nTI|Fd3Y~pYngO7bzN5%ffQh==4=gT(K|mLqchPD8s{u$v%^V{X;F_5NTiw}wh$en0=Y{!w^2 zqWW6#2tltx+WCoJsm)A<38h4xDGXH$jun{%VJa_B$lRYBBu8)KnMkYtxQ3R!)nmRY zMi1u)Q#+CrBeHhjHS#9u3(W-By578C{G@|~eTRxU62Q~v51oL5_5AQu^$d->EBzkp zIak7;?x7&k@R8lOriSe#&AiH17*a6gdt~ru*FE9^1F-Q%z)7ZL8CLfKpAUspj!7eL z}?gRutnemYS;^v{-2NJCh>N`#Z?a@32V7AT?%U84rIt{{Tv~#qbeO&>ah6 zIxm}22Gftaa{rpf6x>IJfmBCrNZeI^3~oS93Ikq&DguYXZ~$y24x|)?B_5UTAwJp! zM4W_F#{KC#z8J70KWGOE&$t>B7h;_1_S-blDus_*W=y!`FCPQ0YQi{ zxe@VnektUtIq(AQArA#LmQ%4^O4;XIz@b7l2@3t?V3xd&MA5Uh+q>%Daiv733HVNlMxZnE(ONN556!yFTw&#^H;+|(9@C@K)`+k3(!y_11lCb{ zL(G;4Ix;1uuBQ(U?E$sB`eeiKLyWBe1^M=1Cq<*{2Ef$5EAczO_OIdybd)dO&lpW( zlqvW!((0jo9p$D@sO=e#1tB((OZbV9*BS9Hzre3huCbV)7n|_(b@DZbYuV}$i@>Bs z)YLSDVMYXlr}s{KFtT`oB=}zKZ|A+peyY*t_%1%V?Iid~IIiUAd`Z0@5l|Z}xSKtJ z$5iodsPvFz#L{tjjKJCJ@k^BJ(>{b$qeGNa1gYr+c~-b>%6Ri4;P6j43KWw!)vSUF zx_MiYw9tf;>>a)6Bur*RCXw(#J65S=7<4oW7!xrfs*pLTmmr=QlYF8U6Ex!Xy5u=m z+57lCk4HZf!I{(ej0{6}Fe%q-dJ6G6KJ_>mWx4xMb1vp3$@$x<-5TQrC-|z9H(~c7 zCv*x-lV0L<3u52<*$LMR1;Rg-TEZ3HEpX^QzSM7kbjw7{M5H(1gF@u{s8_L07%7D} zY2(6DvVj$cc0~FNR69phBjnxZ+36MKtVCelZQ@9p%;>7XZOd17YL6D^`U)=7l)6eLSqve zM9do&iUyBy(>+Wm)VRcv(cPZC5rJcVb9Ee37`G7 z$#4Vfi*ia{;GfF7@@}fck4Y+Fu9o`?`I&Te>Hu^WiZCl;0)!0JX;gQXKf-S1{IU=r zZ_Ox=*gdrO6d@1nA;82pJI3h<#`5E7;C%_;7FrNy+DBBvMGAgJGetb+0EEt5$?ypZ z=zK}?8WSB9=h0nd=bffHip|`wb#7k-wt=I_m*Yt z70&xVtryMSk^wYLlS`KcRY8P!d=3FKM((i_ZzO@8-ITQ9C2A( z9u&UmPUa$>sU6XWV36_l@N>Ifj0OaMmg9Ay^2aAZ2BQEsDKpuKk^Bw^18b;5aU-BA zo&;kV@>y_6ZQIC{0CYM+58G=H#QF;Y4^MAcM^?>vhO#@&b9qxLJ!fsI6Gcr_T3JrQ zlCt!)wn5gt0GVYe@42ox$+N=(m@8xNgPJ#ptN;fLwjleBu*vQzv<`PRMLlO=F+}$05ySsY`L4rHMWpIMK`(VNC-}Bx5?PlwF z^;FH9bWLT3?%RFuJ?C@Idm zz=ID_5G8|6>^JI3kPfqqL&Iw1;F~x76BuM=mz5nvTs;?i=+TfiU(u4dI(iBcg+%{B zO1YIH<0X0}wiF_AkN<5D(@S{>6DG`&tn83lVQW~FbZRS-AFzT$B`4Cz%)fL+&e<#D zkV}nCK8w!tC`q=)L*ojZX*7HoBwQkd@fsc%Pj=I$P`;I1;2poNB0C@Yb!z2z*MjZE z?;|fvo3Jn-Nz4x5;S{}u6v6(y#*!(^KPiRIx^kdVej_g$`@PUVdm8|DqCO4PZ7MWY z`n8N6A#A_3gUB~%_)YB#yH?x)0==%FCIiAse*74OiPyN07!~#(NCxkZ9+{t87%u)64?C|s#Vz7$g&$pDF z`XuubRuT==S)7F5zf-RxxiAXHuhr4~uuZb5h7NNP$nu2-0WYt@h)WxdoPn_8ZOw17 zMFta=CalK1E-@pTK!uV6lL*X{@N|2f1@qKxgqv>yCK)6<0lys$`I+Q7lADIa84;l$ z{Z)UziU`SYES|0`*hE>vcJcOol)0^?`*o3z_FkC5v@Y7g1@jstc!F0z73$RO%XX01 zD=8p!jyRC|JttvNL1oFPIEWQp44-;C_L+pUtk3Uz4b2WCUAyziAiK@SYqe5BCRM*b z?D*`3_qICTGEa%;P;y)L)T^5$cGDJKzIO?WUr!quG7}fQc}{;r8x{H4(;Z8lf^eba zDBQW&8XSs!pXg2RCQl)*fTp4lNIlug7CRt8+#j06n(>R*M;f^Bk4&K%3IEc<0d-vo zYr9s5xiytz9gxlAyA3QhU9Rhnmx28iGsJeCX*BEjP8QS4*( zp+7epXg)PTSq1!Cn*Rs`k@cZ!X#jCf7zVMWvH3CilheORYo!GEPfSC-9E^V(0ayXY z5NX_Xt~2G|==8sQ2MkHzXn1!;`2YA0D-hoSd_On!KfVL-VIXKJ?}&J2owItZAm-9D zNsK#0MPM3Yuoe=GdP$WS{m-W`C-3QlzPW_|)N8#XBtkD`YU44nPk z-+eZw-Bn8!TykG7PwqzWbJe!l4ZK4$6_-UV@3OL)=g$%Ngz^U)=QBC2cKKV!X~n$n zKItZ*3FlHLDeeb9#l-^pH?4IAgdqM8%lSzIW_Sf4NF~Cu;n!$8HY4bX(y>}0+>HRB zZ^nEwYy>2wOo%${1Lp}ygfZS1qh?{`64$F;WP|%@ z8bVG1%KE9$+xZG@ZgzmhzXW8e3}EA*K^eo-eU}OF2E2f5G&-woX9F0?W?X=pehF-8 z3CMH3)zB6I{Q%i`G8K@!R|T$qtC|86F*jsWt$ht~8nbab5XGO#a%gkCYqTqI3tH}W zGc!lImPSP6AQIPgJRrPIpW*k22EwMt5c3l}Wkki+W&GDf$}1pO0_=3Eb8zdatJVOy zcnF^F@xbwFdn={urwIUNL|Poo5%l7dr#1KxOJXDR@_6YFc`M?i3%62NAM$mlWtV;P*F1#vF&dNkD_XQBIj%1c1~ZWS0y zXCK&!HSwOJAc1!*{+OKQ_w@f6vxBtQuPs{tOvxe}pJv*1umZ9TC&Y%8JvA30cVsBl zcbWMt+CGHQs$m~Ch#N)&`UB`MoaXOJ<=>gcxbYvpSteB+gE>{5=rVcmG|GC>X&@={ehGix-RHU@wU)wA<{q*X? zkUa(bf)Z_T2$tiku*3s~@`r?vwM_ux(lYlh|2(LvfOiEzz8=>-Mu+jdAl z5_w|Oz`j&;Ml;ah}) z|DjXqh@f`BpJgHXE`OIVpyD+9WM$#)ouR^oZF4jq*Bjftg9|+iR6|ELqKi*FX2>k% z^B5DQ4Z^$-emo2G>YD~UE-N}fwS{N8`?BzyA4%}1z+bGO6g71 z)C9e(xUDtcLg=%~`~PuCB_;EgErcLTl9UyFpR3QM#YKiZ0?q&~kq!*8ff-ENVGo}v zOhthW6k3C!)sL$)?=gzs>}>Ovu8;>FKVTs|Nb-9C_jWVppDb@FvNiw=us7{!=)HIV z{20>@F+>L`XOs2`Zb5TgqH=I3MEl^O(>`2%Yd}Ze2LH{vVFg4)h!khqwhY9$fPd^+E-I>m*jPND zZA)IY3B8y5az0Wc=0Ly*}*cEqzuHDmYNH(vZn5L$On3ikBFL zl|i8lkj$;*2ZB=QrTP^Pi^O3(#mINglP4>pazLMozsGYCgVmyVuTETz6Aqf^L zPX0xTB+0)-9TRwm3fABrFiJ<3o1LcV)9+ROgINPcbQ-$(L|#CdPIC>$IFdcn<@WTP zdnJ(197$)V)j#KRJx&`}VElUwy;FcO9m}#g8XM{X(!m#`wrl>vEi8L`iML2)%~*f5Imb zBIo3J%T!L*pf`6#hV_o@RXWJ||3xJFV*M|YMp&3|x7lkc%IyBWlE7z20Hd@z+ z@8fi2z#yalQfwLjKYvd-WQ>$^7T*2Od4Zw;E-{qacO03&$6if@Ncu~+vcv0v)C9l~ zv^5>iu>qdJ+X;}+=0DSYKcSs90hhIgj*L~?-`B*L5lT}^=;i4~pWSpMZP2cFJd=C; zj1cf)H?%93>^j>aH}xzR3S-mXx0__Nh#F(7A^_rg|CyAE?`20i1}oISHpupX7R@1!&ZXbexs`1yt4)JW_3Zxi{`+GysUO z>1uVd zUJs$gp$6>lphA(5AfW0;xd;m6np*n}u}gqgXy(fm@Nn!P>Hr+=e|U!zL%>4h0?vUe zi7;gC@Nm+Y>$K(wVjT5<4UObMA31eXR<>K6Ndu#)ZR9ay`8!i>OP+G5yk4m|pto=Lq%FY)eL>a^$MCvbPo=i({WY=Nb3-Y|oW}bX(K7%uE6{ z>8k?pXpckRey+iToMykLt5nSvXN!RH^y-7LF&UVz4#z(SG9cgtz#F7jG%OD5_*~8G z{#I3trowISbm05A|SNlJPI0OytRs$mw56Xi!Br0XnTAVCd~zkYv|;{|@-h_4T^ zT4|tw1(yd}L-o#EijM~GtO*40$RFjtDDa?R#_qPkx5;pT^kR^o&gWHpw>=PSy8GDnr2Sab67nET z*NHuIves8Vih>)>uIS6tT7aVrN`{5pLtE7%OE<&xRZVNa6L6~yAKsepYs1?Fggb9w znTwS13$UZd^P(jlt^uBXI~?}wh2P7KA1vb>u)v3+pvck45X;`=6;_q#jxw-pwFVm`rG0if#M? z>@oJBBLF*5U?9yv?;g+Klr0!>qGp_u<2;w{jyt^qc%LfpD7*&+>WYZa5Gb$r=bGdH zbpeP5LUtNJl%?J07ElC%sQe*Ho37&!^)7%`u(ug(oDYz?k?46IP`jCU4PvY77?71q z5jjX$dndpXz@)gORz%H?724eGRGIAN`dtb!c)&C0v@BYX(Tr;t>`Dk&%TO{s7rL%Y zWVuOGrXqJ2%!n7VdUbs#V^(*zvqahdH1|U%*(!E-5ciQuGlzT4@3FS~k<}`gd`*VU z@0@OrdyEv6-iuB9HsuGG@JsUu1FC^k&hA2W5^)Xd>Sikqjd;=P@cgKBM9^80qOQcy z6t>lfq8|fil4>~Y_igEKkszh`3Olpz@105>&V1*Fx#=Ad%b*I$r0Q~ zt@W*-+s!6i%#@8WH>^CK9BFfP;jbOp^lhFA3E4?Tzs&MG)+esFW!TbNY+6&;PyGEB zV@@io@Trh_N^$E@{&6VTH{mSp(o3qn2-lI40HzIWQs56v*k^_jKk?1k3qMIq+HBd3|?wwUUTPqbZW;bkOu zWmu_o9`mPn1fH+yb9!E*fE~8HaN=PNB=ULS)Taba+b);Ip++I}&ho`9uq)0Y4P(`U zhj&SUY?&Xgm+WFR0{A_|%IO@?NhaXTB%HpjNKaxQwSnzRO2qC@Xv|X8HTuM#`RtJ*AuwS*dw}B(SfyideYjuywM0UEl=fOsJMGGHy8-nOyqj7A2PW2CYL5zaf;koYq(HDgXV*KAC<$YK3?!|m-z z{kQ@W7voBg{T0n!N^L1+pP;(9hqa8I&3>Xv?qlz}&Bngni-8l%9BRiw zwF*n#skR-OW(zU+@t01Qr*9wXKkmj%bFgbU3tKK5a&M47=JVT_R|+*~ zD$V-3T6Jsd?&p8P@q>%G*x4OmvL{F;hC zs-0y&2!GMT?7cpSnn;JTM!Lvg3@A4@71`j7|l?18QDfjn?FWO+ncp1>Ne@BL14*8?C^u^jIe2@v&v#VhD~7v>GD zDr3BBPH`xPg+7pc0J2P#cR;{G{%E#hG@5%gjrp+YBA&Ye|Lly?&z$gmp*ayGdUkUr zY6ZV~Y;h&ioU5cmkn{w^*c>olOH)6LxSxsb`yj`XswdzxvYm|JR`2-K!mHEZbPNh@ zzdK<?DJJruF?z(FYI``y)BDN>-7!Tz@(eAUe6F4y?nG%^;PF{_H<0y+ z=DR@95?8r_-u`sIpbj~mK$4`VX2k+l`RDeH-e^VxyOS`>HQG|xZOunX-BTZ@63U#U zr*eWS@v_~_#t?ioGu6M*_9e|7-oX^8X({jajn&L+Jt<62kb7a9g0GKI?Et|uFNh&WJGr<^H z0uqt|QW$()YTX~T$>+qaN-ip;?X~>YwlOdobxMMy=2T*nQ{gu>w1nJ_bAl4 zb&y{F&Zov=JbGc6TymYhS`Ks$npw^tYJR>oHBB9zYh0Z2+#S?C;{S?QU&qsvz|O&D zlQH9L(z-VyFSk~hNuaIcrV;eyPU~#5&rzwZJ-W(R%E3*@{SCaV@xhGuLRyw$tO2!0 z4JVQCM+lmSp~k9@xp@>B1;Y@y^#nE~lrG4)zwITf1gG1#cZ^W$s~u+opBf)2qLx%j$htJ@^=f$lIUIsqx=k!=UqND#3s1F63im}D6O?XMHAY#|eh z_^AbT*ZJQrmP-)FC9oOa`Q+Njhy9TO26>ms=OSPOW?K;X5JxWFv>o4R%`d|DV+QX& z2KiV5;T++Go^r3*cdAK`lYgUpYw=z-cgOPlvD#txlMhwpYPW;W{T9Vsf7+Qy#!cPg z2q?zV@NjVm7j%CtSzI}(!j^B@=^*bE%}HsFFR60%kbddpu+Szc-*{-h;y~EiAt@{h zyHo+!yR@WWdO$ekRy4Xv%jC;3vhM%8Tz95Ix{2@!#0N9WnvAI9tcR6rDQw0k8B39< zyfI-d`mQiV#-mFxkX3dJo`BaF5*E*TlmPYB(1SG6%@K8|(EaKycbIzCgFY}SJm8{u z_8@boL8I{e5=p@y^!l^E0sA0FN`_HYrJSwoH7@Ac>;;n}CQyJ%oLl%ECtwg5mWY_mrM*7%C=Aj3{*A9&04*nRl zP5JHf=Sl3ckvgY_^UGOS^RB!sUi^$zqkw`UPjl1J(mMa-&30-KF8-dVfs;h ztF12{x)KdygFe5LD_&C||Cq%x(0-$3*1%Q$d!cx|%G69&0rg0SIX6VByTr>x0294J z$cS`FKSK8LXPS*Fyicy+s@(Ge^RQ(Cv)|)+sNd1Z*KsO-bOY@W=E&m)q@sN4Blz-H zavA1EjuYQ5ck8o5&>Y9PQo5ye+JmLOpy;w{*dmE`iSXyl@VJ$qdqZ?IX$x zJ^8qoWguy>p~O{lj3mS{TgQc(QxF-87KVjoxBm1)$|J(CoGyvhNZwEOX7{gUi0Sv= zVNa>k?7l{@2{#>|}A5-&9Pl=I2gm5;G zx3IwaB)HvXh}4UTyu}<7eR3qbNnKoZIt7HAg51-M@iG9-7QoqpB6DEBo-hkT< zT=$K1KAeI;)pvYp=fbnziI)2q*R*?2_LK0{%FGY=TX^F)ch(Cv#r)CuH#zd8aqrj( z>Hxq~l6R+e>oYIB?6T0E#L?i9+XNlOvER1;kWJ%?>Gg`6zS#h2s5AV)6q{E%8H4$S z#O8HQ2&d_$@HD;F+iPz}mR-PQaTUHUzF<;BA;8)t&Pm_xyE#pb-KpbVb?+f^oi``} zs^rE9?{F@LtTN`;=-@EU$a*JZ*{!dq=K&*0hlr?YUAF?>YY7b{23ukf*G2@Uf(8_P zVM#|r_+|82p>7O5txy-SGyD}dhx>7@VVP&zj(epxM-{K z>@bFwQt1ub7y49S%H|6Exyzs263j3<_MPE!#V5qKxKRR|>t6*`doRB1bdFl2gw@7k z8icE$7@*OH#%ioy2VcOG6F&x;QRFT> z8jh1=@fu%U1yOgsE-6;)QB&GLL&Rf6=RNxM0qhpDLd&yk=}11Kf{G!mC3hdY_B<`< z{NBMnc?N!s3Db#YBfV`>J&mWo^;Szw*SI|J7;i$x-5RN_2ftZo}E(w`SW& z#6?qZ7Xo9QwS2t$yzCGghmCz|CIYLjuZ>jF*C$ENdyd}l{dAG!xdZ>*n z#i}Jnt|vts1Fl-o#T6liK`lPM$AO)_ob)qA0H=h$v35La?Mv8 zFtx9h0`W6myjzb7~p zm6W8J2(>I=q=raW>FWub(F@rk18*WT@3-Cql_JSV9I)1u-^Rty+_xLV>22MJQ46ZW z7Ft2#u<&pR6RSdiw+P;2FnaE`2vfU?6Gvf9BCP?Dhd{a%vgf12X^J^fB^26f&7xZj z`JwG_cn*pZb$C|e{HsHgp$+Ru7l!~VZ~wT*@0dy?(j{6@x`&*+F2@{gK{l*97oGQ{ zV=Y@PDfH8gHf=^E$@BCA?Gtq$DGKU>Bw0lb2mbZ6&4Z2&0;-7~HkD)D3ezv~6B;j( z2%l7<6uvc*A3Q~CLF@JMo47Vi%&?*U9d~`+Ui(Jj+9(6;*hOk~a1N14z&uz>>9gAuTCG#*=+pfWzJ&KHI+HRAY9Z5H3R zG11B>G*Y2O@w^l3fNf_7wPPG^w>xo~hq{dQZQbvcH1`k{IURwf6APkU%4FL4vnnROqM{htQKQ=JaRxU}faPK$2PGHx&1{S-- zX~tHVi7f*pUJUvd$u?fCmr*#jRogOdPvCnDpD>}X4QC1uyHG(wum;-_+>0tN18f3b z{fX&;3T=nR`oZoI-C`3E>Bp8fA5>0vP9t0y+J$U&BS7$woT=-dt zo`GCffDGuiI7I1{K;L<{$#@X%*E~%Aj`vmHsuZk)U#_W+#?L*vbIFA}+YZgg`#a>+ z*vGtu?JFfB8nO9UNCt_Ao#)KZ6@}7%9+44+3WI`xc7wzH;T5X9G!KCq3oQ!GYv0v^ z&BTkr&yQz(?^0&&Jf{J3{rHE+4w9B>Pz7m3kDmSD>H1IVc0W@De>6C{k&h9G+nItznd3 z9deo@en{;XG^=+ueI_|v8P?h9>k`jx|8_B)`Kyo<9@bH?bm@b_7Eo4RAg@tp)>eQR zAieB%O#{|V%!-ow#$Q)^eV409rMD)3h|?P4Qr~~mAGny7rl!yJQUP?392kR9DbUc zr~|pPTX(pplt#6)kKf)IJbVydvdy`-k7>S7Ul!`#4pRSAU+Yd;rCC97wRK9K(!^7D zT|{kJ6fHJO4x(b3;`#Nc*G${t}>4O zF5jnzL0!SpiTMFLl92X7VlfMb=HweQ@=v79O8b2?zmm?Y*0|=NGw2dpI}Vs3a`zPz@d;gMlmQjb5H!=8qt3 zd@|#7tj<&7Xgx|UH-|~PaE!; zCQNLF<3Z8{1>sZ{lk;H@j2sXV)h@m$zoKLZ$Pk}x6!RngJ+{g2$8-qZ7x2ckIfD0c zl5JWih4m#)=K7P^NB1fU=%izM!<3OPeY?&JvKsTpxSs`-2~>pbIKCE8<@Anj6x7)N z3Tx|4X2$M7f;qq#|73y1S?T;qk2>+A@wgeCa7Sj<%-KmFgO|{b(6p7xqp$ZyVo!%Q zpXq{PdW?RUSjFRB{MWo@aB|>7b%6M1aBAus^9_XdrN$k_F^9!g%m0b=~%d1_a zb!4tI<}X-0jHfVZ>sI9YgY5-^NA-Dx+L`s?dmDdTe2$57dTSvgslyhd1pSZet0V!> zqPb4J(dMkDx6_NkHqJgj-G~Y$p|FYyGL|n-LT7v&jQ}(ZZGr%zy0f3G4Z?L05WWR9zZhNWp zb0QLP_1wGK-G#>l$8v6bF>Zh`>1G?&;B&Uys)N2Jozi-kh_}jRx>-)Ry)wNd87CAZ zpLwv>*=Z%bH4v+KqNxj_f?9lWDwoW8(}ts5ya^#PHfJpIKlXys?;0Kdj_Qs%7+)OVdzfo-z-}R1`eu`ANb;Q;e`iLP^F{Ey&@%!Rp^?ZxA9J_~VB#H(@0 z73)y@Aa4!R2C81YIA09#j2X8wAlz*fvK|ZrKKNn(5kNfAuaF&95kbBw(PuRotdoPy#fid;G`NI?(_a=fLliP68`^wdV#q_#RpjD@d zYhyrBQ+gVA`8?9P^`v1JD9eK%r1i*K-p+Pie|s=7+eIhy4$il5u__3Aq{k*$K>E4Y z?$cc%%jME5pF?1dv{#1YT}`{bz5z#m`LaJ(ksA`5J?~UpH3>dArAQERZIXRJFrs@t zmm)Hdqas-((N8u?ru?2mO>!PfdO>JgeoKiwEX%v#xW1RkB_o6vy9v{_RZXUQF-XPw zQJQ`xO?p)&T2!TjrP5bR`AL6yYca>W9yO{sTQ==1xg`(D0Z+0XZZmIXc=nwTGd@Y- zqjS;d7pZJ%o^#C9kfsN9mSVXM<0*ZhjFd?iV7qWwpUWAS+HNO>M=Mib3>BJ;Y8I|) z9Cl~B{95fkCt`tdg{)VYK`v|U%N_+N1C!g| zbf7J7eIUkahq{dah$3(%0u;{^PX9ELg0xc*TqqI!gj{$n~G3?oF3LfaC+9nj@)?1W>s%d937iG4njz;<}9;21@rR4f(OXvY9)UOdHp z^(E`t=mqC#dEKlr@qNWd_MA94;dV%yGnr$R}6@$67=J6Cu?^?pDT zWn53#wQL%|axdCG=ns-~4BgW;fbuF}+gT?u%aSnh6OXjXJw? zBy|Dh03#bMc;;8z@5YJ+zt)!Bg$<_>!os~byy-%2#k?;Q{kwp4ovm9X>X-JuRxOQC zVR>G_QPgU>&A?^)W~j`xD`7d*CxJgcD!Z*$$3;%{a(Tx_E;OZn1cFM*su#@~Vt|1H zMJ}Lyv8frjutY6O!NL|I$}unN*~@YtKV6(Hq?#6$*#P zns%uKjLpVuwFFP8iC3bZ$gsb_q64Gmdk^xBsseA{#sff&IamRf33!ucj3=K7D2(ak|FaNleun24x_u9Dw+pC zX;gZA+i7#$yZan~Hl4k5#D-pe;P(V-S3QrKSv&-SY~S6?>HD3);~LikW{^jn*}9_e zn-{>IBJ6+H?;ijSml2K$NEFN+^G`)NiPdBbOK*QgUJIE|kj=pX^OkRFZ4oQ$%5z$f zmClRe%=LciaeUGcyvvSVGMf1Ur5{k%kOBOP#q!nr``5CYQ7+QougM%(^hC%K``=AL z`f7Ao7U>f4sIob-q#mTa@~a@K-!2gEug^`ZNK*DocK@Rlf>sSD>u4P~_%n0b38;X) zC*lYE==;NRr{iOa0iiEWOn?}g1u2Fb;L0QNnxGtTy&zhuK5_rdW=QJI+YqofZ<0*Z z`Xj|CRr%uSBMt3AG243b0q;`Ii|SaKOr)-VA4qMl?ax70mV+OY%S|@(9q(S#5)Ewp zQ=?^cYp2^_R93L8dUJJS=e^td^UZSd7>Zl`xUbg!@#>SOuR=m=ugBie(Iycm6Za#n zFhktCOP!OB9-{Itd)K;X0AAgmf8D>bMBPDDE;;-YwNk*KDc|?Z3)s2C*rtT>@LRCg z(Qe-KVStFr>+RKCm7JeXpy|#GheB#8b$iE2@5to6HkX?<8Pya(DU43X(4dv2fW@6T zCdoH;&N*PI3gsp{mBoKo!kCak{X2jk_QH2NUTXKJ>|Vc+ zx8sj%#$5G>SM~=QVnj`v@&+g-;%x7o(7Ln&v$2|*iiLibjH@!qwn3c&bv~X-imnUu z8^)xT0j<=hOi_Y(z$vWE#*adi{k7cga|ZX^M|Nc;Q=+k>p>p!5y-7IF$`ns~h-}Te z6so&!OL{h@z`)Q9`k6t|?4sVijvD`{Re)OuEgJ!RL0xaYWjt_l&_b?iZ7k|u(eB;`S2T>S zT$<5x^0tCotYUQ4#_}rx5(m3Ub93vk)9rLMAbaM+o`xar@xCJdZ&J4HV@g|9OJ{&af0Fa8G^y*0U~Z=hDLm+3u!E5wJ=q&Dbsiec>^ z$MnhJ3ZaS)FY71672Ri!vQl|bEIqk8S>oRB%->!nW%()l9Ke3?@rkBBv`7Fp zzLIkg&wy4YKvjjnm2Klfny@6AMQu1O&B6~EgAq1xg0(v&khO}c>X`ZiHa5*_^^wg@ zfBUc=5p>|BmO+xeW%W#Bu!NtSW+PK+t%N3zAw|y?!W!LTNB+dJb`B~P zTDFf(Td2_pi%D`Y(P8i)OL#As#9l6EBT_cop`>DcjuLaRu-J6I?wSheKv?7~bnfey zpHh*6s^;b1H27)_o(@ zvkuj}R5NkM^|9bi#0X)`oNdB4-@^#uQ_38b!ppE4B02|cm|wU0bzDKQ*tC(1e6_x6 zH}}d92gnMrLY$|Y z_6s6)82;eOFi$^cP!Jw|`UwByXr?$RAR@&Y^nr7v8mQ;WeQcWWW^oMwu&-wDjdw1W zY0s6DOhnv(^Ki#wr_R@TmvZD~$7WK~R<8QdBK+pegRNzsmp81nQc*EuHN2;_K{{tf z2Mlr(o11%GDtKRMyefFYbEy~##W5CeemOFN6d6)~W@S-1YP_xi39;*wnLmq9xY64< zeP;uG(M=QhDvatgm@(ttWTLVN{qP{6z;{5^_+uo2$yhw)U7z60XOzA(M8<2Sd#HnG zOMZq{?BcRdOt4;=pqiw4)YzFpPV^8(dsOsmFs9d`l&@jOb{>APW3s z^cG@kBI;0JQ=dT>&o8R4KK&iiO+~Cfn;wixY{r=b?M(UQv#>sUg+-D+I8T28A$ry0 zgFN8q5~JlFtiF4H(>?(9?6qMIdt{1N-;)))G;}C7*nhakdNh0}85#$%IU1haL>l>q>hSzeRD~c- zzHWomPu+pxPijOhJa^lPE3rOSBdhpz6U!wSbv|)WgXL9SqLjl{324g;>Sn2!%YvvZ z7pTqekY(uDValqzNf@t3E-oAw2HtB?g=hBgf9cs^4SLc%h-fSG59PCwlURg@%OkT{ zXISh!lW`t|B2Yp1;2H9n!afmz(u^(l5=QY*|FL3-Veb9}t=^%}I!)6R+w zSfJ>ql_$me{^~*t^2sIoV313*sCQ3e2jg$tw}C6A!ILHVRJdS*S`VLyemwcT7PXFS zbB;4nFQ`3NnLu)%#+E8kZ=*JiqSsGU>*XUQO`b(0&~l${ zVS0P>R=&{lD6B~THs;!1=^@%GqmjX5r+TUpGc_&1Zq&JS!^1`;p_No!bRpS9g^k zVyJ;dwm4FpJZ}+YC=w564wZlok4(5}K2YZdp1=rIBx`q!gTaWw!FH?jGe6=vBZD&F z13Co*i$DEjuCy`$Whr#MOD5MrLF@fQ;41T$2H?iKu;ySl~74tL9 z@iq}lSWL|*ZC{1?H>Gi=P(&WDctUj^6FSSfv7kgs1=kdcYIOLUgIJlSmJxTqgE~R- zJ?nsQPw2oe-LCjF@P7#Vxin3rO9kCEKXR~H6s@MgoDqpm$p_j9{}7ts!jHv|WIw42 z$Nz*%9V5cAb@y^T2BjBi__QVdF6^~?mq;50S6H})dLP(Uawj7!Sno16U`01=-sc3| zZELN}%0v@^h(q>rN$jq-cf7!NI^;8cdgr}b+X@i++0ko4?6swn<;uKoP*xf;%QK9( zL)KnwX6zPkM^C=@d)xk;;$U8j8{NIA9YIe-Rd)e3X67gJyGJ&!EPk#9O4djN@lTZ6 z%J;D6J0{apBze~X`xMw z`uS=3+sP>5#v-6}k!EMYLY;QMW&R@;_$U@zlni2!qlbR&zrV3-VtPJ8Xdp|H1uyQ^ z#I6=ch*SHe;_bv{LTbel#yC?BPKy%$mUKG&-uKt{9p)_=_;y^tuAnpbk(Y*@WPX|G zpv7d_D8r$!G1CWc{178#;T*&C!6w~x#DHX@r8pYIjAWDzM~CX0wmunzz&?o{;f*pB zlL&`zV?#nS^?^|UWhwM_qxiMM7gR|JnB3N`T2XEqebPKaEcEWXU%WlCU-88P7LFi^ z5>&CQpuI?9W{~~LRPDBtTom&bJKN*CQ2bx+;ROxAw%YTQ8;J+^8?*JX0qIRm53L{C zzBfX5TkLkG%cH|c!9ZMn^j=P?z?jjY|M^*?BCEqFOaFL?3fVeO6?&FF!u|Uxb+3uj_E)& zR24$t)>i+=sTAkJ#h~0K0ShOgS}`|w8{}Ag-O%5qL|a6q583xi@+>28j>7?ZINOC=Pe5&P$Hq?V(sYye=UH`YiKNjz;DYE9zXe z_3UMqmt0ao#ipJkqcC_{XWHTB;Kyax#bE39eQ)_r z1KyB-EJ4dj(w;M-iDii7hjaJea_KGay1@Zq=OkrQdCm{q#kne=(|UjVsT)H+auFd@ z8QJD=`J4LW_OfUklNKC2G_|p#z+So375ROm$*j=NoCknbuJ1h`vKQ zGCb0}>0Q)`^=Q&+ZWwU_o9HrcC(o*B?gh?JpR$4Pe^}wyH|t%_s-6?%`1gBr2^b}l zL1D|UFIrVyZ5{8EAPdh;#lh(w2*imucsm=LA+>fqhuN=invt&UNb$Fh}1|C-Bu+> z>;mc0h*!+S(UZDFBpfSAkH*Qe{b@=#)zLiHrugCL&r_i65vr%^7b3v)}|Gp~iV5>II@-Tp0gmv}-YMep7XSY6f4;&n1=+bKPQ$Up zqg5kBQ+uJGYMOsMst0Jp~rx6z)GJ>5@Qxc~PJz7auTVRRYU~^DUogklnyEB6iHD!Bm_iY)3A{erBkIFX-SdZq{K$LI|MdJ#|9~>GuQJz zqVM_rcgFqWj(g7-jv)iq-fOM7)|~SjpO}n3E?NdE1czSQ<;{c&l^avl)h1zr$g}#F zEJ0pU-&_cQmZQa4{Z|!{-KX`ITQgq^0WER}ljW??_ETo`_E~GpLwSp_3c!D=2F#^C z$makgr6T}KKMq_PEMcGm<9wa<^J`t(ua`aIz_;A&;|V?MQ*=FkAhOb4FAEwGN4c4R zwzyhQvDeykM$4ybp5!!1Zka#J52!T~6_fTIhp*5a)58XC)*SI{h0*8FCQ1&Baq`5^ z+`K}2z+9>N2XYMhAv5Ju&blsu=7Ipl;E@%;AK%G&vINT&E@b@eAlpVZMuV53vhvye1#N><#K+NjK9pQg35(%Bon{@ z;h=s3yh;_T1KHtCMAd*T=SFu3n5H@(nlrmz*8hmN)B`-wNuWNmd_!>lotnFFyv3mn za8?rC0P4&eF?hmTub+MB0kyV`kwdSUV_hVu=?_f-z2pr*hufR|#qfKwsK#O57G15< zNALA@)gEtm9I-Dzab|`zXP~zJf5)CeoNHPz+UPA;Y8fiy`_NBrX%HO;V*q z{YXKVttmGY)Flz>8rm&D*SpPSeZX3!R&vvnSE-WfS{LW!@XmaXDn=LzC@a{9pdnfp zYt;jQ$*CQE{t#nYUAQ15rgrAd^+$H4^ykB;{m<};EN>&xTU_cbbp8%MDM%?DjTzqaCLST-kHK{)C0$2^)oIA99=!d6*Kb}O6! zuagJPN}Q>pUn3vr;-*lCKVORKj1WU96GR2ffRjwQ3`77%LH9Cy&6ecmax+E8CU}YW zcvcCL-TAH=y^JV&$Z)>6GK>B*o0=fa7&o>!)#geSvw)pXnUFtIj1N7wUJSvozw)$}`vw zeZo#+nHv#oaXF29nK1_A%r|q0Om{4(+kcq+cx*BZci>qGaUpn5Y|fc+RBJg>$bK`# z&Mw_(Aw#CqX}Ldh*z_^q+98&({+WDqw3vzDVN7Ck@$6+IQMe%5xtn)D(dhHpL($|X zzfaFAhXE40{uApJns>m#`>@>fWM8_-p zVJqVy`Rl?(`~1XG3#Yc+OC(R@w{Cmrod!IrL$~>_EH{P|C1;ccYUTSg&XV=_BL3a- zo?h{;KYGD}f;-;q3b^q7LS{m8+_Afc{9jusVT#aI@{kKCEiup<5rgrxRgW3^vY4E2 zh-UKQQyX1hwC|;>b(U7B@TwyTmYL6Y$CXFo$vp_dr>}k=4_->|Niby`($%E@{vCqw z-9bK!MCSQM2R7VqO5$@o{P$#T{(h6e?{ZkcOY;Bh7kWzusGQP?i2WXZ5HaxbWAxuG zvwRQ!^58bMD#ORj-!X!?11+t!+K~oxXZ=WNMG(6_Vo(4=CLm;EG0yK=I`t!Vtfpz3EP={4lsFf z6&NOjLPO=H?@OYIA4`{zqztDr@)dkt*v${vQMpR@@53HOYoyd}?Etfjc=7`4GA0v~qgdpWAst!1=XJEjmSAi|5FZ=XE~1m#sR-bIl-> z=1!XRpGW&*8uQxj`@2tN?z1*4Gj& zi~8RW0PF(dwFKa0;g4*8`1?A+wa^BG58t9&|N8~X;fI1HKQ*%R9UDB`=itMg^cg3A zpJZ1S#3a+I_Za?MH@-J3_^`H5>9fC1k~$5-zhR0;rni5u{~+RgCj(y7;CFk$zc(mw zl0gb+EtC2b^5-#&V}1c2HY4cw{QD%Y7(nc3!yNVg@B6z2KFlgP&hghtRBfPr1~-$N z@UO}6|G7a_y*_;g00-4jTzHwN_v87H4)S|92C8880oc%wIuNChvr+>`w0au=NV&gv zU%Fwm*ksDUZG8cX2>rg*we7eA^@d46DfqDp3@o3ze53P^EMHBxhh!cYzTZ9qyiN}{ zNQO-`s7z$N2P%g+LJ`>!fM-U0QLO||qo;VL=eHKXKMzNohe1^UeF%ENg3@gOCiD2x z!T}m}Qb+!PoH-TH>(Hie13Q zFjVXXs)sNj@Lt}b6wCS5O_NC_S?^kKVJ9%RfPs@Z1CiLg@?iI^PDa;VtX5qT;@(Jk z4@nBJ|2H)S#c=Yjz|uM!y+AyvmJIj0`*s0Dnu~R3r*6R-Ci2sR{KBW??{hKAC+!s~ zI=MTZPP7z*K$c_!^!9RZbr;(SlQwPvDT}-76^O^w=p6H(2an#HXlQ7g5?8b_CRB>- zPYysayC|}aDJAjS1IFu@&!-8&8(?fzLQsyU)1ZUD$T#Kqq(0P8VvQ~g z-#$CZIexW2Gk71Vt@%rlr)%C1hiood%Q#Sty8I0@#Eb@!Xd2FAClHAsfSUF6B0s=b zQ~@8Z0qfe`;Tt_4$=(ESysB{lQF9TVtl|df7r=m=#{QdI;ol)J4P<&+pHj02{L3~y zZX1H2p%8SjH(p=5v2}F#mQ*Uz8dzS2v9CbUINO(R^cxUV2?V~9WtGuOp!@91Kjj!v z#L@aF>0!7g|I5fSB)Mhf#Y4 zc7R07jxopcz!=U_NI&Cx4ow>>?wwELuDqADR~J$5u|CK6ToAe0!ia6WVhi0IU)j8wV3U89Xbx_RREpSWw?jo z2F(0!sLTOJyqVgRko0Eoj4Q~|O|S99j(dZD0?RJ9uOSUG@E(w*!AiRLb{-S_#Ilzb zogRTC5U%%y@{NBBADM^$NOVx{Nd-BD(O#L(Gx)5p$1yNUeGu5A^YO{^e^=2Lju^hg zDZp(-n~}Adky^orxE$mQl>i;5sN- zhtgjEJ0}pT;F#TqI_(@i!z=BOxvl^RJZFoRWTLk01F zC=Siw>aphSskE;76!JcVM>vL*dZ65T0s+zz_(gK(_pO->Ymns&{1GICCX#e^yeKvW zEP@tSVRI31xU+epooot!K0(cz+$fJ35uL#ZS4n^)t4ghh^q=7U1vhkiV0Cd4aofwk z5*9bs32!B}IRIIn5K@BLu~%YfZq}FQdUcH0$(%Zv?|@u6#t1NlIu5|^8<6B#|M-mD{1b{?X=5P+^X zAXio34VFrLoYKw4h=-caFXZW47$@^9=Yr~v1Qex4T%(=V$A^+$t$gyVS;#A@TY(H} z&P?1HP&`tWAQF1s#T_J-n+GcT?rBsES<%CVTG5kug z)W!1qyM7d~C6S;IYe*B&gWv0^`-dCvgAZ!J26IxWj8rhb6|nM_-dy?GDuiM@ zOjM1gb1bUf5ZdpR!aI~#2nlXh9F!dxxZfknc)3r+ro8_Viz`=4rN+u568`Tc(zfH- zVfY@D6Tr)8t~E5vgJWPjlzl|kMug^{Y6_Tb1B*^w_eUy+3rbY3Q^>gi`H5fXT*$lX z0kEH$x)Y;E$i`@wpz`$V0e}Q@c+lVDvj6<{Amn|f^$oFOTd}x68^1ZF=s)YZ4TkTI zd%Ss9G~M(I(quWrce3lhfG`$Zg_%B_Y}~AmSMlBKjs#>Ia>m6Tfh}lP(vogbF=j^b z{l4-m9HTa$JHm^CP60{kLF zE5aY~D1YN-#$eKg8-k8kd)%X! z{GhsWFGv1F|M2z2L)NPlSFNd=YL>~WwF_x6U>Z87D17}XcM3AclPx_mLcQKpKnbiBbZST zJXY9B)0u5%I{Wkj#3CH`Y=(6I#N{i}GhjU|eDW(xIUly41-lsaSLn8_LzY^^cBe~?7v5# zcMaS9*K+m-h*o>ld%$*BJlB$qm~u$E7W7wcus{&YX(Z{2&B7ZcoI*VQS%~%bAb9_f zn*r8s&Y<307F#K??gup0|86-wq;9d|=ws`hsPImuns|gPVko5UGO5pdN4&QxsJ$(bW92X+#5EmZC;?jSEj5>(p|>R`mp!u z0w3|>Os{V9J=9@mQ;XnK|7F?W7eBf2?2ix78=x@LtvCfFQ}&CzPV%NVs^Tv5srdwv zq~L6OfJkeymBwogL}Az?z$H_S0n&R5vm^c31-zkPQ%)nh5da7U$M5;9~B4cF-#3t^*TikPCAJvUd)U^eixSGW-;qZy)$=Uy;Uj zo&YKxs~^2%#VZ0ZkNijy7O?R-0w1lK`ekVM9NH@`Udhcv04KWan>X;9n?Z5*={1u( z1>I}eRx4o*+D5*_dO)2R3wHCttPjy76kP+i@XxY$!zJN{1Ae1Glxz**xI8yvxx=(E zNqYitv`gU&kR&xIc#Gfd0QK(gWRUWT%tj;)}&+NA+h8 zz#yvlY$5R3GrKPWAPPinfLQvI2IVd<7nk#z);H+ym&0KQJebU-)d-dEv1~jD? zm?;iJZ%9skZ|N{=PNqrce#!_^+ezGoHaIGFn9l%^Fx%V!$Y8bh6whC6!JIy%^}4XC zOh<0pV*E1@wAwX40Jk><6s;avG(|ybt@5F30@Y;e7`zhh^aXn^ zeUM#29(i_<_Z^CkWE=o(e?U7shcZFV@tRVCkpE#FkWMsUJ_f>VqSt-)yiRv$Tma4x z0m501&f%i$p}1FDGwvWlJr1b_HiRRPS=RmS7dfv@qqUK2U?;|n@(6VYF^gO)7g#NJ z3|@ax*0N>;&k@f+ZCJ|$mxM_Ne{6x=pxJ&M+}93XHvxmJz)CGtG=2495vXS@_Ow>k zK+?Bf%66v?-J5`baO#au!p|NO6PNXww;S54yd*wbhTIt;@mqrQHco<|Jq@!DKky6Yd-|Ou3)cZ34rn=!>vB~xoYj*yU-IHu_f- z-G%G1>@m6D{Hi}YDVhMV#Fz6CH^qfmKXpW($RF{I8otf2@({48w;nH*4~d9&nXH4l zDixQgHCLo3i2MwBr9x=ex+wgzh20yNk|;736GwptBx~NNsa~xy0}?YUQ)#?4xC08U zMUtLZf#=;iug4QWatV`Vkp>4+>2CGX!ZxUH7_#J`+3Qt}fFF98&d{EICM{I--50!Ux@%Ol@D^Cv- z4b-~1tveJ%ub4U^=z@LWfIF@Hhx`|sDyB>5aWjGVI@zPCT>uh$}6EC!I zDb6gu&BcMJ4rCk;eEeNMEGaiH)$ya--tGb2Mh7s%tExd+``Gh{$XVXuJwAVT+5(|D z$b5o>SDL=%f$;uRwmmRqcaH3^}LHZ|%Z zr~85JKIp`{ZgLu%hKuZNN&5eE6ywyput}g_vzlKLHUXL^C&eB>8FQnVNabfs?`~-8 zUEUfP7L5<}E=rAiq9Ru~DPum@0k&+kd* z&2NfHxPV8|sOZk!iBTjZE8Kj|W)3d$xzynjhmigtX{&6^qZgkUX~F_){6UTm5t9AG zRm}|uJ8y{mR6WD!%~qkIX`c8Ako+6rE@eX+4j^|lFGRJh;#!6g_uO#?*<)0<7tOmZ z|DCVhR0eaL29BJ<3pn~S)lM~7-1(;dRL-`Rg;iPKX->V#tVmJKU9s+HaZj+W)loZI z^e4l~XC<{kI=xqmnJ5Oe?2c6l_Z&hSFg_jtZPLR%)UkxBLz0Pn;@H)zD-vYRc(jzL zI{dologfs>vlOB219fru zChrL52tjK*mmFJr+>TIQcb~A;gH@rq$pysR0tKJm+Zso-*Qb*1(EKC6Av###%k)Wd zk=;q9N4I<400-BvcA+!8vv6SPdDb6nH|{E9ZF#9oTI}9oUT$i+-*dmELWd6&T6KJqe2xTcG3^`NxW|V=h^G%C;dD7eDZa z&%?VK)fgBBZ+C-q?|%&#ZH61#K0!7Sl>zzt{_l~ES3?68=j`7i6~BGy?h3A0S}&gn z>mo~helmB58Y%8x->C}h`x=IS1QvCqtH90DKO=am>pUAAeBn!?GaQt9s0D>%q3 z%d16H{FX-n9C);tgT}#ZKiDg0FrIw}#3rQq*U<2fm?3mfoBE^!%hdyvu{_0g*B>ub zHR?82%1MU@TF=?CV%_n3sH(Z*&&jFqfFEiZcVv3Ndu2lXu{dxegHvn4Hso=0JdXFH z9c<$BwMK#h%1uamVbomm&MKTNOoHSV4ngyzVv{8uD-Vq7JyHRe!(`qF@1j9;vga=g zj>>N_&Og3-GhYvN@GW1YYYGl@tupLzl{hV3079WULU;m<@U08dKE*VB4{K*38P~%- zX&==+D6^*N)_@V3V-n}%i5?g}qh2>P@sjV5V!W9GZ|;(6FMdL8l3(>hJN(tVi1s_1 zrKn7PA4?je?r^6@PCuWS(1px*JH8~wNFuqOB7tt#m9^`EhY?N&cA@s`bmRgl%MxE= zvhy7n*6RqKM7@;2x@B;!^83tJSva=_*{pohQk9X|2)07`x@R;}u&3-<0sU854GOv! zjc$VOa4zJRjfhE`%3&k7<;<90ZWP^DOG3+9vt#+*_+eMK4en4F!@I7xt zZr{A6lA0!xq8MaIh)*Q2WrgPaVT?>CASdBV^YJ%MM9(|`YuNGIZ^$LO=1Mqx=8h{( zRh%%0!9+VM$7-|}kVBX82yHU443uBNmf*xq8_xZY*@^NMU$-t0lSDr?pZ?}b>cEhC z0}BIjol|-e#L?Oe55SSJaX6P*s4*u;@voV|b2M};?ug;MHoDd<)2lr~is$OXj(5Bi zs{o@9FeW-N|!K`x?1l059CWl|TaSdKdqK%!(?l_fmnZRGW#sb2d=#9sbrtq8V za96ZADc!x2uoxjb7{g>*@@PKySa@~>y0~+C{$ltNb_)x&RyP=bAIh`kCgfIQgk_{Z z@uK3-SB(y)$*PrdxOjMYmv9I|`@$68%q8-KV`A{u+!zpWs5g8=z(JL`Dm(-KI;)2h z8Y34rW*{tJwt7YS_4un;#!q@gK*Y2|1nXkU{clwPbhim&6I>c*_7Pj4=4c8qe290i zwfiL5{0gu)wbx$9dRlsbc{welSljXIKvbB^jrT<4c#_KZb_{%u;5pm3zDac;++9D< z&3>%*OJJtQm-=kW726t_a8Zn%TUZ{1<(6evEp@7ls2ZJo$i+ggUr@ofIeeTRd}UTm zS0R@N&xr9^pA*bPuIsv-W}S#TsvTvVS&gA`1&5#|0Gp@?%MYXtqdld_)rL^cwkMQ7 zdUOS;<#@(>5ngN|uM+IiKdb2W`eCWpB>U`0`NTJvCj7F`FQsY>;tWA8Tnt}~;9P-4 z^lc|oXk=HK!WC<}p4`F{p}wb$d^;F|7(+j&D$2a;(k4aS!?l1zDbOp{Ku}A%PAEz% zKm%{%YI-Y9*{m};a(l+8v9sT&V=I;|ah7Y|yfI=+75*iuInH1HK>c#J%qvd(l8*=T zGJY{)2!-^tQNLDI<-z{;JFrP~yqsu_+?dc2oY@3!+&LQF+QAy^pp(QFzQo<*YHDEH zucJFA-CpXzuv$k@pimh)(>x&Gb5Sb6@Z}=L;+3QIMB_HTS?$Du!jsR(mAk^$H)FaR zKWs$&pv(04j#1+AdGW$-k@#r&WyK-ZEgB>L%;GPV^7~p7G%f}U1tt2LSlZoDTbaHw zEP2^cQRdnkXnN80%YF_>O036VNlO*zR`Y|f zTU)J`jhA1eqnqC1nov@pIgt}v4gBckOL?cX<&~*hC>Ttu9S%vVyNaDJ9kafq5)jEnV^TLJQ*gYYP@&W>-^;>tKpNWDsWPT@ zFpdoFO$H1HudBw6T?*d0_Sk18`^cZ-nFqCvo=7|PTjCLNRBh*rXElzDr=uk0Y!Snx z*8`Y>Nbb6|mHd3HlH)tkFWg<;MW}+E&&S3LMG-y#ks7Oj6~uLUv=a7w+gE8F|{RYFlFx5!Gkl z`3n}~=2aeLO!?bMYlUN@)4?1j@c${yGbg$kjcngmL9~v0M)&PpE4ml0ZccM|7H`4N zn3ql`bOu3f6N*EuddoYAdIy_e+EY-%HI|ldiJo&7>DgH2t)qF%h?JTGb1^ozIKuHh zgYp*r7Roxf`2L=hyWv$z+t(!S^Hrcd2ZoM>YRb8f|2V_mL-wxMmKE(dXu1TGtq&JG zZzGj_J&IzC8~L)*sq|iARrocTrQeAEMyW9J-Q}9Pnss_i{Kc&ne0s;Sxws!@#{BL? zKO^N_=oQ8rhUFDV81QfnF2EZgQFP2jZsa{W1A@W9;9{ANwk?+wwG$suJ|NP;Y7)3g z+UR{@z90oYc&S5(Kj1BV-h36=c=hSYN0u0Np>B~_1{mCSG?o#mVQ=twu_oH7#^P|R zv59ND$!bct*wKWG_ccmfm6P&~UG_(=H4KiMPTBq!ykGi#{z2DT$tD~!t93v4$;6!n z2X^%K!=pYkoR3&Cc7*25bS9l!^mf#9V_6ZrSoGE&lHma>8u&$l9+!nw!7c1SiE7gNSaSgk?yvUOK_@tnreyh_c~ zm2nfT!nPe)oUkNK7DvkY%8u}xC9_PlQt+hRye`5OqEu4Mb!#MAPn9(JYBLQH6DQ&g zLGEmVxmuN|L^}l4)d)=6CbCmM z!r{0xt))dv?s{Mp@UwTI`4ErB%->kCfeS6~MoM9j#_W%7nzwkC@tJQY(B!mvXrktI zA`9QF|4xf&fh?bVB08Q6m0}rvRd5mTz=s#Q1=K>W@`{C+%**tKIL{?63N2iOwRWFo z*t1#pqqhk|XiLf)o|rCPaZ0aSGwRC$UgO}MY$ZU2T+E`%xw?1}rCdeB73gajVBJ{E+pRq! zDrMIg!?e)?WM#9zj0fyVV)4B9bGRWFh)dLtP_eJGXCIF>@1GE9*1D6VIT-GSwXa%@ zXBTF-@w}K``RA|T=mT)}#Xe&k?@fwm%^~9FUA+>N#brcdk7Srmf4OvJ>Ze&`M-xMjmbyYj zc?K1}=tuu=bFD*dd!}q9Vf-u}O&0^U%(}6pKl|W$J|WXUcIFPCw>Dr#W|` zC3GlMV);W`6!M7dB>OBZVy)Y>9#g+^T%OfmEQnRPJQUM+<9Lp>P}vSW*Z3ujpIvGC zGsu2=${GaC-gw)ODf7UdYx|J|JWI^9%UTn53hNkYY&0q6jFw+812GovPEetF*(G#( zVw3QPl|<)h(?wq|Ia%L6-Fr3b*5tt~nOT^j@?X zo1}YrsjPKdtHQp3emSlM4r+!iviLEaGd7_4oloi27gEF7f{R^?Iab4N4u#n(!Sq@xRST9kdkMxm^#BQ6`h^I%tRh283 z84X?~?&d>!Z}SSm&5wjB@@$2+zxx#z30_>lz`

^B}am^!)o;NhdYu&>Efu@p>{ZwN>-3*62iK?7bPZbB{(QL-^yS#8c@O{VxZ9$-FFRH%&)Znisn`H{ z#dpz>_^<0?ivn#S1#4HTioe=I7s2&2zAmKy>!X3dF4NgkxQMbq1sAt6Cpi^!QY?teRSv>X75)l+lz7V-$- z#A}&lD*gC?Qu019BNEyRC*wgX#q)kDbpvWB)73(*+w*E#j;5dyD=~ zJf6maMVbjDH=vTPKEe?_EwK71#Ud+i5+M912^Cl$w>N3v`}$MA%GnH)jRcm$HQSH& zLB;#%7;p{vDgbC7QBW~GJ}by8W!tA;5BdnzP>6fZy^=7%8`%JDKS%JlL_DdVjdP$&mNTo~)x=ZaLC_4k zJLO`Y*K`fNFHb^bieG!{tKl*Bp9Y{Jmw@wl*snw&r*mh6Qxu?#rU3NkU0(NT>QA}f zeOuc1;zlAVDIR-qN1(@4mo zgs2HnW!u1({v8lb5#_*0rTHkrBC0pAfGpYs)Sci@@z9{rK+Jg3$8= zT*f{mCRk{Fm#HCuffSx-{d zcNtIu?)g-8ArM_wKstp=GI^1|N%ty28?3k=7_BeXHV@IcHZq zwg+3W0O>TmyVTd@cG}3kJ?f+G-6MLGzkllns8+ZMogMagApiiadxUB;jVyVJ%sjDg z5!Vuv4Mii4aUB=Gf7*qcrypJ@5ID+4E+gsCKZ-|YvPUfdrY!!G|1N+Ez zrJr@p;1sB$d2mwyQ`Rm*RW+p|7LeatFfHoDvj984;8`faT&%cxAPGSC^8lnO7O9g$0pOJ}`^igot^E7Pm{ z0LQ}9CtP~I!@g4nm&J4PIWc{L*gI&^0rZDBWLizk8Z&PSc=&P!kWM3NEV7t(uQxMJ zjewTL$9-m4X`k#y!zDaN#~ryACT#qwfF97ipA7eU?ta(I?z`Kjh#2FC&j7|(vK3*b zMeo~Ua~jlxB zijs{8PFnN}81Yqs9`7{dCFV>Tr_fBD_6tH=Db-vf%0zd*d^Y}peIHW#t6(y*1QT3s zA0Vm@(3M7l<=p~$23l~k*DMjaOK%o~ulykH$}L&Q{I7d;740f9>)867W(22R_B3Z@ zPP=5}{cZJoz1LlBURmT;iIUZ5mAKIn^g}0$Xb!lTB`-YZpWb(%3>j)yn|ytR3)2r4aAoJ`IjS`sy+m7&NcFS zaw1n}Enks#LTdR9!L~eYO2MJ_I0V&L9k3K|Ej7bLymZ_3PXFNWjMTnoaw&XxiCz?l zZ5sz0B{Dhv*ip1YdScRjAI=Zv(hk^gK&A~3Z>g%)+auHM4f+a_koSVkHIC-W=3{s# z={Mlkl4{ILYzE0fx_ZBP52+upX5LA;Y;~Fk!mwiUC-6=HKghb)Ho3>1{M}o=aHHv; zAybM((iVpo_*vLcc*`q4bfe)*A6S)-ee6p1{OtyY;{pu|$6|Zz`yKktireSnhU(yK zT@G;-VHSEjgMv1KK}`P!x@@8UfVheuL*NoIjW1q9_!p4y_VdLQ*g z)!zEt_tf-HWX%i_Xw%9QSI(CQT8zuL|B2*@B5a)h>v{+czi^+m73F9MpaZw`0HiOt zU3d4d2wI2$4ru(Vk#(Pl@+N9O>54C$L;VB9uLEw#*c)d`f+Iehj@TwKp~qV`R){$tP_)+8=TAn$9^GFFY~BM1Q^D2hk{R zeb9a5(A%ONJ||!@1Bd1DDsA(mvQEl)uP=5eWEF%EZ~|TCL(TH&`yeP3gCe3C2;n@E ztDdKmrQ!JRNHeE2Kx|kTVwn+GkTee}j#t=h-Vj=%1y()TgK(J%?Y_AkFoW$N*rrVc zgg6GB%hBECfz~pZzC-C(2;>4aDP7v`#K5_>fh^kL*ROq7KxAZkq80K7gCv8RACn#B zIye9jS^L^oyY?VbavJ37f+R@y0f-9$9N2rDfYY7a0x6&!I01P2L=|Lz2kqCQ?tWxu zw!y4l0#>K0UDnW9Q6@*qfNWd=(O7Z$Cwt!*$2c-U@R|F2T(C?aQIctU`hfV>siq&e zjbGP4-~9CQvP307&PTramSRH5V-_Nol^Lzm-X(wv$vlBn8$pEAGzlVy*;`tM-f99Y zKmoGA4PZKReG7n`+XhHDoTdD5>_C;+hH?L8po7&UAb(_PQ9W>WgjlKxfO)E5lz)5Z z5O6wN0Etz;tg_|;h+u9FHJ1K|C8er|Q3PW2tgZPa&$APkePE{dH1Qz+Q)AFX^!=Bo zQ0Vm7rx(6iyI&(t#{1%()Rr`^5dxskqH7Fmq9D-l1`sIB*)u`LYcs!QW$pRk-3k`& zYJhTBba%wu1b~rw;02x-PlbGE%r*na*YziIo;eSi@c)H`BI zw3U3Bto>kz5~U(`G7k|#zzSJk1x#w9JRf(53vUOYNbavdFZC}I6RM(&F^ILHO@|Of zLi=mUwVl&evD4X>Tx@#SB~#Y-;%7kWYNSs&Rv`^iu=mtIn0bB4-4h_l zK9Rf+=n*!?LN^!BcmT8eSBxg(HAsi*a5D8yCdm-Vqb_ zT_8ipeiGL-4DhowRZsz0o2YFRg zGnZ>3m>C=3<=$IwM<;_csE+Dof*6|YSA*SX0!)8ZPnjxG_TMBe{}B~}*1TN=sKt$_7Sc~UY^H-Z4Ly5*K`=k;y{j@rSIaNC{EB=_w$14V8|o|TW! zb1s_PATS2vooTutmwO~x0PM%6FPTs4`DlV{)njVb9wJLMgCXVE0OF3X#Mt|UlUye4 z{P#%*)58q@62Z1}H6fX?o{BA0nB^8%wUy);U{z}iw@|IIL zF2G?W>An?RXVb7v^*SF%1{ArufEz+U9A>wa^75`v>oE z;A43rSGKJAk=^mHyK{Nw5{+=o;Hx|EX12QDf(N~c*iUN?o;MQU+3-j|5}0j4q{qz@ z-j`;<=)&P@xlLUHJe83>k_q6AnWFQjR3pTKlMrw}W(aewR}82DFt9r+tkiPS6mtVO z7Xx45GWFBu5SYTL)0?h-`!0RYwNrSf)3fs)&kq0i3x>@$spA=94*;Khq`!wn?MG(y z`RkRs7d75%{JNm3Qkx@_-?w|R>2)^Y92Jdqo5-*HIa6bbycmhT<9mSfTYy6D5&>zf+pjRLpw@?(6`}>sdof{{e=woz&Mzpj-31K^0F5)mOGKuAz;MKYRa(+L6VZUT7w)HDKLCOAu0E>CAFpVy zmb00K=R4Q7VG=5JHI}O&K$TGlkS*K|evbRxMye8;A+_36De1of46d;M)tfzcO%w>; zeS8P$3gl%L*C;j&=)>j`KHJJxx8TMw3ZcdQovx$i_4)B&yrS0rbcTnKG6zLHl3&9| zVx8M8LCPFv(*ayMj>-YNb!?l_Ddez}uQTZ(!M}yVR9Z}(&R7*um$$tQ4w}!90usng zx{N}wRp^b)?Me=!l*vRBc%0U_=EF7{X^-#_8Lvaeb zB{J4Hqbb54D}yDrXMfZm*7kjlAcoxp^GhI~a6!OJQ48r9&NrkgX4FlqRe)@FKz9M_ zCE|N}iday`Rf&hSYk3!LwXQs$aE->13h>-uX3^Id3CqY%n(-yk|Id2X%Z>5wH?pg#P`c5_oX9k8B=Kf0+0-)JTX5L6pC}Dt@a*#J zk#QTQ1aE_vwqfh;9yPRn`} zBPByJfT!kyfnKTN+83A=GJHJW4N*yUqhaeBV*l>Icw9N2n7rwNObjyG^e4RCRrd~! z!7I`_@9a2|=nNrU{j>$0%HOMzDmJE$x~qR~qV$uKrtxUu%5{J9Fwl~bD~e0(yD2;J z8M^=x-LvMBaM+#wVQVQ)>y!2L=caTS&0_4>eBp-xYDq_&MMudH;^Zm+#>b;nUY~Kw zXE!4WEv@6?UK#Gx%sd5Lnfc4V26>s2e`(LXl>9U-TlDNcSu*VOlE&acmX$ysGve9A zztQ!Di+(0(k5yshZ6ivSk3-qFuI+S{C~vaG`vexV+I9ZZGTMp%w`DXyOMmmwB?K-> z06Vr+LPU4mZr_)L2l z%dBJakD)TFm@qAQk>~_nd`0p0>Es_|(2?nWTl9YZCvE7}!X&*m zT>ny8N}=o)&qQq|-{-KuI4ki)Ae;IzNS+(~C+&JF0DgDP#*ixc&+mAdKx3in)BUF; ze=@NgTMXX>+vY{*Mz2fSv+Le;StI#KY5V=OTJ;eEX9oiem;rVht@; z{6jjwi?HID*W^KF^{y-H(O(%D7nJ>#Og**yb57>l;Myel67Kz#{k7Z%PHCk21? zOWuK=$MrF*+|oa{a5Dn5TDT^Z%Kl0KB|%$-^?Avs{yzhzstE4%|6bhx9l7)B#Q$sF zxdY+{g%>X1w8~3MJQe@{)#MPLFxJrhd*T`s95`%0-S2Ppsx<$8HdT8#MpNjrPd3#a zTdFezB?+Mntxv(_8kl?piTtwPjM#BhN3@XQ9vZ_s1p>c~^TL6Qo4fte_}MAv7?t~!!2ZbKycEFy9RzLGZdpCaoMs;{3toMCM?Cn&w)?H(p{M4* zS3>VbeA1Jy+xw#v^@qQx>nxZm+P(}R+K<>qyLaCa@hoU4S zsU6q%HzrcD4?MEhxA6GSD7{=-MjrNdUJAM!mmv65UFFYO9MbUM+3~Wbxz$9wb*bYn zSA59Cn(z*KQ;6+&Cl~wS*lQ)6_^qR7 z#ZKnj1W24c-s;t;z>Um4uMC;H&2>N1S)1u{KKxndd)={r9xjH|**`lGux?Z>%{t5b zi{sVo+|4)Q zMY(6spYx34efpKWID*P{6>rsapM0yFVOqBdEkJeE+Yn4;z=1-sS%(RFIU3yi2 zG-MI+?%G9KHF=Lk9t`P(Klh}Xf{7m;v(`6+TREeeKgWhA;OVyP!i-&GC=6UsJUDek|Cdw@qlxccfXpSOtjZ*x-3#^~jli*3j*Kwp-Af;W0$dhr$i) zF`E>~jsLxQi!Tr~B#ad}bVL~f4Y3*r9l5{QtzFULSqE0cH~4adLYACMM7Y%zf8PV3 z0;f)6OP3isKFDiOM8`#W{|=!3Ba$Odje(`kA!?bfWl6-Za_8oGQyBW70Orf|%c!~X zuz$ z{T)hDseJKV>h63>yXt>&f&;`e33C|1CF!sb2ZSm7eJ3!?eqPi2XtG-o(aa&)PQRCe zf0`2C@~9N%cogvqDcUPJC$i65F_2DC2R(i^Zqw(C-46$yZ#%e)O_O)7$TeuBwR(MyZki_1)e-R8lEJwEzw$FrqO*?8cDl-`DgJ`?f_(#@2@etEHg3 zUVnWIXk^ie>Q*G*x~ZPmXZ`U{Xb2!YRhVhxz2!;@vTc!jaxOj-x9*bPBB4h1{ni76 z#4^Dn7r%sDZm9fRna*UeD*T=;j19&8B=+|!@z0IX8piiVTgXv`qK-z{I1!2+5C1Ug zp*c!>8-M6SpY_}@=?#8U0d#+Oe9m{xez&i^&B8*$7hKgF7VFiKG>4ZMaq z*w#sz1=;UkP{<|%mUXxS>8jC{a##l-l}@wvWnWN6(d;ZQg!LxI!w!^qjigyA^1Y=mTic3 zR=kV1x6a_D(GnsW#X9P`H~Ycr`2$W)PM+s;&iS64=S1CKccL}uBCO^4yV^Ak;Jrx~n3HpTcjqOPh`d8C3&k4}dl3QDl5yK>` zG>1z}_goXbilJKkUDEa5-1t(oO26pVCAh8HW)!tk z)O@RvJyQb7NrD-OznEGCnT>=>AukL=Oo6;bAtU4QoYk%O3Zo)v@Xsc*x190 z^O!m)^o!A)rE{ioJlzpW`l8p(4r=F>pj|SYx^CrowkyrO98~gvs*PG0WQ=|e_m3D@4O0SS9E`o@Q;}U)@xP9$I1eywj-ON!WtB`r*kp9Dl@%6I{GK_G zq`d+Vk2>2=Gse6HprSoqE_LK;%t6KaCsI~@W26+&{F`}|GgJsYmw z^}{q?uRh_F#}sug#SiXh2-*kd)Y`yR!!t|gqK7ZUQ+5w0za(SoereK!nCiDh8Cb3r zu=#$)SmPiiJ_JTZBt^3=Kst$y;tL#VWvSgQw4M3Gc-{aN;r5m|)FK(ks;gG%44`MV zvc-AqWd;xGh^CMCUnT)#+)JhWcacHQPk3VC4CJF!sa*5ES80l=$>zYSK?&bP@W(~2 z;0-m`Eh7#M?r}MRJ{Hbq7a@_^0_3Jl9dLHLXPpLzA0FL9T#__t0R-GMcuVs`p_hEX zZ4-fs#2brVI$SGQ=gY>g_TEUc*J3X6xd@DVJPykF9|Y%E02{AxnhJO2A#Hn>oh_H4 zeD3f@lJ|6Hx2q0}vw~PF3(FNZ15mk)p7!FJ!uQ4LTVEOzUO`)YOhR<)` Date: Tue, 26 Mar 2019 13:47:01 -0700 Subject: [PATCH 02/13] Add closing note --- docs/GETTING_STARTED.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md index af79c470..5a5e16c0 100644 --- a/docs/GETTING_STARTED.md +++ b/docs/GETTING_STARTED.md @@ -517,6 +517,8 @@ X.509v3 TLS Certificate (ECDSA P-256) [Serial: 2295...5799] to: 2019-03-27T19:02:58Z ``` +Now it's easy for anybody in the G-Suite organization to self-serve fetching valid certificates. + ## Notes on Securing the Step CA and your PKI. In this section we recommend a few best practices when it comes to From 52f09605f474fd68d6bfa4ac715bb0d3d8e54c68 Mon Sep 17 00:00:00 2001 From: Sebastian Tiedtke Date: Tue, 26 Mar 2019 14:04:34 -0700 Subject: [PATCH 03/13] Typo --- docs/GETTING_STARTED.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md index 5a5e16c0..3f28fd14 100644 --- a/docs/GETTING_STARTED.md +++ b/docs/GETTING_STARTED.md @@ -467,7 +467,7 @@ top navbar's dropdown. In the masthead navigation click **Credentials** (key symbol) and then "OAuth consent screen" from the subnav. Fill out naming details, all mandatory fields, and decide if your app is of type **Public** or **Internal**. Internal will make sure the access scope -is bound to your G-Suite organization. **Publi** will let anybody with a Google Account +is bound to your G-Suite organization. **Public** will let anybody with a Google Account log in, incl. `gmail.com` accounts. Move back to **Credentials** on the subnav and choose "OAuth client ID" from the From f75a52d55bf76acb7b685521a606500a83429ae9 Mon Sep 17 00:00:00 2001 From: max furman Date: Tue, 26 Mar 2019 14:43:06 -0700 Subject: [PATCH 04/13] A few fixes to the OIDC provisioner docs --- docs/GETTING_STARTED.md | 44 +++++++++++++++++++++++------------------ 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md index 3f28fd14..9f24598e 100644 --- a/docs/GETTING_STARTED.md +++ b/docs/GETTING_STARTED.md @@ -418,7 +418,7 @@ Please enter a password to encrypt the provisioner private key? password }, [...] -# launch CA... +## launch CA... $ step-ca $(step path)/config/ca.json Please enter the password to decrypt ~/.step/secrets/intermediate_ca_key: password 2019/02/21 12:09:51 Serving HTTPS on :9443 ... @@ -453,22 +453,23 @@ $ step ca renew site.crt site.key error renewing certificate: Unauthorized ``` -## Leverage G-Suite's OAuth OIDC as authenticate personal certificates for users +## Use Oauth OIDC to obtain personal certificates -To authenticate users with the CA you can leverage services that expose OAuth OpenID -Connect identity providers. One of the most common provider and the one we'll use in -this example is G-Suite. +To authenticate users with the CA you can leverage services that expose OAuth +OpenID Connect identity providers. One of the most common providers, and the +one we'll use in this example, is G-Suite. Navigate to the Google APIs developer console and pick a suitable project from the top navbar's dropdown. ![Google Dev Console](oidc1.png) -In the masthead navigation click **Credentials** (key symbol) and then "OAuth consent -screen" from the subnav. Fill out naming details, all mandatory fields, and decide if -your app is of type **Public** or **Internal**. Internal will make sure the access scope -is bound to your G-Suite organization. **Public** will let anybody with a Google Account -log in, incl. `gmail.com` accounts. +In the masthead navigation click **Credentials** (key symbol) and then "OAuth +consent screen" from the subnav. Fill out naming details, all mandatory fields, +and decide if your app is of type **Public** or **Internal**. Internal +will make sure the access scope is bound to your G-Suite organization. +**Public** will let anybody with a Google Account log in, incl. +`gmail.com` accounts. Move back to **Credentials** on the subnav and choose "OAuth client ID" from the **Create credentials** dropdown. Since OIDC will be used from the `step CLI` pick **Other** @@ -476,15 +477,18 @@ from the available options and pick a name (e.g. **Step CLI**). ![Create credential](oidc2.png) -On successful completion, a confirmation modal with both `clientID` and `clientSecret` will -be presented. Please note that the `clientSecret` will allow applications access to the configured -OAuth consent screen. However, it will not allow direct authentication of users without their own -MfA credentials per account. +On successful completion, a confirmation modal with both `clientID` and +`clientSecret` will be presented. Please note that the `clientSecret` will +allow applications access to the configured OAuth consent screen. However, it +will not allow direct authentication of users without their own MfA credentials +per account. ![OIDC credentials](oidc3.png) -Now using `clientID` and `clientSecret` run following command to add G-Suite as a provisioner to -`step certificates`. Please see [`step ca provisioner add`](https://smallstep.com/docs/cli/ca/provisioner/add/)'s docs for all available configuration options and descriptions. +Now using `clientID` and `clientSecret` run the following command to add +G-Suite as a provisioner to `step certificates`. Please see [`step ca +provisioner add`](https://smallstep.com/docs/cli/ca/provisioner/add/)'s docs +for all available configuration options and descriptions. ```bash $ step ca provisioner add Google --type oidc --ca-config $(step path)/config/ca.json \ @@ -494,8 +498,9 @@ $ step ca provisioner add Google --type oidc --ca-config $(step path)/config/ca. --domain yourdomain.com --domain gmail.com ``` -Start up the online CA or send a HUP signal if it's already running to pick up the new provisioner. -Now users should be able to fetch certificates using the familiar `step ca certificate` flow: +Start up the online CA or send a HUP signal if it's already running to reload +the configuration and pick up the new provisioner. Now users should be able to +obtain certificates using the familiar `step ca certificate` flow: ```bash $ step ca certificate sebastian@smallstep.com personal.crt personal.key @@ -517,7 +522,8 @@ X.509v3 TLS Certificate (ECDSA P-256) [Serial: 2295...5799] to: 2019-03-27T19:02:58Z ``` -Now it's easy for anybody in the G-Suite organization to self-serve fetching valid certificates. +Now it's easy for anybody in the G-Suite organization to obtain valid personal +certificates! ## Notes on Securing the Step CA and your PKI. From fab5f01cc56df353aeca058879fb89a58ddb3e2d Mon Sep 17 00:00:00 2001 From: Sebastian Tiedtke Date: Tue, 26 Mar 2019 15:01:59 -0700 Subject: [PATCH 05/13] Use personal cert --- docs/GETTING_STARTED.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/GETTING_STARTED.md b/docs/GETTING_STARTED.md index 9f24598e..6a1edd6b 100644 --- a/docs/GETTING_STARTED.md +++ b/docs/GETTING_STARTED.md @@ -513,13 +513,14 @@ What provisioner key do you want to use? ✔ Certificate: personal.crt ✔ Private Key: personal.key -$ step certificate inspect --short localhost.crt -X.509v3 TLS Certificate (ECDSA P-256) [Serial: 2295...5799] - Subject: localhost +$ step certificate inspect --short personal.crt ⏎ +X.509v3 TLS Certificate (ECDSA P-256) [Serial: 6169...4235] + Subject: 106202051347258973689 + sebastian@smallstep.com Issuer: Local CA Intermediate CA - Provisioner: admin [ID: fYDo...5iXI] - Valid from: 2019-03-26T19:02:58Z - to: 2019-03-27T19:02:58Z + Provisioner: Google [ID: 9724....com] + Valid from: 2019-03-26T20:36:28Z + to: 2019-03-27T20:36:28Z ``` Now it's easy for anybody in the G-Suite organization to obtain valid personal From 72eb069baf65d69bcbfe4997b33e899f3a44aca9 Mon Sep 17 00:00:00 2001 From: Mariano Cano Date: Thu, 28 Mar 2019 11:00:30 -0700 Subject: [PATCH 06/13] Fix typo Fixes #43 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 731801bd..f952774a 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ mTLS](https://raw.githubusercontent.com/smallstep/certificates/master/images/con There's just one problem: **you need certificates issued by your own certificate authority (CA)**. Building and operating a CA, issuing certificates, and making sure they're renewed before they expire is tricky. -This project provides the infratructure, automations, and workflows you'll +This project provides the infrastructure, automations, and workflows you'll need. `step certificates` is part of smallstep's broader security architecture, which From 54af415d60739fd24e1f840e1ea05492f1655c87 Mon Sep 17 00:00:00 2001 From: max furman Date: Fri, 29 Mar 2019 12:37:58 -0700 Subject: [PATCH 07/13] Add `make archive` for uploading source code tarball * git default source code tarballs have a tendency of changing shasums --- Makefile | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 08613bd6..53a67d72 100644 --- a/Makefile +++ b/Makefile @@ -292,16 +292,20 @@ bundle-darwin: binary-darwin .PHONY: binary-linux binary-darwin bundle-linux bundle-darwin ################################################# -# Targets for creating OS specific artifacts +# Targets for creating OS specific artifacts and archives ################################################# artifacts-linux-tag: bundle-linux debian artifacts-darwin-tag: bundle-darwin +artifacts-archive-tag: + $Q mkdir -p $(RELEASE) + $Q git archive v$(VERSION) | gzip > $(RELEASE)/step-certificates.tar.gz + artifacts-tag: artifacts-linux-tag artifacts-darwin-tag -.PHONY: artifacts-linux-tag artifacts-darwin-tag artifacts-tag +.PHONY: artifacts-linux-tag artifacts-darwin-tag artifacts-archive-tag artifacts-tag ################################################# # Targets for creating step artifacts @@ -310,6 +314,9 @@ artifacts-tag: artifacts-linux-tag artifacts-darwin-tag # For all builds that are not tagged artifacts-master: +# For all builds with a release-candidate (-rc) tag +artifacts-release-candidate: artifacts-tag + # For all builds with a release tag artifacts-release: artifacts-tag From 464d1d42557044600dad8dccffe36eb052a6fcfe Mon Sep 17 00:00:00 2001 From: max furman Date: Fri, 29 Mar 2019 12:39:48 -0700 Subject: [PATCH 08/13] cli update --- Gopkg.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gopkg.lock b/Gopkg.lock index 1794437e..8b0340d0 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -298,7 +298,7 @@ "utils", ] pruneopts = "UT" - revision = "a2e2d27fd5eff22ba94b1f2bd2fc946f5bb7f041" + revision = "3e1e2dcfa54298e0fb86e0be86ab36d79f36473e" [[projects]] branch = "master" From 47eed2b914da167a8e687c4696f73388ea189d3b Mon Sep 17 00:00:00 2001 From: max furman Date: Fri, 29 Mar 2019 12:53:09 -0700 Subject: [PATCH 09/13] forgot to add make target --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 53a67d72..824d6645 100644 --- a/Makefile +++ b/Makefile @@ -303,7 +303,7 @@ artifacts-archive-tag: $Q mkdir -p $(RELEASE) $Q git archive v$(VERSION) | gzip > $(RELEASE)/step-certificates.tar.gz -artifacts-tag: artifacts-linux-tag artifacts-darwin-tag +artifacts-tag: artifacts-linux-tag artifacts-darwin-tag artifacts-archive-tag .PHONY: artifacts-linux-tag artifacts-darwin-tag artifacts-archive-tag artifacts-tag From 8c5b14b88c0ccd68687b3d684eda769510a6c5ef Mon Sep 17 00:00:00 2001 From: max furman Date: Fri, 5 Apr 2019 10:45:40 -0700 Subject: [PATCH 10/13] docs: Update distribution artifacts --- docs/distribution.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/distribution.md b/docs/distribution.md index c5858143..3bdef552 100644 --- a/docs/distribution.md +++ b/docs/distribution.md @@ -88,9 +88,10 @@ e.g. `v1.0.2` Travis will build and upload the following artifacts: - * **step-ca_1.0.3_amd64.deb**: debian package for installation on linux. - * **step-ca_1.0.3_linux_amd64.tar.gz**: tarball containing a statically compiled linux binary. - * **step-ca_1.0.3_darwin_amd64.tar.gz**: tarball containing a statically compiled darwin binary. + * **step-certificates_1.0.3_amd64.deb**: debian package for installation on linux. + * **step-certificates_1.0.3_linux_amd64.tar.gz**: tarball containing a statically compiled linux binary. + * **step-certificates_1.0.3_darwin_amd64.tar.gz**: tarball containing a statically compiled darwin binary. + * **step-certificates.tar.gz**: tarball containing a git archive of the full repo. *All Done!* From d85a083ce29bf5a6d7719fe69232e2cfa262a2a3 Mon Sep 17 00:00:00 2001 From: max furman Date: Fri, 5 Apr 2019 11:38:43 -0700 Subject: [PATCH 11/13] Add version to git archive name --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 824d6645..4731c713 100644 --- a/Makefile +++ b/Makefile @@ -301,7 +301,7 @@ artifacts-darwin-tag: bundle-darwin artifacts-archive-tag: $Q mkdir -p $(RELEASE) - $Q git archive v$(VERSION) | gzip > $(RELEASE)/step-certificates.tar.gz + $Q git archive v$(VERSION) | gzip > $(RELEASE)/step-certificates_$(VERSION).tar.gz artifacts-tag: artifacts-linux-tag artifacts-darwin-tag artifacts-archive-tag From 351c01cf7e9f179929f464219b508b5955ab2b57 Mon Sep 17 00:00:00 2001 From: Justin Date: Mon, 8 Apr 2019 12:24:31 -0700 Subject: [PATCH 12/13] Do not allow pods in one namespace to create certificates for hostnames from another namespace. (#54) * Do not allow pods in one namespace to create certificates for hostnames from another namespace. * Make cluster domain configurable, clean up shouldMutate() logic, and make namespace restrictions configurable with restrictCertificatesToNamespace. * Return certificate hostname validation errors in the admission webhook response. * Appease the gometalinter. --- autocert/controller/main.go | 68 +++++++++++++++++++++++----- autocert/controller/main_test.go | 75 +++++++++++++++++++++++++++++++ autocert/install/02-autocert.yaml | 2 + 3 files changed, 134 insertions(+), 11 deletions(-) create mode 100644 autocert/controller/main_test.go diff --git a/autocert/controller/main.go b/autocert/controller/main.go index 68cf3bfd..eeb8f393 100644 --- a/autocert/controller/main.go +++ b/autocert/controller/main.go @@ -45,12 +45,24 @@ const ( // Config options for the autocert admission controller. type Config struct { - LogFormat string `yaml:"logFormat"` - CaURL string `yaml:"caUrl"` - CertLifetime string `yaml:"certLifetime"` - Bootstrapper corev1.Container `yaml:"bootstrapper"` - Renewer corev1.Container `yaml:"renewer"` - CertsVolume corev1.Volume `yaml:"certsVolume"` + LogFormat string `yaml:"logFormat"` + CaURL string `yaml:"caUrl"` + CertLifetime string `yaml:"certLifetime"` + Bootstrapper corev1.Container `yaml:"bootstrapper"` + Renewer corev1.Container `yaml:"renewer"` + CertsVolume corev1.Volume `yaml:"certsVolume"` + RestrictCertificatesToNamespace bool `yaml:"restrictCertificatesToNamespace"` + ClusterDomain string `yaml:"clusterDomain"` +} + +// GetClusterDomain returns the Kubernetes cluster domain, defaults to +// "cluster.local" if not specified in the configuration. +func (c Config) GetClusterDomain() string { + if c.ClusterDomain != "" { + return c.ClusterDomain + } + + return "cluster.local" } // PatchOperation represents a RFC6902 JSONPatch Operation @@ -216,6 +228,7 @@ func mkBootstrapper(config *Config, commonName string, namespace string, provisi Name: "COMMON_NAME", Value: commonName, }) + b.Env = append(b.Env, corev1.EnvVar{ Name: "STEP_TOKEN", ValueFrom: &corev1.EnvVarSource{ @@ -357,7 +370,8 @@ func addAnnotations(existing, new map[string]string) (ops []PatchOperation) { func patch(pod *corev1.Pod, namespace string, config *Config, provisioner Provisioner) ([]byte, error) { var ops []PatchOperation - commonName := pod.ObjectMeta.GetAnnotations()[admissionWebhookAnnotationKey] + annotations := pod.ObjectMeta.GetAnnotations() + commonName := annotations[admissionWebhookAnnotationKey] renewer := mkRenewer(config) bootstrapper, err := mkBootstrapper(config, commonName, namespace, provisioner) if err != nil { @@ -376,7 +390,10 @@ func patch(pod *corev1.Pod, namespace string, config *Config, provisioner Provis // shouldMutate checks whether a pod is subject to mutation by this admission controller. A pod // is subject to mutation if it's annotated with the `admissionWebhookAnnotationKey` and if it // has not already been processed (indicated by `admissionWebhookStatusKey` set to `injected`). -func shouldMutate(metadata *metav1.ObjectMeta) bool { +// If the pod requests a certificate with a subject matching a namespace other than its own +// and restrictToNamespace is true, then shouldMutate will return a validation error +// that should be returned to the client. +func shouldMutate(metadata *metav1.ObjectMeta, namespace string, clusterDomain string, restrictToNamespace bool) (bool, error) { annotations := metadata.GetAnnotations() if annotations == nil { annotations = map[string]string{} @@ -385,10 +402,26 @@ func shouldMutate(metadata *metav1.ObjectMeta) bool { // Only mutate if the object is annotated appropriately (annotation key set) and we haven't // mutated already (status key isn't set). if annotations[admissionWebhookAnnotationKey] == "" || annotations[admissionWebhookStatusKey] == "injected" { - return false + return false, nil } - return true + if !restrictToNamespace { + return true, nil + } + + subject := strings.Trim(annotations[admissionWebhookAnnotationKey], ".") + + err := fmt.Errorf("subject \"%s\" matches a namespace other than \"%s\" and is not permitted. This check can be disabled by setting restrictCertificatesToNamespace to false in the autocert-config ConfigMap", subject, namespace) + + if strings.HasSuffix(subject, ".svc") && !strings.HasSuffix(subject, fmt.Sprintf(".%s.svc", namespace)) { + return false, err + } + + if strings.HasSuffix(subject, fmt.Sprintf(".svc.%s", clusterDomain)) && !strings.HasSuffix(subject, fmt.Sprintf(".%s.svc.%s", namespace, clusterDomain)) { + return false, err + } + + return true, nil } // mutate takes an `AdmissionReview`, determines whether it is subject to mutation, and returns @@ -418,7 +451,20 @@ func mutate(review *v1beta1.AdmissionReview, config *Config, provisioner Provisi "user": request.UserInfo, }) - if !shouldMutate(&pod.ObjectMeta) { + mutationAllowed, validationErr := shouldMutate(&pod.ObjectMeta, request.Namespace, config.GetClusterDomain(), config.RestrictCertificatesToNamespace) + + if validationErr != nil { + ctxLog.WithField("error", validationErr).Info("Validation error") + return &v1beta1.AdmissionResponse{ + Allowed: false, + UID: request.UID, + Result: &metav1.Status{ + Message: validationErr.Error(), + }, + } + } + + if !mutationAllowed { ctxLog.WithField("annotations", pod.Annotations).Info("Skipping mutation") return &v1beta1.AdmissionResponse{ Allowed: true, diff --git a/autocert/controller/main_test.go b/autocert/controller/main_test.go new file mode 100644 index 00000000..1f0290eb --- /dev/null +++ b/autocert/controller/main_test.go @@ -0,0 +1,75 @@ +package main + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "testing" +) + +func TestGetClusterDomain(t *testing.T) { + c := Config{} + if c.GetClusterDomain() != "cluster.local" { + t.Errorf("cluster domain should default to cluster.local, not: %s", c.GetClusterDomain()) + } + + c.ClusterDomain = "mydomain.com" + if c.GetClusterDomain() != "mydomain.com" { + t.Errorf("cluster domain should default to cluster.local, not: %s", c.GetClusterDomain()) + } +} + +func TestShouldMutate(t *testing.T) { + testCases := []struct { + description string + subject string + namespace string + expected bool + }{ + {"full cluster domain", "test.default.svc.cluster.local", "default", true}, + {"full cluster domain wrong ns", "test.default.svc.cluster.local", "kube-system", false}, + {"left dots get stripped", ".test.default.svc.cluster.local", "default", true}, + {"left dots get stripped wrong ns", ".test.default.svc.cluster.local", "kube-system", false}, + {"right dots get stripped", "test.default.svc.cluster.local.", "default", true}, + {"right dots get stripped wrong ns", "test.default.svc.cluster.local.", "kube-system", false}, + {"dots get stripped", ".test.default.svc.cluster.local.", "default", true}, + {"dots get stripped wrong ns", ".test.default.svc.cluster.local.", "kube-system", false}, + {"partial cluster domain", "test.default.svc.cluster", "default", true}, + {"partial cluster domain wrong ns is still allowed because not valid hostname", "test.default.svc.cluster", "kube-system", true}, + {"service domain", "test.default.svc", "default", true}, + {"service domain wrong ns", "test.default.svc", "kube-system", false}, + {"two part domain", "test.default", "default", true}, + {"two part domain different ns", "test.default", "kube-system", true}, + {"one hostname", "test", "default", true}, + {"no subject specified", "", "default", false}, + {"three part not cluster", "test.default.com", "kube-system", true}, + {"four part not cluster", "test.default.svc.com", "kube-system", true}, + {"five part not cluster", "test.default.svc.cluster.com", "kube-system", true}, + {"six part not cluster", "test.default.svc.cluster.local.com", "kube-system", true}, + } + + for _, testCase := range testCases { + t.Run(testCase.description, func(t *testing.T) { + mutationAllowed, validationErr := shouldMutate(&metav1.ObjectMeta{ + Annotations: map[string]string{ + admissionWebhookAnnotationKey: testCase.subject, + }, + }, testCase.namespace, "cluster.local", true) + if mutationAllowed != testCase.expected { + t.Errorf("shouldMutate did not return %t for %s", testCase.expected, testCase.description) + } + if testCase.subject != "" && mutationAllowed == false && validationErr == nil { + t.Errorf("shouldMutate should return validation error for invalid hostname") + } + }) + } +} + +func TestShouldMutateNotRestrictToNamespace(t *testing.T) { + mutationAllowed, _ := shouldMutate(&metav1.ObjectMeta{ + Annotations: map[string]string{ + admissionWebhookAnnotationKey: "test.default.svc.cluster.local", + }, + }, "kube-system", "cluster.local", false) + if mutationAllowed == false { + t.Errorf("shouldMutate should return true even with a wrong namespace if restrictToNamespace is false.") + } +} diff --git a/autocert/install/02-autocert.yaml b/autocert/install/02-autocert.yaml index f6453ca2..07f722bf 100644 --- a/autocert/install/02-autocert.yaml +++ b/autocert/install/02-autocert.yaml @@ -21,6 +21,8 @@ metadata: data: config.yaml: | logFormat: json # or text + restrictCertificatesToNamespace: true + clusterDomain: cluster.local caUrl: https://ca.step.svc.cluster.local certLifetime: 24h renewer: From 840916ae1bf136a566727505613772d8c687b8bb Mon Sep 17 00:00:00 2001 From: Sebastian Tiedtke Date: Mon, 8 Apr 2019 12:37:56 -0700 Subject: [PATCH 13/13] Note about usage instructions --- autocert/INSTALL.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/autocert/INSTALL.md b/autocert/INSTALL.md index 0b4b788b..a9fe843e 100644 --- a/autocert/INSTALL.md +++ b/autocert/INSTALL.md @@ -174,3 +174,7 @@ $ kubectl get mutatingwebhookconfiguration NAME CREATED AT autocert-webhook-config 2019-01-17T22:57:57Z ``` + +### Move on to usage instructions + +Make sure to follow the autocert usage steps at https://github.com/smallstep/certificates/tree/master/autocert#usage