From 39b0f7f0d65503511dff09bd90f46795eb3bb614 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 11:54:19 +0000
Subject: [PATCH 01/26] update .gitignore

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 .gitignore | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.gitignore b/.gitignore
index 3612f9a6..d6591aef 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,6 +12,9 @@ est/estserver/estserver
 tools/cmc-signing-tool/cmc-signing-tool
 tools/cmc-converter/cmc-converter
 tools/fmspc-retrieval-tool/fmspc-retrieval-tool
+tools/measurefs/measurefs
+tools/containerd-shim-cmc-v1/containerd-shim-cmc-v1
+tools/measure-bundle/measure-bundle
 tpm/test_encrypted_ak.json
 example-setup/data-cmc/
 example-setup/**/*.cbor
@@ -20,4 +23,4 @@ tpmdriver/test_encrypted_ak.json
 est/server/server
 attestationreport/cache/*
 testtool/private.pem
-testtool/public.pem 
\ No newline at end of file
+testtool/public.pem

From 87cb897bc3324ffd3dd92115a6b1d9bbec0f61e1 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 11:54:50 +0000
Subject: [PATCH 02/26] update go modules

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 go.mod | 1 +
 go.sum | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 315ac33a..1f0ec09b 100644
--- a/go.mod
+++ b/go.mod
@@ -24,6 +24,7 @@ require (
 	github.com/dsnet/golib/memfile v1.0.0 // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/certificate-transparency-go v1.1.6 // indirect
+	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-tspi v0.3.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
diff --git a/go.sum b/go.sum
index 14cfa01d..1ddb38de 100644
--- a/go.sum
+++ b/go.sum
@@ -18,7 +18,8 @@ github.com/google/certificate-transparency-go v1.1.6/go.mod h1:0OJjOsOk+wj6aYQgP
 github.com/google/go-attestation v0.4.4-0.20230613144338-a9b6eb1eb888 h1:HURgKPRPJSozDuMHpjdV+iyFVLhB6bi1JanhGgSzI1k=
 github.com/google/go-attestation v0.4.4-0.20230613144338-a9b6eb1eb888/go.mod h1:xCfWZojUHwedNcs780T8cblW9XHss9XKD2s3U44FVbo=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-tpm v0.9.0 h1:sQF6YqWMi+SCXpsmS3fd21oPy/vSddwZry4JnmltHVk=
 github.com/google/go-tpm v0.9.0/go.mod h1:FkNVkc6C+IsvDI9Jw1OveJmxGZUUaKxtrpOS47QWKfU=
 github.com/google/go-tpm-tools v0.3.13-0.20230620182252-4639ecce2aba h1:qJEJcuLzH5KDR0gKc0zcktin6KSAwL7+jWKBYceddTc=

From d2d9faa1158c352611bda6f80ef89c80ad756764 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 11:56:03 +0000
Subject: [PATCH 03/26] jsoncannonicalizer: add open source project

add the apache licened jsoncanonicalizer source files
to be able to generate reproducible JSON container
configuration files for measuring container configs.

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 jsoncanonicalizer/es6numfmt.go         |  71 +++++
 jsoncanonicalizer/jsoncanonicalizer.go | 378 +++++++++++++++++++++++++
 2 files changed, 449 insertions(+)
 create mode 100644 jsoncanonicalizer/es6numfmt.go
 create mode 100644 jsoncanonicalizer/jsoncanonicalizer.go

diff --git a/jsoncanonicalizer/es6numfmt.go b/jsoncanonicalizer/es6numfmt.go
new file mode 100644
index 00000000..ae17f3d9
--- /dev/null
+++ b/jsoncanonicalizer/es6numfmt.go
@@ -0,0 +1,71 @@
+//
+//  Copyright 2006-2019 WebPKI.org (http://webpki.org).
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//      https://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+//
+
+// This package converts numbers in IEEE-754 double precision into the
+// format specified for JSON in EcmaScript Version 6 and forward.
+// The core application for this is canonicalization:
+// https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-02
+
+package jsoncanonicalizer
+
+import (
+	"errors"
+	"math"
+	"strconv"
+	"strings"
+)
+
+const invalidPattern uint64 = 0x7ff0000000000000
+
+func NumberToJSON(ieeeF64 float64) (res string, err error) {
+	ieeeU64 := math.Float64bits(ieeeF64)
+
+	// Special case: NaN and Infinity are invalid in JSON
+	if (ieeeU64 & invalidPattern) == invalidPattern {
+		return "null", errors.New("Invalid JSON number: " + strconv.FormatUint(ieeeU64, 16))
+	}
+
+	// Special case: eliminate "-0" as mandated by the ES6-JSON/JCS specifications
+	if ieeeF64 == 0 { // Right, this line takes both -0 and 0
+		return "0", nil
+	}
+
+	// Deal with the sign separately
+	var sign string = ""
+	if ieeeF64 < 0 {
+		ieeeF64 = -ieeeF64
+		sign = "-"
+	}
+
+	// ES6 has a unique "g" format
+	var format byte = 'e'
+	if ieeeF64 < 1e+21 && ieeeF64 >= 1e-6 {
+		format = 'f'
+	}
+
+	// The following should do the trick:
+	es6Formatted := strconv.FormatFloat(ieeeF64, format, -1, 64)
+
+	// Minor cleanup
+	exponent := strings.IndexByte(es6Formatted, 'e')
+	if exponent > 0 {
+		// Go outputs "1e+09" which must be rewritten as "1e+9"
+		if es6Formatted[exponent+2] == '0' {
+			es6Formatted = es6Formatted[:exponent+2] + es6Formatted[exponent+3:]
+		}
+	}
+	return sign + es6Formatted, nil
+}
diff --git a/jsoncanonicalizer/jsoncanonicalizer.go b/jsoncanonicalizer/jsoncanonicalizer.go
new file mode 100644
index 00000000..ab7a1be4
--- /dev/null
+++ b/jsoncanonicalizer/jsoncanonicalizer.go
@@ -0,0 +1,378 @@
+//
+//  Copyright 2006-2019 WebPKI.org (http://webpki.org).
+//
+//  Licensed under the Apache License, Version 2.0 (the "License");
+//  you may not use this file except in compliance with the License.
+//  You may obtain a copy of the License at
+//
+//      https://www.apache.org/licenses/LICENSE-2.0
+//
+//  Unless required by applicable law or agreed to in writing, software
+//  distributed under the License is distributed on an "AS IS" BASIS,
+//  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//  See the License for the specific language governing permissions and
+//  limitations under the License.
+//
+
+// This package transforms JSON data in UTF-8 according to:
+// https://tools.ietf.org/html/draft-rundgren-json-canonicalization-scheme-02
+
+package jsoncanonicalizer
+
+import (
+	"container/list"
+	"errors"
+	"fmt"
+	"strconv"
+	"strings"
+	"unicode/utf16"
+)
+
+type nameValueType struct {
+	name    string
+	sortKey []uint16
+	value   string
+}
+
+// JSON standard escapes (modulo \u)
+var asciiEscapes = []byte{'\\', '"', 'b', 'f', 'n', 'r', 't'}
+var binaryEscapes = []byte{'\\', '"', '\b', '\f', '\n', '\r', '\t'}
+
+// JSON literals
+var literals = []string{"true", "false", "null"}
+
+func Transform(jsonData []byte) (result []byte, e error) {
+
+	// JSON data MUST be UTF-8 encoded
+	var jsonDataLength int = len(jsonData)
+
+	// Current pointer in jsonData
+	var index int = 0
+
+	// "Forward" declarations are needed for closures referring each other
+	var parseElement func() string
+	var parseSimpleType func() string
+	var parseQuotedString func() string
+	var parseObject func() string
+	var parseArray func() string
+
+	var globalError error = nil
+
+	checkError := func(e error) {
+		// We only honor the first reported error
+		if globalError == nil {
+			globalError = e
+		}
+	}
+
+	setError := func(msg string) {
+		checkError(errors.New(msg))
+	}
+
+	isWhiteSpace := func(c byte) bool {
+		return c == 0x20 || c == 0x0a || c == 0x0d || c == 0x09
+	}
+
+	nextChar := func() byte {
+		if index < jsonDataLength {
+			c := jsonData[index]
+			if c > 0x7f {
+				setError("Unexpected non-ASCII character")
+			}
+			index++
+			return c
+		}
+		setError("Unexpected EOF reached")
+		return '"'
+	}
+
+	scan := func() byte {
+		for {
+			c := nextChar()
+			if isWhiteSpace(c) {
+				continue
+			}
+			return c
+		}
+	}
+
+	scanFor := func(expected byte) {
+		c := scan()
+		if c != expected {
+			setError("Expected '" + string(expected) + "' but got '" + string(c) + "'")
+		}
+	}
+
+	getUEscape := func() rune {
+		start := index
+		nextChar()
+		nextChar()
+		nextChar()
+		nextChar()
+		if globalError != nil {
+			return 0
+		}
+		u16, err := strconv.ParseUint(string(jsonData[start:index]), 16, 64)
+		checkError(err)
+		return rune(u16)
+	}
+
+	testNextNonWhiteSpaceChar := func() byte {
+		save := index
+		c := scan()
+		index = save
+		return c
+	}
+
+	decorateString := func(rawUTF8 string) string {
+		var quotedString strings.Builder
+		quotedString.WriteByte('"')
+	CoreLoop:
+		for _, c := range []byte(rawUTF8) {
+			// Is this within the JSON standard escapes?
+			for i, esc := range binaryEscapes {
+				if esc == c {
+					quotedString.WriteByte('\\')
+					quotedString.WriteByte(asciiEscapes[i])
+					continue CoreLoop
+				}
+			}
+			if c < 0x20 {
+				// Other ASCII control characters must be escaped with \uhhhh
+				quotedString.WriteString(fmt.Sprintf("\\u%04x", c))
+			} else {
+				quotedString.WriteByte(c)
+			}
+		}
+		quotedString.WriteByte('"')
+		return quotedString.String()
+	}
+
+	parseQuotedString = func() string {
+		var rawString strings.Builder
+	CoreLoop:
+		for globalError == nil {
+			var c byte
+			if index < jsonDataLength {
+				c = jsonData[index]
+				index++
+			} else {
+				nextChar()
+				break
+			}
+			if c == '"' {
+				break
+			}
+			if c < ' ' {
+				setError("Unterminated string literal")
+			} else if c == '\\' {
+				// Escape sequence
+				c = nextChar()
+				if c == 'u' {
+					// The \u escape
+					firstUTF16 := getUEscape()
+					if utf16.IsSurrogate(firstUTF16) {
+						// If the first UTF-16 code unit has a certain value there must be
+						// another succeeding UTF-16 code unit as well
+						if nextChar() != '\\' || nextChar() != 'u' {
+							setError("Missing surrogate")
+						} else {
+							// Output the UTF-32 code point as UTF-8
+							rawString.WriteRune(utf16.DecodeRune(firstUTF16, getUEscape()))
+						}
+					} else {
+						// Single UTF-16 code identical to UTF-32.  Output as UTF-8
+						rawString.WriteRune(firstUTF16)
+					}
+				} else if c == '/' {
+					// Benign but useless escape
+					rawString.WriteByte('/')
+				} else {
+					// The JSON standard escapes
+					for i, esc := range asciiEscapes {
+						if esc == c {
+							rawString.WriteByte(binaryEscapes[i])
+							continue CoreLoop
+						}
+					}
+					setError("Unexpected escape: \\" + string(c))
+				}
+			} else {
+				// Just an ordinary ASCII character alternatively a UTF-8 byte
+				// outside of ASCII.
+				// Note that properly formatted UTF-8 never clashes with ASCII
+				// making byte per byte search for ASCII break characters work
+				// as expected.
+				rawString.WriteByte(c)
+			}
+		}
+		return rawString.String()
+	}
+
+	parseSimpleType = func() string {
+		var token strings.Builder
+		index--
+		for globalError == nil {
+			c := testNextNonWhiteSpaceChar()
+			if c == ',' || c == ']' || c == '}' {
+				break
+			}
+			c = nextChar()
+			if isWhiteSpace(c) {
+				break
+			}
+			token.WriteByte(c)
+		}
+		if token.Len() == 0 {
+			setError("Missing argument")
+		}
+		value := token.String()
+		// Is it a JSON literal?
+		for _, literal := range literals {
+			if literal == value {
+				return literal
+			}
+		}
+		// Apparently not so we assume that it is a I-JSON number
+		ieeeF64, err := strconv.ParseFloat(value, 64)
+		checkError(err)
+		value, err = NumberToJSON(ieeeF64)
+		checkError(err)
+		return value
+	}
+
+	parseElement = func() string {
+		switch scan() {
+		case '{':
+			return parseObject()
+		case '"':
+			return decorateString(parseQuotedString())
+		case '[':
+			return parseArray()
+		default:
+			return parseSimpleType()
+		}
+	}
+
+	parseArray = func() string {
+		var arrayData strings.Builder
+		arrayData.WriteByte('[')
+		var next bool = false
+		for globalError == nil && testNextNonWhiteSpaceChar() != ']' {
+			if next {
+				scanFor(',')
+				arrayData.WriteByte(',')
+			} else {
+				next = true
+			}
+			arrayData.WriteString(parseElement())
+		}
+		scan()
+		arrayData.WriteByte(']')
+		return arrayData.String()
+	}
+
+	lexicographicallyPrecedes := func(sortKey []uint16, e *list.Element) bool {
+		// Find the minimum length of the sortKeys
+		oldSortKey := e.Value.(nameValueType).sortKey
+		minLength := len(oldSortKey)
+		if minLength > len(sortKey) {
+			minLength = len(sortKey)
+		}
+		for q := 0; q < minLength; q++ {
+			diff := int(sortKey[q]) - int(oldSortKey[q])
+			if diff < 0 {
+				// Smaller => Precedes
+				return true
+			} else if diff > 0 {
+				// Bigger => No match
+				return false
+			}
+			// Still equal => Continue
+		}
+		// The sortKeys compared equal up to minLength
+		if len(sortKey) < len(oldSortKey) {
+			// Shorter => Precedes
+			return true
+		}
+		if len(sortKey) == len(oldSortKey) {
+			setError("Duplicate key: " + e.Value.(nameValueType).name)
+		}
+		// Longer => No match
+		return false
+	}
+
+	parseObject = func() string {
+		nameValueList := list.New()
+		var next bool = false
+	CoreLoop:
+		for globalError == nil && testNextNonWhiteSpaceChar() != '}' {
+			if next {
+				scanFor(',')
+			}
+			next = true
+			scanFor('"')
+			rawUTF8 := parseQuotedString()
+			if globalError != nil {
+				break
+			}
+			// Sort keys on UTF-16 code units
+			// Since UTF-8 doesn't have endianess this is just a value transformation
+			// In the Go case the transformation is UTF-8 => UTF-32 => UTF-16
+			sortKey := utf16.Encode([]rune(rawUTF8))
+			scanFor(':')
+			nameValue := nameValueType{rawUTF8, sortKey, parseElement()}
+			for e := nameValueList.Front(); e != nil; e = e.Next() {
+				// Check if the key is smaller than a previous key
+				if lexicographicallyPrecedes(sortKey, e) {
+					// Precedes => Insert before and exit sorting
+					nameValueList.InsertBefore(nameValue, e)
+					continue CoreLoop
+				}
+				// Continue searching for a possibly succeeding sortKey
+				// (which is straightforward since the list is ordered)
+			}
+			// The sortKey is either the first or is succeeding all previous sortKeys
+			nameValueList.PushBack(nameValue)
+		}
+		// Scan away '}'
+		scan()
+		// Now everything is sorted so we can properly serialize the object
+		var objectData strings.Builder
+		objectData.WriteByte('{')
+		next = false
+		for e := nameValueList.Front(); e != nil; e = e.Next() {
+			if next {
+				objectData.WriteByte(',')
+			}
+			next = true
+			nameValue := e.Value.(nameValueType)
+			objectData.WriteString(decorateString(nameValue.name))
+			objectData.WriteByte(':')
+			objectData.WriteString(nameValue.value)
+		}
+		objectData.WriteByte('}')
+		return objectData.String()
+	}
+
+	/////////////////////////////////////////////////
+	// This is where Transform actually begins...  //
+	/////////////////////////////////////////////////
+	var transformed string
+
+	if testNextNonWhiteSpaceChar() == '[' {
+		scan()
+		transformed = parseArray()
+	} else {
+		scanFor('{')
+		transformed = parseObject()
+	}
+	for index < jsonDataLength {
+		if !isWhiteSpace(jsonData[index]) {
+			setError("Improperly terminated JSON object")
+			break
+		}
+		index++
+	}
+	return []byte(transformed), globalError
+}

From 58be690647b8de2de16d1f2784d65cd7b5150e9c Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 11:57:53 +0000
Subject: [PATCH 04/26] measure: add module for measuring OCI runtime bundles

The measure module implements functionality to measure
OCI runtime bundles (config.json container specification
and rootfs) into a specified hardware trust anchor.

For now, this module implements the TPM as the hardware
trust anchor.

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 measure/measure.go  | 154 ++++++++++++++++++++++++++++++++++++++++++++
 measure/rootfs.go   |  92 ++++++++++++++++++++++++++
 measure/rtconfig.go |  79 +++++++++++++++++++++++
 3 files changed, 325 insertions(+)
 create mode 100644 measure/measure.go
 create mode 100644 measure/rootfs.go
 create mode 100644 measure/rtconfig.go

diff --git a/measure/measure.go b/measure/measure.go
new file mode 100644
index 00000000..15936ab2
--- /dev/null
+++ b/measure/measure.go
@@ -0,0 +1,154 @@
+// Copyright (c) 2024 Fraunhofer AISEC
+// Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package measure
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"os"
+	"strings"
+
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
+	"github.com/google/go-tpm/legacy/tpm2"
+	"github.com/google/go-tpm/tpmutil"
+
+	"github.com/sirupsen/logrus"
+)
+
+var log = logrus.WithField("service", "measure")
+
+type MeasureEntry struct {
+	Pcr            int        `json:"pcr,omitempty" cbor:"0,keyasint,omitempty"`
+	TemplateSha256 ar.HexByte `json:"templateSha256,omitempty" cbor:"1,keyasint,omitempty"`
+	Name           string     `json:"name,omitempty" cbor:"2,keyasint,omitempty"`
+	ConfigSha256   ar.HexByte `json:"configSha256,omitempty" cbor:"3,keyasint,omitempty"`
+	RootfsSha256   ar.HexByte `json:"rootfsSha256,omitempty" cbor:"4,keyasint,omitempty"`
+}
+
+type MeasureConfig struct {
+	Serializer ar.Serializer
+	Pcr        int
+	LogFile    string
+	Driver     string
+}
+
+func Measure(name string, configSha256, rootfsSha256 []byte, mc *MeasureConfig) error {
+
+	if mc == nil {
+		return errors.New("internal error: measure config is nil")
+	}
+
+	// Hash config entry
+	// TODO discuss if name is required
+	// tbh := []byte(name)
+	// tbh = append(tbh, configSha256...)
+	tbh := []byte(configSha256)
+	tbh = append(tbh, rootfsSha256...)
+
+	hasher := sha256.New()
+	hasher.Write(tbh)
+	hash := hasher.Sum(nil)
+
+	// Generate config entry
+	entry := MeasureEntry{
+		Pcr:            mc.Pcr,
+		TemplateSha256: hash,
+		Name:           name,
+		ConfigSha256:   configSha256,
+		RootfsSha256:   rootfsSha256,
+	}
+
+	log.Tracef("Recording measurement %v: %v", name, hex.EncodeToString(entry.TemplateSha256))
+
+	// Read the existing measurement list if it already exists
+	var measureList []MeasureEntry
+	if _, err := os.Stat(mc.LogFile); err == nil {
+		data, err := os.ReadFile(mc.LogFile)
+		if err != nil {
+			return fmt.Errorf("failed to read measurement list: %w", err)
+		}
+
+		err = mc.Serializer.Unmarshal(data, &measureList)
+		if err != nil {
+			return fmt.Errorf("failed to unmarshal measurement list: %w", err)
+		}
+	}
+
+	// Search the existing measurement list..
+	found := false
+	for _, e := range measureList {
+		if bytes.Equal(e.TemplateSha256, entry.TemplateSha256) {
+			found = true
+			break
+		}
+	}
+
+	// ..if the container was already measured, exit
+	if found {
+		log.Tracef("Measurement %v already exists, nothing to do", name)
+		return nil
+	}
+
+	// ..otherwise append it to the measurement list and record the measurement
+	measureList = append(measureList, entry)
+	log.Tracef("Recorded measurement %v into measurement list", name)
+
+	data, err := mc.Serializer.Marshal(measureList)
+	if err != nil {
+		return fmt.Errorf("failed to marshal measurement list: %w", err)
+	}
+
+	err = os.WriteFile(mc.LogFile, data, 0644)
+	if err != nil {
+		return fmt.Errorf("failed to write measurement list: %w", err)
+	}
+
+	if strings.EqualFold(mc.Driver, "tpm") {
+		addr, err := getTpmAddr()
+		if err != nil {
+			return fmt.Errorf("failed to get TPM path: %v", err)
+		}
+
+		rwc, err := tpm2.OpenTPM(addr)
+		if err != nil {
+			return fmt.Errorf("failed to open TPM%v: %w", addr, err)
+		}
+		defer rwc.Close()
+
+		err = tpm2.PCRExtend(rwc, tpmutil.Handle(mc.Pcr), tpm2.AlgSHA256, entry.TemplateSha256, "")
+		if err != nil {
+			return fmt.Errorf("failed to extend PCR%v: %w", mc.Pcr, err)
+		}
+
+		log.Tracef("Recorded measurement %v into PCR%v", name, mc.Pcr)
+	}
+
+	return nil
+}
+
+func getTpmAddr() (string, error) {
+	// TODO more robust
+	if _, err := os.Stat("/dev/tpmrm0"); err == nil {
+		return "/dev/tpmrm0", nil
+	} else if _, err := os.Stat("/dev/tpm0"); err == nil {
+		return "/dev/tpm0", nil
+	} else {
+		return "", errors.New("failed to find TPM device in /dev")
+	}
+}
diff --git a/measure/rootfs.go b/measure/rootfs.go
new file mode 100644
index 00000000..5d896138
--- /dev/null
+++ b/measure/rootfs.go
@@ -0,0 +1,92 @@
+// Copyright (c) 2021 Fraunhofer AISEC
+// Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package measure
+
+import (
+	"archive/tar"
+	"bytes"
+	"crypto/sha256"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"time"
+)
+
+func GetRootfsMeasurement(rootfsPath string) ([]byte, error) {
+	var buf bytes.Buffer
+	tw := tar.NewWriter(&buf)
+
+	rootfsPath = filepath.Clean(rootfsPath) + string(os.PathSeparator)
+
+	err := filepath.Walk(rootfsPath, func(file string, fi os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		var link string
+		if fi.Mode()&os.ModeSymlink != 0 {
+			link, err = os.Readlink(file)
+			if err != nil {
+				return err
+			}
+		}
+
+		header, err := tar.FileInfoHeader(fi, link)
+		if err != nil {
+			return err
+		}
+
+		header.ModTime = time.Unix(0, 0)
+
+		relativePath, err := filepath.Rel(rootfsPath, file)
+		if err != nil {
+			return err
+		}
+		header.Name = relativePath
+
+		if err := tw.WriteHeader(header); err != nil {
+			return err
+		}
+
+		if !fi.IsDir() && fi.Mode()&os.ModeSymlink == 0 {
+			f, err := os.Open(file)
+			if err != nil {
+				return err
+			}
+			defer f.Close()
+
+			if _, err := io.Copy(tw, f); err != nil {
+				return err
+			}
+		}
+
+		return nil
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to walk through rootfs: %w", err)
+	}
+
+	if err := tw.Close(); err != nil {
+		return nil, fmt.Errorf("failed to close tar writer: %w", err)
+	}
+
+	hasher := sha256.New()
+	hasher.Write(buf.Bytes())
+	hash := hasher.Sum(nil)
+
+	return hash, nil
+}
diff --git a/measure/rtconfig.go b/measure/rtconfig.go
new file mode 100644
index 00000000..c4ce8f08
--- /dev/null
+++ b/measure/rtconfig.go
@@ -0,0 +1,79 @@
+// Copyright (c) 2021 Fraunhofer AISEC
+// Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package measure
+
+import (
+	"crypto/sha256"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	jcs "github.com/Fraunhofer-AISEC/cmc/jsoncanonicalizer"
+)
+
+func GetConfigMeasurement(id string, configData []byte) ([]byte, []byte, error) {
+
+	// The container id varies depending on the client. For ctr, this is a user-specified
+	// name. For docker, this is a random UUID which changes on different container invocations
+	// replace the id with a placeholder to enable reproducible configs
+	shortId := id
+	if len(id) > 12 {
+		shortId = shortId[:12]
+	}
+	configString := string(configData)
+	configString = strings.ReplaceAll(configString, id, "<container-id>")
+	configString = strings.ReplaceAll(configString, shortId, "<container-id>")
+	reproducibleConfig := []byte(configString)
+
+	// Unmarshal the config for further modifications
+	var config map[string]interface{}
+	err := json.Unmarshal(reproducibleConfig, &config)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to unmarshal OCI runtime config: %w", err)
+	}
+
+	// Some values from the config, which are not security relevant and may change
+	// on different container invocations will be ignored
+	delete(config, "annotations")
+	delete(config, "root")
+	delete(config, "hooks")
+	process, ok := config["process"].(map[string]interface{})
+	if ok {
+		delete(process, "terminal")
+		delete(process, "consoleSize")
+	}
+	linux, ok := config["linux"].(map[string]interface{})
+	if ok {
+		delete(linux, "cgroupsPath")
+	}
+
+	data, err := json.Marshal(config)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to marshal config: %w", err)
+	}
+
+	// Transform to RFC 8785 canonical JSON form for reproducible hashing
+	tbh, err := jcs.Transform(data)
+	if err != nil {
+		return nil, nil, fmt.Errorf("failed to cannonicalize json: %w", err)
+	}
+
+	hasher := sha256.New()
+	hasher.Write(tbh)
+	hash := hasher.Sum(nil)
+
+	return hash, tbh, nil
+}

From 68c3c27096013251ed685a0406b7ab883a7d5ed7 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:00:02 +0000
Subject: [PATCH 05/26] measure: add unit tests

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 measure/rtconfig_test.go | 393 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 393 insertions(+)
 create mode 100644 measure/rtconfig_test.go

diff --git a/measure/rtconfig_test.go b/measure/rtconfig_test.go
new file mode 100644
index 00000000..de0c864c
--- /dev/null
+++ b/measure/rtconfig_test.go
@@ -0,0 +1,393 @@
+// Copyright (c) 2021 Fraunhofer AISEC
+// Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package measure
+
+import (
+	"reflect"
+	"testing"
+)
+
+func TestGetConfigMeasurement(t *testing.T) {
+	type args struct {
+		id         string
+		configData []byte
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    []byte
+		wantErr bool
+	}{
+		{
+			name: "Measure Config Success",
+			args: args{
+				id:         "mycontainer",
+				configData: configData,
+			},
+			want:    []byte{0x9e, 0x4a, 0x82, 0x2d, 0xa5, 0x65, 0x2e, 0x40, 0x42, 0x39, 0xd9, 0xb8, 0x02, 0xdd, 0x59, 0x0a, 0x04, 0x13, 0x23, 0x76, 0xdf, 0xc6, 0xe0, 0xe1, 0x29, 0x68, 0x5c, 0x4e, 0x3f, 0x25, 0x35, 0x54},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := GetConfigMeasurement(tt.args.id, tt.args.configData)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("GetConfigMeasurement() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("GetConfigMeasurement() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+var (
+	configData = []byte{
+		0x7b, 0x0a, 0x20, 0x20, 0x22, 0x6f, 0x63, 0x69, 0x56, 0x65, 0x72, 0x73,
+		0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x20, 0x22, 0x31, 0x2e, 0x30, 0x2e, 0x32,
+		0x22, 0x2c, 0x0a, 0x20, 0x20, 0x22, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73,
+		0x73, 0x22, 0x3a, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74,
+		0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x3a, 0x20, 0x74, 0x72,
+		0x75, 0x65, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x75, 0x73, 0x65,
+		0x72, 0x22, 0x3a, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x75, 0x69, 0x64, 0x22, 0x3a, 0x20, 0x30, 0x2c, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x22, 0x67, 0x69, 0x64, 0x22, 0x3a, 0x20, 0x30,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x61, 0x72, 0x67, 0x73, 0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x22, 0x2f, 0x62, 0x69, 0x6e, 0x2f, 0x70, 0x65,
+		0x62, 0x62, 0x6c, 0x65, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x22, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x22, 0x2c, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x22, 0x2d, 0x2d, 0x76, 0x65, 0x72, 0x62, 0x6f,
+		0x73, 0x65, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x5d, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x22, 0x65, 0x6e, 0x76, 0x22, 0x3a, 0x20, 0x5b, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x50, 0x41, 0x54, 0x48, 0x3d,
+		0x2f, 0x75, 0x73, 0x72, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x2f, 0x73,
+		0x62, 0x69, 0x6e, 0x3a, 0x2f, 0x75, 0x73, 0x72, 0x2f, 0x6c, 0x6f, 0x63,
+		0x61, 0x6c, 0x2f, 0x62, 0x69, 0x6e, 0x3a, 0x2f, 0x75, 0x73, 0x72, 0x2f,
+		0x73, 0x62, 0x69, 0x6e, 0x3a, 0x2f, 0x75, 0x73, 0x72, 0x2f, 0x62, 0x69,
+		0x6e, 0x3a, 0x2f, 0x73, 0x62, 0x69, 0x6e, 0x3a, 0x2f, 0x62, 0x69, 0x6e,
+		0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x54, 0x45,
+		0x52, 0x4d, 0x3d, 0x78, 0x74, 0x65, 0x72, 0x6d, 0x22, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x48, 0x4f, 0x4d, 0x45, 0x3d, 0x2f,
+		0x72, 0x6f, 0x6f, 0x74, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x5d, 0x2c,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x63, 0x77, 0x64, 0x22, 0x3a, 0x20,
+		0x22, 0x2f, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x63, 0x61,
+		0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x3a,
+		0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x62, 0x6f,
+		0x75, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43, 0x41, 0x50, 0x5f,
+		0x41, 0x55, 0x44, 0x49, 0x54, 0x5f, 0x57, 0x52, 0x49, 0x54, 0x45, 0x22,
+		0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43,
+		0x41, 0x50, 0x5f, 0x4b, 0x49, 0x4c, 0x4c, 0x22, 0x2c, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43, 0x41, 0x50, 0x5f, 0x4e,
+		0x45, 0x54, 0x5f, 0x42, 0x49, 0x4e, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56,
+		0x49, 0x43, 0x45, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5d,
+		0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x65, 0x66, 0x66,
+		0x65, 0x63, 0x74, 0x69, 0x76, 0x65, 0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43, 0x41, 0x50, 0x5f,
+		0x41, 0x55, 0x44, 0x49, 0x54, 0x5f, 0x57, 0x52, 0x49, 0x54, 0x45, 0x22,
+		0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43,
+		0x41, 0x50, 0x5f, 0x4b, 0x49, 0x4c, 0x4c, 0x22, 0x2c, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43, 0x41, 0x50, 0x5f, 0x4e,
+		0x45, 0x54, 0x5f, 0x42, 0x49, 0x4e, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56,
+		0x49, 0x43, 0x45, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5d,
+		0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x69, 0x6e, 0x68,
+		0x65, 0x72, 0x69, 0x74, 0x61, 0x62, 0x6c, 0x65, 0x22, 0x3a, 0x20, 0x5b,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43, 0x41,
+		0x50, 0x5f, 0x41, 0x55, 0x44, 0x49, 0x54, 0x5f, 0x57, 0x52, 0x49, 0x54,
+		0x45, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x43, 0x41, 0x50, 0x5f, 0x4b, 0x49, 0x4c, 0x4c, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43, 0x41, 0x50,
+		0x5f, 0x4e, 0x45, 0x54, 0x5f, 0x42, 0x49, 0x4e, 0x44, 0x5f, 0x53, 0x45,
+		0x52, 0x56, 0x49, 0x43, 0x45, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x5d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x70,
+		0x65, 0x72, 0x6d, 0x69, 0x74, 0x74, 0x65, 0x64, 0x22, 0x3a, 0x20, 0x5b,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43, 0x41,
+		0x50, 0x5f, 0x41, 0x55, 0x44, 0x49, 0x54, 0x5f, 0x57, 0x52, 0x49, 0x54,
+		0x45, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x43, 0x41, 0x50, 0x5f, 0x4b, 0x49, 0x4c, 0x4c, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43, 0x41, 0x50,
+		0x5f, 0x4e, 0x45, 0x54, 0x5f, 0x42, 0x49, 0x4e, 0x44, 0x5f, 0x53, 0x45,
+		0x52, 0x56, 0x49, 0x43, 0x45, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x5d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x61,
+		0x6d, 0x62, 0x69, 0x65, 0x6e, 0x74, 0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43, 0x41, 0x50, 0x5f,
+		0x41, 0x55, 0x44, 0x49, 0x54, 0x5f, 0x57, 0x52, 0x49, 0x54, 0x45, 0x22,
+		0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43,
+		0x41, 0x50, 0x5f, 0x4b, 0x49, 0x4c, 0x4c, 0x22, 0x2c, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x43, 0x41, 0x50, 0x5f, 0x4e,
+		0x45, 0x54, 0x5f, 0x42, 0x49, 0x4e, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56,
+		0x49, 0x43, 0x45, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5d,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x72, 0x6c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x22, 0x3a, 0x20, 0x5b,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a,
+		0x20, 0x22, 0x52, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x5f, 0x4e, 0x4f, 0x46,
+		0x49, 0x4c, 0x45, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x22, 0x68, 0x61, 0x72, 0x64, 0x22, 0x3a, 0x20, 0x31, 0x30,
+		0x32, 0x34, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x73, 0x6f, 0x66, 0x74, 0x22, 0x3a, 0x20, 0x31, 0x30, 0x32, 0x34,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20, 0x20,
+		0x20, 0x5d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f, 0x4e,
+		0x65, 0x77, 0x50, 0x72, 0x69, 0x76, 0x69, 0x6c, 0x65, 0x67, 0x65, 0x73,
+		0x22, 0x3a, 0x20, 0x74, 0x72, 0x75, 0x65, 0x0a, 0x20, 0x20, 0x7d, 0x2c,
+		0x0a, 0x20, 0x20, 0x22, 0x72, 0x6f, 0x6f, 0x74, 0x22, 0x3a, 0x20, 0x7b,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x70, 0x61, 0x74, 0x68, 0x22, 0x3a,
+		0x20, 0x22, 0x72, 0x6f, 0x6f, 0x74, 0x66, 0x73, 0x22, 0x0a, 0x20, 0x20,
+		0x7d, 0x2c, 0x0a, 0x20, 0x20, 0x22, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61,
+		0x6d, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x75, 0x6d, 0x6f, 0x63, 0x69, 0x2d,
+		0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x22, 0x2c, 0x0a, 0x20, 0x20,
+		0x22, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x22, 0x3a, 0x20, 0x5b, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+		0x22, 0x3a, 0x20, 0x22, 0x2f, 0x70, 0x72, 0x6f, 0x63, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74, 0x79, 0x70, 0x65, 0x22,
+		0x3a, 0x20, 0x22, 0x70, 0x72, 0x6f, 0x63, 0x22, 0x2c, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x22, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22,
+		0x3a, 0x20, 0x22, 0x70, 0x72, 0x6f, 0x63, 0x22, 0x0a, 0x20, 0x20, 0x20,
+		0x20, 0x7d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x22, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61,
+		0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x20, 0x22, 0x2f, 0x64, 0x65, 0x76,
+		0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74, 0x79,
+		0x70, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x74, 0x6d, 0x70, 0x66, 0x73, 0x22,
+		0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x73, 0x6f, 0x75,
+		0x72, 0x63, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x74, 0x6d, 0x70, 0x66, 0x73,
+		0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6f, 0x70,
+		0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f, 0x73, 0x75, 0x69,
+		0x64, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74, 0x61, 0x74, 0x69, 0x6d, 0x65,
+		0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x6d, 0x6f, 0x64, 0x65, 0x3d, 0x37, 0x35, 0x35, 0x22, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x73, 0x69, 0x7a, 0x65,
+		0x3d, 0x36, 0x35, 0x35, 0x33, 0x36, 0x6b, 0x22, 0x0a, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x5d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e,
+		0x22, 0x3a, 0x20, 0x22, 0x2f, 0x64, 0x65, 0x76, 0x2f, 0x70, 0x74, 0x73,
+		0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74, 0x79,
+		0x70, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x64, 0x65, 0x76, 0x70, 0x74, 0x73,
+		0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x73, 0x6f,
+		0x75, 0x72, 0x63, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x64, 0x65, 0x76, 0x70,
+		0x74, 0x73, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x3a, 0x20, 0x5b, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f, 0x73,
+		0x75, 0x69, 0x64, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x22, 0x6e, 0x6f, 0x65, 0x78, 0x65, 0x63, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6e, 0x65, 0x77,
+		0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x22, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x70, 0x74, 0x6d, 0x78,
+		0x6d, 0x6f, 0x64, 0x65, 0x3d, 0x30, 0x36, 0x36, 0x36, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6d, 0x6f, 0x64,
+		0x65, 0x3d, 0x30, 0x36, 0x32, 0x30, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x5d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22,
+		0x3a, 0x20, 0x22, 0x2f, 0x64, 0x65, 0x76, 0x2f, 0x73, 0x68, 0x6d, 0x22,
+		0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74, 0x79, 0x70,
+		0x65, 0x22, 0x3a, 0x20, 0x22, 0x74, 0x6d, 0x70, 0x66, 0x73, 0x22, 0x2c,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x73, 0x6f, 0x75, 0x72,
+		0x63, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x73, 0x68, 0x6d, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6f, 0x70, 0x74, 0x69, 0x6f,
+		0x6e, 0x73, 0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f, 0x73, 0x75, 0x69, 0x64, 0x22, 0x2c,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f,
+		0x65, 0x78, 0x65, 0x63, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f, 0x64, 0x65, 0x76, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6d, 0x6f, 0x64,
+		0x65, 0x3d, 0x31, 0x37, 0x37, 0x37, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x73, 0x69, 0x7a, 0x65, 0x3d, 0x36,
+		0x35, 0x35, 0x33, 0x36, 0x6b, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x5d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x2c, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x64,
+		0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a,
+		0x20, 0x22, 0x2f, 0x64, 0x65, 0x76, 0x2f, 0x6d, 0x71, 0x75, 0x65, 0x75,
+		0x65, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74,
+		0x79, 0x70, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x6d, 0x71, 0x75, 0x65, 0x75,
+		0x65, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x73,
+		0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x6d, 0x71, 0x75,
+		0x65, 0x75, 0x65, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x3a, 0x20, 0x5b,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f,
+		0x73, 0x75, 0x69, 0x64, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f, 0x65, 0x78, 0x65, 0x63, 0x22, 0x2c,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f,
+		0x64, 0x65, 0x76, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5d,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x64, 0x65, 0x73,
+		0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x20, 0x22,
+		0x2f, 0x73, 0x79, 0x73, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x22, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x62, 0x69,
+		0x6e, 0x64, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x2f, 0x73,
+		0x79, 0x73, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x3a, 0x20, 0x5b, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x72, 0x62, 0x69,
+		0x6e, 0x64, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x22, 0x6e, 0x6f, 0x73, 0x75, 0x69, 0x64, 0x22, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f, 0x65, 0x78,
+		0x65, 0x63, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x22, 0x6e, 0x6f, 0x64, 0x65, 0x76, 0x22, 0x2c, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x72, 0x6f, 0x22, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x5d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d,
+		0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x22, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69,
+		0x6f, 0x6e, 0x22, 0x3a, 0x20, 0x22, 0x2f, 0x65, 0x74, 0x63, 0x2f, 0x72,
+		0x65, 0x73, 0x6f, 0x6c, 0x76, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x22, 0x2c,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74, 0x79, 0x70, 0x65,
+		0x22, 0x3a, 0x20, 0x22, 0x62, 0x69, 0x6e, 0x64, 0x22, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
+		0x22, 0x3a, 0x20, 0x22, 0x2f, 0x65, 0x74, 0x63, 0x2f, 0x72, 0x65, 0x73,
+		0x6f, 0x6c, 0x76, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x22, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e,
+		0x73, 0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x22, 0x6e, 0x6f, 0x73, 0x75, 0x69, 0x64, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6e, 0x6f, 0x64,
+		0x65, 0x76, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x22, 0x6e, 0x6f, 0x65, 0x78, 0x65, 0x63, 0x22, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x72, 0x62, 0x69, 0x6e,
+		0x64, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x72, 0x6f, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x5d,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20, 0x5d, 0x2c, 0x0a,
+		0x20, 0x20, 0x22, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f,
+		0x6e, 0x73, 0x22, 0x3a, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x6f, 0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x74,
+		0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x2e, 0x69, 0x6d, 0x61, 0x67, 0x65,
+		0x2e, 0x61, 0x72, 0x63, 0x68, 0x69, 0x74, 0x65, 0x63, 0x74, 0x75, 0x72,
+		0x65, 0x22, 0x3a, 0x20, 0x22, 0x61, 0x6d, 0x64, 0x36, 0x34, 0x22, 0x2c,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6f, 0x72, 0x67, 0x2e, 0x6f, 0x70,
+		0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73,
+		0x2e, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x6f,
+		0x72, 0x22, 0x3a, 0x20, 0x22, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x6f, 0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e,
+		0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x2e, 0x69, 0x6d, 0x61, 0x67,
+		0x65, 0x2e, 0x62, 0x61, 0x73, 0x65, 0x2e, 0x64, 0x69, 0x67, 0x65, 0x73,
+		0x74, 0x22, 0x3a, 0x20, 0x22, 0x63, 0x36, 0x38, 0x37, 0x31, 0x61, 0x65,
+		0x38, 0x62, 0x35, 0x34, 0x66, 0x62, 0x33, 0x65, 0x64, 0x30, 0x62, 0x61,
+		0x34, 0x64, 0x66, 0x34, 0x65, 0x62, 0x39, 0x38, 0x35, 0x32, 0x37, 0x65,
+		0x39, 0x61, 0x36, 0x36, 0x39, 0x32, 0x30, 0x38, 0x38, 0x66, 0x65, 0x30,
+		0x63, 0x32, 0x66, 0x32, 0x32, 0x36, 0x30, 0x61, 0x39, 0x33, 0x33, 0x34,
+		0x38, 0x35, 0x33, 0x30, 0x39, 0x32, 0x62, 0x34, 0x37, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x22, 0x6f, 0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65,
+		0x6e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x2e,
+		0x69, 0x6d, 0x61, 0x67, 0x65, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
+		0x64, 0x22, 0x3a, 0x20, 0x22, 0x32, 0x30, 0x32, 0x33, 0x2d, 0x31, 0x30,
+		0x2d, 0x30, 0x35, 0x54, 0x30, 0x37, 0x3a, 0x33, 0x33, 0x3a, 0x33, 0x32,
+		0x2e, 0x39, 0x30, 0x32, 0x30, 0x33, 0x36, 0x35, 0x35, 0x34, 0x5a, 0x22,
+		0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6f, 0x72, 0x67, 0x2e, 0x6f,
+		0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72,
+		0x73, 0x2e, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2e, 0x65, 0x78, 0x70, 0x6f,
+		0x73, 0x65, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x22, 0x3a, 0x20, 0x22,
+		0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6f, 0x72, 0x67, 0x2e,
+		0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65,
+		0x72, 0x73, 0x2e, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2e, 0x6c, 0x69, 0x63,
+		0x65, 0x6e, 0x73, 0x65, 0x73, 0x22, 0x3a, 0x20, 0x22, 0x41, 0x70, 0x61,
+		0x63, 0x68, 0x65, 0x2d, 0x32, 0x2e, 0x30, 0x22, 0x2c, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x22, 0x6f, 0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x63,
+		0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x2e, 0x69, 0x6d,
+		0x61, 0x67, 0x65, 0x2e, 0x6f, 0x73, 0x22, 0x3a, 0x20, 0x22, 0x6c, 0x69,
+		0x6e, 0x75, 0x78, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6f,
+		0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x74, 0x61,
+		0x69, 0x6e, 0x65, 0x72, 0x73, 0x2e, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2e,
+		0x72, 0x65, 0x66, 0x2e, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x3a, 0x20, 0x22,
+		0x6e, 0x67, 0x69, 0x6e, 0x78, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x6f, 0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e,
+		0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x2e, 0x69, 0x6d, 0x61, 0x67,
+		0x65, 0x2e, 0x73, 0x74, 0x6f, 0x70, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x6c,
+		0x22, 0x3a, 0x20, 0x22, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x6f, 0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x74,
+		0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x2e, 0x69, 0x6d, 0x61, 0x67, 0x65,
+		0x2e, 0x74, 0x69, 0x74, 0x6c, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x6e, 0x67,
+		0x69, 0x6e, 0x78, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x6f,
+		0x72, 0x67, 0x2e, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x74, 0x61,
+		0x69, 0x6e, 0x65, 0x72, 0x73, 0x2e, 0x69, 0x6d, 0x61, 0x67, 0x65, 0x2e,
+		0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x20, 0x22, 0x31,
+		0x2e, 0x32, 0x33, 0x2e, 0x33, 0x22, 0x0a, 0x20, 0x20, 0x7d, 0x2c, 0x0a,
+		0x20, 0x20, 0x22, 0x6c, 0x69, 0x6e, 0x75, 0x78, 0x22, 0x3a, 0x20, 0x7b,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x75, 0x69, 0x64, 0x4d, 0x61, 0x70,
+		0x70, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x22, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72,
+		0x49, 0x44, 0x22, 0x3a, 0x20, 0x30, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x22, 0x68, 0x6f, 0x73, 0x74, 0x49, 0x44, 0x22,
+		0x3a, 0x20, 0x31, 0x30, 0x30, 0x30, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x22, 0x73, 0x69, 0x7a, 0x65, 0x22, 0x3a, 0x20,
+		0x31, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x5d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22, 0x67, 0x69,
+		0x64, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x73, 0x22, 0x3a, 0x20,
+		0x5b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x63, 0x6f, 0x6e, 0x74, 0x61,
+		0x69, 0x6e, 0x65, 0x72, 0x49, 0x44, 0x22, 0x3a, 0x20, 0x30, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x68, 0x6f, 0x73,
+		0x74, 0x49, 0x44, 0x22, 0x3a, 0x20, 0x31, 0x30, 0x30, 0x30, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x73, 0x69, 0x7a,
+		0x65, 0x22, 0x3a, 0x20, 0x31, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x7d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x5d, 0x2c, 0x0a, 0x20, 0x20, 0x20,
+		0x20, 0x22, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73,
+		0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7b,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74, 0x79,
+		0x70, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x63, 0x67, 0x72, 0x6f, 0x75, 0x70,
+		0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x22, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x20, 0x22,
+		0x70, 0x69, 0x64, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d,
+		0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74, 0x79, 0x70, 0x65, 0x22,
+		0x3a, 0x20, 0x22, 0x69, 0x70, 0x63, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x7d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7b,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74, 0x79,
+		0x70, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x75, 0x74, 0x73, 0x22, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a, 0x20, 0x22, 0x6d, 0x6f, 0x75,
+		0x6e, 0x74, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7d, 0x2c,
+		0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x7b, 0x0a, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3a,
+		0x20, 0x22, 0x75, 0x73, 0x65, 0x72, 0x22, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x7d, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x5d, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x22, 0x6d, 0x61, 0x73, 0x6b, 0x65, 0x64, 0x50, 0x61,
+		0x74, 0x68, 0x73, 0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x20, 0x22, 0x2f, 0x70, 0x72, 0x6f, 0x63, 0x2f, 0x6b, 0x63, 0x6f,
+		0x72, 0x65, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x2f, 0x70, 0x72, 0x6f, 0x63, 0x2f, 0x6c, 0x61, 0x74, 0x65, 0x6e, 0x63,
+		0x79, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x22, 0x2c, 0x0a, 0x20, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x22, 0x2f, 0x70, 0x72, 0x6f, 0x63, 0x2f, 0x74,
+		0x69, 0x6d, 0x65, 0x72, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x2f, 0x70, 0x72, 0x6f, 0x63,
+		0x2f, 0x74, 0x69, 0x6d, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73,
+		0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x2f, 0x70,
+		0x72, 0x6f, 0x63, 0x2f, 0x73, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x64, 0x65,
+		0x62, 0x75, 0x67, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x2f, 0x73, 0x79, 0x73, 0x2f, 0x66, 0x69, 0x72, 0x6d, 0x77, 0x61,
+		0x72, 0x65, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x2f, 0x70, 0x72, 0x6f, 0x63, 0x2f, 0x73, 0x63, 0x73, 0x69, 0x22, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x5d, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x72, 0x65, 0x61, 0x64, 0x6f, 0x6e, 0x6c, 0x79, 0x50, 0x61, 0x74, 0x68,
+		0x73, 0x22, 0x3a, 0x20, 0x5b, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x22, 0x2f, 0x70, 0x72, 0x6f, 0x63, 0x2f, 0x61, 0x73, 0x6f, 0x75, 0x6e,
+		0x64, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x2f,
+		0x70, 0x72, 0x6f, 0x63, 0x2f, 0x62, 0x75, 0x73, 0x22, 0x2c, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x2f, 0x70, 0x72, 0x6f, 0x63, 0x2f,
+		0x66, 0x73, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22,
+		0x2f, 0x70, 0x72, 0x6f, 0x63, 0x2f, 0x69, 0x72, 0x71, 0x22, 0x2c, 0x0a,
+		0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x22, 0x2f, 0x70, 0x72, 0x6f, 0x63,
+		0x2f, 0x73, 0x79, 0x73, 0x22, 0x2c, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x20,
+		0x20, 0x22, 0x2f, 0x70, 0x72, 0x6f, 0x63, 0x2f, 0x73, 0x79, 0x73, 0x72,
+		0x71, 0x2d, 0x74, 0x72, 0x69, 0x67, 0x67, 0x65, 0x72, 0x22, 0x0a, 0x20,
+		0x20, 0x20, 0x20, 0x5d, 0x0a, 0x20, 0x20, 0x7d, 0x0a, 0x7d, 0x0a,
+	}
+)

From 6d4d371a992e36fd14d1c06338482f264f677033 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:02:39 +0000
Subject: [PATCH 06/26] tools/measure-bundle: add standalone tool

Add standalone tool to measure OCI runtime bundles. The
tool is used to generate reference values.

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 tools/measure-bundle/config.go |  80 ++++++++++++++++++++++++++
 tools/measure-bundle/main.go   | 102 +++++++++++++++++++++++++++++++++
 2 files changed, 182 insertions(+)
 create mode 100644 tools/measure-bundle/config.go
 create mode 100644 tools/measure-bundle/main.go

diff --git a/tools/measure-bundle/config.go b/tools/measure-bundle/config.go
new file mode 100644
index 00000000..73f8f7cb
--- /dev/null
+++ b/tools/measure-bundle/config.go
@@ -0,0 +1,80 @@
+// Copyright (c) 2024 Fraunhofer AISEC
+// Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"flag"
+	"fmt"
+	"strings"
+
+	"github.com/sirupsen/logrus"
+	"golang.org/x/exp/maps"
+)
+
+// Install github packages with "go get [url]"
+
+type config struct {
+	config   string
+	rootfs   string
+	args     string
+	logLevel logrus.Level
+}
+
+var (
+	logLevels = map[string]logrus.Level{
+		"panic": logrus.PanicLevel,
+		"fatal": logrus.FatalLevel,
+		"error": logrus.ErrorLevel,
+		"warn":  logrus.WarnLevel,
+		"info":  logrus.InfoLevel,
+		"debug": logrus.DebugLevel,
+		"trace": logrus.TraceLevel,
+	}
+)
+
+func getConfig() (*config, error) {
+
+	configPath := flag.String("config", "", "OCI runtime bundle config path")
+	rootfsPath := flag.String("rootfs", "", "OCI runtime bundle rootfs path")
+	args := flag.String("args", "", "OCI runtime bundle additional args")
+	logLevel := flag.String("log-level", "info",
+		fmt.Sprintf("Possible logging: %v", strings.Join(maps.Keys(logLevels), ",")))
+	flag.Parse()
+
+	if *configPath == "" {
+		flag.Usage()
+		log.Fatal("OCI runtime bundle config path not provided")
+	}
+	if *rootfsPath == "" {
+		flag.Usage()
+		log.Fatal("OCI runtime bundle rootfs path not provided")
+	}
+
+	l, ok := logLevels[strings.ToLower(*logLevel)]
+	if !ok {
+		flag.Usage()
+		log.Fatalf("LogLevel %v does not exist", *logLevel)
+	}
+
+	c := &config{
+		config:   *configPath,
+		rootfs:   *rootfsPath,
+		args:     *args,
+		logLevel: l,
+	}
+
+	return c, nil
+}
diff --git a/tools/measure-bundle/main.go b/tools/measure-bundle/main.go
new file mode 100644
index 00000000..2e0ba441
--- /dev/null
+++ b/tools/measure-bundle/main.go
@@ -0,0 +1,102 @@
+// Copyright (c) 2024 Fraunhofer AISEC
+// Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/sirupsen/logrus"
+
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
+	m "github.com/Fraunhofer-AISEC/cmc/measure"
+)
+
+var (
+	log = logrus.WithField("service", "containerd-shim-linux-cmc")
+)
+
+func main() {
+
+	// Parse parameters
+	c, err := getConfig()
+	if err != nil {
+		log.Fatalf("Failed to get config: %v", err)
+	}
+
+	logrus.SetLevel(c.logLevel)
+	log.Debug("Running measure-bundle")
+
+	// Print
+	log.Debugf("Config path: %v", c.config)
+	log.Debugf("Rootfs path: %v", c.rootfs)
+	log.Debugf("Arguments  : %v", c.args)
+
+	// Record the measurement via the cmcd measure interface
+	ctrConfig, err := os.ReadFile(c.config)
+	if err != nil {
+		log.Fatalf("Failed to read container config: %v", err)
+	}
+
+	configHash, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
+	if err != nil {
+		log.Fatalf("Failed to measure config: %v", err)
+	}
+
+	rootfsHash, err := m.GetRootfsMeasurement(c.rootfs)
+	if err != nil {
+		log.Fatalf("Failed to measure rootfs: %v", err)
+	}
+	log.Debug("Generating reference values..")
+
+	// TODO decide on format for reference container reference values (config + rootfs)
+	// For now: just the hashes
+
+	// Generate reference value array
+	refs := make([]ar.ReferenceValue, 0)
+
+	// Fill reference values
+	// TODO make trust anchor and PCR configurable
+	pcr := 11
+	configRef := ar.ReferenceValue{
+		Type:     "TPM Reference Value",
+		Name:     "OCI Runtime Config",
+		Sha256:   configHash,
+		Pcr:      &pcr,
+		Optional: true,
+	}
+	refs = append(refs, configRef)
+
+	rootfsRef := ar.ReferenceValue{
+		Type:     "TPM Reference Value",
+		Name:     "OCI Runtime Rootfs",
+		Sha256:   rootfsHash,
+		Pcr:      &pcr,
+		Optional: true,
+	}
+	refs = append(refs, rootfsRef)
+
+	// Marshal reference value array
+	refData, err := json.MarshalIndent(refs, "", "    ")
+	if err != nil {
+		log.Fatalf("Failed to marshal reference values: %v", err)
+	}
+
+	fmt.Printf("%v\n", string(refData))
+
+	log.Debugf("Finished measure-bundle")
+}

From 28eda8b5a92c12e472ad2b8d9f687e0920edd8a3 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:05:01 +0000
Subject: [PATCH 07/26] cmcd: Add measure API call

Add measure API call for receiving and recording measurements
via the measure module to all supported APIs

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 cmcd/coap.go   | 45 +++++++++++++++++++++++++++++++++++++++++++++
 cmcd/config.go | 41 ++++++++++++++++++++++++++++++++++++-----
 cmcd/grpc.go   | 35 +++++++++++++++++++++++++++++++++++
 cmcd/socket.go | 47 +++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 163 insertions(+), 5 deletions(-)

diff --git a/cmcd/coap.go b/cmcd/coap.go
index 2636b809..cf672862 100644
--- a/cmcd/coap.go
+++ b/cmcd/coap.go
@@ -37,6 +37,7 @@ import (
 	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/cmc"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
+	m "github.com/Fraunhofer-AISEC/cmc/measure"
 )
 
 // CoapServer is the CoAP server structure
@@ -58,6 +59,7 @@ func (s CoapServer) Serve(addr string, c *cmc.Cmc) error {
 	r.Use(loggingMiddleware)
 	r.Handle("/Attest", mux.HandlerFunc(Attest))
 	r.Handle("/Verify", mux.HandlerFunc(Verify))
+	r.Handle("/Measure", mux.HandlerFunc(Measure))
 	r.Handle("/TLSSign", mux.HandlerFunc(TlsSign))
 	r.Handle("/TLSCert", mux.HandlerFunc(TlsCert))
 
@@ -197,6 +199,49 @@ func Verify(w mux.ResponseWriter, r *mux.Message) {
 	log.Debug("Verifier: Finished")
 }
 
+func Measure(w mux.ResponseWriter, r *mux.Message) {
+
+	log.Debug("Received Connection Request Type 'Measure Request'")
+
+	var req api.MeasureRequest
+	err := unmarshalCoapPayload(r, &req)
+	if err != nil {
+		sendCoapError(w, r, codes.InternalServerError,
+			"failed to unmarshal CoAP payload: %v", err)
+		return
+	}
+
+	log.Debug("Measurer: Recording measurement")
+	var success bool
+	err = m.Measure(req.Name, req.ConfigSha256, req.RootfsSha256,
+		&m.MeasureConfig{
+			Serializer: Cmc.Serializer,
+			Pcr:        Cmc.CtrPcr,
+			LogFile:    Cmc.CtrLog,
+			Driver:     Cmc.CtrDriver,
+		})
+	if err != nil {
+		success = false
+	} else {
+		success = true
+	}
+
+	// Serialize CoAP payload
+	resp := api.MeasureResponse{
+		Success: success,
+	}
+	payload, err := cbor.Marshal(&resp)
+	if err != nil {
+		sendCoapError(w, r, codes.InternalServerError, "failed to marshal message: %v", err)
+		return
+	}
+
+	// CoAP response
+	SendCoapResponse(w, r, payload)
+
+	log.Debug("Measurer: Finished")
+}
+
 func TlsSign(w mux.ResponseWriter, r *mux.Message) {
 
 	log.Debug("Received CoAP TLS sign request")
diff --git a/cmcd/config.go b/cmcd/config.go
index 69b5ecd0..1fabdc68 100644
--- a/cmcd/config.go
+++ b/cmcd/config.go
@@ -64,6 +64,10 @@ const (
 	storageFlag        = "storage"
 	cacheFlag          = "cache"
 	measurementLogFlag = "measurementLog"
+	ctrFlag            = "ctr"
+	ctrDriverFlag      = "ctrdriver"
+	ctrPcrFlag         = "ctrpcr"
+	ctrLogFlag         = "ctrlog"
 )
 
 func getConfig() (*cmc.Config, error) {
@@ -83,18 +87,25 @@ func getConfig() (*cmc.Config, error) {
 		fmt.Sprintf("Drivers (comma separated list). Possible: %v",
 			strings.Join(maps.Keys(cmc.GetDrivers()), ",")))
 	ima := flag.Bool(imaFlag, false,
-		"Indicates whether to use Integrity Measurement Architecture (IMA)")
+		"Specifies whether to use Integrity Measurement Architecture (IMA)")
 	pcr := flag.Int(imaPcrFlag, 0, "IMA PCR")
 	keyConfig := flag.String(keyConfigFlag, "", "Key configuration")
-	api := flag.String(apiFlag, "", "API")
+	api := flag.String(apiFlag, "", "API to use. Possible: [coap grpc libapi socket]")
 	network := flag.String(networkFlag, "", "Network for socket API [unix tcp]")
 	policyEngine := flag.String(policyEngineFlag, "",
-		fmt.Sprintf("Possible policy engines: %v", strings.Join(maps.Keys(cmc.GetPolicyEngines()), ",")))
+		fmt.Sprintf("Possible policy engines: %v",
+			strings.Join(maps.Keys(cmc.GetPolicyEngines()), ",")))
 	logLevel := flag.String(logFlag, "",
 		fmt.Sprintf("Possible logging: %v", strings.Join(maps.Keys(logLevels), ",")))
 	storage := flag.String(storageFlag, "", "Optional folder to store internal CMC data in")
 	cache := flag.String(cacheFlag, "", "Optional folder to cache metadata for offline backup")
-	measurementLog := flag.Bool(measurementLogFlag, false, "Indicates whether to include measured events in measurement and validation report")
+	measurementLog := flag.Bool(measurementLogFlag, false,
+		"Specifies whether to include measured events in measurement and validation report")
+	ctr := flag.Bool(ctrFlag, false, "Specifies whether to conduct container measurements")
+	ctrDriver := flag.String(ctrDriverFlag, "",
+		"Specifies which driver to use for container measurements")
+	ctrPcr := flag.Int(ctrPcrFlag, 0, "Container PCR")
+	ctrLog := flag.String(ctrLogFlag, "", "Container runtime measurements path")
 	flag.Parse()
 
 	// Create default configuration
@@ -160,6 +171,18 @@ func getConfig() (*cmc.Config, error) {
 	if internal.FlagPassed(measurementLogFlag) {
 		c.MeasurementLog = *measurementLog
 	}
+	if internal.FlagPassed(ctrFlag) {
+		c.UseCtr = *ctr
+	}
+	if internal.FlagPassed(ctrDriverFlag) {
+		c.CtrDriver = *ctrDriver
+	}
+	if internal.FlagPassed(ctrPcrFlag) {
+		c.CtrPcr = *ctrPcr
+	}
+	if internal.FlagPassed(ctrLogFlag) {
+		c.CtrLog = *ctrLog
+	}
 
 	// Configure the logger
 	l, ok := logLevels[strings.ToLower(c.LogLevel)]
@@ -224,7 +247,9 @@ func printConfig(c *cmc.Config) {
 	log.Debugf("\tProvisioning Server URL  : %v", c.ProvServerAddr)
 	log.Debugf("\tMetadata Locations       : %v", strings.Join(c.Metadata, ","))
 	log.Debugf("\tUse IMA                  : %v", c.UseIma)
-	log.Debugf("\tIMA PCR                  : %v", c.ImaPcr)
+	if c.UseIma {
+		log.Debugf("\tIMA PCR                  : %v", c.ImaPcr)
+	}
 	log.Debugf("\tAPI                      : %v", c.Api)
 	log.Debugf("\tNetwork                  : %v", c.Network)
 	log.Debugf("\tPolicy Engine            : %v", c.PolicyEngine)
@@ -232,6 +257,12 @@ func printConfig(c *cmc.Config) {
 	log.Debugf("\tLogging Level            : %v", c.LogLevel)
 	log.Debugf("\tDrivers                  : %v", strings.Join(c.Drivers, ","))
 	log.Debugf("\tMeasurement Log          : %v", c.MeasurementLog)
+	log.Debugf("\tMeasure containers       : %v", c.UseCtr)
+	if c.UseCtr {
+		log.Debugf("\tContainer Driver         : %v", c.CtrDriver)
+		log.Debugf("\tContainer Measurements   : %v", c.CtrLog)
+		log.Debugf("\tContainer PCR            : %v", c.CtrPcr)
+	}
 	if c.Storage != "" {
 		log.Debugf("\tInternal storage path    : %v", c.Storage)
 	}
diff --git a/cmcd/grpc.go b/cmcd/grpc.go
index eb5dd423..e9295584 100644
--- a/cmcd/grpc.go
+++ b/cmcd/grpc.go
@@ -38,6 +38,7 @@ import (
 	"github.com/Fraunhofer-AISEC/cmc/cmc"
 	api "github.com/Fraunhofer-AISEC/cmc/grpcapi"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
+	m "github.com/Fraunhofer-AISEC/cmc/measure"
 )
 
 type GrpcServerWrapper struct{}
@@ -150,6 +151,40 @@ func (s *GrpcServer) Verify(ctx context.Context, in *api.VerificationRequest) (*
 	return response, nil
 }
 
+func (s *GrpcServer) Measure(ctx context.Context, in *api.MeasureRequest) (*api.MeasureResponse, error) {
+
+	var status api.Status
+	var success bool
+
+	log.Info("Received Connection Request Type 'Measure Request'")
+
+	log.Info("Measurer: Recording measurement")
+	err := m.Measure(in.Name, in.ConfigSha256, in.RootfsSha256,
+		&m.MeasureConfig{
+			Serializer: s.cmc.Serializer,
+			Pcr:        s.cmc.CtrPcr,
+			LogFile:    s.cmc.CtrLog,
+			Driver:     s.cmc.CtrDriver,
+		})
+	if err != nil {
+		log.Errorf("Failed to record measurement: %v", err)
+		success = false
+		status = api.Status_FAIL
+	} else {
+		success = true
+		status = api.Status_OK
+	}
+
+	response := &api.MeasureResponse{
+		Status:  status,
+		Success: success,
+	}
+
+	log.Info("Measure: Finished")
+
+	return response, nil
+}
+
 func (s *GrpcServer) TLSSign(ctx context.Context, in *api.TLSSignRequest) (*api.TLSSignResponse, error) {
 	var err error
 	var sr *api.TLSSignResponse
diff --git a/cmcd/socket.go b/cmcd/socket.go
index 00681501..dc6556b6 100644
--- a/cmcd/socket.go
+++ b/cmcd/socket.go
@@ -36,6 +36,7 @@ import (
 	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/cmc"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
+	m "github.com/Fraunhofer-AISEC/cmc/measure"
 )
 
 // Server is the server structure
@@ -89,6 +90,8 @@ func handleIncoming(conn net.Conn, cmc *cmc.Cmc) {
 		attest(conn, payload, cmc)
 	case api.TypeVerify:
 		verify(conn, payload, cmc)
+	case api.TypeMeasure:
+		measure(conn, payload, cmc)
 	case api.TypeTLSCert:
 		tlscert(conn, payload, cmc)
 	case api.TypeTLSSign:
@@ -191,6 +194,50 @@ func verify(conn net.Conn, payload []byte, cmc *cmc.Cmc) {
 	log.Debug("Verifier: Finished")
 }
 
+func measure(conn net.Conn, payload []byte, cmc *cmc.Cmc) {
+
+	log.Debug("Received Connection Request Type 'Measure Request'")
+
+	req := new(api.MeasureRequest)
+	err := cbor.Unmarshal(payload, req)
+	if err != nil {
+		api.SendError(conn, "Failed to unmarshal measure request: %v", err)
+		return
+	}
+
+	log.Debug("Measurer: recording measurement")
+	var success bool
+	err = m.Measure(req.Name, req.ConfigSha256, req.RootfsSha256,
+		&m.MeasureConfig{
+			Serializer: cmc.Serializer,
+			Pcr:        cmc.CtrPcr,
+			LogFile:    cmc.CtrLog,
+			Driver:     cmc.CtrDriver,
+		})
+	if err != nil {
+		success = false
+	} else {
+		success = true
+	}
+
+	// Serialize payload
+	resp := api.MeasureResponse{
+		Success: success,
+	}
+	data, err := cbor.Marshal(&resp)
+	if err != nil {
+		api.SendError(conn, "failed to marshal message: %v", err)
+		return
+	}
+
+	err = api.Send(conn, data, api.TypeMeasure)
+	if err != nil {
+		api.SendError(conn, "failed to send: %v", err)
+	}
+
+	log.Debug("Measurer: Finished")
+}
+
 func tlssign(conn net.Conn, payload []byte, cmc *cmc.Cmc) {
 
 	log.Debug("Received TLS sign request")

From a0f67ac492e86fa5531ce844b49abe2c62aa87f3 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:06:17 +0000
Subject: [PATCH 08/26] cmc: add configuration for container measurements

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 cmc/cmc.go | 39 ++++++++++++++++++++++++++++++++-------
 1 file changed, 32 insertions(+), 7 deletions(-)

diff --git a/cmc/cmc.go b/cmc/cmc.go
index 4317091d..08d41262 100644
--- a/cmc/cmc.go
+++ b/cmc/cmc.go
@@ -22,6 +22,7 @@ import (
 	"github.com/sirupsen/logrus"
 
 	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
+	"github.com/Fraunhofer-AISEC/cmc/internal"
 )
 
 var (
@@ -39,17 +40,22 @@ type Config struct {
 	Addr           string   `json:"addr"`
 	ProvServerAddr string   `json:"provServerAddr"`
 	Metadata       []string `json:"metadata"`
-	Drivers        []string `json:"drivers"`                // TPM, SNP
-	UseIma         bool     `json:"useIma"`                 // TRUE, FALSE
-	ImaPcr         int      `json:"imaPcr"`                 // 10-15
-	KeyConfig      string   `json:"keyConfig,omitempty"`    // RSA2048 RSA4096 EC256 EC384 EC521
-	Api            string   `json:"api"`                    // gRPC, CoAP, Socket
-	Network        string   `json:"network,omitempty"`      // unix, socket
-	PolicyEngine   string   `json:"policyEngine,omitempty"` // JS, DUKTAPE
+	Drivers        []string `json:"drivers"`
+	UseIma         bool     `json:"useIma"`
+	ImaPcr         int      `json:"imaPcr"`
+	KeyConfig      string   `json:"keyConfig,omitempty"`
+	Api            string   `json:"api"`
+	Network        string   `json:"network,omitempty"`
+	PolicyEngine   string   `json:"policyEngine,omitempty"`
 	LogLevel       string   `json:"logLevel,omitempty"`
 	Storage        string   `json:"storage,omitempty"`
 	Cache          string   `json:"cache,omitempty"`
 	MeasurementLog bool     `json:"measurementLog,omitempty"`
+	// Only for container measurements
+	UseCtr    bool   `json:"useCtr,omitempty"`
+	CtrDriver string `json:"ctrDriver,omitempty"`
+	CtrPcr    int    `json:"ctrPcr,omitempty"`
+	CtrLog    string `json:"ctrLog"`
 }
 
 type Cmc struct {
@@ -59,6 +65,10 @@ type Cmc struct {
 	Serializer         ar.Serializer
 	Network            string
 	IntelStorage       string
+	UseCtr             bool
+	CtrDriver          string
+	CtrPcr             int
+	CtrLog             string
 }
 
 func GetDrivers() map[string]ar.Driver {
@@ -85,6 +95,9 @@ func NewCmc(c *Config) (*Cmc, error) {
 		ImaPcr:         c.ImaPcr,
 		MeasurementLog: c.MeasurementLog,
 		Serializer:     s,
+		CtrPcr:         c.CtrPcr,
+		CtrLog:         c.CtrLog,
+		UseCtr:         c.UseCtr,
 	}
 
 	// Get policy engine
@@ -107,6 +120,14 @@ func NewCmc(c *Config) (*Cmc, error) {
 		usedDrivers = append(usedDrivers, d)
 	}
 
+	// Check container driver
+	if c.UseCtr {
+		if !internal.Contains(c.CtrDriver, c.Drivers) {
+			return nil, fmt.Errorf("cannot use %v as container driver: driver not configured",
+				c.CtrDriver)
+		}
+	}
+
 	cmc := &Cmc{
 		Metadata:           metadata,
 		PolicyEngineSelect: sel,
@@ -114,6 +135,10 @@ func NewCmc(c *Config) (*Cmc, error) {
 		Serializer:         s,
 		Network:            c.Network,
 		IntelStorage:       c.Storage,
+		UseCtr:             c.UseCtr,
+		CtrDriver:          c.CtrDriver,
+		CtrPcr:             c.CtrPcr,
+		CtrLog:             c.CtrLog,
 	}
 
 	return cmc, nil

From 232e046747f2e2f132a06ec7b72965b46854e7c8 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:06:42 +0000
Subject: [PATCH 09/26] grpcapi: add measure API call

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 grpcapi/grpcapi.pb.go      | 279 +++++++++++++++++++++++++++++--------
 grpcapi/grpcapi.proto      |  12 ++
 grpcapi/grpcapi_grpc.pb.go |  38 ++++-
 3 files changed, 270 insertions(+), 59 deletions(-)

diff --git a/grpcapi/grpcapi.pb.go b/grpcapi/grpcapi.pb.go
index b08dcc88..0b9eab86 100644
--- a/grpcapi/grpcapi.pb.go
+++ b/grpcapi/grpcapi.pb.go
@@ -15,8 +15,8 @@
 
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.12.4
+// 	protoc-gen-go v1.30.0
+// 	protoc        v3.14.0
 // source: grpcapi.proto
 
 package grpcapi
@@ -692,6 +692,124 @@ func (x *VerificationResponse) GetVerificationResult() []byte {
 	return nil
 }
 
+type MeasureRequest struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Name         string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	ConfigSha256 []byte `protobuf:"bytes,2,opt,name=ConfigSha256,proto3" json:"ConfigSha256,omitempty"`
+	RootfsSha256 []byte `protobuf:"bytes,3,opt,name=RootfsSha256,proto3" json:"RootfsSha256,omitempty"`
+}
+
+func (x *MeasureRequest) Reset() {
+	*x = MeasureRequest{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_grpcapi_proto_msgTypes[9]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *MeasureRequest) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MeasureRequest) ProtoMessage() {}
+
+func (x *MeasureRequest) ProtoReflect() protoreflect.Message {
+	mi := &file_grpcapi_proto_msgTypes[9]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MeasureRequest.ProtoReflect.Descriptor instead.
+func (*MeasureRequest) Descriptor() ([]byte, []int) {
+	return file_grpcapi_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *MeasureRequest) GetName() string {
+	if x != nil {
+		return x.Name
+	}
+	return ""
+}
+
+func (x *MeasureRequest) GetConfigSha256() []byte {
+	if x != nil {
+		return x.ConfigSha256
+	}
+	return nil
+}
+
+func (x *MeasureRequest) GetRootfsSha256() []byte {
+	if x != nil {
+		return x.RootfsSha256
+	}
+	return nil
+}
+
+type MeasureResponse struct {
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	Status  Status `protobuf:"varint,1,opt,name=status,proto3,enum=grpcapi.Status" json:"status,omitempty"`
+	Success bool   `protobuf:"varint,2,opt,name=success,proto3" json:"success,omitempty"`
+}
+
+func (x *MeasureResponse) Reset() {
+	*x = MeasureResponse{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_grpcapi_proto_msgTypes[10]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *MeasureResponse) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*MeasureResponse) ProtoMessage() {}
+
+func (x *MeasureResponse) ProtoReflect() protoreflect.Message {
+	mi := &file_grpcapi_proto_msgTypes[10]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use MeasureResponse.ProtoReflect.Descriptor instead.
+func (*MeasureResponse) Descriptor() ([]byte, []int) {
+	return file_grpcapi_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *MeasureResponse) GetStatus() Status {
+	if x != nil {
+		return x.Status
+	}
+	return Status_OK
+}
+
+func (x *MeasureResponse) GetSuccess() bool {
+	if x != nil {
+		return x.Success
+	}
+	return false
+}
+
 var File_grpcapi_proto protoreflect.FileDescriptor
 
 var file_grpcapi_proto_rawDesc = []byte{
@@ -749,47 +867,63 @@ var file_grpcapi_proto_rawDesc = []byte{
 	0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x76, 0x65,
 	0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6c,
 	0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x12, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x2a, 0x2f, 0x0a, 0x06, 0x53,
-	0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x06, 0x0a, 0x02, 0x4f, 0x4b, 0x10, 0x00, 0x12, 0x08, 0x0a,
-	0x04, 0x46, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x4e, 0x4f, 0x54, 0x5f, 0x49,
-	0x4d, 0x50, 0x4c, 0x45, 0x4d, 0x45, 0x4e, 0x54, 0x45, 0x44, 0x10, 0x02, 0x2a, 0x92, 0x02, 0x0a,
-	0x0c, 0x48, 0x61, 0x73, 0x68, 0x46, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a,
-	0x04, 0x53, 0x48, 0x41, 0x31, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x32, 0x32,
-	0x34, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x02, 0x12,
-	0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x03, 0x12, 0x0a, 0x0a, 0x06, 0x53,
-	0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x04, 0x12, 0x07, 0x0a, 0x03, 0x4d, 0x44, 0x34, 0x10, 0x05,
-	0x12, 0x07, 0x0a, 0x03, 0x4d, 0x44, 0x35, 0x10, 0x06, 0x12, 0x0b, 0x0a, 0x07, 0x4d, 0x44, 0x35,
-	0x53, 0x48, 0x41, 0x31, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x52, 0x49, 0x50, 0x45, 0x4d, 0x44,
-	0x31, 0x36, 0x30, 0x10, 0x08, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x32, 0x32,
-	0x34, 0x10, 0x09, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x32, 0x35, 0x36, 0x10,
-	0x0a, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x0b, 0x12,
-	0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x0c, 0x12, 0x0e, 0x0a,
-	0x0a, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x5f, 0x32, 0x32, 0x34, 0x10, 0x0d, 0x12, 0x0e, 0x0a,
-	0x0a, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x0e, 0x12, 0x0f, 0x0a,
-	0x0b, 0x42, 0x4c, 0x41, 0x4b, 0x45, 0x32, 0x73, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x0f, 0x12, 0x0f,
-	0x0a, 0x0b, 0x42, 0x4c, 0x41, 0x4b, 0x45, 0x32, 0x62, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x10, 0x12,
-	0x0f, 0x0a, 0x0b, 0x42, 0x4c, 0x41, 0x4b, 0x45, 0x32, 0x62, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x11,
-	0x12, 0x0f, 0x0a, 0x0b, 0x42, 0x4c, 0x41, 0x4b, 0x45, 0x32, 0x62, 0x5f, 0x35, 0x31, 0x32, 0x10,
-	0x12, 0x32, 0x9c, 0x02, 0x0a, 0x0a, 0x43, 0x4d, 0x43, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
-	0x12, 0x3e, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x53, 0x69, 0x67, 0x6e, 0x12, 0x17, 0x2e, 0x67, 0x72,
-	0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x54, 0x4c, 0x53, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x54,
-	0x4c, 0x53, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x12, 0x3e, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x12, 0x17, 0x2e, 0x67, 0x72,
-	0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71,
-	0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x54,
-	0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x12, 0x45, 0x0a, 0x06, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x2e, 0x67, 0x72, 0x70,
-	0x63, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70,
-	0x69, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73,
-	0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x47, 0x0a, 0x06, 0x56, 0x65, 0x72, 0x69, 0x66,
-	0x79, 0x12, 0x1c, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x56, 0x65, 0x72, 0x69,
-	0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
-	0x1d, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69,
-	0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00,
-	0x42, 0x0c, 0x5a, 0x0a, 0x2e, 0x2f, 0x3b, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x62, 0x06,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x22, 0x6c, 0x0a, 0x0e, 0x4d,
+	0x65, 0x61, 0x73, 0x75, 0x72, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a,
+	0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d,
+	0x65, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x68, 0x61, 0x32, 0x35,
+	0x36, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53,
+	0x68, 0x61, 0x32, 0x35, 0x36, 0x12, 0x22, 0x0a, 0x0c, 0x52, 0x6f, 0x6f, 0x74, 0x66, 0x73, 0x53,
+	0x68, 0x61, 0x32, 0x35, 0x36, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0c, 0x52, 0x6f, 0x6f,
+	0x74, 0x66, 0x73, 0x53, 0x68, 0x61, 0x32, 0x35, 0x36, 0x22, 0x54, 0x0a, 0x0f, 0x4d, 0x65, 0x61,
+	0x73, 0x75, 0x72, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x27, 0x0a, 0x06,
+	0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x0f, 0x2e, 0x67,
+	0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73,
+	0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x2a,
+	0x2f, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x06, 0x0a, 0x02, 0x4f, 0x4b, 0x10,
+	0x00, 0x12, 0x08, 0x0a, 0x04, 0x46, 0x41, 0x49, 0x4c, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x4e,
+	0x4f, 0x54, 0x5f, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x4d, 0x45, 0x4e, 0x54, 0x45, 0x44, 0x10, 0x02,
+	0x2a, 0x92, 0x02, 0x0a, 0x0c, 0x48, 0x61, 0x73, 0x68, 0x46, 0x75, 0x6e, 0x63, 0x74, 0x69, 0x6f,
+	0x6e, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x48, 0x41, 0x31, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53,
+	0x48, 0x41, 0x32, 0x32, 0x34, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x32, 0x35,
+	0x36, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x03, 0x12,
+	0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x04, 0x12, 0x07, 0x0a, 0x03, 0x4d,
+	0x44, 0x34, 0x10, 0x05, 0x12, 0x07, 0x0a, 0x03, 0x4d, 0x44, 0x35, 0x10, 0x06, 0x12, 0x0b, 0x0a,
+	0x07, 0x4d, 0x44, 0x35, 0x53, 0x48, 0x41, 0x31, 0x10, 0x07, 0x12, 0x0d, 0x0a, 0x09, 0x52, 0x49,
+	0x50, 0x45, 0x4d, 0x44, 0x31, 0x36, 0x30, 0x10, 0x08, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41,
+	0x33, 0x5f, 0x32, 0x32, 0x34, 0x10, 0x09, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f,
+	0x32, 0x35, 0x36, 0x10, 0x0a, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x33, 0x38,
+	0x34, 0x10, 0x0b, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x35, 0x31, 0x32, 0x10,
+	0x0c, 0x12, 0x0e, 0x0a, 0x0a, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x5f, 0x32, 0x32, 0x34, 0x10,
+	0x0d, 0x12, 0x0e, 0x0a, 0x0a, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10,
+	0x0e, 0x12, 0x0f, 0x0a, 0x0b, 0x42, 0x4c, 0x41, 0x4b, 0x45, 0x32, 0x73, 0x5f, 0x32, 0x35, 0x36,
+	0x10, 0x0f, 0x12, 0x0f, 0x0a, 0x0b, 0x42, 0x4c, 0x41, 0x4b, 0x45, 0x32, 0x62, 0x5f, 0x32, 0x35,
+	0x36, 0x10, 0x10, 0x12, 0x0f, 0x0a, 0x0b, 0x42, 0x4c, 0x41, 0x4b, 0x45, 0x32, 0x62, 0x5f, 0x33,
+	0x38, 0x34, 0x10, 0x11, 0x12, 0x0f, 0x0a, 0x0b, 0x42, 0x4c, 0x41, 0x4b, 0x45, 0x32, 0x62, 0x5f,
+	0x35, 0x31, 0x32, 0x10, 0x12, 0x32, 0xdc, 0x02, 0x0a, 0x0a, 0x43, 0x4d, 0x43, 0x53, 0x65, 0x72,
+	0x76, 0x69, 0x63, 0x65, 0x12, 0x3e, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x53, 0x69, 0x67, 0x6e, 0x12,
+	0x17, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x54, 0x4c, 0x53, 0x53, 0x69, 0x67,
+	0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61,
+	0x70, 0x69, 0x2e, 0x54, 0x4c, 0x53, 0x53, 0x69, 0x67, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x12,
+	0x17, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72,
+	0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61,
+	0x70, 0x69, 0x2e, 0x54, 0x4c, 0x53, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x00, 0x12, 0x45, 0x0a, 0x06, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x12, 0x1b,
+	0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61,
+	0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1c, 0x2e, 0x67, 0x72,
+	0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f,
+	0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x47, 0x0a, 0x06, 0x56,
+	0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x1c, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e,
+	0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75,
+	0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x56, 0x65,
+	0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x00, 0x12, 0x3e, 0x0a, 0x07, 0x4d, 0x65, 0x61, 0x73, 0x75, 0x72, 0x65, 0x12,
+	0x17, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x61, 0x73, 0x75, 0x72,
+	0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x61,
+	0x70, 0x69, 0x2e, 0x4d, 0x65, 0x61, 0x73, 0x75, 0x72, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
+	0x73, 0x65, 0x22, 0x00, 0x42, 0x0c, 0x5a, 0x0a, 0x2e, 0x2f, 0x3b, 0x67, 0x72, 0x70, 0x63, 0x61,
+	0x70, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (
@@ -805,7 +939,7 @@ func file_grpcapi_proto_rawDescGZIP() []byte {
 }
 
 var file_grpcapi_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
-var file_grpcapi_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
+var file_grpcapi_proto_msgTypes = make([]protoimpl.MessageInfo, 11)
 var file_grpcapi_proto_goTypes = []interface{}{
 	(Status)(0),                  // 0: grpcapi.Status
 	(HashFunction)(0),            // 1: grpcapi.HashFunction
@@ -818,6 +952,8 @@ var file_grpcapi_proto_goTypes = []interface{}{
 	(*AttestationResponse)(nil),  // 8: grpcapi.AttestationResponse
 	(*VerificationRequest)(nil),  // 9: grpcapi.VerificationRequest
 	(*VerificationResponse)(nil), // 10: grpcapi.VerificationResponse
+	(*MeasureRequest)(nil),       // 11: grpcapi.MeasureRequest
+	(*MeasureResponse)(nil),      // 12: grpcapi.MeasureResponse
 }
 var file_grpcapi_proto_depIdxs = []int32{
 	1,  // 0: grpcapi.TLSSignRequest.hashtype:type_name -> grpcapi.HashFunction
@@ -826,19 +962,22 @@ var file_grpcapi_proto_depIdxs = []int32{
 	0,  // 3: grpcapi.TLSCertResponse.status:type_name -> grpcapi.Status
 	0,  // 4: grpcapi.AttestationResponse.status:type_name -> grpcapi.Status
 	0,  // 5: grpcapi.VerificationResponse.status:type_name -> grpcapi.Status
-	3,  // 6: grpcapi.CMCService.TLSSign:input_type -> grpcapi.TLSSignRequest
-	5,  // 7: grpcapi.CMCService.TLSCert:input_type -> grpcapi.TLSCertRequest
-	7,  // 8: grpcapi.CMCService.Attest:input_type -> grpcapi.AttestationRequest
-	9,  // 9: grpcapi.CMCService.Verify:input_type -> grpcapi.VerificationRequest
-	4,  // 10: grpcapi.CMCService.TLSSign:output_type -> grpcapi.TLSSignResponse
-	6,  // 11: grpcapi.CMCService.TLSCert:output_type -> grpcapi.TLSCertResponse
-	8,  // 12: grpcapi.CMCService.Attest:output_type -> grpcapi.AttestationResponse
-	10, // 13: grpcapi.CMCService.Verify:output_type -> grpcapi.VerificationResponse
-	10, // [10:14] is the sub-list for method output_type
-	6,  // [6:10] is the sub-list for method input_type
-	6,  // [6:6] is the sub-list for extension type_name
-	6,  // [6:6] is the sub-list for extension extendee
-	0,  // [0:6] is the sub-list for field type_name
+	0,  // 6: grpcapi.MeasureResponse.status:type_name -> grpcapi.Status
+	3,  // 7: grpcapi.CMCService.TLSSign:input_type -> grpcapi.TLSSignRequest
+	5,  // 8: grpcapi.CMCService.TLSCert:input_type -> grpcapi.TLSCertRequest
+	7,  // 9: grpcapi.CMCService.Attest:input_type -> grpcapi.AttestationRequest
+	9,  // 10: grpcapi.CMCService.Verify:input_type -> grpcapi.VerificationRequest
+	11, // 11: grpcapi.CMCService.Measure:input_type -> grpcapi.MeasureRequest
+	4,  // 12: grpcapi.CMCService.TLSSign:output_type -> grpcapi.TLSSignResponse
+	6,  // 13: grpcapi.CMCService.TLSCert:output_type -> grpcapi.TLSCertResponse
+	8,  // 14: grpcapi.CMCService.Attest:output_type -> grpcapi.AttestationResponse
+	10, // 15: grpcapi.CMCService.Verify:output_type -> grpcapi.VerificationResponse
+	12, // 16: grpcapi.CMCService.Measure:output_type -> grpcapi.MeasureResponse
+	12, // [12:17] is the sub-list for method output_type
+	7,  // [7:12] is the sub-list for method input_type
+	7,  // [7:7] is the sub-list for extension type_name
+	7,  // [7:7] is the sub-list for extension extendee
+	0,  // [0:7] is the sub-list for field type_name
 }
 
 func init() { file_grpcapi_proto_init() }
@@ -955,6 +1094,30 @@ func file_grpcapi_proto_init() {
 				return nil
 			}
 		}
+		file_grpcapi_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MeasureRequest); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+		file_grpcapi_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*MeasureResponse); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
 	}
 	type x struct{}
 	out := protoimpl.TypeBuilder{
@@ -962,7 +1125,7 @@ func file_grpcapi_proto_init() {
 			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
 			RawDescriptor: file_grpcapi_proto_rawDesc,
 			NumEnums:      2,
-			NumMessages:   9,
+			NumMessages:   11,
 			NumExtensions: 0,
 			NumServices:   1,
 		},
diff --git a/grpcapi/grpcapi.proto b/grpcapi/grpcapi.proto
index 96ec438c..58bf50a7 100644
--- a/grpcapi/grpcapi.proto
+++ b/grpcapi/grpcapi.proto
@@ -52,6 +52,7 @@ service CMCService {
     rpc TLSCert(TLSCertRequest) returns (TLSCertResponse) {}
     rpc Attest(AttestationRequest) returns (AttestationResponse) {}
     rpc Verify(VerificationRequest) returns (VerificationResponse) {}
+    rpc Measure(MeasureRequest) returns (MeasureResponse) {}
 }
 
 message PSSOptions {
@@ -101,3 +102,14 @@ message VerificationResponse {
   Status status = 1;
   bytes verification_result = 2;
 }
+
+message MeasureRequest {
+  string name = 1;
+  bytes ConfigSha256 = 2;
+  bytes RootfsSha256 = 3;
+}
+
+message MeasureResponse {
+  Status status = 1;
+  bool success = 2;
+}
\ No newline at end of file
diff --git a/grpcapi/grpcapi_grpc.pb.go b/grpcapi/grpcapi_grpc.pb.go
index be359f4c..ab3d397c 100644
--- a/grpcapi/grpcapi_grpc.pb.go
+++ b/grpcapi/grpcapi_grpc.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go-grpc. DO NOT EDIT.
 // versions:
 // - protoc-gen-go-grpc v1.2.0
-// - protoc             v3.12.4
+// - protoc             v3.14.0
 // source: grpcapi.proto
 
 package grpcapi
@@ -27,6 +27,7 @@ type CMCServiceClient interface {
 	TLSCert(ctx context.Context, in *TLSCertRequest, opts ...grpc.CallOption) (*TLSCertResponse, error)
 	Attest(ctx context.Context, in *AttestationRequest, opts ...grpc.CallOption) (*AttestationResponse, error)
 	Verify(ctx context.Context, in *VerificationRequest, opts ...grpc.CallOption) (*VerificationResponse, error)
+	Measure(ctx context.Context, in *MeasureRequest, opts ...grpc.CallOption) (*MeasureResponse, error)
 }
 
 type cMCServiceClient struct {
@@ -73,6 +74,15 @@ func (c *cMCServiceClient) Verify(ctx context.Context, in *VerificationRequest,
 	return out, nil
 }
 
+func (c *cMCServiceClient) Measure(ctx context.Context, in *MeasureRequest, opts ...grpc.CallOption) (*MeasureResponse, error) {
+	out := new(MeasureResponse)
+	err := c.cc.Invoke(ctx, "/grpcapi.CMCService/Measure", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
 // CMCServiceServer is the server API for CMCService service.
 // All implementations must embed UnimplementedCMCServiceServer
 // for forward compatibility
@@ -82,6 +92,7 @@ type CMCServiceServer interface {
 	TLSCert(context.Context, *TLSCertRequest) (*TLSCertResponse, error)
 	Attest(context.Context, *AttestationRequest) (*AttestationResponse, error)
 	Verify(context.Context, *VerificationRequest) (*VerificationResponse, error)
+	Measure(context.Context, *MeasureRequest) (*MeasureResponse, error)
 	mustEmbedUnimplementedCMCServiceServer()
 }
 
@@ -101,6 +112,9 @@ func (UnimplementedCMCServiceServer) Attest(context.Context, *AttestationRequest
 func (UnimplementedCMCServiceServer) Verify(context.Context, *VerificationRequest) (*VerificationResponse, error) {
 	return nil, status.Errorf(codes.Unimplemented, "method Verify not implemented")
 }
+func (UnimplementedCMCServiceServer) Measure(context.Context, *MeasureRequest) (*MeasureResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Measure not implemented")
+}
 func (UnimplementedCMCServiceServer) mustEmbedUnimplementedCMCServiceServer() {}
 
 // UnsafeCMCServiceServer may be embedded to opt out of forward compatibility for this service.
@@ -186,6 +200,24 @@ func _CMCService_Verify_Handler(srv interface{}, ctx context.Context, dec func(i
 	return interceptor(ctx, in, info, handler)
 }
 
+func _CMCService_Measure_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(MeasureRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(CMCServiceServer).Measure(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/grpcapi.CMCService/Measure",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(CMCServiceServer).Measure(ctx, req.(*MeasureRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
 // CMCService_ServiceDesc is the grpc.ServiceDesc for CMCService service.
 // It's only intended for direct use with grpc.RegisterService,
 // and not to be introspected or modified (even as a copy)
@@ -209,6 +241,10 @@ var CMCService_ServiceDesc = grpc.ServiceDesc{
 			MethodName: "Verify",
 			Handler:    _CMCService_Verify_Handler,
 		},
+		{
+			MethodName: "Measure",
+			Handler:    _CMCService_Measure_Handler,
+		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "grpcapi.proto",

From a1f03dbdf13b7b6acfe40ba88bc2af3d133e77be Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:06:58 +0000
Subject: [PATCH 10/26] api: add measure api call

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 api/api.go | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/api/api.go b/api/api.go
index 6db92e73..45ab7d0f 100644
--- a/api/api.go
+++ b/api/api.go
@@ -1,4 +1,4 @@
-// Copyright (c) 2021 Fraunhofer AISEC
+// Copyright (c) 2021 - 2024 Fraunhofer AISEC
 // Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// Contains the API definitions for the CoAP and unix domain socket API
+// Contains the API definitions for the CoAP and socket API.
 // The gRPC API is in a separate file
 package api
 
@@ -54,6 +54,16 @@ type VerificationResponse struct {
 	VerificationResult []byte `json:"verificationResult" cbor:"0,keyasint"`
 }
 
+type MeasureRequest struct {
+	Name         string `json:"name,omitempty" cbor:"0,keyasint,omitempty"`
+	ConfigSha256 []byte `json:"configSha256,omitempty" cbor:"1,keyasint,omitempty"`
+	RootfsSha256 []byte `json:"rootfsSha256,omitempty" cbor:"2,keyasint,omitempty"`
+}
+
+type MeasureResponse struct {
+	Success bool `json:"success" cbor:"0,keyasint"`
+}
+
 type TLSSignRequest struct {
 	Id       string       `json:"id" cbor:"0,keyasint"`
 	Content  []byte       `json:"content" cbor:"1,keyasint"`
@@ -110,8 +120,9 @@ const (
 	TypeError   uint32 = 0
 	TypeAttest  uint32 = 1
 	TypeVerify  uint32 = 2
-	TypeTLSSign uint32 = 3
-	TypeTLSCert uint32 = 4
+	TypeMeasure uint32 = 3
+	TypeTLSSign uint32 = 4
+	TypeTLSCert uint32 = 5
 )
 
 // Converts Protobuf hashtype to crypto.SignerOpts

From 6da2a421dab7af976432c02ce30ca2b5ee65ba2e Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:07:46 +0000
Subject: [PATCH 11/26] tpmdriver: add functionality to read measurement lists

Required for the prover to provide details on the
order of measurements for self-contained attestation
reports.

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 tpmdriver/tpmdriver.go | 54 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/tpmdriver/tpmdriver.go b/tpmdriver/tpmdriver.go
index b86d758a..c29efc78 100644
--- a/tpmdriver/tpmdriver.go
+++ b/tpmdriver/tpmdriver.go
@@ -43,6 +43,7 @@ import (
 	est "github.com/Fraunhofer-AISEC/cmc/est/estclient"
 	"github.com/Fraunhofer-AISEC/cmc/ima"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
+	m "github.com/Fraunhofer-AISEC/cmc/measure"
 )
 
 // Tpm is a structure that implements the Measure method
@@ -55,6 +56,10 @@ type Tpm struct {
 	UseIma         bool
 	ImaPcr         int
 	MeasurementLog bool
+	UseCtr         bool
+	CtrPcr         int
+	CtrLog         string
+	Serializer     ar.Serializer
 }
 
 const (
@@ -176,6 +181,10 @@ func (t *Tpm) Init(c *ar.DriverConfig) error {
 	t.SigningCerts = ikchain
 	t.MeasuringCerts = akchain
 	t.MeasurementLog = c.MeasurementLog
+	t.Serializer = c.Serializer
+	t.UseCtr = c.UseCtr
+	t.CtrLog = c.CtrLog
+	t.CtrPcr = c.CtrPcr
 
 	return nil
 }
@@ -211,6 +220,7 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) {
 			log.Warnf("failed to read binary bios measurements: %v. Using final PCR values as measurements",
 				err)
 		}
+		log.Tracef("Collected %v binary bios measurements", len(biosMeasurements))
 	}
 
 	hashChain := make([]ar.PcrMeasurement, len(t.Pcrs))
@@ -262,13 +272,55 @@ func (t *Tpm) Measure(nonce []byte) (ar.Measurement, error) {
 		// Find the IMA PCR in the TPM Measurement
 		for i := range hashChain {
 			if hashChain[i].Pcr == t.ImaPcr {
-				log.Tracef("Adding %v IMA events to PCR%v measurement", len(imaEvents), hashChain[i].Pcr)
+				log.Tracef("Adding %v IMA events to PCR%v measurement", len(imaEvents),
+					hashChain[i].Pcr)
 				hashChain[i].Events = imaEvents
 				hashChain[i].Summary = nil
 				hashChain[i].Type = "PCR Eventlog"
 			}
 		}
+	}
+
+	if t.UseCtr {
+		log.Tracef("Reading container measurements")
+		if _, err := os.Stat(t.CtrLog); err == nil {
+			// If CMC container measurements are used, add the list of executed containers
+			data, err := os.ReadFile(t.CtrLog)
+			if err != nil {
+				return ar.Measurement{}, fmt.Errorf("failed to read container measurements: %w", err)
+			}
+
+			var measureList []m.MeasureEntry
+			err = t.Serializer.Unmarshal(data, &measureList)
+			if err != nil {
+				return ar.Measurement{}, fmt.Errorf("failed to unmarshal measurement list: %w", err)
+			}
 
+			for i := range hashChain {
+				if hashChain[i].Pcr == t.CtrPcr {
+					log.Tracef("Adding %v container events to PCR%v measurement", len(measureList),
+						hashChain[i].Pcr)
+					hashChain[i].Summary = nil
+					hashChain[i].Type = "PCR Eventlog"
+					for _, ml := range measureList {
+						log.Tracef("Adding %v container measurement", ml.Name)
+						event := ar.PcrEvent{
+							Sha256:    ml.TemplateSha256,
+							EventName: ml.Name,
+							CtrData: &ar.CtrData{
+								ConfigSha256: ml.ConfigSha256,
+								RootfsSha256: ml.RootfsSha256,
+							},
+						}
+						hashChain[i].Events = append(hashChain[i].Events, event)
+					}
+				}
+			}
+		} else {
+			log.Trace("No container measurements to read")
+		}
+	} else {
+		log.Trace("Container measurements omitted")
 	}
 
 	tm := ar.Measurement{

From e2387dc1ca10406dec705a79f6d35a39e502aaa8 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:08:35 +0000
Subject: [PATCH 12/26] testtool: Add functionality to test container
 measurements

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 testtool/coap.go     | 75 ++++++++++++++++++++++++++++++++++++++++++++
 testtool/commands.go |  4 +++
 testtool/config.go   | 32 ++++++++++++++++---
 testtool/grpc.go     | 48 ++++++++++++++++++++++++++++
 testtool/libapi.go   | 40 +++++++++++++++++++++++
 testtool/main.go     |  3 +-
 testtool/socket.go   | 71 +++++++++++++++++++++++++++++++++++++++++
 7 files changed, 268 insertions(+), 5 deletions(-)

diff --git a/testtool/coap.go b/testtool/coap.go
index beb3b662..a6d43f0a 100644
--- a/testtool/coap.go
+++ b/testtool/coap.go
@@ -34,6 +34,7 @@ import (
 
 	"github.com/Fraunhofer-AISEC/cmc/api"
 	"github.com/Fraunhofer-AISEC/cmc/attestedtls"
+	m "github.com/Fraunhofer-AISEC/cmc/measure"
 )
 
 type CoapApi struct{}
@@ -140,6 +141,37 @@ func (a CoapApi) verify(c *config) {
 	}
 }
 
+func (a CoapApi) measure(c *config) {
+
+	ctrConfig, err := os.ReadFile(c.CtrConfig)
+	if err != nil {
+		log.Fatalf("Failed to read config: %v", err)
+	}
+
+	configHash, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
+	if err != nil {
+		log.Fatalf("Failed to measure config: %v", err)
+	}
+
+	rootfsHash, err := m.GetRootfsMeasurement(c.CtrRootfs)
+	if err != nil {
+		log.Fatalf("Failed to measure rootfs: %v", err)
+	}
+
+	req := &api.MeasureRequest{
+		Name:         c.CtrName,
+		ConfigSha256: configHash,
+		RootfsSha256: rootfsHash,
+	}
+
+	resp, err := measureInternal(c.CmcAddr, req)
+	if err != nil {
+		log.Fatalf("Failed to verify: %v", err)
+	}
+
+	log.Infof("Measure Result: %v", resp.Success)
+}
+
 func (a CoapApi) dial(c *config) {
 	dialInternal(c, attestedtls.CmcApi_COAP, nil)
 }
@@ -210,3 +242,46 @@ func verifyInternal(addr string, req *api.VerificationRequest,
 
 	return verifyResp, nil
 }
+
+func measureInternal(addr string, req *api.MeasureRequest,
+) (*api.MeasureResponse, error) {
+
+	log.Tracef("Connecting via CoAP to %v", addr)
+
+	// Establish connection
+	conn, err := udp.Dial(addr)
+	if err != nil {
+		return nil, fmt.Errorf("error dialing: %v", err)
+	}
+	ctx, cancel := context.WithTimeout(context.Background(), time.Second)
+	defer cancel()
+
+	path := "/Measure"
+
+	// Marshal CoAP payload
+	payload, err := cbor.Marshal(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal payload: %v", err)
+	}
+
+	// Send CoAP POST request
+	resp, err := conn.Post(ctx, path, message.AppCBOR, bytes.NewReader(payload))
+	if err != nil {
+		return nil, fmt.Errorf("failed to send request: %v", err)
+	}
+
+	// Read CoAP reply body
+	payload, err = resp.ReadBody()
+	if err != nil {
+		return nil, fmt.Errorf("failed to read body: %v", err)
+	}
+
+	// Unmarshal attestation response
+	measureResp := new(api.MeasureResponse)
+	err = cbor.Unmarshal(payload, measureResp)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal response")
+	}
+
+	return measureResp, nil
+}
diff --git a/testtool/commands.go b/testtool/commands.go
index 626c3761..6500634a 100644
--- a/testtool/commands.go
+++ b/testtool/commands.go
@@ -27,6 +27,10 @@ func verify(c *config) {
 	c.api.verify(c)
 }
 
+func measure(c *config) {
+	c.api.measure(c)
+}
+
 func dial(c *config) {
 	c.api.dial(c)
 }
diff --git a/testtool/config.go b/testtool/config.go
index 25749f00..001f66a9 100644
--- a/testtool/config.go
+++ b/testtool/config.go
@@ -52,14 +52,15 @@ var (
 )
 
 type Api interface {
+	cacerts(c *config)
 	generate(c *config)
 	verify(c *config)
+	measure(c *config)
 	dial(c *config)
 	listen(c *config)
-	iothub(c *config)
-	cacerts(c *config)
 	request(c *config)
 	serve(c *config)
+	iothub(c *config)
 }
 
 type config struct {
@@ -91,6 +92,11 @@ type config struct {
 	MeasurementLog bool     `json:"measurementLog"`
 	UseIma         bool     `json:"useIma"`
 	ImaPcr         int      `json:"imaPcr"`
+	// Only container measurements
+	CtrAlgo   string `json:"ctrAlgo"`
+	CtrName   string `json:"ctrName"`
+	CtrRootfs string `json:"ctrRootfs"`
+	CtrConfig string `json:"ctrConfig"`
 
 	ca       []byte
 	policies []byte
@@ -122,12 +128,16 @@ const (
 	driversFlag        = "drivers"
 	storageFlag        = "storage"
 	cacheFlag          = "cache"
-	measurementLogFlag = "measurementLog"
+	measurementLogFlag = "measurementlog"
 	headerFlag         = "header"
 	methodFlag         = "method"
 	dataFlag           = "data"
 	imaFlag            = "ima"
 	imaPcrFlag         = "pcr"
+	// Only container image measure flags
+	ctrNameFlag   = "ctrname"
+	ctrRootfsFlag = "ctrrootfs"
+	ctrConfigFlag = "ctrconfig"
 )
 
 func getConfig() *config {
@@ -175,6 +185,10 @@ func getConfig() *config {
 	ima := flag.Bool(imaFlag, false,
 		"Indicates whether to use Integrity Measurement Architecture (IMA)")
 	pcr := flag.Int(imaPcrFlag, 0, "IMA PCR")
+	// Container measurement flags
+	ctrName := flag.String(ctrNameFlag, "", "Specifies name of container to be measured")
+	ctrRootfs := flag.String(ctrRootfsFlag, "", "Specifies rootfs path of the container to be measured")
+	ctrConfig := flag.String(ctrConfigFlag, "", "Specifies config path of the container to be measured")
 
 	flag.Parse()
 
@@ -286,6 +300,16 @@ func getConfig() *config {
 	if internal.FlagPassed(imaPcrFlag) {
 		c.ImaPcr = *pcr
 	}
+	// Container measurements
+	if internal.FlagPassed(ctrNameFlag) {
+		c.CtrName = *ctrName
+	}
+	if internal.FlagPassed(ctrRootfsFlag) {
+		c.CtrRootfs = *ctrRootfs
+	}
+	if internal.FlagPassed(ctrConfigFlag) {
+		c.CtrConfig = *ctrConfig
+	}
 
 	intervalDuration, err := time.ParseDuration(c.IntervalStr)
 	if err != nil {
@@ -308,7 +332,7 @@ func getConfig() *config {
 	printConfig(c)
 
 	// Get root CA certificate in PEM format if specified
-	if c.Mode != "generate" && c.Mode != "cacerts" {
+	if c.Mode != "generate" && c.Mode != "cacerts" && c.Mode != "measure" {
 		if c.CaFile != "" {
 			c.ca, err = os.ReadFile(c.CaFile)
 			if err != nil {
diff --git a/testtool/grpc.go b/testtool/grpc.go
index 567c0716..2e69de0e 100644
--- a/testtool/grpc.go
+++ b/testtool/grpc.go
@@ -31,6 +31,7 @@ import (
 
 	"github.com/Fraunhofer-AISEC/cmc/attestedtls"
 	api "github.com/Fraunhofer-AISEC/cmc/grpcapi"
+	m "github.com/Fraunhofer-AISEC/cmc/measure"
 )
 
 type GrpcApi struct{}
@@ -137,6 +138,53 @@ func (a GrpcApi) verify(c *config) {
 	log.Debug("Finished verify")
 }
 
+func (a GrpcApi) measure(c *config) {
+
+	// Establish connection
+	ctx, cancel := context.WithTimeout(context.Background(), timeoutSec*time.Second)
+	defer cancel()
+
+	log.Tracef("Connecting via gRPC to %v", c.CmcAddr)
+
+	conn, err := grpc.DialContext(ctx, c.CmcAddr, grpc.WithTransportCredentials(insecure.NewCredentials()), grpc.WithBlock())
+	if err != nil {
+		log.Fatalf("Failed to connect to cmcd: %v", err)
+	}
+	defer conn.Close()
+	client := api.NewCMCServiceClient(conn)
+
+	ctrConfig, err := os.ReadFile(c.CtrConfig)
+	if err != nil {
+		log.Fatalf("Failed to read container config: %v", err)
+	}
+
+	configHash, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
+	if err != nil {
+		log.Fatalf("Failed to measure config: %v", err)
+	}
+
+	rootfsHash, err := m.GetRootfsMeasurement(c.CtrRootfs)
+	if err != nil {
+		log.Fatalf("Failed to measure rootfs: %v", err)
+	}
+
+	req := &api.MeasureRequest{
+		Name:         c.CtrName,
+		ConfigSha256: configHash,
+		RootfsSha256: rootfsHash,
+	}
+
+	response, err := client.Measure(ctx, req)
+	if err != nil {
+		log.Fatalf("GRPC Measure Call failed: %v", err)
+	}
+	if response.GetStatus() != api.Status_OK {
+		log.Warnf("Failed to record measurement. Status %v", response.GetStatus())
+	}
+
+	log.Debug("Finished measure")
+}
+
 func (a GrpcApi) dial(c *config) {
 	dialInternal(c, attestedtls.CmcApi_GRPC, nil)
 }
diff --git a/testtool/libapi.go b/testtool/libapi.go
index e5fae9d7..172d30d4 100644
--- a/testtool/libapi.go
+++ b/testtool/libapi.go
@@ -31,6 +31,7 @@ import (
 	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/attestedtls"
 	"github.com/Fraunhofer-AISEC/cmc/cmc"
+	m "github.com/Fraunhofer-AISEC/cmc/measure"
 )
 
 type LibApi struct {
@@ -130,6 +131,45 @@ func (a LibApi) verify(c *config) {
 	}
 }
 
+func (a LibApi) measure(c *config) {
+	if a.cmc == nil {
+		cmc, err := initialize(c)
+		if err != nil {
+			log.Errorf("failed to initialize CMC: %v", err)
+			return
+		}
+		a.cmc = cmc
+	}
+
+	ctrConfig, err := os.ReadFile(c.CtrConfig)
+	if err != nil {
+		log.Fatalf("Failed to read config: %v", err)
+	}
+
+	configHash, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
+	if err != nil {
+		log.Fatalf("Failed to measure config: %v", err)
+	}
+
+	rootfsHash, err := m.GetRootfsMeasurement(c.CtrRootfs)
+	if err != nil {
+		log.Fatalf("Failed to measure rootfs: %v", err)
+	}
+
+	err = m.Measure(c.CtrName, configHash, rootfsHash,
+		&m.MeasureConfig{
+			Serializer: a.cmc.Serializer,
+			Pcr:        a.cmc.CtrPcr,
+			LogFile:    a.cmc.CtrLog,
+			Driver:     a.cmc.CtrDriver,
+		})
+	if err != nil {
+		log.Fatalf("Failed to record measurement: %v", err)
+	}
+
+	log.Debug("Measure: Recorded measurement")
+}
+
 func (a LibApi) cacerts(c *config) {
 	getCaCertsInternal(c)
 }
diff --git a/testtool/main.go b/testtool/main.go
index 5d370d06..3002df1b 100644
--- a/testtool/main.go
+++ b/testtool/main.go
@@ -23,13 +23,14 @@ import (
 
 var (
 	cmds = map[string]func(*config){
+		"cacerts":  getCaCerts, // Retrieve CA certs from EST server
 		"generate": generate,   // Generate an attestation report
 		"verify":   verify,     // Verify an attestation report
+		"measure":  measure,    // Record measurements
 		"dial":     dial,       // Act as client to establish an attested TLS connection
 		"listen":   listen,     // Act as server in etsblishing attested TLS connections
 		"request":  request,    // Perform an attested HTTPS request
 		"serve":    serve,      // Establish an attested HTTPS server
-		"cacerts":  getCaCerts, // Retrieve CA certs from EST server
 		"iothub":   iothub,     // Simulate an IoT hub for Cortex-M IAS Attestation Demo
 	}
 )
diff --git a/testtool/socket.go b/testtool/socket.go
index 5f969266..d56ca0f4 100644
--- a/testtool/socket.go
+++ b/testtool/socket.go
@@ -27,6 +27,7 @@ import (
 	"github.com/fxamacker/cbor/v2"
 
 	// local modules
+	m "github.com/Fraunhofer-AISEC/cmc/measure"
 
 	"github.com/Fraunhofer-AISEC/cmc/api"
 	"github.com/Fraunhofer-AISEC/cmc/attestedtls"
@@ -132,6 +133,37 @@ func (a SocketApi) verify(c *config) {
 	}
 }
 
+func (a SocketApi) measure(c *config) {
+
+	ctrConfig, err := os.ReadFile(c.CtrConfig)
+	if err != nil {
+		log.Fatalf("Failed to read config: %v", err)
+	}
+
+	configHash, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
+	if err != nil {
+		log.Fatalf("Failed to measure config: %v", err)
+	}
+
+	rootfsHash, err := m.GetRootfsMeasurement(c.CtrRootfs)
+	if err != nil {
+		log.Fatalf("Failed to measure rootfs: %v", err)
+	}
+
+	req := &api.MeasureRequest{
+		Name:         c.CtrName,
+		ConfigSha256: configHash,
+		RootfsSha256: rootfsHash,
+	}
+
+	resp, err := measureSocketRequest(c.Network, c.CmcAddr, req)
+	if err != nil {
+		log.Fatalf("Failed to measure: %v", err)
+	}
+
+	log.Debugf("Recorded measurement. Result: %v", resp.Success)
+}
+
 func (a SocketApi) dial(c *config) {
 	dialInternal(c, attestedtls.CmcApi_Socket, nil)
 }
@@ -194,3 +226,42 @@ func verifySocketRequest(network, addr string, req *api.VerificationRequest,
 
 	return verifyResp, nil
 }
+
+func measureSocketRequest(network, addr string, req *api.MeasureRequest,
+) (*api.MeasureResponse, error) {
+
+	log.Tracef("Connecting via %v socket to %v", network, addr)
+
+	// Establish connection
+	conn, err := net.Dial(network, addr)
+	if err != nil {
+		return nil, fmt.Errorf("error dialing: %v", err)
+	}
+
+	// Marshal payload
+	payload, err := cbor.Marshal(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal payload: %v", err)
+	}
+
+	// Send request
+	err = api.Send(conn, payload, api.TypeMeasure)
+	if err != nil {
+		return nil, fmt.Errorf("failed to send request: %v", err)
+	}
+
+	// Read reply
+	payload, _, err = api.Receive(conn)
+	if err != nil {
+		log.Fatalf("failed to receive: %v", err)
+	}
+
+	// Unmarshal attestation response
+	measureResp := new(api.MeasureResponse)
+	err = cbor.Unmarshal(payload, measureResp)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal response")
+	}
+
+	return measureResp, nil
+}

From ad62fa44c99bc53900bab3cfc067eddf0b141be7 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:11:09 +0000
Subject: [PATCH 13/26] attestationreport/attestationreport.go: add container
 config

The container config is required for the drivers.

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 attestationreport/attestationreport.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/attestationreport/attestationreport.go b/attestationreport/attestationreport.go
index 1d6ff9c9..0cdaedad 100644
--- a/attestationreport/attestationreport.go
+++ b/attestationreport/attestationreport.go
@@ -62,6 +62,9 @@ type DriverConfig struct {
 	ImaPcr         int
 	Serializer     Serializer
 	MeasurementLog bool
+	UseCtr         bool
+	CtrPcr         int
+	CtrLog         string
 }
 
 // Serializer is a generic interface providing methods for data serialization and
@@ -118,6 +121,12 @@ type PcrEvent struct {
 	Sha256    HexByte    `json:"sha256" cbor:"2,keyasint"`
 	EventName string     `json:"eventname,omitempty" cbor:"4,keyasint,omitempty"`
 	EventData *EventData `json:"eventdata,omitempty" cbor:"5,keyasint,omitempty"`
+	CtrData   *CtrData   `json:"ctrData,omitempty" cbor:"6,keyasint,omitempty"`
+}
+
+type CtrData struct {
+	ConfigSha256 HexByte `json:"configSha256" cbor:"0,keyasint"`
+	RootfsSha256 HexByte `json:"rootfsSha256" cbor:"1,keyasint"`
 }
 
 // TpmMeasurement represents the attestation report

From 5d04f078ba9000f9faab4bbc2363633afc230504 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:11:54 +0000
Subject: [PATCH 14/26] attestationreport/attestationreport.go: add support for
 environment variables

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 attestationreport/attestationreport.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/attestationreport/attestationreport.go b/attestationreport/attestationreport.go
index 0cdaedad..fbc5f2d5 100644
--- a/attestationreport/attestationreport.go
+++ b/attestationreport/attestationreport.go
@@ -270,6 +270,7 @@ type AppDescription struct {
 	MetaInfo
 	AppManifest string              `json:"appManifest" cbor:"3,keyasint"` // Links to App Manifest.Name
 	External    []ExternalInterface `json:"externalConnections,omitempty" cbor:"4,keyasint,omitempty"`
+	Environment []Environment       `json:"environment,omitempty" cbor:"5,keyasint,omitempty"`
 }
 
 // InternalConnection represents the attestation report
@@ -291,6 +292,13 @@ type ExternalInterface struct {
 	Port        int    `json:"port" cbor:"3,keyasint"`        // Links to App Manifest.Endpoint
 }
 
+// Environment represents environment variables
+// for apps
+type Environment struct {
+	Key   string `json:"key" cbor:"0,keyasint"`
+	Value string `json:"value" cbor:"1,keyasint"`
+}
+
 // AppManifest represents the attestation report
 // element of type 'App Manifest'
 type AppManifest struct {

From c3aeec7d641ebd8c171cef40a4d4890839730d85 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:13:17 +0000
Subject: [PATCH 15/26] attestationreport/attestationreport.go: add app results
 to validation report

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 attestationreport/attestationreport.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/attestationreport/attestationreport.go b/attestationreport/attestationreport.go
index fbc5f2d5..79d12946 100644
--- a/attestationreport/attestationreport.go
+++ b/attestationreport/attestationreport.go
@@ -980,6 +980,16 @@ func verifyMetadata(ar *AttestationReport, cas []*x509.Certificate, s Serializer
 			result.DevDescResult.Description = metadata.DeviceDescription.Description
 			result.DevDescResult.Location = metadata.DeviceDescription.Location
 		}
+		for _, appDesc := range metadata.DeviceDescription.AppDescriptions {
+			appResult := AppDescResult{
+				MetaInfo:    appDesc.MetaInfo,
+				AppManifest: appDesc.AppManifest,
+				External:    appDesc.External,
+				Environment: appDesc.Environment,
+			}
+			result.DevDescResult.AppResults = append(result.DevDescResult.AppResults,
+				appResult)
+		}
 	}
 
 	return metadata, result, success

From 9a30897fce6aba5a3df1702a8d486d6fbc2ee6fc Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:14:28 +0000
Subject: [PATCH 16/26] attestationreport/validationreport.go: add support for
 environment variables

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 attestationreport/validationreport.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/attestationreport/validationreport.go b/attestationreport/validationreport.go
index d67f110f..c9c02602 100644
--- a/attestationreport/validationreport.go
+++ b/attestationreport/validationreport.go
@@ -81,9 +81,17 @@ type DevDescResult struct {
 	CorrectApps         []Result          `json:"correctApps"`
 	RtmOsCompatibility  Result            `json:"rtmOsCompatibility"`
 	OsAppsCompatibility []Result          `json:"osAppCompatibility"`
+	AppResults          []AppDescResult   `json:"appDescResults"`
 	SignatureCheck      []SignatureResult `json:"signatureValidation"`
 }
 
+type AppDescResult struct {
+	MetaInfo
+	AppManifest string              `json:"appManifest"`
+	Environment []Environment       `json:"environment,omitempty"`
+	External    []ExternalInterface `json:"external,omitempty"`
+}
+
 type MeasurementResult struct {
 	Type      string          `json:"type"`
 	Summary   Result          `json:"summary"`

From b746ef305d89781891a0ddb98b18780d5110d27f Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:15:20 +0000
Subject: [PATCH 17/26] attestationreport/sw.go: delete obsolete sw module

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 attestationreport/sw.go | 71 -----------------------------------------
 1 file changed, 71 deletions(-)
 delete mode 100644 attestationreport/sw.go

diff --git a/attestationreport/sw.go b/attestationreport/sw.go
deleted file mode 100644
index c3137929..00000000
--- a/attestationreport/sw.go
+++ /dev/null
@@ -1,71 +0,0 @@
-// Copyright (c) 2021 Fraunhofer AISEC
-// Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package attestationreport
-
-import (
-	"bytes"
-)
-
-func VerifySwMeasurements(swMeasurements []Measurement, refVals []ReferenceValue) ([]MeasurementResult, bool) {
-
-	log.Trace("Verifying SW measurements")
-
-	swMeasurementResults := make([]MeasurementResult, 0)
-	ok := true
-
-	// Check that every reference value is reflected by a measurement
-	for _, v := range refVals {
-		result := MeasurementResult{}
-		result.Summary.Success = false
-		result.SwResult.VerName = v.Name
-		found := false
-		for _, swm := range swMeasurements {
-			if bytes.Equal(swm.Sha256, v.Sha256) {
-				result.SwResult.MeasName = swm.Description
-				result.Summary.Success = true
-				found = true
-				break
-			}
-		}
-		if !found {
-			log.Tracef("no SW Measurement found for SW Reference Value %v (hash: %v)", v.Name, v.Sha256)
-			result.Summary.SetErr(RefValNoMatch)
-			ok = false
-		}
-		swMeasurementResults = append(swMeasurementResults, result)
-	}
-
-	// Check that every measurement is reflected by a reference value
-	for _, swM := range swMeasurements {
-		found := false
-		for _, swV := range refVals {
-			if bytes.Equal(swM.Sha256, swV.Sha256) {
-				found = true
-				break
-			}
-		}
-		if !found {
-			result := MeasurementResult{}
-			result.SwResult.MeasName = swM.Description
-			log.Tracef("no SW Reference Value found for SW Measurement: %v", swM.Sha256)
-			result.Summary.SetErr(MeasurementNoMatch)
-			swMeasurementResults = append(swMeasurementResults, result)
-			ok = false
-		}
-	}
-
-	return swMeasurementResults, ok
-}

From 63ca954bc1384b25123f2ebc17cb4587ae16e5b3 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:16:04 +0000
Subject: [PATCH 18/26] attestationreport/tpm.go: more detailed measurement
 results

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 attestationreport/tpm.go | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/attestationreport/tpm.go b/attestationreport/tpm.go
index 34dc445c..85504e6b 100644
--- a/attestationreport/tpm.go
+++ b/attestationreport/tpm.go
@@ -22,6 +22,7 @@ import (
 	"crypto/x509"
 	"encoding/hex"
 	"sort"
+	"strings"
 
 	"github.com/Fraunhofer-AISEC/cmc/internal"
 	"github.com/google/go-tpm/legacy/tpm2"
@@ -188,11 +189,16 @@ func recalculatePcrs(measurement Measurement, referenceValues []ReferenceValue)
 				calculatedPcrs[measuredPcr.Pcr] = extendSha256(calculatedPcrs[measuredPcr.Pcr],
 					event.Sha256)
 
+				nameInfo := ref.Name
+				if event.EventName != "" && !strings.EqualFold(ref.Name, event.EventName) {
+					nameInfo += ": " + event.EventName
+				}
+
 				measResult := DigestResult{
 					Pcr:         &pcrNum,
 					Digest:      hex.EncodeToString(event.Sha256),
 					Success:     true,
-					Name:        ref.Name,
+					Name:        nameInfo,
 					Description: ref.Description,
 				}
 				detailedResults = append(detailedResults, measResult)
@@ -273,9 +279,24 @@ func recalculatePcrs(measurement Measurement, referenceValues []ReferenceValue)
 	// in case of detailed measurement logs
 	for _, ref := range referenceValues {
 
+		if ref.Pcr == nil {
+			result := DigestResult{
+				Type:        "Reference Value",
+				Success:     false,
+				Name:        ref.Name,
+				Digest:      hex.EncodeToString(ref.Sha256),
+				Description: ref.Description,
+			}
+			detailedResults = append(detailedResults, result)
+			ok = false
+			log.Tracef("Reference value %v does not contain PCR", ref.Name)
+			continue
+		}
+
 		// Check if measurement contains the reference value PCR
 		foundPcr := false
 		for _, measuredPcr := range measurement.Pcrs {
+
 			if measuredPcr.Pcr == *ref.Pcr {
 				foundPcr = true
 			} else {

From 6f714b0f82a546d460a7f9122c83e0ebe7829d1e Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:16:37 +0000
Subject: [PATCH 19/26] attestationreport/snp_test.go: renaming

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 attestationreport/snp_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/attestationreport/snp_test.go b/attestationreport/snp_test.go
index d64d8422..18cd3f28 100644
--- a/attestationreport/snp_test.go
+++ b/attestationreport/snp_test.go
@@ -37,7 +37,7 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		want bool
 	}{
 		{
-			name: "Valid Attestation Report",
+			name: "ValidAttestationReport",
 			args: args{
 				snpM: &Measurement{
 					Type:     "SNP Measurement",

From 446926b012dbd321c5498df02cbfa33934d5f1c5 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:19:48 +0000
Subject: [PATCH 20/26] doc: update documentation

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 doc/container-measurements.md    |  118 +++
 doc/container_measurement.drawio | 1480 ++++++++++++++++++++++++++++++
 doc/manual-setup.md              |   21 +
 3 files changed, 1619 insertions(+)
 create mode 100644 doc/container-measurements.md
 create mode 100644 doc/container_measurement.drawio

diff --git a/doc/container-measurements.md b/doc/container-measurements.md
new file mode 100644
index 00000000..fb31036a
--- /dev/null
+++ b/doc/container-measurements.md
@@ -0,0 +1,118 @@
+# Containerd Container Measurements
+
+## Prerequisites and Build
+
+### Containerd Configuration
+To measure containers, we require the `containerd-shim-cmc-v1` proxy shim, to be invoked by
+containerd instead of the default shim `containerd-shim-runc-v2`. The proxy shim measures the
+container and then invokes `containerd-shim-runc-v2`.
+
+#### Alternative 1
+
+Add the following to `/etc/containerd/config.toml`
+```
+[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.cmc]
+  runtime_type = "io.containerd.runtime.v1.linux"
+  [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.cmc.options]
+    BinaryName = "/usr/bin/containerd-shim-cmc-v1"
+```
+
+Restart containerd:
+```sh
+sudo systemctl restart containerd
+```
+
+The shim can now be invoked with the following `ctr` argument:
+`--runtime io.containerd.runtime.v1.linux.cmc`
+
+#### Alternative 2
+
+If an absolute path is used, no containerd configuration changes are required:
+`--runtime /path/to/cmc/tools/containerd-shim-cmc-v1/containerd-shim-cmc-v1`
+
+### Build the CMC
+
+build all CMC binaries according to the README, especially
+`cmc/tools/containerd-shim-cmc-v1/containerd-shim-cmc-v1` (can be built via `go build`). If
+*Alternative 1* was chosen, the binary must be copied to `/usr/bin`.
+
+### Run the CMC
+
+Make sure the `cmcd` and `estserver` are running (see main README.md)
+
+
+### Create Reference Values for Containers to be Executed
+
+#### Alternative 1: Perform containerd dry run with good reference container and collect reference values
+
+**Note**: The
+[example-setup/update-container-manifest-live](../../example-setup/update-container-manifest-live)
+script can be used to generate a manifest for a specific container. The following manual setup
+explains the single steps.
+
+
+To do a "dry run" of the custom shim to generate the reference values for a trusted container, pull the image:
+```bash
+ctr image pull docker.io/library/ubuntu:22.04
+```
+
+And then generate the reference values:
+```bash
+sudo ctr run --runtime io.containerd.runtime.v1.linux.cmc -env VAL=HELLO -t --rm docker.io/library/ubuntu:22.04 CMC_GENERATE_APP_MANIFEST
+```
+
+This will create reference values for the container and store it in `/tmp/measure/container-refs`
+
+Generate CMC metadata as described in the CMC Readme, generate an app manifest and add the reference values.
+
+Sign this manifest and add it to `cmc-data`:
+```sh
+cmc-signing-tool -in /tmp/measure/app.manifest.json   -out metadata-signed/app.manifest.json    -keys pki/signing-cert-key.pem -x5cs pki/signing-cert.pem,pki/ca.pem
+```
+
+#### Alternative 2: Use tools to convert OCI image to runtime bundle and measure reference values
+
+This requires `buildah` and `umoci` to be installed: `sudo apt install buildah umoci`
+
+**Note**: The
+[example-setup/update-container-manifest](../../example-setup/update-container-manifest)
+script can be used to generate a manifest for a specific container. The following manual setup
+explains the single steps.
+
+```sh
+buildah pull <container-image>
+buildah push <container-image> oci-archive:myimage-oci.tar
+```
+
+Extract the OCI image:
+```sh
+tar -xvf myimage-oci.tar
+```
+
+Unpack the image to a bundle:
+```sh
+umoci unpack --rootless --image ./ bundle
+```
+
+Measure runtime bundle:
+```sh
+./measure-bundle -config bundle/config.json -rootfs bundle/rootfs
+```
+
+Now create an app manifest and add the reference values as described in *Alternative 1*
+
+## Run a container
+
+Now, run the container:
+```bash
+sudo ctr run --runtime io.containerd.runtime.v1.linux.cmc -env VAL=HELLO -t --rm docker.io/library/ubuntu:22.04 my_container
+```
+
+The container will always start, but changing e.g. the environment variable will lead to a failed remote attestation.
+
+## Logging and Troubleshooting
+
+- If managed by systemd, the containerd logs can be retrieved via: `journalctl -u containerd`
+- To get more detailed containerd logs: `containerd -log-level trace`
+- The `containerd-shim-cmc-v1` logs are located at: `/tmp/containerd-shim-cmc.log`
+- The original shim logs are retrieved by containerd / the proxy shim
diff --git a/doc/container_measurement.drawio b/doc/container_measurement.drawio
new file mode 100644
index 00000000..27d0dfe8
--- /dev/null
+++ b/doc/container_measurement.drawio
@@ -0,0 +1,1480 @@
+<mxfile host="app.diagrams.net" modified="2024-03-13T11:58:27.142Z" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" etag="RIGTcMXqc18YHfb7qtrL" version="24.0.5" type="device">
+  <diagram name="Page-1" id="eAdGSRRNfzhySv9DunpN">
+    <mxGraphModel dx="4341" dy="3639" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="1" shadow="0">
+      <root>
+        <mxCell id="0" />
+        <mxCell id="1" parent="0" />
+        <mxCell id="dfeGwJ4GioFZ4fCVBI6Y-1" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+          <mxGeometry x="990" y="2270" width="2340" height="1020" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-268" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="661.88" y="-1160.75" width="156.25" height="255.5" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-266" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="840" y="-1070" width="250" height="160" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-265" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="229.88" y="-1169" width="220.12" height="249" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-264" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="63.75" y="-1170" width="156.25" height="255.5" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-262" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="466.25" y="-1170" width="133.75" height="255" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-41" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-760" y="-820" width="590" height="205" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-13" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="Ebp6lTG2UBThMlCNcLZx-11" target="Ebp6lTG2UBThMlCNcLZx-12" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-11" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1989" y="2950" width="210" height="200" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-58" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="450" y="1120" width="430" height="450" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-22" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="80" y="730" width="200" height="280" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-3" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="100" y="170" width="140" height="160" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-1" value="Rootfs" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="142.5" y="260" width="55" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-4" value="Config" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="142.5" y="210" width="55" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-5" value="OCI Runtime Bundle" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="110" y="180" width="130" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-14" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="cHL1YEVYz9JcjSMk78A3-11" target="cHL1YEVYz9JcjSMk78A3-13" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-11" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="120" y="370" width="200" height="280" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-13" value="runc" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="120" y="667" width="200" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-15" value="attestation layer" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="165" y="370" width="110" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-33" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-19" target="cHL1YEVYz9JcjSMk78A3-20" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-19" value="Rootfs" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="130" y="400" width="50" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-38" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-20" target="cHL1YEVYz9JcjSMk78A3-37" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-20" value="mtree" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="260" y="400" width="50" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-39" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-21" target="cHL1YEVYz9JcjSMk78A3-37" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-21" value="`H_{config}`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="260" y="430" width="50" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-23" value="Config" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="130" y="435" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-30" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-24" target="cHL1YEVYz9JcjSMk78A3-21" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-24" value="`C_0`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="130" y="455" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-25" value="&lt;div&gt;`C_1`&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="130" y="475" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-31" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-26" target="cHL1YEVYz9JcjSMk78A3-21" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-26" value="&lt;div&gt;`C_2`&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="130" y="495" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-27" value="`C_3`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="130" y="515" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-28" value="..." style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="130" y="535" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-32" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-29" target="cHL1YEVYz9JcjSMk78A3-21" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-29" value="`C_n`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="130" y="555" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-34" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.045;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-3" target="cHL1YEVYz9JcjSMk78A3-15" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-35" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.801;entryY=0.001;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" target="cHL1YEVYz9JcjSMk78A3-11" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="280" y="320" as="sourcePoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-37" value="`H`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="390" y="410" width="50" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-41" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="480" y="340" width="140" height="160" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-42" value="Verifier" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="520" y="360" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-43" value="List of config keys" style="whiteSpace=wrap;html=1;aspect=fixed;" parent="1" vertex="1">
+          <mxGeometry x="250" y="260" width="60" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-45" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-9" target="cHL1YEVYz9JcjSMk78A3-46" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="630" y="590" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="550" y="610" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-47" value="True" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="cHL1YEVYz9JcjSMk78A3-45" vertex="1" connectable="0">
+          <mxGeometry x="-0.6201" y="-1" relative="1" as="geometry">
+            <mxPoint as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-48" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-9" target="cHL1YEVYz9JcjSMk78A3-50" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="690" y="430" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-49" value="False" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="cHL1YEVYz9JcjSMk78A3-48" vertex="1" connectable="0">
+          <mxGeometry x="0.3664" relative="1" as="geometry">
+            <mxPoint x="-11" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-9" value="`H==H_{\text{good}}`" style="ellipse;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="500" y="405" width="100" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-40" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-37" target="cHL1YEVYz9JcjSMk78A3-9" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="560" y="430" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-46" value="success" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="130" y="590" width="180" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-50" value="Error report" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="660" y="410" width="70" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-53" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=data:image/png,iVBORw0KGgoAAAANSUhEUgAAA88AAAD+CAYAAAAERTdWAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AAAApdEVYdENyZWF0aW9uIFRpbWUARGkgMjMgSmFuIDIwMjQgMTQ6MzY6MzggQ0VUwwqDMQAAIABJREFUeJzs3X9YVGXe+PH3OsDAwywiC0jKKOiYKGIoZMIXM1J2IX+Q6ypLXrpaYo+Jm+mSpps+apl9fSz7ZrGP2uJK2pqV4Y+FFjfW9AEXJV2BhHUUaiCBIRnZYWHGGff7x/BjUJRBKbQ+r+vyupyZc+7zue9zn8N8zn3POT8aOHDgvwMDAykrK+Ou0OsBFk9Yx9T/cIF/n+S1P60m03LdMooQ5m9dQp/dv2bT8YYeCVMIIYQQQgghxA/Hj+665FkIIYQQQgghhLjL9OrpAIQQQgghhBBCiLudJM/intXLVdXTIQghhBBCCCF+ICR5Fvesa03Gng5BCCGEEEII8QMhybMQQgghhBBCCNEJSZ6FEEIIIYQQQohOSPJ8L1DNITEzn7hQZU9H8h1wJ3TIOt6JyyA7fhtP9+7peIQQQgghhBDibkyeXWKZ9lE+k8cocYr5PS/s3oi/oqeD6pjTo7/nhYxUNC7fchlmHWVHP0X3jen2N3Qnvst94hzFjKAHuHw+mWkHF/A/V76l7QghhBBCCCFEFzj1dADCAeYcTmzM6ekovhvKPnj9qJozeh3Gaz0djBBCCCGEEELY3HvJszqBuGdmoxmqwVMFxsoCSvZsIDu7GAvA0LUs3BJG+c4ivCfF4e+jxHhmO/vXbaaiEUDJiJf+Tpx1O3nE8mCoGlezlsLUJRz6VNu6GdfQRcQ98yuCAnzgipbyTzZzMC0LoxWcJu3mhaWRrcsmZpbZ/lO2ndSnN1Br7TxOh8pwSSDx0EY0CgA9p5aNI/NM+9HnW8XZlbpOeeZXaAJ8oFGPQZtJzsY1lOi7uG/cPPH9MTTUGWi42sV1r2P+952tL4QQQgghhBDd6e6btm01YaytocEMlsYaDHq9LSlu4ekNF94nc8103pw3nf0H6tEsTSV6mN3vgRXBBIVoyXz6AV6Zs4aKwCRiHte024zrmFjcDj/J6/FjSPsEQpKT26ZOeyUwZfVi/C5uJf2pGNJSc1E9voUZM4MBsByexfoJgbzycg4WYxbvxQWyfkIg6+c3J70OxOlQGea9vPfTQNbHr0Fr7qCtOonToboqIhmXshjvi5tJm/cwqUuWkJNfg8V+WnZn+6SlyhOeJzX1dzzzkHOHu9YhvZS4YAZJnoUQQgghhBB3kbtv5NmaQ/aClinKK0g9ft3nhW+RWdj20nBgO0WT9hAQqoZzLaOpOor2plPbCDR+TGHhSmYEBeOEtjXps5xN51i+DoCqT3KonR6Lnxq0F0A1fiYaRQ7739hlG63WbSAzJI55E+Lxfr+4Lbm9FYfivDOOxnmruqJQ4+kFhsJPqarUAzoMZbntN9TZPukuvfoQ2v9B/Cxfcb7xW9qGEEIIIYQQQtyGuy957kzvSMIXLiNiTDCevdtGm2vd7UaerfX883Lb9GaL2QSq9rdtttTV0NTyoqkJC0rcXGxlePb3gepcaltHe03Ulp2HGDXeChxLnh2J844oHY7z5nU1gflTTmcvYkbyERY+mkt5aRFlR9+npLSrc7bBcGgl0w/dZnV8lrA36md4Xasj/+8vcbyjoW0hhBBCCCGE6CF337TtW/JAs3ALMUN15LwQwysTAln/08nkXDAB1yWljiS435ouxNnj9Ghfi+HNJcs5caoG15G/YtqbHxIX7vEdh7GFhIwnSNFeJnT4HKLuvcs6QgghhBBCiO+xeyt5VmhQazyo/XQrRaU62xRsFw0+fbszITVhqNRDXw3erY+PUuIdOAT0Ogz2SbnVBIoOhu+7EufNyujOOB0oy1iaxen31rD/2Xkc+8oXzYMjuhwRbp743ueLp1vXVwXgWh1ndCepchrAkNstQwghhBBCCCG+BfdW8mzVoa8y4TniETxdAIWagKeSCFJ172aMxzMoJ5roZ+fgp9bgN34lcTEeVH2aQZVdUmqp0mFwCUYTpcHJRYlTSxLbhThvWkY3xnlLqliinl1GUGgwKh813hEzGeIDtV+ddzyQZp4Tnid16/8jKewObhh2zYQZF/jR7RchhBBCCCGEEN3tHpscq6codTXqlFUk7VuMxVhD1fGPOXNBQ0C3bmYX+9f4MOWZZOa9sxaMOsoPL+fgnuL2y5Wmk30gjLhns3lhFXaPmepCnDctQ4l/cjbzpqnblt1cQjjAmZfZtGwHTY7GeSvWeiw+0USvSrL9NvuKlvKDSzh4uOu/ee5OLpI8CyGEEEIIIe4iPxo4cOC/AwMDKSsr6+lYhADnn/Fy7DO4nEtmlVZHR0/oEkIIIYQQQojv2r01bVt8/109zr7Sv+M1ZCuH47fxdO/OVxFCCCGEEEKIb5uMPAshhBBCCCGEEJ2QkWchhBBCCCGEEKITkjwLIYQQQgghhBCduKuS58DAwJ4OQQghhBBCCCGEuMFdlTwLIYQQQgghhBB3I0mehRBCCCGEEEKITkjyLH6ANES9XULS3OCeDuTORaWSciiVIJeeDuQu5hLL5I9KSIz16HxZ1RwSM/OJC1V++3GJ714vbxYlzWRdiHNPRyKEEEKIe5AkzzczbC2LM3/PCBclASn5pKyOx6mnY/rBUxKwNJ8XXp2D6x2Vc4Wqz7PQltV3U1w9SF/AuaMFGKw9Hcj3hFlH2dFP0X1j6vBjp0d/zwsZqWi+zYsVXvOZnfkZMSE9mMC7xDLto3wmj1HiFPN7Xti9EX9Fd29EwcRpM3kzqg/8eAgbfx3LLzy7exuOcCYkPJLN86fz/pKZvJsUy3PBqg6X9Lw/krSlibw/VU279NtvFL/7dRQPO0FYzDTefawfkp4LIYQQ3z+SD4ofID3aHUvQ9nQY3aF0B4c29XQQ3yPmHE5szOnpKMR3aNDYR3gxTEFeXj47LzXi4t4b36uWGxf88UCejnTn8mVw/+7DFEIIIcRdQJLn2+UTS/SzywgN06Cy6qnK/wOZb7xFxRW7ZaJSSVmlJOflYobMnUPAACUWfS5Hlj3J6SpwCpxDbEoyIRoPmsqzyDurJjriPOlzVlDh4Eiia+gi4p75FUEBPnBFS/knmzmYloXRCuDDqFeP8ci1jylxiyRoQG+cjEWc2rqEnHx9axlO6gSikxcROlKNq1VPVd4fOPjGW1QZsU15/eMW+mS9SV1oAsMG+EJVDkdeWcLpC3ajc6rRjFq4irERwXi7gVGXy8kdyznesp1O2kuV8CGLJ+k4dtyHkJgwPN3qqTi8mn2pWTShRLMqn8RHW6bdriXlL2sBMB5+ktdfsyU7qqiVxD0Ri/8AX1QKE4bSHPJSV3OqtGWEWc3YrZ8RM8z2qip9Mtt3FrfVwaG6KlFFLSNu7uNoBtjaXHt4A5k7czC2FqQh6u1DhBSu4YRqJlFRwXi6mKg6sITtqTmAB35T1xGXEI2fjxKMNVTl72D/pl2OjyCP2cJzr8SjAmjMYt/PF1JibvlQzdit2YwyFYAmDNeyXeSVRhIxVYMlbw3p6/ZiwIeA2euIfjQMbz8fnMx6agv2kvnGZrs+7EPA3C3ETQvDkxrKD2bQNDEJ1Z5xpB/Qt9vvLXU0lGaS88Yaiso6Hrm9gctowpeu4sFQDZ5eHrY+nL2Zg++09GFbm/snZzNbk8H+PA3jfhGNX28wFm7nvec3U9Xc1wMS1xE9ORI/HyUWvRbtgQ0c3JtLaxrkE0fMlkWED/XFUnndfnVJIPHQRjQKAD2nlo0j80xbHZwm7eaFpZGtrxMzy2z/KdtO6tMbqLXa4uy8b9wizv7LSEpLxq95hDdgSwljAayfk/nL6Zy6DAxdy8ItYZyeN5kTVbZtBqQcI9FrK5te2NVc1876nyNxOsjNE98fQ0OdgYarXV25E059iJswiscG9KGvuws01nG2+Czbc7+m+ho4DxzDttje6AwqgrzN5P3tAi4jRxKmrCPj40/ZfckKuBIW+RBJo/riRSMlf79Ig/02XNTMGOXB2ZzDvP5FU/ObtR0EoyLu0ZG4nz7OZ5pYZnVzVYUQQghxb5Bp2zdjrsdQVUMTYLlSg+Gyqe1LOBrGrtrCWK9cMpfE8OYLW7kUuJjElDncMNlPEca4X6op2TSRTfHjSNuagd4MKCIZt3olQxr38t7Tk0nffYVhMaO7djXDK4Epqxfjd3Er6U/FkJaai+rxLcyYaf9bXiWqsDDYM53Xfz6GtAwIX7WFUT7NH/eOZ8qmlQTU7mDfMzG8mfIy5fctIHFpvN3UaCUBUUPQvhzDpp9PJ+ebSGLnJ9h9riF8bRqxITWc3PQEb86fzr6PtLj5+XapvZz8ogk0v0XajCBeX/cpqqkrGTdMCZjQvvwA6ycEkX5Yj+XUGjZNCGT9hMDWxBnA1UuJ4S+b2bdsMm8uWEhOZTAxL61D49ayhI4TyYGsnxBDTunNkrtb19UpdCWzV8RC9mrS5sWw/bUsnCZtYdo0zQ3leMYsIki/nfRZD/DKvIXkFdbYPgpMYsrCSIwfLCR11mS2r9pAYaWpa/s+fwmvTwhk/ZosmjpcQImqMYf9v92OYWgSD/ZOJ/2FXTRFzCaoP4Arrm5XOJe+nPQFMaQ+/zLlvnNITGmbEq+KfZUZCb7oUp8kNXkN5wMSGOFjP5VYw6gX05g4sIicNdOb2zyMKS+tJcDRac0KX1zNuRx7bSHbm9uTmC3MmHl9e9ouNo0bXkDmM2N4ZcZk9h8ubq67Er/5e0icpaZqzxK2z5tM2hsfY+ytbt+HJ03Fsn8J25cup+hadPs+bN7Lez8NZH38GrTmGzaN5fAs1k8I5JWXc7AYs3gvztb/1s9vSZwd6RudxFm5me0/DWT9jJcpN+s4sSTIto2fNifOXXLz/udQH7aaMNbW0GAGS2MNBr2eDsZi8ZzwPKmpv+OZh25vkrLxXw3UNVnhmpm6eiMN1+w+7OWCl6WajD9/ytLfH2TFJ+W4BEfxXKjdWcNNwcUTf2GrthcPR6q58KcstulUxD3QF2fAM/ghnhvtRuFfsln6Xj4FP7mfsT+2m3/u05dA5zrKfjSMdXOn8e6iabwZP5Kx1/083n/UGOKdSnir0EgH3QMsjdTUN2G+BuZGI3X/kt9RCCGEEN9HMvJ8Mxc2kz6v+f/bJrPd/rPAeEKG13Nm5QZKSk2Alqz0CIalxBPks4tTertlFSZKdi7ndHOyVpuXYXs/fCqh/XWcXLeZ8jKgbAPHIuJIDHE8RNX4mWgUOex/YxcVjYBuA5khccybEI/3+8WtX+op3Mux5hHg2oM7OPfLVEY8rOb0hzo8H0siqHEvaa/tah7B05K9M4IR/xWPRpVBUfM3xars7ZRUmoBiiv63iJgnhuOngHIrEDKbiJArnFq2hFOFtnoaKoup6Gp7NeaStyfXlhAVHEB7+XH8gnzhnM6h9qg9sIbs1ldaDDv3MurROQQGKNGec3Ak9JZ19SEoIQHXo0vYvzfLlkxUbib7k1iSJvwM1X5t+5G7r3ZxcGeW7T1jLkVVze//xAeVoobC/FwMekCvpfacw+E5yERt4V+p+sKXCn0S3mcyqf0ikkvGx+lznxIqdZRsW2G3vJacj+IJTx6Nv8sutGY1QTGRkLecrCzb6O2prX8gZMxv2lYZNpuxI7Ucm7emtW6GrTsY9sdljAhTUp7nQJs3ZnH8tay215VbyctLIHFkJE7vaa9L2ArIe21H88h4PeWfNk+8d4kl4jE1Vbsnk3m4+b1KLdn57TdlOLKZnKOfA5+TkzmH0AS7PnzHHOgbDsbZbTrsfw72YWsO2QtaLkytIPX4txGglROfHOYEAPW8uvPL9h+bq9n9l+q21/Ul7NMO40X1T3D+vPlIa7xMoa6eElU9V++rp7CmHsPXRlwGu+OOK+OH94WLeWwrqeMqUJFzjocDR7UW6ezuilcvb+LCzOz761/ZafJgYnQ4S+OtrEgv5iKAVxDJ4ZC57zzV125ykaC2hNU7m/9/PJvF3dA6QgghhLj7SPJ8O/pr8LSe59T5tuTAcl6LQRGGT38l6O2SBvN5dMU3JhGu/dS4Nmqpqmx5x0RVmQ6Lw8mzEs/+PlCdS23rUIiJ2rLzEKPGW0Fz8mzCWFXRltSZddTqIdBfA9TgPUiN04Akkv6c1L54azGq3oC+uQx9WwJraTSBiytOCsAKrpoRqBqLKbvZaK6D7WW5UmM3VbcJixmcXB2/aZLT4DnEPDOboKEaVK2jzXpqu/QDxVvUlSHcN0CJakwqL8Ret1qlLyoFdvGbMJZ+0fE02OIDnCl/nJi3P2PImc+pKsnj3JGPqdA7nuA7wmK+AnhgsYLFbAKrCatVicIZQInn+JXEzYrDX+2Da8tIsTnHdlJQqPHxA8OZ4rYE9vIF9FdM9Gl+6TpEg7fLaGJ2lxFz3ba1XrYZA51TEzB7JTGxkXj7eDS3M3DGBVdo136WyoL2P4to0V+Dt1sN5UW3ushiwnCp7VfuFuOVdn34jikc6BsOxdldbtL/HImzC+1hOLSS6YfuMNSbciVszGieGHkfapULzi3zpHQuuINt+rX1GmbAbLWNXl+9BiarFZwUKHup6NtbQfWXtsQZAGMdFY3W1j5ML6CXlZL8v5FRfhWoI+2YDxHTA4jwKebiNx784mfDoCCbDMO3VU8hhBBC3Cskef7WmbD08Aw+p+vukutE+4TUcmoNm5bv6nBaJvfKI5AUkUSvWYmm7L/ZN/99Kqrqofd8Zv9xQTdvyETVjslsf6/z241ZrnY8oZrGXHIWjqMw7FE0oREMmbyWsT9/hH1PL6Sky9Nzb5M6mWkrHseydznbP8jBYDThND6VlBVdu8OzxZjFvhkLO5zq7AjVpI3MSOjNmU1PkJ5XTJNZif+zx5gd2MHCZlPHfdRR3/px6HjfuJNt3KjjfXbT/vedxHnnPIMf4rkxLnyWmc3qL+tpsEBI9BRe9L7JCv/u6E0rXGv/jn1XvdpopuGamQpD2w+2r14xchk1nv8BGH0Y2deVoX2nsP/h5gV6AUTxfrKOt7Yd58ht9n0hhBBC3HvkN8+3o1KLQTEEv8C2L61OQzR4WnXoKx0bPWz6WkeTmxq//i3vKPEeoO74aoabGs/+Glzd7N80YajUQ18N3q0JrhLvwCGg19ndeEqJ64BgWp8A4xaMj58JQ4UWMFF7UQeDRhPQruyuadIWYXQLJnDwTRKvbmivFhYr4NRBRu81HD+fGko+SLclzgCBGjy78/E61vNc+go8R0be4aOyAKue2vy9nNi2hPTF/025KpJhw69rP4UHqv4aVL27/5FFTkOC8TPnkrcnC4PRtg88A+36n1WHvgo8A4Pb3vMajI9dLE3ntRhutd/tddiHlXgPH4JT8fscO1pMkxnAA59+Hl27qleppbbRF/8R6q6sdXusJlB0cNXRkb7haJxWAFecOmpWswkLSpxa21GJykvpeHt1Zx8G2w3D7vPF8w7OHzczuJ8XLpUX2X3BljiDM/5ebo4/AuqaEd0V8OptN/VEqaKv0u6kUFuH7poLfe1PFD9W4YUZw7+AxnLe2nWYxS3/3s3mg0tw9cvTLNtzirwuJs7O7p74+nri3u2P/RJCCCHEd0GS59vxVRaF//AgdMFKgoZq8Bw2h9jZ0XAmgxJ956sDcPoAZyo1PPifywhQa/COWkl0hE+Hi6oe28LiXYeYEtH+27TxeAblRBP97Bz81Br8xq8kLsaDqk8zmn+/3EyTQFxCNN79RxO0MJkgRQFFn9mmjho+2U4JsUxZvQzNUA2egZFoJi1jcsp8xxPPwnTyCnsT/vwWwscE4+kXjN/4ZUTHBndfewFgwlClg8BIhgX64OSihJYYr1RQZ/TFP6w52esdSdTcuO5NntFT8uHHNIUuY8aCBPzVGjyHRTMicSPTEiM7X71F6CLi5s4hYLAGlU8wAZOi8UbHpS+vu5CgSWZ2WjZJT3WhbAdZKrUYXIIZMtLW55wGzydmkv2N5nSUZOdCRDKxMaPx7B9J+MIE/OwLOZfOydPN+z1iNJ79g/GPmk/06rWM6N1+ex33YROGr3QwMIIAHyW2m1ytImpkFy8WmLPI+5MOv19uIW5SJN5+GrxDE4iaHX/jDfzukKVKh8ElGE2UBicXpd11HAf6hqNxNlZQZ/TAf2wkKjelrZ+3qCzmklHNsPG2mwu6hiTzYJeeB91NfbiZ54TnSd36/0gK6/6nGld8YwTvvoS5AyjoGzSK+P5dOaCbyPvia5w1QcR5KrA9z3kIQfZXGhrKOVIOYWMfIq6/B/4+/ZgbNRD3b3TkfQNgpfpyPRUt/2qvcNkMXG1Ad7mp/Z27HRA0ezOpW9cS39HMCiGEEELc9WTa9u2wFnNi7RLcli4jbssc26OXCraz741djj/qxZrLsXUbcE9JJvGdJNujqj79HL+ILozE6nexf40PU55JZt47a8Goo/zwcg7usXv8EiaMeR9TO2YtSU+psVTlcmLjCk63JK2XMzj4vCvRC+YzZXMyKkU9xsoizmfvoMlKW3J6S1pOrZmHdeEqxq74kDg3MFbmcnLbrua6dkN7NTMe3sqx0LVMfDufyS52j6oyZ3Fk0y6mJafx3FQTTVd0aA/spXzo420rR6WSsja2bcRt6CFenE3bo54c2L7l1BrSXq4nbs4yEqfZHvFkKCug8IMu/I71nyZcQ2czbdpKVG7QVFnAmU1LOOFwERqi3s4memjbOzOaH51ke/xW/U3Ws1O6lYM7NUxZfoQUTBirCzh5OAf/hLZFjFnL2ee/hbjkD1ms0KH9OIOS4Um4Wlv6qJZT65v3e8oe4lTQpNdSUfA+5xodq4lh/2qyAl8lbkc+cY1XMJZmcPKojmi/ztdtY6JqxxO817CO6CdSSXrW9gio8gMbmm9G1Rnbo7DmTbMbEd5cQjjAmZfZtGxH2x3NS9PJPhBG3LPZvLCKdo+q6rxvOBinOYfj72QxY24qz01Ttn9UlTmL46lZzFi4h5RJNdR+kcG5gnr8uvDzim7pw9+B6rN/I83nIebNnc48k5nLNRc5Umpkpkfn67YwFP+N13tHkpTwOLMwU1F+ibMNHna/RrnKZ58cxXdCODOnTWJBLzPVlRfZ+slZLl67RcG3xRl3N2cw11FX191lCyGEEOK78KOBAwf+OzAwkLKysp6Ohbsljp7iPT+bpNCPSU1+i+65N03zc56rF7Z7pJMQt8UtgRl/XEnjxjEccuRO2kKINoqhzN+6gbC//xe//l0h3f1YbCGEEEJ8+2Tadg/yjJrPiPBgVCoPXIfOIXqimqpjn3RT4izEHXKLZMS0ePz6++Ck0qCZPZuAxhyKzkjiLESX+Y0gyL2QzAxJnIUQQoh7lUzb7kFOPmFEJCxmipeHbcp11nL2fXB33wFX/JB4cN+EZcQ8tQWViwmjNoectaspd3BKthDCTuWH/GbOhz0dhRBCCCHugEzbFkIIIYQQQgghOiHTtoUQQgghhBBCiE5I8iyEEEIIIYQQQnRCkmchhBBCCCGEEKITkjwLIYQQQgghhBCdkORZ/ABpiHq7hKS5wT0dyJ2LSiXlUCpBLj0dyF3MJZbJH5WQGOvR05EIIYQQQoh7mCTPNzNsLYszf88IFyUBKfmkrI6X53r1OCUBS/N54dU5uN5ROVeo+jwLbVl9N8XVg/QFnDtagMHa04H0tO7qG3fGM/EQL2xdhEoxmui0EmZP9en+jfiN4ne/juJhJwiLmca7j/XDud0CCiZOm8mbUX3gx0PY+OtYfuHZ/WEIIYQQQvzQSD4ofoD0aHcs4XvxRO3SHRza1NNBCCGEEEII8f0nyfPt8okl+tllhIZpUFn1VOX/gcw33qLiit0yUamkrFKS83IxQ+bOIWCAEos+lyPLnuR0FTgFziE2JZkQjQdN5VnknVUTHXGe9DkrqHBwJNE1dBFxz/yKoAAfuKKl/JPNHEzLwmgF8GHUq8d45NrHlLhFEjSgN07GIk5tXUJOvr61DCd1AtHJiwgdqcbVqqcq7w8cfOMtqozYprz+cQt9st6kLjSBYQN8oSqHI68s4fQFU1sgqtGMWriKsRHBeLuBUZfLyR3LOd6ynU7aS5XwIYsn6Th23IeQmDA83eqpOLyafalZNKFEsyqfxEdbpt2uJeUvawEwHn6S11/LsZURtZK4J2LxH+CLSmHCUJpDXupqTpW2jDCrGbv1M2KG2V5VpU9m+87itjo4VFclqqhlxM19HM0AW5trD28gc2cOxtaCNES9fYiQwjWcUM0kKioYTxcTVQeWsD01B/DAb+o64hKi8fNRgrGGqvwd7N+0y/ER5DFbeO6VeFQAjVns+/lCSswtH6oZuzWbUaYC0IThWraLvNJIIqZqsOStIX3dXgz4EDB7HdGPhuHt54OTWU9twV4y39hs14d9CJi7hbhpYXhSQ/nBDJomJqHaM470A/p2+72ljobSTHLeWENRmen6iDvmMprwpat4MFSDp5eHrQ9nb+bgOy19WMmIl/5OnHEJmzZmNYe1iHm7EqhYGkP2ORzqG7b14ojZsojwob5YKq/fr+33iaWqgKL0DWRm2/WPTvergxTueP7EHRrqMDRcdXw9IYQQQgjRo2Ta9s2Y6zFU1dAEWK7UYLhswtL6oYaxq7Yw1iuXzCUxvPnCVi4FLiYxZY4tmbGnCGPcL9WUbJrIpvhxpG3NQG8GFJGMW72SIY17ee/pyaTvvsKwmNFdu5rhlcCU1Yvxu7iV9KdiSEvNRfX4FmbMtP8trxJVWBjsmc7rPx9DWgaEr9rCqJbZpL3jmbJpJQG1O9j3TAxvprxM+X0LSFwabzf9VUlA1BC0L8ew6efTyfkmktj5CXafawhfm0ZsSA0nNz3Bm/Ons+8jLW5+vl1qLye/aALNb5E2I4jX132KaupKxg1TAia0Lz/A+glBpB/WYzm1hk0TAlk/IbBdcuTqpcTwl83sWzaZNxcsJKcymJiX1qFxa1lCx4nkQNZPiCGn9GbJ3a3r6hS6ktkrYiF7NWnzYtj+WhZOk7YwbZrmhnI8YxYRpN9O+qwHeGXeQvIKa2wfBSYxZWEkxg9Z9+kpAAAgAElEQVQWkjprMttXbaCw0tS1fZ+/hNcnBLJ+TRZNN6mHqjGH/b/djmFoEg/2Tif9hV00RcwmqD+AK65uVziXvpz0BTGkPv8y5b5zSExpm/asin2VGQm+6FKfJDV5DecDEhjho7TbhoZRL6YxcWAROWumN7d5GFNeWkuAo7/BVvjias7l2GsL2d7cnsRsYcbM69vzZhzrG6AkYNJULPuXsH3pcoquRbffrxHrSEyOxPjRErbPm87+T10ZsTSVmGHK67Z3i/0KWBpqMHzzT8BEY00NxsYO+llgPGu3prJ5dpCDdbyOpZGa+ibM18DcaKTuXzdecTH+q4G6JitcM1NXb6Th2u1tSgghhBBCtJGR55u5sJn0ec3/3zaZ7fafBcYTMryeMys3UFJqArRkpUcwLCWeIJ9dnNLbLaswUbJzOaebk7XavAzb++FTCe2v4+S6zZSXAWUbOBYRR2KI4yGqxs9Eo8hh/xu7qGgEdBvIDIlj3oR4vN8vprblO3XhXo41jwDXHtzBuV+mMuJhNac/1OH5WBJBjXtJe20XVVYALdk7IxjxX/FoVBkUNY9mVmVvp6TSBBRT9L9FxDwxHD8FlFuBkNlEhFzh1LIlnCq01dNQWUxFV9urMZe8Pbm2ZLDgANrLj+MX5AvndA61R+2BNWS3vtJi2LmXUY/OITBAifacgyOht6yrD0EJCbgeXcL+vVm2iymVm8n+JJakCT9DtV9rN/oMfLWLgzuzbO8Zcymqan7/Jz6oFDUU5udi0AN6LbXnHA7PQSZqC/9K1Re+VOiT8D6TSe0XkVwyPk6f+5RQqaNk2wq75bXkfBRPePJo/F12oTWrCYqJhLzlZGXlYgFObf0DIWN+07bKsNmMHanl2Lw1rXUzbN3BsD8uY0SYkvI8B9q8MYvjr2W1va7cSl5eAokjI3F6T2t3werOGY5sJufo58Dn5GTOITShZb96oImJxrXwTTI/tM0gqE1fTV7kIR6MiyT73HWjyjfbr4DxwJOkHrD9/8Tyh7sxeju1Jaze2fz/49ksvmEBKyc+OcwJAOp5deeX304cQgghhBA/MJI8347+Gjyt5zl1vi05sJzXYlCE4dNfCXq7pMF8Hl3xjUmEaz81ro1aqipb3jFRVabD4nDyrMSzvw9U51LbOl3XRG3ZeYhR462gOXk2YayqaEvqzDpq9RDorwFq8B6kxmlAEkl/TmpfvLUYVW9A31yGvi2BtTSawMUVJwVgBVfNCFSNxZTdbDTXwfayXKlpnqoL0ITFDE6u14/83ZzT4DnEPDOboKEaVK2jzXpq3R0uglvWlSHcN0CJakwqL8Ret1qlLyoFdvGbMJZ+0T6ZblF8gDPljxPz9mcMOfM5VSV5nDvyMRV6xxN8R1jMVwAPLFawmE1gNWG1KlE4AyjxHL+SuFlx+Kt9cG0ZKTbn2E4KCjU+fmA4U9yWwF6+gP6KiT7NL12HaPB2GU3M7jJirtu21ss2Y6BzagJmryQmNhJvH4/mdgbOuOAKHbffbTFhuNT2K3eL8YpdH/bF20/Zfn9ZtVRVmFD1H4wrOXaj+7fYr47S7uHZmXvupAQhhBBCCNEDJHn+1pmw9PCdkFsTkpbXtE9ILafWsGn5ro5H+e6VRyApIolesxJN2X+zb/77VFTVQ+/5zP7jgm7ekImqHZPZ/l7ntxuzXO14QjWNueQsHEdh2KNoQiMYMnktY3/+CPueXkjJ5W4O92bUyUxb8TiWvcvZ/kEOBqMJp/GppKxw/GIFgMWYxb4ZC9GaO1+2I6pJG5mR0Jszm54gPa+YJrMS/2ePMTvwFispbvHZrdz0OOxinW+2X4UQQgghxPea/Ob5dlRqMSiG4BfY9qXbaYgGT6sOfaVjo4dNX+toclPj17/lHSXeA9QdX81wU+PZX4Orm/2bJgyVeuirwbs1wVXiHTgE9Dq7G08pcR0QTOuTatyC8fEzYajQAiZqL+pg0GgC2pXdNU3aIoxuwQQOvkkS0g3t1cJiBZw6yOi9huPnU0PJB+m2xBkgUIPn7SZaHbGe59JX4Dky8s4fh2TVU5u/lxPblpC++L8pV0UybPh17afwQNVfg6p315I7RzgNCcbPnEveniwMRts+8Ay0639WHfoq8AwMbnvPazA+drE0nddiuNV+t9dhH1biPXwITsXvc+xoMU1mAA98+nm0Ow4sZsBF2fZeH19cO9ivN+0bndJRWwWqAcPbfoOv0ODnr8RYdeEmvym/Awp3PO/zxdfDufNlv03O7nj6+uJ5B8e+EEIIIcQPiSTPt+OrLAr/4UHogpUEDdXgOWwOsbOj4UwGJfrOVwfg9AHOVGp48D+XEaDW4B21kuiIjp8Jq3psC4t3HWJKRPskxXg8g3KiiX52Dn5qDX7jVxIX40HVpxnNv19upkkgLiEa7/6jCVqYTJCigKLPbFOTDZ9sp4RYpqxehmaoBs/ASDSTljE5Zb7jiWdhOnmFvQl/fgvhY4Lx9AvGb/wyomODu6+9ADBhqNJBYCTDAn1wclG2jUJeqaDO6It/WHOy1zuSqLlx3Zs8o6fkw49pCl3GjAUJ+Ks1eA6LZkTiRqYlRjpeTOgi4ubOIWCwBpVPMAGTovFGx6Uvr7uQoElmdlo2SU91oWwHWSq1GFyCGTLS1uecBs8nZpL9jeZ0lGTnQkQysTGj8ewfSfjCBPzsCzmXzsnTzfs9YjSe/YPxj5pP9Oq1jOjdfnsd92EThq90MDCCAB8ltptxrSJqZPtlqs5rcRoei8YHcNEwYkYc3jfs11v0jU7Vo83OoilkAXHTo/HuH4xm9koiAnQUZec6WojjAuNZ+0YqrzxxmzcM6ybODz3D71JTeX6CPARaCCGEEMIRMm37dliLObF2CW5LlxG3ZY7t0UsF29n3xi7HfwtpzeXYug24pyST+E6S7VFVn36OX0QXRmL1u9i/xocpzyQz7521YNRRfng5B/fYP17HhDHvY2rHrCXpKTWWqlxObFzB6Zak9XIGB593JXrBfKZsTkalqMdYWcT57B00WXEwAdFyas08rAtXMXbFh8S5gbEyl5PbdjXXtRvaq5nx8FaOha5l4tv5THaxexyROYsjm3YxLTmN56aaaLqiQ3tgL+VDH29bOSqVlLWxbaPGQw/x4mzaHvXkwPYtp9aQ9nI9cXOWkTjN9ognQ1kBhR84dlMzAP5pwjV0NtOmrUTlBk2VBZzZtIQTDhehIertbKKHtr0zI7MMaHn8Vv1N1rNTupWDOzVMWX6EFEwYqws4eTgH/4S2RYxZy9nnv4W45A9ZrNCh/TiDkuFJuFpb+qiWU+ub93vKHuJU0KTXUlHwPucaHauJYf9qsgJfJW5HPnGNVzCWZnDyqI5ouyzd8PEGckZuZEra34nTaynJyqQiIvqGsm7aNxxgyVvNe6nriEtIZeHT0KQvpui1heSc6d7fod9NXNzdgQbqLjf0dChCCCGEEPeEHw0cOPDfgYGBlJWV9XQs3C1x9BTv+dkkhX5MavJbGLqlxObnPFcvdDiJEOKm3BKY8ceVNG4cwyFH7qQt7mLOjH3uHVIGZPGb3+yhrIfvyyCEEEIIcS+Qads9yDNqPiPCg1GpPHAdOofoiWqqjn3STYmzEHfILZIR0+Lx6++Dk0qDZvZsAhpzKPoej8b+YCiCGHH/VU58mCGJsxBCCCGEg2Tadg9y8gkjImExU7w8bFOus5az74PO7+IsxHfDg/smLCPmqS2oXEwYtTnkrF1NuYNTssVdzFrIjoVP9XQUQgghhBD3FJm2LYQQQgghhBBCdEKmbQshhBBCCCGEEJ2Q5FkIIYQQQgghhOiEJM9CCCGEEEIIIUQnJHkWQgghhBBCCCE6Icmz+AHSEPV2CUlzg3s6kDsXlUrKoVSCXHo6kNs0bC2LMz8k3KenA+k612kf8sLujfgrrvtANYfEzHziQpU9Epe4B/mN4ne/jiH+x9/N5tz7B/PbudPZvzSR/UvGM7H5/NE3PIb354xk0HcTRjMFD0+eybuP9cPZwTXuujjd+zF3xhTeX5LI/qXTeS6g+7baM3UV9xYVD8fEkJacyP6lifxuXJ+eDugm7pU4xXflXj2/yaOqbmbYWha/piYnfiHGZ48xw+1lXl+XgaWn4/pBUxKw9BiJfbfy+vJdNN12OVeo+jwL57L6boyth+gLOHcUDPKs3ruHWUfZ0U8xftNzz8N2evT3pDxrYt+MhWjNN37umXiIhf8nkzefzePBHXvw3z+O9AP67g3CbxS/m+nOnreP0xA9jeec/8a8P33N1a6U4dKHuPGjiNd409cZDIZqPs48SkZLqG7e/CJ6FJMCvfF0tmK4XM3R/y1g5wUj4MGs2ZP4RQcXZhqKP2XeJ9VcBfreP4q5D/QjqK8Hnk617N6ZzQeGO659e7eM0zFhMdP4bYhru/cMhZ8yL7v6hmU974/k9ckDcdceZ9YB3XVt7srEqGAG1/yNxXu/pu7aNRo66CMd8hrMcxOCGOnrjqczNBjrKDhzmm2namlwuCaOcCZk7EMseKAf/kor1ZUX2Zl9mhPf0in71u3VuUGjRvGY+yVe/f3fKTFdw9xRAZ5DWDcrnBDLeV7afoqCa90ReXPR6mCefuR+wn7iCiYjF/9xlq1Hv6Si9QuLK2GR4cwN6Ye/m4KrDXUU/P00/5NfjQHgx0PY+FQ4Q+2HU67VsvOdbDL+CeBMyKgHmDHiPgb1VuFOExe/usC+v55t3Sch0VNYN0p1Y3CXi1mx6yyljtTXyYOJ48P5xf3e9FWC4ZuvOfLXv7Fb17U94uw1kHnjRxDR3wNPzFRXl/DW/mIKW9qjs/OKRz/mThjFxP4euPcyU6G7yO6/tPU/Zy81syKDGNvfAy83Beb6WvIKTrPz73V2x0FnfbiTfQI4+wxmwaPDieirwh0z1ZVf8kHOaY5cbv8H33ngcOYNgyP79vPxZStYu9Jed3qsdd43Oo3TpQ8TI4OJG+SD2sMVGuspKS1i2/G2Ptw3IJgnHgywnXsUVqr1lzhy/CQf2PeNzvZrd5xXOukbnvePYulD/gzqo8K9lxlDTTVHck+xu7z5G2uvPsRPDmfifR74u7lw1VTPRW0J245e4GJHf6tvcm7yv38UCyIHEeTpAleNXNSWkJZzntLmMjr9e+HQubyT9urseHVgv3ZJR+dQt8Gse3oMITcMBVspyPqQl75oPla64/uIHUmexQ+QHu2OJXwvnqhduoNDm3o6CNGOOYcTG3N6OorvARVxkx5lXu9LvJ9zlNIr4O7lAa3fGxWMjR7PrH6X2PZRHnkNzox88CGSJ0VQtzObjPp6Dh/O4pT9rAzXABZMDaBCW9v6R9NdCXWVF3i/si+zxnwbUzg6i9Pxkq5WnmX90a9p+Y51taGDlX88kKcj3bl8Gdw7KqSXir7uoCuppqKxi18delmo0f2DtJP11Jms9FEH8UTUeJabDrO68PYvZ16vb0gky8eoyDuSzat6NyZOjGDpZDMr/ljMxW5MOoHO28sBvh6uUFvN2fqrHX8Z66UiPuZ+3OuM0N2zC9wHkzw1mL7av/HiwW9ocL+PWT97iN+Oa2Bxjq2f930gkuXhbhz9czYv6a7iOWgkz02IItl4gJe+aI74mpHP/nycP11uLtd6lYqWb9G9ejMywJ3q0i84Un2FOidvHhs3kuWPw4p3bYlxyamjLDunsBuVVzHxsShCLugcS5yBoRHjWHR/Ix9kZnHksoLAkeEkT43k8q6jZP7TwfZwU5M8/SFG1paw+9DX6Kwu9PVW2CUEnZ1XVPxiUhSP/eg8W/cepfTf7owbF9mu/7n43UfQtWoyjxVz8YqVvoOCmRv9KH2uHualL2zHQWd9uNN90subefFjiPjmNK/uKqemlxcTYyJYNNWM7rqLES4qN9wb6zhb3URDF4+POz7WHOgbncb5H96E+Zj5vOAUe2obwSuAJ8ZHst65iQXZtoucgYH9cNdfYPfpOqpNLowcHcqs+Ee4+m42GQZH9mt3nFc67xvKa2ZKi87yp8sN1FlcCAoZxayp4zC9m80HzceWue5r/lRSTMU/zbj06Uf8uDG8qGgkOevr9hchb3Zu8g7mudhBcDqPFWcuY/YMYO5j4awYX9/aXtDJ3wsHzuWdtVenx6sD+9VhNzuHNn7FW7sv42k3A9BlwCheHGPlRNm3N6okyfPt8okl+tllhIZpUFn1VOX/gcw33qLiit0yUamkrFKS83IxQ+bOIWCAEos+lyPLnuR0FTgFziE2JZkQjQdN5VnknVUTHXGe9DkrqHBwn7uGLiLumV8RFOADV7SUf7KZg2lZGK0APox69RiPXPuYErdIggb0xslYxKmtS8jJbxtlclInEJ28iNCRalyteqry/sDBN96iygi4xDL5j1vok/UmdaEJDBvgC1U5HHllCacv2I2sqUYzauEqxkYE4+0GRl0uJ3cs53jLdjppL1XChyyepOPYcR9CYsLwdKun4vBq9qVm0YQSzap8Eh/1aN7YWlL+shYA4+Enef01W6KiilpJ3BOx+A/wRaUwYSjNIS91NadKW04YasZu/YyYYbZXVemT2b6zuK0ODtVViSpqGXFzH0czwNbm2sMbyNyZQ9sYkoaotw8RUriGE6qZREUF4+liourAEran5gAe+E1dR1xCNH4+SjDWUJW/g/2bdjk+gjxmC8+9Eo8KoDGLfT9fSEnrVUs1Y7dmM8pUAJowXMt2kVcaScRUDZa8NaSv24sBHwJmryP60TC8/XxwMuupLdhL5hub7fqwDwFztxA3LQxPaig/mEHTxCRUe+xGKZv3e0sdDaWZ5LyxhqKyroy6KvGJ3ULS1Fj8VPVUHd/Gwdd2UNXYvIlO96vtOJjyzK/QBPhAox6DNpOcjWsoaenm3RCn0+A5xC5rOV5zyDt73QIuCSQe2ohGAaDn1LJxZJ5pX75q/FqmLUggwMtEbf42SlwWE9643G5Wiw/+ieuIi4/G2wssVQWceWcN2UfbLvXcqq5Ok3bzwtLI1mUTM8ts/ynbTurTG6jt0t8SZ9x/0gd3awM1hu4dV2zdgpeaeeNHEtHfA3eaqK4sb7uK3z+I+P71vP9ubttI8CW7UdZeHgT5ulB94R9kXrIdfZ+dLCc+JJhBXkA9GC7XYT+I7B8ejvpfOnba/VG9WHiabYDzQA9m0kHy7DmQBdHDGO3nQV8lNBiq+exEAWklxtY//s6eauZFj+RhtQfu15q4qC1i26fNowAOxNmi79AxbA4LYJDzVS5qi3jr0/PtRyOajJRU1d3iS4eKuEdH4n76OJ9pYpll/1GvvjyX9CgPt3wLmzCN/ROAa1/z1ttHOdKynV6uREQ/yovBfXG31nO24G+8nt88GlH7Jbtr7cq8dAbfwVN4vL8XzoUtV/GdCQl/kLmh96FWKTAbqjlyvICd2rYzZN/7R/Hcw4MY9B9QXV5MgQJoPVRUjAvpB/84yrYv6rhKHTv/epGxCYOY2LeYbZcciLM5hlkj+uLv4YqL1Yiu7Dw7c0oobHSwvTqNU8HE+JksGtzyOor3lwKY+eyjD3m9vK2cQeERxDWc5a3Lwax74Pp91nl73aquzur7GOlcS9pnX1LaCBjOs/Vv/Uh7+H7CjtVywgL+vr1xrv0HGSV1VAPVxec48eBAxv5EBdQ1b+Qadfo6SjuagHKtlt37j9q9UUuJwpvdj/Uj3PMspZfh6j/ruWif4PoF8JyqjmPFdXZv3qquHoQHemAo+Ru7y20HRXXuaUbe/ygTh6rIPGV0aL/6PxBMxNUSXjx4ltLm0a1SnV0InZ1X3O8jvK+Vgj+d5TO9FTDyQc45IuYMae1/DV/ks+KLtlUKKxvpGziJ+EE+OH+h46oDfbjTfeLeh0EqM4V/PU+hwQp8zftFtfwipg9qJyg1Q9/RMfzuEe/WONYtGWJrt5NZ/OcxW7vf8tzk6LHW0u6h9zFIpcBsrKOw4BSvna7jqgN9o9M4Ded5dZ9dEZW1mH3VrBukJqhXNYXX4ERONifsFim87EpIUjhhA53JMFztfL86UlenPsRNGMVjA/rQ190FGus4W3yW7blfU33Nsb5RrS1mt91WS/XOhARFMvI+Zz64fBWu1ZF5zO6YuFSL8ScD2TikL/69vra72HDzc5Ozdx/UvWpJy/+aiybgnyUc+TKYMO8+eFFNa61v9fei03N5Z+3lwPHqwH4FOjmX29z8HHqVan1dW51xZuJDfTBfzCev3bm+e0nyfDPmegxVNTQBlis1GBpNdlO2NYxdtYWxLnvZv2QhVS6RRC1dSWLKP0n97S7aTcRThDHul/X8ddNE9n0FnqGRuJoBRSTjVq9kyOXtvPd0BsYBs5myNB4n43nHY/RKYMrqxXjnbyB9fS6WIbOZsnQLMxqmk/ZeS1KoRBUWBr+dzuv59XhP/z3zVm3BMH8Wp/VA73imbFqJd8Fm9j2Ti8E1mAcXrSNxaQWp6zKap0YrCYgawskXYjik1xC+fg+x8xM490LL1GkN4WvTiPHJJXvTy2i/MqEKiWeYny+gd7i9nPyiCTQvJG1GLozZyLy1Kxn31xyyz5nQvvwA61++9bRtVy8lhr9sJq+oGOO/fPH/5VqmvLQOw5wlaBsBdJxIDuREc3I7rMNGvXVdnUJXMntFNLXpq0k7rsUyIJ6YpVuYdmU66fu17crxjFlE0IENpM/KwagKI0jTnJUGJjFlYSSGbQtJPV6Dk7eGgPDeXTsY85fw+oQltgs0Kzquh6oxh/Tffk7c/03mwaoVpL8wmGmvzCao/15OVLri6naFc+nLKT+vo+k/gnlw8ToSU/S8+VtbXVWxrzIjwZdzbzzJe8VKNE+/SpyPkvLWbWgY9WIaE90/JnPNaiq+6d3c5msxzltBuaNTQV2CCR1XxMHfTqbK7RGiV6xixoILpL6RgwUH9qsiknEpi/EuXEPa2lyaXNT4jRmFpfVKZDfE6RJJ9Jq1DLn037z39Cc0Bc5nytJYnK7YHa/mvbz307223zzvS76xDPUiZqQk4HR4OdsPaHGNWcm0J5RwvG2fec9OI3HSFfJSn6RIewXPsclMSUmlsWoyx0tNndbVcngW6w93Pm3b0lCD4Zt/AiYaa2owNnZwEUERwq/+7yom1H/Ib36zhy5fxLU0UlOvwHwNzI1G6q5eV4C7mqUzogiqOsv/7P2SsqvODL1/MP7uQD34q73xulxNw/Ao3gzpSx+av/i1TEe9Vk/hpSYeU6sJc6+loMGZQff3o2/jJTJunMkMvfowcUQfqktOtf3RdoSbG87V59l5Qk9ZA/gGjmDRT8djNhxmZxW2ka4ZY/AvP8Or71ZT59KHidFjWDGxieQ/6WhwNM5e3kwcVsfWj/7ERZf7mPtYOM//n7rW0UMAZ3U4ackP4fLvxg6TQf9RY4h3KmFNoZHRmuvqca2a1//nPV7v5c2CJx/F/+R+Vv/9xq9Vzl4BjKspYOO7+dBvOMkTx5FsOMSr/7h+WQV9AwYR8RMrFSX1rTEOGvMIyx8wk5nzKa/XWOkzeASLYqO4ujeL3XrAK4jnfzqIq2fyWFFkxHd4OMljFPCP5gKc+jDYCy4WX2770qevpcwSxCA/V7jU5ECcCvq4NnIqN5dtNQ00OPchbuIYlv+0keSML1svqNyyvTqLEytHMt7jCArGPvY4S3vlM+vQjVO+nf2CWTSigT17ddSF3HifjU7bq7O69gKuWblq16fNVisoPRjsAScuw4VKPQ1D+zHe7x/srrqKZ/8AQv7DyOfl9iNR7kz8xXQec1bQUF9N3onTpNnt1+u5OCvA0sjlDr+gKgh7IACv6iKOXG5795Z1/UaBcy8w/du+HCvmawrUfn1wxsjVTverMyH9PbhceYGQn8ayYqA7zqZ6Ck6fYttp25TqTs8rvRTNbWgfhpWrvVT4ezvDpQ5apJcCdye4bGy0tZcDfbjTfdJQS4lBwVhNP/qW66hGxcTBXjTozlLYfE6v/jybaZ+De8h40sY2sP6d685tnZ2bHDzWBo2dwIvhcDTnKFt1Tbj06ctEtQp32l+cvFnf6DTOGyhwd+4FDUbqbracswJnzFQbbQt0ul8dqWsvF7ws1WT8+TQldVdx8fJn7s+ieO5ff2LF58au9w0nV0JGBhB0rZ7Mmo6PJHcvNRMHu9FQU0uFXV1vdW66WlXLRcswwoI8OPL3evhxPyL6Kbj4hV3iTOd/L+zb+4ZzeWftVe3I8Xrjdjrar539zensHNqOx2AmDrxGXsZ1o/idfR/pIkmeb+bCZtLnNf9/22S2238WGE/I8HrOrNxASakJ0JKVHsGwlHiCfHZxyv7KrcJEyc7lnC61fTmtzcuwvR8+ldD+Ok6u20x5GVC2gWMRcSSGOB6iavxMNIoc9r+xi4pGQLeBzJA45k2Ix/v94rZRpsK9HGseAa49uINzv0xlxMNqTn+ow/OxJIIa95L22i6qrABasndGMOK/4tGoMihqPklXZW+npNIEFFP0v0XEPDEcPwWUW4GQ2USEXOHUsiWc+v/svX1ck+e9+P8+hIRkyTBQEESiPISBIlSEIjDUUuEMfEJnrasePbqqPU48s/M4nZ161LWzx2Nrf8Xar3bT6eza0tZia7WFlqIMnBW1IjWUB7EBJYZCxDBIIOz3R4IEBHJj3eke7vfrxetFkvu+7s/n+lzXdV+f6+Fzldn1NNWXUzfU/GorpuS1YrtTXHqMqqbZ+EcMhyvOw8YD03hsC3l3PlVhOvgGMY8sJjjIg6orwmcYB9bVl4j585EXruHoGyftgyn1u8j7MJ3lU3+A6mhV74GTrw7x3sGT9u/MxVxucHz/gC8qyU3KzhZjMgLGKhqvCBZPIBYayz6l4Yvh1BmX43PxBI1fJHHDPBuvER5Qr0e3z9nrrqLgnUzisiYQKDtElVVDRFoSlKzn5MliOoFz2b8jKv6/em4Zs4iE6CpOL91yRzdT9quMeX0t42I9qC0RmOe2FnSHnuVyRc1dGFcAACAASURBVAtQxYmjGayen0nQ3gKqrALsKtGg9rbv52moNwJ6TFeL76+c0bMY51/FZ1v2OOrrFgrih1ZffabOJvDWuxz4TS4NVuDwLi5OSSKu+wJZCgmzNNT+ZilFhfZKYXr7WUom5fHQlEiKKs671lUg5mM/Zu8x+/9n1k8e8v2CaNSx+aDj/6I8Vvf5OTAykliqef5EOWe6O4Nnz9353UupQOodQmabjoO5l2hWaViYlsQvu7qXo9oo/fhjDqRPYf2TEUi7gLbrHHnnT5zqp4Mg1YQxxbOZ45eb7/5xMG7o2HOj56Ph88ucfjCdqAAVNJjxGxNBYkclGz6udiz9M3OkyI8pmaNJlOnJtwqV00pJ8QXHjEYl+0uDeGliCNGFjZR2gUH/JQf1jdSYbMge0JCZHMOm2fCzP+jsba13BFlxcCKnEkOX0NBb/WA1kFtQ7ZjFvECONoisMQEov7zm6IyoeHTBTBb6A11WKs5+wvYLjpbPPYDMGE90p49xpMre8am7cJ4T2lmkhntxxNhMSEQQIe3X2Fx8nZouqDlzgYiIdFK7n+8hx8vdRnNbB+HJ09kUYST7SA1mCwQqZNA9bDqonO2cKrrgpJSZI6WjmTbVj1C3a/a9ci7yy6WcQnD3YWFaCDeL8zjVCoF3/e46v1zqer2RGqJJjfWh5EwjrQo/Fj7ohxQrSoX9dtMXf2L7d5LY8KNHeRSgy8yZjwvYp3d0EqwtlBSXYrhxi+YuBVFR0TyWPhVlx/u8UN1Pp1/mw8KH/Gi6UthvXcMjkAytG5c+re3pzLvStcg+yJSp/R6TLzZzygSBY8aQoAbpbRkyoMOlXRV4KyV4+48jrvwcO94yo9JEkjXlYbJa7Z1xl+1KqwGdKYbU6BBC9JXUdMlJiA8lBNArPKAfl8AvMprJCgM5Fx1TeQLKsEubdDVz8J0SlLMTeSUrGYBWQznPvVNNf2OD/eGybZIKqGsOu+nPfMCeckc9bzGz79oAD3VVNgQg9YlgnraLM/m1Pf3I3leQkBCG5utK9jlGdV3aVUi7YjVw5GOn3G3RkVM1hk2aB5CeNwsvG4pQti2PJ8odsDRz4vjHdwbCuol6eCbbJthjBJiqL7D9I32Ps+eqLTfp2PGejA3TpvNmCuBmo+7zEjad6Xm3uXxfAIO25a7yq0tIfRVo18HaN1dtaB9CokMJN9dyQN/HOXbRHxkqovN8L4zUorZVcq6yp9PdWVmFSRKL70gPMDp1xq2V6Mvv7pzLAzTI26poqO/+xkLDVT2dgjvjHqhH+oKhmMY7M0sWGq9WQpoGHwkO59mCuaGux6mz6mk0QnCgFriJT4gG91HLWf7R8t7J28pRDcM+cYwFs7HHge1ss4BMjrsEsIFcOw5VWzlXKwZwQgTmV+etm47l5gDtdFrBXS48YrF76GLSfrKIiHAtKkX3t0Yah7SRbRBdCWPEKA9U8Xv5RXqf2+qHo5LgJL8Fc8UXvZ3pbsqPcbF2NmkvnyLs4nkadCVcyX+XOuNQljq7ptN6C/Ck0wadVgvYLNhsHkikAB6op2wkY2EGgRpf5N2rVa0F9kZBosHXH0wXy3tWXDRVY7xloTs+pjxMi49sAmlHrpLW59lV3h44rW8cHJueG07B28xX9bQrNKgd5c+lXa2fcCFvFfOy8ln5SDG1FZe5WvgmOsf6w/shpzxAg6pPfW0cYn31GaWhs+5wT321lWOsd3q2XyQjhnniv+4sm9b1vru9YbggXe8rtvO8/MRcXr7/KQMSAod7ws3KO7MofZG5Ae4tnMgv58xtgHIODtewKyrI4VBKCJ8wkcd8vubI20WU/VlG+PgYFs6eyM3XiznVa4+klMQoDcr6i+QPNRiYhxeZD8eQEeKDn6JnY1Wd3B6hJNjfE6m3D7vW9BkR72pELQesAuXsakFv7HnhG76+Rat0GIFKKL0NdTqnAcmGRnTtCrJnhpHqr+PgTU8e/cEYKO3e/3fvdPy5xb4U0P6JuqZWCBmGH1ADgJn8D45zXi4jcFQECx6ayBLDR+yp7gCVF4EKGSHpj3K0TxvZ2qJASgvD1UporuzZY9jVQt3X/c8CdLSbab7d/z5OV3L6aaNZnhhKhJccZXdPx6pH6QbgKr8kQ5KzfyREJU9kyq1LPKUbYD+4y/xqdq2rqZLsAm/WT07j9/FAp5kz569R4zcCHLIrR48jK1bBubxPOGGw4qUZw/KUKaxq/Yg9tR1gMZB7tsdpqKhvBu+ZPDYugH3V13rP4LipyMiYxOS2S2wuNPQbKM5vbCjRXTfIrnTqPgvQtfRUMbkzksj68WM81WWj1VBJfo2VaU7+w6B2degrba1m36d6e3k1nuPd0FksjPBH+qVeQLvSTM6HFwjMiGFXVhx0Wam7UkmJybPfjrtydAy/nOxJ6Yf9l6WByrBLm7ipyEiJI+p2Oc99pOemZBiTk+NZP6ONDW9XDuBU9sZl2+RUnAesa55eBErbqKgXENxQQNlwyXc1ZM2KQPZ5Idn91hsJ4fEPk6Vp5kBOz55ql3Z1SmHgdkVObPwEFkSPQKOSIe0OQqWXoQRMQstG21fsea0JtYeCiHHRzHskjhpjEflOCz10nxWwtlyKl6+GzO9HsiK+kc1FjbS6CWjLv6th6dRQuFzE5iu3sA7TsPCReDa1mdlQbF+mPej7onsiZ7C23GV+2QTVV2eZB7LrwO2bBKWrNtQZdz8yxiipKasWHGfhXhGd5786Fjq/5UjI7n2O0nGnt0PaeW4LO9cf6j+S+N/LEUiSJFK2bER79X/JWfYmdQ0tMGwZi15fcZ8fZKHh1Rns/4PrcGOdHQNU9rZiClZOoiz2EbTjEwmbsZWEHz5MzpMr0TX1f8t9R5PFnA2z6XxjPfvfKsBktuA+ZS/rNgzteKVO88kBlwbfFwTZ1UjV82m8dDyFsAmJBH3/35nz6HwubpzBiXMt903Ozj5OdmfnXyGatk3PmbVp5JUNlLZrXf+eGGx+tLnNCpZbGJx6YIZbbeAht3eU3QOZF+9FdcGn5F6zv+xrCi4RsXwKmWMuceqsU2dPGURqEFzK/6rfZYYDIyHh4YdZOKKefW8VU2hspwNPFi5KJ8Hpqo6rxSw9eq3/zqJsCHIOgVZjEwZG4KeSwC1fov3khPvN5Gj3QgI3gGTezNKzZ19Rz57m+4DJ1IIJqGkooXXYLH45MZTcaseMRpeZE2+857Rf0hn7y6ijq/fbxuq89M/STnOnBKXCjZpzhaw+B7hrmOYBrW0ClVBH8PNpYbSeKWLtRQMGK0i1SRxJd/SGPVzlVwlmV3K6REm0xhP1A0kcWNMThwA3L36ZpSH/2FH2mHCRX0KwUVdWzOryP6FWSen4czutI+I4EN9OUyuAnNSEMLyuFbGv3BGkp/EzvEbNYUXMKA7WVvdTbs1c/dqK9AEVXtDzu5uK1GkpLFRW89zbOmr67TR4kjrOh9aqQkr6msuVrm0GDuYc5YhCjrdbB4ZWKZnzwrDebrMHPXJlV6yYLUD7LXqGwNsx3LYhHSZHiYB2pQtab+j41W91KJVypJ0dmP4SwPoV0Nzau11WaqLZNi2QuoICXqhyet+7LMOubWLVjOWxYDPHf1vuiG7cQk2hDwk/imDaiErB5WXQtsn9PtS1bgSVDRcoA1g1N54QfQmbTvcXwV9CyIQpbIixkfNOCSecGnOXdhXQrqgjJ/JUvIxTJ/LYfK2F1k57FPlNPdu1BZaNDgyNzRhopqLejGrxdB6d4EP+pz2bjDtazdS0AsZmdF2eHPjXSBJLC8nHdVte82A0k6llwx8dwfgay9njFcArE8cQe7aYM/3kfa/3hdOoyYBtuZB22FV9FWzXgRDQhtY6XR0SSqKimZwv/vp9IfGc53uhvgqTJAz/4B5Hwz1Mi9qm7z2TNAjt1+2za/4ju7+xz0z1O5qh0KAeqUWucP7SgqneCH5afO44uB74BIeBUe8UeMoD+ahI1HfSisTX34Kprgqw0Fijh5AJBPVKe2i0V13GrIgkOHQAx+s+5Fc3nTbAvR+P3nss/r430b112O5gAQRre0Xg+8bYKrnxFaijk5C7vtpFWkYaz77BmX1rOLz6f6lVJTFmbJ/8k3iiGqlFNez+nxfsHhaJv7WYktdOYjLbbaAOdip/Nj3GBlAHR/Z85x2Kr5Ms7ZVVmAazuzP9lmEHEg0jnMqGKliDvE2P6RZDsKsFc8VJLvxhC0d/upTTXw1H+9C4+yZn+3U97TLHbDgAHqgDB6iv/WKh8Ss97oFj8emWXRJpX3nRjaGcG23DCRyncZnWQLrewWYByTcdHZWiHD6c4Q/cawziwbBRd7OFjuEPEDXAAJ3+ZjOtUhV+Trbw+q4CLFb7CLiHDJU70GfPFV0gc+/9aguMDCWiQ09+zVAPplAS6idF/8UX5Bvb7Z1cmYpAVU8BvHqzBYb7DaiHYDndPNH49qTr98AwlJZbPRGP+yD19sSPdgxmG7TVsufQcVZ3//0+j7duQMe1C6x97dzdTswgSL/jieZOsZQS6C2HW7cGXyoqk9lnfszN1FkUhI/s58giAGz2WYXv2mdN7SjRDHOq0J3NVDdByAjfnsEVXx+C3c3UNPQ4KIPJKR3ug8Z2gw/O2x0sAD9vz56ZJJf5JUBOl7Twbq7TMw4d57nPW6DtGvv+kMeROiH55VrXO3TZMLW009opITZiBOqWRsrMAAq8PCR9yp99WkYqcxtgAEtFsLeMjlbznXBi3c7REs86nnv7EgON70lHhDLpgTYKy/pE0xWoK0BHWzuGVhuog0j0A53eSAcC7Eo7NY1mGDaMnlZUipdSQkeblVYEtCtOtLa2Y7LYUGtHE+XWjK6+RyPlyGi2zQiluaiA57/oMwDmsgwLsIlC1k/0dxsduCMVOKnhsm0SUtdamqnrcGE3gWVjUJQBrJqbSNSNs2zKu97PIKeEkJhkNk2E47mF5Bp7z0q5tKsAXUMDvJHV13Ck2u442+uaot86MljZ6Cu31A08pJJBB4txk9lXUghoy70UsjurLO7QBUjcBpzv6vW+GIzutlxgOwwD11dAgF0Ha98EtKF3kDM5KhDZtS8p/Aa+s1SpZvhwNUoXTb3oPN8LX52k7EtPxq/YSES4FvWYxaQvSoGLuT3RfV1x4RgX67U89B9rCdJo8UneSEpiPweSAqppu1l96H1mJvbu/JuLcqklhZSfLsZfo8V/ykYy0jxp+CTXsX/ZgXY+GfNT8Bk5gYiVWURISrl8yj4ua/pwPzrSmbl5LdpwLergJLTT1zJj3TLhjmfZYUrKhhH3893ExUei9o/Ef8paUtIj719+AWDB1KCH4CTGBPviLvPonsiAW3U0m4cTGOtw9oYlkbwk4/46zxjRvf0u7ePXMm/FfAI1WtRjUhj3+A7mPJ7k+vZuxq8iY8ligkK1qHwjCZqegg96blzr88bRZrHoQB7LnxhC2gLprK/CJIskLNpe5txDl5E23Xlplx5dXjEkZpGeNgH1yCTiVs7H3zmRK4f57ILD7okTUI+MJDB5GSmbtzJuGL0YqAwDIPEkYvFWe9kYv4yMORMwF+baA3kJsasqneSfriVifCQqXw0+iY8R5guNX1XePzkvHeNyQyQPzU9Bjj1C/aTk/uvrQDR+/C51wzJIeyIdH38tQQvWMt45Q60FnDtWhf+PdpMxPQWfkVr84zKJ++lvSemWx5WuDjob9JhkkWiTtbjLPPodb3KJJIp///Ve9v4yk+D7Wo/s1JWXU0oQT2ZEkOCrwk/tRWxMNBmOPOmorabkz37MTo0g1kdFyOgIljzohaHqGpe6gNsGyr6G6PiHyBjpiZ/ai8nJ0SQqzJQ5n+Hu5sW0cV40fVlDaX9OpEJFiL8XIWoZUmR4P+BFuK8nfjKANgwmG34jRxDoDrjJiU2KJrbXmIfOoUekXQ9vL2IjI3kqLdS+lE+onMhInBjDZF8VgSPDWB7rQ9OXNXZd3QNYOC2GzIgAokb4EDs2mk1poSgN1eQ3ANgwNLVQ1/3XeIsmK9DRir6pfWjLJ939eHRKKOFqFeFjY5gX1EXpFXvwlfAJ8axKCGVykA/hI/yYHJ/I8jFyDNXX0XcBndfJ/bwFzcRkVkX6EOipIkSjITMlmSVBDrvraqnxHE2m1j4EqdZGMOkBZwHMnC67Dt+LYcVYLwJ9A1gyOQTvmzXkG4TJ2dHcgkHiRfQIe7dP6hPGkge9nG52nV+u5XRNa4vTM5paqGuzQZeVm1+bMXUKyy9XugKER0WT+T0/okYGkDppClmRMkr/dMWxdLGFUr0ZZVg0SyN8CPT0JCoqlszRUHPVfqZw4INxrEoIJWG0D+EaDZk/SOYxPzMll7ufIWdyegorRrbw7h9rsXp5Ee7vXE+6sQcK8/u6xlEunRCi63c1PBo/mgSND1Hfi2D97GhCWirJrbB3xV3bFcrKr1GnDmNFUgAhak+iHnyITI2NUp09GrzLdgVQjg5jYVQAUSN9SHgwjk0pGjoqyu/MdEr9I9k0OwLZl+fJMUoJ8bfnR4i6281wVYZd26Sj/ga6Th+mP2yXM9A3gIXfDyWwzUBp37wdAJdtk5C61nmdDxx2W+GwW+DI0SyM1zgmZYSWjUFQ+LFibjKJlkoOfm7Grzs/fVV3BhACH0xm0yRPLhVdogxP+zP8vQh0eDmu7epa17qvzeDjR6wSQIJfRAyZI3u//AYvGypSp8az8EENsZruujSRaep2LtU4Aj9qIlmfEkFqqJ+9LY+MZv0kDRj0lN4GIW2T7pqBVnUICxMCCFHbdV0+wYdW/Q0udSLgfSGgLRdSNlzUVyF2BQZt31y2od2og0gdaaP0St0QV5f1JmLRLvZmbyUzePDrxGXb94KtnDNb16D42Voydi+2H71Uup+cFw/1v8e13zSKOb3tWZTrsnj8N8vtR1V9ch7/xCEM2RkPcXSLLzN/ksXS32wFs57a4+t57zWn45ewYC55l8b4rSx/QkNnQzFndmywR9oGaMrlvZ/LSVmxjJm7slBJWjDXX6Yy71XabfQ4p4NSxbktS7GtfJqEDW+ToQBzfTGf7Tvk0PU+5JcD8/FsTo/fSurLZ5khczqqynqS/J2HmJN1gKdmWWi/pafq2BvUhs/uuTl5L+u2pvfMGoe/z6ZF9Bz1JOD5nee2cOCZFjIWr+XxOfYjnkxXSyl7S1hQMwBuW5CPX8ScORtRKaC9vpSLO9dwRnASWpJfziMlvOebeY4jiezHbwkYdqvI5r2DWmauz2cdFsyGUj47XkDg/J5LzCfXkxO4m4yst1kt0VP1bi66scuR27rLaBXntjvsvu41MlTQbqyirvRNrgwlUIi1nIun5Uz61fuOo6qeIWefPdK2ILvaWuj0TSHl6eWoh3nYj2x7bw3vHe8u5PdBTmsxBduexWPdc6x+B9qbLqMrLSfozp5nDwKz8lg6x2nWeJfOHgzs4jPsXPsq7fo9HN05nJkrd7Nyjv2oqosXY4mz4dgyYaHh4FIOW7aRtmA3y3/qCbf0NFQU8FmdRaCuDioOk3csloyf5vGLp7nHo6r+yrTqeT7HjaVTxvHk/BjUtFN3o5acasfvVgP7cs8ie2QsTy2IQWkzU1F1lv853T2j1cKR3CKkKdE8Nmc6K9xttJoM5J8s4YDTkkbpqDASPVsovNzYT6gfUEfEsyulZ34xIzOdDNrJzznKHn0H+Z+eJSRjPDueHEdHWxv6ymryb8Zwx/Rtep7PgaVTonlyfjRqNysmUzOXLl9yzNoJk5OuRvKr3Mj84TTHUVVn+Z/TDpm7rKAIYPbUMNQeEjosZmqqL7C9UCdo7+NQ6DDVctoSwoZ/i7cfG1J8mmxH1FOTuQOvuLGsiFOgdIfW1hZ05wvZX9yTtzVnPma79SEWJk7h+TQZtJnR36jr2b9n0vHCSQVPPTyd30/tormxlrJ6G4lOMhjKinlOOZEVU9JIldow1Nfw/IneZ7EOJifGcrKLPMmaNovfd1kxm7/mRJmeiDiEI0DO+4HL/MKFrgAeXqQmRRCogFZTIyV5n7CvvHt2yEbZ6UL2EEdmyiNkeEjoaGvm0rki9ju2enRY3AiJHc+UBBlSbJiaDHzwQRFHuvc+unkTG6xC6qFi4dwAJ+m764njoyKQVK2Uij9W91suXeraZd/TPDtBZT9Wqbac5wrLKevuJAuxa8MlnvtIwoqERHbE248bKi0q7Mkvl+0KWFEQ9VA0mZ4yaGvh0qUiXijpGazwG6Uh3EMCDyaxw/nYHP05luZUYsJVGXZtE25X83yunCcnhfHUv8Wg7LJiMOjZ904pZ4R2E122TcLqWkWxs90cR1WdP2fPD6FlYzDUAUzwlqB0i2T9AqdB/E49L7xcxKlOKVEhAajdYXJaGs4hLuvOHGd1cYsgu7rS1XDpTxzwncjSJXNZarHSdLOG/Aozj3n2PG/wsmGhuU1GakwcGZ5ylG72upT/UTEHqh0v37Z2rN5hPBoRjbeHBCxmaq4NrS1v/fIztitiWBprL+PSDjM1Vy/wXEG13XEU8L4Q0pa7LBuu6qtLu9o/umzfBBAeFUpIm57Xar5JJ0eKUiEFazPNLuKK/svo0aP/EhwczNWrV7/BA+8PfytyfFv4LMtj+fh32Zu15xuNnPTgOOfZsPLOWcgiIveMYj7zXt9I24543hcaSVtkEDTE7c7joYoF7N17/tsWRkRERERERETknxNJOMuynyX28//mP18pG/CYPhCXbX+rqJOXMS4uEpXKE3n4YlJSNTSc/vA+Oc4iIt8QRRLj5mTiP9IXd5UW7aJFBLUVcPmi6DjfGxqCpi8mKFSDXOGLzyOreEirR/dpuetbRURERERERERE/jr4jyNCWcaJ3MEdZxCXbX+ruPvGkjh/NTO9Pe1Lrk+uJ+ct11GcRUT+b/BkxNS1pD2xG5XMgrmqgIKtm6m9x7MbRUA+9jHSVmxErYB2YzmXs9dweghnkIuIiIiIiIiIiNxn6t/mvxa/LehScdm2iIiIiIiIiIiIiIiIiIgLxGXbIiIiIiIiIiIiIiIiIiIuEJ1nEREREREREREREREREREXiM6ziIiIiIiIiIiIiIiIiIgLROdZRERERERERERERERERMQFovMs8k+IluSXdSxfEun60r91kvey7v29RMi+bUFE7kKSQsbrOhbN8v22JREREREREREREbkPiEdVDcSYrax+XkNB5krMPz3NPMUzvLAtl85vW65/ajwI+tlpHvfL5oX1h2i/53Ru0XD+JNKrLfdRtm8JYylXCsFk+7YF+QdAEknK/3sbbeFc9h/+K529/H/SrkhInTOXTGMeqz/3YcfSUM4dOslbjgPk/YIiWfBQENHDlaglNgzGG+QXfcZbeqeTDWVeZKZOZHaIJ8q/tFHz5SWyC65R1ykwDe9QnpoaYf9dCq3mZkovXmDfuUZaBeshJTbhITLDHiDkARXKFh0bDl6goqv3NVEJE1nxYACBHjYM9TUczLvAmaFUbRe6SiOSOTJNg9T5nsZy1h66RI1vNC8tjCRwgGHo1i8KWXryOh0u5IxKmcm2GNXdCTSVs+HQpT4694/6ezH8bGIgIV4qlG5WTDcN5Bef40ito6V08yJzRhypIzwJVMjosLRQU6VjX2E1NVaBeeXSrlKiYh5k3rgRhAxToaSdmq+qyfn00tBs4hnAkqkxpI70ROlmpU5fw5GPe9vVTxvDquQQItQSrE3XOVHwJ450lz+ZF6lJkWSE+KLxlENbC7qKy+wr6rGryzQElmG/0GiWJ4US7SWHDjN6XSnbC65jAvhuGDueiCPcuXx0NXLwN3nk3rZ/jE2bwy+j5L3UN5V9wtI8w13Zov5eEi/MGI2yqoiFx/T2s0g9Qtm2Mp6ofspga3khSz+8TgfgF5fGS6G1rM5pJOPf0gi5cJTNZa5OMxURERER6YvoPIv8E2Kk6tU1/EOcqF3xKu/v/LaFEPl7Ijg4AKWxmiMXmjFYZERPGM/CzIfp+H0euSYAKQmPPMySACP7jhZT4R7AkvQkftnRyupPG+kQkoZbJzf1X3LgsxaaLTa8NBEsSJ7CestxNpcJHfaSoHS3UnPlCy75j2Xh8Luv8ItKYn28ipL8PJ4zKkhNTeRnM6xseL2cGgEOpxBdAbDoOfhOObq/2D92WNvQAzR/yXNH9CglwL/4sXBuDF6XC8nW2Q9D7/hzi91xcSGn7lwha69InBx0FanTkomq1gtynAE8uqxUXL7EB02tNHfKiIiKYeGsSVh+n8dbTfZrrM3X+UBXTt1tKzKvADInxbNJ0kbWyevCBjVc2dVtGNFBSgwVX5BvuEWzuw/TJkWzfjZs+L2wQQBQ8ej0ZKb9SyXZbxRS8RclkyYl9bardyQ/nxYCF86yodxMYGwSWbOSaDpUyInbwHd8iPW1cr70HK81toF3EAumJLFd2s6KPIPdrq7SEFCGpZoYtk4PwnTpEs9/cotWdwWBSiu9XNIuM6c+KuIDhw2wdVDXJ7M76i+xvfA63WMYHa39jDR8dzRPJilpagKl8/eWr9hzpAm1pOcr2Yho1k/xpuyqEdE9FhEREbm/iM7zveKbTspP1zI+VovKZqTh7O848eIe6m45XZO8l3VPe1DwTDlhSxYTNMqDTmMx+Wt/zIUGcA9eTPq6LKK0nrTXnqTkkoaUxEoOL95AncCZRPn4VWT85N+JCPKFW1XUfriL9w6cxGwD8CXmudM83PUuOkUSEaOG4W6+zLnsNRScNd5Jw10zn5SsVYyP1iC3GWko+R3vvbiHBjMgS2fG67vxOvkSzePnM2bUcGgoIP/Xa7hQbekRRDWBmJVPk5AYiY8CzPpiPnt1PUXdz3GRX6r5b7N6up7TRb5EpcWiVrRQd3wzOXtP0o4H2qfP8vgjno6HbWXdx1sBMB//MS88X2BPI3kjGQvSCRw1HJXEgqmigJK9mzlX0d0R0ZCQfYq0MfZPDYdnsP+g0wyjIF093nU3zwAAIABJREFUUCWvJWPJbLSj7HledfxZThwswHwnIS3JL79PVNkWzqgeIzk5ErXMQsOxNezfWwB44j9rGxnzU/D39QDzTRrOvsrRnYeEzyDH7+apX2eiAmg7Sc4PV6K7M3ukISE7jxhLKWhjkV89RElFEomztHSWbOHwtjcw4UvQom2kPBKLj78v7lYjjaVvcOLFXU5l2JegJbvJmBOLmpvUvpdLe+pyVK9N4vAxYy+7d+toqjhBwYtbuHzV0lfiQfAl6PFtpMxIwt/Xg05jFVXHnuW9N4odM7IeBGblsUiby9ESLZMeTcF/GJjL9vOHn++iweaiDLvSVZJE2oEjJIx0iBP8PpuWAFjQPfMgOZ9YBOqqIWjZDjJm2vOr7vhJpzIxNKSearzk0HzTdN87v2cK8jjj9LmsSU7U8jhiR0vJNXWAYhTTtFLKCv/EifoOoIV9pRpeeuh7xBY1cqZTQBqN1zjS6HTBjYsMD53J7JHeSMuuC9SpnVNF5zgFhCRH9OM8q5gUFQBfFrLvi2Y6aObgpzUkzA8h1a+cfTcEPEKArgB0WqkzNN/t/HW2U2d0DAa4q2gFZC1NVDQ4DxC4lrPjdgs1t51u8Q/iKVUzp8ub7xJZqpDj7W6j6XZHr3w0VJVzxOlzhVFKVEQS0SOkvNXUAV3NnDjtlN6NRswPjGZHmB+Bbtd76yaT4uchwdzWTqvzsghXdu1q5MjRQucb0El8ODItgDj1JSqacI1yBHF+Nko/uMQpow0w81bBFRIXh93Jr/DoEELMNWz4o56aLqgpvECsdgqpY1ScOGsGUyXP5TilWd+IdbiGbSEaItwMlHUJSMNlGZaTGh+GR0UR2z/tGXwou0uhLpqNzVQY7/qhh3YzuobmQeqFioxHolFeKOKUNp2FvX7rwGBs5s48tcyHFel+dOiKyP5SdJ1FRERE7jfinueBsLZgarhJO9B56yamJovT0kotCU/vJsG7mBNr0njpF9ncCF7N4+sWc9fCO0ksk36kQbczlZ2ZkziQnYvRCkiSmLR5I2Ftb/CHJ2dw+MgtxqRNGNpohvd8Zm5ejX9NNoefSOPA3mJUs3cz7zHnvbweqGJj4bW5vPDDeA7kQtzTu4np3oY5LJOZOzcS1PgqOT9J46V1z1A7YgWP/ywTuVMaQclhVD2Txs4fzqXg6yTSl813+l1L3NYDpEfd5LOdC3hp2Vxy3qlC4T/8zu9C8svdP4Vg6x4OzIvghW2foJq1kUljPAALVc88yPapERw+bqTz3BZ2Tg1m+9TgO44zgNzbA9PHu8hZO4OXVqykoD6StF9tQ6vovkLPmaxgtk9No6BiIOducF3dx29k0YZ0yNvMgaVp7H/+JO7TdzNnjvaudNRpq4gw7ufwwgf59dKVlJTdtP8UvJyZK5Mwv7WSvQtnsP/pZymrtwzN9mfX8MLUYLZvOTnA8nUPVG0FHP3lfkzhy3lo2GEO/+IQ7YmLiBgJIEeuuMWVw+s5vCKNvT9/htrhi3l83eI7uqrSn2Pe/OHo9/6YvVlbqAyazzhfD6dnaInZdIDU0Zcp2DLXkeexzPzVVoIE78H2wH/Zazy+UEPDa2vYv3QGB158F/MwDfI+V7oHL2bS2FJO/CSeX8+bwdHj5XbdXZZhF7raislbHMz2f51B0VULDQdnsH1qMNunRvQ4zgJ0VU3fwby5w6nNXsDeNVuoDJ7dJ79w0a50IyXhJ6+wN3sNqWqh+dgb859baW63QZeV5hYzrYPN+EklSLHSbHZc5OOFxr2Fihs9He86QzMmDy9CvQSm0QsJfkEhJD5go87Qcv8GA9y9CPWGmhtNPWkaG7naqSLEv2/pGQChuio0PPXkY7yZNZdX5sWT4S+5O637JqeE2AeD8DZUk3+XsykhMW0WrzwxiVRlP7feeaacqOggIrpaqLjZf44rvTWkhipovdlIXR+zqSMn8cryWWSFDKanMLvKpBLobKOpbZCknHGzP9PqPJBos9HhpiLQRwrIifBV0XGzsWd1gdWIrhE0/l69l9c7yaqUukGrmeYu7iGNfnR19yXa34buawVLHp/J71fN5ZUFySwc3cembkpSH53Lm//5GAeWTGFFhOdd6Us1cRzIeow3V81k17QIohS9fw+MiSfTXceeMjODr7CXEPX9iaS61/L/CvqsJrC0YWi1YsFG8+1WmjsELmkQEREREemFOPM8ENW7OLzU8f++Gex3/i04k6ixLVzc+Cy6CgtQxcnDiYxZl0mE7yHOOY8wSyzoDq7ngsNZayzJtX8fN4vxI/V8tm0XtVeBq89yOjGDx6OEi6ia8hhaSQFHXzxEXRugf5YTURksnZqJz5vlNHZ3Psre4LRjBrjxvVe58qO9jJus4cLbetTTlhPR9gYHnj9Egw2giryDiYz770y0qlwuO97UDXn70dVbgHIu//EyaQvG4i+BWhsQtYjEqFucW7uGc2V2PU315dQNNb/aiil5rdjuEJUeo6ppNv4Rw+GKXlB+NB7bQt6dT1WYDr5BzCOLCQ7yoOqK8JnQgXX1JWL+fOSFazj6xkm701O/i7wP01k+9Qeojlb1nmn86hDvHXTMPpqLudzg+P4BX1SSm5SdLcZkBIxVNF4RLJ5ALDSWfUrDF8OpMy7H5+IJGr9I4oZ5Nl4jPKBej27fBqfrqyh4J5O4rAkEyg5RZdUQkZYEJes5edI+A3wu+3dExf9Xzy1jFpEQXcXppVvu6GbKfpUxr69lXKwHtSUC8lyWTuI0DQ1HZnDiuGMhfX0VeWf7u7iUkudfdcyMt1D7if16l2XY7EpXAdnpUtfhRKTFQsl68vLO0wmcyf4dYw78V+90BmtX7hs2znx43DEz3MJzB68Ncq2UhIQwNF9Xsu+qvcGQKuQosdLU5smj89OY3naODcVtmJGh/o6wNOyoeHTBTBb6A11WKs5+wvYL9zoX3w8ecrzcbTS3dRCePJ1NEUayj9RgtkCgQgYCoiII0bXDdIPcgmvobpqxfseHyROjWTFHQcfvC8m/PXj69ySnRyAZWjcufVrL3bteXaAIZdvyeKLcAUszJ45/zJE+M55RD89k2wT7sKWp+gLbP9IPYR86DMmuMh8WPuRH05VCTgl1nlsN6EwxpEaHEKKvpKZLTkJ8KCGAXuEBuKFSQGuTFWVoPDvSfTnzzklq2mxIlXKUgKlPklKfCOZpuziTX+t4L8kEpjGIrh5yvKQSQmLDKCkuYXODhPAJcSydkUTT4U840QJYWygpLsVw4xbNXQqioqJ5LH0qyo73eaHaPtxg0H/JQX0jNSYbsgc0ZCbHsGk2/OwPOrus3hFkxcGJnEoMXf0PDXSj1MSwKsqNwtwLnOnT/BrKiljtmBbPPXpcoDFERERERPoiOs/3wkgtalsl5yp73k6dlVWYJLH4jvQAo9Nby1qJvvxuJ0IeoEHeVkVDffc3Fhqu6ukU7Dx7oB7pC4ZiGu90/i00Xq2ENA0+EhzOswVzQ12PU2fV02iE4EAtcBOfEA3uo5az/KPlvZO3laMaBhgdaRh7HNjONgvI5LhLABvIteNQtZVzdaDZXIH51XnrpmO5OUA7nVZwl3vcnd4AuIcuJu0ni4gI16K6M3JvpHGwGZq7GERXwhgxygNV/F5+kd7ntvrhqCQ4yW/BXPFF/8t2y49xsXY2aS+fIuzieRp0JVzJf5c641CWOrum03oL8KTTBp1WC9gs2GweSKQAHqinbCRjYQaBGl/k3TPF1gJ7oyDR4OsPpovlPTOjTdUYb1nonpCTh2nxkU0g7chV0vo8u8rbvmLAJSO1+ChuUnvZ9QBJZ31p720R2PVwWYbNLnQVgEtdJRp8fT0wlVb15JexGqO5J7+E08HpHT/i9JDvGyoSwuMfJkvTzIEcp/2od9YjddHa2kpTW8cglhwgDQDM5H9wnPNyGYGjIljw0ESWGD5iT3XPHGWvQFmdel54uYhT9xA9raPdTPPt9n5n2KXfS+LItNFI3YCudvKPHmVP93iCEF0bqjnSPfBFM2UNXfgtjScjXEX+uaENBgwmZzd+Y0OJ7rpBdmV/c7k2Th17k1MD3dz2FXtea0LtoSBiXDTzHomjxlhEvtMWWt1nBawtl+LlqyHz+5GsiG9kc1HvIFimC58w58JAD3FtVwDcVGRkTGJy2yU2FxqEO+hdzeR8eIHAjBh2ZcVBl5W6K5WUmDwJ7HNph7Ud020z5sHKzHc1ZM2KQPZ5Idm6uwdUBk/Dla4SWmsukF1m3x9fU3CJaG0yU0LlnLjQDhYDuWd7hkAq6pvBeyaPjQtgX/U1WoE6ndNAc0MjunYF2TPDSPXXcfCmJ4/+YAyUdscjGASZHwvTQqCskH3XxOXaIiIiIn8tROf5r46Fzm85ErJ7n5V37vR2SDvPbWHn+kP9R/z9ezkCSZJEypaNaK/+LznL3qSuoQWGLWPR6yvu84MsNLw6g/1/cB1urLNjgJmvtmIKVk6iLPYRtOMTCZuxlYQfPkzOkyvRCdkTeD/QZDFnw2w631jP/rcKMJktuE/Zy7oNwgcrADrNJ8mZt1LY7O03xdrfEmeHHIOV4f8LXSUAFjo7nVwvm+PvbxIJIROmsCHGRs47JZxw6ph3tLbTigpvhZkj75/kBIAmABVWTH8WlkY3JlMLJqCmoYTWYbP45cRQcqt1d5wF3dkCVn/e7cFaaR6K42xpp7lTglLhRs25QlafA9w1TPOA1rYeI3XUnudnhy47PnVhdnIkhevqRFsTNWZI+K4chOxqFyinHU9Sx/nQWlVIyT3VqQ4Mjc0YaKai3oxq8XQeneBD/qc9m3c7Ws3UtALGZnRdnhz410gSSwvJFzozjGu74qYidVoKC5XVPPe2jpohDoi03tDxq9/qUCrlSDs7MP0lgPUroLnVAkgwt4FSIcOqv8SGQwBSMhQSOtraezvpygBWzY0nRF/CptPOAwRWwWkMqGuHFXMXSJtbe5asd5oxtEGgUkH/Kx/MXP3aivQBFV7Q74BCq7EJAyPwU0ngli/RfnLC/WZydHJ33gIk82aWnj37isi3AkiInRRPalcl2/9oEIOEiYiIiPwVEfc83wv1VZgkYfgH93S+3cO0qG16jPXCZg/br+tpV2jw7w5ShAc+ozT9j2YoNKhHapH32gdlwVRvBD8tPnccXA98gsPAqHcKPOWBfFQkd7ZOKiLx9bdgqqsCLDTW6CFkAkF99lgNhfaqy5gVkQSHDuCM3If86qbTBrj349F7j8Xf9ya6tw7bHWeAYG2vCKTfGFslN74CdXTSXftxh56Wkcazb3Bm3xoOr/5falVJjBnbJ/8knqhGalENG5qTJwT3sEj8rcWUvHYSk9luA3WwU/mz6TE2gDo4suc771B8nWRpr6zCNJjdnem3DAP1VTS2DSdwnOYeNXFdhl3q6kRHFw5HuDcude3OrxFOegwLxEt1b7aTqoczfIR6gP2b3xQJITHJbJoIx3MLyTX28fAbm9F3ehI+oufpfn5eqC3NVDcLTGMgZDJkTm+djlYzdU0tjr/2oS0f7mymuglCRvj25JOvD8HuZmqcA3ZZ252eYcbUKwCWEF374OFJoApabwuMGi5UTkA6IpRJD7RRWDawAyRVqPDzlAsoGxKkbuAhlQx+rZsMZd/KIJPj56lCLXR43dmuDsd5iWcdz719ibKBmng3KWpPFX6KgRvp1tZ2TBYbau1ootya0dV3AO3ojGakw30I6X6muy8R3qB3DrqlDGDV3ESibpxlU971Pku5BaYxmK7WZq42g/cwZU/+uqvwU0Br60AjESqCvWV0tJoZqHhJvT3xox2D2QZttew5dJzV3X+/z+OtG9Bx7QJrXzt3Z4BFOTqG5WM6+ODDS5R9o4FMKerhw1F7/nVaHhEREZF/BETn+V746iRlX3oyfsVGIsK1qMcsJn1RClzMRTdYRE1nLhzjYr2Wh/5jLUEaLT7JG0lJ9O33UtW03aw+9D4zE3t3xM1FudSSQspPF+Ov0eI/ZSMZaZ40fJLr2PvpQDufjPkp+IycQMTKLCIkpVw+ZV8ma/pwPzrSmbl5LdpwLergJLTT1zJj3TLhjmfZYUrKhhH3893ExUei9o/Ef8paUtIj719+AWDB1KCH4CTGBPviLvPocXRu1dFsHk5grMPZG5ZE8pKM++s8Y0T39ru0j1/LvBXzCdRoUY9JYdzjO5jzeJLwZMavImPJYoJCtah8IwmanoIPem5c69PL1Gax6EAey58YQtoC6ayvwiSLJCzaXubcQ5eRNt050JweXV4xJGaRnjYB9cgk4lbOx985kSuH+eyCw+6JE1CPjCQweRkpm7cybljv5w1UhrGepOQDPf4/2k3G9CR8/LX4jJ9P8qLMu4PvDYCrMuxaVwc2Paab4DM+HX9vT3v5EqyrHt0nxbgnLyNG4wH4Ejh/PoH3tHJDSsJ//H/sffHeA4YNRuCDyWya5MmlokuU4Um4vxfh/l4EKh2Vpe0rPqjqIGriQ2SM9CRkdATLY30wXPmS0k5haYRPiGdVQiiTg3wIH+HH5PhElo+RY6i+jn4IcYqUnl6E+HsRqHQDiQLNcC9CfFWOo3rMnC67Dt+LYcVYLwJ9A1gyOQTvmzXkC90s7FJXOZMfjmfhgxpiR/oQFRrKillxxNquc6JC6JJtoXLaA4X5fV1DfsNAaUlITJvGKz9O6hMwTEXqVIecGh/CNRoyfzCRaep2LtU4jtzSRLI+JYLUUD+iRvgQGxnN+kkaMOgp7bN3Wx2ZxCvLpvFkn4Bhru0qZ3J6CitGtvDuH2uxetnLRbivJ35968IDY9j+45nsSLp7Y4NydBgLowKIGulDwoNxbErR0FFRfmd1Q8XlGmpUIaz4fgAh3l5MnhJNovt18q84bKLwY8XcZBItlRz83Iyfo3z2lB3XabjWtYXC8kaUY2JYGuFFoNqLyZMiif0XAyXV9kGRwAfjWJUQSsLobpsk85ifmZLLjmBe7gEsnBZDZkSA3SZjo9mUForSUO0oAzYMdwZ+WqhrvEWTFehoRd892CTzY8nUMDxqKin9S09dDPf3IkQ9RCdYncqa7L288pOEv9LAnYiIiMjfP+Ky7XvBVs6ZrWtQ/GwtGbsX249eKt1PzouHhB9NYyvm9LZnUa7L4vHfLLcfVfXJefwThzATazzE0S2+zPxJFkt/sxXMemqPr+e915yOX8KCueRdGuO3svwJDZ0NxZzZsYEL3U5rUy7v/VxOyoplzNyVhUrSgrn+MpV5r9Juo99ZuLup4tyWpdhWPk3ChrfJUIC5vpjP9h1y6Hof8suB+Xg2p8dvJfXls8yQOR1VZT1J/s5DzMk6wFOzLLTf0lN17A1qw2f33Jy8l3Vb03tmjcPfZ9Mieo56EvD8znNbOPBMCxmL1/L4HPuxR6arpZS9JSyoGQC3LcjHL2LOnI2oFNBeX8rFnWs4IzgJLckv55ES3vPNvBNXge7jt/o5I7QvFdm8d1DLzPX5rMOC2VDKZ8cLCJzfc4n55HpyAneTkfU2qyV6qt7NRTd2OXJbdxmt4tx2h93XvUaGCtqNVdSVvskVwUtALTS8uoA/tG4jZcFelv/UflRV7bFnex2FNCiuyrAAXe20oDv8v4xZt5qlOVm49zqqyrWu5uPryRmxm4wXz/Kw7Ram0mJqmwZYTfKtISUqJAC1O0xOS2Oy0y91Z46zurgF6ODMJ59yMHUij82ZjhozFRXF/Kqo+9xj12mYzB14xY1lRZwCpTu0tragO1/I/uLGISwplRD7cBpPabsbIRWrFozutTfaUFbMc8qJrJiSRqrUhqG+hudPCD3jGQG62rDaVExKiCdTIUPaZcVw4xr73rogLFiYA0FyKgJJ1Uqp+GN1z/JnwVhobpORGhNHhqccpZsNU5OB/I+KOVDtGElta8fqHcajEdF4e0jAYqbm2gW2F+oEP8+lXd28iQ1WIfVQsXBugNOd7eTnHGWPwDbOioKoh6LJ9JRBWwuXLhXxQolT9OjGcv7nAxmrJieyI1aC1XSd3Pf/ZD+fGUAdwARvCUq3SNYvcBooc95X7yINIWW47vxpnpPHsWRKGhkKaG0ykPv+n8h1NMEdFjdCYsczJUGGFLtNPvigiCPde6a7rKAIYPbUMNQeEjosZmqqh2YTvAOI8gS1Op5tEX1+059jaU7lXQHUBkT5HVRAc9P9PyJPRERE5B+Ffxk9evRfgoODuXr16rctC38rcnxb+CzLY/n4d9mbtUf4y25QHOc8G1b2OtJJROSeUMxn3usbadsRz/tCImmLiIiIiPzdoEz7b37z7zJeW7eRY0LOSRcRERH5J0Rctv0tok5exri4SFQqT+Thi0lJ1dBw+sP75DiLiHxDFEmMm5OJ/0hf3FVatIsWEdRWwOWLouMsIiIi8o+FlKhxITQX/YETouMsIiIiMiB/WysK/8lw940lcf5qZnp72pdcn1xPzluuoziLiPzf4MmIqWtJe2I3KpkFc1UBBVs3UzuEqLwiIiIiIn8PdHDmhcXCt8uIiIiI/JMiLtsWEREREREREREREREREXGBuGxbRERERERERERERERERMQFovMsIiIiIiIiIiIiIiIiIuIC0XkWEREREREREREREREREXGB6DyLiIiIiIiIiIiIiIiIiLhAdJ5F/gnRkvyyjuVLIr9tQb45yXtZ9/5eImTftiAidyFJIeN1HYtm+X7bkoiIiIiIiIiIiNwHROd5IMZsZfWJ3zJO5kHQurOs25wpnuv1reNB0M/O8ovnFiP/RuncouH8Saquttwnub5FjKVcKSzFZPu2BRFxSfhGVn50lU0fO/7e/5yVu3YQE+553x/l/shv+UXuXrT3OqgiS2fOO2eZEe+Be9pv+cWRHQRK7quIgITUOY/xUrIXfDeMHf+ZzqPqPpf4x/DKfyYz2R1i0+bw+2kBSO+3GCIiIiIiIiIiAhH9QZF/QoxUvbqGf4gTtSte5f2d37YQIsJpQff8Ugq+AHf/CcQ98V/M2Crn9tI1VInnZ4uIiIiIiIiI/E0jOs/3im86KT9dy/hYLSqbkYazv+PEi3uou+V0TfJe1j3tQcEz5YQtWUzQKA86jcXkr/0xFxrAPXgx6euyiNJ60l57kpJLGlISKzm8eAN1AmcS5eNXkfGTfyciyBduVVH74S7eO3ASsw3Al5jnTvNw17voFElEjBqGu/ky57LXUHDWeCcNd818UrJWMT5ag9xmpKHkd7z34h4azIAsnRmv78br5Es0j5/PmFHDoaGA/F+v4UK1pUcQ1QRiVj5NQmIkPgow64v57NX1FHU/x0V+qea/zerpek4X+RKVFota0ULd8c3k7D1JOx5onz7L4490z9BtZd3HWwEwH/8xLzxfYE8jeSMZC9IJHDUclcSCqaKAkr2bOVfRPcOsISH7FGlj7J8aDs9g/8HyHh0E6eqBKnktGUtmox1lz/Oq489y4mAB5jsJaUl++X2iyrZwRvUYycmRqGUWGo6tYf/eAsAT/1nbyJifgr+vB5hv0nD2VY7uPCR8Bjl+N0/9OhMVQNtJcn64Ep21+0cNCdl5xFhKQRuL/OohSiqSSJylpbNkC4e3vYEJX4IWbSPlkVh8/H1xtxppLH2DEy/ucirDvgQt2U3GnFjU3KT2vVzaU5ejem0Sh48Ze9m9W0dTxQkKXtzC5auWvhIPyKDlT5FC2st70ZauZH92AZ0AoWtZ+uJ8TDunc7TQCFFbWf0/sVw9dpMRU2JRKyyYSrI5+vwhGrvzxGV9FWATl7pqCFq2g4yZ9vyqO37SqUx0Y8FsKKfxqgWunuf9Di1hzz5CWKQHVecsINMSsWKr3S4KMFWfpOilzVyocFoloVrM4zlZ3M7eheWRVYwfq8Hdqqfs+RmcVO3lFz9LunPp4yeu2v+5up+9Tz5Lo02grkJRqBn+XWhtNtHaMcR7RURERERERET+zhCXbQ+EtQVTw03agc5bNzE1WewddwC0JDy9mwTvYk6sSeOlX2RzI3g1j69bbHdmnJHEMulHGnQ7U9mZOYkD2bkYrYAkiUmbNxLW9gZ/eHIGh4/cYkzahKGNZnjPZ+bm1fjXZHP4iTQO7C1GNXs38x5z3svrgSo2Fl6byws/jOdALsQ9vZuY7m2YwzKZuXMjQY2vkvOTNF5a9wy1I1bw+M8ynZZGexCUHEbVM2ns/OFcCr5OIn3ZfKfftcRtPUB61E0+27mAl5bNJeedKhT+w4eUX+7+KQRb93BgXgQvbPsE1ayNTBrjAVioeuZBtk+N4PBxI53ntrBzajDbpwbfcZwB5N4emD7eRc7aGby0YiUF9ZGk/WobWkX3FXr+f/buP66pK0/4+GcbILDkweAQxEIUNKxQwEGxrrA4lmqegfoDqaNUuzDSil0qbm0ZqtWpDDradh2rPtIyK87iwGprqaP4Y6CDU2p1wbWgziAVxlhoA2MkrAQaF4KJ8/yRAJGKBEtLf5z36+XrRW7uPfecc09ivvece87Z9AA2z1ZTXj9QcHfvsjqFrydpXSyUbSQ/RU3e66U4zd1JQoLqC+nI1asI0udR+OQPeSUljcqaFutbAanMT4vC+G4auU/OI2/DVmqaTUO79ufWsGN2AJuzSukaoByyznIO/zwPw6RUHh5VSOFLBXRFJhHkC+CKq1s7lwvXUrhSTe6LW2j0TmZpZt+QeFnsayxO9Eab+xS56Vlc8U8kVCG1O4eKKS/nM2f8JcqzFtnqPIL5v8zG39HhwoO1v85yyv+tAHNsNupID3CZSszaVGTvb6TkVN8NIFxCCB5XweHkH7ItZSNNk9az+OmeINKB9jfoNRm8rLK5r7J4kTeNOcvIXZPFlYCF/errLkwmzEiROFuvmc/yXBIedaVm2yJ2P5tGpSGKedmbUH3hi8WD4GVL4Ggau+N/yO4Xt6NpAfOJJ9k8O4BXtpRjNpbyVpz1c7J5RU/g7EhZAYsJY2sLN7vB3NmCQa+3+/7rI5/9Irm5v+adHadJAAAgAElEQVTZf7y/wdTG/71JW5cFbnfT1mHk5u1+O5g7aenoovs2dHcaaftf8XyCIAiCIAgjR/Q8D+TqdgpTbH/vmUee/XsB8YQ91MHF9VupqzcBGkoLIwnOjCdIUUCV3W96JCbq9q3lgi1Ya60stm6ftoBwXy0fbdpOYwPQsJXTkXEsDXM8i7JZS1BJyjm8q4CmTkC7lZKwOFJmx+P1Tm3fj+Wag5y29QC3HtvL5SdyCf2RkguHtMgfSyWo8yD5rxegswBoKNsXSegv4lHJirlk67nTleVR12wCarn0X5dQL3sIHwk0WoCwJCLD2qnKWENVjbWchuZamoZaX50VVB6osAaD1UfR3FiIT5A3XNY6VB+tR7Mo632lwbDvIFMeTSbAX4rmsuM9oQOXVUFQYiKup9Zw+GCpNZho3k7Ze7Gkzv4xssOaO3saPyvg2D5b76Oxgks62/YfKJBJWqg5V4FBD+g1tF52OHsOMtFa8wG6j71p0qfidbGE1o+juGZciOdYKTRrqduzzm5/DeW/i2da+lT8XArQdCsJUkdB5VpKSyswA1U5vyVs+s/6DglOYsZkDadTsnrLZsjZS/DbGYRGSGmsHLzOB21/RjBf3s7h/RGkPPcaXdUqZjxwkMLcfjcNLHouHSq09jTfKOX08VrCFy/Af08FjeMcaH+DXZNBy+pNkDoCKtdSVnYeM3A257cE5/+MgTiNjmLasoXIuy/RXG8CSQxTHlXRenQeZyprgVqqdu0huOBnTIn0QFNm1/sskWIs30LZKdvIifpi6gatbRtH2p+lnLKVPTem1pF7xtHEh8LC2fdOcBaADl7b9+kXd2mtY+M+299nylj9VWRDEARBEATBQSJ4vh++KuSWK1Rd6QsOzFc0GCQRKHyloLcLGrqvoK39YhDh+qAS104NuuaeLSZ0DVrMDgfPUuS+Crhe0Tc0FROtDVdArcRLgi14NmHUNfUFdd1aWvUQ4KcCWvCaoMRpXCqpf0i9M3lLLbJRgN6Whr4vgDV3msDFFScJYAFXVSiyzloaBurNdbC+zO0ttuHmAF2Yu8HJdZCeOztOE5NRP5tE0CQVst7eZj2t7g4nwT3LSiBjx0mRTc/lpdh+hzV7I5Ngl38TxvqP7zJsF6g9ysXGhajf/JDAi+fR1VVy+eQRmvSOB/iOMHe3Ax6YLWDuNoHFhMXS18spn7WeuCfj8FMqcO3pKe4ut34pSJQofMBwsbavx/HGVfTtJjxtL10DVXi5TEW9vwF1v3NrRltHDNybdPD2ZwQw0frOWsqnHSdOreXMc1utN4vu2F+L/tO+8xmvazGPUuIpg0ZH2t8g12TQskqUKBRSDNWavvrSX0Vv7KsvKwXTXqtjWk8+bpynalsWF24AMiXyUSZaG+yexr/xMbobUvx9lYDdIwaWDnR1dq+HYhjbn+H4ehYdv79sCIIgCIIgfNuI4PkrZ8I8wiMNnfrNkuvEnQGpuSqLbWsL7josk2/LEkiSKGKy1qNq+BVFK96hSdcBo1aQ9PbKYT6RCd3eeeS9Nfh0Y+Zbdx9QTWcF5WkzqYl4FFV4JIHzspnx+CMUPZNG3Y1hzu5AlOkkrFuI+eBa8t4tx2A04TQrl8x1jt+sADAbSylanIame/B9B0zjXu2vx6gQlL4A3vgFKeFy//qX9mvnUhjK7NAOXJN7llUCYMJstgtALbZ/d+igblcK5bUm6GrB0Hz34dCDM9E1QPMa1Deh/QmCIAiCIHwLiWee70ezBoMkEJ+AvkDDKVCF3KJF3+xY703XX7V0uSnx8e3ZIsVrnPLudzPclMh9Vbi62W80YWjWwxgVXr0BrhSvgEDQa+0m/pHiOi6E3hVg3EJQ+JgwNGkAE62faGHCVPzvSHtoujSXMLqFEDBxgMBrGOqrh9kCON0loh/9ED6KFureLbQGzgABKuTDubyO5QrXPgP55KgvuVQWYNHTeu4gZ/esoXD1r2iURRH8UL/6k3gg81UhGzW0gNYRToEh+HRXUHmgFIPReg3kAXbtz6JFrwN5QEjfttETUdjlpeuKBsO9rru9AdqwY+1PSegLm1A1/4r8VyvwWr6TGf3PKVEyVtW35JM8QIlru5Y2I463v3tck0HL2lNfY5V920b54Snrv78J419rab1aS2v/wLlTi6FdileA3fPzox/CZ7QJQ7Njjy705ccEknvcHXWk/TnCTY73WG/kX+L7Yzg4u8vx9pbjPuzLaQmCIAiCIPQRwfP9+KyUmr94EL5yPUGTVMiDk4lNioGLxdTpBz8cgAtHudis4uF/ycBfqcIrej0xkYq77ip7bCerC44zP/LOH7fGM8U0EkPMc8n4KFX4zFpPnNoD3fvFtudHbVSJxCXG4OU7laC0dIIk1Vz60Ppj3PBeHnXEMn9jBqpJKuQBUajmZjAvc4XjgWdNIZU1o5j24k6mTQ9B7hOCz6wMYmJDhq++ADBh0GkhIIrgAAVOLna9i+1NtBm98YuwBXujooheHje8wTN66g4doSs8g8UrE/FTqpAHxxC69FUSlkYNfniP8FXELU/Gf6IKmSIE/7kxeKHl2qf9biSo0knKLyP16SGk7SBzswaDSwiBk61tzmniCtRz7Sea01JXVgGR6cSqpyL3jWJaWiI+9olcLuSjC7brHjkVuW8IftEriNmYTeioO883UBsevP1JkS/aSdxDlzi5bS9N72/kWKUHMWsz8LG/hyLxICjZ2r68pq0ibkEIraeOWmetd6T9DXZNBi2rlrr3K3CKXsEUpRRQ4JeYiN9QRm5YKrhwSovXgvVER4YgV8YwLX0l/sZyLlQObU1ys06LwSUEVbQKJxfpnfebHG1/DpDPfpHcnP9HasTIrr4clLSd3Jxs4gNGNBuCIAiCIHzHiWHb98NSy9nsNbi9kEHczmTr0jfVeRTtKrj7M653TaOC05u24p6ZztLfpFqXqnr/PD6RQ/gBqy/gcJaC+c+mk/KbbDBqaTyxlmMH7J+FNGGsPELr9GxSn1Zi1lVw9tV1XOgJGm4Uc+xFV2JWrmD+9nRkkg6MzZe4UraXLgsODn3VUJWVgiVtAzPWHSLODYzNFXy0p8BW1mGoLxvjiRxOh2cz581zzHOxW6qqu5ST2wpISM/n+QUmutq1aI4epHHSwr6Do3PJzI7t6zWedJyXk+hb6smB85urssjf0kFccgZLE6xLPBkaqql5dwg9g5+bcA1PIiFhPTI36Gqu5uK2NZx1OAkV0W+WETOpb8ti25JE1uW3HAi06nM4tk/F/LUnycSE8Xo1H50oxy+xbxdj6VqK/HYSl36I1RItmiPF1D2Uiqulp41qqNpsu+6ZB4iTQZdeQ1P1O1x2dM3iQdqf06R0ElKUNO5axAUdgB5NzlYuvrmThLRK8nbZlq/qruXi6VHMfOU4Pm4d6E5lUbTHOtGZQ+1v0GsyeFmNJ9ZSNHYncbvO8YilHUN1BY03BhhNclcmdL9J45jLJmLWHSLGDYyacko2rkUz1A9KfSFlRyOIe66MlzZw51JVX7r9fdM44+7mDN1ttLWNdF4EQRAEQfgu+7vx48f/LSAggIaGhpHOC9+UfIwUrxVlpIYfITf9DQzDkqJtnefraXcs6SQI98UtkcVvr6fz1ekcd2Am7a9NWDar/y2UyicXUSWe2f3+kUxiRc5WIv70C/711zWI5aYFQRAEQfiqiGHbI0gevYLQaSHIZB64TkomZo4S3en3hilwFoQvyS2K0IR4fHwVOMlUqJKS8O8s59LFb1DgLAg+oQS511BSLAJnQRAEQRC+WmLY9ghyUkQQmbia+aM9rEOuS9dS9O7gszgLwtfDg7GzM1A/vROZiwmjppzy7I00OjokWxC+Ds2H+FnyoZHOhSAIgiAI3wNi2LYgCIIgCIIgCIIgDEIM2xYEQRAEQRAEQRCEQYjgWRAEQRAEQRAEQRAGIYJnQRAEQRAEQRAEQRiECJ4FQRAEQRAEQRAEYRAieBa+h1REv1lH6vKQkc7IlxedS+bxXIJcRjoj90e26BAv/7HB+m//q/hJ7rHzt7yswhApJrP7X9XEe4x0RgRBEARBEKxE8DyQ4GxWl/wHoS5S/DPPkbkxXqzrNeKk+L9wjpdeS8b1S6XTju58KZqGjmHK1wjSV3P5VDUGy0hn5P4YDy1i8+wAtuWcxzzYzt/ysjrGgymv1JG2ciooVpFScpxo5fCfZcw0Ne8kBjLmAU+WJy9hU5jzF3dym8im9KUcTotixnf1y8/FkzmPRLP9qQTeWbOUd56Zy6ZHxuM3xPI6jx7PqsT5/Oe/LuWd1Fien+KJ+x17SJiTsITd0Z7wfwJ59V9j+Yl8GMshCIIgCMLX4rv6k0gQ7kGPZu8avhMratfv5fi2kc7E1+T7VNZvAPeAsUz4n6t86OxLpJ+Es43fwbsWf+9FhKKb89VVHGjthNH+LJsVxWbnLlaWXeeWI2k4eZGyIIrIz//MjgNaun1DWRXzCCs/P84OjUMpCIIgCILwLSGC5/uliCXmuQzCI1TILHp0535Lya43aGq32yc6l8wNUsq31BK4PBn/cVLM+gpOZjzFBR04BSQTm5lOmMqDrsZSKv+sJCbyCoXJ62hy8Heqa/gq4p79KUH+CmjX0Pjedo7ll2K0ACiY8tppHrl9hDq3KILGjcLJeImqnDWUn9P3puGkTCQmfRXhk5W4WvToKn/LsV1voDMCLrHMe3snnqW7aQtPJHicN+jKOfnKGi5cNfVlRDaVKWkbmBEZgpcbGLUVfLR3LWd6zjNIfckSD7F6rpbTZxSEqSOQu3XQdGIjRbmldCFFteEcSx/tGb+ZTeYfswEwnniKHa+XW9OIXk/cslj8xnkjk5gw1JdTmbuRqvqeHmYlM3I+RB1sfaUrnEfevtq+MjhUVimy6Azili9ENc5a55oTWynZV46xNyEV0W8eJ6wmi7OyJURHhyB3MaE7uoa83HLAA58Fm4hLjMFHIQVjC7pzezm8rcDxXtXpO3n+lXhkAJ2lFD2eRl13z5tKZuSUMcVUDaoIXBsKqKyPInKBCnNlFoWbDmJAgX/SJmIejcDLR4FTt57W6oOU7Npu14YV+C/fSVxCBHJaaDxWTNecVGQHZlJ4VH/Hde8po6G+hPJdWVxqMPXP8f27Z1nt8rp0EzHzovBRSDHrNWiObuXYwQprj/Yg+bx3++s5RSwxL2QQHqZCJunA2HyJj36dxpmqnvY1eNtwDV/F/Gd/ispfAZ16DJoSyl/Nok7P0Ejckf/AHW62Ybj5VQRoEiJUY7je8D4n3cbwQqAXzo19waTf9Fhef6iDkzp3po73QMZNaj76b3LOt3ETwMmTuNlTeGycJ2PcXaCzjT/X/pm8ir9y/XbfWZxHK0mZNZlIXw/c6eJ6cyP7/3iBs3aDQjyVIfz84SAmy+FGQy07Suqo773+zoRNe5jl4WNRyiR0G65z8kw1+zR9n8Z7MlzhtSK7182tdHsr2TRBSdAD16m5PeCRfWUY/w/8SN7GkSO1VBuA1o8onpBAStg48jVXMTiWE0EQBEEQvgXEsO2BdHdg0LXQBZjbWzDcMNkNK1UxY8NOZoyuoGSNmt0v5XAtYDVLM5OtP/DtSSKY+YSSum1z2BY/k/ycYvTdgCSKmRvXE9h5kLeemUfh/naC1VOHdjdjdCLzN67G55McCp9Wk59bgWzhThYvsX+WV4osIgIOLGLH49PJL4ZpG3YyRWF7e1Q887etx791L0XPqtmduYXGsStZ+kK83dBoKf7RgWi2qNn2+CLK/yeK2BWJdu+rmJadT2xYCx9tW8buFYso+p0GNx/vIdWXk08MAd1vkL84iB2b3ke2YD0zg6WACc2WH7J5dhCFJ/SYq7LYNjuAzbMDegNnANfRUgx/3E5Rxjx2r0yjvDkE9S83oXLr2UPL2fQANs9WU14/UHB377I6ha8naV0slG0kP0VN3uulOM3dSUKC6gvpyNWrCNLnUfjkD3klJY3KmhbrWwGpzE+LwvhuGrlPziNvw1Zqmk1Du/bn1rBjdgCbs+yCu37nl3WWc/jneRgmpfLwqEIKXyqgKzKJIF8AV1zd2rlcuJbClWpyX9xCo3cySzP7hsTLYl9jcaI32tynyE3P4op/IqEKqd05VEx5OZ854y9RnrXIVucRzP9lNv7D+VyyA2X1WXGApU8q0R1YQ17KPPJ3HcE4Smkri2P5HLj9AXigWvkaM0ZVcOw5NTtWpHD44Hm66KuPQduGJIqZmavx+mQ7+Sk/InfNGsrPtWDu95x3Z3sLxs9NYPkco66FrrsFcAHxZOfksj0p6P7q1NTJ9ZvdmLDQ9vlN2m71O4nLg0T6dlP/aRt1DddhvJKgfv9bOI/2Y4Khiox/P8QzxVq8ox5h5URbYR5wYbT5OsV/eJ8X/uMY695rxCUkmufD7T7x7kpeWBxN5O1G/v3gMVb/5wcUNUvwsx/v/IAnc0Ld+PC9MtYduYLBbzIrJ/elMWH6I6yd4sz5D97nhf8o5bU/3WJGbDRPKrhPEtydH4CbRtocCJwBlGM8cb/ZSu89Om5Rc60DZ29PJtrVmfF/b9LWZYHb3bR1GLnpYPqCIAiCIHxziJ7ngVzdTmGK7e8988izfy8gnrCHOri4fit19SZAQ2lhJMGZ8QQpCqiy70WSmKjbt5YLtmCttbLYun3aAsJ9tXy0aTuNDUDDVk5HxrE0zPEsymYtQSUp5/CuApo6Ae1WSsLiSJkdj9c7tbT29GLWHOS0rQe49dheLj+RS+iPlFw4pEX+WCpBnQfJf70AnQVAQ9m+SEJ/EY9KVswlWw+PriyPumYTUMul/7qEetlD+Eig0QKEJREZ1k5VxhqqaqzlNDTX0jTU+uqsoPJAhTVAqj6K5sZCfIK84bLWofpoPZpFWe8rDYZ9B5nyaDIB/lI0lx3vCR24rAqCEhNxPbWGwwdLrTdTmrdT9l4sqbN/jOywhjv6uz4r4Ni+Uus2YwWXdLbtP1Agk7RQc64Cgx7Qa2i97HD2HGSiteYDdB9706RPxetiCa0fR3HNuBDPsVJo1lK3Z53d/hrKfxfPtPSp+LkUoOlWEqSOgsq1lJZae2+rcn5L2PSf9R0SnMSMyRpOp2T1ls2Qs5fgtzMIjZDSWDmMvc/34hJL5GNKdPvnUXLCNhi/WUPZuSHm857tbxRyhZSuzyppvKrBDBibz9PYmwkH2oZEiXw0GGreR9esB7QYGir6FaaDuld/RB0AtRSlFAx/fQHXa86wusb6d/HhE19431mpJOz2dXbo4dYD17kqnUzkGKi5ZreTqYnf9/Q06+oo/iyI9OAHybmq5Vb3dfb/8bpdseoo0gTzsvIHOJ83cgvwCwkhgqu8XlLLWdv3zPVzVf1ycovKsxf48JoFqOX3nwaS7uOJM0ZuOT1I/BQP6k4fZb9teHTThfOUqBYwZ5In+/VtQ64XZ68gFqtuc/ZkY9/31yA83V3A1MlN2Xh+vnQasuoyXu3sBqkr7g8AtwEsnH3vBGetlcFr+z4dct4EQRAEQRh5Ini+H74q5JYrVF3pCw7MVzQYJBEofKWgtwsauq+grf1iEOH6oBLXTg265p4tJnQNWswOB89S5L4KuF5Ba+8QRhOtDVdArcRLgi14NmHUNfUFdd1aWvUQ4KcCWvCaoMRpXCqpf0i9M3lLLbJRgN6Whr4vgDV3msDFFScJYAFXVSiyzloaBurNdbC+zO0ttuHmAF2Yu8HJVfrF9AbgNDEZ9bNJBE1SIevtbdbT6n6vo/q7R1kJZOw4KbLpubwU2++wZm9kEuzyb8JY/zF3HTxae5SLjQtRv/khgRfPo6ur5PLJIzTphzfYNHe3Ax6YLWDuNoHFhMUiReIMIEU+az1xT8bhp1Tg2tMD211u/VKQKFH4gOFibd+IixtX0beb8LS9dA1U4eUyFfX+BtT9zq0ZbR0x8LXwVeHl1kLjpbvfZHE0n/duf1o0ZRXMTN/J6nHVNNbXoq0u5uIZW/1IHGgb3e9zoWwVi9NPkvZoBY31l2g49Q519UMdsw1oDvDckgNDP84hEiarxkBzFX82A1ynusWNeJUnXOsLSG/dNNLU+91j4XpbN/h7MAZowpWI6VNZNnksSpkLzj09sFoX3AEDEvy8PaDlCjVfGIJv57aR6209F8XCTdNt+HtbYjJP/NxcmBD7Ew73q/ObHW4408YtwPkfotj/2HhrHm53cfLwYd64W+z6f5SkLwjC5U+nyKm7+xiHAf0NsNym7fOb3Oq8Lf5nFQRBEITvKPFf/FfOhHmE59lx6jcs1Ik7A1JzVRbb1hbcfbbjb8uyQJIoYrLWo2r4FUUr3qFJ1wGjVpD09sphPpEJ3d555L01+HRj5lsD/ADvrKA8bSY1EY+iCo8kcF42Mx5/hKJn0qi7MczZHYgynYR1CzEfXEveu+UYjCacZuWSuc7xmxUAZmMpRYvT0NwrAPoGGI58Gk48xe7qKFSRkSjDY4nZmMyUA8vI23fetsdgbUOP5nU1u0/EEDg1Ev9/+ikJP0nk4vp5lFR9g2Z+f8CLGeNccXeP5p01PdsANyUTTrfxid2uzr09q4AEeubslof8I89Pd+HDkjI2ftrBTTOExcznZa87T3WXOb6/4AtPdNsPH79tpOTgMfZc67+T3fGN53mh4FLPARjvVtXuD7Jq0XQmaCt5+XSrtTfdQW03u8HVDffOWt44YL2B4zfDBUwdYmi2IAiCIHzHiGee70ezBoMkEJ8Au+cdA1XILVr0zY71tnX9VUuXmxIf354tUrzGKe9+N8NNidxXhaub/UYThmY9jFHh1RvgSvEKCAS91m7iKSmu40LoXRXFLQSFjwlDkwYw0fqJFiZMxf+OtIemS3MJo1sIARMHCLyGob56mC2A010i+tEP4aNooe7dQmvgDBCgQn6vdYOHynKFa5+BfHLUl1wqC7DoaT13kLN71lC4+lc0yqIIfqhf/Uk8kPmqkI0aWkDrCKfAEHy6K6g8UIrBaL0G8gC79mfRoteBPCCkb9voiSjs8tJ1RYPhXtfd3l3bsB1Ll7WH/34K06yhtdMbv9C7r+k0pHwOwqyroO7wdsqy5lF0ogOv6ZHWz5bDbcOEsb6UC29lcfi5FE5/5o3q4dChZ0TijnysN94ejoSfQzRWyTS3Vt49dILVBdZ/GcVXaJI/SOTovt2cZZ4oe6vUmQk/cONWewfXgYkPjsal+RP2X7UGzuCM32g3u2DZQlNLB7e8f0DY/d6gM7bRZHJjku8XZpq4U3cXTTc6bP+MGPrfJXR/kFWLIgm7do6Xy/468ARfLq6M8ZAh79dItdfbuOnuxaTe9aidCRrrwa2WNq4OOXh2Ru7tjfyruK6CIAiCIHxpIni+H5+VUvMXD8JXridokgp5cDKxSTFwsdjxWXMvHOVis4qH/yUDf6UKr+j1xETefZYb2WM7WV1wnPmRd/74N54pppEYYp5LxkepwmfWeuLUHujeL7Y9v2yjSiQuMQYv36kEpaUTJKnm0ofWHhLDe3nUEcv8jRmoJqmQB0ShmpvBvMwVjgeeNYVU1oxi2os7mTY9BLlPCD6zMoiJDRm++gLAhEGnhYAoggMUOLlIoSeP7U20Gb3xi7AFe6OiiF4eN7zBM3rqDh2hKzyDxSsT8VOqkAfHELr0VRKWRjmeTPgq4pYn4z9RhUwRgv/cGLzQcu3TfjcSVOkk5ZeR+vQQ0naQuVmDwSWEwMnWNuc0cQXqufYTzWmpK6uAyHRi1VOR+0YxLS0RH/tELhfy0QXbdY+citw3BL/oFcRszCZ01J3nG6gN9+iqr8UwKoopsVORK5S4yoYQ6HaXUvl7LT5P7CRubhRePiq8whOJTrLN0D2EfA5MRdCKbKbNikKuUCKftJDQMA+6PrtqG5rvQNuQxRL9XAZB4SHIFEq8IpcQqIDWz644XtYeAfFk78rllWX3OWHYPUwKHIvccJ1KbUdv0PlJQyN1nZ5MVdkFqk5j+MmsiUySy5gU9jDxvreorNVxC2j6HyN4jSHCHUDCmKApxPve+WFsqq2lGn+eiQtihkLGGLknEVMmE3dHI7sH818p/lMHyn+MZlWIF34eMiYolcTHRLPc38E03MawclE0kaYr7PuTkTE+nkzy8WSCQkb/pz3kIVH8esVjPDPhznLc+vQvfNjhydyYICK8PAgLe5ifjL9FZc1nQ59pWz6HNTm5/PrZGQ71yguCIAiC8PUSw7bvh6WWs9lrcHshg7idydall6rzKNpVcPdnXO+aRgWnN23FPTOdpb9JtS5V9f55fCKH0BOrL+BwloL5z6aT8ptsMGppPLGWYwfsll/ChLHyCK3Ts0l9WolZV8HZV9dxoSdovVHMsRddiVm5gvnb03uX4LlStpcuC33B6T1pqMpKwZK2gRnrDhHnBsbmCj7aY5vsaDjqy8Z4IofT4dnMefMc81zslqrqLuXktgIS0vN5foGJrnYtmqMHaZy0sO/g6Fwys2P7egYnHeflJPqWP3Lg/OaqLPK3dBCXnMHSBOsST4aGamredWxSMwA+N+EankRCwnpkbtDVXM3FbWs463ASKqLfLCNmUt+WxSUNQM/yWw4MAa7P4dg+FfPXniQTE8br1Xx0ohy/xL5djKVrKfLbSVz6IVZLtGiOFFP3UCqulp42qqFqs+26Zx4gTgZdeg1N1e9wudPRsvTkJ49jB0JISDvE6hfslyAbrKy1WIdLL+Otm5uIWZZL6nPWpaoaj261TdA0HPlsx/yAiikrF6JWeODUrUd3bjdFuaW9jzsM2jYsHZgVMcRsSEU+SmpdWu7YGo6duI9nnr8qD3gS6S/DoL1+x/BsbrdR3dzNnIl+jDln/aTcutHI6VsTWPfP03G3dFBdcZo9V62DrK//+b/JV/wjKcsXkWLq5kbLJ5ysN7LEwy7Nm1peL3qAlFmhPJM4BTldNF1rpOiq49n95Owf2dz9ME9GzuJ1tQt0GtFea6LY0ahV/nUU4rMAACAASURBVCBTR0twfyCEtcvsbh6Ztex48wwf3vVZln7MreQfqcBZPZm1/zwFOtuoPvUBe+5njWf3v0cGtN0wOLbGtCAIgiAIX6u/Gz9+/N8CAgJoaGgY6bzwTcnHSPFaUUZq+BFy098YprVBbes8X0+7Y0knQbgvboksfns9na9O5/jXNZO28I3kNz2W14O0rCuovTPIFr4Ud/Uv+M1PXTiQuZ6j93iOWxAEQRCEkSGGbY8gefQKQqeFIJN54DopmZg5SnSn3xumwFkQviS3KEIT4vHxVeAkU6FKSsK/s5xLF0XgLAjDz5mw0Am0nXmLEhE4C4IgCMI3khi2PYKcFBFEJq5m/mgP65Dr0rUUvTv4LM6C8PXwYOzsDNRP70TmYsKoKac8eyONQx2SLQiCA25xdkey7VEDQRAEQRC+icSwbUEQBEEQBEEQBEEYhBi2LQiCIAiCIAiCIAiDEMGzIAiCIAiCIAiCIAxCBM+CIAiCIAiCIAiCMAgRPAuCIAiCIAiCIAjCIETwLHwPqYh+s47U5SEjnZEvLzqXzOO5BLmMdEa+7yT8aMESDr+wlMMvLOU/H3sQ5wH3lfGTZUvYPsPja8yfIAiCIAiC8GWJ4HkgwdmsLvkPQl2k+GeeI3NjvFjXa8RJ8X/hHC+9lozrl0qnHd35UjQNHcOUrxGkr+byqWoMlpHOyAj7Oj6vDzzI82kJrBoPzkHRvLNiCmG936AWPjz6Dgmvv8OOvwx2MUw0NTZSo+8e7hw6bMw0Ne8kBjLmAU+WJy9hU9jAob4gCIIgCIJgJeJB4XtIj2bvGr4TK2rX7+X4tpHOhDA0tzhbcU6s5ysIgiAIgvAtI4Ln+6WIJea5DMIjVMgsenTnfkvJrjdoarfbJzqXzA1SyrfUErg8Gf9xUsz6Ck5mPMUFHTgFJBObmU6YyoOuxlIq/6wkJvIKhcnraHKwJ9E1fBVxz/6UIH8FtGtofG87x/JLMVoAFEx57TSP3D5CnVsUQeNG4WS8RFXOGsrP6XvTcFImEpO+ivDJSlwtenSVv+XYrjfQGQGXWOa9vRPP0t20hScSPM4bdOWcfGUNF66a+jIim8qUtA3MiAzByw2M2go+2ruWMz3nGaS+ZImHWD1Xy+kzCsLUEcjdOmg6sZGi3FK6kKLacI6lj/YMc80m84/ZABhPPMWO18utaUSvJ25ZLH7jvJFJTBjqy6nM3UhVfU8Ps5IZOR+iDra+0hXOI29fbV8ZHCqrFFl0BnHLF6IaZ61zzYmtlOwrx9ibkIroN48TVpPFWdkSoqNDkLuY0B1dQ15uOeCBz4JNxCXG4KOQgrEF3bm9HN5W4HgP8vSdPP9KPDKAzlKKHk+jrrcjU8mMnDKmmKpBFYFrQwGV9VFELlBhrsyicNNBDCjwT9pEzKMRePkocOrW01p9kJJd2+3asAL/5TuJS4hATguNx4rpmpOK7MBMCo/q77juPWU01JdQviuLSw2m/jke0L3bMCBREZr+GjNnheAlgy69hsajGyk6eN7hc/Rw9pDj6QptLQZuDfnoL8uV+MQElvtaX31ScYKMs/ajHyTMiV/E8r/VcuS2krnjPXA3d3Cq/APe+EuXdRfFZHYvHcPJfWUU2w6NUCewVnaeJw9/yi0XL1Y+8Shhn73PCx+0cgtw9gpi8xOBXC8tZYfm6y+1IAiCIAjCd4UYtj2Q7g4Muha6AHN7C4YbJsy9b6qYsWEnM0ZXULJGze6XcrgWsJqlmcnWYMaeJIKZTyip2zaHbfEzyc8pRt8NSKKYuXE9gZ0HeeuZeRTubydYPXVodzNGJzJ/42p8Psmh8Gk1+bkVyBbuZPES+2d5pcgiIuDAInY8Pp38Ypi2YSdTFLa3R8Uzf9t6/Fv3UvSsmt2ZW2gcu5KlL8TbDY2W4h8diGaLmm2PL6L8f6KIXZFo976Kadn5xIa18NG2ZexesYii32lw8/EeUn05+cQQ0P0G+YuD2LHpfWQL1jMzWAqY0Gz5IZtnB1F4Qo+5KottswPYPDugN3AGcB0txfDH7RRlzGP3yjTKm0NQ/3ITKreePbScTQ9g82w15fUDBXf3LqtT+HqS1sVC2UbyU9TkvV6K09ydJCSovpCOXL2KIH0ehU/+kFdS0qisabG+FZDK/LQojO+mkfvkPPI2bKWm2TS0a39uDTtmB7A5q5SuAcoh6yzn8M/zMExK5eFRhRS+VEBXZBJBvgCuuLq1c7lwLYUr1eS+uIVG72SWZvYNiZfFvsbiRG+0uU+Rm57FFf9EQhVSu3OomPJyPnPGX6I8a5GtziOY/8ts/B19BtuBNiybm838WVDz6iJ2JM+jcNc7XOvsN3D/np/XHs7MePbX5OasYY7cwfzdeRLa2o3cNAO3urj+eTdDG3jdRfHBt0h4/Rj7dQPfJXEfp2R0zQekvHGIl/9kYVbMZGY42ji6W8n/Qy3doZGsHO8MTp4s+b8hyC+fY4994Gzq5PrNbkxYaPv8Jm23bg+pJIIgCIIgCN9Houd5IFe3U5hi+3vPPPLs3wuIJ+yhDi6u30pdvQnQUFoYSXBmPEGKAqr0dvtKTNTtW8sFW7DWWlls3T5tAeG+Wj7atJ3GBqBhK6cj41ga5ngWZbOWoJKUc3hXAU2dgHYrJWFxpMyOx+udWlp7fp/XHOS0rQe49dheLj+RS+iPlFw4pEX+WCpBnQfJf70A6+95DWX7Ign9RTwqWTGXbNGBriyPumYTUMul/7qEetlD+Eig0QKEJREZ1k5VxhqqaqzlNDTX0jTU+uqsoPJAhTUYrD6K5sZCfIK84bLWofpoPZpFWe8rDYZ9B5nyaDIB/lI0lx3vCR24rAqCEhNxPbWGwwdLrcFZ83bK3osldfaPkR3W2PU+A58VcGxfqXWbsYJLOtv2HyiQSVqoOVeBQQ/oNbRedjh7DjLRWvMBuo+9adKn4nWxhNaPo7hmXIjnWCk0a6nbs85ufw3lv4tnWvpU/FwK0HQrCVJHQeVaSksrMANVOb8lbPrP+g4JTmLGZA2nU7J6y2bI2Uvw2xmERkhprBy8zh1pw67e3tBegaa6FqMFjDoNuv4J3evzOlxut7LvQE8Lq2L11a/iJHCr+Qr7P7XeEqmv+yva6UomyuFsq4PH62rZUfEgr6ofxvCpJ/FOn7D59HVu2u1zveYMq2usfxcfPjG8BRAEQRAEQfiOEsHz/fBVIbdcoepKX3BgvqLBIIlA4SsFvV3Q0H0Fbe0XgwjXB5W4dmrQNfdsMaFr0GJ2OHiWIvdVwPUKWnu7v0y0NlwBtRIvCbbg2YRR19QX1HVradVDgJ8KaMFrghKncamk/iH1zuQttchGAXpbGvq+ANbcaQIXV5wkgAVcVaHIOmtpGKg318H6Mre39A3VpQtzNzi5Sr+Y3gCcJiajfjaJoEkqZL29zXpa3R1OgnuWlUDGjpMim57LS7H9Dmv2RibBLv8mjPUf3xlM96g9ysXGhajf/JDAi+fR1VVy+eQRmvSOB/iOMHe3Ax6YLWDuNoHFhMUiReIMIEU+az1xT8bhp1Tg2tNT3F1u/VKQKFH4gOFibV8P7o2r6NtNeNpeugaq8HKZinp/A+p+59aMto4YuDfH2nBr+RGaHvsZKQURNNZUo/34Ay6VlmMY8nxbtzj96hOcHuphX7Pu/+3s69G2dHMLZ5yH+E3ddL6SooAfszzkJsVv/5makZubTBAEQRAE4TtDBM9fORPmEZ4J2Rr42b3mzoDUXJXFtrUFdxnmCnxblkCSRBGTtR5Vw68oWvEOTboOGLWCpLdXDvOJTOj2ziPvrcGnGzPfuvuAajorKE+bSU3Eo6jCIwmcl82Mxx+h6Jk06m4Mc3YHokwnYd1CzAfXkvduOQajCadZuWSuc/xmBYDZWErR4jQ0X2VwdvUNCpPfwz/yEfzCYgh7OpnIf9pC3tq9GL7C036ruXkyYbQEcGfCGDesExgIgiAIgiAIX4Z45vl+NGswSALxCegLNJwCVcgtWvTNjvUedv1VS5ebEh/fni1SvMYp7343w02J3FeFq5v9RhOGZj2MUeHVG+BK8QoIBL3WbuIpKa7jQuh9xNMtBIWPCUOTBjDR+okWJkzF/460h6ZLcwmjWwgBEwcIvIahvnqYLYDTXSL60Q/ho2ih7t1Ca+AMEKBCLvnirvfNcoVrn4F8ctSXXCoLsOhpPXeQs3vWULj6VzTKogh+qF/9STyQ+aqQjRpaQOsIp8AQfLorqDxQisFovQbyALv2Z9Gi14E8IKRv2+iJKOzy0nVFg+Fe193el2rDgFFDY9lezrz+JHm7SmFyDAFfmGBgcM5yb7zHyu+xBvOXZaHbbMGl/x2rYUveQjcSZL0XxRnPv3fuVx5X5vzfaUTcuMDG319DGR3JT7zu73Tucm+8f+D+FdaXIAiCIAjCt4cInu/HZ6XU/MWD8JXrCZqkQh6cTGxSDFwspk4/+OEAXDjKxWYVD/9LBv5KFV7R64mJVNx1V9ljO1ldcJz5kXcGKcYzxTQSQ8xzyfgoVfjMWk+c2gPd+8XcMR+RKpG4xBi8fKcSlJZOkKSaSx9ahyYb3sujjljmb8xANUmFPCAK1dwM5mWucDzwrCmksmYU017cybTpIch9QvCZlUFMbMjw1RcAJgw6LQREERygwMlFCj15bG+izeiNX4Qt2BsVRfTyuOENntFTd+gIXeEZLF6ZiJ9ShTw4htClr5KwNMrxZMJXEbc8Gf+JKmSKEPznxuCFlmuf9ruRoEonKb+M1KeHkLaDzM0aDC4hBE62tjmniStQz7WfaE5LXVkFRKYTq56K3DeKaWmJ+NgncrmQjy7YrnvkVOS+IfhFryBmYzaho+4835dpw14LsolZEIuPrxKZbxRh0SG46jVc6xxqqZ2Z8S//j9xd9zthmGMarneA7wQeGytD7u6K+3CO7+loo8nkwdR/8MQZcB8bTJzyzkbuNyWK5Q/eYF/ZFWr+8hH/rnFlSdxkJg01H5IA4rNyyf23nxL2Fd0LEARBEARB+DYRw7bvh6WWs9lrcHshg7idydall6rzKNpVcPdnXO+aRgWnN23FPTOdpb9JtS5V9f55fCKH0BOrL+BwloL5z6aT8ptsMGppPLGWYwfsll/ChLHyCK3Ts0l9WolZV8HZV9dxoSdovVHMsRddiVm5gvnb05FJOjA2X+JK2V66LPQFp/ekoSorBUvaBmasO0ScGxibK/hoT4GtrMNQXzbGEzmcDs9mzpvnmOdit1RVdykntxWQkJ7P8wtMdLVr0Rw9SOOkhX0HR+eSmR3b12s86TgvJ9G31JMD5zdXZZG/pYO45AyWJliXeDI0VFPzrmOTmgHwuQnX8CQSEtYjc4Ou5moublvDWYeTUBH9Zhkxk/q2LC5pAHqW3+oY4Dg79Tkc26di/tqTZGLCeL2aj06U45fYt4uxdC1FfjuJSz/EaokWzZFi6h5KxdXS00Y1VG22XffMA8TZlpFqqn6Hy44Gtg60YXOnFL/ETUxLU+BKB4b6co5v2c49JqweUddrqtjvG8XixPksf8DC2eOHeO0vFpwnRpEfP57eR/B95nI4Cuj+lNd+XcHZuz430Y/5rxwob+TFGDX7f9iJtvkTzjd2obR1DTsrQnj+n0ZRc7KEkx0Atzhbfo5T/zyL9JnXWVd+58Rh9+bC37sCBgMtQ6kAQRAEQRCE76i/Gz9+/N8CAgJoaGgY6bzwTcnHSPFaUUZq+BFy098Ypmc5bes8X0+7Y0knQbgvboksfns9na9O57gDM2kL33K+i/jVjniuv5HGtlOOh9yCIAiCIAjfVWLY9giSR68gdFoIMpkHrpOSiZmjRHf6PTEJkvDN4BZFaEI8Pr4KnGQqVElJ+HeWc+miCJy/D9xDw/BrLuXdMyJwFgRBEARBADFse0Q5KSKITFzN/NEe1uGqpWspenfwWZwF4evhwdjZGaif3onMxYRRU0559kYah/yssfBtdPO9X/DEeyOdC0EQBEEQhG8OMWxbEARBEARBEARBEAYhhm0LgiAIgiAIgiAIwiBE8CwIgiAIgiAIgiAIgxDBsyAIgiAIgiAIgiAMQgTPgiAIgiAIgiAIgjAIETwL30Mqot+sI3V5yEhn5MuLziXzeC5BLiOdkW8CKV4JuaT9ro6X/9jAy2+uQj7SWfrek/GTZUvYPsNjpDMiCIIgCILwpYngeSDB2awu+Q9CXaT4Z54jc2O8WNdrxEnxf+EcL72WjOuXSqcd3flSNA0dw5SvEaSv5vKpagyWkc7IN4BsITFPR2E4uIwdj09nW8beb+Ga6R5MeaWOtJVTQbGKlJLjRCuH/yxjpql5JzGQMQ94sjx5CZvCnIf/JACYaGpspEbf/RWlL2FOwhJ2R3vC/wnk1X+N5SfijokgCIIgCF8REQ8K30N6NHvX8J1YUbt+L8e3jXQmviE8/ZBLWtBUncfYPtKZEaxucbbiHGdHOhuCIAiCIAjDQATP90sRS8xzGYRHqJBZ9OjO/ZaSXW/QZP+jPTqXzA1SyrfUErg8Gf9xUsz6Ck5mPMUFHTgFJBObmU6YyoOuxlIq/6wkJvIKhcnraHKwJ9E1fBVxz/6UIH8FtGtofG87x/JLMVoAFEx57TSP3D5CnVsUQeNG4WS8RFXOGsrP6XvTcFImEpO+ivDJSlwtenSVv+XYrjfQGQGXWOa9vRPP0t20hScSPM4bdOWcfGUNF66a+jIim8qUtA3MiAzByw2M2go+2ruWMz3nGaS+ZImHWD1Xy+kzCsLUEcjdOmg6sZGi3FK6kKLacI6lj/YM/cwm84/ZABhPPMWO18utaUSvJ25ZLH7jvJFJTBjqy6nM3UhVfU8Ps5IZOR+iDra+0hXOI29fbV8ZHCqrFFl0BnHLF6IaZ61zzYmtlOwrx9ibkIroN48TVpPFWdkSoqNDkLuY0B1dQ15uOeCBz4JNxCXG4KOQgrEF3bm9HN5W4HgP8vSdPP9KPDKAzlKKHk+jrrdzT8mMnDKmmKpBFYFrQwGV9VFELlBhrsyicNNBDCjwT9pEzKMRePkocOrW01p9kJJd2+3asAL/5TuJS4hATguNx4rpmpOK7MBMCo/q77juPWU01JdQviuLSw2m/jkemCyZpUXpfJ6zHdOjqwh/SIlTt5aa1+dx/FQHoMBv6Sbi4mPwGg1mXTUXf5NF2Snb7Y9J2aS9mYyXLTmfPQ1EA9T/it3PvuFQ7/O925+tLu5VXy6JLC3OwPViC/IwJcayPVx+8KfMnAyN+1J466C1nd3zszYUEnfkP3CHm20Ybt4a4sGDeGAMz6fOwrP2Am3KICJ+4AYdTez//X9T0trTQJ0JmxHFqogxjKaTugufcDMkBPezh9lYcwtwJT4xgeW+1r0/qThBxln7kR4S5sQvYvnfajlyW8nc8R64mzs4Vf4Bb/zFWuNjQmax/Uewf/8pSjqs55wRG0u65ydsPFjLJ7eHt9iCIAiCIAiDEcO2B9LdgUHXQhdgbm/BcMOEufdNFTM27GTG6ApK1qjZ/VIO1wJWszQz2RrM2JNEMPMJJXXb5rAtfib5OcXouwFJFDM3riew8yBvPTOPwv3tBKunDu1uxuhE5m9cjc8nORQ+rSY/twLZwp0sXmL/LK8UWUQEHFjEjsenk18M0zbsZIrC9vaoeOZvW49/616KnlWzO3MLjWNXsvSFeLuh0VL8owPRbFGz7fFFlP9PFLErEu3eVzEtO5/YsBY+2raM3SsWUfQ7DW4+3kOqLyefGAK63yB/cRA7Nr2PbMF6ZgZLAROaLT9k8+wgCk/oMVdlsW12AJtnB/QGzgCuo6UY/ridoox57F6ZRnlzCOpfbkLl1rOHlrPpAWyeraa8fqDg7t5ldQpfT9K6WCjbSH6KmrzXS3Gau5OEBNUX0pGrVxGkz6PwyR/ySkoalTUt1rcCUpmfFoXx3TRyn5xH3oat1DSbhnbtz61hx+wANmf1BHdfLIess5zDP8/DMCmVh0cVUvhSAV2RSQT5Arji6tbO5cK1FK5Uk/viFhq9k1ma2TckXhb7GosTvdHmPkVuehZX/BMJVUjtzqFiysv5zBl/ifKsRbY6j2D+L7PxH/Iz2B4EL1sCR9PYHf9Ddr+4HU2LtRxeSfksjffgcu5T5KYsoqi4g6DMXKIn2fJSn0Xu7AA2L89B162hfIW1bWx2MHDuMXD7c6y+wAM+3spbv6lGvmAlyrP/Qn6BFr+5S/CR4OBnDTrbWzB+bgLL5xh1LXTdLUgMiCc7J5ftSUFDqeQ+pk6u3+zGhIW2z2/Sdqv/SSSE/YMn1Sd+zz//+vcUfT6WlH/yw932rvyhf2TtdBk15WW8sL+Saq8JzHCX2B3fRfHBt0h4/Rj7dQPfEXIfp2R0zQekvHGIl/9kYVbMZGbYPgjXa/+bPdrRPPnjQPweAHnQwzwz8SZFJXcGzsb/vUlblwVud9PWYeSmCKoFQRAEQfiKiJ7ngVzdTmGK7e8988izfy8gnrCHOri4fit19SZAQ2lhJMGZ8QQpCqjS2+0rMVG3by0XbMFaa2Wxdfu0BYT7avlo03YaG4CGrZyOjGNpmONZlM1agkpSzuFdBTR1AtqtlITFkTI7Hq93auntJKo5yGlbD3Drsb1cfiKX0B8puXBIi/yxVII6D5L/egHW37gayvZFEvqLeFSyYi7ZejN1ZXnUNZuAWi791yXUyx7CRwKNFiAsiciwdqoy1lBVYy2nobmWpqHWV2cFlQcqrMFg9VE0NxbiE+QNl7UO1Ufr0SzKel9pMOw7yJRHkwnwl6K57HhP6MBlVRCUmIjrqTUcPlhqvZnSvJ2y92JJnf1jZIc13NGB+FkBx/aVWrcZK7iks23/gQKZpIWacxUY9IBeQ+tlh7PnIBOtNR+g+9ibJn0qXhdLaP04imvGhXiOlUKzlro96+z211D+u3impU/Fz6UATbeSIHUUVK6ltLQCM1CV81vCpv+s75DgJGZM1nA6Jau3bIacvQS/nUFohJTGyiH0PkukGMu3UHbKNhKgvpg6AJdYZixQ0vibFM6csjYUw6GtVM4s4+FZIZypP/8l6qife7a/QeoLgBYaq6rRdURi6Pam4dx5dLJqjE+qkEuga7DPmhGgg7pXf2QtO7UUpRQMX/nsXK85w+oa69/Fh0/cdZ9PLn3Mhx0WwMjJv7TyZJSCCQ98Ss1tVyJDHgRNJXs+buMW0PTBFSInTBlyPm41X2H/p9bbP/V1f0U7XclEOZxtBejiw7L/JiwpkudnudH2D2O4+kEJxXfcEbFw9r0TtmHhHby279Mh50EQBEEQBMFRIni+H74q5JYrVF3pCw7MVzQYJBEofKWgtwsauq+grf1iEOH6oBLXTg265p4tJnQNWswOB89S5L4KuF5Ba+9wXROtDVdArcRLgi14NmHUNfUFdd1aWvUQ4KcCWvCaoMRpXCqpf0i9M3lLLbJRgN6Whr4vgDV3msDFFScJYAFXVSiyzloaBurNdbC+zO0ttuHmAF2Yu8HJVfrF9AbgNDEZ9bNJBE1SIevtbdbT6n6vo/q7R1kJZOw4KbLpubwU2++wZm9kEuzyb8JY/zF3HY1be5SLjQtRv/khgRfPo6ur5PLJIzTphxBs/n/27j8uqutO/P+rGWBgneJoGRwroxCHFUUMirXCB2uJzhaqBok11OQLq43YJcHGhBINbmTRaszDmpCVhDyiKRY2Ngat4o9KShpqdMFViG6RiHUMJAPJ6FAd6bgwOJN+/xiQ0YAMhohJ3s/HI4+Hc+fec88591wy73vOPccDjo4rgD8OJzg67OC043QqUXgDKFHPzCbhkQSCdBp8u3qKOypcfxQUOjRasJ6q6x5xcek8lit2hnV+9A3VE+AzBcMbDRhuOrdxuGvEgMecrZjr6z6/fUQ4I4f6o806zrNZN37Vbg78/P5fwK3bXx/1BYCda+126GjHgR1HG+ADDoUSL4Wy73utP0O3jTt44qEdt1NMDzm5bGu7/qnD6QSve1w9z/eo0A2FCx+5AmcAbJcxtTkZ0c+zdPxfG9f/fDk7uIY33u7/V7J/wmtvf8SWBeGM+LCSjLqex1kIIYQQQtwJEjx/6ew4BnkmZC/FTZ+5MSB1VOewaWWR27B0N1+VJZAUMcTlZKNv+DUlS9+iydwKQ5eS8uayAT6RHfO2uWz9Xd/TjTmu9fJDv62SivQZ1Ebdjz4ymtC5uUx/8IeU/Dyd+ksDnN3e6DJIWjUfx86VbN1VgdVmx2tmAVmrPH9YAeCwlVGyMB3jF55M2U57b3GR08SxTAPltQP7cKFfbru+bszzLe810SPdyGEMBxiuQefzEdYva+JuIYQQQog+yDvPt6PZiFURijak+4ezV6getdOEpdmzH/jtn5ho99OhHdW1RUnAaF3PTzP8dKhH6fH1c99ox9psgRF6Aq4HuEoCQkLBYnKbeEqJ7+jw7vVu/cLRaO1Ym4yAnZYPTXDvFIJvSLt/2o2nsfmFEzK2l0BiAOqri8MJePUQ0Q+fgFZzkfpdxa7AGSDENVx2wDjP8enHoJ4U8wWXygKcFlqO7+TYaysoXv5rGlUxjJ9wU/0p/FGN0qMa2r+A1hNeoeFoOyqp2lGG1ea6BuoQt/bnNGExgzokvHvb8LFo3PLSfs6I9VbX3V2PbdgDF+r4tC2QoIkDsV6TEl+tHrWm/2sO91lffRqYe+06xRDUIwMJ9P+ylpi6hc9smC7DiIBhXD/7kGHo/AbyZnPxHjmJJ6f5cHhvOaUdY3g87rv0ayDJ9YSGoA4MRD0QdS+EEEKIbywJnm/Hx2XU/tWfyGXZhI3Tox6fSnxKHJwqpd7S9+EAnNzHqWY93/u3TIJ1egJis4mL1vS4q+rHeSwvOsC86BuDFNvRUhqJI+6JVLQ6PdqZ2SQY/DG/W8oNc/Tok0lIjiNg1BTC0jMIU9Rw+j3X0GTr21upJ555azLRj9OjDolBPyeTuVlLPQ88a4upqh3K1KfzmDotHLU2HO3Mfp2V9gAAIABJREFUTOLiwweuvgCwYzWbICSG8SEavHyU0JXHK01ctgUSFNUZ7A2NIXZxwsAGz1io372X9shMFi5LJkinRz0+jomLNpK0KMbzZCIfJ2FxKsFj9ag04QTPiSMAE59+dNODBH0GKYXlpD3aj7Q95Gg2YvUJJ3SSq815jV2KYY77RHMm6ssrITqDeMMU1KNimJqejNY9kTPFnDjZed2jp6AeFU5Q7FLi1uQyceiN5+utDfepo4LqfUa0P80jYU4cAaP0aKcmMvWJ3xDX37QUMczeUs7y5zII6Ge76Lu++jYg91qXkERyXyrguYdvc8KwL6SdqjOfgH4Sy8KGMcJ/GAkzQ7l3oE+jHMGyhDD43//htcYW3iirw6r/Phlh/X905f39x3i1oICnZ8ki0EIIIYS4fTJs+3Y46ziWuwK/pzJJyEt1Lb1Us5WSl4o8f23RWcmRtRsYkpXBotfTXEtVvfs+2uh+9MRaitiTo2HeYxkseT0XbCYaD65k/w73d0ft2Kr20jItl7RHdTjMlRzbuIqTXUHrpVL2P+1L3LKlzNucgUrRiq35NOfKt9HupDs4vSUj1TlLcKavZvqq3ST4ga25khOvdU52NBD11cl2MJ8jkbnMfuU4c33clqrqKOOdTUUkZRTy5AN22q+YMO7bSeO4+d0HxxaQlRvf3Ws87gDPptC91JMH53dU51C4vpWE1EwWJbmWLLI21FC7y7NJzQD4ux3fyBSSkrJR+UF7cw2nNq3gmMdJ6Il9pZy4cd1bFh5qALqW32rt5Tg3Z/PZv13PvJXvkIUd24UaThysICi5exdb2UpKgvJIyNjNcoUJ495S6iek4evsaqNGqtd1XvesHSSooN1ipKnmLc609XjW22DHvH0Jxfa1GB7OI+0Jf7hiwny2ghNNd3AYtwf11ae+7rWvEOsH/8Pz6hgenxXP7G/ZqH3/Q2quhjPkM9dU195jYyhMHNPdS6ydw54YoOMjnn+1kmN9jlv3ZnpcDDOv1fNsVYvr3epL9eRXfpeNcd8n4ZOu5as84zNkCHCVy5eu9rOkQgghhBDdvjVmzJh/hISE0NDQMNh54W7Jx2AJWFpOWuReCjL6t8RO7zrXeb6QfsOSTkLcFr9kFr6ZTdvGaRzoz0za4uvPR8fKtKl0HNzDi42DnZmbeTP9ydfJGl3GL3+5g4av2IMKIYQQQtw9ZNj2IFLHLmXi1HBUKn98x6USN1uH+cjbAxQ4C/EF+cUwMSkR7SgNXio9+pQUgtsqOH1KAudvPK9hzL7vu4zz98bbR0XUtDAiOpp575PBzlgPFGFM/OdrHNtdKoGzEEIIIb4QGbY9iLw0UUQnL2fecH/XkOuylZTs6nsWZyHuDH9GzsrE8GgeKh87NmMFFblraBywIdniK+seH4ImRLF4hoohXh1YL3xKyf4aau7GmbCdtWxLf3SwcyGEEEKIrwEZti2EEEIIIYQQQvRBhm0LIYQQQgghhBB9kOBZCCGEEEIIIYTogwTPQgghhBBCCCFEHyR4FkIIIYQQQggh+iDBs/gG0hP7Sj1pi8MHOyNfXGwBWQcKCPMZ7Ix8UygJyniPZzYvxXcQzq5asJtn/9Tg+u+NjQQpBiETQgghhBDfUBI892Z8LssP/YaJPkqCs46TtSZR1vUadEqCnzrOM8+nfsHA5Qrm98swNrQOUL4GkaWGM4drsH7d168dvpSUQ+9hiFB+SSfQEby4gLQ3/5dn/lhPVsl7LMnNRq+5eT87trMV1J46j+NLysmt2HYvYN2sEDblv9/7+X3iSfr9ceZOU+Jl+A3PfElB9oipBt5KDmXEPcNYnPoQayO8b9xBO5lXfxHLD7wgypDEf/34u3j3nJQQQgghxFeCxIPiG8iCcdsKvhYrap/dxoFNg52Jr76AlAIWJcGp11eyv+4iXoETCY6dgFoFWG7c11qew4FByaUQQgghhBhMEjzfLk08cU9kEhmlR+W0YD7+Ww699DJNV9z2iS0ga7WSivV1hC5OJXi0Eoelkncyf8ZJM3iFpBKflUGE3p/2xjKq/qIjLvocxamraPKwJ9E38nESHvtXwoI1cMVI49ub2V9Yhs0JoGHy80f44Wd7qfeLIWz0ULxsp6nOX0HF8e6IwEuXTFzG40RO0uHrtGCu+i37X3oZsw3wiWfum3kMK9vC5chkxo8OBHMF7zy3gpPn7d0ZUU1hcvpqpkeHE+AHNlMlJ7at5GjXefqoL1XybpbPMXHkqIYIQxRqv1aaDq6hpKCMdpToVx9n0f3+nSfLJetPuQDYDv6MF1+ocKURm03Cw/EEjQ5EpbBjPVtBVcEaqs929TDrmJ7/Hobxrk/m4rls3V7XXQaPyqpEFZtJwuL56Ee76tx4cAOHtldgu56QnthXDhBRm8Mx1UPExoaj9rFj3reCrQUVgD/aB9aSkByHVqME20XMx7exZ1OR5z3I0/J48rlEVABtZZQ8mE59R9eXOqbnlzPZXgP6KHwbiqg6G0P0A3ocVTkUr92JFQ3BKWuJuz+KAK0Grw4LLTU7OfTSZrc2rCF4cR4JSVGouUjj/lLaZ6eh2jGD4n2WG657VxmtZw9R8VIOpxvsN+e4V76RjzPvsX9FH6yBNgtW4yEqNuZQbwFGZZJWmIG2s+c0OK+e6QDO9zn00wVUX+pOo9f7wCeRpJLnUR3eiSMigaDhStobDlG+KYf6ZjugR/99Pe2H0zm0z9WWOP8+TVXuuVSiXXaAtGS96+Op9WzK3Eb7DSXpo77G5ZKeF0Xj9tMEzEkgSKPEdmore9Zupqmtszr7bMMDyE9N4Lfh6mUrV68NfPJCCCGEEF83Mmy7Nx2tWM0XaQccVy5ivWR3GyapZ/rqPKYPr+TQCgNbnsnn05DlLMpKdQUz7hRRzPipjvpNs9mUOIPC/FIsHYAihhlrsglt28nvfj6X4jeuMN4wpX9PM4YnM2/NcrQf5lP8qIHCgkpU8/NY+JD7u7xKVFFRsGMBLz44jcJSmLo6j8ldw1GHJjJvUzbBLdsoeczAlqz1NI5cxqKnEt2GRisJjg3FuN7ApgcXUPG3GOKXJrt9r2dqbiHxERc5selhtixdQMnvjfhpA/tVX17aOEI6XqZwYRgvrn0X1QPZzBivBOwY19/HullhFB+04KjOYdOsENbNCrkeOAP4Dldi/dNmSjLnsmVZOhXN4Rh+tRa9X9ceJo5lhLBuloGKs70Fd7cuq1dkNimr4qF8DYVLDGx9oQyvOXkkJek/l47a8Dhhlq0UP3Ifzy1Jp6r2ouurkDTmpcdg25VOwSNz2bp6A7XN9v5d++MreHFWCOtyym4K4LrPr2qrYM+/b8U6Lo3vDS2m+Jki2qNTCBsF4Iuv3xXOFK+keJmBgqfX0xiYyqKs7iHxqvjnWZgciKngZxRk5HAuOJmJGvdh03omP1vI7DGnqchZ0FnnUcz7VS7Bnr6DrYhhRtZyAj7cTOGSH1CwYgUVxy/i6Bpm3LyZrf8SwrqF62nsMHFsRRjrZoWw7l+6A2dP74PgqEBOPjPDdV0v3U/S6gwCFABXsP8dfPXRaD93A3exY37NwLpZYRTuMfU4ZLrv+gIU4YRFGDn08/t4LjWHppA0DPO7207fbdgDTju2lotc7QBH20WsFkuP+VXPepqCgld57Pu3OZja3saFqx3YcXL571e5fO2zG793tHGxtZ2Oz6Cjzcbl//u6v1sghBBCiK876XnuzfnNFC/p/Pdrc9nq/l1IIhETWjmVvYH6s3bASFlxNOOzEgnTFFHtPsxTYad++0pOdgZrLVWlru1THyBylIkTazfT2AA0bOBIdAKLIjzPomrmQ+gVFex5qcjVc2XawKGIBJbMSiTgrTpaun6r1u7kSGcPcMv+bZz5aQETf6Dj5G4T6h+nEda2k8IXijA7AYyUb49m4n8koleVcrqzN9NcvrWzl66O0/99GsPDE9AqoNEJRKQQHXGF6swVVNe6ymltrqOpv/XVVknVjkpXMFizD+Ol+WjDAuGMyaP6aNmXQ/n1T0as23cy+f5UQoKVGM943hPae1k1hCUn43t4BXt2lrkCkubNlL8dT9qsH6HaY3TrfQY+LmL/9jLXNlslp82d27+jQaW4SO3xSqwWwGKk5YzH2fOQnZbaP2P+IJAmSxoBpw7R8kEMn9rmM2ykEppN1L+2ym1/IxW/T2RqxhSCfIowdugIM8RA1UrKyipxANX5vyVi2i+7DxmfwvRJRo4sybleNmv+Nsa/mcnEKCWNVR7UuUKHejhYa9/F3GwBTFgbKvtV0j7vg879zOX51Jtd7e/0zr3MyIsnIngzFect1G7/Nfo1vyStZD4tH5ymsfbP1B7cSZPF03bjQX0BYOL0zmJa2oC2vdTWZrMwLBwvjDgYoDbsrKB8WddDpVUUHPWwCP10ofYoy2td/y7dc/DzO7TUs2Z757+PlrP8y8mGEEIIIcQdI8Hz7RilR+08R/W57h+zjnNGrIooNKOU4P6Du+McprrP/+j1/a4O3zYj5uauLXbMDSYcHgfPStSjNHChkpbrw3XttDScA4OOAAWdwbMdm7mpO6jrMNFigZAgPXCRgHt1eI1OI+2PaTcm76xDNZTO9z3t2CzdAayjzQ4+vngpACf46ieiaqujobfeXA/ry3HlYudwc4B2HB3g5ev5BFFeY1MxPJZC2Dg9qus9dRZahnicBLcsK6GMHK1ENa2AZ+JvOqw5EJUCt/zbsZ394MZgukvdPk41zsfwynuEnnofc30VZ97Z249AzTOOjiuAPw4nODrs4LTjdCpReAMoUc/MJuGRBIJ0Gny7eoo7Klx/FBQ6NFqwnqrr7rW8dB7LFTvDOj/6huoJ8JmC4Y0GDDed2zjcNWKgTx3vcrL8cRZmvEP6/ZU0nj1Nw+G3qD9r6ftYOsvR133Quc3a7PaW+8dNWNGhDlLCeTuOs9soSS0lIOp+gidNJjQ2kyU/eYijzzxMRa0HQ6Y9qC8AnK38/ZLbfdBhx3WjuQxMG/aM9UA2C+TlbSGEEEIIj0nw/KWz4xjk0YpeN82068WNAamjOodNK4t6nr33q7IEkiKGuJxs9A2/pmTpWzSZW2HoUlLeXDbAJ7Jj3jaXrb/re7oxx7WeB1TTVklF+gxqo+5HHxlN6Nxcpj/4Q0p+nk79pZ4PGXC6DJJWzcexcyVbd1VgtdnxmllA1qr+zWbtsJVRsjAdY0ff+/bMgvEFA1sOxhE6JZrg//evJP0kmVPZczlUPbDv+Xop3AJ6Red/7pwWWo7vpOX4TqoLtzF18wEMyQkcqd05sDNr9/b34I61YSGEEEIIcTvknefb0WzEqghFG9IdaHiF6lE7TViaPes9bP/ERLufDu2ori1KAkbren6a4adDPUqP7w3vPdqxNltghJ6A6wGukoCQULCY3CaeUuI7Ohz19bTC0WjtWJuMgJ2WD01w7xSC+/NO5c1lMZ7G5hdOyNheAq8BqK8uDifg1UNEP3wCWs1F6ncVu4IOgBA96oFcosd5jk8/BvWkmC++xm9noHbstRUUL/81jaoYxk+4+f1Yf1Sj9KiGDvzyTF6h4Wg7KqnaUYbV5roG6hC39uc0YTGDOiS8e9vwsWjc8tJ+zoj1VtfdXY9tuIsd29kyTv4uhz1PLOHIx4Hovzfxxl2cAL54fe5Unt8HASFuaerHEoAJa1Mv7c9pwmqxg9+3PXvC6EF99ak/bdjZ7hoR4Xnqn+enJnBkIOovcO8PBO8hagID1QyRNauFEEIIcZeT4Pl2fFxG7V/9iVyWTdg4PerxqcSnxMGpUtcMwZ44uY9TzXq+92+ZBOv0BMRmExf9uUVlAVD9OI/lRQeYF33jD3Hb0VIaiSPuiVS0Oj3amdkkGPwxv1va+f5yJ30yCclxBIyaQlh6BmGKGk6/5xqabH17K/XEM29NJvpxetQhMejnZDI3a6nngWdtMVW1Q5n6dB5Tp4Wj1oajnZlJXHz4wNUXAHasZhOExDA+RIOXj7K79/BKE5dtgQRFdQYvQ2OIXZwwsMEzFup376U9MpOFy5IJ0ulRj49j4qKNJC2K8TyZyMdJWJxK8Fg9Kk04wXPiCMDEpx/dFMjpM0gpLCft0X6k7SFHsxGrTzihk1xtzmvsUgxz3CfYMlFfXgnRGcQbpqAeFcPU9GS07omcKebEyc7rHj0F9ahwgmKXErcml4lDuUFvbRhVPLFPZBIWGY5KoyMg+iFCNdDy8bkb92tr4rLNn6DpMaj8lK5r38nT+0BtyCQuNhx1SDxxi+ejMpZR2wigJCzrAAuXLSVsWgwBY2PQL8jDEKvEfKqqlwnZbuZBffWlH224/Wwd1qExTI6fglqjw1fV/wcs6llPU5D/n6RFDe7qy2EpmynIzyUxZFCzIYQQQgjRJxm2fTucdRzLXYHfU5kk5KW6ll6q2UrJS0U9v+PaYxqVHFm7gSFZGSx6Pc21VNW776ON7kdPrKWIPTka5j2WwZLXc8FmovHgSvbvcFt+CTu2qr20TMsl7VEdDnMlxzau4mRX0HqplP1P+xK3bCnzNmegUrRiaz7NufJttDv5/NDWHhmpzlmCM30101ftJsEPbM2VnHitqLOsA1BfnWwH8zkSmcvsV44z18dtqaqOMt7ZVERSRiFPPmCn/YoJ476dNI6b331wbAFZufHdvcbjDvBsCt1LPXlwfkd1DoXrW0lIzWRRkmuJJ2tDDbW7PJvUDIC/2/GNTCEpKRuVH7Q313Bq0wqOeZyEnthXyokb171l4aEGoGv5LQ+GO5/NZ/92PfNWvkMWdmwXajhxsIKg5O5dbGUrKQnKIyFjN8sVJox7S6mfkIavs6uNGqle13nds3aQoIJ2i5Gmmrc40+ZhUZytODRxxK1OQz1U6Vpmav8K9h+86alKRwVHXy9j4eICnkxS3rhUlYf3gbG8koBlO0jXKrF9sJc96/OvzwvQcqoGElNJmBPouiaXjDTuXsGhrjRUqSz6fS766/fDarL+tBqwUJ05g0On7B7UVx88acNdzm5l/45wktJ3s/ypG5ds+2rxZoifN3Rc5vLlwc6LEEIIIcStfWvMmDH/CAkJoaGhYbDzwt2Sj8ESsLSctMi9FGS8jHVAUuxc5/lC+lf0h7W4q/gls/DNbNo2TuOAJzNp3y0613n2euk+St69g/n+qtbXnaQYx9L8DUT973/wi1drkeWmhRBCCHE3k2Hbg0gdu5SJU8NRqfzxHZdK3Gwd5iNvD1DgLMQX5BfDxKREtKM0eKn06FNSCG6r4PQpCQR7JPXVf9qJhA2p5VCpBM5CCCGEuPvJsO1B5KWJIjp5OfOG+7uGmpatpGRX37M4C3Fn+DNyViaGR/NQ+dixGSuoyF1Do6dDsr9xpL76rXk3v0zdPdi5EEIIIYTwiAzbFkIIIYQQQggh+iDDtoUQQgghhBBCiD5I8CyEEEIIIYQQQvRBgmchhBBCCCGEEKIPEjwLIYQQQgghhBB9kOBZfAPpiX2lnrTF4YOdkS8utoCsAwWE+Qx2Ru6A2y3ruGzS/9jAs39q4Nk/HiBW96Xk7qtHOZa1v5jHslGDnREhhBBCiK8GCZ57Mz6X5Yd+w0QfJcFZx8lakyjreg06JcFPHeeZ51Px/ULpXMH8fhnGhtYBytcgstRw5nANVudgZ+SL8PC63rKst0jj7AYK/iWEdUvzMX+RevKJJ+n3x5k7TYmX4Tc888ZGghRfIL0eKZid9BBbYofBt0PZ+It4fqIe6HN0cl7hL2eb+PDql5S+djKv/iKWH3hBlCGJ//rxd/H+kk4lhBBCCHEnSDwovoEsGLet4GuxovbZbRzYNNiZuEO+SWW9Exwt7Hq7ZbBzIYQQQgjxlSHB8+3SxBP3RCaRUXpUTgvm47/l0Esv03TFbZ/YArJWK6lYX0fo4lSCRytxWCp5J/NnnDSDV0gq8VkZROj9aW8so+ovOuKiz1GcuoomD3vIfCMfJ+GxfyUsWANXjDS+vZn9hWXYnAAaJj9/hB9+tpd6vxjCRg/Fy3aa6vwVVBy3XE/DS5dMXMbjRE7S4eu0YK76LftfehmzDfCJZ+6beQwr28LlyGTGjw4EcwXvPLeCk+ft3RlRTWFy+mqmR4cT4Ac2UyUntq3kaNd5+qgvVfJuls8xceSohghDFGq/VpoOrqGkoIx2lOhXH2fR/f6dJ8sl60+5ANgO/owXX6hwpRGbTcLD8QSNDkSlsGM9W0FVwRqqz3b1MOuYnv8ehvGuT+biuWzdXtddBo/KqkQVm0nC4vnoR7vq3HhwA4e2V2C7npCe2FcOEFGbwzHVQ8TGhqP2sWPet4KtBRWAP9oH1pKQHIdWowTbRczHt7FnU5HnPcjT8njyuURUAG1llDyYTn1H15c6pueXM9leA/oofBuKqDobQ/QDehxVORSv3YkVDcEpa4m7P4oArQavDgstNTs59NJmtzasIXhxHglJUai5SOP+Utpnp6HaMYPifZYbrntXGa1nD1HxUg6nG+w357gHnl3XW5fVwzQ8yEvf19VDfmoCvw1XL1u5eq2/B/dBM4kti0ZQe/Qy90bquFd1D5c+quPFQ/Wc7awT7+FjWBY/hZmB3ly92MjBT4bykL6Fdb85Se1ngNcY/j0jhqh7AGwc2rmf15rdznHPCJ5Mm8mwupNc1oUR9R0/aG3ijT/8D4danIA30+PjeWrYh6zaWceHnwE+ASx7+H4iGt/lqT+3MNDFFkIIIYS4G8iw7d50tGI1X6QdcFy5iPWSHcf1L/VMX53H9OGVHFphYMsz+XwaspxFWamuH/juFFHM+KmO+k2z2ZQ4g8L8UiwdgCKGGWuyCW3bye9+PpfiN64w3jClf08zhiczb81ytB/mU/yogcKCSlTz81j4kPu7vEpUUVGwYwEvPjiNwlKYujqPyZrOr4cmMm9TNsEt2yh5zMCWrPU0jlzGoqcS3Ya/KgmODcW43sCmBxdQ8bcY4pcmu32vZ2puIfERFzmx6WG2LF1Aye+N+GkD+1VfXto4QjpepnBhGC+ufRfVA9nMGK8E7BjX38e6WWEUH7TgqM5h06wQ1s0KuSE48h2uxPqnzZRkzmXLsnQqmsMx/Goter+uPUwcywhh3SwDFWd7C+5uXVavyGxSVsVD+RoKlxjY+kIZXnPySErSfy4dteFxwixbKX7kPp5bkk5V7UXXVyFpzEuPwbYrnYJH5rJ19QZqm+39u/bHV/DirBDW5ZTR3ks5VG0V7Pn3rVjHpfG9ocUUP1NEe3QKYaMAfPH1u8KZ4pUULzNQ8PR6GgNTWZTVPexZFf88C5MDMRX8jIKMHM4FJzNRo3Q7h57JzxYye8xpKnIWdNZ5FPN+lUuwR+8le3Zdb11WD9Pog0fX1WnH1nKRqx3gaLuI1WJx+5vQTT3raQoKXuWx79/eIGXb/13lcrsTPuvgcquNq5/dtMM9AUQHXSH/v/bwUOFxGgInsWxS5510zzAemft9ou1/5fmiP7Du+DWiwwNuHC7t+Ihf5f2OpJePU9tTAQBQEPHPw6g5+Af+v1f/QMnfR7Lk/wUxBIBrHHv3OO8ow3h8+jC8URA1I5rZznryj7oFzo42Lra20/EZdLTZuPx/X+l3C4QQQgghpOe5V+c3U7yk89+vzWWr+3chiURMaOVU9gbqz9oBI2XF0YzPSiRMU0S1xW1fhZ367Ss52RmstVSVurZPfYDIUSZOrN1MYwPQsIEj0QksivA8i6qZD6FXVLDnpSKa2gDTBg5FJLBkViIBb9XR0vVbtXYnRzp7gFv2b+PMTwuY+AMdJ3ebUP84jbC2nRS+UNT5PqiR8u3RTPyPRPSqUk539maZy7dS32wH6jj936cxPDwBrQIanUBECtERV6jOXEF1rauc1uY6mvpbX22VVO2odAVINfswXpqPNiwQzpg8qo+WfTmUX/9kxLp9J5PvTyUkWInxjCc9oX2VVUNYcjK+h1ewZ2eZK3Bq3kz52/GkzfoRqj3GG3spPy5i//Yy1zZbJafNndu/o0GluEjt8UqsFsBipOWMx9nzkJ2W2j9j/iCQJksaAacO0fJBDJ/a5jNspBKaTdS/tsptfyMVv09kasYUgnyKMHboCDPEQNVKysoqcQDV+b8lYtovuw8Zn8L0SUaOLMm5XjZr/jbGv5nJxCgljVWe1/ng8vC6OisoX9YVkK+i4OiXkRcnx94+yDEAWnl++0c97GOj6sQ5mjqAjk843OzkKe0wvLFxbdRYZg5v5dCBOmouAZf+wo6xwfz7bUyS9uHpD3iv1QnYeOevLTwSo+Heez5y9V53XKDw7XO8sCCGZVwmIqydt3b+hbPuwXhLPWu2d/77aDnL+58FIYQQQoi7igTPt2OUHrXzHNXnuoMDxzkjVkUUmlFKsLgFDR3nMNV9Pojw/a4O3zYj5uvDJe2YG0w4PA6elahHaeBCJS3Xh7DaaWk4BwYdAQo6g2c7NnNTd1DXYaLFAiFBeuAiAffq8BqdRtof025M3lmHaihg6UzD0h3AOtrs4OOLlwJwgq9+Iqq2Ohp66831sL4cVy52DjcHaMfRAV6+ys+n1wuvsakYHkshbJwe1fXeZgstQzxOgluWlVBGjlaimlbAM/E3HdYciEqBW/7t2M5+0POQ37p9nGqcj+GV9wg99T7m+irOvLOXJsvABpuOjiuAPw4nODrs4LTjdCpReAMoUc/MJuGRBIJ0Gny7eoo7Klx/FBQ6NFqwnqrr7l29dB7LFTvDOj/6huoJ8JmC4Y0GDDed2zjcNWLgK0HRn+vaN+uBbBYcGNAc3uizdi5dn+TLybVrn8E/uQYRDVH7M+RaK+et3d83WWxc63fw7OSyre36pw6nE7zuwf1WuvbpX3ix+rtsjAniw4o/sEtenxZCCCHE15wEz186O45BHq3oddOMwF7cGJA6qnPYtLKoxyGofFWWQFLEEJeTjb7h15QsfYsmcysMXUrKm8sG+ER2zNvmsvV3fU835rjW84Bq2ip3fP27AAAaiElEQVSpSJ9BbdT96COjCZ2by/QHf0jJz9OpvzTA2e2NLoOkVfNx7FzJ1l0VWG12vGYWkLXK84cVAA5bGSUL0zF29L3v3c3z63o3+Nw7xYPyAo6KcSOHwGcwYuQw1CdtWPs+SAghhBDiK0veeb4dzUasilC0Id2BhleoHrXThKXZs9629k9MtPvp0F5fY1VJwGhdz08z/HSoR+nx9XPfaMfabIERegKuB7hKAkJCwWJym3hKie/ocK6vduMXjkZrx9pkBOy0fGiCe6cQfEPa/dNuPI3NL5yQsb0EXgNQX10cTsCrh4h++AS0movU7yp2Bc4AIXrUA7mUkPMcn34M6kkxX3CpLMBpoeX4To69toLi5b+mURXD+Ak31Z/CH9UoPaqh/QtoPeEVGo62o5KqHWVYba5roA5xa39OExYzqEPCu7cNH4vGLS/t54xYb3Xd3fXYhrv1el37oc80HABKvP/ppu0DeV3BNWHYyEDUX+Ceul1Xra1c9fZn7PUbXkHQd1RfyhJRQVOieSTwU/J31mAaM5WM8NurPe8hagID1QwZ8GW/hBBCCCEGlgTPt+PjMmr/6k/ksmzCxulRj08lPiUOTpVSb+n7cABO7uNUs57v/VsmwTo9AbHZxEVretxV9eM8lhcdYF70jUGK7WgpjcQR90QqWp0e7cxsEgz+mN8tvXE9W30yCclxBIyaQlh6BmGKGk6/5xqabH17K/XEM29NJvpxetQhMejnZDI3a6nngWdtMVW1Q5n6dB5Tp4Wj1oajnZlJXHz4wNUXAHasZhOExDA+RIOXjxK68nilicu2QIKiOoO9oTHELk4Y2OAZC/W799IemcnCZckE6fSox8cxcdFGkhbFeJ5M5OMkLE4leKwelSac4DlxBGDi049uepCgzyClsJy0R/uRtocczUasPuGETnK1Oa+xSzHMcZ9ozkR9eSVEZxBvmIJ6VAxT05PRuidyppgTJzuve/QU1KPCCYpdStyaXCYOvfF8vbVhl1tcV495kMaFOj616QiLTyRAq0M1tGuG7gG6rp3Us56mIP8/SYsahFWNm89z+JI/s2eGEaH2JWjsJBbqB+SRwA28tZN4MsaXmndO8N6n53n5sIWwH8aQeBtrUoelbKYgP5fEkAHPphBCCCHEgJJh27fDWcex3BX4PZVJQl6qa+mlmq2UvFTk+bI2zkqOrN3AkKwMFr2e5lqq6t330Ub3oyfWUsSeHA3zHstgyeu5YDPReHAl+3e4Lb+EHVvVXlqm5ZL2qA6HuZJjG1dxsitovVTK/qd9iVu2lHmbM1ApWrE1n+Zc+TbanXgYxBipzlmCM30101ftJsEPbM2VnHitqLOsA1BfnWwH8zkSmcvsV44z18dtOaKOMt7ZVERSRiFPPmCn/YoJ476dNI6b331wbAFZufHdvYvjDvBsCt3LH3lwfkd1DoXrW0lIzWRRkmuJJ2tDDbW7PJvUDIC/2/GNTCEpKRuVH7Q313Bq0wqOeZyEnthXyokb171l4aEGoGv5rdZejnNzNp/92/XMW/kOWdixXajhxMEKgpK7d7GVraQkKI+EjN0sV5gw7i2lfkIavs6uNmqkel3ndc/aQYIK2i1Gmmre4kxbj2ftVa/Xtc+y1nmQRqeOMv780k4WZjxP+gNKaNhKwc830OIcoOt6N/jsMm8c+B+GxU/h2cWT6PhbI3vPtHDvvdA1sn7cD+excUr3PPcRyYtIAPjoOEt2n+976LVPAEviwxhy5jCvnXcNIL/wQTWv3ZtAxo/DqX2rjg97ncX7Zt4M8fOGjstcvtyvkgohhBBC3HHfGjNmzD9CQkJoaGgY7Lxwt+RjsAQsLSctci8FGS8P0LuDnes8X0jv17I9QvTIL5mFb2bTtnEaB74yM2mLe2PmsHHMeZb/rp4Lg52ZmynGsTR/A1H/+x/84tVaWR9aCCGEEHc1GbY9iNSxS5k4NRyVyh/fcanEzdZhPvK2TLoj7g5+MUxMSkQ7SoOXSo8+JYXgtgpOn5LA+W42YuxYZuv8UfsoUGvGsnCCLx+ebbr7AmcA7UTChtRyqFQCZyGEEELc/WTY9iDy0kQRnbycecP9XUOuy1ZSsuurMduv+CbwZ+SsTAyP5qHysWMzVlCRu4bGfg7JFneW9z+NIPH+SJYN8QF7K/W1Vbx4qr8vSNwhzbv5Zeruwc6FEEIIIYRHZNi2EEIIIYQQQgjRBxm2LYQQQgghhBBC9EGCZyGEEEIIIYQQog8SPAshhBBCCCGEEH2Q4FkIIYQQQgghhOiDBM/iG0hP7Cv1pC0OH+yMfHGxBWQdKCDMZ7Az8jWhSmXRoeMkRCoHOydCCCGEEOIuI0tV9WZ8Lstf0FGRmI7tiSMs9FvPi2tLcQx2vr7RlAQ/dYRFI/J5cWUR7bedzhXM75fh3dA6gHkbJJYazhwGq3OwM/I10WGi4fC72P72Ja1lfUf+riiYnbSAREs5y/83gI1LxlJdVMaurgXkfQJIvD+cH3w3AJ3ah44PDrOk7JN+rbM8Ijich78XzKTAIagVTi5YPuWdoyfYZepMZfhYnpwV5vreG67aLlNz6iSvVbdw1dOTeJRGH2UVQgghhBhAEjyLbyALxm0r+FqsqH12Gwc2DXYmvkY6Kji2sWKwc/Hl+pYClbOVqppP+PC+qUTfRhIhId9liOU8b5y8zAW7D5OmRPJI4g+59l/llFqBexxcNP2VwhOtXLY7GaYL4+HYmay0H2RNrYePvQYiDSGEEEKIASTB8+3SxBP3RCaRUXpUTgvm47/l0Esv03TFbZ/YArJWK6lYX0fo4lSCRytxWCp5J/NnnDSDV0gq8VkZROj9aW8so+ovOuKiz1GcuoomD3sSfSMfJ+GxfyUsWANXjDS+vZn9hWXYnAAaJj9/hB9+tpd6vxjCRg/Fy3aa6vwVVBy3XE/DS5dMXMbjRE7S4eu0YK76LftfehmzDfCJZ+6beQwr28LlyGTGjw4EcwXvPLeCk+fdeudUU5icvprp0eEE+IHNVMmJbSs52nWePupLlbyb5XNMHDmqIcIQhdqvlaaDaygpKKMdJfrVx1l0v3/nyXLJ+lMuALaDP+PFF1zBjio2m4SH4wkaHYhKYcd6toKqgjVUn+3qYdYxPf89DONdn8zFc9m6va67DB6VVYkqNpOExfPRj3bVufHgBg5tr8B2PSE9sa8cIKI2h2Oqh4iNDUftY8e8bwVbCyoAf7QPrCUhOQ6tRgm2i5iPb2PPpiLPe5Cn5fHkc4moANrKKHkwnfqOri91TM8vZ7K9BvRR+DYUUXU2hugH9DiqciheuxMrGoJT1hJ3fxQBWg1eHRZaanZy6KXNbm1YQ/DiPBKSolBzkcb9pbTPTkO1YwbF+yw3XPeuMlrPHqLipRxON3jSc+tPWO4R5rGBF3N2dve+Tt3Ik+tCObJkAdVmVz6CFq0lITGOgOHgMNdw6vUcyg+7Pf5QpbKoJIO/52/Gfv/jRE7Q4dVhovaFuRw43Opqf09lEhmhR6VoxdZ8mhOvpnO0urNt+CSz6MBG9AoAC9WZMzh06qYyfKE23D/e/mqG+cLli9Z+9Qh7xH6BN8ovAL4khk29rSSOVZRzzO1z7SVfItKmEjXGm1LrNWj5iDda3Hb49BSBY+cxf9RwvGs97OUeiDSEEEIIIQaQvPPcm45WrOaLtAOOKxexXrK7Da3UM311HtOHV3JohYEtz+TzachyFmWluoIZd4ooZvxUR/2m2WxKnEFhfimWDkARw4w12YS27eR3P59L8RtXGG+Y0r+nGcOTmbdmOdoP8yl+1EBhQSWq+XksfMj9XV4lqqgo2LGAFx+cRmEpTF2dx2RN59dDE5m3KZvglm2UPGZgS9Z6GkcuY9FTifi6pREcG4pxvYFNDy6g4m8xxC9Ndvtez9TcQuIjLnJi08NsWbqAkt8b8dMG9qu+vLRxhHS8TOHCMF5c+y6qB7KZMV4J2DGuv491s8IoPmjBUZ3DplkhrJsVcj1wBvAdrsT6p82UZM5ly7J0KprDMfxqLXq/rj1MHMsIYd0sAxVnewvubl1Wr8hsUlbFQ/kaCpcY2PpCGV5z8khK0n8uHbXhccIsWyl+5D6eW5JOVe1F11chacxLj8G2K52CR+aydfUGapvt/bv2x1fw4qwQ1uX0FpgpUbVVsOfft2Idl8b3hhZT/EwR7dEphI0C8MXX7wpnildSvMxAwdPraQxMZVFW6vWyquKfZ2FyIKaCn1GQkcO54GQmatzfBdYz+dlCZo85TUXOgs46j2Ler3IJ9ugd7FaMhysh8kforzcEJcE/uB/fs4eoN7s+B6QUsijRnzMFP6NgyQJKSlsJyyogdtzN7yX7M/7hh2BfOlsS72PL05sxXnRt1y97nulDK9n/hIEXly5hz873acft+I6d/O5fQliXmIOxgx580TbcdZ5b/V3p4s30x16lIH8Fs9We1OPn2f7vKpfbnfBZB5dbbVz97PbS8Zi3Am86uGzr6UQKRgTfS/R3nDRdaL3NoLf3NO54WYUQQgjxjSU9z705v5niJZ3/fm0uW92/C0kkYkIrp7I3UH/WDhgpK45mfFYiYZoiqi1u+yrs1G9fycnOYK2lqtS1feoDRI4ycWLtZhobgIYNHIlOYFGE51lUzXwIvaKCPS8V0dQGmDZwKCKBJbMSCXirjpauXszanRzp7AFu2b+NMz8tYOIPdJzcbUL94zTC2nZS+EIRZieAkfLt0Uz8j0T0qlJOdwYS5vKt1DfbgTpO//dpDA9PQKuARicQkUJ0xBWqM1dQXesqp7W5jqb+1ldbJVU7Kl3BYM0+jJfmow0LhDMmj+qjZV8O5dc/GbFu38nk+1MJCVZiPOP5O6y9l1VDWHIyvodXsGdnmSvoad5M+dvxpM36Eao9RrfeZ+DjIvZvL3Nts1Vy2ty5/TsaVIqL1B6vxGoBLEZaznicPQ/Zaan9M+YPAmmypBFw6hAtH8TwqW0+w0YqodlE/Wur3PY3UvH7RKZmTCHIpwhjh44wQwxUraSsrBIHUJ3/WyKm/bL7kPEpTJ9k5MiSnOtls+ZvY/ybmUyMUtJY1XedO6rKMGasJWKaP/XvtoJPDOOj/Gn6/duuevOJY/oDOhpfX8LRw66GYt29gaoZ5XxvZjhHz77fnZhCia1iPeWHO0cTnC2lHgAdao2S9o+raDxvxAHYmt+nsT/VOVBt+FZ/VwaMk2NvH+zsGW7l+e0ffSln6ebN9Omh6P52jtca3IdOqPjJw/N4RAt81sHZ4++y7qStt0R60Vcad7qsQgghhPgmk+D5dozSo3aeo/pcd3DgOGfEqohCM0oJFregoeMcprrPBxG+39Xh22bE3Ny1xY65wYTD4+BZiXqUBi5U0nK9p8xOS8M5MOgIUNAZPNuxmZu6g7oOEy0WCAnSAxcJuFeH1+g00v6YdmPyzjpUQwFLZxqW7gDW0WYHH1+8FIATfPUTUbXV0dBbb66H9eW4crFzuDlAO44O8PL1fNZjr7GpGB5LIWycHtX13mYLLUM8ToJblpVQRo5WoppWwDPxNx3WHIhKgVv+7djOfkCPoULdPk41zsfwynuEnnofc30VZ97ZS5NlYCepcnRcAfxxOMHRYQenHadTicIbQIl6ZjYJjyQQpNPg29VT3FHh+qOg0KHRgvVUXXfP6KXzWK7YGdb50TdUT4DPFAxvNGC46dzG4a4RA31qq+BMDcybmYDXuztxTPgR+uF1VL3XeQ1GhDNyqD/arOM8m3Xjoe3mwBs3OFsx19fxeSaM5ZXMyMhj+egaGs/WYaop5dTROs8n6rpDbdjlGkc2/pQj/TxqcCgYN+2HZOguU1jyF87e0Otr450/HOR9Xx+CRofx8Pe+z+ILf+Tl8/3pex6INIQQQgghBoYEz186O45BngnZFfi5febGH/OO6hw2rSzqOZD4qiyBpIghLicbfcOvKVn6Fk3mVhi6lJQ3lw3wieyYt81l6+/6nm7Mca2XN13bKqlIn0Ft1P3oI6MJnZvL9Ad/SMnP06m/NMDZ7Y0ug6RV83HsXMnWXRVYbXa8ZhaQtap/gZ7DVkbJwvRehjp7onPodtaP0Kv2YpsZg+qDIurdR284TRzLNFBe21cwbqe9lyq3HvwZW2pi0EdHo4uMJ25NKpN3PMzW7e/3fIDwgIJ7p8xk1WQnJb+v4lAPM1xbra1YgQ/NVVwd+gD//v2xlJ6v7x6V4oGBSEMIIYQQYiDIO8+3o9mIVRGKNqQ70PAK1aN2mrA0e9Z72P6JiXY/HdpRXVuUBIzW9fw0w0+HepQeXz/3jXaszRYYoSfgeoCrJCAkFCwmt4mnlPiODuf6q5N+4Wi0dqxNRsBOy4cmuHcKwTek3T/txtPY/MIJGdtL4DUA9dXF4QS8eojoh09Aq7lI/a5iV+AMEKJHrfj8rrfNeY5PPwb1pBi3971vNy0LLcd3cuy1FRQv/zWNqhjGT7ip/hT+qEbpUQ0d+DWHvULD0XZUUrWjDKvNdQ3UIW7tz2nCYgZ1SHj3tuFj0bjlpf2cEeutrru7Htuwi6OmDKMziojYOCKmBdJ09O3uHvsLdXzaFkjQRN3tFdT9POZK6vdspjxnLiUHWwmYFo3HrxQPYBv2hLc6kMCRarwHPOX+UDDk2ypGDOkpFwrunRzLs9+Hg6WHKbV4+ITQxwefm/6v4+2nYoS/r+dl7SENIYQQQog7QX6C3I6Py6j9qz+Ry7IJG6dHPT6V+JQ4OFV6Y4/ZrZzcx6lmPd/7t0yCdXoCYrOJi9b0uKvqx3ksLzrAvOgbgxTb0VIaiSPuiVS0Oj3amdkkGPwxv1va+f5yJ30yCclxBIyaQlh6BmGKGk53Dou1vr2VeuKZtyYT/Tg96pAY9HMymZu11PPAs7aYqtqhTH06j6nTwlFrw9HOzCQuPnzg6gsAO1azCUJiGB+iwctHCV15vNLEZVsgQVGdwd7QGGIXJwxs8IyF+t17aY/MZOGyZIJ0etTj45i4aCNJi2I8TybycRIWpxI8Vo9KE07wnDgCMPHpRzcFYfoMUgrLSXu0H2l7yNFsxOoTTugkV5vzGrsUwxz3ieZM1JdXQnQG8YYpqEfFMDU9Ga17ImeKOXGy87pHT0E9Kpyg2KXErcll4tAbz9dbGwagrYLa46B/OJuwoTWcPuz2jntHBdX7jGh/mkfCnDgCRunRTk1k6hO/Ia6ntHqkJ2xpLlNnxqDW6FCPm8/ECH/aPz7f87D6ngxYG/aEN9P/7T8peOn2Jwy7NQUjAoYxTjucET7goxzCvdph3Ku+KXy9J4DFD8/j1QX/zL03pRB0XyzPzvDnL0f/Qi3+jNMOY5x2GEFDXDfcuCnTeHz6WH4QHMC4kSP4wbRo0sb7cuH8J5huGNqtINrwY179WQyzb3q9wvM0hBBCCCHuDBm2fTucdRzLXYHfU5kk5KW6lq2p2UrJS0We/xh3VnJk7QaGZGWw6PU011JV776PNrofvViWIvbkaJj3WAZLXs8Fm4nGgyvZv8P9vU87tqq9tEzLJe1RHQ5zJcc2ruJk1w/+S6Xsf9qXuGVLmbc54/oyPufKt9HupDs4vSUj1TlLcKavZvqq3ST4ga25khOvFXWWdQDqq5PtYD5HInOZ/cpx5vq4LVXVUcY7m4pIyijkyQfstF8xYdy3k8Zx87sPji0gKze+u9d43AGeTaF7qScPzu+ozqFwfSsJqZksSnIt8WRtqKF2l2eTmgHwdzu+kSkkJWWj8oP25hpObVrBMY+T0BP7Sjlx47q3LDzUAHQtv9Xay3Fuzuazf7ueeSvfIQs7tgs1nDhYQVBy9y62spWUBOWRkLGb5QoTxr2l1E9Iw9fZ1UaNVK/rvO5ZO0hQQbvFSFPNW5xp87QsAK00Hq6g3ZCIb/U2ztwwdN2OefsSiu1rMTycR9oT/nDFhPlsBSeaPL1XruC4R8/kZfMxaPzx6rBgPr6FkoLOSd9QEpRRzpIkt97tzfVMBTi1nk2Z22gfwDY86O4J4CcL7u8OVjVT2TgWMFWzpOQcPYy+vok3Efd+F7UX/MBg4Adu3zQdO8jyylastmsMmzqBZVP9GOIFV6+2Uv/+YbZWtng82/ZApCGEEEIIMZC+NWbMmH+EhITQ0NAw2HnhbsnHYAlYWk5a5F4KMl724AesJzrXeb6QfsOSTkLcFr9kFr6ZTdvGaRzwYCZtIYQQQgghvk5k2PYgUscuZeLUcFQqf3zHpRI3W4f5yNsDFDgL8QX5xTAxKRHtKA1eKj36lBSC2yo4fUoCZyGEEEII8c0jw7YHkZcmiujk5cwb7u8acl22kpJdfc/iLMSd4c/IWZkYHs1D5WPHZqygIncNjf0aki2EEEIIIcTXgwzbFkIIIYQQQggh+iDDtoUQQgghhBBCiD7cVcGz9DoLIYQQQgghhLgb3VXBsxBCCCGEEEIIcTeS4FkIIYQQQgghhOjDXRY8D+MnsaWUz9tF8f9byjTlYOdHCCGEEEIIIYS464Lny+w6msicd7Zi9J/HIzrtYGdICCGEEEIIIYS424Jnl46249T9HYb7DhvsrAghhBBCCCGEEHdn8AzQ8Q/gW4OdCyGEEEIIIYQQ4q4Nnju49g/w+ZbPYGdECCGEEEIIIYS4W4Pnq3zUeglVYByxfhJACyGEEEIIIYQYXHdp8AwfnNvGn4gjJ76U8u//CAmhhRBCCCGEEEIMFq/BzkBvJoQuZRYV5Ja9wtG2jsHOjhBCCCGEEEKIb7C7tOd5CGP8h2O7WNF74Ow9BHVgIGq/O5szIYQQQgghhBDfPHdp8OyD97eg4x+99zh7f/8xXi0o4OlZ6juYLyGEEEIIIYQQ30R3afAMPt8C/nGL74cMAa5y+dLVO5UlIYQQQgghhBDfUHdl8OzjF0n4t+FS++Ve9vAmYsK9eH9cxq7/uXZH8yaEEEIIIYQQ4pvnLpswbBg/id3Oz4dfw/y3/WwxmXveTRHGxH++xrE3Smlw3tkcCiGEEEIIIYT45vnWmDFj/hHy/7drx0QAwDAMxEol/EGFSiB4rAcJgde/88zb3d9bAAAAoFLlbRsAAACaiGcAAAAIxDMAAAAE4hkAAAAC8QwAAADBAU1HfgJVv5jdAAAAAElFTkSuQmCC;" parent="1" vertex="1">
+          <mxGeometry x="1090" y="690" width="556.59" height="145" as="geometry" />
+        </mxCell>
+        <mxCell id="cElEyGHiMbuvhHZvHJcS-6" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="cHL1YEVYz9JcjSMk78A3-54" target="cElEyGHiMbuvhHZvHJcS-5" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cElEyGHiMbuvhHZvHJcS-16" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="cHL1YEVYz9JcjSMk78A3-54" target="cElEyGHiMbuvhHZvHJcS-15" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-54" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="1456.71" y="117.5" width="140" height="160" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-55" value="kata" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="1501.71" y="117.5" width="50" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-62" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-56" target="cHL1YEVYz9JcjSMk78A3-64" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="1020" y="370" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-63" value="container pid 1" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="cHL1YEVYz9JcjSMk78A3-62" vertex="1" connectable="0">
+          <mxGeometry x="0.0502" relative="1" as="geometry">
+            <mxPoint x="40" y="-4" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-56" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="980" y="320" width="140" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-57" value="runc" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="1025" y="320" width="50" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-58" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="980" y="251" width="140" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-59" value="shim" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="1025" y="251" width="50" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-60" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-58" target="cHL1YEVYz9JcjSMk78A3-57" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-61" value="invokes" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="1046" y="282" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-64" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="980" y="390" width="140" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-69" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-66" target="cHL1YEVYz9JcjSMk78A3-67" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-66" value="&lt;div&gt;runc exit&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1015" y="395" width="70" height="25" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-70" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-67" target="cHL1YEVYz9JcjSMk78A3-68" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-67" value="&lt;div&gt;shim adopts pid&lt;br&gt;&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="990" y="430" width="120" height="25" as="geometry" />
+        </mxCell>
+        <mxCell id="cHL1YEVYz9JcjSMk78A3-68" value="shim becomes parent" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="990" y="470" width="120" height="25" as="geometry" />
+        </mxCell>
+        <mxCell id="cElEyGHiMbuvhHZvHJcS-1" value="&lt;div&gt;kube proxy&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1320" y="295" width="70" height="25" as="geometry" />
+        </mxCell>
+        <mxCell id="cElEyGHiMbuvhHZvHJcS-2" value="&lt;div&gt;service controller&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1320" y="332.5" width="70" height="25" as="geometry" />
+        </mxCell>
+        <mxCell id="cElEyGHiMbuvhHZvHJcS-3" value="&lt;div&gt;endpoint controoller&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1320" y="365" width="70" height="25" as="geometry" />
+        </mxCell>
+        <mxCell id="cElEyGHiMbuvhHZvHJcS-5" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="1456.71" y="357.5" width="140" height="160" as="geometry" />
+        </mxCell>
+        <mxCell id="cElEyGHiMbuvhHZvHJcS-7" value="networking" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="1486.71" y="360" width="80" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="cElEyGHiMbuvhHZvHJcS-13" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="cElEyGHiMbuvhHZvHJcS-8" target="cHL1YEVYz9JcjSMk78A3-53" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="cElEyGHiMbuvhHZvHJcS-8" value="&lt;div&gt;use annotations for sandbox/existing container&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1370" y="420" width="116.71" height="80" as="geometry" />
+        </mxCell>
+        <UserObject label="https://github.com/kata-containers/kata-containers/tree/CCv0/docs/design/architecture#oci-annotations" link="https://github.com/kata-containers/kata-containers/tree/CCv0/docs/design/architecture#oci-annotations" id="cElEyGHiMbuvhHZvHJcS-9">
+          <mxCell style="text;whiteSpace=wrap;" parent="1" vertex="1">
+            <mxGeometry x="1240" y="495" width="280" height="50" as="geometry" />
+          </mxCell>
+        </UserObject>
+        <mxCell id="cElEyGHiMbuvhHZvHJcS-15" value="Storage" style="whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;rounded=1;" parent="1" vertex="1">
+          <mxGeometry x="1686.71" y="167.5" width="120" height="60" as="geometry" />
+        </mxCell>
+        <UserObject label="https://github.com/kata-containers/kata-containers/tree/CCv0/docs/design/architecture#dax" link="https://github.com/kata-containers/kata-containers/tree/CCv0/docs/design/architecture#dax" id="cElEyGHiMbuvhHZvHJcS-18">
+          <mxCell style="text;whiteSpace=wrap;" parent="1" vertex="1">
+            <mxGeometry x="1750" y="130" width="170" height="50" as="geometry" />
+          </mxCell>
+        </UserObject>
+        <mxCell id="p1hmz-L1YnytVFuOYSSX-3" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=0.5;exitY=1;exitDx=0;exitDy=0;" parent="1" source="cHL1YEVYz9JcjSMk78A3-68" target="p1hmz-L1YnytVFuOYSSX-2" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="1050" y="600" as="sourcePoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="p1hmz-L1YnytVFuOYSSX-6" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="p1hmz-L1YnytVFuOYSSX-2" target="p1hmz-L1YnytVFuOYSSX-5" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="p1hmz-L1YnytVFuOYSSX-2" value="monitor all exec calls from shims children&amp;nbsp;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="990" y="523" width="120" height="35" as="geometry" />
+        </mxCell>
+        <mxCell id="p1hmz-L1YnytVFuOYSSX-5" value="disallow unplanned executions" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="990" y="577" width="120" height="35" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-15" value="Config" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="90" y="790" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-16" value="`C_0`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="90" y="810" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-17" value="&lt;div&gt;`C_1`&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="90" y="830" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-18" value="&lt;div&gt;`C_2`&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="90" y="850" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-19" value="`C_3`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="90" y="870" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-20" value="..." style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="90" y="890" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-21" value="`C_n`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="90" y="910" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-253" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.967;entryY=0.34;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="Y_2FnxaHt-eN1trxS_el-23" target="Y_2FnxaHt-eN1trxS_el-30" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-23" value="Config" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="210" y="790" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-24" value="`C_0`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="210" y="810" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-25" value="&lt;div&gt;`C_1`&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="210" y="830" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-26" value="&lt;div&gt;`C_2`&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="210" y="850" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-27" value="`C_3`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="210" y="870" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-28" value="..." style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="210" y="890" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-29" value="`C_n`" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="210" y="910" width="50" height="20" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-35" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="Y_2FnxaHt-eN1trxS_el-30" target="Y_2FnxaHt-eN1trxS_el-34" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-30" value="cmp" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="161" y="790" width="30" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-31" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="Y_2FnxaHt-eN1trxS_el-15" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="160" y="800" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="160" y="800" />
+              <mxPoint x="160" y="800" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-36" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=-0.007;entryY=0.627;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="Y_2FnxaHt-eN1trxS_el-34" target="Y_2FnxaHt-eN1trxS_el-39" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="290" y="975" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-34" value="diff allowed?" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="136" y="960" width="80" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-39" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="295" y="900" width="100" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-40" value="same or more" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="295" y="900" width="100" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-41" value="AppArmor Rules" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="313.75" y="928" width="66.25" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-53" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="Y_2FnxaHt-eN1trxS_el-42" target="Y_2FnxaHt-eN1trxS_el-47" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <Array as="points" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-42" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="420" y="900" width="100" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-43" value="disregard" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="435" y="900" width="70" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-45" value="SeLinux Policies" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="313.75" y="974" width="66.25" height="36" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-47" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="540" y="900" width="100" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-48" value="complex" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="555" y="901" width="70" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-49" value="devices" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="562.5" y="930" width="55" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-51" value="Config verification" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="118.5" y="735" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-52" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="Y_2FnxaHt-eN1trxS_el-39" target="Y_2FnxaHt-eN1trxS_el-42" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-54" value="addTrusted --img docker.io/ubuntu:latest --mount /mnt:/mnt --env key=value" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="460" y="1080" width="410" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-55" value="Verifier" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="485" y="1135" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-69" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="Y_2FnxaHt-eN1trxS_el-56" target="Y_2FnxaHt-eN1trxS_el-68" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-56" value="compare config keys to match relevant parts and allow stricter configs" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="460" y="1210" width="410" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-59" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="30" y="1120" width="335" height="450" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-60" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=data:image/png,iVBORw0KGgoAAAANSUhEUgAAANcAAAECCAYAAABt+UKdAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AAAAtdEVYdENyZWF0aW9uIFRpbWUAV2VkIDA3IEZlYiAyMDI0IDEyOjEzOjA0IFBNIENFVOdMfA0AACAASURBVHic7Z13dFRFH4afLdk0QnpIISQh1NClQ2gJIL0riIAURaUIYgURERERP1BQFEHpvSO9i5EqCkovoYQQIMmShPRt8/2RZMmGNMoKyDznhMPdmd/M3Nl9d+bO3TuvQgghkDx17Ny5k3bt2qHX6x93UyQFoHzcDZBI/qtIcUkkVkKK6ylAp9MVO6/BYMBoNFqxNZLiIsX1FHDr1i06d+7MoUOHCsxjMBhYtGgR/fv3R6mUb+uTgHwXngL8/f2xs7OjYcOGhIWFWYjMYDCwePFi7O3t6devH7169UKhUDzG1kpyUMjVwqeDa9euUaZMGfNxzZo1+eeff/D39yc6Ohqj0Yivry/R0dFSXE8IcuR6SvD392fw4MFoNBoATpw4gRCCq1evYjQaUSgUzJ49WwrrCUKOXE8R165dIygo6J4FC4VCQdWqVfn777+luJ4g5Mj1FOHv78+gQYPMo1duvvjiCymsJww5cj1l5B295Kj15CJHrqeM/EYvOWo9mciR6ykk9+hVrVo1OWo9ociR6ynE39+fl156CZCj1pPMA49ct1NjSc5IfNTtkRSTmOs3GP7aKFZvXirF9Zgo41YOhaLg8emBxbX91EqOXN79wA2TPDxpdzJwKGn3uJvxzDKm3feolKoC09UPU7i3cyCNynd8mCIkkqcObUoM+86uKTLfQ4lLoVDIKYnkGaR4n3m5oCGRWAkpLonESkhxSSRWQopLIrESUlwSiZWQ4pJIrIQUl0RiJaS4nmFMRgMGo+lxN+M/ixRXfhivsXPqJD6f9AvnDf9CfabbHJw1mYljf2TPtfy2RdNzZtk0Ph/zDRvPPKoGpbNpYD3qDtqcfZzM0a8G0iKoOjWbTXtEdTzbSHHlg+7v1Xz79XKWfz+Dpb+lWb9CkcKpjctZ/vMsZq26xD3yST3I0ikLWLZgLQejHtWehLY0+2w5KyY0yzrMOMyquX/h8eYKDuwZ+fDFG87yU58RLL747O6hKMV1D2kcWbaFa5W70qNWIrtW7KPg3/4bSI2PJymj4KmVIfU28YmZFD35UuFfyZ8rv2wm7+CU/OsWIlSBBDnm87MbXTLa2NukFrZvqEnHnfhEUi3KVeJcpgIVypTMOjSmkpqmoXT5QBxUuT8WBtJua0lMLWDENOm4ExfP7TzppoR/OHIwhiTds/u4oBRXXhL2sW7LbUI69WNg5+pk7NnAjpu5pJG6kREVWvDBD8t4v3k44Y3a0rRCC3p/tIMYI0AaGwc2pPnQ+Sx9sythtdrTpmoDWrSfxI58p3w5KHBs2IRq17ez8UhupSSyb91+NE0bEMjdD6rp9lHmDOhC4wotaN+kDY0rhtHnwy1czQ5N/+V9QmuNZeW6z+lTL4zW9ZrTKKQrY1ZeyR4Z09k4qD71X92M8cLP9Kn2Cfsy09g1vCG1m08DdFz95UsG1gsltG4HWlVpRMsuE9l4ITO7AVoOTRtGh8oNCWvckdaVGtC83TjWndNhvDKfAfU/50DqWX5sXY+W70Y8gjfm6UOKywITNzauJyK9Fu27BuHXqSMNFH+wcW0UZlkolGDQsnveEZ77YSuHzh9g68wmJCyYyLRNSYACBQa0W5fzR/0pbD1/kAMHv6SJdiWffb6zkFEQcGlKm4ZJ7F59iJzJqCl2D1sjShLWOQSleXDQc2z6J8w8Vpb39h3g0LlD/LqiE7oVE5m2MasGpRKM8XtZtqc8H+/5jUPndzDl+RQ2f7WYo9n6EAY9OoMJVfkBzD/2CU1tHQifEcHhXSMwnPiZ90ZuRTNwDnsuHOTwPwsZ5LKHT4fN5YwBDP8sYfL0KBrN2cHh8wc5cnIpb/ocYvq0nSSV6cesxS/hr6nI4K372fZl40f8Pj0dSHHlxniFTSuOomrWied9lSi9wunUsgQnVm/krMWsR4FXu350q+wA2ODbtg/tKtzhj1+PkZmTwzucfr3L4who/MN4uWswyfv3czyjkPoVzoR1a4Ru5yYikgBM3Ny0haM+relQK/cDDDbUGrOSPXsn0ilAAyhxqRlG/dLpXDkXffeaTXgT/kY3KpZUgtqLJmFV0dyKJvqey0glarUSBaBUqlGrTZxYs5nzZbow9NVquChBWbISL4zohN/Z7Ww/acCUnkamyUhmugEBKJ0r0PPnHfz6Y3vclEpUqqwnJhQqG9SqZ/Nj9lCPnPzX0P29gY1/OxL6bSPs09NIQ029zs1w/2ULGw4Ppkpj2+ycSvzLlcW8RYzaBx9vBUk340nPyREYRNDdDPiW9oSkWOLSgQKfb1Tg3KoDzT/9iM07tLTqlsr2X04S1OVDKqvPWeQ0xf7Jysnz2XH0CnF3MjCaTGSkCPyMprvXdyoPSvnefYtVNjaoFakYDUVdAeq5duUGhps7mdzjGObHAQ1a4vRxRF3Ro+nQmyE9DjFxYBt2l61OncYNada5M+0a+mBbWNHPEFJcZrIWMi6LZK6PasOeXClGoWPHiv0MbxyGU/Zrqvy+jRW5nvRRqbj3GVUFRT7+5tiQju1K8taaXdysmsj2U5VoOz0IFbnEZbzEouHv8HNyO0ZPH0vDYBdsxQXmdH+D3++3vgJQAKrApvQb3giHPCkeVTSgLkPHr9fQdMgf7NvxOwf3bWbKC/NZNnQm80bXxubBqv1PIcWVQ8I+1m2Jp9KolSx7p3yujjFy9YeBdPtmA3vimtPZEUBw42o0Bipn5TPc4MZNgWvNUthnR4noaKINUDkrAzHRceBWlVL2eSvOiy3PdW9NqV57WLEskat1utPGXwW5p5MZJ/jzuIGaE0bQrYEbAKab17hy81GtzNlQOtAHxXklXk2aUCtnBDbp0Zls0KgBjKSnGXEu34BO5RvQaegIzv+vDy8u2sBfo2pT/xG15Gnm2ZwM38PdhYyOPcrm+cZR4d+1A3WMB9iw4Ub2lMvEtY2L2Xo5EzAQu3sZWy+4UD+8hnmqaLq6ncXro8gEDDcjWLYhEufQUGoUY86krt6BNmX/YeniaOp2a4ln3ndJ7Yars+DqkUNcS9OReG43Mz/cRpwrJF6PIe2hf3RhQ5UubQi+sZGZs0+QZAKMWv6c+iotm3xGRIqRa3Neo0XYeLZcyZ4IG+8QG5+G0t0TDxWgtkFlSiEpQd7nerYxXmHTij9Qhnagrf+9kzmldys6tdDw16qNRBoBbKjToRy7X2lD02pNeP7VPTj1/Yi32pQ0x9g0bE25rcN4vmozQuu/zZ6SLzD2wzBK3lN6PqjL0qFrRYRDKB1au937Jtk24JV3WqDc8gFtyj5H8xfmkdxjHJ8Nqoty6xg6DN1K6oP3BgCamq8xZUpLMn4aSFjlZjSt/DxD1trTY+LrNC6hwr/3O7xV6xyTmjehUY0wmlZqw/uHghn2RT8qqkFTqRGhQXEs7xtG2MDVD9map5OH2v3pWsKlZ2+DmrTNjKg6DtOU3/m2m5LEW1p0Dp54OedcZaSzaWBTxpnGsX9+e5QJcWgz7fHwLsm9O7w/HKZULTcTBM7eHjhaa4JvyiTxRhwpKme8vJ3uOQdTWiK34pIRDu6U8nSwvM7UJREbZ6SEtxsOBW+S9NQRnxzDvrOrrbv70zOP0hYXH9/CMmDrWorCcjxU9Y7u+DpaqXBzJba4+JXGpaBkBxd8AgpI1Tjj5We1lj3xyGmhRGIl5Mh1vzg8z+TjTcGhoGU/e9p8t4dm2FPkwqDkP40U132jxr6kU+E5HJwoPIfkWUBOCyUSKyHFJZFYCSkuicRKSHFJJFZCiksisRIPvFp45UQMZ05e5ezOHx9leySSJx6TyYRRKDC0NqDSWOEXGncSUkiPM9GyZZMHLUIieSq5cuUKFy9eLNI+66Huc1WpUoX27ds/TBESyVPHpUuX+Pbbb4vMJ6+5JBIrIcUlkVgJKS6JxEpIcUkkVkKKSyKxElJcEomVkOKSSKyEFJdEYiWkuJ4lTEYMhmd3q7N/G+s8iaw/y8ZZ27hoKGhjKSUe9XrRt3Epq1T/IBhj9rFo5TF0lTsy8PlgKz+ibSLx6CoWRtzEpW5PXg71vmd3Xv2FLfy0+TyqkE4Mbl32kdSasfNjOnwFu3ZNAiDl+Fw+mrCMvxN96PXtz7xRRe6T+yix0mdIT1pyktmbKSP6Tw5ddqBaaGXcFQAq7DKepG9QPec2/syC9VHwu54aTd+jvlU3wBCknPuVdetPozztTGiD/pS1eCfSObr2Z1ZuuY1TWp1HJi5No+H8aP6ddSZ/bVzLCbdezF7Sn3K2D7v3mYELSz5ivt1QJnQvk89W3s8e1hGXTTV6jqmWfWDk6qIhHLlRmhfGfEzTB9ml35BG4h0j9i5O2OYzkTWkJ5Gss8HJ2eHBTij9L7bsiiG4XUc0O39l64HXqR9ewPadRbQFDKQl3sFo74JT/hnMqPyC8Lm2l10X+jC4cq6Wpxxh1yEl/mXsSconTp+SwB2DLSVdHArck92kS+ZOuooSufpE6eRDsHlzDxNpaRnY+ARSxl5lcX1QeH+a0CUnkWy0xdklV7rpDqePHedWiJ5n1+7OksezQY3xKktHvMEa39EsGNOUEjkvX1/JqNdW4j16PiPSJ9PjB1v69RVsW3CI2PR0Mh0q0XHkJwxvnjWN0kXv5cf/zWLLyUQUKiNGp8q0GfwuQ1oHYAtk7pvIi5Oi6T7rO/oFFXyqdw5sZV9CBXq9+BJ2Mdv5aduvxLfohEf2Jy5tx9jC25K2g7E9fsC2X1/EtgUcik0nPdOBSh1H8snw5ngX8DWucKhJg1Lb2bvjJP0r1zRvuJl0cBdHNHVo6b+P3ebcJpKOL2XK1ys4HGNEo8xE71iRtkPGMLxlaWzIYO+EF/jO5jXetN/Gj7uvkJSSjjqgFW999j5t/NVk7PiYLl/Dtk2vsmT4a/x0WoeRibRrtZAXvv6JQS6/F9KfJhL+XMiUr1fyRyxoyEDvWJ6Wr43m7edtWDtyAD/+k4Hpz1dps6UdE5e+R4NHvQvqU8bjWdBQ+RMWVomU37fze0LOxuZGYvb9yimH+oTVKYFSAYaECNYdq864ZVvYsnkZH9dPZMO0Wey7AxjOs/TTyezRdGPq2q1s2bqemS87EfG/iSy7kOVQpXQLpladKvjZF/JogOkWe7ceQletJS3LeNO8dW0Ux7az8/rdaWuRbcnKQMS6Y1Qft4wtWzaz7OP6JG6Yxqx9dwrpCCcahNUgKWIHf+Z4D5m0/L77T5xCw6igzDV11p9k0ZS5nAkYwsLNW9iydR3T2ujZOm0We5Mgy3TPSML+tRwOeod5G7awZdUnNE7dydzVf6MDEEYMeiOoAnhpxhrea6DBvskYftn6M4MrXS68Pw3nWf3tYqLrTGDV1i1s2baBWf29+HPOfPYl+/DiV1Po6mdDuT4/smn5KOo948KCx7ZaqMQrrC31lEfZ8WtclrmBMZp9ERco1aINz+Vc7yg8aPpie8o6ADbehPZoSWDKcY6czER/Zic7L3nTdkB3QkoqQVmCch370sbnMnv3XsQA2FR7ifGfDye8oKEDMF7bybbjSuq0aYGnUol7k+dp6HiGHdsvWhp/F9KW7Ax4NH2R9lkZ8A7tQcvAFI4fOWk2xLsXBc6hrainO8DOw8kAmOL2setvL5q3qmw5rbCpyuCf1jJ/9PP4agBlSSqFPod35jWu3LjbUuHVhJ7tgymhBLVHfepX0qCNiSGv555SrcqyF1IoUavVmIrqT5FBeqYJoy4TgwCUTgR3/oyV68bTykWJUqVEgQKFQoVarZLL0DzGfQuVLqG0bfIjn+zcTXSn3vhd20dEZADh71bGBrJsUpV+lAm4e1Wh9vbCQ5FMvDYTQ/J1bhni+fXbtzlh1o6R2/EGtNHXMVCpGCen59y2HZx1qM/YOnZkpqeDuhZhjdzYs2srJ/pWpJbZ767gtmRnwK9MwN1rILU3Xh4KkuO1ZEKBhnAKp4a0bvw9k3YeIKFpS9L27uVsmTDeKq/mokVOE7f/3sCc5b9y6pqWlEwjJlMm6SYfjKa7VzkqNy+8zCeuRG2jQpFmxFiE84khpoj+tGlG9wGt+fPrsfSKKE1IzVrUbhhG2/CalJJud/nyGDcFdaBuuzC83t7FzkvdabE/gqsVWzEuMHeTlOTvMZftMqf0o+ELL1M3z8qewq1c8czX0v9iy64oSL3B5F65beNMoN/H1iOvUqtJzhVhIW3JyVGUIV6+OFC7dROcPtrJvtjy3Nl7kXLhoymjwkJcxqur+Xz8UlLDRzB6VG38nW0RkYsY+f6R+6yvAIrsTzV+rT9kbsOXOH5gP4ePHmXXd2+zYl1vJk9/jRpyFf8eHuuOuzaV29K67Hr27tqL6c8YqncOxyf3DM50i5gYA1TIaqbhZizxwpnKnraoHf0opbyC0qM2DarlvLMm9HoTNjbFO607B7ay73Y5Xpkzi/6518KN0SwfOYCF234noXGbrG2pC2lLTt23YmIwUCHbEO8msfEC58qeRdqY2lZrTXPPd/l9w2aSrlWhQwtvVFlXSWYyz/zDGUNVhg9uRw2XrPriY6KJf2gvrizUPkX3pzEjA6NTALWfD6D28715LXIeQwb/wrZ/XqFG7UfTjv8Sj3dqrA7k+eercHPLTH6JrU3rZh6WDRIx7F2zh+hMwBDPoXW7uer8HPWraLCpFE5YYBzb563idLIJMJLw93xG9ejH1MNZjtr6U6v4Yvwsfr2Vzz217IWMzKqtaR2QR4wqX1q2qonp6Db23DIV2ZbsDMTsXcOerAzEH1rH7qvOPFe/StHWQeoKtGpRmtNrN3GjViuaud/7tqhdnHEyRXPizxgydHe4EjGPaXu0lCSJWzfTeFiNFdWfxphVjOo2gK92X8++fjOSEp9AusIFDzcloEKtMpFy5w5P0h3Mx8lj3iteiVd4O+rM/YLTTdrQKO+tJXVNmgdGMLrXTJIzU7mjKkund18j1AmgEn0+fpfEKT8ysttiHBwgVedCze5v8UrdLBdfY9xpIvZdw7vvqzTP82OQnIWM594Oz2epXIlHs+epN/sLtm2/Qnu/ItqSAaCmZvNAIkb3YmZyJql3VJTt9C6vhRZn13g1Aa1bErx0CV6tGuGSz1eepvaL9A89xswJvdghbHCv2pERYz4gdtp7zJ7Uh4liEU2LUVOB2BTenyple4a8eoYvv3mFjtOccFJnkGL0ot7Ad3ixnBqUQdSr58fatR/QPaIer/84gY4ez/ayxgOb3331w0Rs9SV59dVXH6oBxuurGfXaeip+OZch1e5+x2fsHEunL028u2kSLRV30CbosHP3wOmeub2JzDtxaFNUlPT0oIQV5v5FtiVjJ2M7fYnp3U1MaqngjjYBnZ07Hvc29iExkZ4Qyx1REne3B7xhXow6Cu1PUwZJcbdJFfa4erpib/HFpCc5/jZGRw9c7P+7v9HI2aDm2+++RWNT8LzksY5cxjunWfn1Ei5VG8jokIIbqbQtiad3ganYliyFb7H8UB+ewtsCKG0pWWiGh6ode1dvK1sTFdGfSjucS/ninG+iDU4eT87vRR83j0lcek7Pfp0Ry6Jwqtqd0ePaF/grBonkaeUxicuGkFd/ZFN/JbYF7Fhq12IsaxuCnd2/3LQHaYtdC8Y+KY2VPDE8vmmh0gbbwpbR1HaUKFFI+r9JkW1RY/fENFbypPBsL+dIJFZEiksisRJSXBKJlZDikkisxEMtaMTExHDlypVH1BSJ5Ong6tWrxcr3UOJKSEhg+vTpD1OERPKf5YHFVbVxOfxqOtOj9uuPsj0SyRNPdEIkiw99g1JZ+FXVA4tLqVKiUivRaOTz3JJnCxsbGxQqinSWlAsaEomVkOKSSKyEFJdEYiWkuCQSKyHFJZFYCSkuicRKSHFJJFbCQlxGo9y3B3i0Plb/sieW0WAocgNQyb+DhbjOnDnDoEGDiIyMfOiCTXG7mDZyOO/+cIDkvIm6P5n73mgWnjDkF/p4STnMhKYBNBp/MF+HkfslbUl3nJx6PIKSikMSBz9pSEDTCRxO+ZeqlBSIhbiqVq3KiRMnKFeuHP369XsokYmkP1n9/XdMe/tNPj+QZplouMi2OT+xK/JJE1cKv44bxHQxlJ/GhRawCcv9YdfhG44c+foRlFQcnAkd9xNvGr9h0Cf7kPp6vNxzzfVjtjvaokWLKF++/MOJTF2BhjVvMvPtqRzXFZ0ddCTF3iQuubDMBlK0cSTlzqJLIk6bmv9mlIZUtLFaUoqhY+OZH/j4pwx6TRhO9Qf4VZcpM5E4bYqFgYPSNZBq1QLzZMwgMS6BNCNAJgk3rhGXer9zOQOp2li0eU/MtgYjxvckfc5Yfjgrp/mPk3vEVatWLdq3b49arUYIwfLlyx9cZIqStB73MY0vTmPUzLMU+Pk2afltcjeqebrgWzGEYE9XSocOZdnFbAWlreJlL38GzPyZQXUCCQj0w8OrOq+vOsVvkzpQsUwgQT6u+DQaza7b2R/SzIusGhVOsIcnQRWD8HILoNmwJZzNa/dhRsfR+fM4WrY3rzXL3g/j9s90ci5F37W5gpIW0M3ZnZdWpgFprHrZC/+Bs1k2PJSypYMI8nHDs3p/Fp7POtu0JT1wdnkh50S5sfkDWpRxwyswiNL+zzFg9iyG16zIgBV3gNv83MmZUn3X5nIlSWJBN2fcX1pJ1vifycVVowgP9sAzqCJBXm4ENBvGklwnViJ8EL0C/2DevKMU6ztNYhXyXS387LPPMBiyPhx6vf4hRGZClH6VqR9W468v3mP+lfy/SXUHJvHaJ0eo/L+T3E64TWLMDvplzmfoB6vQAiiVYIhl07y/eH5VJNqESGaH3WDe0E58kfwOEdcTiD8+kcr/zOCrlbcwYeDYly8xcLkdQ3dEk5iQyI2ID3Bb/zp9pxzPX+TGC+zYcxn/Fq0Iyfk5szCh1+nQW6wQ5LyW1X1KDMT+MpNtVb/n71sJJF5ZSqc7S/lkxm9Z1kEmA7rM7BqTtzD29a+5GjaP87cTiT+3kIa/zWJTgsDGRgMITHodOr3RYnvqnNcADMe+5KWBy7EbuoPoxAQSb0Twgdt6Xu87heM5J6auRqvmflzas4MLcvB6bCgdHBxwcHBg2bJl5hdr1aqFra2txa9+c0S2aNEiypUrx9yvl1K8zXrVVBk+lRFl9jL+w1XcyGf2o2k0iaPR/zCvb1lsAaVbXTqHBZB2/jSXzUoQBHR6k25BtqD2I6xJCIqU8nR9uxleKrCr0JxGgUair0Rh0B1hydITBPYfz1v13FCixLnGYMb0C+LkqlV3P4S5yTzN6YsKKlQtxt7ueRD+XRg1qDrOSlD7tqVNHVtuXLpEat4qDm1iZ1wFeg3vTqAtKJ2qMvDt7gRAMa1JdBxZspQTgf0Z/1Y93JSgdK7B4DH9CDq5ilXmE7OlStXyKC6e5kzB5mASK6NevXo1ADVq1DC/qNVqEULcIx4bGxscHR0ZOXIkNduXJUMU5pqYC7u6vDftdVa3Gc3Hm1szOzxPuukmET+O5X+rD3L+RiLpBhPG9GRMgbmXlVV4+fian5Gxt7dD6eiFV8mcwdceOztF1u0EfSSRUXpi1owkfP/dp2oMt2LQ37hApA7q5HnYxpSiRZtRAh8Ph+KdUy5U3qXxN5enQmNrgyLZgCHPF0lG9HViFaUJyGWTpK5QnoBib4iqJzIyCn3MGkaG77/7vJDhFjH6G1zIdWJO7u7YZ8QTn2ICB3k783Ggbteu3T0vTp061eI4R1Qff/wxb7zxBg4ODmw/tZKMtHtCC6RE07H8r+8Gur8/gZf3NeTuoGjk7PR+9PzyDi/NmMf3LSvgbic48UUY7bblKSTv8zMKRQFf+ApARXD7kXzYKs9+gkpvahTi6VPEIzogBPcM2AW2I0+oKUttityfdZPp3vIsoyy+5BSAKrg9Iz9sheWZKfHOfWKKrFjJ4+OehyW1Wi2TJ09GCJGvqB4cV56f8AXdavfnna9cKG+T83FM50jEH+gbfc3nA5rgCWCK4dL5mAe3xbEpS3AZJaeVfoS3bWSe5pl0OkwaTb5PiCpLuONml0p8fDqQvXOuSoVK6NHp7n5IDdevc9MEgQ/QLDsfH9zEH1yLMoB7Vit0Z89xyQgVsipEpRLodbq7sjBc57q5QhvKBpdBeVqJX3hbGt09MXQmDZpcJ5aqvU26nRvuJeSo9bi4p+dHjRqFEAInJycmT57M9evXGTVq1EMKK7uyUt2ZNLE1Md9PZ0dqzsfHBk8PV0wX9rP7UhqZt0+zfvxQVtxwB20UV5MfQGKaOvTqGUL0ovF8cyQBE2CMjWBCqzKEDNl2701tAE0lKgebuHDy1N0VNvtAAn10HNu9k1gTkHaOZdNW86B3/+watKaZ8xlWfr+FGAOQepoF01Zx2Tzu2RMY6IPu2G52ZlXIuWXTWG2uUEOdXj0JiV7E+G+OkJB1YkRMaEWZkCFsM5+YjlOnLkJwCJXlg+KPDQtxabVa9u/fz+jRo7l58+YjE1Xu6sr0/ZKxjeBORo64bAl/exydlGt5uZwj9r4t+SqxDz/8PIzmyvW8UrkvK+77bqiGOqOXMKtbGjPCSuPh441HUEeWOr7G9LGtydcxS12RVs0DiNq7kzPmdYGmDBvbHc3qFwn08MG3Ym92N3iVjm4C04MMq27d+Hz6Kziu60GwpzdegV3Y9FxvWpptS2xpOmws3TWreTHQAx/fivTe3YBXO7qZp5SaOqNZMqsbaTPCKO3hg7dHEB2XOvLa9LG0zjkxw2l274smoEWrHCNMyeNA5OLatWsiNTVVFIdtJ1eI5Ue+K1beYmFMEbeuXBU3k/WPrkwhhDFdK6IuXRLXEzOLzKs/+bloUKK8GLYnxTIhPV5cvXxdJGQ8okZlJojrl6+IWylGIVKXiG6O9qLLotz9ni7ir14W1wur0JgutFGXxKXriSLvmaXuHS7KOzUSX5wyPKIGS3ITpb0gJmwcLAzGwvvX4nutdOnSj0y0RW3e8SRzKKwE3/3b3/ov6QAAHghJREFUlfZ1RNH30RY5uoqa0dn/Fw/mcSh5CKx2tSuyl/Kfur/ECD6q60vD8YdI/jfqS11CN0d7uixKfQTlpXBofCP86o3l9zuWaZJ/Hzkjz4tzKBN/P09SpsrKDo7ZOLzIouvtwfFRXNvaUWPUFs6NdsZRLmQ8dqS48kPjiPO/9uFU4+D8KH5/D6DCzulRlSV5WORNEInESkhxSSRWQopLIrESUlwSiZWQ4pJIrIQUl0RiJaS4JBIrIcUlkVgJKS6JxEpIcUkkVkKKSyKxElJcEomVkOKSSKyEFJdEYiWkuCQSKyHFJZFYif+euP5lszmJpCCsIi5j1C9MGvE+844VsFF55jHmvT+CSRujHnnd/67ZnERSMFYRl8rbg9vbv2HsjO35bsCZvH0GY7/Zzm23Uo+87n/XbE4iKRjrTAs19ejfpya3Ny5iozZvopaNizairfEy/evf3dvckKolNo9xnCUGUm4nkWnejNNEZmIsN+OKYTaXU35ccqF+VfmZ10kkD4qVrrnUhPTtR2jmDhatvm7pNRWzlsU7Mgnt15cQNWReXMWo8GA8PIOoGOSFW0Azhi05m23+lsbynu4EDPqaL1uXxs2nI99d1RO75zM6V/bAtXRFKge54+zXgFfnnyaTvGZzkHZyAW80CcDNI5CKwV64+dal38wj2X7HRZvXSSQPitUWNJT+Pen/vA2/LVnGJfP6gpHLyxezT92KV3qWQWk4xpcvDWS53VB2RCeSkHiDiA/cWP96X6Zke02pFCbidyzmn7Al/H12GQNK/c2MkZO42GolV5ISSLhzi0PjSrP7owmsiTNZms1lHmTCS2+woeTb7I1JIiExjiOfBfLrqJcZuyeNYpnXSSQPiPVWC5WedB7QBbcjS1l0MvvDbjjNkqVHcO0ygC5eSnRHlrD0RCD9x79FvSwnN2oMHkO/oJOsWnUcA0qUKgV6h+YMGRVO5SA/3NRppKSbMGSkoxeA0oVqr6/m8vXl9Pa0PB3doeWsPl+G3mOGUNtVCcoShPR9j5fLR/HLqgNm8RTXvE4iuR+suhRfotVAegaeZvnCw2QCuqOLWX6yDC8OyDJD0EdGEqWPYc3IcJo1a5b1Fz6StTF6oi5Emq+PVAHlKZ+zw6KmEcPH90GzshvBviE06zGUz+b/RlQ+Xsfply4RrQikQoVcmxBqylG2jIJbUVfJsRfL17zOeK95nURyP1h3U1BNPfr3qc73cxayd0ItbBau5HLV/gxokL2QkeXkRvuRH3KvR10NzMsdajU25q8BNcEv/8zxdu/x66aNbNu1k6WjWjJ15vts3DuR2sVpl8DSJrWY5nUSyf1g5R13sxY2Gn/1BSu3tkG9SUvDd/qZDb1tygZTRnkapV84be86uaHTmdBo1EA+wxFgTEvD4FqJ8L6VCO/7Hp+f+JTGdWezIOJjC3HZBwfjL7Zy/rwOPLPL153n4lWBT1gQj9IcSSLJi9V/oaH070n/Vjo2fzKWTWkteaVXADkWwJo6vegZEs2i8d9wJMvJjdiICbQqE8KQbfla1GG8NJ1WfjUYvDwye1pnJDEmlhSlJ77elubCmga9eKHiNZZP+ZmTKQCpnF7wFUsvB9OjVyMKcW+VSB4a6//8SelJ5wGd0Zw7h6LjK3QrlatKTR1GL5lFt7QZhJX2wMfbg6COS3F8bTpjW+drUYeq7CC+mliPf96qhqe7H6W93Sn78m+EfPodb9fIMxBrGjB26Xe0vTGBBj6e+HiUot4n12g9YxmfhNpZ8aQlElCIB/SX2X5qJYlpcfSsO/QRNMNExu3r3EhS4ebnWzwTBFMa2us3STKVoFRpLxxVhWU2khp3nbgMR7z83KW5veShuHb7IvMPfMWYdt+jUhb8wXtCXE6U2Ln5E+R2PyEOuPuXxb1YmVU4epbB8cEaJ5E8EPI7XCKxElJcEomVkOKSSKyEFJdEYiWkuCQSKyHFJZFYCSkuicRKSHFJJFZCiksisRJSXBKJlZDikkishBSXRGIlpLgkEishxSWRWAkpLonESkhxSSRWQopLIrESUlwSiZV4dsRl9u0yYTQYMJpyXjZgMD7A7p8PGid5ZrD+HhqZUUSsWMKGiFNE3c5A7VqGqk260qdnE8rk3YAp+SybFyxhyx/nuZlsQOPiR8UGnejXpyVlH2aTwZTDTGjTnU3Nl7NzTBQDvV7FNCuedX1gSXd3BivmkL6uz30VmXTwE1r22kfHNdsYV79E0QGSZw6rjlyZZxfS/7kqhI2Yx193HPENLI1TynHmjwijau3+LDx319DHFLuZYQ3qM3DBZZyrh9GhUxsa+Key69P21G07mT8f2BUhhV/HDWK6GMpP40Jxtkizo8M3RzjydYdilWQ4/iUdun3LOSM4h47jpzeNfDPoE/alPGjbJP9pxAOy7eQKsfzIdwVnSD8gRtewE/ZVBou1VzItkjIvrRQDK9oKh9rjxJEMIYQwiqvTWwh79xfEMq1lMakHx4h6peuKD/em53rVKDISbokbsclCX0Q7DaeniFCnYDFkV3J2gUtEN0d70WVRaoExxowEcetGrEi2KNwobs56Xjg994n4O+f15G3ijbJOInTKGWEooh2S/w5R2gtiwsbBwmAs/F232siVtPFb5pz2Y+CMaXQNsNyIUBP0At983Q/Pf2Yzc1sKIEhOSsZo0pOpt7yOcWjwOYevHeGL5naAqVBvrnvRcXT+PI6W7c1rzfKbuqWxpIczLi8sBcAUu4fPOlfGw7U0FSsH4e7sR4NX53M600jk1DCCh+0k5fjn1HEK4PWtmVAinEG9Avlj3jyOFuaqJ3kmsZK4dPy9/w+SvFrQvnH+uwU6tehEuLuWgxH/ACrKt2lHtcxfGN60E299uZBtx6+Tmne9wPBX4d5ceTFeYMeey/i3aGXenz4vJoOOTIMJMPDXjJFMutiKlVeSSEi4w61D4yi9+yMmrLlN8Ntb2Dw0GE2NMRzWRvL987aAmmqtmuN3aQ87LkiTc4klVhKXifg4LXj64lvQhqRqH3y84HZcHACauh+z4ZfJdPM6zYKx/Wn7XBk8vCvTos9YFh3VZrlTmorvzQVA5mlOX1RQoWoVit7E10RaSjomQwbpWYXjUu11Vl++zvLenqBUo1IqUCgUqDRqVNnV2VapSnnFRU6fkVZ5zxJbZh/A3c0dV1dXXF1duXjxojntxo0buLq6WktcCuwdHCAthZSCVqtNaaSmgb19zjKgGr/w95gfcYnY6yf5dcW3fPhCZe7smkL/5i356PfU+/LmAjClaNFmlMDdozhLjRoaDR9PH81KugX7EtKsB0M/m89vBRWeg5M77vYZ3I6XqxrPEjXDKvDTzz8xd+5c5s6dS6lSpcxpLi4uzJ0711risiGkagVUV//gUHT+0yVTzJ8cj1ZTsVrIPWm2XiE0e2EIn8xcyx9/LeRFl1MsnL8PszfX5RNsnjqAeo4XWDqqJdWbjCWikM+2opjmW+rgl/n5+GVObJ7KgHqOXFg6ipbVmzC2sMKznb0eaMN9yVOLbzkPunbtav5zcrprHGJvb0/Xrl2tJS4l/l1epJndIWZ9sZV7L4cS2DN1FgccWvFSVx8wnmfl6FcYPvcseaWoLFWT6qWVmExZhdz15nqPrxbs4O99H1H+xDwWRNw7LVOWcMfNLpX4+PTiNduYRprBlUrhfXnvqwXs+HsfH5U/wbwFEQXHpGq5nW6Hm7u81yWxxHqG4wED+OrTFtyZ34eW/Saz+sBZrt24xrlD65g6qBUv/pjM85O+pJ+vElReOCUeYM4Hr/PxhnMk5ShMd4vDc8bz8z++dOgeel/eXABoKlE52MSFk6cocjHPeInprfyoMXg5kdl+rsbEGGJTlHj6egOgtlFhSrrNbcPdMN2pU1wkmJDKxbFmkTxTPOhaf5H3uYQQQqSIMyvHiK61fIS9UiEAoVA6CN/a3cXHay+I3HeuRPpZsfLDzqKmt4PQlPAQvn7ewtXRUXhVbS/eWXpKZN2VShZHv+stanraCwc3X+FXylk4ulcV3aZEiNvG/OrPFPvfqSjsao4Tx3PuTVnc50oVCzvbCbsui7JKP/qd6F3TU9g7uAlfv1LC2dFdVO02RURkF568620R4qAWju6lRbc5MUIIvTg2rqawq/iuOJCZX/2S/yLFvc9lZXHdJTMxRlyOvCxiEov6FOrFnZtXRGTkZRGTUEBeY6qIj4oUkVduiZQi7t7qT34uGpQoL4btSSlmS40iNT5KREZeEbfyKTzz9nURFZuSddM4da8YXt5JNPrilLyJ/AxRXHH9a/5cGmcfAp2LzgdqnEoFkL+vZDb34c2lrjKUz/ov5MVx3/H67g+oWuTsTYmDuz9lCyhc4+qLPwAGTs38hCXqAawaGkKh3nuSZ5Jn4FfxzrSc+BNDMmcw+IvDPKoF89TDnzN4egZD5kwkrNBvAsmzyhPiLGllnEOZ+Pt5kjJV2D+iIu1qjGLLudE4O8qFDEn+PBviAtA4Fs9ruZio7Jwo1ixX8szyDEwLJZLHgxSXRGIlpLgkEishxSWRWAkpLonESkhxSSRWQopLIrESUlwSiZWQ4pJIrIQUl0RiJaS4JBIrIcUlkVgJKS6JxEpIcUkkVkKKSyKxElJcEomVkOL6D/DABn6PviHSYDAXVhOXKW4X00YOY9iwu3/Dh4/k3Y8n89PWMyTeZ58l/TaesNKOqG2r8uGh/4CliDGKXyaN4P15xwpwaMnk2Lz3GTFpI1GFejyksfxFF0r2WGqVZhablMNMaBpAo/EHSUpbzosuJemxNA1IY0l3J5weoH1JBz+hYUBTJhx+OrcKt5q4RNKfrP5+DltOxKHVatFqtcTHXefcvnm816kWz/Wax8ViG4NksGfOd+z3fpc/bv/NpHr/gX0rVN543N7ON2NnsD05n/Tk7cwY+w3bb7tR6onfWkoaDOaHdaeFCgcaDJ/HsmXLsv6Wr2Ljb6c4Nrsd6es/ZsrOvCYHBlK1sWhTDHleN5J8JxXboMpUdFShzNVqQ6qWWG0KeSNyl5lyO4nM3COlIRVtrJZ7qsmNKZPEuILz6JLjiE3MJP8BuKDzyI2Gev37UPP2RhZt1N6Tqt24iI3aGrzcvz62OXUmxXIzLrno3YOLSeF9ZyIzMZabcYX1bRbGMz/w8U8Z9JownOr3fO8pcQ2sRrVAF8vSMxOJvRmXp39NaA/v5berWjIFgC01RoynZ/ocxv5w71bnTzqP4ZpLTWDnttRSxnH5clL2a5lcXDWK8GAPPIMqEuTlRkCzYSw5mwHGs3wZWopXN2eSsq4fro7V+OCgjsyLqxgVHoyHZxAVg7xwC2jGsCVnyZJrGst7uhMw6Gu+bF0aN5+OfHfVCJkXWTUqnGAPT4IqBuHlFkCzYUs4m63xtFUv4+U/kNnLhhNatjRBQT64eVan/8Lz5g9YxpnFvBlaGg/vcpT3c8e/0essOpNR9Hnk1xMhfekXmsmORau5nlulphjWLt5BZmg/+oYo0f42mW7VPHHxrUhIsCeupUMZuuxiviK7/XMnnEv1ZW2uKpMWdMPZ/SVWZm/TXXjfSYPBR8aD7jpa1I67hguTRUONi3hp1b32qHd2vCHK2gSIN3dlCCGE0P/1qahTwke0m3pYaI1CGBOPi5ld/IRjnU/FMb0QRn2CmNvRTjh1XyIS9Xph0P8lPq1TQvi0myoOZwWI4zO7CD/HOuLTY3ohRKpY2dNFOJR+TvT+Ypc4fSlaaDP14q9P64gSPu3E1MNaYRRGkXh8puji5yjqfHpM6IUQ6at7C1eNu6jeb5b4O9EohP66WNUvQNgEDhW7M4QQmX+Icc85iqDei8SFVCFEygkxo52XcKg7QfytL/o87sUoYhd3F+4OTcRXF+7u3mq4OFU0dXATXRfeEsbMCDGqgkb4vTBfRGYIIYxa8fvoOsLBtZtYHC+EEKliSTdHYZ+9JXf87DbCzqWnWJmr2xPndhB2JbqLpalCiKL6Tv+H+KianQgZvlPcMgghjAnin1ndRaBvT7EkNp89ww0nxYQ6dqL8yN+EeX/kArcM14s/Pqom7EKGi51ZhYuEf2aJ7oG+oueSWCGMqeLXEeWFba1x4q9UvTBkV5exd7goa1tHTDj5ZOxrHKW9IJ4f1ED06NFDvPDCCwX+WXlrNR0Xd/7ItzdyqjGSGv0Ha+avR3T7gXeb2wI6jixZyonA/kS8VQ83JeBcg8Fj+vFD01WsOj6GmnXUKBWAUoWNWo3xwBKWngikf8Rb1MsKoMbgMfT7oSmrVh1nTM2qKFUK9A7NGTIqnMoaQHeASUtPENg/grfquZFVzWDG9PuBpqtWcXxMTaoCCH+6jBpEdWcl4EvbNnWwXXGJS6kQenY5y08F0WtWL8o5AFRl8NT5OP3lgFMxz8MSJZ6dB9Dlw+4sXXSSkZ/WQI2B00uWcsS1Cyu7eKHUeDDpaDQfKd1xswVwo27nMAKmbeH0ZQPF2nY49ztypIi+C8ljMKjKNhh8vYACcwwG33gQg0FVtsFgTuG6QgwGF2UZDFYpjtea9Tl76Ao3LvxVaB7riksYSIg8zl+6rF7KjNzN6iPO9J93iC97VsNVCaAnMjIKfcwaRobvv9sgwy1i9De4EKmDOpbF6iMjidLHsGZkOPvvBnArRs+NC5HosmSCKqA85dXmICKj9MSsGUn43SAMt2LQ37hApI6sKJU3pf3vpqs0ttgokjEYTOgvRXINPwID76bbVmpL/0oAqfxe5Hnk090lWjGwZyCLly/k8JipNFYcZfHyk5R58RtaOwGYuBnxI2P/t5qD52+QmG7AZEwn2RT4QMvURfadpjvDx/dh99BuBK8vT/2mLWjZoSev9GpKGbt7y8sxGPS5H4PB3UPpFrye8vWb0qJlB3q+0oum+RWeQ7bBYHx8CvBkiGvQ5E6Mafc9KmXBq03WFZfCgbpv/MC8HlkdYopbh6Z2b347GIvypVzZAFVwe0Z+2ArLWbsS7xq2QB5/rawA2o/8kFZ5pvlK7xrmBQDUamyUFkEEtx/Jh/cGUcP2br4CzfJE1j+mApzuij6P/Mha2Kj+/RwW7p1ALZuFrLxclf4DGmALGM9Op1/PL7nz0gzmfd+SCu52iBNfENZuWwHl5dNsIe6a8xXZd9kGg+3e49dNG9m2aydLR7Vk6sz32bh3Ik0KsCG7P4PBdrz36yY2btvFzqWjaDl1Ju9v3MvEJgWNfU+nweC/uuOu0rMzn09sS+3X32JC90NMbeYE2FA2uAzK00r8wtvSKKd/TTp0Jg2afFpoUzaYMsrTKP3CaXs3AJ3OhEajBvJZQLApS3AZJaeVfoS3bcTdanSYNBoKiLIsIigIf7GZixd14JVVgvHydn7alEz9AZ3u+zxyUIf0pV/jr/hi5VbaqDehbfgO/bId0tOPRPCHvhFffz6AJp5Z5xlz6TwxBQxaKpUKodehM38SDVy/fhMTgcXsu9wGg1kmg5+f+JTGdWezIOJjmrS1/JKwNBgsZPTJIZfBYKXwvrz3+Qk+bVyX2QsimNgkPP+Yp9Rg8F9eLVTi9/IUxjaJ4Ye3Pmd/KoCGOr16EhK9iPHfHCHBBBhjiZjQijIhQ9iWzz0gTZ1e9AyJZtH4bziSFUBsxARalQlhSH4BWUH06hlC9KLxfHMkgaxqIpjQqgwhQ7ZRQJRlEfVepHvFayz/30LOpgEZkSwb+wZvzzmGTnP/53G3W/zp2b8Vus2fMHZTGi1f6UVA9mzDxtMDV9MF9u++RFrmbU6vH8/QFTdwR0vU1eR7bgXYBwbiozvG7p2xmIC0c8uYtjqy2H0nDQYfIQ+6YvIwq4WZf38uGpZwEM+NPZT9Sro4vfAN0djPUTi4eotSLg7CuXxbMXbLdZFtOyfmd7ITTi8sFzmlpZ9eKN5o7CccHVyFdykX4eBcXrQdu0VcN2aVt7q3q7BrO0fczl1x+mmx8I3Gws/RQbh6lxIuDs6ifNuxYktWUNZqoV1bMSdXUNZrrcUPt7LypByfLV55zlM4lvQQHk72wr1GH/HDseRinkchJG8Sg0qrhMq3v1h/J3dnnRSzugcLR6VCoLAVPo2Gi9UXjolprbyFnZ2n6L38lsVqodCfET/1qiCcbOyFq7ePKP3cK2L2jL6ilGNXsTi1OH0nDQaL4okzvysWxnShjbokLl1PFMXrR6NI10aJS5euiyI99Syq0YqoS5fE9fsJskAvkm9eEZdjCmjnfZ9HURhFyq0r4urNZJHvin4+pMdfFZevJ4iMQsostO+kwWCBPJ3ikjylJIqdwyoK19DJ4sQjHV304uSUpsKt8lti952ic/9bFFdc8lfxkkeANBjMj2fHn0tiXaTB4D1IcUkeHdJg0AI5LZRIrIQUl0RiJaS4JBIrIcUlkVgJKS6JxEpIcUkkVkKKSyKxElJcEomVkOKSSKyEFJdEYiWkuCQSKyHFJZFYCSkuicRKSHFJJFZCiksisRJSXBKJlZDikkishBSXRGIlpLgkEishxSWRWAkpLonESkhxSSRWQopLIrESUlwSiZWQ4pJIrIT1xKU7xPQBL/Hh6qicFzg0fQAvfbiaKGN+xxLJfwvricsQzeH1a9h1KinnBaIPr2fNrlMkifyOJZL/FtbbK96hB0sTeuR+gR5LE+hR4LFE8t9CXnNJJFZCiksisRJSXBKJlZDikkisxEMtaJy/9Q9r/5rzqNoikTwV3EiKKjoTDyGu0q5lMRh1DxoukTy1BLpXJNC9IgqFotB8CiGEvMskkVgBec0lkVgJKS6JxEpIcUkkVkKKSyKxElJcEomVkOKSSKyEsmLFivj6+uLr60urVq0sEufMmWNO8/X1Zdu2bRbplStXNqe1bNnSIu3nn3+2iN2yZYtFekhIiDktLCzMIm3u3LkWsZs2bbJIr1KlijmtRYsWFmnz5s2ziN24caNFerVq1cxpzZo1s0ibP3++ReyGDRss0qtXr25Oa9KkiUXawoULLWLXr19vkV6zZs0CYxcvXmwRu27dOov0WrVqmdMaN25skbZkyRKL2DVr1lik165d25zWqFEji7Rly5ZZxK5evdoivU6dOua0Bg0aFBq7cuVKi/S6deua0+rVq2eRtmLFCovYFStWWKTXr1/fnFa3bl2LtFWrVlnELlu2zCK9QYMG5rQ6depYpK1evdoidunSpRbpjRo1MqfVrl3bIm3t2rUWsUuWLLFIDw0NNafVqlULAMXKlSuFXq8HwMXFhXbt2pkDzp49y19//WU+btKkCf7+/hYnWlDsuXPn+PPPPwuMXb16NTpd1k1oZ2dn2rdvX2BsaGgoZcqUMR+vWbOGzMzMfGPPnz/P0aNHixVbsmRJOnToUGBs48aNCQgIMB+vXbuWjIyMfGMvXLjAH3/8UaxYJycnOnbsaE67ePEiR44cMR83atSIwMBA8/G6detIT08vVmzDhg0JCgrKN7ZEiRJ06tTJnBYZGcnhw4cLjF2/fj1paWkAODo60rlz5wJjGzRoQNmyZYsVe+nSJQ4dOlRg7IYNG0hNTQXAwcGBLl26FBhbv359goODixV7+fJlDh48aD6uV68e5cqVMx//8ssvpKSkAGBvb0/Xrl3NaVeuXOHAgQMFxm7cuJHk5GSLWHkTWSKxEvKaSyKxElJcEomVkOKSSKyEOi0tDQcHBwCuXr3KmDFjzIlt2rShb9++5uNp06ZZLDTMnj0bR0fHfGNbt27NK6+8Yj7++uuvLRYLfvzxR0qUKAFAVFQUo0ePLjB2+vTpFhfts2bNwsnJCYBr167x4YcfmtNatmzJgAEDCoz9/vvvcXZ2BiA6OpoPPvigwNhvv/3W4uI5d2xMTAzvvfeeOS08PJyBAwcWGPvdd9/h6uqab2yLFi149dVXzcczZ860uHjOHXvz5k3eeeedAmO///579u/fbz6eMWMG7u7u+cY2a9aMwYMHFxg7ffp0PDw8AIiNjeXtt98uMHbWrFlERETkGxsXF8fIkSPNaU2aNOGNN94oMPbrr7/Gy8sLgPj4eEaMGGFOCw0N5c033zQfz549m3379uUbq9Vqeeutt8xpjRs3ZsiQIebjOXPm8Ouvv5qPp06dire3d76xjRo1YujQoebjn376ib1795qP//e//+Hj4wNAQkICw4YNs3zkRKFQmIUGYGNjkzsZW1tbi/TcKJVKizSNRlNobO6f6+eNzVuvRqP5V+rNG5u33tyx99tX1qq3qFilUmnx/wftq/utt7BYW1vbQuvN3WZr1ns/fVVUbH71ytVCicRKyGsuicRKSHFJJFZCiksisRL/B1JvDLcm+MZqAAAAAElFTkSuQmCC;" parent="1" vertex="1">
+          <mxGeometry x="880" y="1120" width="133.33" height="160" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-61" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=data:image/png,iVBORw0KGgoAAAANSUhEUgAAANsAAAC1CAYAAADWfYpqAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AAAAtdEVYdENyZWF0aW9uIFRpbWUAV2VkIDA3IEZlYiAyMDI0IDEyOjEzOjM2IFBNIENFVJzkR7UAACAASURBVHic7Z13dBVFG4efW9NJD2kkgQRCKNKr1ISOIBJ6UxAsFBFFBaR9gIgiKIoCKtKLBCmC9GpEqYKK9E4K6b3dtt8fN42QBglXCPOcwzncu7M777vZ38zO3N35ySRJkhAIBI8d+X8dgEDwrCDEJhCYCCE2gcBECLEJBCZCiE0gMBFCbAKBiRBiEwhMhBCbQGAihNgEAhMhxCYQmAghNoHARChLKhAZm0ZqptYUsQgETyXWFircHK1KLFei2H754yZ/XYstl6AEgoqIXxUnxvepU2K5EsUGUMfPlfZN/MoclEBQ0Th86hqZWbpSlS1RbDKZDBkyZDJZmQMTCCoaMpkMSikNMUEiEJgIITaBwEQIsQkEJkKITSAwEUJsAoGJEGITCEyEEJtAYCKE2J5RDHodOr3hUfdGr9PxyLs/o5TqCZKKgZ47v8xl1bFM6g79H70CHnPqhhiOfTuXA7d1gAyZXIW5jRPu/s15PqgtVSv9l+1cOj+PcGaq7FvOrxz8CLuvZ2zA68gWxPBNH8vyD6+C8uz0bJozbPr0I9atXMDnyw+Q/rjrk5L4d8cSNh08T3xCLAmxd7lxZgerJneje7PmTNl4/vHHUCTmtJ99nJ9mdS9leR0XvurJmO8vowcw786He44zpaP5Y4yx4vHM9Gzpx1aw81Zd+gyx4OdfVnH4wy50ty+8rC4thkStDQ525oW3RrpU4hO0WDnaY1ZscyXDvOEY5i3tg0XOV2kX2Tl7GNMmvoih0h/M7eZyXx26tDiSssywdbAu5I9jQJMUS5LWEnunwrZrSI1NxGDjRKVCA9ORlpCGytYWW6+62JY2N0Mcfx37lfBGWUgAcns8Awo5ebo0EhLSUdk6Y60u4pQYskiOT0Vh54jVM3P1GXlGerZ4Dm/cSlzdvrwyph/1M/aydWcEeUOOVLaPcKTVmIWsfbM+rRvUJKiOA626j2fvXT0AaZv70qjeMJb/MIQX6nvTsZkbDeu1YvbO28bWvrRYBfDCR2sZ2ziGHV99z43snTU3NzO3T3Wa1valUxNXmjRqz/9+ukQWAAbiQufwRisXGjUIoEtTZxrWa8mUjRfQAJDJtc2jGVDfhZbN/WkV4E2/iWu5lgmQzs7XnGk74Qu+7edFk+deZM3dFH5+1Z6GIzeUnJv+OsuDqzPraCoXv2hK/UZvcDRxPWP9HBi3JbtvTj/Plvfa0tbfhfbPV6d5TU96j/2Gv5KNmzN+HkKzBq+ycetbDGjqRfumHjSpVZ8PNl2hdI/wVgyeCbEZwjez5WAGjXoPoFqVPrzYSsaJkA3czlWJHDlaYncv4USztRy4EsepP1bTJm4ZMz7aQiIgl4MuZhvrf2/FwhNxnLl0mQVBMWyYNJm9CQ8ZkKI6Xbs1hgvHOJMA6M7y7Ruv8ovZaFacjefM1XDWj3XgwHsv8915Hej+ZPW0j7nddiNHrsZx5lokIe968sfHs9kba0Bzbh4T39+H+9TTnLiWwPFfPsB2z5t88M3fxupkBhKOrONSqzX8/Ns6gt0UGHQaNDpjc1Nsbsm+DF+3g8E+amqO/4NTJ76mtdqAXpuVPUGSxdmFg5m+pxLDt4Tx55V4Tuyehcfv7/LuvENkZB9fH7uDdYfqMPNQJGeu3GBh52R2zP+KU1nl8Rd+OngGxKbn5k+rOanoSK8ensjlrnTs1w3rs+vYfv7+dlXm2ovhg+pgBair9GLYS7VIObaXs5k5BTzo+PoIalgBam86jByAX9JRQk9lFqy0BOTYu1bGzBBPfLwezdn17LjoQ++J46hnLwe5LQFDJ9HL6zy7fz6HzpBOWqYBfWYGWgmQ2+E/bBOH/9pADycd57f9yFWv/rzSyw8LwDJgFJMWLeaV5jaAHLlchs6iLYPfCMLP2wO7wm7xislNrlQgl8mQyRSolIr7LxrNcX7ZcQX33pMYVM8eOXKs/IcwMrg6kXs382eOmKQqdHhjBDUryUHpTpvAxqijbnL3vxu4mpyKf9esOcPWn05j1X4Vz1tmkJ4Gypb9aO/clx2bfuPNeu0wyy4q9/GnWu6FqMTD0x2SIonOyP5K4UtVv7wrVenphYssgejodODhJguyUtLQYoWVjQzdXzeI0Eawd1pH/sz9i+iIvacl+uYNtOreDHtvMH9M6kPQnurUb96Olh378VKvNriba7l76y64+uCZu68ZvkEv4wuAsSGQe1bHp7i/drG5FUPmTe5EyvDwrUHe3mq8vb0g5i4RuefOFVf3vAAUKjVKWQp6nYFnos3nGRBb+rEV7LwqkXJnJEF7823QS2h2riL0g3Z0qJT9nUKJ4oEjyMh7lU+B8sECj/CuXxIn/ziD3qMfAY5y4/tQCl/avfY+zxd4u17uUg81SryCv+fnoImc2L+T0F8PsGNGJ5aveI9lWyYZJy0kA8V6fymVKIu9pssrtxwk7n/RK/95fDap4E2KcWIkps5Utl5N4e+bef/OHv2YRsk72LonOneiRAq7wd3cO0sd4WER4OBO5ZypRMMd7t7Ou/XUhd0hWnKisuvD/daU9Ptcvt6ZSI3eQ2igBqV3NdzlScjdgmgb1DX7X2datO5I67ruKAB9ejp6u5q07DuRD77aw8/bpuBzcSVbjxvw9KoCd69xW5NTg567h79l9Y5zpQ/qUXMzr4aXu0T49SvkVo+GWzdvQ2UfPC2K2fcZo0KLzTgxkk7DPkPwLdCHK7wH0KOFnmObNhGRrTbD7c2s3naNLEB3bxfrtl/ErlUXGuTcZxqus/v7H7mdCegiOPrDJq7bt6dNYzOKwpB8h0vnTvPPuZOc+XUz6+b0YcCwL4hsMJWZYxqhBNT1+tOtRhjb5i/ir0QDoCfu+GyGN6zDjEMp6G9/ySv1GzB163WMd2V6Uu5Fky53xsXFgude7E3ViB9ZHnKJDCDr1kY+f/8dNv2jKTKuBwMtLjclSoWBlMT4B2de1c15oac/kds+Y/PFVADSL6/m+y038XqhPw2LPjXPHBX4NtI4MXJCHsjMXt4P3h7K3enctzMLx69h++VheAGqFsH47X6JoJnxZKTEowwYxaxJL1IJjBe5ui1d/LfzRrP3SMpIIklVl/6fzqZDoT9YAUikHXqf/oeMn2RKa5yqNqLlmz/y5pu9qJbTaagb88Y3S4h7dwrDGnyClZVEapYzTV/9nNHtbFDIR/DBpJN8OLUezSbbY6tMI1lfhdbvfc3w2krU8inMnxPB5LlNafmRBaRLVOm+gE/HNyVnzFYixeZWh1bt/Vi7vCetd3Vm4tYe+Xek/ttrmRE7koXdPVhkZUZmmhq/FxexcGIrzIBnaMKxWGQl2fwu3/kvepQVfMGfdHaMcGWKYQknVw5EnhBJbJYVzq52uYP+jC19af6OgVkXfqKHPJ7omEwsK7tTqagfbx8JA1kJ4UQnK7Bzc8em4LEN6SRE3iPFYI2TuwuWBVsQXSqxkbEYbN1xeYjASpebhqR7Ueht3HGwKmRwB+jTYoiKy8TCyQN7ywp905TL4VPXyMjSMj64nFbXeraQY2bvgUdxJcwdcK3yuOquQpUinmxBbom9RzWK2ozSGqcq1mWLoMjc1NiWkLTCyhn3kpdPfGZ5NpofgeAJQPRsAFjSdfFd2mFFUZNnFj1X8VsHsKiAD7lX5NyeJITYslFa2mJTfAFsKhVX4CmmIuf2BCFuIwUCEyHEJhCYCCE2gcBECLEJBCZCiE0gMBElmyFePUlk2C0u/CYmLgWCgmi1OhxcfYByeIIkJTEGfVoU7YKCyiE0gaBiceDAAdysKpeqbKn82Vq2bEn37qVdiUkgeHZIT08nLS2tVGXFmE0gMBFCbAKBiRBiEwhMhBCbQGAihNgEAhMhxCYQmAghNoHARAixCQQmQojtWcagR6d7KFuQAruXxVDx2aNsDzxqL7Fj6R6u6YpaoEuOU9MBDH2+dI+zmAJ9xFHWbDqLJqAHIzr7PuZX1Q0kng5hdWgEeoxP4yjMrLGr7EPtJs2pX8X6P23tMvdP44X5cODA3EfZm/3TXmA+73Ngbqdyj60iUsZrTUt6ShJJGqPYMsPOcPymJXVbBeAoA1BgnvnoLWf5o+XyjuWs2nYHftNSr817NHusK/ZKpF4+wtYd8dRpbTwn+qzbnA/dyoqvZFTrMpopb3Wj2n+0arC65TiWLSt9ed3VdXy40pwxs4LxUqhpOW4Zy3B5fAFWMMomNlVd+k+pm/1Bz+01ozkZ6UnfKdNo8ygr4erSSUzWY2FnU6jJoC4jiRSNChtby0cLPONPdh2IwLdbD9T7j7D799dpFlTE4hslxAI60hOT0VvYYVO8IyIy81oET55Bu1zvjXRuHVzKnPnzmWSwZtkHbbC/zxExg6QUDSobWywLSdSgSSEpRY+ZrV2h27XpiaTqLbG1URfac+rSk8lUWmNt44ZvoQuvFJabgeQLZzkXVcvopIMcGzffQtZt0ZGRlEKWyho7S1URZ8SAJiWZDIU1toUlUEF5vJnqb7N+/Bv85D6ZVVPakLOioT58E++M2oTr5JWMz5hHnyVmDBsqsWfVcaIzMsiyrEmPt2cwrp0rCkATdphlny1l1/lEZAo9epsAurw2kdGdvI0r7h6dQ7+5YQQvXcywqkWnlPz7bo4m1GBAv4GYR+zl+z1HiG3fE6fs6yl939TiY0nfx9Q+SzAbNhRpzyqOR2eQkWVJzR5vM2NcO1wLX7u0ECzxCRrP9JibjPxuHTsGPs8wHwVowji87DOW7jpPokyBXm9DQJfXmDi6E95mYEg4w+pPP2fTqWhQQ6bWiuodRjF5Qjd81JB1ax+LP13KvqvpyDBg4deRNz54i84+ZmQenEHwEgtefimadd+fo8rra/nMYQm9Poc9u2dDsbm1Rh/yNsOX/U2m4Qwju+yi25wfqPdLPz7nXXbP7ghkcmP3YhYs38/lFAUKvQ7Lqm0YOuFteteyhszDzOq7GNWoN7HYs4yDt5JIzVDi3fEtZr/fhSrPgOYe75BBUYXAwJqk/raX3xJyBtJ6Io4e4V/LZgQ2tkYuA11CKFvPPsf0DbvY9csGpjVLZPvCpRxNBnRXWP+/eRxS92bBlt3s2r2NrwfbEPrZHDZcNRpByB18adC4Nh4WxdikGKI4vPs4mrod6ODlSrtOjZCd3cv+8Lzb3BJjMRYgdOtZnpu+gV27fmHDtGYkbl/I0qPJD3ty8GzfGn/pOn//kwLouLL+f8w7pKb3gi3s3rWbbV8Pxib0M+ZsuIoOHVc2f8XasMbMCtnNrl172L70FVzOfMfKo4mgvcTaOZ9x0vUNlu/Yw56flzLEJpTP5m7gus4Yu5R0in3XGzJ9xVpmdHMGSY9Oq8+ffBG5peHRbz6fvuSBym8Iy3Zu5J2maiS9Dq3eOITQnF/J/xb8hlW/L9m6exe7f/6WV13PsXj295zJBGQy0CdwbMsJqr67gu27dhEy43nS9v/A5r8ewpPgKeYxj8/luAR2pan8NPuOxBjdYvRhHA29SuX2XWiYM1aROdGmX3fj2vcqV1r16YBP6jlOns9Ce3E/+2+40nV4MLUqyUFujV+PoXRxu8nhw9fQAaq6A5n50TiCiula9Hf3s+ecnMZd2uMsl+PYujMtrC6yb++1+61mi4kluwBObfrR3VgA11Z96OCTyrmT5x96TXu5rTOOZgZSEhNBe5H9+2/g2nU4wbUqIUeOtV8PhnZx4+bhw1zTSWRmZGHQa8jSSYAcG98Xmb1pKzM72qG9dJCDN90I6huIpzlgUY0eY6YwoW99LACZTA46M+q/1J9GPu44VyrsFq+Y3OQK5LLsSR6lEsV9V46WCwePcNelA0Nf8sdGDnJLHzoP7Ihn1G8cOZ8jJgmX1v3p7muNHCVOzZpRUx1HRMTDmkk+nTz2zltu14qurZcxY/9BwnoOwuPuUUKvexM0MQAVGF1R5B54eef98ZWuLjjJUoiNy0KXEk6ULpYjX03gn1wt6YmP1REXFo6OmqVIQsvlPfu4ZNmMqY3NycrIAGUDAls6cOjAbv4Z6p/nVFNMLNkF8PDyRpVXABcnGSmxcWQBDzVU1aSRoQVzSyvQXSY8Skfska+YkJco+vhYdHFhhOtUtA0eTqcznzN1QCieterToFELArsGUb+yGbrIcKJxxtUt72yovZvTzdv4/ywAhSuensXd6xafW9FkERERg8ytClXyaVjl6U5lWQJR97KgLoACBxeXvL+XXIlKISNdr+dZsEQ0wZ2yJU26BeIy4QD7bwTT/lgot/07Mv0+G0x5gZbSiAyZ0U9P7kGLvoNpUmDWTubgR1FD8PvI+JNdB+5AWiTzBvyWb4MBtEfZfXIkDVrnjCiLiSWnROEFeFivv9Rz57isr0ygnx3ZieLRoi+DH0wUPxUoPTox6YcWDDz3O8dOnOb0gcVM+HErg+YtYojRERFDsTYpChTFOyKWW245FGKJ+IhHevoxybBUFdCVTtW2cfjAYQxnInjuxSDc8jewhigiInRQwxiO7l40sZItAc5mKK08qCy/hdypEc3r5kjLgFZrQKUqXfjJv+/maLwfL3+3lFeq5dtHH8bGt4ezes9vJDzfxbj0eDGx5NQdFRGBjhrGk6e7R3SshG2A88P1ainnWLPqCKm+A+lcWwWSGx6V5dySO9Goed3cRsSg1WJQqYx16TPJ1Nvg3agz3o06M2jUdVaMfo2f9/zNK13dcJH+IDxMC/bGvfURJ9j5Rwa1urbDq1RBPWpuZrh7uCAdv8tdLdhlB6+9G0aU5EhDN2HSBqbquZU+dO5cm3u7vubn6EZ0aut0f8VSBId/OkRYFqCL5fjWg9y2bUiz2mpUNYMI9Ilh74oQLqQYjQIT/lrJO32GseCE0e9Z+28IH89cypGoQn7Ty54YyarTiU7eBR0R3enQsT6G03s4FGUoMZbsAkQc/olDxgLEHt/Kwdu2NGxWmyJNmgyp3Lt2iUuXLnHhn9Mc2bqUD0dPYlNUAC+/MxB/JaCqSVCgDzF7VxByIQUDoE/4i5Xv9GHYghOk6yMIeac3w+cfJDx7iKNPjSUhQ4adkwOqgEDaeUVzcOMeo6FhVjgHv1/AVzuuoC1V919ybgqlAkNqMskPnGYVtYPa4xV9kPW/3CAdIOMWezYcINKjHUF1ytVX66nFRBOuclyCutH4h4+50LoLLQv+tKWsTzufUCYP+JqUrDSSFdXoOXEUrWwAajJk2kQSP13G273XYmkJaRo76ge/xctNjE4Q+pgLhB69i+vQkbQr8LBKzsRIwwlBhUzNy3Fq25mm337Mnr236O5RQiyZAErqt/MhdPIAvk7JIi1ZQbWeExnVqminACn9BN+MPmH8IFNg4eCJf6MBzBo2gNZeOT++qag5ZBoTEz9l2du9WWtMFLv6wbz1chMsFXK6jx7JxU++4OUeC7GxUZKZqsel6Qje7ecHKjlDp44ndt63jOr1LWZSBpJ7W8Z+OIRaqtIaEhafW9WmTfHYsoUPgkNp+vqXtM63p6r2MKZPSGDed2/w0nJLVFnpqHwCGT/jFZ4TjohAKcwQJ82cT61qlenTp0+ZKtKHb+adUdvw/+QHRtfNa+ky90+l5ycGJu6cSwdZMnEJGswdnbB5oDU2kJUcQ1yqgkrOTliXurUuPSXGkrmfqT0/wTBxJ3M7yEiOS0Bj7ojTg8GWCUNWMjFxqSgqOeP0QKIGMpNiiE+TsLB3xt7iAUdE0uNjSTJY4+RkXboxLZQ6N21KLPF6K5zsLB50cwXQZ5AYm0iWuT3OtuYVftIjJCSEtLQ0Ro8eXWJZk/Rs+uQLbPp8HTfqjmByraJvKeRmlXB2LXIrZpUq424it5XiYwHkZlQqtkDZ6q5cZKJyzG0r416ktbASSwdXyuT+VExuKhsnin3SVWGBXWXhWl8Yj1lsWi58+zrjN9zBpk4wk6d3f4inLASCisXjv400aMnSyTFTF6EyXSapmWBubf7fm8WVGIuOTGMBzP/zYMubipzb4+PJuo2UqzArbjJKaY512Wygy48SY1Fi/sQEW95U5NyeDCr6+FUgeGIQYhMITIQQm0BgIoTYBAITUYoJEok7d+5w69atxx6MQPC0cffuXRwcHEpVthRik3H37l0WLVpUxrAEgopJuYnNt0EnrFt0I7h99TIHJRBUNDYfvkp6VukWtSpRbHKFEoVShVotntwWCAqiUKqQa0tXVkyQCAQmQohNIDARQmwCgYkQYhMITIQQm0BgIoTYBAITIcQmEJiIZ1tsZfQne2zHKgV6nQ5hjfZ0UWaxGWIOsPDtcUxc8jspBTdqzvDDe5NZ/Y+usF3/W1JPMKuNNy1n/kFSORwufV0wNjZlWxSp9CTxx4wWeLeZxYlUE1UpKDPyt956i8jIyEc+gJR0hs3fLGbhhDf56Pf0+zfqrrHnu+85cP1JE1sqR6a/yiJpDN9Pb0WRa+c8BOYvfMHJk5+Xw5FKgy2tpn/Pm/oveHXGUYTeng7kixcvxtvbmzKJTlmDFvXv8fWEBZwrlSGJhqToe8SkFFdYR2pcDEn5i2iSiIlLo9CbNV0acdFxpJZC1/qLS5j2fSYDZo3juUd4Cs2QlUhMXOp9hhxyex/q1vUpUDCTxJgE0vUAWSRE3iUm7WHv/XSkxUUTVzAxs3qMn9mfjO+msuTSk2Q4KSgKOYBWq2XZsmWPLjpZJTpNn8bz1xbyzteXKPJ6N8Tx67ze1HW2w92/Fr7O9ni2GsOGa9mKSg9hsEsVhn+9nFcb++Dt44GTy3O8HvIvv859AX8vH6q62ePWcjIH4rMv2qxrhLwThK+TM1X9q+Li4E3bseu4VKQxiobTK1dwutogRrXNXnMjfjk9bSszdEu+nZJW0dvWkYGb0oF0Qga7UGXEt2wY14pqnlWp6uaA83OvsPqKMdv0dX2wteubkyiRv3xAey8HXHyq4lmlIcO/Xcq4+v4M/zEZiGd5T1sqD91CXo1JrOpti+PATcYVhcniWsg7BPk64VzVn6ouDni3Hcu6fIlZB73KAJ9TrFhxmmfDdOnpJnfMptFoyiA6A5LnSBZMqsufH7/HyluFt7Sa3+cyasZJAj47T3xCPIkR+xiWtZIxH4QQByCXgy6anSv+pHPIdeISrvNtYCQrxvTk45R3CQ1PIPbcHAL+/pL5m6IwoOPsJwMZsdGcMfvCSExIJDL0Axy2vc7QT88VLnr9VfYdukmV9h2plfMYtmRAq9GgvW/GIec742mSoyP656/ZU+cb/opKIPHWenomr2fGl78aF/s16NBkZdeYsoupr3/O7cAVXIlPJPbyalr8upSdCRIqlRqQMGg1aLRG95bcGrO/A9Cd/YSBIzZiPmYfYYkJJEaG8oHDNl4f+innchJT1qVjOw9uHNrHVdG5PfHIC65klyO6r776Cnd3d/ZvX13KQympPW4B470OM3NSCJGF3C2pW87ldNjfrBhaDTNA7tCEFwO9Sb9ygZu5ypDw7vkmvauagdKDwNa1kKVW56UJbXFRgHmNdrT00RN26w46zUnWrf8Hn1dm8lZTB+TIsa33GlOGVeV8SEjeRZmfrAtcuCajRp1i1uYvAqlKL9559Tls5aB070qXxmZE3rhBWsEqju9kf0wNBowLxscM5DZ1GDEhGG8opR2MhpPr1vOPzyvMfKspDnKQ29bjtSnDqHo+hJDcxMyoXac6smsXuCiW937iUcpkMgoKTqlU4uTkxKRJkzD3alv6o5k34b2Fr7O5y2Sm/dKJb4MKbDfcI3TZVD7b/AdXIhPJ0BnQZ6Rg8Mk/ja3Axc09990fCwtz5FYuuFTK6YQtMDeXodfrQXud63e0RPz0NkHH8t4W0kVFoI28ynUNNC7wEpEhNY64TGvcnB5+zWCFq2c+O1oFajMVshQdugINS2ZYONEyT7zz2WIpa1THu9QL1Gq5fv0O2oifeDvoWN57ULooIrSRXM2XmI2jIxaZscSmGsDy2f4l50lHqVQq0Wq1OR9wdnZm1qxZDBs2DLVazfKd/z7UAa3bTOWzodsJfn8Wg4+2QJbbkuu5tGgY/T9JZuCXK/imQw0czSX++TiQbnsKHEQme+Bz4R2CDFDg2/1tJnUssOah3JV6xTgVFaziASSJB5avLTKOArsajOqT5b/2DYYHj3f/Xvc1ejJA4dudtyd15P7M5LjmT0xm3Ffw5KPUarW5Pdns2bNzRfbo2NN51sf0bvQK7863o7oq5/LM4GToKbQtP+ej4a1xBjBEcONKBI/826yqGr5eci7IPQjq2jL3ttCg0WBQqwt9M1Zu7YiDeRqxsRlAtoOMQoFC0qLR5F20uvBw7hnA5xHCMndzw0E6xd07OnA0RqG5dJkbeqhhrBCFQkKr0eTJRBdOeG6FKqr5eiG/IMcjqCst8xJDY1CjzpdYWlw8GeYOOFqLXu1JR+7q6sqSJUu4ffs2I0eOLJc3suWVg5k7pxMR3yxiX1rO5aTC2ckew9VjHLyRTlb8BbbNHMOPkY4Qd4fbKY8gOXVjBvSvRdiamXxxMsHoaRYdyqyOXtQavefBH9kB1DUJ8DVw9fy/eTN4Fj74uGk4e3A/0QYg/TIbFm7m+iPkDmDevBNtbS+y6ZtdROiAtAusWhjCzdx+0QIfHzc0Zw+y31ghlzcsZHNuhWoaD+hPrbA1zPziJAnGxAid1RGvWqPZk5uYhn//vQa+tQgQL9I/8cjLU2T5DovX0E+Y2hKSM3PEZkbQhOn0lG9hsJ8VFu4dmJ84hCXLx9JOvo2XA4by40P/Oqum8eR1LO2dzpeBnji5ueJUtQfrrUaxaGonCnVMU/rTsZ03dw7v52LuPEMbxk4NRr25Hz5Obrj7D+Jg85H0cJAwPEq369Cbjxa9jNXWPvg6u+Li04udDQfRIdfcxYw2Y6cSrN5MPx8n3Nz9GXSwOSN7OOTegqobT2bd0t6kfxmIp5Mbrk5V6bHeilGLptIpJzHdBQ4eDcO7fccco1TBk4xUAt/vOC/9eOByyfUT1AAACztJREFUScVKjz5Virp1W7qXoi2/Y0qSpM+Ik+7cuCGFJ2aVWFZ7/iOpuXV1aeyh1Ps3ZMRKt2+GSwmZ5RRUVoIUfvOWFJWql6S0dVJvKwup15q0/BVKsbdvSuHFVajPkOLu3JBuhCdKBTNLOzxOqm7TUvr4X105BSx4WDYeuCwt33G+VGXL1B7KSpxleLI5HmjNYlNXOtQK2dDyPeTk2komwwOzyoInizKNqiVJenr/JYbyYRN3Wsw8Toop6ktbR28rC3qtSSuH46VyfGZLPJpO5bfkvO8FTzbP7p2+bSvm/HaFpCwFJvHJtOzHmvDuYFUmT9BszKn3zi4uT7bFSkyMPDU8u2IDUFtha7KLVYmlbXm8XwCgwNymvI4lMBXixxmBwEQIsQkEJkKITSAwEUJsAoGJEGITCEyEEJtAYCKE2AQCEyHEJhCYCCE2gcBECLEJBCZCiE0gMBFCbAKBiRBiEwhMhBCbQGAihNgEAhMhxCYQmAghtofFxKaHgopDuYpNf2MLs94ax5Q1/xTtZFOOGI0YxzL+o5+5Xdj1rznHig/GMW7K2nKrs6DpYdKvMwn0tEJpVodJx4WXjKAYSlp+q/RL2WVJJybVllQKhaTyek3anVryHmVFd3We1EIll+RmjaVZ/zy4NF7qL69Knkq5pHR5udzq1MfflP7++2b2pwxpyxBHSd1ouvRnqk7S68t6dK10dl536aUvL0licbqng4dZyq78era0w/yw4Tp1R4yiaexWVu6ML7qsLpWYqAQyi1wAVUdqTBQJRRfIQ+lLHd8rbFp/tkBvmsTeDbtR+PtjXciKe5qkaO7FpBTra1ay6aGelOQ0zKoG4G+lQJ7/bJZgzmjISiT6Xsz92w1xnDj8K7fjssTq/RWRktRY2p4tbmN/ydmipTTvwnXpy0ArybbrMik8X0ufsqa3ZOc+RPps8SCpbmU7yc5KJZm5tpDGbb5lbMVT1ki97dylIZ8tlgbVrSzZ2VlJKjNXqcW4zdKtIpp53dV5UgvLhtLYdztItn5vSUfyr3Uau07q41xVevWtXpJdbs+ml2KPfiy9VMdJsrC0k+xtzCRLj+el0euvZi+AmiZtGuQseQ5fJq0f+7zk7WQnWalUkl3dl6VVl409Z9raYKmSbR9J0l2U5j1vJakUMkmmUElqyzrS+79nSVLmVWnThECpmq2FZGNnI1nYeEltxqyVLmZkRxB1UJrVs6Zkb2El2dlZSWpLd6nZqyukf9OuSZ+1tZKUcpkkV6okc6/XpF3ltVis4LHx1bpDkn+dJlK7du2k9u3bSwsXLrxv++zZs6WgoCApKCionHo2w11CVu4m4/lBDPT3oe+QIGRH1rD+Wt5ASi4HbdRWvjnSivXXEkiIv8rarjEsHT2Jn+JzC7D1myO0Wn+NhIR4rq7tSszS0Uz6qZheEnDo1o82cVtZezDHKc3Ave0bOWj/Iv0byvN6Js3vzB01g5MBn3E+PoH4xAj2Dcti5ZgPCDG6MZbe9FBRk/eOhLGsmxnWvVYSnXSWuS3kJZgz6vjzy7eZe60jm24lkZCQTNTx6Xge/JBZ2yoxYdcvjPFVU2/KCeKuf0PnYlx4BE8GZmYW1KjTiNatW9OqVSv8/Pzu2+7n50ezZs1o2rRp+fRsuosfSy0s7KWXVkdJekmSpITN0uDKaqne1NNSzkgqbV1vyUpZQ3r3WN4i2tqz06R6aldpxI6M7OW5lVKNd4/lLbOtPStNq6eWXEfskDIKqze7Z5txLkra2N9Fch0UIiVIkiTpb0uLO9hKdaeckhLX9Zas8/VsmcnRUlxqXpebdfx9KcCsjjTllFaSpAxp8yB7SVV/unQudwiYKq0PtpbMun4nxUmSlLb6RcncvFf2thRpZU9zyabvRilNkiQp65j0rr+ZVGfySSlvBKmVTk6uI5nXmSKd0mZJR8f7Seoao6SfwwpZfj0rVJpQw1xqOOMvqXwXZxc8Lkw8ZtNwZtVaTtt0oV9HKzLS0khTtaP/C5W5sGEVv+X3tlb44l8zb6FGpbcX7rIEIiLTcwrg618zzxFU6Y2Xu4yEiEjSKQaZA92H9EC5dz07og3ob4aw6ZQ//Qc1QHVfQQP3QpcxvkdD/Dwr4+ToiGvnr7hq0KPLZ/FbqOmh/kHTwwfIb87Yti1t27albdsg3t4SgfbOVa5r1LQcN5Mh6k309nWnVts+jJm9kl/vFGkALqhAlH2R1rTD/LDhElLSTV713Z5vgx4p6ydW7p1NuxdzFhRVoCzEfTO/Z4Ci8AIlmhBadxjCS/YvsW7LXRrEbeKv+gNYUVMBf+WL6NIihvX/hOSBX7Limw7UcDRH+udjAgu6MZbS9LCQQCnJnFHpO5jl57rx3pGd7NhzgP3r36HDgq95f8dh5jR7pEoFTwllFlv8zhVsuVefaaePM71OvsPpr7EgsB4frdpOdI9hRvdMwx1u3NBBA2M53e07REhONPHIWZLbwJ0bN9DRwBiY7jZ3IiScmnhQ4qLd5q0Y0seTztuW8kPcVVqM7IePAvL3GRknQzmlbcnnHw2ntdGNkYgbV4h4ZDfGApTGnFGfTrrOnppBQ6kZNJT3PvqH/z3fhG9XhTKnWaEmV4IKQtluI7MnRtJbDmFoQAHdKqoxcHBb9PtX8eOd7KvZcJ2QLzdyLRPQRbDr6x+56BhI1xY5MwEGrod8yUZjASJ2fc2PFx0J7NqCkucKlDQc3I/qJxbz3c12DOrt9kByKmcn7A1XOXbwBulZ8VzYNpMxP0biSBx3bqc8ugNqDiWZM+pvsKijB/Ve28j17PtifWIE0alynN1dASUqhYGk+HiTPBQgMC1lEpv+yjpWHZETOGRAIebsctyDh9LZ7Bir11wwfqVuS5/a23jR1xU3Z1/6brfltcVzeNEuZx81bfvUZtuLvri6OePbdzu2ry1mTl6BYlEGDGZgPQmrLoPp4fxgamZBE5jeU86WwX5YWbjTYX4iQ5YsZ2w7OdteDmDow7sxFqAEc0ZFNV6dP4emf79FXWdHPDxdcaw2mF9r/Y/FE+qBug6duvgRueQFPKsE831keXW5gicBmSQV7zW0fOe/2Fio6BdUo0wVpa8PxmWkgaWxWxkkjycyKhMrN3fs1LkFCHYZiWFpLFsHyYmPjCLTyg13u/J2vjCQFn2XOMkR98rWj81ZxJAZT3hkEgoHD9wfcO8wkB4Xzr0kA9aVPXGxyt9SaUiIiEJn646zVSHjV8ETxY8Hr5CWoWXEC7VLLPufuNjIzR3w8C62AA7FFihT7Vi5eGP1mI6eW4u5A1WqOhQZg6VjFao5FrZNjb17lccYmeC/Qjz1LxCYCJP1bJb91lCsF2C5mgUKBE8epruNVFpSvBdgeZoFCgRPHuI2UiAwEUJsAoGJEGITCEyEEJtAYCKE2AQCEyHEJhCYCCE2gcBECLEJBCZCiE0gMBFCbAKBiRBiEwhMhBCbQGAihNgEAhMhxCYQmAghNoHARAixCQQmQohNIDARQmwCgYkQYhMITIQQm0BgIoTYBAITIcQmEJgIITaBwEQIsQkEJkKITSAwEWUXm+Y4i4YPZNLmO4V/RsPxRcMZOGkzd/RFHkUgqPCUXWy6ME5s+4kD/yYV/hkdYSe28dOBf0kq1pxKIKjYlH2tf8s+rE/oU/RnLOmzPoE+D+woEDxbiDGbQGAihNgEAhMhxCYQmAghNoHARJQ4QSJJEqF/R5CUpjFFPALBU8Xf12OpX925VGVLFFvtqo7YWpuVOSiBoCLSpr4HVVysS1VWJkmS+PVLIDABYswmEJgIITaBwEQIsQkEJkKITSAwEUJsAoGJEGITCEyEEJtAYCKE2AQCE/F/30r6h+tjk+sAAAAASUVORK5CYII=;" parent="1" vertex="1">
+          <mxGeometry x="160.06" y="1270" width="114.94" height="95" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-72" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="Y_2FnxaHt-eN1trxS_el-62" target="Y_2FnxaHt-eN1trxS_el-64" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-62" value="ctr run untrusted_image --env [...] --mount [...]" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="62.5" y="1165" width="270" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-63" value="Prover" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="60" y="1130" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-73" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="Y_2FnxaHt-eN1trxS_el-64" target="Y_2FnxaHt-eN1trxS_el-56" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-64" value="send config and basic mtree for one container or pod with multiple containers" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="60" y="1210" width="270" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-67" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="Y_2FnxaHt-eN1trxS_el-65" target="Y_2FnxaHt-eN1trxS_el-66" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-65" value="kata replaces shim and abstracts runc away" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-150" y="1175" width="150" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-75" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="Y_2FnxaHt-eN1trxS_el-66" target="Y_2FnxaHt-eN1trxS_el-74" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-66" value="measurer needs to create runtime bundle from image before invoking kata agent" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-150" y="1250" width="150" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-68" value="verify attest to prover and allow execution" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="460" y="1400" width="410" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-70" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=data:image/png,iVBORw0KGgoAAAANSUhEUgAAAWwAAAGJCAYAAACuFgmIAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AAAAtdEVYdENyZWF0aW9uIFRpbWUAV2VkIDA3IEZlYiAyMDI0IDEyOjIyOjI5IFBNIENFVOSvTGoAACAASURBVHic7N15XBTlH8Dxz+wu9yWKIKAg4okHqHjhfd95ZmYe5ZFW2mGHaYdWVppHmZWZlmmmlpaaeZ94IV4gihcqh5wiyLmwC7vz+2NRQVYElHT9Pe/Xi3/YnWe+852Z7zzzzLGSLMsygiAIwhNP8bgDEARBEEpHFGxBEAQTIQq2IAiCiRAFWxAEwUSIgi0IgmAiVBXRaKZaWxHNCoIgPDVUSgVWFmUrwRVSsGf/ehy1Jr8imhYEQXgq+Nd3ZkxvnzJNI4ZEBEEQTESF9LBv6966LjWqVarIWQiCIJiUQyGRREQnl2vaCi3YNtbm2FpbVOQsBEEQTIqtlXm5pxVDIoIgCCZCFGxBEAQTIQq2IAiCiRAFWxAEwUSIgi0IgmAiRMEWBEEwEaJgC4IgmAhRsAVBEEyEKNiCIAgmQhRsQRAEEyEKtiAIgokQBVsQBMFEiIItCIJgIkTBFgRBMBGiYAuCIJiICn0ftvCE0Sdxfn8QsRqJyg174u9p+bgjEh5Iz82zOwm5notUxZdurWpV8OzENvIkEwW7HPQJu/n99yOk6ov+X5IUKM2tsa3ihnutJvg2a0TVJ2l7155i9VvPsuGGilazr/DbePfHHVFx+jiOrPiZkynFkotCZYGlrRMuNepQv1kr6jo/ScmtKFrOrZjA5DWJqNp+Q/hfkyt4diawjfwfEwW7HPLj9/D71wu4piv5ewrrGjTpMYbRr79JH59Kj3/8SVGJ6o1b0iRViXfV8v/qRYXKv86RFZ+z/MqDkmuDa9N+DB4/jZcGNMH+sSe3oiiw92hKk6Y3UdZxeXTN6lO4cjyUFIdGtGjgcnfbNIVt5P+YJMuy/KgbnfbDYdSafAZ2aYRHNcdH3fxjpz01jWeeWcA1nQWe7Z+ludvtzV0mX5NJWmIkEeHhJGQW/HK8hSed31vF3FfaUumpLSyPiPYYX3XpyPIrOsy9utKnpfudYiLn55J1K4HYS2eIiMvAkF0L3Ht8wvxFU2nuKJJbWvrEH3ip5euc6b6aoJ+HY/W4A/o/cuj0NUIuxpXrV9NFD/thSDb4jf2ROb2NnJpr4gndvJjF8xdzKCaa/bMH8Gr+dpa/0QLr/z5SEyRh3fwVPls0kOK/Cqoh6dSfrJr/Cav2RxG3azoTX8zjlzXTaWLzGEI1QXlnTxOR97ijEMpKdEkqioUbfsO+ZNnWTYz3tUOS0zi5cBJLT+WWOJlOnUzslXAirkSRqn7AsEBF0WaSHHOJq1djSNOUdiIdOTejuHYxnGsxyeRUaOgWuDQfxbu/H+HHV5tjI8lkBM/mo2+DKTFcnZrUmEtEXLxE7E01pQ5Rc4vEqItcuXSZ2OTs0k9XrjyC9lY0165Ek16Gae5OnEZi5AWuRsWTqb3fl/KJDgsj7aHOrfPJTo7k6sVwrkYnkp1f1un15CRHcvXSRa6XJaf/50TBrmCKqt2Y+v0sWtpJoAlj7Q9/c+/1NMglZveXvDegLi3rutKlnS9929WmdV1nug4Yw5Ld1woVIj1xK/rSspYdvg0H82dSscbu0Bx6gx7edjSp7cdXwRrQ7GRmSweaeFVh/K/xxb6fdXE9X49rRYf6VWjbsiG929aiVV03nhn9Pv9cyDQ+k9xr7F/0IiNaOdO8UW16dfKlV0tXmjeoy4jJX7I/uuQD1ENRuNB2xireCLBHQsPFVQvYmVw8H5rorSyZ0omuDSrTumVD+nZqSJdGlWnZqhPvLtpKjNEQc4nZ+TnvDKhHc++qdGjdiD4dfejS2JFmfi14ZeZKzqUbz31Z8qgtWEd+zSawL/sa/77jT9tG3vRq14QPtqkBDYem1cHPy47mI34sEt/eqZ74ednT9vWN5NwKZvXUDnSs70yHNo3p3dqDlg1q8fxbizlVKCeanRPoUMuRwV+HkA+od4yllZcdTbybMOeY9oHbCFln2fLFcwxp7oR/4zr07uRL71bVaV7Xg4Fj3uWv0FTuzYr26Nv09rbDz28cu3N13Aj8nMld3AzTd2xE18ZVaNWuH19tucJ9jzECIAr2f0JVexxj+7uiQCbt4N8cSi/8aRZnFvdn2IsfsSk4CtktgM4DRzJwYF+ausnEBf/O1y+2Z9LS0IKircC1e198yCEnZS87dyYW20EM1BzbtImY7BzyXHvRo6kFyDryctXk5qjR5BfuXulJPzqLcQNHsGTraTIc/ek0YCQDB/ahoWMGF3fN590BvVkUnF50FtnH+WlkW179cjUnr8u4tuhHv2dH0rd7G1zlKE5u+IhX+w1ixbkKLNqqejw7cQjOCpBv7WHngbSiIZ7+igl9B/P1+sPEyTVo1uM5Bj47jE7+NZCvH2bzl4MZPuYbzhcJUUfsH6N5YdxM/gmORunVga4DRzH4ueF0b1sPy5QQ9i4dz6jnPyM0u/B05cijSoE+Nwd12i1i1r/DJ7+HkmXmQCV7S5QAyOjycsjJySFXU7gbK6FCT26OmrQbJ/llQj9mb4rBqfVgBg4bTpcWXljmxHBq7VQmjP6UkII4JTt3atapj0vB0JHCrjq16jTAu443VawUJWwjoE/dw1eDO/LOt39xNlGJe4t+9B06kn492+NhfoPzO79m+uAuzN6dVHSbNCtYxlupxO+ewqjRXxKi8KPL0NEM6NuF2pUh48oOlr86iIVBRRIq3EOMYf8nbGnZqR22a/8kIzuUsPMaBrY1jMyqj87k/bn7SdXb02jian74qA/Vbq+V/AQOfTGI15ec5MiXk1je7jCvNVShcBtEn4APOLonk5Nbt3Bj5ESq3Xvozd7Hjr0J6FHh88wIGpkD96ubGbtZ8NaXhKQpcR/4Ez9/M5pat4fls06ydExvFh45xtJpc+i480v8LACyOT53LN8cTkZv15yXlvzNu93c72xQ+Uk7WThmOD+H7mbhO/Np/e+HNKigrc2mbU/87X5la3oWF0LC0D7bCXOA7EAWvfExx27qsfV9k4W/zqGT650IubH/A16ZsJCzgR/y0Q+d+WOqryF+bTCrF20mKV9FnfHbWP1pFwpfz8w6t5ipI97mwOlv+H7jBJaNdCt/HlVmhsKsjWDzb7eo99ZWvnq9J26WWrTaklYaKBSGoPKOfcsyp758vvNXhtS5PcNcrq0dw5i3/yIp5GsW/j6SX1+ujXnALFbtfI9NY5x4b6cWy7afsrbwRcf7zu4WgbNf5pewDLBvw6Sf1/NG+2oFBxXQJx9k8fjB/BB8jjXTPqBdy+V0cbgdqNLQM8wLYumHtjT79ChzxjTB9vaaiFnJG30nsDv5Iht/28mUNoMRlyKMEz3s/4hFrbq4KwF9IglxBSd++iS2L/2Va/lg0WwaXxUu1gAqV9q//z1jfFSQe5o/ft1r6GUrXOg2oCt2EuSc2MQ+I8Mi2Yf+4mCSHsxb0HdQwxKOzHpubPmeLdE6sO3GxJkj7xYZAFt/XnpvNJ5KyL/8BxuPG/r5+uQNrFh3iXws8Z2yokixBlC59OTNuVOorwJN2HLWHqrAXrZFbWpWVwJ6kuOuF5xW67m5ZRF/XckHy1ZM/LZwsQZQ4dz5Mz4Z3wQVuYSv/pGg2yGqL3AlVgcKV5r3aMu9N5/YNnqV6XO+4I2Zcxjkc6dklSuPKBSGnTA/nKgq7zPn7Z64WQKYY17au+o05rSa+jWD6hSeoSW1hn3J2FaWQDant2wi9iEGivUJ6/ltUwx6zPB5+XteL1SsARRVO/Da55OprwJ9/F/8sTWp+JmfPgUpYA6fjbpbrAFUHs/xbHcXFMhkXgglsszj4f8/RMH+j0i2tgW9GB25OTmGf+Yc5FBQBjLm+A4cTi1jVdXclx49G6JCT3LQPs5rARRU7v4c7R0lUB9h1464e3aOdA5v2clNGaxaPkefWkojDd+WzYnAI2QDZo260s6l+CZh7v8+y/ee58CZED4oODPIObqD45kymLei76D6Rg8I5g0H06WeCvQJHD8UUnHjk5Id1gW33uhz1QVDR2qO7w8kSwazZsPoV8dohNTv1586KtAnHSToXEGEZg7YW0mgTyBo41biixUQJV593uG1VybSp9nte6PLl8e7rGjWfzBuJa2q+7FqT49ersV3ZqUHAW19UAF5l04R/hDHzOxjewlVA6rGdO3rY3R9q+r3pYO3CsgiNOgYxW5CkSrTpn/vYgdAMMO9uhsKQJ+RQoa4AnlfYkjkPyLnqO+MQVtYGkp3fvR5otQySFYobgax858TRqfNy7ZCAWhjLxOZC03NgUq96NvVme3rkwjZ/i9JY17B9faOkL6bnQeSkbGn1aAhd/9vTH4kVyOzAQnbGrWoauy7yqp41K9aeCKuX75CjgySpYLUk3+zPcRY41rUlkpAQ9yVCDS0oUIexZDV5BZ0WCULK8NtgPnXuHItGxkJS0Uyp//dQJixafOysFACmmiuXc0Bf3Ow6cnQZ+uxc/lFotcOp19wB7r07EXb9t0IaO2Hi7H7MsuVx8KfuVOrTuVy9aCU7vXxtjX2iYrqNT0w4zT56ljiknVgU54jQj5xEVfJBSSbutTxvE/ZUNXFy1MFl/LJjL7KDR3UKDw7pTvVaxS/SRPAwrLg7ECXj+hg358o2P8RXUw0iTpAURXnaoaypb+VSqYekNM5tmgkxx7USP4tbt3Sgb0SsKPtgL44//ULSSc2sTd+IiOrG3b39H0bOJwqIzl2p39vIz2vIoGlkp6uByRsbO2RSrc0pKeloQfkjP0seWX/g6dIv0maDuzKUy8eJD+KuHgdoKCyi6vhoHBnuWQyD3/J24cf2AgZqanocECJHQEf/8NCs4l8vmI/idcO8M+SA/yzBCQrV+q36U2PZ1/lhQF+dx+EKlceC5HssCvn45qSQxUq3yevKltbLCXIQY06q7z38elIT09HD0j2lQybn1EW2NlbI5ELmWlkFpudCjOzcoYgAKJg/0e0XDgebLjv1dKHBvULttrbe7VUiaYvvEXnGg+oZkp3mjvcLQXW7YbTrfqv/B5zlN07YxkxzgMFKRzYsod0WaJK1+F0qlz6KEv/0Kt0N3SHNgyb1Bf3B9QapWsA9mWuYqWjDT/CmVsyYEntRo0MG7V0J0Ls/cfxUvealJxdJS4tK90ttOa16DlzN51fDeXglr/ZH7iP4OBTxKQlcGHfL1zYt4p167/k+2VvFXtYp3wPD0soyztAKZWQ2DuxSJT9KGJ0Zo+iEaGcRMH+L2Tt4+8tl9EBlk170tbJsGcqHKsY3oGhk6jR5W0m9Snjy4ws29G3lzfrfoogZPs/JLw0GdeUrew8nIasqEHXIT2xe1AbSkfsDUGQlZ5WygcYFDg4OqIgEp3kRftX3qfHY3sPUybH1m0gUgdYtaRDJ2fDGYWiMpUqKSBGh+TZk/FvDDLyxOSDmVf1o9tYP7qN/RR0acQc38rmlfP4dfM5kvbN4MPF7fnnff9y5vERycog4z7HiLysLHJlAFtsbctbbJU4ODigAHQZt0oYY84lI0ONDGDv+BS/3+XxESmtcJmc/OZDNsboQapK51HPU72gq6fyaICnjQRyJlcvXi3H2J05foMG46WC3FNbOJCk49bejRzLAKXnIJ4JKMVD8Kqa1PK0BmSyIy8SZ2xn1N8i+vQRTgYf5VKiBlBRvY431hLIWReJiHp8o45ZwV+wYH0UeiQqd59A/9tnKSovvL1skZDJjggn5lGEqKyER5sXmPLDXr4Y4oaCPK7s31kwv/Lk8dHIj7tMlNELivnERV8nD5DsalC9annHo1RUr1MbK0DOvkxE9H2Sqb3E1cg8QKJSrTrGx/GFhyJSWpF0iQQvHMobS0LRIOHQ7gPeeMb5btKtOtCulR2Qz6V/13HB6D6sJ3HHl3z13W8cuZxarOemajyMnvVVkHOcw4FXCdxxkCxU1Or/PE1L1aW0o0X7VlgD+Re2s8/IKwj1cb/x4aCOjBg4iGWnDTurVUAPmtsC+WHs3Bhq/A4QfRx7Fr3Psj93c+XWo+5z6kg+MpvJExZyIRekSl149b1nqXInuda07NgOGyD//N/8e854gdQnbGbJZ/PYGHiBNB2AnpunfmfZ568xe/UZ4wdRRSUaNKhpWI+agjt+ypnHRyLzMAcO3Cr+f10sx4LOkw+YN2xFYyNnQaUdvrFu05WmNkD+WfZtv2g0L9rzWzgUqQPJgWbtAsp1RiOUTBTshyKTn5tORnra3b/URK5fOMTOFR/wZm8/XvpqL8k6sKo7js+/fZUid9gpXOg1/gU8VZB/fjEfz95GYpE9QU/ayQVMf2cmy2dPYv4/MRS/jtOIvv2bYUYWp7Z9wY6gDDDzpc+gpqUc71JQbcAkerkpQHOMFR9/x/nCD5tpr7H1y8Wc0oCy+iCe6WgYsFVUHcroobVRkc/F5a8yb09c0Z1Yn0rID+P5aO585r37Advjyj6uK+fnklk4t+kpJEef5cTWJSyY2IZ+z83i6A0dWDdg2MJfGFm7SHJxemYyA7xUkB/GqvemcyChaJnR3wri5zdfYdH30/no8/XEF4QoRW5i2XdL+W32VJYeTyl+P3HGCTZuDSUfCYdG/g+Vx0dClcreudPYGVv4sKkl9p8P+fVYLkgOtB7wTJGHq8zMDeU0LzHGcDH8ARTVnuWFAZ4oySP8pzf56eStInnR3wzkhw+XcDkfVLVGMapXGS6eCKUmxrAfhnyLra+4s7Wk70g2ePX+kM/mvk1LI+eIth0+44vXQ5j09THClw2i7972tG1djypmGlKuBhN87AK38hU4Bszkk1f8jKwwJV4DhuK38Dgn9qzhoF7GvNVz9KtbhlXr2J935k7k7MQlROx/m+c7/kW79o2pKt3i6rGdnLiWjt7KhxGff0K7O3XGjrbvL2Ni2EB+OHWalWOaENi6O/61q2KmTSbq1H5OXE4hX1GFlu98z7hGZd3UZNI3jSRgU0nfkbD2Hshr875jXIBL8d6HbTfe+vp9wkd/TmjYt7zScTv+HdtRy8kc7c0IQo8c5GpqPorKHXl97tv4qAAUVHlmFpPXH+aLwEAWDa7P5hYd8fN2w95CR/bNa5wPOsiFGxqUzn15/Y1+D5nHh2fmO5IBeX/yZpeDNG/fDu+qSjKvHeHgkYtk6CTsWr7HG8M8CuXHgro+9VBtOUl+6ALenBBJcycd9h1m8Wa3+82lEh1n/MDosOdYce4A3wxuzK4OXWhc3Q5dSgQhBbmUKgXwytezaCUeVawQomA/ckrMrB1wqtEAnxbd6PHcOPq2cCvh/uNKtHhvB3/Um8M3368k8OwBdlw7cKctG/dW9B3+Lq+/NhCv+wxJKz2G0KvFTE4czkGPDf4Dn+VBN5wUpcCp+yJ++7Mh38z5mq1BR9m99mhB47ZUbzOWl6bPZkRL56JF0aE9b/x5iDqLZrLsj+2cP7KBqCPcmc612TCGTJnFhN51H9n7lpXmNthV9cS7UQBt+47m2YEBuJRwc7d961ms2NKQpXPn8fe+EIK3RBB8uy2bGvgOfJGX332X7t6FkmvekNEr9uOyeBbL1+/kXNAmooLufqyy96bFsLFMePtNOhW5J7mceXxYZj6MW74Rt5nv8cu2Xzle8MSKZFGNJoPfY/rMyTQqMj6hxHvMbMbufoGfT6dwYdtyLmBOM493S5yNwqkn09bvofaCWfzy1x7O71nD+YLPJCs3GvZ9kYnTptGrrqjWFUX8gMETRpN6jajoG+TIlti61MTDvVLFPGxSgvz0GCIj48nGFifPulR3LE0EudyKjuD6zWxkCweca3jj6vCE/WJJbgoxkddIVcuY27lSvWYN7B8Yoo7spKtcT7hFrk6FVeXqeHi6YFWKilu+PJaWhkPv1GXC6jiUreez8+83qa4AXVYckVdjyVY6UK1mHVxsSzhy67NJijhPgtocu2o18XR1KH0PTpfFjcgrxKflorBxpkatWjiKQetSET9g8BSxqFyLepUr+IdWH0Dl4EEdP48yTmWJo2djHD0rJKRHw7IKHg2qULYlU2LjUpf65fh1rvLl8eEobd2p7VvK32FU2OBSrwXl+uExpS3Otf1wLs+0QrmJi46CIAgmQhRsQRAEEyEKtiAIgokQY9iCYJLMqPf818xtpUbh3JzKouv1f0EUbEEwSQqcmw9mQPPHHYfwXxLHZUEQBBMhCrYgCIKJEAVbEATBRIiCLQiCYCJEwRYEQTARomALgiCYCFGwBUEQTIQo2IIgCCZCFGxBEAQTIQq2IAiCiaiQR9N1ObfQa/OJiY4kJz25ImYhCIJgklJuJKHPvUWu2sivIj9AhRTsrKu7kHVajkVVROuCIAimL1ZXH2hdpmnEkIggCMJjoC/HrzNW6Nv6Jk2aRN26dStyFoIgCCZl8+bNBAYGlmvaCn+9qiRJFT0LQRAEk/EwNVEMiQiCIJgIUbAFQRBMhCjYgiAIJkIUbEEQBBMhCrYgCIKJEAVbEATBRIiCLQiCYCJEwRYEQTARomALgiCYCFGwBUEQTIQo2IIgCCZCFGxBEAQTIQq2IAiCiRAFWxAEwUSIgi0IgmAiKvx92IKAPpXLx8NJ1EKl2i1p4mbxuCMSHkhP6uXjhBtWGu2buFXw7MQ2UhpPTMHOCt/GhmMJ6Mo8pRLnFoPp28T+qT9d0CefYOO/YaTpi/5fkhQozSywqeSES43a+DSoRZUnaXvPu8TGuR+yNUVJ0zf+YNGQqo87ouL0yZzY+C9hxZOLQmmGhU0lnFxqUNunAbWeqORWlDwubZzLh1tTUDZ9g32LhlTw7ExgG3kCPCEFW092+HZWrTxDfpmnVeJj0YU+TewrIK4ni+7GSTauWkvMA45qCitnGgT0ZujIYXT2tnv8BzKFLa51GtDAWYGno9njjsY43Q1OblzF2gcnF+cGAfQeOpJhnb2xe+zJrSgKbF3r0KCBMwpPx0fWqj49irNXbmHr5Yt35ULJM4Vt5AnwhBRssPJqRc/ebtzTv0FOu8ihY5Fky1Z4tuyAT5V79xAFbrVs+f/6ITJzqjfvTGPn27mQyddkk5GSQOSVSG5k3yB870rCD+1k99iPmDG8MfaPs7CYNWb0Vz8y+jGGUBbm1ZvTubHznQOdnK8hOyOFhMgrRN7I5kb4XlaGH2Ln7rF8NGM4jR9rciuKGY1Hf8WPj3Sl6Und+w1Tv7lAwMeb+aybZaHZmdY28rg8IQVbgX2LkUxrUfyTvNBFhB2PJFu2pcmz7/JuK/P/PrwnjWSJz+B3mN7eyKm59ibh+zawYsUGjickcnTpNGboFjBvVAOs/vtITZCEpc9g3pnenuLZ1XIzfB8bVqxgw/EEEo8uZdoMHQvmjaKBSG4p5HH5clQ5zqKF257GrsHDycskOTaK6LibZOWVdiIduWkJxERGEpOQRm7ZB+IfHXMnGvaaxFdL5vB8PWskOYuwlfNYfV5T4mS63DQSYiKJjEkg7XEtQJ6alIQYoq8nkaEt7UT/Ze7NcWrYi0lfLWHO8/WwlmSywlYyb/V5SsyuLpe0hBgiI2NISMst/XUabSbJcdFERV0n4VZOqafLU6eQEBPN9aQMSp1GIC8jkZiYRDLLMtGdiUux3+THcflKOnI5mi/UCOrUeKIjI4mOT0Fd5uqvJ/dWPNFR0cSnlj6nT4onpIddfrr4Dbz78k+c1VrgP+UXPu9f1fhRKC+cpS+/zYZYGZf+X7L69YYcnjuCz/ZkYt35Q9ZOdmLbku9Ys+88N3IMAzNKKxd8Oj/HpImDaexopFVNPEf/XMGarUcIj8+6s/KVtm40DOjLiLHDCCh2tVvLsfkjmbnzFlTty+e/vol/BZw0KCr7M+GjsVyc+D0h2VfZvDaQoZ/0oOhiaIg/+icr1mzlSHg8WXcXALeGAfQdMZZhAW6GnqY+kY3vjWfJGS0WLaawYnZ/nIwmWsOpb15ixtZkJPfBfPXTKzQhmAWjPmZHqhK/11Yxb6BTkSnUkfv4/Ze17DwecSf3krkjtVr04vnxY+jhbW1kNuXJ/SOiqIz/hI8Ye3Ei34dkc3XzWgKHfkKPe7YRTfxR/lyxhq1Hwom/m1xs3RoS0HcEY4cFUDxEDXFH1vHL2h0EhcfdXScosHSqjX+XwYwZ04t6xQbP1UTu+51f1u7keMQNDGmUMHesRYtezzN+TA8Kp1F76htenLGVFLtufLxqFLnff8TCbRFk6qzo+PFmPuumIHjBKD7ekYrS7zW2zRt4J76y7zcajsx9gU/3pKHV6oAcDn/Zn+5zQeE6kK9+fg1fueRtBPVV9qz+lT93HSfixt1Cq7B0orZ/VwaPHkWv+kVvPMgLXczYaf9ww6YLH659jwZhq/nmhw0cvZpe0MtXYuvhT//xbzCuU3VM4dzd5Au2slonOvss5+SxdE7s3Et8n+FUVxb/Xt7F/QRGqdFQgzadGwMyKvRoNLnkp15k3ceb+fW8FXV9O9LUUUlWbDgh5xM4u20x70WmM++bcTQqfNqrPs/vM95n+ek0dAobXBsF4ONuh5wRx4Ww84TtWkb4yVBemfcFw+oU3itldHkacjUapFxthR7hVR79eK7TOs5svUnGyUCOZ/Wg551rs2rO/z6D95efJk2nwMa1EQE+7tjJGcRdCON82C6WhZ8k9JV5fDGsDhYKZwIC6rDk+CnSTwVyJLUvA4xV7NwQ9h6KJ0cj4dmqIw3MAY2efG0uGo0Sra5w/0pPZugKpn2winOZYOVcnzZtPLAng6iwU1w6spbPz4Rxfc48xjWxvTtZuXP/SJNLv+c6se7MVm5mnCTweBY97iYX9fnfmfH+ck6n6VDYuNIowAd3O5mMuAuEnQ9j17JwToa+wrwvhnE3RB0J22cz5atAbuqU2Hv60q62K3bm+WQlRhB29jKH/5zL6bOJLPhmLA1vb4/6TEJXTOODVefIxArn+m1o42EPGVGEnbrEkbWfcybsOnPmjeN2GiWlAlmrIScjg7hd37Hy3wjUZrbYWylRSAAy+nwtuRoNSm3hrVQqx34jYeNUHQ9PJXERCWShwLqqbfvSmwAAIABJREFUJ662oKjqiKUE6O+3jYA+/SRL3/6IdZezkZW2uDcKoJ6bHZI6kUtnznH58B/MOXmCy7MW8npA5btFW6lAr9WQo8sgKegbfpy9HbVnE9r2qIqFJonLoWeIiglm7afT0Vf6idf8nvxxLZMv2Cic6NSrNcuC95EWvofdUUN5yfvexdISvv8ICTpQ1u1KrwZmgBZJYVi1eaHrWevYhveWfUAfz9t7j4aYbbN566tAki/8ybItPVk4rDqGY0EOoT9/yfLTaeht6jHs4y+Y1KbqnWTm3wxm2YyZrLt4gp/mraXZDy9S+05IEipLW+xs85BsrSp4BVjj17IJ1tv2kZVzhQtXtfRsauhH5IT+zJfLT5Omt6HesI/5YlIbqt5dAIKXzWDmuouc+Gkea5v9wIu1VVTt0IWmP50iSB3GwcMp9B9Y/Gwm5/QBjqXoQVmXzj3qUuL1/qwT/DRnNecyFVTr8h7zp/fG43b61RdZPf1tloWEs3rBalovm0RDc3i43D9a1n4taWK9jX1ZOVy5cBVtz6aGXlpOKD9/uZzTaXps6g3j4y8m0eZucrkZvIwZM9dx8cRPzFvbjB9erG2IP+88f/92mJs6JV5D5/Pt5OY4FEqwOmIDn7z3HUEX/mTlnmf4qr9TQRp/Ys7qc2QqqtHlvflM7+3B3TSuZvrbywgJX82C1a1ZNqmhIUalyrDu8mLZ9U8m3qPn8cHIVrhY5KHNM4MSBnnKs9/4jfuGZS/sZEbfzzmcZ0Gz8d8Vveh4355LJsd+nMsfl7PBthEjP/uMcc2rcLtPpr8VyoqPZrAq7BqbFv5Ei8bv09au4EOFwrCM+edYvciaRpOXMmOgN7dPNPITtjHzla84lBrDji3HecmvI0bO5Z4oT8UYtl1AXzo4K0B3lb27LlJsCE0bzoGjiegwp1G3HtS8dwfOM6Ppi6/Ty7Nwb8wCj56v8FxjcyCHcwcOklCwUelT9/Pn9hh0mOPzwgdFCgaAyqkV498eircStJf/ZdOpwhu/Oa3e+p1/t21jy6opNK/g8zDz6jWopgD0KdxIyr+9AOz/czsxOjD3eYEPChdrwwLQavzbDDUsAP9uOoUGUFRuT5fmtkjkcvbQEVLuvaUHNScPBJOiB7MGXehWLNGF6bm5/292x+vA2p+Rr/W8W6wBrOszbFwv3JWgi97LjrPagtAfJvePmHl1ahiSS8qNpILTbD2p+/9kuyG5vPBB4WINoMKp1XjeHuqNEi2X/93EnRBzo4hK0oGiCk0CGhcp1gDWdQYx+a2XGffqJHp5F3yov8n+v3djSONIXuvpQdE0DmNcL3eU6Ijeu4Ozt8enlZJh59dFEltpJNNfbIWLBYAZ5qW9q66M+0156JP38fe+JPSoqPPs24wtVKwBFI5+jHljCN5K0N84wJaDqXfvNLt965g+A6npJN59xrtIQVa5dqVfG0cUyGRdjeC6CVwNfSoKNpZ+9OlaAyU6Yvfv5Exu0Y81Zw8QlKgD66Z07+ZGsRETyyZ0aOdUPBlKZ5o3q4kSyIu6zOWCjT039Dih2TKY+dClm4fRXrKZd0faeilBn0Lo6YjiB5H/iGRthaEfo0eTW1AZckM5HpqNjBk+XbrhYXwB6NjWCyV6UkJPE5EHKCoR0LUl9hLknj3I4eR7KnbWCQ4EpyJjSeOuXYwOTd2Vy5mTZ1EDqjr+tCh2uyaYNxzF/F9+Z/3GFUwpODN4onIvWWNV0EnUa3IL+qS5hB4PxRBiF7oZTy7eHdtiCDGU0xEFEarssLWQQJ/CqT1BJBUrIEpqdBjBmOED6eJT2fCv3DOcPKsGVNTxb0HxNJrTcNR8fvl9PRtXTKFpsQ6CBY06dcSlxHV1H2Xcb8pDfeYk4TmAshbtOnoaXd8qrwBa11ACOYSHhhdf35I9zTq1LnYABBXVXJyQADkrnaxiHZAnj+kPiQBgRr1ePai3fhnnkw6z88RE/NvfHvPUcPbAUZL0EvYte9LRyLir0tmTmkbPhVS4urtgxmV0OTdITNWBu0xCVCw5MkgWCtLOBbL/grFp88ixUAJaEmOuo6FRycMDFUTO1RTcKaDA3MLQE8pPiCLWsAAo0s4RaHwByMuxQAloE2O4roFGZmDXuiutHfezM/Uch44mM2CQy50dNvPEAY6nyWDTlG4dnUvuDeQnEB2XA0jYVHOjsrEvKyvh5lWp8ERPVu7lXDQFxUhhbmHo2eYnEBWbg4yEhSKNc4H7MR5iDoYQE4m5nVyrlvTr5cHBDdHEbpvJi2G+BLRrRYvmLfD3rYOTZfFm8hOiMaTRhmpulY3mXFnJjSJpLPJhVTw9y/eUcNn2m/IcEfJJio4nF5CsPKjpdp9ypapBDXclROnIio8jRQduRbrhTrhWM74FWFgUHMH0OpO43fApKdig9OhBL7/VnD+RytGdR0lr24NKCiA3lP1ByegVVWjbMwAHYxPbORg5+ha0a2WNhQS55JKjlgE9GRmZyICcdZrfPj39wNh0melk6MC2PNvsQ9IlJpKsBxSVqOJkWN36jAwyDQvA6d8+5YFLoMsk/fYCWPvTJcCJ3f8mc/bgEZIHDMZFAZDJ8f0nyJAl7P270d74LSR36TPIyJQBCWtrm1I++PSE5V6XSKIhuVSq4mTYme4sl0zW6d94cIg6MtMz0GGLEmuavzKXj1Vfsfjv09yIDWH3uhB2r/sRyaIK3n5t6NhrEIM617nzINSddSlZY21TnsfHrLGxLedjZ2Xab8pDT0ZmFjIg2dqW8FSpGbY2lkhoITuLrGKzU6J6Sh6efGoKNgoXOvduxc8nD5B+YheBKd0YUFVBTkggQTf1KKt1oJd/eS4p3F77UsGYmHSnuEi2jej3XBvDGHEJlFUbY/dYHsXM40rYeTJkwLwmtb0Mq1u6uwA06vccbR68ADS+swBWNOvaDpdtG0k4d5DDyQMZ4qKA9CD2n8xElhxp3b2N8QPjfchyaXfoJyv3eVfCOG9ILjVrexl2prvJxbZRP55rU+0BvVclVRvb3T1gmbnR8dVvCBgewbEDgQSdPEXImUvEZaZwJfhfrgRvZ/OOSXz+yXM0KLI5y5Q6jfdQVMjA6L37zcP6/3qW+X6enoINOAT0pn3Vg/x74wz7DybTf4g9IYHHSNUrqdmlF43vd4eXWm3kqGygU6vRyABW2FgbNho7BzskEpAlV1oNH0WHJ/VdQOrTbD9wHR1g0aAlLQvuE5bsHLCTIEGWcG01nFFlXACLJl1p5/YP62PDOXT4BoOGOJN+9ACns2QUzm3p3tL2gW2gsMPOVgL0ZGdlFXslgXHSE5R7Nae3H+C6Ibm0bOloKMySHQ6G5CK5tmL4qA5Gnph8MLPKdWg/uA7tB48HXSZxZ4PYtWkN6/df42bwUr5a48uK8fVR2NlhSGM2Wf/1IGwZ95uyU2BvZ3jthD4rk8z7Lp6WzKxcwyHC1u4pfr/L03LR8TZrf3p3qY4SDecOHiIp8wT7jqWgN6tH1x517nt00t2IIdbohZF8EuJvkAdINi64VlYCKlw9q2MlgayO5lr8kzrypSZs1U/sSNCDVImAZ7pTrWBYQOXqSXXDAhB9Lb7sY3dmPnTrVAMlGsIPB5GiSyfoYAhZKHHr2IOmRsZai1FVw9PNEpBRx0aTaOxOAn0msefPEhZ2lqs3tTxJuVeHreKnHQnokagU8Azd7yYXz+pWSMioo6/xSEJU2uHu14OXPl7EtO5OKMgnKjjYMLtqnhjSqCY2OtHo3XH6zFjOnw0j7OxVbj7EBcB7lW2/KQ8VrjXdsQLknBii7pfMvOtEx+kACYfqNYxfD3lKPGWLZkaD3t2powJteCA7t+4h+JaMZePudPcoYaPJPsvR45nF/69L5nRoFDrArLYP9QuuT1j6taCJNaC7SuCeK8Yf/9Unc+i3JazZcYKojP/4AVhdCiG/fsDMPyLQImHXbAzjOjveXdmWfrQwLABXA/dwxfgCkHzoN5as2cGJqIx7CoGKOl06UksJmgsnOBF/jMNnskHpQaduDUv5xJg1vs19sAJ0145xJLZ4jvQ3djDv9deYPGUGa87rCkJ/3LnXkRLyKx/M/IMILUh2zRgzrnOhJ0gt8WvRBEOIgewxnlz0yYf4bckadpyIwhCintTwXaxZuoBvt1wxfhBV2FK7VjXD4EBewR0/1r4097ECdFw7doTiadRzY8c8Xn9tMlNmrOH8o0xHGfebu0o/fGPp6294QEh3jSMHY4zmJe/qYYJjdSDZ0LhZo3Kd0ZiKp6xgg8qzJz19rUB7jrUrjpKOLf49O+Nc0pIqMzj88xICkwrfEJRHwv5lrA/TgmRLsy7tqFrQhqJyZ4b2qI4SHVc3zGdpUHLRDUmfwbl1c5j/81p+nL+U/UmFt04tp74bx9AhQxg64UdCy9XjMbydLzMz8+5fegrxV88QuPEnZk18kam/nCJFB5ae/Zg2YxBFjleKynQe2oPqStBd3cD8pUEkF10AMs6tY878n1n743yW7k8q9v4HlVdXOtVVQU4Yh1YdIDQbVLU7061OaUfZFFTtMpBOzgrQhvPn4r+IUBf6OC+efcs2EKYFpUsHevhbFYT+MLkvHTlfQ3bh3GamkxJ/lTOBG/lp1kRenPoLpwzJpd+0GQwqmlwqdx5KD0Ny2TB/KUFFk4s+4xzr5szn57U/Mn/pfm6HKMUdZM2azfz147esPptefJgo6yI7Dl5Bh4R97QYFs6tKl4GdMKTxTxb/FUHRNO5j2YYwtChx6dAD/0f5MF8Z9xtQFVz8y+NmUnKpnvJVOHVmUNdqKMnn8vpFrDmXWSQv+rRQVn67iUgdKKv3YnD7p/s1y0/VGDYACme69m7BL6cPkpmjQ3LsSI92xm93uk1Vvyc98/Yy66VQGjdvgqejgqzYswSHRJOlk7BtPIJxvVwKtWGN//hpjLw8nVXhl1k/YwxBTfzx9XBElXeL6+EhnIlOR6dwwO+ltxlepIjJ5GbeJDn5FpKcUfJLg+5HzmTfpwPZV9J3JCtqtB/Du1OH42fkHNHafzzTRl5m+qpwLq+fwZigJvj7euCoyuPW9XBCzkSTrlPg4PcSbw83MpykrEGXzg1ZeeEMQbuD0cvmNOnaDc+ybFH2bZk4dQAXZ20k8vh3vDbmAC2ae1NFkUl06HHOxGaht6jJwDfH0eLOBbaHyX1pyGTu+5SBJScXqxrtGfPuVIb7Gdm2rP0ZP20kl6evIvzyemaMCaKJvy8ejirybl0nPOQM0ek6FA5+vPT2cAwhKnDsPI6Xdoax+EQov7w+gl2N/GjoURVbMx05afFcPnOGKylalFXa8NKoNoXSOJGpAy4ya2Mkx797jTEHWtDcuwqKzGhCj58hNkuPRc2BvDmuxSN9kq/M+41ZLbw9lBy4qOPiulnMTGiMo96W5mPH0um+ddaO1i+/zZBLH/NnRAjL3xjNQf9m1HOxRp92nXMFuZTsGjH6/bE0ffKfLn8oT1/BRkGldr1oV/kw21PAuX0vWts9YBJlTYZ/+iUu3/3AHwe3EVrQIZLMq9Cg2wgmvzaEevee1tn5Mm7BD3itXs6a7ceICDlAbMjt9qxw9ulCnxfGMaJ9DUozpPvwlJhZ2eDo4kndxi3o0KsfXRs7lXD/sR2+4xbwg9dqlq/ZzrGIEA7cXQCsnH3o0ucFxo1oTw2jC6DEtVMnGv18htMaPVg1oWtnIw8llUhB5YA3WLTQi5+X/8HeM+c4tO1cQfNWuPr2Y9jLExjY2LFoUXwMuVeaWWHj6IJn3ca06NCLfl0b41TCrWJ2vuNY8IMXq5evYfuxCEIOxHI3RGd8uvThhXEjaF84uWZeDPl8MVV+/4W1O4K5fOYQsWcKxWDrjm+vvox4cRhtCt+TrKhMwBuLWOj1M8v/2MuZc4e4m0ZXfPsN4+UJA42/wOxhlHW/UXoy8OXhBH2yjvPpERzcEgFmjXAd8RKU0DFWVGrFq18vouavP/PHrpNcDtrN5YLPJAsn6nbsw8hxL9Cp5lNerQFJLv09VaU26dUpyDotkyZNol69eo+6+QfSJ/3D+y/O51huTUZ8/zOTfIztWVqC5z3PtC3JKHwn8/uiYbgqQKdO5vr1ZNQKG5zdq+NkXZoSpCE9Ppb4W7nI5jZUqeaOi51p3fipSY8nNv4WubI5NlWq4e5i958/6JOfmcT1uJuosaKyWw1c7UsTgQnkXpNOfGw8t3JlzG2qUM3dhQeHqEN9M56Em5nk6pVY2lfF3a0ylg+suflkJl0n7qYarCrjVsOVUqWx1B5+v9Hn3CQm6gY5ZjY4VXOnqm0Z+o06NTfj4riRoUWycsSthhsOpvCavUI2b97MgQMHcKpej88/mlqmaZ/CHraG8L/WcyIbrJr2p3+9sm2tSuuq1KxX1t+Ts8DBzRuHCv6d0opk4eCG92NeAJWdC171Xco4lQnk3sIBN28HyhaiEmunGng7PfibRamwc/GizGl8SGXZbxRWTtRsUOYFuz0jnDzqUM6pTd5TdtFRT2rQD8z7Oxqd0p2eo/qW74lYQRCEJ9BT0MPWkxq2iz0Xkkm9dpxdu89wM98cz8FvMrbZk/6yREEQhNJ7Ogr2ifUsWRlhuE1IVZlGQ9/kw1daGd4lIgiC8JR4Cgq2Cvfeb/JZrRtoVQ64121EPZdSPWqHd9/XmdEkF6lyPVHcBaFUxH7zOD0FBRus3BrTrswXnRQ4+XSkh09FRCQITyux3zxO4vgoCIJgIkTBFgRBMBGiYAuCIJgIUbAFQRBMhCjYgiAIJkIUbEEQBBMhCrYgCIKJEAVbEATBRIiCLQiCYCJEwRYEQTARFfpo+oULF9Dr7/vb9IIgCP93Lly4UO5pK7RgBwYGEhgYWJGzEARB+L9RIQVbUlkio8DaUoVKKUZdBEEQbsvV6tDm6VCZWZR52gop2Pb1B6DW5DNxcBPqe1auiFkIgiCYpI2BV9h3OpZa9Z3LPK3o/gqCIJgIUbAFQRBMhCjYgiAIJkIUbEEQBBMhCrYgCIKJEAVbEATBRIiCLQiCYCJEwRYEQTARomALgiCYCFGwBUEQTIQo2IIgCCZCFGxBEAQTIQq2IAiCiRAFWxAEwUSIgi0IgmAiRMEWBEEwEQoAWZb55ptviIuLe9zxCBUh+wqHNm9i4+b9XEh/XEHoSQrZzqaNG9l8+NrjCuKh5F47wj+bNrJ5bzi3xE+VCo+BCkCSJOzt7fH29ubll19m2rRpuLu7//fR6OPY/cNyDieXYW9Q1WfI9Odpcp/fztEkhrJ7226OhV4iKvEWap0K60pV8ajjS6tufenp74bl/QMibvcPLD+cTNGIJCSFCgtre5zcPKnr24pWjaqV0M69bSlx7fQyL3euVvIpTvZJflu4hSt6FzpMmERXt3KcEOmiWftyd8asjcN9xG8c7F/2Jh4NLae+H8eQnxNQdf4Wzb4pjyuQcjN3yGLvRy+w+LwdPRftZdPkRpT9R54E4SHIBbRarezl5SUDMiBPmTJFjo2Nlcvjve8PyZMX7pcvRKWUbUJNkPxufdWdGEr1ZzFAXpVdvKn8xEPyt+PayO6W0v2nlcxlF/+R8tw9sXKe8YDkoHfry6oHxSApZVuPNvLzH6+Vz9zS3W/hCrUlySrPl+RNN+/3XQNd0hK5hzkyZo3k6ceNR1gyjXx2fme5kkKSLRq+Je9PK0cTj4xGPjK7j9y6ZUu57at/PM5AHkpuyGy5jZ0kS1Z+8vuHMh93OIIJ+vtAhDx54X75123hZZ72Tr/UzMyMGTNmMGHCBAAWL17M0qVLefnll3n//ff/4x63hGWdrgxrW/3Bg+yqpnjf07tWn13K6AFv8HekBllSYOcVQI8e7Wlax41KFvlkJF0j7MgudhyKIOnkat7vvY99s/9i3XutqXS/iCzr0HVYW6rfDkjOJzcjhfjIcM6EXyc9Joi1nx5j46o1fLr6V95uW7mE2GXyY1bz3qwX6LS4Kw6lzEpZ5Z/9mkmfHCBdWZ83v/+UThU1o1IxJ+CDrQR98DhjeHgWfu/y47StBHx0jIWTZtE7eD4dbB53VML/jcLVW6vVyjVq1CjWgzQzM5MnT55c6h73w/ewFXKVURvlnLJNLcuyLOuSNsvjapvLEsiSVW15yIJAOcFo5zRfvhm8RB7V0NbwXaW7PGRlpJxfNKA7vWJFlVHyxvsElBsXJK+c1kv2sjL05hWO7eXPj2fdu3AFbSlke3c32V6BLFn4ytOPGjk9uLMsD9HD1kXLy/tXkRUoZbcRf8pJJXfmhbLI3CtPqauSJclGbvPF2fucnQmCcQ/Twy7SCTQzM2PWrFnFinpeXh7fffcdXl5eTJky5Qm+OJnJ7plvsfKqFpTVGbJ0F+umdqCa0fFtJVVaTuLXXSsZ420Gujg2TZ/BXzfKfjXJwq01o+dsJeifd/C3V6C/dZjPXv6S4Fzj37fu+g7vtrUDTRjfTv2aM9oyz/KBNMHfsWBHKrJZY8a/MwjnCr0fSI/6RiQXz18kMikb3UO0pEmL5+rFC1xLzLrbjj6NqLNhnAk7z/WsRxCuETp1MlGXwgm/FEWy+gFLYNuRt17rgA3ZHP9+Idse24Vc4f9Nsd141KhR1KpVy+iXn/TCrY9fx7drIsmXFVR55nMWveDFfa5F3qFwG8yC+SNwV4IuYSPfrowoZ8FR4NLtC1Z/0hEHhUxu2I/M++sGxcu/TG5eDV5b8BbNrCD7+HymLrn0UEWuuCx2LF3NpTywbPcSL/nek4XcjbzoZouNjSODVqQabUEb/AHNHGywcezEvEt3o9MGTsXH3ga76mPZlKsjYfdshvhVw7FaLRo0bEAtV0eqNujDtA1X0BRpUcPOV72xs7HBsc+Se+amJ/noYsa188TJqTq1G/jg7VYZZ59+vP/XFXJT/mRSC1/8mvVl7vG7reZufBE3WxtsHAdhfDG0BH/QDAcbGxw7zeNSsSTncm3rF4zpUBunSi541W9Eo/peuFRyonaH0Xyx9RrGj7lKvF4YR6/KCnTxf7FsQ6KR9SwIj16xgm1mZsaHH35Y4kRPZuHWk7LjHw5myobe9cShlPamisp9XuGFeiqQNZz451+iy109VdQbP5WhrkrQp7Lnr52kGflWnkaLRYt3WfhKA8zlNA7Mfo9fyz/T4rL28PeOJPSSBa0HPIPHvXnQ55Obo0atziE3Xzbehk6LWq1GnZ2DtnA1MlOgz1GTnZJCzL+T6fzMFwQp/Hhm5IuMGtKVhlUg7eJ25r0wgA8OZheaUEanzTG0mZtfZFbq4M8Z0PdNfjlynVy72rQfOILRI/rjpzrJNyN6MnFdNNkyIJljbi4VWoxcctRq1Dm53H8x1KjVarJztPcU1SyOz+1Lm4EfsupwFHKNAPo/P5rRw/vRpoZM1OHf+HBgWwZ8HWq8aFfpxaBODijkTAI3bqUsNzYJQnkZLWkjR468by+7sCercOdx5sQZcmRQ2AfQta116Sc196Nre1eUyOSdDebEfYYySsW2Ez3b26NAJiv0OGGa4l/R6fWALR0+nM9LtVTIN7cyc/oGEh/RTq89vZ8jKXpQ+dChcyku3JaFQokCkPOC+PKNnTT8+hiXTu9i/aoVrNqwh9ATPzGwmhJZe5GVP+3kgSMYuissmz6PY2kyZl4jWHX6HAc3/s7K1X+xN+wiR+bUZ8/HP3A2H0CBUvloFiM78GNe/Gg/N/T2+L/1D+GXDvPPmpWsXLuFI5cusPWdFtjpE9n9wcvMO5NvpIVKdOrcDHNJJjt4P0dyHk1cglAShY+PD/f++fr6kpNT+i3wduGuXr06U6ZMITMtuQJDvh810TGG+6WVnnWpW/JN0fcwo159b5SArL5OZOzD9HYtqVPXEyWgT7xOTEnj0449+WTOcNyVOuLXT+ej7caHJ8pGT/zJUK7ng6KKL/51HzQoVEa3O7i6FKROc/np5SbYFfpYVXM44/u6oERP+tkQLhmrdYXormxg3ZEsZMmWrtPm8pyXeaFPK9H89e+Z4a8jo+BgJklGmykbfRLrv17BpTywavU+K+f2wb1wmlSu9Jy9hNebmEHOaZYt2Wukl63AqXkzvJSgTz/DqQsPWFBBeARUFy5ceKQNLl26lCZtE2nVd9JDtCKTe34z87+8wIM6VKrafXn92SZY6DPJVOuRAcm+Eg5l6lYqqOxoX1CLssnKvM/5dalI2Nka7vOSdTmoc6BIRbtnvi6Dv2D2M7sYuzGKle9+xsiOX9PR9iFmTx7XrsWgA5Q1alHL7GHaKoGiMl2H9qFK8UE1PD3dUBCPPi2FNB2UdCEhMziYc3kyqHzp1sPIg0RKDwYNbMk7e40VzXJSB7IjMAO9ZE6r556nvrH4zH0Z8kxD5oaGkhC4lxBtT9qY3/MV79p4KCUuaGO5GqkF/0d8cBSEe6h+//13ox/8+OOPHDp0qEyNjRo1itmzZ/P9vzGoNQ/T45DJPvUrH5168Dct+jgz4dkmWGCGWUF1l3U69GWsuTrd7V61EuVD7XcyarWhtEgKS6ysHvB1RQ1GfvUxaw68zq6LS5n61fMc+bTlA56aLImOpMSb6AGVsxvuj2gIoRilOzVrGn/Oz8qqIHpdPnklNpJP9NVoNDIoHLzwdjUWrIIqDepRTbGXqIeL+O5cr50nIlsPkhWK5KP8tf640e9ps6xQSqCJvsTlHIoVbOyqUc1BghtqbiTeAsowDCcI5aAaMWJEsX9euXKFUaNGla4BlYrx48czffp0PDw8Cv4b85BhSVjW7szg1m4PHH8186uDOYDCHqcqVkhokW8mkaSDWqUuVjqSklMNF6WkylR9qHvg8omKjkUHKKq64nbvTm6EsvZEFkxbR8D0w4R8PZVFww4wrVF5jxoa1Dl5yEj8j737jo6i6v84/p7Z3fQeICShpFASQECq0qtIF4L0ooIFsaCggig8AirFHwoKqI+KFEHpoiA8dKQpAkEhtCSEEnpIIKTv7vf3RxASsoEktKzGdg2OAAAgAElEQVTe1zk5eti5M3fKfubOnbmzDi6u3KsGNhhxKMC63ZqVK1euZl8VuXngmU93h8HTGw+d7FEBd4Hl0iWSrIA1iQ3v92bD7QqYE7l4yQKeNx1QmisuThogpKXco+cNFSUHm6kwfvx4rNZb3wEzGo08++yzjBgxIkdQ3y0aro++zNdznihES9ORsLBgjERiPvkXf16y8mjpggZvBlEHorO7EfzDqJL3Or/gMiPZujMBKxouVWpSrUCJaaTaq//H0IXNGL9nBxOHfUHEqiFUKHotgBvdzcXZ9ePsVp3TVutdfWzu+qJ0bxoMep0OQbc5sxsCaehlu353pU9dUQooT2BHR0czd+7c/Avc06C+E0bCmjQgwBDJ8bTfWLnqPM8+c5uXK/0tdRtrtlzCik7JRi2oewdv9Ene8C2LjphBc6He448VfMCKUz3enPICSx77hKh143hzXicWdTJiyG7AFYIjLs5GNDLISEst+vPdWZnc+9toOq7uLmiANSWZ/G4dWBIuZr8drwjhmJWZdy10H1+8dcCiEfL4cEZ2KWIHlKSSmiaAhrOL6g5R7r08cZJf69poNDJ48GBiYmKYMWNGMQvrbI6NetOtghFNLvO/Tz/jjwLdpbJycsFnLDppAUM5uvZrk/89wttJ3sr7b88hzgJ6yQ481zvotjdNc3Jr+i6TBwRjlHOseGcUy68442wobEoZKOVXAh2wXjhDvK3E1g0Y9ewzQUZ6us3Wa+qJk1y4u6N5bDBSvnwgBg2sSSeIs/kws5UzUYdtPuesG4xkr0YG6ek214ITJy/kOWkZg8Op4KaDNZmD+2OKfmJKOcu5KwKaMyX9fIo6F0UpsFyBfeTIEWbPnp1rAnsI6uscH+WVN9rhowsZ+z7m2TdW3fbZ5oyDXzD4nZUkWHV824zgzVZFe0TDcnYT47p25/8i0xDdhxbvjKV7ofvCvXl83AR6BBiwxH/PiHF7wKWwgW0kJKRsdmCfjCXWVhpp3nh5aICVMydP5A0s6zl+Xr6Fq3epz/hWvGvVpqIRMEeyaVNC3pOHJZalK/4gy0ZdNG8vslfjDCdP5F1R67mfWb7lat4LFJemPNbIHQ0zfy5ZQKSNZ+XBSvyPH/DWpDmsPXjJ5pWKOSaWE2YBQyDBQffuboGi/C1Xorz//vvX/99gMDB48GBiY2OLf1Bfp1Puqal80q0sJlL5c3oPWvSazLoTNr6R1sscWDiCdq1fZdVZK6agHkybMSj/G5WSRdrlJJKSbvwlnD3GX78uZcbbPalf/THGrDuDGVeqDPqKb4dULlTr+voa+EXwwbiOlNKyiJk9k9VXCpuaBgJq1aSMASwX9rEnxkbUmKpQs4ozGhZifpzDhoScMZnC/q8G884GC2734feIjDUi6FLNAc2axKqJ77HmXM66JLN32stM+s2MycZ5y1SlJlWcNbDE8OOcDeRejf18NfgdNljc8l5G6n48+UpfKpgg689pvDBiFfG58t7KpR0f8czzo5k04nlGLjxho1fKysU9e4i1gO5RndpV7/gOrKLc1vU+7OjoaL777jtMJhOtWrXiiy++oGzZsg+ybkVjCKLvrFVkmLozdP5BDi58k8eWTaDiI42oUzEAHxeN1PPH+PO37ew9cQULOl41B/LZgs/oXT7/iLVe+p7epb+/xYI1dLfKdHn3C2YMb4pfkcNOp1z/ibw7fxOvrksiFSjsox6OtZryiPcMjiVEsWXzWaxVAnOHll6SzoO68t6auZw68iVP1o3i8RbVKG1K5VTketbudaTnZ68RO2QMG8WCtbDPSBaGsQYvvdef7yK+JubADJ6osZ3Wj9WjvHMqJ/duYN2eDBoNe4akjz9n103V0Et2ZlDX91gz9xRHvnySulGP06JaaUypp4hcv5a9jj357LVYhozZiFisuR71dG81nq9H7qHT+B3sntqZaqsa07pxGKUcMjh/ZCcbtxzkolmnRNP/MHN4TRt355PZsnk3GaLhXKcphRlYqyhF9vdr+5599lkZPHiwnDhx4o5fH/ggX696Q7IcXP6+PNMiTHwdddFuemWsZnCVgIc7yEtT10lcer4VusUPGGiiGR3FzbecVG3UWZ57b7Zsi8+41cpdm5cmTk/Mlfxfqnpt6j8/lAZu1358odCvV02Uhb1Kio4mbm0+l3ibr1ZNkt9nPCX1/J1E0/7+IQajeFRoIyN/jJOMxG+kg6MmmB6SUbtuLDtj55sSbkQw1Zax+23VySwxkxuJCcQQ+Kz8cn3bpsnKgf6igzg0n3ZTmXQ5uugNebyipxi1G9vXoVRtGTBjlyT8+Z7UNiEYw+SNHTdt46TfZcZT9cTfSbu+jzWjh1RoM1J+jMuQxG86iKOGmB4aJbvyVDdZDvzwtnStHSDOeo4futCM4l7uEek5Zpkczm9HJS6S3iV1QXOTNjNPiXp7rVJQd/J6VURErFarnD59+q5VqMiBfa+knZeYv36XRYOriAlEc2okH0bd2emguEvZ+LJUMCKaY315/4A5/wktV+X0ob3y247fZF/MRcn33HVfpMvF6H3y246dsudgvFy5Vu2sfWOkVn6BfY3l6mk5tPc32fHbPom5WPi1SLsYI3/+vkN2/LZXok4kyq1OvSIWOfF5W/HUEL10H1lUTA5zxT7c8S/OaJqGv7//A2jf3ydOJQmpVpJyL/bm4W/e5feMXSyc/xdDx9W9gxGFxZtL41d5tdlcXl33B19MWcXgrzribWtC3RX/yjUpHnvfEd/Q6viGFr6k7upP5ZpFXwsn3xAe8r39C88ASN3Jp5+u4wpO1Hp+GJ3UAyLKfaKJyF3voHxrxlZSM8wM6VqdsPIFO5o1NQJB+Ye4B18p5R9k2eZoNuw5RZ2wUgxoW6VQZe/DcwCKoijK3VBsAluy+9Pvy5/57K989kIbqge6Y9J1jM7elG04ml8z7l8d7ttfxiH+2zkQg+ZApUHLOWMpBnUq5F/WvjHUMgHGMN7YkfHg6pK4mRG13dB0H5pN+IOUfKZTlHvlX/k+SINfI4bMXM2Qm3+p6p/IoTKDZq8mcGUkCWLiQjKUfqC/nl54ermujJ0VyiU8qVbxwR2y6efNVB86g7nu4bTuWFu9m0+57/6Vgf2v41mNtr2rPehaFJnuVZ32fao/6GrgVKkFvSo96Foo/2bFpktEURRFuTUV2IqiKHZCBbaiKIqdUIGtKIpiJ1RgK4qi2AkV2IqiKHZCBbaiKIqdUIGtKIpiJ1RgK4qi2AkV2IqiKHZCBbaiKIqdUIGtKIpiJ1RgK4qi2AkV2IqiKHZCBbaiKIqdUIGtKIpiJ1RgK4qi2AkV2IqiKHZCBbaiKIqdUIGtKIpiJ1RgK4qi2AkV2IqiKHZCBbaiKIqdUIGtKIpiJ1RgK4qi2AkV2IqiKHZCBbaiKIqdUIGtKIpiJ1RgK4qi2AkV2IqiKHbC+KAroPwbWTm3dw074tLRStagc6OQe7y4c+xds4O4dI2SNdrQKMTp3i7vQUuJ5td1+7mIJ2HNmhPuaeX8vv+xPTYNrWR1OjcKzZ7ufmyX9Fi2/e9Pzos7lZo0p6q3aiPeCTsI7HT2Lfg/lh3KRDRnHuo+nG5V7KDaOVnjWTvjK7ZesOb+d01DNzri4lGCgPKVqFG/PtVK/8PDBIBMdk8fSMTXZzA2n0bGhpfv8eJ2M31gBF+fMdJ8WiwbXg68t8t7kCzHWfBcawYsiCew91y2dATIYu+MZ+n25SkMTaaQsfm17Gnvx3Zx8OTq+nfp82kU7m2msn75S1RzvPuL+bco/sl3aQUTho7m+/NWwECZU9V5/Kt2uD3oehWG+SRrp49n8iHzLSfTDG6UrdeRp14ZwWvdq+P1j22M6HgFP0y9emUxhPvdtblaE6LYFnker2pNeMgvx8bTvQh+uB71yhoI93O4a8srfjLZ/8nTvPj9cfQqQ5k1vQdlb3UM3e3tYk0galsk572q0eQhv+z+Vt2XNpPmMmpXE95d8yb9/lOTXz9sZF/f3+JE7oE3p/8qL03ZKAfjEu5wThY59UVb8dAQTdNE0xC9xJMy/+Jdqeb9k7FD3ggzCmjiVLGV9H/qKXnq2t+Avj2lS9smUrOcp5g0BBA0JwnqOEm2JlgedM3tiEXiP2spjpqbRMxPedCVeSCy/pwgDd010Uzh8tqm5ByfpMvq58qIAcShyZR7tnxL/GfS0lETt4j5cvMeyNg3Xh511URzqCrDNl+9Z3WwB0s3HZWXpmyUb1cdKHTZ4t2Gsxzlu9kbSRYDfh170MxVw5qwmtmLTmK9feliSMP1kSF8MWsWs679fTt3AUtXbWbv8XPEbZ/NW48H40w6cT+NoOMTE9iV8qDrbC8y2bvnAFkPuhoPivUEs0dNZkeyjv+T7zGi8f1vw2bu3cOBfHaAQ/VXGf9MRQxZUXw+Yhr7b32xqeSjWAe2ec9s5u7KQAx+tBv4Pn2auaPJVTbPnc9RSyFnlplEfPRBDsWc5nJmoQqSFB/NwUMxnC5cwUJyJOCR/kxYuYMVw+vgoVtJ3DqO5z78jfRbFbOkciHuMAcOHCbuQioF3iwZicTHHCIq6ghx51MKXC4z+Sxxhw9x5MQlMgq6LCDz0nEOHz5OYmEK/V02KZ7og4eIOX2ZfPeAOZrd+xLu8ERu5uq5Yxw6cIBDx85ytbChYk3l/LFDRB06xrmUgm3RjMR4Yg5FEXUkjvMFLGNzPr99xv+tvoSYHmLQ8C6Uuovf7ILV0Uz07n0k5LsD3Gj62hCauELK79OZsury3avgv8k9aPHfpS6RFFn7QpAYQAzlnpfVKRY5P7eLeOuIZnpI3t6VlU+5NPlxYBlxc3EV/wFLJSVhp3w2sKGUczOIBgKaGN3LS6NnpsrWc7m7HNJ+HChl3FzE1X+ALE1JkJ2fDZSG5dzEcK2rQjO6S/lGz8jUreekUJ0V17tEdPHtt0zSbjd91iH5uLmn6CC6b4TMO5d3aWkxP8v7/RtLqJfp2nohaCbxCm0s/d7/WWJsLiRNoleMk76NK4iXSctRziCugbWk8+uz5I9EW2t2Rfb/MEoi6pQVN4N2rYwuTn41pNOb8+TPK7mnTl/3slRydxG3sgNlRXKMLHjuYfExasL17op0WT04RNxcXMSr7Ywc1ftRBpZxExdXfxmwNEUSdn4mAxuWy7FMo7iXbyTPTN0qNzZJmqwYWFbcXJzEpGvZ+9fRRVxcXMS96jDZkiEi6atlcIibuLh4SdsZ8TZW70+Z/3Y3qVvOXYx/d0uhicE1UGp1Hibf7Eq4aX9nyKbXwsXdxU0Cn14maebT8r9xXaVGSYfr21QzeUtY2zdl0dF0G7shWlaM6yuNK3iJSbu2biCawVUCa3WW12f9ITZ3Q76SZfkAf9HRxLn5VDmWp2w+XSK32i6FqGPaioFS1s1FnEy6aCCa0VFcXFzExb2qDNuSkWOmF+W7br6io4lHh6/kzL+0x+9OukSKb2BfWii9SukCRqn0+lZJFxFJXCJ9S+sCBgkZsj6f4EuXVQMDxADi2GakjG3hIwbXslK3bXfpP6C3dGoYIh4GTUAXz3qjZXuO7rT0VQMlwIDg2EZGjm0hPgZXKVu3rXTvP0B6d2ooIR7Zoa971pPR2wvRD1fYwBaR5J8GSqABQfOULnNyb8fk3yZIi1JG0dDE4BkiDTv2kv79e0qHBiHiadAEzSilH5sie3MtyCzHvo2QQJMmaCbxDW8qnXsNkKef6i1dmleRkg7Z28Sj/hjZkXPVLJdk0+gG4qMjmu4m5eq3lx79+0vP9nUk0Dm7jNejo+XXpByru/lVqWBENNcu8vGMzuKja2J09hJfrxLSfUGKiKTJyoH+ooM4NJ+WcwfIwACDgKO0GTlWWvgYxLVsXWnbvb8M6N1JGoZ4ZJ88dU+pN3q7ZFczXTaNbiF1aoWIt5598vEJrSW1a9eWup0myR9ZIpK2Ugb66wIO0nzaqVzb0nJxrbxRO/vkqBm9pELDjtKzX3/p1bmJVPLJPhlqrg/JSz+fzRHaGbJtWGUxoolTp6my6IXK4uTsLw+37ib9nuonES2rSglT9snDocowydVlaz4m30YEiklDNJOvhDftLL0GPC1P9e4izauUFAcNQfeQ+mN2SIGPsORl0t9PFzQnaf7JMRuNiXwCO7/tUsg6pm8aLS3q1JIQbz37ROcTKrVq15badTvJpD9yN6wSvovIbnS5t5evzv47E/sfGNgWif+yXfbNRlMtGbPv752eImsHZ7e6df9+sjTJVtkbB6fm7CJu5Z+Ubw7mTK40OfRNNyljyG7xNf/4qJj/Lrn6OSljQNCcxcWtvDz5zcFc4Zp26BvpVsYgGpq4Nf9YjpqlYIoQ2JK8UHp6Z5+cgl/aKNfbaVc3yWvhJtHQxbPO67LyVM4vRJacXv2G1PXQBc1Z6o6NlOufZmyTYZWMgmaSaq+ul4s3fVeu7J0q7f0NguYh7b680dpKWv2ChBo10UxB0vPbQ7nqfmXXh9LcR8+e51s7rtcxY9twqWxEMFWT2jUDpdno1XI8TUQkQ9IzRPIP7NXyXBmDgCbOLm5S/slvJPeuOyTfdCsjBg3R3JrLxzl3QMoc6exIjlZ8znL5BfYl+WlgeTFoiO7VQN5ed0Zy7lLLuc0yurG36CCGss/IisTrG1N2vBkuRhBDydISENxVZu7LeZmRJcdmdZHSBgS9hPRZcuMGYMa2YVLJiGimavLq+os3hesV2Tu1vfgbEM2jnXwZX7BAy9j8ioQaEXJ9V3IqXGAXrY4pMqezo4Dtm45/s8R/Ji2dtGvb5d958/Gfd9PRcpR5szeQLBpODfrQr+rfTx+60GRADyobwXruJ+YsP3fLPkvJcKD56KkMCMv5bLMTlftP5PVGTmiSwvbFyzh2c7ecZODQfDRTB4SRq2Tl/kx8vRFOmpCyfTHL8hS8i5wqUqm8AbBy9uSJa323Vs4t+phZh7PAuT4jZk+kXWDOJzON+LcZz8xXqmMijT3/ncn6vzvAU6KIOm4B3Z9GHRrie9Oed685hCnTP2Tc5IkMqGHI/kfrGRZ9Op9YM7i3GslH/Srn2h7udV5j7IAKGCWLg9/PYevf/dMGPfvmSNYBjpYcyazRbSjnBOCAY4GeHhMyHJozeuoAcu+6yvSf+DqNnDQkZTuLlx0reJ+9Ddb4hXz2wwksOPDw0Jm817I0hhyf66Wa8O60l6lu0rCcWsx/l9443rRr/7UkaDSb+CXPVXfPUdJIUM9BtPczgPUyf+09fP2TlKgosndDIzo09L3pJpI7NYdMYfqH45g8cQA1DBSAldN/RHLSDLpvDepUuvMnde9+HW/QS9SmVnD2dtm3++Ad19Ve7ft1KYO71cfLy6tQf8UysM175zDv9wxE86BF314E5zgoHOr0p3ctBzTrZdbO/oHjt/jGai6N6dLZP+9KGsrRqnkVjAiZB3az5+a7epoLjbt0xj9vQcq1ak4VI0jmAXbnKXgXae64uQIIlrRU0gBIZfPqzVyxajjU70GvMFtfTgdqRHSiqhEsZzazfu+123QOXni5aGA9w/oFKzmR54aagUpd3uCdYS/Qvd61Z6NTtrB2WzKCiZqtHrOxPRx5dOQvRB4+zul9H9P85gERmjMNukVQrpBfatBwadyFznkXiKFcK5pn7wAO7N5z6xuyt5G8ZR07UwSMD9EpoorNQQnGah1oW8kIcpWdm3fmuemp+7SkW7ubQw0wlad8gA5YSUpIuv7PDl5eZO+G9SxYeYK8u6ESXd54h2EvdKeeX0G+nlnExp7AAhjKhhBiKkCR27j7dcw581AqlDOgYeZUzLE7r6ydspizSEu9yuXLlwv1VwwHzqSy+ZsFRGUJesm29I+4KXANYfTp15gPd60nddtc5h18kXer2V4NQ9lwqrjb+sRIcGg5HLTdZKWcJO6sBUINOQsSbrsgxuBQyjlo7M5K4WTcWSyEUug8KghJJTUdQEN3csYZwBxL1NEUrGg46xfYvmQRv9sqm3kVZ4MGGcc5fCQNHnUA1zYM7F+ZpdMOcnRWd6pvbULHTm1p3bI1rZrUJMAl72zMxw4SnSKgexIUWtrm2d1QMoSqJfNZB0MgYeE+RWgVGCgbXgXbuy6Y0HIOaLuzSDkZx827ruDMHD8UQ6qA7laZqiH5fBWMlagcakQ7kEVSbDRnLORqQBgCgwiyOXLPGedrVwcW841n3VzbDKR/5aVMO3iUWd2rs7VJRzq1bU3L1q1oUjMAG7vhNiycO3sRK2AsFUDgXTgY734dc3KndGlPNM6Tev7snVfWTlWs2ZzGDevzeP2gQpUrfoGduIpvlh7HgoGANk/wiPkCFy7knsSl1RM0dt/A6iuRfDf7d96a3ABbV9qaty8l8jmAje7uOGuQQiopyXJzQXzzL4h7dkFSU5IR21PdOXMcx09ZAJ2S/gHZ62e5xKUkK2AlacP79N5w25mQePESFjwx4E7LST8z3/QsQ6dv5OSRjcz7aCPzPtLQXfyp3rQdEf2H8GL3mvhcS1jLpUskWQHNDXcP7ZZLsklzx9OzKBdxGt6+JfI5ERpxd3dGy94B3LzrCs7CpcTLWAHN0wvvfIPOEU9PFzTS4EoSSTcvz+hg89jLl3tLJv08H9OzQ5m+8SRHNs7jo43z+EjTcfGvTtN2EfQf8iLdaxb0RJdBaloWgoaDiyt3oYF9D+qYk4arixMaIGn/3kEG7t6lCA8rRbNmVQpVrpgFtpXTi2ex8nx2T+HpeT0pP+9W05uJ/mEW6//TgLauNj7WbhEy8vc3T7vRIXmjYN5/ulEQKcBUdyozcis7E6yguVClZrXsL+L19dHxbjCI1zsE3aZ1byCwodeNWjqE0HXyejoMj+SXxUv4ee16Nv26m5hLp4n85SsiV8/m8zkTWLbwdermGnchNzZXoWgYitjiK/KuK9rS7spcCsohpCuT13dgeOQvLF7yM2vXb+LX3TFcOh3JL19Fsnr258yZsIyFr9ct1BDuu7kW96qO2RW9v9v7n6R4BbYlmu/mbOCKaDiUq0frGqXyP4Ob49n1v72cjV/O7J8m0ranT95pkq/kbRFdk5WcTJoAuOGRp/WYzJX8C5KcXRA3D4979FVPZsO3izhiBs2lHo8/dm076D74euuABS3kcYaP7EJRXhXl4FeTzkNq0nnIOLAkEbPtZ+bNnMQnC/cTv3okz05sQuS4Ohi8vfHUAcsVkpLu4Q1WG5KvJOVz9ZJFcnJa9mduHhSl4Z/NgI+3JzpguZxIYr6rl05SUmr28jy9uXsvm3PAr2ZnhtTsTPZuiGHbz/OYOekTFu6PZ/XIZ5nY5A/G1bndV9QRF2cjGhlkpBVi4NR9rWNOQmpq9v7TnO+sc+XfqFjddDTvnc3c37JvNrYZs5wVK1bk//fTPF6p64BmTeCXOYuJt/G4iPnEYY6m2VwScbEnyRTQPcoR7Ge4uSCHbRfEHBfLyeyClAv2uyf918lb3+ftOXFY0CnZ4Tl6B11bijGY8Apu6FhJPrifmLsxvNfgRWiTvoz5biNf9wnAIJlErV6dvbigMEJcNLAmc/TgcZthYE2M5vdtW9m6/S9OF2EUo21mThw+iu1dF0fsyUwEHY9ywdy86wrOSHB4BVw1sF49zIHYfDZm5mEORmch6PhWrETpe/SNMXiF0qTvGL7b+DV9AgxIZhSrVx8pSElK+ZVAB6wXzhB/D8+rRa9jTimcPXcFQcO55N178de/RTEK7FQ2z/r7ZmN7+nexfZPrOkNlevdpjIsmJG+cw/zovEeqXNnKyv8l5i1rOcWGzVGY0XCsUZ86NzdT5QpbV/6PvCUtnNqwmSgzaI41qJ+n4J2ycHbTOLp2/z8i0wTdpwXvjO2eY5ixC00fa4S7BuY/l7Ag0nZCWuN/5IO3JjFn7UEuWQCsnNs5j0kjX2Tof/flvesPoHtR46Gg7G2ecS0q3ZvQsr4rGmb+WrXCxusArJyc8xxNGzemaedJ/HbX3g8hXNm6Etu7bgObs3cANerXsXGFUfDuG9cmrXjUTQPzX/y07JDN7ZL55wpWR1tA96RhiwZFuqK5znqOnfMmMfLFofx3n+2NpXvV4KGg7B2ekZZagJkaCQkpmx3YJ2PJ77xzP+sot9oB5hhiT5gRDAQGB91hZf99ik9gJ67imyXZNxvLdOlPW+/bFdAp270frT11JON3vpsbmecLpxkv8eO7b7L0RM6HsTKJWziKT35NR3RPmvfoTJmbt4Jm5NKP7/Lm0hO5HuPKjFvIqE9+JV10PJv3oHOegrcnWWlcTkoi6fpfAmeP/cWvS2fwds/6VH9sDOvOmMG1CoO++pYhlXM9GYzfk6/Qt4IJsv5k2gsjWBWfe62tl3bw0TPPM3rSCJ4fuZAT1747WvQyJk2ayacjhvLhNhvv3Li8izlLIzGj41Oz7rXFBdLjxW6UMQjpOz/mtU8juZpze8T+wKhpW8nASLmufWht6z5CkWgYL/3Iu28uJfeui2PhqE/4NV3QPZvTo3OZHAewAw6OGkgmp0+cKlDXgB7QnSE9ymMkkz2fvMLEHYm5tov1wmbGvTqD/Vlgqtifl56w0e1WyPWKXjaJSTM/ZcTQD9lm48Ubl3fNYWmkGXQfatatXIB5GgioVZMyBrBc2MeemDttYhe9jg4OjmgImadPcCqfalgv7mFPrAV0D6rXrnqHdf33KSZ92FbOLPk2+2ajMYweA5pTkO++Xqoz/TqWYsXcsxxYMJuto2rTLEcTyFSnH/0yf6BHjc00atmYcD8DSUe3snrjIRLNGl6N3mLsgHI2nqGtQ79+mfzQowabG7WkcbgfhqSjbF29kUOJZjSvRrw1dgDlCp3XVi5935vS399iEk3HrXIX3v1iBsOb+uWtm3srxn89kj2dxrNj91Q6V1tF49aNCSvlQMb5I+zcuIWDF83oJZryn5nDqWkE0CnVfSxj5m7ltbWbGNO8EvMaNOWRyoF4OVq4ej6GPVu2sH8UdGQAACAASURBVO9MBgb/9vzn7Q7XF+fTcQIzX/iDHjP2s/r1RlRb/Bgtq/ujJx5ky+otHE2y4lx1MJ+OfewuvuPYRJ1+/cj8oQc1NjeiZeNw/AxJHN26mo2HEjFrXjR6aywDcu4Ax2pUr2xk8S4zuz7qSfdjDSll8aLVe+8R4Zvfcrxo+8HnvLL7ST7eu5F3m1dlaauW1CnvjuXCEXZc25aaTwNGff0eze70hKSXovvYMczd+hprN42heaV5NGj6CJUDvXC0XOV8zB62bNnHmQwD/u3/w9sdbD9aejPHWk15xHsGxxKi2LL5LNYqgUVviRW5jo5Uq14Z4+JdmHd9RM/ux2hYyoJXq/cYF3HjhxGSt2xmd4agOdehaUPVh11od3/gZRGGppsPy+TGzqKhiUOdsfJXfu91siFl3WAJMiAY/GXA8iTJNQy36RSJjd8gE3rUklIOf7/ARhPdyV/q9f9Etp7PPej2+tB0h6YyJTZeNkzoIbVK5Xihj+4k/vX6yydbzxfx5U/k/dM0MTq6iW+5qtKo83Py3uxtEp9x+1kmH/hB3u5aWwKc9RsvcUITo3s5eaTnGFl22Mbg4JSDsvjd7lK/vEeOlxxllzN5VZAmAz6UlbE2XlZkOS/bZ7wgLSp45Xo5ktE9WJoO+lS2nss9Rj9j55sSbkQw1Zax+23tzNsNTXeQplNiJX7DBOlRq1T2uyv+fuGUfz3p/8lWOZ9nB1jk4toR8kgJ44395dhQJh423/JdIiIiloRd8tWrbaWKrynXttRdAqV2xDuyKOrmIdQZsvPa0HRT7bFicxXNMTK5kUnAIIHP/nLTblgs73avL+U9jDmWd+3lXRWayIAPV4qt3ZC/RFnYq6ToaOLW5nPJO6K9kO8SKWIdLRfXyohHStw4RjRHaTjxcK56Lur9dz1nyql/56tE7mhouiZStAe2buWtGVtJzTAzpGt1wsrf6WVkYWWw5vkKtL/2c0iHN75GkA6W5HiOHDlFssGTMqEVCXDPe7cqY83zVGj/JacMTZhyeCOvZRck/sgRTiUb8CwTSsUA93szUKao0hOIPRrL+RTBydOfoNCyeN32wWALV8/EEBufSKrFiKtvGUJD/HC5bbPMTNKJw0SfTga30oRUCsLnbv6AS8Yanq/Qni9PGWgy5TAbXwtCx0Jy/BGOnErG4FmG0IoB2Nh111lTTnMo6iQpDp4EBFUg0LMQF5GWq5yJjubEpXR0t1KEVArB917+nJXlKmdiYolPTMVidMW3TCghfi5Fah2nbnqFGq0/JcZQn/F7tvF2lbt0lBa2jtYUTh+K4mSKA54BQVQI9Lx+GW89+QUdHhrML8l+9PnhAPO63e9sKB6WbY5mw55T1AkrxYC2dv0c9r1jcA8kvHYRfrPO4E5geG2K7a8AOvkS8pAvhfsZWwNu/pWo7l/YhRnxKleVOuUKW+5OGHAPDKegu053DaBK3YAiLsoN/8o1KfRmKSqDG/6Vqt+V5bk0fpVXm83l1XV/8MWUVQz+qiO3vQ1UEIWto+5KQJW65N0Dqez89FPWXQGnWs8zrNO/M6zvVPG56agoStEZQnn2g1d42NnKyXmj+WhnQZ4wuX/MBz9n1BdRmI0VGTjhNR7+J/+05j2kAltR/iEc647k8xH1cc3cx8dDPmBHcRn5bY7i0yHj2JJsImzwDMa38nzQNbJbKrAV5R/DiTojvuXjTgFk7p3MU0N/5OwD//HTJLa825/Rm67g1XQscz9sideDrpId+wf2YZuo/sxUvm2Ugl66DiULcUoyVX+Gqd82IkUvTZ3CFFTuDlN1npn6LY1SdErXKalaE0XhUJlBs1cTuDKSBDFxIRlKP8gGbfp5zNWHMmOuO+GtO1JbPcl3R/6BT4koiqIUX3fylIhqxCiKotgJFdiKoih2QgW2oiiKnVCBrSiKYidUYCuKotgJFdiKoih2QgW2oiiKnVCBrSiKYidUYCuKotgJFdiKoih2QgW2oiiKnVCBrSiKYidUYCuKotgJFdiKoih2QgW2oiiKnVCBrSiKYidUYCuKotgJFdiKoih2QgW2oiiKnVCBrSiKYidUYCuKotgJFdiKoih2QgW2oiiKnVCBrSiKYidUYCuKotgJFdiKoih2QgW2oiiKnVCBrSiKYidUYCuKotgJFdiKoih2wvigK6AUI9Zz7F2zg7h0jZI12tAoxOmmCTK5dGQPe45eIMPBhwq1H6WyjzrnK8r9UuwDO/3MbtauWs/OyCMcP5dIqsWIi1dJylWsQf1W7WlTJ4CbYyU/qce3s2rlBn7fH8OpC5dJM4PJ1ZtSZUKpVq8F7R5/hHIuha2hlfi1M/hq6wWsgCGwBS8MakqpAuSYNX4tM77aygUrYAim3WtPUd+9sMu/izJ3M31gBF+fMdJ8WiwbXg688Vn6X8zs25XhS6NJFQBHOs66wIqnHmSFFeXfpdgGtuXMZqa9/RaTF/zOmQyxPdHbDvjV7s7rEybwesvA/Ffm8m6+HDaYd+f8wfmsfOaFhoN/A1745Bsmda+EY4Fraubk2umMn3wIM6A5b8Gj1TqGhhhuU87C4dnvMuy938gUwKE5Pk/3p777A2yx6l4EP1yPemUNhPs55PjAyuk5bzFiaTSpmhc1Ip6iY7grweEO+c7qnrImELUtkvNe1WjykJ/q11P+NYplYKfs/ZTeTwznpxOZiGbAI+RRHnusETUrBODlaObKuVj+2r6W1b8e4dwf8xjx+HrWjl3Mwrca4H3zt9d8gKnd2vD6ugRwr0ynV4bQt30jqof44elg5vLZaCI3LuW/075mw/FtfNq/I5mu25ne3reQQaChaUD6dhYsOMzLo6pwy8g2/8WCRXvIQkPThPxOI/eVQwNGrdzBqDwfZPLH9j+4KmCqO5wF348i/Hbno3vIevZ7Xmn9Mr91+I5zi3tR6IsiRbFTxS6wrWcW82LXYfx0Igtcw+g14Rs+GfwopfIEhJXEvbN445lhzIo8w/p3n2Rg6V9Z9HRIrqBMXPY+729IQExhDFm2naktvXMFcWn/clR+uAVP9mrNc02f5JujR/nm7Y95ps146hZq62h4VqqES/Rh9v4wn71vjafOLcpn7prPov1ZGMpXoMypaOIKs6j7zsLlpGQEDeegipR/gGENkLl3DweyHmwdFOVBKGZXk0msencY38VlgSmEfrPWMfclW2ENoOP98EC+XDOf58IcwXKaH98ewQ9nrTmmyWDvpu1csoKxSjeeaeqd7wrr/h0Z91ZHygc/RP1gC/HnrflMmT+tWkta+OlkHVzE/B0Zt5gynW3zl3DUbCS0fl1KaAWYeWYSp2MPEXUwmuMXUrAUtnLWVM4fO0TUoWOcSylsacEq2VcBuuF2h4yF1AtxHD5wgMNxF0gt8KIySIyP4VBUFEfizpN/Fc1E795HQuF3j6LYvWIV2NYT85n2w0ksGPB/cgIfRQTeulsB0Eu1Y8LHAwgygPXcCj6ddShHmAkpqWnZ3Q1W4dbfcR3/gUs4FruPLcs/5ImAwm4awaLXodNjpdDNMSyZt4nU/CZN2cB3y45jMYbweOvQW3SHpBP903gGNKuMr7svZULDqVqlIkF+3vgEN6DPuJ+IzXNeyGTz61XwcHWnzDPLSbecYe34CGqW9qZ0SDhVw0Pw9y5JeLu3WBx9U+GMNbwY6o6rqzftZp4G0ln+dCBurn48vyoTgMuL+lLS1RVXVx+6zbuao6qxrPxgAE0qlMDLL5iwatUIC/bDq0QFmvT/gJWx6bbXMOYnxvdrQkVvd3zLViC8alUqB5fG07MMtZ8Yxre7k67vt/SfBlHO3ZO64/diRkj58ensunhUY/ivmfluRUX5pyhGgW3l/Oqf2J4iYAym2/OdKFnA2nm2Gky/h0wgmez56Sdirie2kaCgMhgA88G5TJofza3avXfKbDbRtEsb/HQLp1Z8x5rLtqe7vGYBP5+xYKz4BE9W1zDbnCqTgzMiaNx1NHO2xGIt9yjte/Tn6QE96VAvAOuJncwf05Vm/eYSd1Nr1KRbSUtNISHhBD+/1JxOH+xAr9mJvk/1I6JlVXxJ4tAvk+nTeRRbUnIUFAuZaamkpqaSbhZAwyOgEmHhYQS6Z18GGDzLEhYeTnh4GGU9r10aXP2die0f5Yl35rA1TijboCO9+venZ4dHKStxbJ37Dk807MzHkblD2xI3m75NIxg9byvHDRVo0qkXA55+it5dmlHZ5QJ7f5zCwBaPM3ZndiU1j0AqhoUR4AaChu5RJrsuYaH4uRSjQ1lR7hW5B96c/qu8NGWjHIxLKESpdPnl2UAxgOgl+8vylMIsMV02vhwiBhDNI0LmJ9/4xHxgojRy1QQQzeAl1boMk6mLt8uxK5bCLOAWMmTHG2FiRBOnJ+bK1bR1MjjIIOg+0nXueRvTX5R5ET6iayapNTpS0va8I9VNCA7N5ZMTOep0cYH0KKkLGKR8n+/leFbOeaTJgU/bSkkdwRAsQ9an5a7Pm+FiBDGULC0BwV1l5r4rOT7PkmOzukhpA4JeQvosybGx0lbKQH9dwEGaTzuVo0yyfNvJUUATr16LJPeuuSqbXgsXk4bonnXk9ZWnJGdVs06vljfqeoiOJs51x0rk9Q8zZNuwSmJEE1O1V2X9xZv2x5W9MrW9vxjQxKPdlxJ//eMUmdM5uy5uEfOlUIeJohQDSzcdlcGT18oXS/+QlJSUPH8Wi+1sysrKkmLULEnh5KmL2c8ylwsltFBPjJmoVCkIAyBpp4g7daPJaagylK8+7U6ok4ZYkti/7P94tVtDQkqUpGL9dvR/7X3+++PvxOfbf1E4mlNj+j1ZEaM1kbXzl3H6pn4Y65nlfL8uEXGoS4/e1fK962u54ky17k/T58mneeuNCMrlmtCJKoNeprO/ASyn2Lb5UK5W+t9d4pYEjWYTv+S56jmflTYS1HMQ7f0MYL3MX3sP39H6Ws8t4uNZh8nCmfojZjOxXe7HK43+bRg/8xWqmyBtz3+Zuf7vVnYKUVHHsaDj36gDDX1vOhTdazJkynQ+HDeZiQNq3LZrTFHsyb4tS3i+ax1cXV3z/MXHx9ss89NPPxWjLhHrVVJSs29saW7uFO5xZB0Pd7drQZXK1as5e4UdqPz0fHZtn82IrrUo7agBgmReIvr3X5j7yTs898QjlC8dRKN+Y1kSlXyHK+JA3T7dqW6Cq5sWsDBXf4WVU0sWsPEKuDTqRY+K+ceQIbgz73z2FfMW/pfBNWzEurEsZUvrgJXEiwk2b0LqPi3p1s7G44mm8pQPyC6blJBU6DXMKXXzajZfsaI51KdHrzCbJyCHGhF0qmoEyxk2r99Ldm+zA15eLmhYObN+AStP5O0YMlTqwhvvDOOF7vXwKz5HqqI8MMXosT5HHK+1qiUzk/zGyuQnK+vv57wccMgz6kXH++F+fLikH+MuHeLXNWvYsHkr23b+xu6oU1zJEizJx9k2bwzbl82nz4wVfN2/EkUdFmKs1oee9Saxd/tNz2RbYln4wzZS8aB9r26U1bnNjVCwJB5i08o1bPsrmviLyaRnWbGKgFzl4Ins0lar7Y1lCAwiyOYIIGecrw0PtZjv5Pk4M7FRR0mxguasc2H7Ehb9bmu6TK46G9DI4PjhI6TxKA640mZgfyovncbBo7PoXn0rTTp2om3rlrRu1YSaAerpauWfq0q9tnTq2JEuTSvk+ax06dI2y7Rq1aoYBbbuTqmSbuhcwnountNmqFTg62Az8afPYwU03ZfSt2iOGX3CaN4rjOa9Xs0umRjNjjXL+eHbL5i9NpqrKYf57qVnqVF3A8OLOjrEUIEevRszdvu6XM9kmw8u4IffMtB8OtK7S2my27j5uUrkFy/Qb8T3HEiy3OJJklvU0ehQ5JNOwVi4dCn7KQ5r0gbe773htiXMiRe5ZAFPA7i3nMTP8008O3Q6G08eYeO8j9g47yM03QX/6k1pF9GfIS92p6Z6X4nyD+Pk6kHpMqWoVKlSgcu4u7sXo8DGkSpVK2Dgd8yn9rDrlIVmoQUNzGQiI6MxA4ZyVanqVfAvuNG7Ao17DqdxzxcY9Ek32gxbw/nkHcz/fj/D36tRpDUBnTLd+tBq1HqWH1zE/B3vUqexgcgFi9iXpeHXoQ8dfG49h0s/D6XrS/M5ZtHxrd2foS89SdOHginl6YxJB6xxfPHk40yKfJAPJGvX+8t17wYMer0DQbfZZYbAhnhdf+7cgZCuk1nfYTiRvyxmyc9rWb/pV3bHXOJ05C98Fbma2Z/PYcKyhbxe1+0eroei2IdiFNgGQls0o4Lxdw5m/cGSHw7z+tu3Gd59jfX8SpZtTkYw4NekFbWK1Kx0o+aLo+g9Yz2fHLUQFx0DFDWwQS/VmT7tSrBifgxLF2zlw/rOfL/4IFmGsnTu05pbvjLJeo6ln/9AnBlM4S+zZOPHNL25gDm5wC+9und0fHyzByNZtBAeHz6SLkWplIMfNTsPoWbnIYzDQlLMNn6eN5NJnyxkf/xqRj47kSZ/jLvlyFFF+TcoVteaDnX60vthRzTJ4I/p/+H7+IK0HlPY+fFHrEy0opkq0PPpltffLZH852I+enswvbqOYEViAWalu+Pukt38MzmYiroa13jRtm8nAg0W4tevYsfOZayMNWMMjaBv09v0z5qPcOBIOoKBoMcjeNRGulvP7eT3GNtPcN8/RoLDK+CmgzX5IPvvSn0MeIU2oe+Y79j4dR8CDEJm1GpWHyn02E5F+ccpVoGN8SGGjO5HkFHDcnoJLz/5DutvOUQ8g+h5LzBgyp9kiAH/iP8w/NEbd9lMFzcyY9LnfL/8Mz6cHontsXY3WGLWsumIGTQnHqpT9Nb131xb9CMixIj52Dq+mPk/YiwmqnTvTf3bXgEYMGgAgjnLnLf/2nqBX8ZOYf1VuTZN5gN7eZRL08do5K6B+U+WLIi0PTDJGs+PH7zFpDlrOXgpO3it53Yyb9JIXhz6X/bZzHkdrxoPEaQDZJCWmncNRYrFK7MU5b4pXoENeHeYxNfDauGuW0ncMYGOdR9j6MzV7L+QY+ixNZX4XYuZ8FRDHn36O6IzwbX6EL6a1p3SOdbIqelrvPmYL7qk8Nu4rvScuJ4TNlPbSuK+2bzYazzb0sAU3Juhvcrd+co4NqBP93BM5gMsWXIAs6kWPXrXvH0/lENlqoU5o2HhxPLpLMgxhDzjzE6+frEt/X+pSkRjFzSES4cOcOoBNUB1vyd5pW8FTGTx57QXGLEqPvfITesldnz0DM+PnsSI50ey8MS1kNWiWTZpEjM/HcHQD7fZeDfIZXbNWUqkGXSfmtStfGOrOTg4oiFknj7xwNZbUR6EYtgr6E3zD1axwv0Znnl/FcdOrGfqi+uZ9ooTnr4l8XbRSE04w4XkLKwCaE6Uf3wkX896h5Y3j2U3VOC5Wd8T370vE349xo8jWvPL5IrUqf8wlcuWwM3BSlrSOeIO7OK3fadItoBTcGcmLfz4tjcFC8bIw316UmvyO/yWCc7NetKzQI+++PLEC70Y98t/iT21hIE1tjG5WhAuqWeJPRpHol6Jgd99ytCDESz99Tcyto+h6cPLqN71A5b/p8HdqHghuNNq/NeM3NOJ8Tt2M7VzNVY1bk3jsFI4ZJznyM6NbDl4EbNegqb/mcnwmtmHnF6qO2PHzGXra2vZNKY5leY1oOkjlQn0csRy9Twxe7awZd8ZMgz+tP/P23S43i3kSLXqlTEu3oV510f07H6MhqUseLV6j3ERgfnWUlH+Ee7F0MuiDU3P60rUjzLphQ5Su6y7GDWyr/9BQBOjW6A83O45mbAsSpJuNyPzWdnxzdvSp3kV8XMxiEbOeSGa0U0Ca7SRgeMXyp+JhR2ynntoep6h0uZYmdrcRTTNXdp+ES83zz0rv6Hpkiz7vhokjwQ4ifb3umsOUrJGVxm39rRYRMRyaYt80DFMfBxN4uJTVuq+tUHSJUN2Xhuabqo9VvZnSV7mGJncyCRgkMBnf7nx70Uamv73JAfkh7e7Su0AZ9G1nNvWXco90lPGLDtso1yKHFz8rnSvX148jFrufWLykgpNBsiHK2Ml/aZSlotrZcQjJW4cE5qjNJx42FatFKXYWbrpqLw0ZaN8u+pAoctqIne/I/CtGVtJzTAzpGt1wsrfjaaqlZRzxzh2OoGrmQZcfQMJCS6Na1EekzZf5ezxOOIvXiHdYsDJsyRlgsrjV6SZ3QfWq8QfPsypK+AeUInKZd2L+TDtdBJijxJ7PgVx8sQ/KJSyXrd/bMdy9QwxsfEkplowuvpSJjTk1i90sqZw+lAUJ1Mc8AwIokKgZ3G8XFSUPJZtjmbDnlPUCSvFgLZVClXWTo5xHVe/UKr5hd75rIxulA6tRum7MKv7QncjMLw29nOx74RvyEP4hhSulMHNn0rV/QteQHcloEpdAgq3GEWxa8XupqOiKIpimwpsRVEUO6ECW1EUxU6owFYURbETKrAVRVHshApsRVEUO6ECW1EUxU6owFYURbETKrAVRVHshApsRVEUO6ECW1EUxU6owFYURbETKrAVRVHshApsRVEUO6ECW1EUxU6owFYURbETKrAVRVHshApsRVEUO6ECW1EUxU6owFYURbETKrAVRVHshApsRVEUO6ECW1EUxU6owFYURbETKrAVRVHshApsRVEUO6ECW1EUxU6owFYURbETKrAVRVHshApsRVEUO6ECW1EUxU6owFYURbETKrAVRVHshApsRVEUO6ECW1EUxU4YH3QFlH8iK+f2rmFHXDpayRp0bhSSd5LMSxzZs4ejFzJw8KlA7Ucr46OaD4pyS8UrsK3xrJ3xFVsvWPOZQEPTdUzOnvgFVaVu40bU8He6aZrL7Px2Kr8csxR++YaytH7pGRr56Fjj1zLjq61csAKGQFq8MIimpQqQKLnWwUBwu9d4qr57gRb/IJZ5b2Sye/pAIr4+g7H5NDI2vJzr0/S/ZtK363CWRqciAI4dmXVhBU89yCorih0oXoFtPsna6eOZfMhcoMk1UwlqdB3GR1PeoGWAIfsfrZfZ+e37jN2cWfjlmx7BucfTNPIB88m1TB8/mUNmQHNmi0cr1g0NwXCbWVgOz+bdYe/xW6YADjT3ebrA4fkglnlv6HgFP0y9emUxhPvl/sh6mjlvjWBpdCqaVw0inupIuGsw4Q4Pop5WEqK2EXnei2pNHsJPtfCVYq54BfZ1Gk4VW9K9YZm8nezWTJIvnuDArt85fOEikT+8TYfIWL7f9DmdS+uAG1Uf78dTwTe3sIULfyznl/2XEbdw2nStT+mbZ24I5SEvLXdNNA1IZ/uCBRx+eRRVbpmeZv5asIg9WdnlRIqw6g9omXeXAw1GrWTHKBsfZf7B9j+uIpioO3wB348Kv+0J6Z6xnuX7V1rz8m8d+O7cYnq5PKiKKErBFNvAdn1kCF/MeoKbOzyuSz/Gz//pz4DJW7l0+BteH9eD1tNb4qL70HrEV7TOUyCTLa9uZc3+y4hXY4Z++QVtHAtQE89KVHKJ5vDeH5i/9y3G17nFJsvcxfxF+8kylKdCmVNExxVkXYvHMu8by2WSkgU0Z4Iqln9wYQ2QuZc9B7IeZA0UpVDs9yLQKZgO789mdFNXNCwcX7WUnRn3YDlaNVq28EPPOsii+Tu41SLSt81nyVEzxtD61C2h3WLKB7vMzKTTxB6K4mD0cS6kFL6v35p6nmOHojh07ByFLi5WRATQMdzu6LOkciHuMAcOHCbuQioFXlRGIvExh4iKOkLc+ZR8y5mjd7MvIb/7JYpS/NhvYAMYytGiaWWMgPXMCY6n3/1FiEWnTqfHKKWbiVkyj02p+U2ZwobvlnHcYiTk8daE3kHXxD1ZZno0P40fQLPKvrj7liE0vCpVKgbh5+1DcIM+jPspNu+JIXMzr1fxwNW9DM8sT8dyZi3jI2pS2rs0IeFVCQ/xx7tkOO3eWkx0rsIZrHkxFHdXV7zbzby2/OU8HeiGq9/zrMoEuMyiviVxdXXF1acb867mqGrsSj4Y0IQKJbzwCw6jWrUwgv28KFGhCf0/WEmszf2cTsxP4+nXpCLe7r6UrRBO1aqVCS7tiWeZ2jwx7Ft2J10L5/SfGFTOHc+649lrBkn5kadLuuLq6kG14b/eYiMqyoNl34ENN/psHZxwNt2DBZjNmJp2oY2fjuXUCr5bc9n2dJfXsODnM1iMFXniyepoBbtven+WmXmQGRGN6Tp6DltirZR7tD09+j/NgJ4dqBdg5cTO+Yzp2ox+c+Nuao2a0K1ppKYkkHDiZ15q3okPdujU7NSXp/pF0LKqLyQd4pfJfeg8agsp18sJlsw0UlNTSU2/VinNg4BKYYSHBeKuARjwLBtGeHg44WFl8bx2cXD194m0f/QJ3pmzlTgpS4OOvejfvycdHi2LxG1l7jtP0LDzx0TmCm0LcbP70jRiNPO2HsdQoQmdeg3g6ad606VZZVwu7OXHKQNp8fhYdqZk1yWwYhhhAW4goOkelAkLJzw8jFA/1ZGtFGNyD7w5/Vd5acpGORiXULiCGTvkjTCjgC6+/ZZJ2u2mNx+TaS1cRUMTU73xEmW+5cxl8yuhYgQxlHlOVqffripvSJgR0ZyekLlX02Td4CAxoItP17ly3sb0F+dFiI+uianWaIlM2yPvVDcJOEjzT07cbi3u+TIvLughJXUEQ3np8/1xycr5YdoB+bRtSdFBDMFDZH3OjZ6xQ94MNwoYpGTpAAnuOlP2XcnxedYxmdWltBhA9BJ9ZEny9ZnKyoH+ooM4NJ+Wu9LJ30onRwTNS3otSsn92dVN8lq4STR08azzuqw8lbOmWXJ69RtS10MXNGepOzbyxnpkbJNhlYyCZpJqr66Xi5bcs72yd6q09zcImoe0+zL++r+nzOksjiCaW4TMv6kqinKvLN10VAaNXyETv1olR48ezfOXmZlps1xycrLYbwvbmsSuTwbzweYURPei9cA+VLpXd7A0wptHaQAACm5JREFUJxr3e5KKRiuJa+ez7PRN/Z7WMyz/fh2J4kDdHr2pdjdu5d61ZVq44lyN7k/34cmn3+KNiHK57zQ7VWHQy53xN4Dl1DY253qkUrs+jwStGRO/fI7qOZ8WNAbRc1B7/AxgvfwXew/fyWWFlXOLPmbW4Sxwrs+I2RP5//buParKKg/j+PdcQEEcCVsaIIF3ybtFpqWUaaZJjqioYDordXlLc2UzYqNpWjqiNlkaWulMLkfyglbL22iITN6qMbECL6mZgZdSYBRR5FzmD61MQFG57dXzWYt/2O8+ex/Wy3Pes89vv6d74LUztePf9VXix7bAg4t8+W48ST9fZV9IJ/17J1j9eaTHw9S87qyu3mo0ry+YyfTZsxjcskI/5hQBIP2zDUwY2p2GDRsW+jl16lSRfbZs2VJZq0TcXEr/iDkz9xeuInA7yDtzjH0pG9i89xT5VKFB9HzmDwkp04oDz7AYolq8wfS920hYeYwh19RHuzISSUg+B96dGNCvITb2VaIxbdTtOYn5PYsfxx4UxD1WyHRlc+ask8LFQ1b8Hu9D9+uTEPAIDibACidcOZzNKapvSeWRsimFcy4Lnm37MaBJUY/jScveT9N0ViqpJ1NI2nuZru08wdMXX28L5JwkKWE9xx+N5N7fdLfRqNefmXSbMxOpLCptYF/Y808m7yn+CIvVi1rNuhM1ehKThrWjJBsC74i9GTH9HyRu787r6qOdHF25gh158IenBtAnyAqlVXhQqmM6yT6wjfX/3sHXhzM5c/4SBS4Xbje4c/dz3AXgwlXkB5c2AkNCKLIK0svraumlE8edVMg5jpL+7QVcWPCy/sTOxFV8XtRxl3Pxslkg/3sOHroI7TyhWleGDGrMmjf38+0/omixvSMRT3ejy+Nd6NyxFQFalpZKpmWHSAb96Vlinggt1ObtXfQJGxERUVkD28IfHotl4cjW102wgAPvj+eV9aex3BvNu8nvEFHEVV/ZsNGgXzQdpu3kk2vrox37SVjxGfkWPyKie13ZjFNqlWKlNGZuKotGPEPsB2nkOG9QSnKDtyh2zzLeiujMIivHBbjI2foa0Vtv1sFB9pksnNTARnUej1vHco9hjFuQzA+Hklk2J5llcyxYvf1pEd6d3oNGMyqqle5XIpWCze5BVa9q+Pj4lLiP3W6vvIHtUedBevUtvHHGef85du0azcbvlzJ+cl86vN0V33KalbVOH2I6/5WkD6/UR09+oAO21ARW7SvAUrsHMT38KuGYWawbF8lzy7/Daa3J/YPG8VzfcJrXrUUNLw+sgOvYIvo+GUdqRZYkW35eL7dyV/uhvNDjZktcNgIf9v1llR3PekTOTqLHi6lsXJ3Iui1JbPt0D0eyTpC68T1SN73PwqV/Y+3KFwgr+f+ISKVSSQO7eLZ6Q5kdu5ztEz7l8HvjmNpnN290qlE+g1tr0TOmO3d/vJwjaxLYPrMtXh+sZn+BjaCeMXQpi9t33OGYrtNrWLjiGA48CB2TSPLfw7m+i+N8sftJy4/Vj5p3WQEnlnpP8uLEXsXvcr0Bz9qt6Dm6FT1HTwdnDkd2rGNZfBxvrPyGzE0TGTarI6nTHyjt2YuUCwPfINppOmYu41p7QcFBFj7/Kp/m3rxXafHtNpCnA204M5PYsGs3a9cfxWGvT++B4ZTVUumdjOk4lMahS26whfBk73aFwhpcnN79OUfupMCjNNjrEtrABysuzu//pnTmY/OlfseBTPlXMotjArC5L5O+aVMpPLBIxTAwsIGqYfxl7nAae0B+2nzGzthFsZsBS1u1TjzTux52x3d8siiezUeceNwXRXTbMlzjvZMxbbYrywZuBwWOwuvXrp82Mu31JHLdV4+5XFF3j/Im/IlHqG4Bx1eJJKQWvSHflfkRMybEsXTLfrKccOUFZxlxE0cx7t19FJnzVl9aNg+5crLnXyzc7nZTKe6ZJXITZgY24NNxMnGDgrFziX3zxjLrizLYl16kKrSPiSLUw0FaYiJpDg/a9IumVZkuLt3+mJ6Nm9HEywLO43y4IOGaLeT5nNy9mFHdBrGxaW86eFvAncWBtIyS37OjVFmp3XcsAxt4QMFXvDkilg2Zv41fV9Yu5jw7nJfjYhk+cSXHr6as5fBa4uLieSt2HDN3nC38+ev/vmDpmlQcWPFrFfbr7z09qWIB9+UTHM+omGctciuMDWysfjw1/TUi77HhztvD62PnUsxFWamzt46hfxsPXAUFuKq2p3//RmV+17nbHrPmHxkxoC4eFicZiUNoWbcpbduH0bxeAHXbD2NpbiTz3ppE1+YeWNz57JwSTuv23Zi6rZz+mNeq3plXF0/kIV8L5/fMo2ezpnSKGsqo50YxJKozzRuHE7v5R7g7nKnxL159wbJSK2oaUzrXwpK9jSmPNSL00UgGDx/D82NHMaR/V1qHPsb03XnY/Lsz9aUevwxXpVkLGtst4PiCOf2jGD5mJEMnJ5b/8xYpIXMDG7D692Pmy13ws7rJ/SyOsfO+5ja+tuDW2RoxIPphvCwWfB4dQFRIOeyeu+0xfek2dy3xQx4ioIqbiyfT+XzXf0nLtNGk1zQ+Tl5Er8BQRs6eSo8mfng6csjMOMulCloj8O3wCpt3JPBSZBtq5R9m26rFxC+IZ8mqrRzK96dt/5dZvWM9E8Kq/drJsylj1qawYlIUDwY4OPqftSx9Zz5vvhXPkhVbSLtYhw6DZ/DRjtWMuGZDji10JDPGt+Vum4uze9fwzvxFLEs+UgHPWqRkLG536d/yfsLb28nLdzA6sgVNgku/1E1ujys3k4MHMzhHdQIaNSaoeiXfpn3pLEe/PcqPF9xUreFPSP0gfG+6bO8k9+QRjmZmk+e0U61mHerXq413sZcmLi6cOED6DxfwrBFASINAahhXOyUmWZtymK1fZvBAk1oM7nbfLfXVqfk7YvUJJPT+wIqeRslVrUm95jUp4it8b8CGj38jWviX9Hgr1QLuIyzglmcnUu6MXhIREfk9UWCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIIRTYIiKGUGCLiBhCgS0iYggFtoiIISpZYOeTNL4NwUFBBIfFkpJ/XWvSeNoEBxEUHEZs4UbGtwkmKCiYsNiU8puyiEg5sVf0BH7LTV72CTIyTmNxZ3Hx+ta8bE5kZHDa4iarcCPZJzLIOG3BXahRRMR8lewKW0REilPJrrCrErHkFM4lxbRGLOFU8Y0sOeWkmFYREePpCltExBAKbBERQyiwRUQMocAWETHE/wGWk27zqkW/EgAAAABJRU5ErkJggg==;" parent="1" vertex="1">
+          <mxGeometry x="40.00000000000001" y="1250" width="106.52" height="115" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-71" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1.003;entryY=0.656;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="Y_2FnxaHt-eN1trxS_el-68" target="Y_2FnxaHt-eN1trxS_el-59" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-77" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="Y_2FnxaHt-eN1trxS_el-74" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="-75" y="1430" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-74" value="listen for ttRPC as part of kata agent which replaces shim" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-150" y="1330" width="150" height="50" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-79" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=data:image/png,iVBORw0KGgoAAAANSUhEUgAAAlsAAAHtCAYAAAAuvruEAAAABHNCSVQICAgIfAhkiAAAABl0RVh0U29mdHdhcmUAZ25vbWUtc2NyZWVuc2hvdO8Dvz4AAAAtdEVYdENyZWF0aW9uIFRpbWUAV2VkIDA3IEZlYiAyMDI0IDEyOjQ0OjU0IFBNIENFVBxDW9EAACAASURBVHic7J13eJxXlbjfr0yf0TT1Xqwu27Jsy73bsWM7TkgnECB0NsDCAktZlqWXhV1+LLuQhATYkJ64pLj3FvciV8myLKv3OqPp5feHLEdxXDSj2InZ732S55Gs79xzz73nnu987R4hFAqFuQ5+v5+enh7sdjuSJF3v0HcRDAYJh8OIoogoiiOWC4fDBINBACRJQhCEiHUKghBRXwFCoRCdnZ1YLBbUavVN1zkaO0OhEKFQKCo7Abq7u9HpdOh0uluiMxAIAETsC0M6AWRZjkgnQF9fH6IoYjKZRizzfvjfrfR5AKfTSSAQwGKx3BKd0frCaO10u924XC7sdntEch+E/0XrC/B/K+Z2dXVhNpuVmPs+61Ri7s3TCdHFXPlGSob+LghCRB2KVu6D1Dn8/1ulMxrZaPt6Lf03W+do7Yy0r1fK3y7+NxrZ28X/3q8xuhU6R+N/t2P8U3ReX06JuSOX/3v2heEykchFdsmloKCgoKCgoKAQEUqypaCgoKCgoKBwE1GSLQUFBQUFBQWFm4iSbCkoKCgoKCgo3ESUZEtBQUFBQUFB4SaiJFsKCgoKCgoKCjcRJdlSUFBQUFBQULiJKMmWgoKCgoKCgsJNREm2FBQUFBQUFBRuIkqypaCgoKCgoKBwE1GSLQUFBQUFBQWFm4jsdDqve0AgEMDv9zMwMBBxQcuhApGR1A8Kh8OXC2FGU9g0Gp1Den0+Hy6XC5/PF7FOQRAiLjg7VAgz2jGKRidw2b6hcb7ZOkfrC9Ha6fF4bhv/G14UNVI8Hg+BQIAbreX3S+do5iVan4dBv/X5fBHb+UH432h84XaMudGMkRJzb55OJebemFsdc2W/33/DDgWDQQKBQETGDA1eNEUeh2QjcUwYnLShRRhNshUKhfD7/YTD4Vuic8i+aILUUB+jWRBD8xlplfRodUbrC++HnUNzGo3OSP3vg/B5GDw5B4PBiOwcjc4Pwhdg9HbeSv8bjZ1DMdfv90ecbEWrU4m5I9MZjSwoMXekOv+eY65stVqve4Df7ycYDGI2myPKAIPB4OWMM1IHG55xRjKAQzoFQYgqQw4EApjNZtRq9U3XORo7Q6HQ5auPaLLyUCiETqdDr9ffEp2BQAAgYl8Y0gkgy3JEOofrM5lMI5Z5P/zvVvo8gNPpJBAIYLFYbonOaH1htHa63W5EUeRGMetKPgj/i9YX4J2Ya7FYlJj7PupUYu7IdYISc69HNDFXeWdLQUFBQUFBQeEmoiRbCgoKCgoKCgo3ESXZUlBQUFBQUFC4iSjJloKCgoKCgoLCTURJthQUFBQUFBQUbiKRf26goKBwkwng83jwekIIhhgMcgify4EvLCOpdejVyjXSjQkTDPjwDjhxCwYMGgll2BQUFD4olPCjoPBhI3SWfa/8ku8++jV+dSiEw9/C5v/8LP/y49/x5M6OD7p3twlOWs6s5akvLuCzTxznTIv7g+6QgoLC/2GUO1sKtxeesxzZ+BZ/e2ITpwOX/k3WojNaiEvOZMy4cmYuuoOyxJHv2/PhI4DX7aCvpw/ZJxAKx1A456OofYmYc4wfdOduEzSYE4qZef+XSUpMJSFmJP4QAlxcePsUnqRMbEnxxN7CCOlqOsmpgzvZvOcwx6ob8QTVSMZ4ErNKKJs2izmzp1BwxRZjIU8v/fXH2LRuE4fO1HKxw8lASIs+Np2soknMW7qMqZkmbDoRb8MhTm1bw492pPDVnz3CpCQLlsi2F1JQUIgSJdlSuL0I9tHVWM2ZU3X0zX+IeakyBnWYUMCLx9FJ3Z7XOH74DHd89EHKM01kWjUfdI9HiQDoSRk/B1tYjaTVfdAduk2Q0VvTKZi9nFTZTIx+BJtChr3gq2TXaxsIz11Ome3WJVv9Z9az7o3N7DjVSr/GSkLmWMwmNSG/m772o+xedZ6TlY08/Nh9TLCBQYaQo44Lx7az6pX17GvVEJuYSGa+FpkQHmcfbYdX8lRVPS0fe5CFZZnED3TRfeE4O94e4EGXn8j24VdQUBgNSrKlcPshyOhtGWTd+498YbKMXePD4+yi7eJZTuzfwZpVL/Kaxg53T8dWloYpHCDg6aPlbAVVDZ10On0EVUbM8elk5heSH69FJXlorTzOxaYe+g2p2J21NDv9uAMSens6GTljKEg3owIIuei6eI4LF+qo73AwEJLQmhJIGVNAToqNeJOIu7eD2oO7aI6fhNXbjqevkw6HH79oxJJdxsR8GxatjOh30Nd6kdMnzlLb5ULU2YhP91HXNXQqDAMeWs8dot4fhzmtkGK7j97KXex2ZJBpcOPqbqGhrR9ZG4MqLp/SCdkkxmjR4MPV20b96ROcbejGLegxJeUQrw+gdrVQp5/M/GIrJt3VEhE//c3nuXihltrmXvp8IUStmYSMQvKyEkmwaMHRSXvNIfY4MigwOfE4emjtduENq9DE5VNWlk2cQY36KndPnLWHqWodoM2vJ5tWKpoNFMyZSHa8DqGzgfrqKqqbe3D4QWWIIyEzl+QEO/ahG1TuVi6craS6rpVOj4DWHE9GcRrB06cJJJSQlJ1GfKiFmqMHabDPZtIYG9qQg86WeqqqLlDf5cQfFlGbYknMzCMnw44teJ7Dbz7HGxveJtzjocXvw5WfTLG6jk2nJDIz/Dg6+/GEZNRmM32NAfIXTCPTosEgAWEf7r4WqnbvojFhNuOyVdBcw8VmL4yZxswcA+KVYxEOgKeOQ2tf5q29PfQlTmHxkpmMTbGQlRJDyNlG7cm97Ny6h13rn+cvyWNJuiuDTEuYrpoD7F3/BisP+hj3kRUsnlZEYaqFGNFLf2s1FQe28PKqHRw/PZmCzCTi35/Vp6CgEAXyjWpSDf19eP2ikTB0fLRyw3VHKisIQlSyV+qPRjYSmdHaGY3sle3cKp3vmy+EIRwGUVKhN9oxWSBGBzG2OOLTx5BbnE+BeIrHX3iLgxlxFOankCB303luN2v+toqDFzpocfgJygasyYUUzL6fT99dSpqlj6rtz/HauuNUpi5njqqSc51OunsdCNaxjJ93N598eBY5hhCepgr2bXiLrXsqqGofwBGU0JviyZi8gruWTGfmWCvelpNs+s9/5K387zDR0InUW09tUyfdAzLBwkf5/tcXU5ZuQm6r5NTW1fzphV1Uu8IYbOnkjE+B+g6cIbCFQ4TDXRx+9Te82V9O7vIvk1vWy8XVP+ZfT85hSZ6aGH8blRebcAz46daU86nvfZEl49JICrXSULGZF598iZ0NLtDHkpg3iWShiWBTBW8X/ZayTBNGreo9Yx/sq+HYllVs2nmYY/V9OPwBRI0Re/Zslt2zlPlT8rB2XKBq5U/555Nz+NhYAY23k/P1LXT1+eg3TuWz//o4iwriSdQK75nPzsMreWVzJTt603k4rpW1lWk8lJWJPuyhZ/9m1r61g+NNffT6QK2PJblkLlNmzmLxpCTsIT+9lVtZ+/xathxroEswEJuSScmsbJqfeZbQvO+w5GOxTPPu563ffovNU17kl4+WYKSCo5s38OL649T1D+APCaj0NlLKlrJgUTlzEs6y9S9vcbSxm0DAR5/GhtY9juTwK3z/JwPMX6HH29EHGgP6eCuHXzzPkqf/xKOTEskyihDopev8Lp79/j9T9dBzfPNeE8G9a3hzRxc8WMTUTB0q6YpsK+Ah2LieNZvP0JX2AMs++RiPlcfg7OnBbrcjSRlk5OaSGR+D7r//yC+feZ17yz9FrH6Ac0f3s/dQO9L07/D1rywmQyOgZrB0SWpWNrmlpSSp/kKlVYU64CMcHkzdB5fRpfV4rXUW4RpVYu7I27lVOm/1+feD0PlB5BlX6h0p8lB9oGsxVFjyRsddTS7aQRiqeh9NRfdo65GFQiHcbjeyLEdUXPKDqBM32jpdbrf7chHYW6FzaF5kWUalUo1YfnidrsvjEwwSCg36VCgYJBiEd1xTQGWMp/TB+xn/ylO0n2+itslFbncFe5/+Gb+pXMy3v/MDlpenoG/ey85Xn+PnP/sJhpyneLg0TIgw3S0t1DiauPO3v+M3eXpMjSv5y+9f4/VXXkJTPIVvTfRy9tVf8+xeA7rJX+Cnn5pHkdFB3bpf84Pf/i9rQqBOXExJMEAw4ObC5m3kfv07fGLZJMo4TdWmZ3jkq79l44JSYi0Q3L+FN1dv51DcI/zx55+kNKaDk2ue4C+7T3HaX0hqaLAocSgM4VCYUChIKBhCEoP4z2ziVO63eeT+L/GF7H78DTv5/kf/jTe2zCPdakPXv4cDa17mr1VZfPX3P+HBfB+92/7GS8/t5ZUaLeZi+XLR43f7X5jenX/ir89X0ZV1B4/95hHuzhVxnH2Bn37rSVauUuPSJvCxxBBSyIv/5FoqSn/EFz89j29m9tJ4cDU/+uy/88rmJWTFGInL0A62Oszng5JIoLuerk4zTXd+n6f+NZNYKzS98e+8/uZxdulW8LNnHmFSPHTu+RNPPrWV9bUtqFL/gYzYTnb85X9Yc6GAggd+wi/vKSCufSd/+dkvWdvQR5wPggQJBkODCUYoSCjopHLvajbvPk/r+K/x9DcXkix1UbvxDzz1xjE2rrcw/vsL+cHvL1L5qYMkP/Y49z48j/LAKVq2h1H3HeNw06d57BNLWDbFiOP0Fp5e9yp791xgUbqJNJ0eehvpqTnBjsZSlpdlEh+nRhw3izlGD6FcHeFwiCvDaMjjon//bk73Z5FbOpapEyyIQf8VMTeG5MwCFs7K5Vff38aRxo+Qq6mmtrqFJk8ms5bNI0MWkENBgpdjroioTmLWF7/HrEutuKuCBENhIHRp7QQJCu+el3ettREwtLZDoVBUtRGH7Izk/DK8NmIkjMbO4fEvGqKxczQ6h2ojRnr+vWrMjYAh2UjsfD/8L5o8I1qd8G7fHSkfyseIbW1t/OIXv+D8+fN4PJ4Ryw2/yopmIQYCASRJiqoy+2iqq0crG42dwOXq87e6Av348eO5++67WbRoUUTyESGpIDaTFKufFreT/t46WrvPsOMATPvCo0wtTCVep0bMHEfJvPks3vxD9h1oZEGafVDcnkZ80Tzuz9EQoxKQ0sspKNpPRUMNR46eJVTcxY7dHeizFzJz3gzyrRokUST9jkdZuPnr7Gyr4VRVLyWJgCihHreI2cVpFNklpKANY34+BZqVdHT4cPbW0Hmxjpa+eKY+cA8FFhU6bTKlMyYz82w157dfz1ABLFOZMSWf8WNMSJKEFDuWSfl+VnW143K009p4kZomD3HzHuAjeSbiYkTsc+cxrbGWkxeP03zVdoMQdnJgzz7abLOYMGM2c3NjEFVgKvgoy+ZsoKbyIlVVF+hPBEQVWKcyd3oexZlGZLWMIa6QibleVra14XF5AO17tMiALMYTlzKWhXeNISFGRh2s4OSJejoCWcz5yArK4jSoJUgoX8qMY5V07a/iwJF6PpXVztFj/cROnsnkiaVk2nRI2ik89thM9lZuxS8MDs+78eP1+PD4BSS1HqNOQBSsZC74Mt+eGiAg6bGK14g1YQGCRsbNmUFJSR7xRgF9QjHz5yTzxr79VC9KJS9Dj9TSwsVTlbRMWMK0TAMJOhO6sXNILhIIa/RceVMLIBQM0drSgtdYjN0aQ6waCLz3OMkYgyE1jSzO0N4RwKnvxuEM4TYmkJamRhB557aVgoLChw75RlcjwWAQURQHg3mEVy7RVGYPhUKEw2FaW1tJTk4mKSkpogrioyGaq6XbkQ/CzmPHjuH1enG73SP2h+HJpCiKgz+LIqIoMPijhCTCu5oLy6DWohZBFsKIvn48jiaqay9Q/fQ3+fYaNQYVQABPfzuNNf2E6lvx+WIQRQFdTAwJ6RnE62TUkoSgSsBqM2PUujjR0obY20xTewcVlc9wumIjbxmHxtFN08nTDBRMIKvHgZg8mMxaEtOIMxsxqmXEkBq1UYtJ9uMLCIRc3Qw4PbhFO8VZcRg0ErJKQpWcSnxiAvFix6W1JyIKIIgConDpd1EEWzIJdjM2nYwUVCGq9VgNYfyBwTs5TqeDPreaxJxcbAY1GpUE9iyS0zPITjxOiygiXlrXl/0hHCAcbKe50YFkTiAhJRGbToUISLKNrMxEDCcH6OvqokewI0oS2FNItJuw6lTIQhi1RodFH8bnDxIOv7P+h195SqKIaLBisKSRZdehFUDqaqers43T+/bxdnM9p58cGlsvXRer6JKzGdPaguRspt1pwhqXQFKCCa1aBMmKvWwCWcZ9tEkiovSOnwiiiCjFkFY6heIL7VRs/ne+1DSOwvxcigrHUVqUTVaiGa3PB6KAgDAoI0qD/RRlEBNJSbdht+vQqECKS2L8ghmkbt5HTe18WgosaDsaqazup3D+IrKsJowqNSqN9roXJyFRJOQPEBZVqCQValFCkkLvjbkqCVkjoiFAMCRAMEw4LICkQqORkSSQwtePuZIoIomDmagoikiX1s/wO9yR3mUfmtdo7ngPre8hW2+2zuH+F83Tj6H+RvM0YUhfJLLD41+kdg4dH6mdV425ERCNnR+E/70rFkWhMxo75RspGZqoSO+iRDthw49PTk5mwYIFZGZmjlhe4cOJ0+mkv78/Ij+6cuEP/jB4AgUBBAFBhHc1FwxCTyudDjWi1ohBIxLqCuITbSQVTWRcqhrLsF0AxEUaTCVjyIjVUCcIyLIKnd6IfEm3IGhQSTKyEMLn8SD43HgCWmJS8kkrLSTf/E5bZWUz0KZNZGKBGVFoQhBAoxmUlwRhsO+igCxAAAECPkKBECFJi14vDyYGgoCg0SFrtKhEAUEQL/Xj8qBc/l3QaFCrpMHjQpdOBAKEEYAAgUCAQEhCb9S/s64kPRqdHpNhcAwFQbhiTsKAG48nhByrQaPRDPb9Ejq9FjnkIuAL4Lskj1aLRpaQhxKV4f24Yr4vzyeAWoOs12MWBURACHjx+2XU1nSyx09iYtyweZ04HSEmmaQsC4KvBldIi0WnRquRBsdGksFsx6SS6RUujdvlt9FFBEFDXMEs5qzQQ+wJzjT301dzhF2Vhzl2ZCJls+ezrNxIjPCOfw0fG0HQY9RLaNSDf1eZ7MSOXcCsuB9SW13PhRwf5sZWznanM39BNlaDNMyHru3vkiRhsVpQufvoH3DRHxSIu3T8cNmwz4Ovp4cOrMSYZXQ2IzptGNndQ3unD9I1V4+5ocGlwpBvMWTb4PgMXrSIUd9lF67S10hkh5KtW6kTojsvDT3Si/ZCNZqxfe/6HJnc8EeB0eiEyJ9gDJePdGxH63/RJIbvh+9GIvehfIw4nISEBPLy8j7obiiMEoPBQH9//03WEsLv7qd9317OueKwxcURH29A7jZgNscTe/dX+NLcWMZYBoNIOBQi4PUhajWIQht1QCAQxO3yEAQGr1k8+Px+AgERnV4HWgM6jZ70yctY8akHeSD/nZfLvS43YVFEVvvpqhpBd1VaJFlECvpwuUJc3mPY48Hr9jAwmsdCgoQsS8hSEK/b9c6VXMiF1+PC4bqWoAiiAZ1eJBBw4/V6GdYzPAMeAqIKlUaLVoCBUXSRwfzznSCk1qHR6EjMHUvZo9/mnye/kxUH/QFcLhcedzMEtMiCD5/fjy8QHmwoFIT+Xhz+IN5rjJtkzCBvWhqZE+bRUn2S6nPVnDqwgV17umlyGMkvmc+E63RXEnnna0LZhCp2AgunGPhNbTWn957D5u6m2TaFz5doMaiDjOS5nijLxOYXkxiuoLWujupmF1kpV3ywEPbS39HC+dMNdCaMJztBhzkxmbh4I2Z/E8cPnKN7bDE2echnAUKE/AO0HD/ABTGDlPQUEm7YGwUFhZuFsoO8wm3J4AuOfgL+AAG/H5/HhbO3lYZzFbz+whYaY8eTXZBCdooZvd1GmrmL2jM1dPa68AXDhPwu+tsbqTx2hiaHH++lO9leRy/t9TW0uUMEwhB0N9HZ2U2/10haZjKCLZP0OC/urgYaGzsY8IcJh4P4Bzq4eLaKuqZO+kb6fYUuFlOMDl2oi/raDlz+IMGgj4HGRjqaW+kc2fn66oh6jCYjMTofHfU19HkDBEJBvD31tDbWU9t+DTlBhSAmkZZlJuRooa2lhV5fCMIhQu5uLtS24VEbsMXbsb3f0cOURHysjMbfwsXqBvp9YULhMAF3L60XarhQ00BXQA3mFBINAzg6OunoGsAfDBJ099NVcZKLTheOq41Z2ENvcz31F5roDJpJn7CAOx76Al/9yoPckaPGf6GSsz2X7sQRJBgIEgiECV1z/GVklZ1Jc8sxdVZRsW0bh1pdaCdNY4IBtCJAEJ/biaOvn37v1T9GEVRa9KWLmJrhpv/0EXbvOEVdZx8ujw+fz4vX5aC3vZqK40fZcLiL+IVLKU0yYbeNIbsgnzF2ByfWvsbuc0009TgZcHvxugcY6G2lqeYAr//++/z2xZ3sq+lj5J/DKCgovN8oyZbCbUkw6KO/p4mu9g4621qoP3eE3Suf4A8//C4/2GKg9OEHmVmaS4I6icTk8SwoN3Di5T+x6Xg9dQ4vzqbDvP3iT/n8o9/k9/t6aXBcarirnu7DW3nueD99nhCOkzupOFxDrS+DyZOLELXlzJuZRah2Hzs37+Rgq5eQr4eWvf/Dz//pm/zkrzvZffU3z9+LJoPktCRiDY28vW4lFZ0D9PbUcmDnLnYeOEUHQGQfAQ/DSlJyOhnxYWq3rWZjrYNuRw81O/ewf+chqq955hVBMDFt7gwSu6s4uW8/W2vdhHwOHKeeZ9XOZrBnMb44B/O1mogWVSGl4/JJlhrYu/JVNtd58QS8dJ18lT//4rt896f/y1sNegRDORNLJDrP7uPIkTM09vfR33iUPz+7ldrOfnxXa9tfyba//pQff/NH/HpNNV1eCAV8tF1opqk7SNBoIz5GAI0GldBLZ1cvLR1e3N5rd1dQqTDOXEiprprzh05xvMnI1JklaBh6P7+b+hM72PLmOjZXDxC8WuImasC+iIcenkv2wB5e//2P+d4Tb3HwbB11dbVUH9nCmv/+d/7zf95gU2gG3/ynZeTGmtBgI3/qfJYuKyHt9O/4xuM/508rd3DwVBXVZw7y9pon+a9vPs4Pd5pJLSmheEzch/8xhoLC3zHK+lO4/Qh56Ks7yN7vLOOATkCSZVQaHSZbAik5d/OtP93N8mmF2FQBQCQmo5RpX/wR/6Z+gd1PPs5n/sNPQNQTk5jHlG/8iE+UmUk19tAC6JISiU9IQHr5i/zDz1ppcoTQpM1g1iP381CuiCRqyX3o23xWvZqNO//KTz/+PwwERdQ6O+kzH2XF0unMSIJQ7UgMMZE3bTH3OB20PPcs373/b6isGeRPzsZcNJEpNZ7BZCuqu1sC5oLpTL2rm481vsyfv7CUv8akkj2+nNTMKSwIH2H/Nd/tFDBM+Ryf+/grbNiyjr988Xl+75eR9BYSJn6ee1fMY26RAa51dyxq1KTO+yj3ilZUazbz1Ofe4jd+kLQWkormMX/5PJamywiCjYWPfYm6Z9ez5c9f52PPWYjNzGbGkgcoPv0KwtWimiqfmXetIKjexOuvfI2HnnTiEWS0pnhSxy9k2eI7mWrRI+hnMqv0LV7Y8Ct+XX2KqjnjecxyrWGSQV/O9InJHGzV4E4by8ziYS8EhrqoO7ad7du7CGvnsKLQiHS1TxIRiJvzOF/W5zNu53a2HfkL//lGJwNBGbXegi0ll8LlX+GRRQtZkCFgvqRCshVRuvRL/CI2h9ff2s3Jl3/Btic9eAQ1GlsCadn38d3P38+iyXnkWCToHOX0KCgoRI2SbCncXmjGMHbRZ/mebR7tQ3d9BBFJpUFntGBLSCE9J4eUGBVuZz8gIOms2PNncfenrRQ3dtI54Cco6TBYk0jNLSLXpkZzKfGQ9XYS8mZy5+QJlHS7cIa1GOOzyMrOIVELAgK6xGKmLtOSWDSDhi4nrqCISmclPquAnFQ7VrWEP3k8i7/5BEXWUgqS9Zc6asWaMo/P/NcfCY5LIdcqoZMLGbvwUb6cWE59txdBZyM+IwlTyEOwz4NUJKBX2Zn80HdI8tsxpVhRWQyk3fNjfjU7nZK8+EsbK0jorJlM/fJTWLXlFGabkE0mMspW8PGvjmFGhwO/bMKaEovr9CYO1h1HZ9AhvmdL80EkUwYl8+4jJnMi5a29OP0iotZCXGYBOWmxxOkkiM0m974f8Lu56UzKtDFYGEnGmFDIzK8+Say+nJI0w1Xbt0y8j4eS3CzSpmOCyy9uq61ZFM5cgSmxkPKWXpx+ELVmYlNzSEyMI1YTAEGNpeROln8yh6KmLhwhFVqzgZz0ehp1JrxqGZ1aR2zcNFZ867+YaBtDZpwZW8I0ZhtTSJrQTEefCz8SaoOduLRsMjNSMMkSSPks+uJ3SW/qpU+TTGpyAlZTMj/7bz/Z+UnEvetZgACiTIgwpqwikkvKKDYOG08hkYLZD6DP9SLkmC99CXh1VDGJZE9eiDE5l7xpTVxobEPWmZC1Jky2BJLSMshIT8I+rPqUIOsxJuQzdq4ZU0oZ9S3d9Az4CAgqNCYr9vhUsvOySTSp0UgCweRxlNz7DZ4qi6E8wYTp7//DawWFDw1KsqVweyHHkpQfS1L+9Bse6h76QZCQtDZSx88mdfz1ZQRJi96aQdHMTMZe65NgUY8tcyy2zLGUDfvny5vqIqIzJ1O44EEK39W4Dr0ll6n35w77xxjMqWMpTyqinGt9hmwgvWwh6Zd/12Edt5S7L/3mdDoJIKLSW8ic/TCZl/7d33GOxtOn2HNBT/ni5RQlapG6j7P9QDcN/fHkjYlFlq91e0uFMSmfoqR8iq74y+XNFo124sYv4b53Dw4aUwLZcx4m+xotA+jTSpmQfrWx1WCMz6YgPpuCK/7kdrsZGPBD2M3FIzs42mbDlj2ZhcVJmAJtNO7dQCsJZMSaSTSrMNiyGLsgi8JLGzyKYjzJ+Ykk51+nY4KZzMmLyJw8fIPH68EuDAAAIABJREFUTJZnXxEqwyFCvgG6z23hwLkw2rQiJk/KxjrcJMFCStFU0kpG9raGKiaRlJhE4sf4KejuJjY29oaflguyFq01k4LyTHJvsKmzFJNM0vhkHr7BGlBQUHj/UZItBYW/U4LOFppPbmPNqm4ueLopTzOg7jjOsbP9eFJmsXScBZ36xu18uAgTJkBP5Xa27gkSShlHS1029mA353dW4sqaRV5BBpnv+wtlw7vgwtnZSOXbRzhx8E2OOrMoLS5lWn7MTVSqoKBwO6MkWwoKAEhoDBasNj+iIfJNCz+MaDPKGLckyBfan+avz/+ETb0BhJhs8mfcxZ2P3s9daXDb5VqICIKRCQ88zv2B53ht3cv89s0+fHIsiUWzuPczD7JwUjoJN3MKg520Vm3kmX/9AwetpSz49L0snjOBXN1N1KmgoHBboyRbCgoA2Jn4wL9QcneQoHj7pSBXRTRiz57F3d8rZ8m3BusrIohIsgpZpUK6tP3p7YcA1nEs+MxPmPWJAIFBwxAlFSqNBrV8kz+yllPJmvo5frP7EwQFCVmjRa1SQqmCgsK1USKEggIAIrJah6QKR1Rc9MONgCCpUOtUqK+463JlIdbbDkFCpdWjem/ZxVuAiCRrMZg/EOUKCgq3IfLwukRXY3hV90irccO7axCNhOFVxxX+vhjyo5HO7/Bjg8FgxCUVhmQj8acrq95HonOorudofD6a0hFD8pHYOTQXQ0RSmmMoJkRTQD1anfDO+I7Gzkj1Ret/o0lkh9v5Yfe/IZ3R+m2kMWE0Ot8PnwcitnO47tHEokh1RYMScyOTj8TOGyZbQ4ZEuvCH5IZqSkUipyRbf38MLYZI5ne4Mw+vnxWJztGcnKNd+KPx+WgW/vth54hl3c1UV5zgTHUbA/pk8mcsYnwcqEbwjlTUOofJRxMf3o8TT6T+F80JYLje0SRb3vbzNFyo4ZAnj7tmZRGjka+7e/X74fO3W7IVqf8Nn49o/Cka37381W8UOj8Inwcl5l6PGxaiHk0xzOHykRBtoU+FDy/R+MPwYy/LhN30d7bR1tyLN6GIvDgV6qtuFBldsdChIB5pX4f3cTQ+f6uKokar09+8n62vvMyafW2oxy7gvrw7KI4F9QhVD9dzK+wMh4IE+tsZkCzo9Tr01/CV6+mLvK9hhEAXDdUNdPS68A5VghYlVCo1WkMMZlssdpuFGM172x1tzB24eJh9K1/gh+2PMnViKiat6obv5t1OPv9B6Yx2nV0pfyt0jtbO4W1EqveDiLlX/hyJ7K2KufKN9nEZyqwlSbrhni9Xcr09X64nE6kehdsDQRAQRXHE8zvcmS/LhFqo3P4MT/9+By2Pvc7TD8WSHHP19oZ8LxJ/EkXx8iOgq+95dX2i9fkhotEZjZ3R6uw5tYuj9TKm+Z/nG998gFk2aXj145HrFCWE62zyeTVEUbwci0ZKMOCm++ibnDTfyZicTPLjRz4vV/W/EREC9x5e+vGveX7DKS5KatSSBGoD1tgEMvImUL5gGXfcMY9ZOTFoZOFdydBoY64kSYiCAIKIeKmN67UyWv8bOllG2tfh8SAaOyPVORo7h59cozk/RRr7RqtzyNZIY1H0Ps+79Ckx970oL8grKCiMmAGXD5/BhjUhgXSLasSJ1nsYuvt+Uz8c9OH3NHLgtafZPb4A2Z4WUbI1IoIM2nC1WC2ZyL3jc9zz4Md4MFeG0AC9rbWc3b+N7a//jh9u3cOKb32Xr5Rb0auUMrUKCn/PKMmWwu3PhfW8uqGW4+0waYKHQ9vP0dk5QCBuPDNn5VOa5OLAun1UNXfSo8th4pKPsGhGKYXWMKHAAK2H3mDt5n0crGql3SOisWeQM3Exj94/lWybAa0QZKDtPFW7V/PS+mPUDWiJyZrM5BwVFqGbt5rG8YNvLCRFKxNqP82ZAzvYsO0wJ5qdoLGTVDyTOQtnM3NCNglX21Ui5MbTXcPhNS+z6eh5ajvd+FU24rMnMGnRCu6dlkpMsILNz22notaDZVIWA4f2caGnn37iSCmeytw507nDcqmIX+85Dmzbwva9RzjV2ItLMpM0ZjKL7l7OlIIUkgwi+J34m4/z5qtvsvd0Pc1uGUPqWMpmLubBFaXEiiAPSyD8zi4a3vw5v3luO3sqQwhnavA3n2LJY1/nvqwWzm1Zy9Y9Rzhe380AeizJhZQvfZg7J6aQbvXSdHIXO1a+wsm8B0g5u55qVw7Fs/KZmNTP5ieOYH9wOt4Tx2i6WEdXyEpswRSW312Ka+tKDp9rpLZXQpVcwqQFd/LY7FgAAi1HOLRnJxt3nqCquQ83ehLypzJ32RJmTEhB33qALU/8ij9srabu8L9y5Og9VH5kGY+tKOY92496Oum9eJA3XlvPoXOttLlF1LYs8stmMW/ZfKYmS8jeY6x/Zgdn2zxo8mJo3XOQrvFf5vEVxRSnXq0skYjemkRa7jiKxgoQDuDLzSevqIicrNWs33iY1554icm5n2ZyrA5TuIfmM4fZs3Yjbx46hzOsxhCbTf7UO5g7exqzxlzS4W/lzPZ1bN+5j0M13TgEG4nFc7jrnkVMyLJfdYk4araza+tetpw3M+fxL7AwWYXcfoSDO7exeXcFZ9vdoLGTXraQO5bMYnJ+MnZXHT3HVvOdl2DKVDdtNU30acsou+/TPHjl9v4KCgrXRUm2FG5/nA3UndjO1rN6fLbZFJdNJqtpP9v37ubN5vPUTi0iI7eMCWmtHN26lf274tBak8gr1+BveZtX/ryainAKMdlllOu9ODsbOLvqKV5NTOPhmdnkq2qpO7yRF1/cS03iBEpy7ZiFPlorKth6oYu3NVb+0R8iKVjF4c3r2H6ojlZjIZNmaJD9PTTVbGP7Rh8D4bt5ZGrCexZdoLeZ1v0reXrdBWyFeRRnG1F7e+jqqmTzs37i0j7PDFsPzVUH2b61E21gGUuKJ1MacNBZeYizR3ayLmAgMz+RXHUXx15/lvXHnXSrMhhXXoAYcNJzfiuvv6rC95GF3DE5DlpPsvfZp1h7wY49qZhxWg99HdUcWtOCM+Z7fG6KjTjjOz0VZQ3GzDKKMg9wsBvk9CJKJ+STrnPQsOUZXljfRI9sJ2tCHiYGcDVVsOlZP5LwMIumJuDraeL8vk2sO21j9pgEErMyyUyQ8Xac49jGt3DExDK3IIPcUgOaU6c4ve5vPNHWwNjMNBILk9BXH+BE9T7eDCSxYGYmSTRzfPMa1u6t57yYztgpJegCvVw4tZnNG3QExIUszbGQXJCFRdiHM6WE4qICClLNqK70n3A/bef3s+vlF1h9IZ7C/EmkGUK4WxtpPriOZ3ol4h5fQKbYS9PZg+w+2IPaPZXxY8oYm2UjRnftMCqJKlRqHZpLu0RodEZMNhsmoQNXZy27nt3InsqHGVOmwluzg+3rt/HGcT9xeRMZG2sg2HGe2n3reKPXg/5Ty5hoC9Kw+2VWbaqizhVDalEaOr+Di8df5iW0hFbMoPiKPnhbDrB7wyY2H+vDnz+eVIOAPHCSnWvWsKuqjz5rMZOyJaRADw2n1rAuDN7gQpanOvG2n2Lfplo6w2PJS0shKzedFGOU61RB4f8wSrKlcPsjgBhwEsaCnLmI++9KR9+VgOPcb3ntdDOaCSv4xH1LyNY7yency/87e54z55rwlGcihrz4tZmUTFvBzJkTKLY5aD76Jk/v+Tbb9j3GjLwkMsWznDuyn631cTz89S/yyHgb+pa9bH7pNHv3dTFUjNB9cQ+795/mtK+Iuz7zee4fZ0MeqOHw337Bn/cdZYc2jwXlCaRc8cTI39dBW8Uettbn8/2vPso9UzKxuWs5d/QAa7d0EwoLhEQJUfThDQgIukIWPriUdG0AxxGJPzy5jT37D3L4I3PI0R9l4xsHqMtYysy77+f+SQnovfVUrf01P3hmF4czMsnNDGOq3s/K147h/ugvufOeqUyMddBwcCNr1+7lfG0v7jIzYeTLT8ckrZH4aR9j+bkdvO1So5+0nI8+NA27o5rVr73G0cDdzLnvQT55RwGJtNJ84Fn+5buvs+fweFKyrOQiQRDaW8PkPHYvyydnkRFTx9mtbyOEBuj1ZzJ+3iJmZEPt2j/hOPEkL+wpYNZ9n+LO4lj0p0Re+Ntanjh0nHPBe7CLfjwhPeasKcydtJQHZ6Zi9Tez43df4v9VVHA4rYQlUwuZsPwuSp9ag3HKPdx91yIWF7wn1YKBRupPHmDd5ovw0ON85MFSSuJC9FS8zpqXXueJ1a+z9+7Z2FIlRNGNOyChskxmxSfnk23WoRvp1wGXURGTkkVWSQ5Z/pWcOefEmeehad8O9h9upCf3k/zDJyczJceOq+pNnnviVXbu28zGqdOZOKWfw2+8wbHuKRTccT+PLc4iznOR/c/9B8+3d9DT58Q35F/hICHHRY7teosdJ/sJZMzm3vsXMckm4Dq+mQ17ztOdOpcVjzzAHTk6ZFcNbz/5ff545BBv27KYmmJEEAVkVzsuQymli+ezqCSRGM11jVNQULgKSrKl8HeCBXtiFmXT0zEIIFgzsFsNpGSkkl5QSq5BBGJIT4lFXxVgwNmPW2XGlraQT3ytgD5/CJ+zjto+P30DBuJjvXS0t+B2uel1NFPX2s9A7gLuKo8nTi2jMc1g/MQKJh+v5MylHnSeOML5Th/uZAuJNFB1ogEAlTUejfsitVVnqPTMJUX/7p6HJRVoY4hRDdDTfJHaixJ+i4WUKffyjYUG1CIIbgABS3Ia2dOmk6MHkLGVjCcrbT/H9lzkbKWDkH47+2u12EqM6KVOLpzphLAXUnOJda2hpbaZc1Vaxpw/y77OPD69sIy8LDs2bSyG6SuwJedzKmjAqBUZ3Jf9OoQc+PtP8vZBF/Efn07ZuHzSTCoIx5My417mZj/LqrpaLjYUkSsAaj2kzGZmQRJZsTrksASiiKwxkztjPllxFkxqEYs1nrRMG0KwnDlZBmL1InKsjQSbCV1/Fx0BCGozmHTXp8js6aPX46LlfCXNgMoYA+4Berq76Q1B4gg8J9xZS9uFRs76x/HpB6aTHS+gU4GmqIQJk0+QvmYn+yp9zIkLgxDGmJRJZtksSuL1N278WmgMaGMsxOlcXOxx4Xe2cL66lZ5gGhPnzaPA6kElqrAVzWJC8W4qWy5y6GgNjG3i0NFuTLNLKZs4npw4CQJ67nj06xiqBcxpZqQmIBwk6Omk7uBrrF59lmDxXSy/fzkLsrSEgz5aD+3hnNNErFGH2VdH1enBl+iMSclI25torL1AjXccOYgQNlNYXkpebjo2pSSRgkJUKMmWwt8JejQqIxbT0O8qJFlEb9CjM7xTlVilUiEJYYKhIH6CBL1tnFv3e/629iAHarro9gYIhX14HD5CS3yECOJwuuh2B5Bj00gWhEuPobTY7PGkZyZB/WDbna1d9J3dyPpVq9j4hyvSFDmbiXePp9MBXHGO1iekkb/oHu7f+GP++t3dPJ9RwoQpM5g9cyZzFkwlxyheqmGoQa+3EBdneUdYbcKol9HSS2tbL17NRdp732b9z9bzt58LVyRLaiaWOHC09jPQ1UebJhG7VUJ76T0yjTWZNGsyaSMdcr+XYHcbrV4LNpsZo/FSQ4IKQU4mIUHG1duNo88BFpBkGXtiMjqVath79TKiaMJk1iBLg7dkJFFErdWjEewYRWkwSMkyokoeHPsgEArRV72DdatX8drWk9S2DeCVIOzqo9cwn+XTwD9CM4L9/Th6PXTr0kiJh8uVdzQWtGYrseouejr68fuCgBaD0UJs/OgrXYdDg7aoNSA6Oul1Cvg1VuLi9IBn8CDRRozFhFbjpr2xCbqaaHca0cYYiRn6ClfWQOpEpiYNbrzZ1QT4e3E3bue/f7iHmqx/5PNTp7OoYPD5XzgM7Q1tOE5vZMP6F3jhp1f4qqqQBUXz6R5gMNmSkoiNVWO42mtpCgoKI0JJthT+fhCI6Os4f1cdjRt/wb+90Er2in/k+/86nqI4FQONJ3n7t5/iD/phJ6GrtC3Bu9//EUHOXcJH7rmb735s4rtzKkGN1mTGfrX3l9U2TLlL+fJTpXykupKzVWc4fXIf6/97Hc/8bTHf/tWXmZfAJW3vXbLBMASGOgQQM49Hf3Ev9y6dQPa7HlkKaC0JxHQd4vT5kYzQKAkyOG6X+iAIoJZvcLdsiOvOZRjqX+WFP73G2850Jn/ly/xmSjJ6CXq3/IhfrFNH/ZHkSHjPvEeDo5uB5lYuOONIT45Fo7lOiyEgzLvGIxCEwHX2Uwy5nHgvVuKYPRHN+bc5erCQHSVZLMuQLxshlzzMFx5fzmfuLEAzbCNLQdRisNiwic0MXGpPJUEEW5QpKChcgZJsKfx9EcEJwe3op+7YUS6Yl/HQpEnMLsslVuOizV+Nt08kdCkx0mq1GFUqgr1d9IQHb0yJeOnv76Ottfdyexa7Bb3kxaeOwZpf+E6i4xvAE5QIiVr0V1txYQFRVGNIyqfIlkRawTgmTJnAqQM7eOWva9h69KMUTw8CbjweBz09buDS8xx3P54BHwFBT2ysCbU6BZt4AbUuDmtqIYVmGDxTu3H2S6jUKtQhHTqLAbuvhc7eIB4foAVfXxsdF6s51pfK9InJWAzq6+/MIKsRzXZidQ6cvU5cA35ABWE/4UATrZ0B9FYzMcNuiUS0wcG15jIcxl17itMtauTiccxeOImiZD0qIcDJLQEIiBEV2JYMBgwmDTGebpq6wR/LYGT0OvD199MbMJMQa0ClfifbGV3e4aX13FmO7D9LXdxkHirUYkmwYjKEkTv76elyQ/KlQ0Nd9DkcuH1a4uPiweLHpnPR7HDgdPgANQR90HOWgxVudBkZ6EMg6GMxlszgscfn49/yV3ad383mdYkUPDaHbBXY4u1oQyrURjtx+YUkhy/tcxR04Q5qEWQ1Ouc7yZbAYLKsoKAQHcrmLgr/dwmHIRAgFJKRNRpkwY+j4TyVBw5wyq3B5XTjCgTQxsWRYNcjXjjKrvMO+r0+nE0nqTx9muP1vsvNxeYXk653MVB9lB3HWxgIhQl5O6jeu5qVq9az9lAD3vd0IoCz7RzHX/8TT71+nPNOHaaUAgqLiinKjCXG14PDHcQfGjy2r72eqqMHOd8fwB/w0n76BDUNDlzmVApyYpDGTGNcQhedZyuoqGigxzf47k79gVd5/m9vsb2inm5DAjGZOZQaz3Fk9wnON3bS29tE3fHtrH3tFVaecuDwhm6cUEgGVOYCykq09JyvoOp8A23eEAFXFx3HN3KoMYb41AzSki03ailixFBgsFSGrEHWqBG9vbSd2MTBqh7aupwEfG58Q+UJBXA7+3ENDOC/yu0gwZ5GbEYSY+Rqdm08SWuPB1/ARVdNFZWn6mm0TWRirg6TNvJsI+D34B7ow9nvwNnfS3tjFRU71rB61Sa2XZDJX3EP01I1mM1ZZGbFYRFbOXvwCHUuCISD9F84ROX5DnrENCaMywZjMeMKtAw0nODUyUrqehz0d9Zy5K1neXHDMU429uMDBLUBTdJYysums/SBJUyI7aVt/wZW77rIgCASXzKRDLGN1jMV7DvTjisYAE8bZ7a8yIurt7LzVCu+G1qnoKAwUpQ7Wwr/Z9EYTKSXlJF3rIqju7cgdCRgcnbSdMFNQnEOhvozVJwaR8HkeDIL8yjae5S1r64iWBSLyVVP7cVOXCojQ9csptxZTCmto+tQFbtWrUJTn4rB38G5fbuoChWQZyjkvaf6MP6BLtor97K5ugtPdw1jEo2ovc00V7fhyZjJlFwTVr0AyOBpx1G/n51bHcSLAzQd2E+lw0LCuIlMytAhytNZOH8tvSdPc2LDKrRtaZjDXTQe2cye9lLmZuUzVp+OPa+cFfM38/yhDWwN11Fv8dJVfZYTNW4M462oZOnGyZagR2XIZ+Y9czmy8RyVe9/idWcm8cF2Oir205owm4VlBeSn6KHtfZw4QUCTVkJhWh1Hmo6wbY0WV1wQZ30lPYYULLp2XLVnOHokH3uehfg0G66L+zm0J4ZU7XjGFqVgHG6cOZO04gnMn3iGV7esZhNFnDWH6Dt3hJONatIX3sWMLFXkX+GF/XTVVXBo0yuYzkggBHH1t9Nac5oLrUGkwoV8/OFZZBtUaOQU8iaVM7Z1Jw2n1rFuYxMNSTo853dzsjsG+9iZzB+XALKdKUtmcnBdAzV7VrPKmYUt0MbZ7SdoSC5hmlaH9nINbAEJiYTxi1kwu47uNyrYunID4ws/yYyCRcyZ0MC2CxXsWK3GV2zH6O/g1I5tnDfNYWZiAaHM92W2FBQUAPlGhSaH/z2aQqyRFmQdTQHXm0MY/P10drgIqg0YLTEYlBQ1aqLxB0EQ3pEJq9AY7cSnpIJJQhIgrI7BEhdPot+MjjCD/6kwWBOIDVmx6d6Rl4xxxMeLYNaityaRuORTPHr6j6za+GcOrbeSWjqfuQsf4msLbDj+YzNHdh0hM/VOls9YymPNjfxxzW/5r7VxJI1fzIzUPGaU+jnepBlMt8ylzL3HgzHmTV5580X+481efGobqSULWH7fUpbNzUcbDvNu62UsacVMf/izND7zHJtWbmJNpxufNo74vGnM/sRneXCChQRBIIyOxKQkbGM0VL/0G16o68alL6Bg9l2sWDqDIrUEJDP/sS/D6pW8sWElT6/vwSGZSCiYy12PPsAdk7NJVomQOpl7v/51ep96ji2v72aDQ4Mps5yZdz7KF+9JIU66+nqXTfEkxMtozVqkMEgaMwX3fY1Php5nzfp1PL+xHZdkIiajnMWf+xzLp2SQZQhQrzVhTUwnxaZBJQ3Nhwq1zkp8eipGvYAshgmHQdKZMMelkCHpkMRL/ZD06MyxJCapMQog5N7J4jtbca7ewLYnd7LdlkPhnE/w+YfLideuZMOOU2xZlU3hvy1iyp2zOfTqPnavdYNGR0JBMoZ33dO3kFo0l3s/KzHw9LNs+vM6WtwyhoRCJs5Zxj89fCd5Ogk5rMUUm0B82IZFM9jXa/qtYMAab4FTx9j33DH2CQJIagyWBNLzJ1C+YgkL509naorukp9LJE26kztlPcJLr/Hi0xt5KySjTRzLhMX3cs/SecywQzgsM2b54zwSfJE339rCmj+sok+KJ23Ccj7+0TuYWRCPusqIKTaZTMGIShRASmDcnMX09Q3QuGYvbx27j/Hzp7DiUTemtW+wcuP/8h8rB/CrrWRPXMb9y5ewcHImGl8NoiGO1AwJi06FzNVtfs8aHSHDi9NHIztanZHKRSt7Nf23QudobI1mbKPVeeX83+o8I9r5jFSn4Pf7r3u03++nt7cXm80WWU2y/8/ee4dXcZ2J/58pt0tX5ap3IdEEpncM2JhmG1xwSezYySb2JpvqbHa/u5tkd7Ob7b/NJptk42zsdZzquMZ23GKMcaf3ZoNAdARCEuq6ZcrvD2ngggFp5kr3Ajqf57Hhucw773nPvOedd86cOa+uO65ZdPjwYb7xjW8watQo7r33XsaPH99v+QHHiMH+n/PXf/U6jaNu4dYv/wm3lKSuOVcq//iP/0h9fT0LFizgtttu65dMfAV6VbUyXBND19A1A1N141IkJFNH0wwMU0J1q73zTCanm5tAUknPyETtdUFTj6HpgKygqnKPbExDN0xMpDMLUxRJxzAkTFlBVRQUU8eIhNEUFRMJSVZoWPMEL//+OX7U9Vle+a+bKA6oKIaOaRqYJhhmzzllubc+nXLhtUSmaaBrMTRNA8kaKxJICoqqoCoyUvfb/OofHuft/fmM+9a/8uUxGrrZc1x3OAKYZGX2fiFnGui6jq7rGNbolhRUVUWRJSSpZ5zpWrRHJ3KP3ZKMoqg9/XKRa2LqMSIxAxMJl6unb8DE0DR03UC3go8ko6guVEufoaPFYkRNGbcio6oKkgSGoaNFdSSXB1XpWRtkGjq6rqHhwqPKPZfE1Onq7KKto5vcgjyUM36g9/SDJCHLKqoChq6j62bPNXYp6NFuNM0AWUV1uS4ya2diGga6ZvkCPX0nSaiqiltVAAM9pmGYEpLqOuNTF0LXosSiMQwTpLj4J0kSkiyf8Ylzy0P2tCEcDtPUfJqsrCwU1XW2vqF09rhzbAckWe25hBLImGCaxEwFj0vp7T8DQ9fRdAPixo2u68RiOlpvbTrV5UF19fqJaWIaGtGYieJ29fx2vp0O4zz0jO/m5maCwSBu94VKK1xcLr5+ZH8xTdNxDT6nOi1Onz6N1+vF5+v/3hmJ6HR6XS4cc/tPW1sbsiyTltb/nW8TuS6J5BmJ1GPs7OxE0zQyMvr/VfJlOUdzec1sAaZGLBIlGtPOBDdBqpCQFRdyfOyRem6q5x+nqG5kWT7npigpLlzny7qVMwPh7CCUcbt6B+HpbWx58488+sQhih/8BvfPLCUnsotdWzez4QCMuXk8GS6152Ox3oTF3o1HOmNDnwNfkpAUFZdHPfNFnK5rvUmTdYyMovYkO5dW20+d54i4cEu9N4G49suqC1m9+Fd6kqygumUkXY//FVlWcXvVjx8rK+cGJ0lBVl243bHej/IsP3B9TKcsK8Sbbipu3EpfRXml3jae1Xv2xmMNehnF1c8vHaUee+3dBHrb4HLj8Xjwer0Xucle2HbrxiPJSk+R3HNEZGRVxh3fqb3JvKyYqBe68UgSkuLC0w+DkxmzL7v7w2WI6KPLD7WvQCDL8pnM2m7m6DTjtPuElGxibaeoX/VTftE4kdGBVqTWI+w83EoXmZReeycL8+s4uGcP2z6q57TmIzBsNncun0VFphdfrIHje7ew+u01bNh3gvaoije7nBFT5zBj+kQmFPYuDDFa2L/ubdZ8sIGtRzrQ04qonL6Y4U1/5IgynPwxc7l1cg6mHubUlj/y5prt7Dx4ijbNjS+vipoZS1g8vZS8tMH9DL6/WNXk7fiDFfQtObtYupz47TlPk4ECcoorqMnfwju/+yfqXvDhkmNENC/QgfJ1AAAgAElEQVTBKbdy18ISMrwuFJw/ZZ15zXmxJ1hFRpZkJKw+TMxOS68lb/fJDpxfF6uP7Op0aqeiKJimafsJNhH/cxr/IDUxt0//uwSGYTiyE7AdExLVmSqfd2qnU52p8HlILOaCff9Llc87sbPfyZbdzr+aky090kbrtj/wwgf7OTxuBONLvPikbppqN/K7fe00TAiRny7h8hlohz9kzVMHSKuu4c7JIQKH1/HBitd4dl07mSW5pPsMwkc38cHpLk52ucj/xGQKFOjc+xZvvvI679V2IOcVUaJ00bj5NWo3PMGH2cuYnTaZZWNcdB18l2eeWsGeiAfZEyDgDtNdv403f3MMPJ9nwbgSSoKXzwSmHT+yAirgOEg59dt4efyFFI2dy7L7JHzrdnO0JYamppNdVsOYCVOYW+3HI4OhJz7wz+g8H1cZY+YuwT0mneK8c5Mtp3bG920ybjxWEmvJ2dVpHe/kxuykjxLxv4FItpIZc/v0v0vIWu1NVhLiVGcqfD5eLtE+skMqfB4GMObalE2mz8fL2Eq2bGkQAD3rSlQF9JPHiOTeyfjbFzDTW0vtK//O8m/+ljez/o6HHryZZeM06tc/zw+/+p+8telrzK1KJ7exkeZ2F/4Jd/LFL97IKF8X9St/zI9/u5PVK0PMuWUS+Wkxjr7zHO/sNGDCnXzpC4uZ4jvOjmd/yPdebadB7VmcEW09xsE3H+OJTcUsefA+7lo0jmrPKQ6v/wMP/+2/8fzKWZTmZlEUzBB7fCSEjCerlKp591I1L0VNcFUz9ZZqpqZIvUAgEAicI+7BiRCazNgxlQwv9eEKpBGqGkmZ7Gf8lAmUlxbg92Tjy6ygsjhC86kGImGdsul3cd+X/5Z/uf9aSrQW2tujBEpKKM7w4G0+xfEWHdNs5MNte+kKjWTs5CnMLAzgyihj0r13MrUsj3wVIEr76XrWvrGO2OhrGVOWQabWTGOngpw3niXTvBzYvp0jJxqtwh8CgUAgEAhSgJjZSoRggKDX1fMZuSwjub14CJGV7sLrAVCQZRcuN8SMnq+btLY6dr/1Kk88vZL1+0/QDhixDlqaAxRNKSGq66A10nBaw5ObRUZW79cOkgq+EZSVBchqAcxOwt311NWdou7tL/HAky5cvZ8rmYaO3t1Ke3UDzd0Rugzwi7RaIBAIBIKUIJKtROh9byv1/p2e5cvIZ3cQ6DmMns3KMQ6z/o/P8PxruzhUvpyvf2kcuR5QT73LS09vYFuX9QWJgWGYZz4TP3MWSUVRpN71Oj2fdxtygMrbvsv9C4Yztui8XRcDJVRXFxMUZTYEAoFAIEgZItlKJh11HPiojiNtmVTfczML5pYTVEHftpu1PoloJ4AEso+AX0aLdhLu7gTSwdQhdpxTTWE6woDkweXOID9HhbQiaiZO57ox2ciAaRhoHR3o/jRcinyVFZDV6azfQ+36lfxh3TE6ihZy19JJjKvIxu4G3wKBQCAQJAORbCUTrZtIWMdUAmRmZxN0mUSb9rN7137qjjURVWJ0hwE5RGlpFua+Ixw5eIDjnSHy5VZObH2fj4620JQG4MOfXsDYCeVoO9awe18VI0rSKPZF6azfx8aV79E69lamjCykNLOP/ZauJMw2TtauYdXTT/L8yWrGXhclerlvfma0c7qxi4jmJrMoCy8AMVqP1XJwfx37jzXT3KWhePzkFI9g+MhhlOZnErgc9uwQCAQCQcKIZCuZ+IrJLwoR3HeCvR+sYo23FP3EJjYf7qbDVMmINFC7bR9HC0czbNJkivbv4+DGVbxcqDEurYsD73xEfWcXsUxAUghkFTNh0W2M3byaTavfwUMLYzK7aKldy7O//CPue6dQUph7lSVbDdQf2cvOPSblD/4T37mzmIps9fJ25I79fLjxGPWRPGbfNpUCCaJNe9m88ve8/tZ6NtU1czqsoXo8ZBZNZPay21kyfxqTivyXxR5pAoFAIEiMy/oeddkguXB7PXjcas8rOUlGdnnxeV2oilXCome3Za/fh1uVez/z7N0R2uvH51aQA+OZtuAUjace5X//7wvc9tNcKqfcyp984XbuKMzlvd+8wIvf/3fyyx/js3MeZPmpn/Hb3/2Gf3v5UeTC8cy//wtMGLEBwweSLKEEiwjN/3O+1Snzf799hp8895+ciLrJLJ3AlGX/zNdvv4ZR+f0vD3HZY+po0XY6uyJ0G0Fyi3JxySZgYpoGhqYR0/TeMjky3eEobo8bg94SJnqMcMzsXU9nYhiguD0oRoSY0VsWxtCIxnRME9xeHy65p4SKphu9pVdUXG71TOkS09B7Su3oBjGtR05RXbg9blyKDHqUSN06PnhzLzuZwLCF15Dt81C/4ic8+pu9HM+ZyS1/fhPzKtxEj6/mmZ/+lBd+q3Faz2DkZyYSTGV/CwQCgWBAEMlWX8gqVHyS//fwLeiuAIEMcEslDPv8Uzwb9RMMpuEH8BaRPe6z/GjVJ3CHckjzA7jIqZrNPf/9NktdeYTSPbiMRSz/qxnc8OUIMVPB5QmQHvSh6hO4dtFn+ZrhIj1HJeiqIHDHNxm5+Gv8rWGCquJL72LlXg87TC9enxeQkZU0qhZ9hW/O/Bxfj8TQkZBVDx5/kMygF/fVtF6rez0v/PB/eeSRV1lzshv5L2ewZvqX+Ze/WMqs0FE+XPUCv3n2PTYeaibizado+GxuXr6M5UunU0YbbPxvHvrfMJll3bijx9hVl801X/ovln70VX5yuIYib4TCrt28sfUYDR1eau76a+4ZWU/TR+t45e09HGkzcY++g298fTkzqnPJlLtpObSN1U89xq/e3EptfRcxXxEVUxexZPmdPHh9Me4tD/OP/9+vePLdw5zmFXZ9uIrlf/ddct49gGv0Em5bdCufua4Et2xAVQVF7bU0Pd1J/YGDHNInco2Y2hIIBIIrHpFs9YkEriChgvg5BheurGLOqUctqSjeTArKM8+RVdx+gvnlcTMUAdI9AdJD5+vxEUjPwvq5fe0v+fmKBlryJnHjbXOZkh2hactzbNjrQppUSkWZtSWEjDuQRU4ga6AMvnxxD2fasps52dRB7A+H8H3uu3x6xggmB+tY/9JLvPreUYwpD/DNP81FjRxl85tvsfH1l+iQs/nGjTn4tDaa6rbwUftIps1dxL03jKSiysCz9QTHNtTTNHo+ldf/CV+ddZKTa37Nwy/+kIdHT2PezPl8+qF5tB1cx1M/+QWvr55CTjCLa2Jb2f76s/z49VZGLH+Im/O8uBp3snXrTlb9MkL+iG9xY9mN3DxvF/taczmUPpUvfGkp04eH8H3+75nqLiRUUEhmwN1Tj9HtwedRkF0SkiKLwSkQCARXCSKeX6aomVn4YlvY8n4tj+1/h1d8JtGmwzQUz2XatAlMKnKnuonJR82hrGYUY66pZO073aRPvYkbpoNvxwq2bz/CAWkU996+jKVjclAjxyls28vjr9Wx7t0t7F+wkBpZRo6G8eaOYMT0JSyYnI/fCHNIAVP3kVE0nNGz5jDN30C7fwO/fulNOsYsJVRzLXMmqnQdVNn12GNsrDvOqdMjkHOzya2eyg23zmLGLQsYm+tBbQ7h7jjGvpfWs7rO4PrpI6gZXkpZsUk4NI6Z82YwWgFyZp4xyzRNjFiYrkNrWfH+EaKZ1zC6pop8sTeaQCAQXBWo4fCl9xePxWJomkY4HLZVsNGqQO+kZlEkEsEwjH7LXI34Rsxn4U0S/vfWsn7fMQ6eUvHljGXWkqVcP3U4VempbqF9DMMgGo3Sl8/FH2/V+IrFYj31q/QI0ZiObuho0TDhMLR89CGHW2SU8hqmVqdBLIwuZ1NRPYySwBE+qtvFrqY5lEd0dCNAQVkxpRW5eDGIRcNENB0jrYSCghwKMyAaMXHlFpGtpBMoLSAnOw20CDElRE5Ip7Otmfa2dvTyHPJGjGOeeYTTO97mnZiOrh9jz4lGwpEmjh9ro7PTizuqoek6uhYl2h0mfM4jjkm0o4lTtZtZs+p13qvPomzWJGaNLcYfCfdr9/9oNIqu6/3uV+gZZ7quA9guVht/XezEhER0Qo+dViyyo9MwDEexKN5OTdNstdVp/IPUxFyn1yUROw3DQNM02/E+Ff7nVKeFpmlEo1HH/mdXp9PrcsGYawPLxmTFolT4PDiLRWpHR8clD9B1nWg0Smdnp+2LBs4KS3Z3d5/pxCGLnEXlzOVUzlzOfaluywBhOWdfPmcRXyz0jO8Z3XRHYmiGjtbdQWcHNJxoolUDxe/H09VBp6XP7cbtNpA7Gjle30V7VxSNdHweCVXqoKMD9HAnXVEdzS2joEFXB12RbvSYiWQG8Mo6ptZBR0eMri4NXTKJRsN0dbXTXH+Q2k1v8dzzq9nb1E53zMSgi7ZTp+g0C5nQ2UJnZxrRcJSYpqHHwnR1dtARHze1dho+WsNbT/ySX9UWccOnP82ymSMYHtL73U/WzcpJAVdwXvwVnBWFdqITepKQaDTa735JVGeq7ExFzE2FnaZpnrFTVfv/kiUV7U1EJ5wdo3aS9ivVTkmSbN27U22nE9+1rqedWKTm5ORc8oBoNApAKBRK2lNWZ2cnLpfLUVV2weWL2+0mGAzSl89ZWE9ZwNlgbGSSkebFo7rxZOQQCkEszYPHC3ogg1BODtakX2u9H4+q4nZ7ScvOJifqw6N6SA8GycnNIccFethNW8CN2+3Hn55JdihEelhH7wrgUVx404JkhHLIyYnhjp0g3SPh8qUTzPTTtf813nn2OZ7tvIX/+v5XmD8sSLZrH2ue/jm/eWQtnekhQqF0XEE/Po8Hty9IZk4OOfHD6ORuPvzwA373Xha3/vKHfGZsOsV+e37f0dGBpmlkZmb2fXAvA/E0mcjMgpOZkO7ubjo7O/vtPxbWDc7pUz5gKxlIRCf0JJWQ3JibbF8Azsw4ZmZm4nb3f1nEQPhfsme2mpqa8Pl8+P1+2zohef6XiE6A1tZWZFkmPb3/r17idaYiFjmZ2XISc/vsTZHwCC5XpN7/ZeeGCJonaTp1kpM6pCk9/xZubqWlAyKBEAU5IJ3sz0k/7u8XHAFGC02Np2juDjJh4e1cWxYky6sgtTbTcaqJ462Q0R8jvKWUT7mVL/ytlykjPGRfAdvg231yvdg5rmYGoo8EAhgaY+VyOMdgI5bgCq54QjUTqArpmLVreW1dA1ETzNb9bN20ndouNznXTGKCD9SBHI+SG0V1IZkRWptb0GWItR9i2wdb2LDlAG0ejdbTLRiGgaqAonXS3d5MQ0c3sVhvrUzA0Ax0TULx+PB4wMHMvUAgEAguc8TXiJcBrbvfZP3BCB2ZNdw8q4Ih+J1hQnjLZzBz1gla3trJxmceIbzei9rdwv693QRGTmH+wvEUKQP8ZCGlUVg5irE1W1m/9Tf87H82kOOXwZRxFY5kfOc23l/1K14a9RkWegspztzJhl1v8fQvfLTe8Amuq/YQ9ErEWo5xZMca3thZQumiseR6ETUeBQKB4CpDJFvE6Go5yeEd2znYbqDFfRQjSTKyy4c/I4eisnIKQumkD8IuoV1Hd7JzaxeNRXks7leypRPp6KSrM4KUnUtQBfnyn0UdIIKESmqYcG0avhxwy4CvmvHX34wn4OfFlRvYvLYN05VNdvl05i+Yxw3TClHNDsgezaRrc8krzyXYm3lJskqgchozwsMYURTEBSC7kfzljJ87nWB5DlluAAnVk0Hp5MXMyCmmICNIQc405t7YwdGulezetpFjOcOZdP0C5kwfj7k9SNu7hzjU2Elk0iSmzjpNQ+d2Du3dx8HJGlHdDUiYmBiSiSmZPdNdJhd5bykQCASCKxXJ7GNhQSwWo7m5mZycnKQt1jx06BAPPfQQo0aN4t5772X8+PH9lrdPMwc2/IFHv/Qlfro/HbfHhbv3fZMku3D7Q+RWjGPeXfdz6w1TmFyWNuC7sseajnCyTSfqyWZYUT8KtJhtHN3xIR9uP4Hv5luZkgHey/z103e/+13q6+tZtGgRt99+e79kUrFY80r8DDnZC+RTtfXDlbRAPtGtH5Idc1O1QL6xsVEskB8EnVfSAvmhEnPFzFYvii9I+V3/xd/eOZbxpT0Dwox10tWwjTd+8TBPPfJ/tHRrBB5YwDjvwOp2ZRdTlAX9ntKIHmL/5rf4wzMnmTD3VsanX/7JlkAgEAgEQxWRbFlIMp6MXApLSykfltbzm2FglBeSFzjJwX9cwena/Xx0ZAHjhptAjOPvPcmLK95j9a4jnAq78OaPZMqie/nEolFUhPy4zE5OH9nFB0/9kmc/2EejmU3BhBsYWwChU2tYmfcN/u0T1Ugb/5cnN3bRWLSQb31qLIHGbTz/xHOs3PgRdU3dGN4QecOnsODuz7Ck6gibn3icxx99lfePRXnrT+p4786/5xsjd7Nt8zE2nowxYXQLK5+ppeqmqZzYFaNk3ExuvO9Gplqfxxn1rPn1I7xVp6LOfoC/WlSQql4XCAQCgeCqRyRbvUhIyLKKy+06d0rbo1I0rJRsj86p7m5au8EItxLe+wI/f+IDGtJKGX39NK5zddLWUMfmZ37E7z1fZ+m1NVRFd/Phymd49I/15M6+kQVFPtwdJzm8bh1v7D/KkblhIpoJpw5QV9vOcX0yXR311D7zA17aVUD2iOtYWuhH6jjBybrNPPOLAvK/NI6c4cMYNbKc3d0SU5fexcKJheTF3qd+73pW71KJBCcxbekIqq7x8t6656nd5iI0bTZTp/a+omzcwbYNtezuqGLysrTUdLhAIBAIBEMEkWxdClPD6G7m0LYPOdrlRc3IIDfDINrRQO3rv+KdE1OZ/4mbuXvxOCq87TTteQdz87d5a/V2qspDBMO72bluA7v8S/neJz7DvAqZ6N4VvFy/hnfXGyCf/x5eI9rdxJ4PVlLr+Rs+c91y7p5VhKvlAHWb3kHZkU56oJiR42o4MmEf6+tlZt5xH8uKIf1DD7LWDUohgZE384mbq8l0N+Jdv4qnth9j2+YDtE4dTxDo2LOB/W1+XCU1zKgWyZZAIBAIBIOJSLZ6MYwYncd3sHWjRuS4r+dHPYrRdoQNL6/huG80U8eOYEx+lO4TJ9nw1ibaMq6DznqObu/gKKB1mGRmmxzas5ej9ZUUxY5zqD5C7vTFzCxNIyvggrGTGTdtB6PePcrGj7VCQlZc+HMK8TWe4vj+3WzP6iInmEFo+qf4m8V+XLKEVH8RI0wf2XmljJt5DQVpAKWMnTSad2p3s3HbFvZ0jWOyr5v9m7bT5K0mf3QNY/q/vk8gEAgEAoED+ky2Et0F2a58qnZd1sMdHHr1n/jmGwouRQJTx4jG6G43yZh0M/d+4ZPcuXAywz1dNEROcuhYB0fXfI9/e03tOT6e4Z1EYq00dXTSHnGTX5SPovSuYHflkp6dT1kxF0i23PiCZcz99IOs+u4veOYHb/D7olFMnDSZaVNmccPccZRk+/BdzAg5HZ8/k9y4j7UKrpnIqLf38eHGTXyw9xOMr9nPxq0nceffwKjR1fTj28cBxen1tb4+GmxdA+F/V/vO4QPVR8nY9XmgroXd9iaid6jE3FTqT+b1TJRUXU8RcwdWp9pXYUxd1zEMw3Zh6PhPMu0WpbQ+yUwmijed8qX/wNeXjWZMkQ+69nNw8xt8/z83MeK+r7H8+msYk+cGuujZHtPDiPt/yp8un8Z1IwLnnkz1kx5oZscLa223Q/ZkkDbhAb7z2DLu372FXVu3sG3L2zz9Lz/nZy/8Of/y7WXMvcRslCyDO/7tZM5ERo78gGF7t/Lmmzv5rLqadccryJ1WwdgRA/xZ5SWwCn/aKcZq+YLTm7L1CbPd4q9O/W8gfN5JgNN1HV3XHdtpV2f8J+l2A47VRkVRzlyf/mLFIjt2WnKmadrWmYj/JbL1w5UUcy1fsKszXtau7yai06n/JeLzlrxTO5PpfyLm9l+v3VjU79eIycwcU5GlSrKCL6eS4aPGMK4yDfQqSnKyCe/9iEfe+CObRudQnF9NqceLy5NDWZFEd1cXHn8a+UWFKIBpGGhtbcT8abjUKH6vB787SkvTSQwjC1Ag1kj76QaOngCu+Xg7TBO0sIQ/VMLIKRmUVI9n+uyPOLjpOf7pR2+wfd9Mqkdfwo7zf5CzqayuYnTpXl59cwVvudawr2AuEyvKqA5c3rtnWn6QqqfKZM2+DBVSeR2tP53MZqS63cnWebn3kVOdqZ7BSyaJvEFIRD5RruaYq/aV9cqyjCRJjjJkp5m13SfBgUBCQlbdeHxefH4f4CNv2HhuuPdW3v+XFaxZWUV+VpCcCTn4AvlMmTORX7+5hs3bqxlRkcHoTI2uo9tZ8eTLNFxzD3OmlJMdyqMoR+LYxnfYdqKU6aqLcO0Odm/eTm3nBRphdtDZuJWVP3uelnG3MmXyKEYVDSPTG0E/4McMNxMzdAxFQZZ1DK2LhqYwnSEP/os+pKlkVlZTMTKfzBdf5ReR03jnfoGyskKC9vfmc4w1gCxfsivrxCcS8VvA9kaCifi8pdMab3aw9CVTJzi7Lona6USnoiiOZ5nAuZ1OdaYi5jq9LonYCc7GKHBmxudK8Pl4uWT5X6I+D4iYewmcxCKRbF0CV1o2hdPv4K5563lk/bu8n5tHReH1TArmMXLxnzBvzxsc2/IGz3btpzJDI9pQx9p1teQVdRHRvYTKRjNmUg0lz63ixWdk9hdn4Gmv58ApjUAGnP7Y9TUwYh20HdnM6hMyR/ZtoTzXi9TVSGNdJ1nTr2VUSRahDI2MUDpZ7GHtC0+RP2cON7kiF7VDCVVSVDWcaRnP8cvaKj79hTLKitKTXoU8kYDjVCaRgCxJUlJuPIkOfKudl/uNJ35sJ8tOOPfGnKwbz1BLtpL9QJTo2E5FspVoH9khFT5vyQyVmGtXp/gaERVPIETRyGsYVZxOwBOXWUseFG8l1913D7tPvca+U0fYczzClPxM/JM/zQOfk3nxlXd497U1vBlRCORWMWbJ17hn0RhGFnrx6uMYt+huPnvscZ5f9SS7XQVUzbie6uGTmNp2hHq3ApKEJ7uU0opOvEXFZOTUcOfXPkfs6dd5/50PeOd0BNOfQ171NG764j3MGZ5PXpqfjjETmDVuN0+/9wSvuguZODWN/PIKhhn5Z+r+nTUxl6xQJRPHZvG7/QuYNiqHkqzLI6EVCAQCgeBqRyRbBCmqWcafPbKMP7vQP8sq7sq7+PqP7jrvH9xUzPscD837HA9d7NRKkKxh87n9b+dzr19BkSUks5Gdr/2K372vkpGRjqzIFC35C/5qSZzc2Dv4/Ng7+PxF2xxi2OxP8dDsT52je8riCx9tmmG6w+00dLuoXLSUsaFssq/O1+ICgUAgEFx2iOmNQaR7/7u895OvcONd3+axdceo7+ymde9qtn2whQ2NI7h2RjF+7yDnu1o3TdtW8cErK3jl2BTuu62K/FDyvkIUCAQCgWCoI2a2BhF3bhnFY8cze91rvP79r/OmqqCaBlKgjGs+sZhPjHQR9AxiAyI7+OMjT7Pi3Z0c9ZUz+b5PcGNlgEyPmNYSCAQCgSBZiGRrEFGCxZRMWsyntDTW7zlGU5cGnmxyKsZQM2ESo4MwqB8EygGyS6upmZnPqNIaJsycRJlf4fw9WAUCgUAgEAweItkaTCQP/uxhjFsyjHFL+j58wHENY9ptw5iWAtUCgUAgEAh6EGu2BAKBQCAQCAYRkWwJBAKBQCAQDCIi2RIIBAKBQCAYRESyJRAIBAKBQDCIqH1VPjcMA9M0bVcft+TsYukSXH1Y17a/1ze+6r0Tn3AiG+9/divJD4TP2y1XYcnbHTeJ6Iy/Lnbbmmw74+Xskoj/OfWFeNlUxFwnvmCVS3HaR3ZiQnx7nZR2SYXPW7rt+m4iOlPh85b8UIm5dv1WJFuCpBBfTd5usgU4DnBOAzmAruuX/c3O0puIncm68QyEnU7ig67rto6P1+fU/4ZasuX0xu5kjOq6fqYe45WUbNm1MxGdqfB5GFox124s6vdrRCcd75Rk6hJcvlh+kCp/EH44sKT6OjopNutEbqBIhd4roY8SvZ5DAae2DkWfTxaqql56qy3DMJBlGUVRUJT+b8EpSdKZpw87coZh2DpecGUQX/W+L5+ziH+yVxTF9kC0/La/+hLVmYjPJ2KnoiiYpmnLTqudgO3q9bquI8uybTvjn0Dt6oQeO+34T6I6E70uTnRaepMdc53a6dQXLL1Oxmgq/C8ROy19TmKRNXNypfj8lRJz4+Of05hrGIYtO/u8ColmmuLpQxBPok9cl6NMoudItc+nor3Jsnmg9CSzj4ZazL2SZvBSQaraejXH3IHAdiI6SO0QCAQCgUAgECCSLYFAIBAIBIJBRSRbAoFAIBAIBIOISLYEAoFAIBAIBhGRbAkEAoFAIBAMIiLZEggEAoFAIBhERLIlEAgEAoFAMIiIZEsgEAgEAoFgEBHJlkAgEAgEAsEgIpItgSAOp8WDBfYQ/SwQCIYSal/VwXVdxzAM21XErcrsdmsdOtEluDIwTRNd1/t9fc+vHm+3PIKlx44/JaIzEZ9P1E6748a6Ftbf7daJi68t5lSn3YTLMIxzzjHYOhO5LpqmOdIJqYm5ifq8k3Ipll47MSERnanweYt4W+3K2CVVPg9DJ+Y68Vu1rwth/bvdi2YdbxWKtIN1/Pr16zly5AhZWVm25J0Q395U1wobbKxgbhUNTQY7d+6ksLAQ6P+sxvk+52Q2xMnNLt7nnehKxOedzvg4HZ/n67cjb1duIHQmej2HQnuT6X/xbUzFdbncff5S+vt7fKLXM5l95ERnvJ4rJeY6kVX7yu6tSud2q4dbneBEzu/3M378eBoaGojFYoTD4X7LO0XTNPbs2UNGRgahUAifzzfoOlPF5s2b0XWd4uJiioqKkqKzurqakpISMjMzbfmDhRMZJ35rJaGWTjuJd/zAdzJWnOgEzjwgJEunNa4T0WlXNqLcK/0AACAASURBVL6dTuSsP534Ufw5+othGI78z9KV7JibiC848XmLROxM9jiLb69TuWT5Xyp8HkTMvRSXZbIVDAa5+eabHU0TO5mdMk2TlpYWfvCDH1BYWMj8+fMZOXLkoOoEzkxj2nXq8x3FLj/4wQ+IRqPMmTOHWbNmDbpOy05JksjNzU1asuXk5hx/DZ0O/GTe7CyZZOuMTyac6FQUJSkBDlJz41EUxZEvWLpEsjXwOlOdbCXaR3ZIVbIlYu7FUW1pSBJer5fJkyfbDsjx79XtvB4Lh8Ps3r2bnTt3cvDgQa6//nomTpyIy+UaNJ2mefa9ul07rffNdnVaFBQU0N3dzfDhw5k2bdqg67TWryQy8AUCgUAguFIRdz6gvr6eZ599lvb2dg4ePMi2bds4ePBgqps1aFzta9IEAoFAILicGPLJViwWo66ujieffJKuri6i0ShvvfUWq1atSnXTBh2nCz0FAoFAIBD0nyGfbB08eJD33nuPY8eOnXklWFdXx8aNGzl8+HCqmzcoWDNbItkSCAQCgWDwGdLJlqZp7NixgxUrVqBp2pnko729ne3bt1+1s1tOPpMVCAQCgUDgjCGdbJ08eZJNmzaxadOmczY4MwyD2tpaXn31VVpaWhxtLHc5I2a2BAKBQCBIHkM22TJNk9WrV7N+/foL7gLb2trK7t27Wbt2bVL2+UomYoG8QCAQCATJY8gmW11dXbz99tusXbsW0zTPbPOgKAqyLGMYBkePHuUnP/kJra2tKW7t4CBmtgQCgUAgGHwuy322ksGqVavYuXMnXV1d+P1+Kioq0DSNvLw8uru7OXr0KA0NDWzYsIFt27YRCAQIBoOpbvaAIF4jCgQCgUCQPIZcsmWaJuFwmFdeeYXTp08zb948Zs6cSXV1Nc888wxFRUWMGTMGgI0bN7J27VpeffVVysrKqKmpSXHrBwaxQF4gEAgEguQx5JItTdM4ceIEXq+XBQsWMGPGDGbOnEl6ejorVqwgLS2NGTNmMHr0aKZPn86oUaNobW0lGo2i63rSCjcnA5FwCQQCgUAw+KixWOySB8RiMQzDOPNnf7H2rHJSs8hasG6Vh3Gi82JtjUQinDp1ik9+8pOUl5eTk5MDQEtLyxndmqYRCASYOnUqkydPZvfu3YRCIcLhMG63+5zzxZexsdM/idjpVGe8bsMw0DSNvq7/QOh06gvxOp0khpqmoShKv22EgfO/ZPk89Nip63rS7EyFz0OPnVYsskMq/M+pTkhNzI1pMTqiLZiSvbFtGIbj2oimadDS1UJE7uhXabTEdZro+tl6tHZ9vkcnyLL9B+7WrlY8ugdvzNv/1poGhmGCBIpNndY4k2UJSbLjC706AUWRAXtjtKOjA1mW6TT8NnSaZ/zcrk7D0DFN+/Uj43XKioxk087u7i5MA2Q3+FyBfsmozc3NlzxA1/UzX+PZDVRwtgBnf4kvEGlXNj4wXaqt5eXlZ/5u2d/a2oqmaUQiEdra2ojvl6KiIqDHkZzqPJ9E7Ey0EHUsFiMajdLe3k5f138gdA6ELzixMxwOI8sykUjEkc7B8r+B1AkQjUbPJM/J0JkqOzVNIxqN2k58UuF/TnVCamJuR6SV1Ude5XS4Ad3ovx/Zx2qXmFUXXI5I9Mc3TUzS3VlUZV9DTd5U5H4ktKo1s3MxotEora2tZGdn23qF5rRAs/U0CfYLNDvVaelSVRWv10tGRgZ99UuiOuOf8u0+iSZiJ/QU+na73aSnp/fbTqfXJRE7E/EF6EmgFUUhLS0tKTpT4fPQ8xCg6zoZGRn9lkmF/yWiE6C7u5vu7m6ys7OTojMVPg89D0MtLS1Jjblql4TrhIs8Txl+dzouxWOrzQLBUKKtuwnD0AikBcjJCSFLfY83ta9BqarqmcFr98buZEpbluUzgcrJjcdpEmLZ6cRWpzceC7t2Wq9vnCZb1hS6LMv9lrf6xqlOS68dX4h/QldV+8sLrW087LR3IPwv2T6vKAqmaV72/peIzniZK8H/rFePTpKt+L5NVsw927cuMgN5pHszbekVCIYWJu3dTb1jR+3fzFYSWnVFMZQ2/BQL5AUCwfm4FA/efq5DEQiGIqrS/zWGFkN2U9MLMVS2RBhKCaVAIBAIBKlGJFtDECupHAqJpUAgEAgEqUYkW0MYkWwJBAKBQDD4iGRrCCJeIwoEAoFAkDxEsjUEEbURBQKBQCBIHiLZGoIMlQ8BBAKBQCC4HBDJVhxD7fWaSLgEAoFAIBh8RLJ1HkPhKz3xGlEgEAgEguQhkq0hyFCbwRMIBAKBIJWoVpmQi2HV2+rruIvJ2Z0pOl+X09p0dolvr2EY/bbXqc5E7LRqtjlNmuJt7K+diei0dNj1hfjadE70WrJ2fDdep129qfB5ONtmO3amwv/idVplZexgGIbjWGTpTJb/OfWFeNlkx1zTNPo+WCAQAD3FqM3euGtKfY83ta9BGT947Q7gROSsv9shUdkLnWewdKbKzoudZzB1xsslq4/i5RNpr1N9l7udqfC/89uYSP/albuQ/v7qiz+HXVmn7U1VzAWxtEAg6BcmYI23fowbta+nS6sYq93iptaTryVrR8463iqY3F+soGFXZ7wuu212qjM+wDmRjS8mbRdLJlH5/hA/g+GkKK9FfFFguzKXu/8lohOc2ZkK/0tEpyXjtK2QXP+z4p8TnfF966R/nfifJEuA9Z9AIOgTCbDGaX8KUfc1KK1q8HYHvqIoZwKdHbn4gOb0ZuckwCmKQmZmJsFgEK/X6yixdHrjsfrYDk50WqSnp5ORkYHP53N0w7MrY9mZyM1OURTbMpa+y93/EtFpyTi9MUPy/C9RnU4fMFLhf07jHySebDnxP0W2fz0EgqGMhIRkxd7+JFtJaFPSkGX5zJOdXdxuNzNmzMDv9xMKhfotZwVFJzqd7neViE6AmpoacnNzKS8vt61TIBAIBAKBPa6qZMvJqyYLr9fL8uXLkSQJt9udFJ1OSVTnnDlz0HUdl8uVFJ1iE1WBQCAQDGWuqmQrESRJIhAIpLoZScHr9aa6CQKBQCAQDBnEeyGBQCAQCASCQeQKmdkyCZ8+zrHd6/nQM4OZo3IIpZ19BWbqMVo/eoeNrfkUlJZQ6jnN0R3r2HJSt8R7/ov72EYJjaHc24jWeYrDLb37y1jbzPQeJ7nScOVdww1T/TRu307dkSaaNelshqp6CWQUUFJZSXlZASFPz8/a6YMcPHSYw8dP09odw8AENY2MvAoqh5VQkpfOhV9UmmjdbdRveZ0PXVMYNayIstC5s1Dt+9awo9GNnF3G2AKTk1vfZEu9QVg3L2innFlNYSBKIHKUvY3GBftDkl3IOeOYNTGIcbyO/XsPczIqn7VTceNLzyW/tIKqqjJyfT2iWttx6o8epO7IKU53aOjooARIC5VQWlFKZUk2PrHmViAQCARDnCsk2dJpPbyFd//3Ib4X+j9+8bUZ5yRbRizMsZf/lX/ddR033H47d5cfZN1zP+DH62MAhBuP0tgBui+b8nw/AK6xn2VJ9na667exslbD1DW66uuo17LIzM4gJ+hGSismbdKD1IxK4+3H/pmn3z7EIV8hBb5exS4fwexKxsy5iQVLF7N4dBourY1D617m5VXrWLvnFC2dMTRJw5QzCBZNYO6ym1hy/SRGZV5ovZRBuPUom372eb4f/G++dv9NH0u2Trz9M366JgvvlLv5+5s87Hzxv3l4XYzTYZNISwOnW7toV3MYXpwGgDr8NmYWtJPf+g7PbtcA6DpxgIawF3d6FkUhL6h+3OP/jJzCfBqef4zf/upttnorKLXeqqpeAhklVE2cx/V33sXyCVl4jDbqd7zFypVvsXLbMZraYuhEMZR0ArljmHz9ApbdMo9JuZ4B8wKBQCAQCK5ErpBkyw4KxZOW8bmHl/G53l92Pv5VHl6n0zbmAX7z1ckXlIq2N7L+32/kWw33cu/dt/NnCyt6/0UHfT2r8TF88de467N/yZlTtHzEO4//B4+++xw/a/Ux7h+vp6T1DX7+o+fYX76M+d+8l3tnFBDQo0SPvMnD//DvrHxeo1Ut4jvLShO2M6t8Erf+1zpu7f1l/8vf47evruP1nK/xwXfnfEzi271/bvr+HfzHnlFUzr2X//jUmLMH6Fv5PR5KptzF5C//D/9knaL9AFteeIRfvvh7/vN/Akz52T2Ud3zAC7/6Pe+3DGP8F7/DVxaWkg7Ejr3HUz/+Ic+/8gSH1Uoe+8zwBO0UCAQCgeDK5ipMtpJIeiVT589la937vFG7i61tcyg8eYBTnfkUDa9m9Mgc/ICkuHAXz+Gev85loZGFP68w1S23R6CE0TNmMudQE+tf2cSGtk+S23iU0+3ppBePYMKEAtLoebXoypvMTZ//DlM6ZMjp/9YSAoFAIBBcrYhkKxEUD/5gGgGPCykaQ8MFuaOozFvJxg2v85LfQJsyiqqKMoqzA+RVjSXbVJBUF1dUWQzZhTcQIN3vRYlG0Qwws6oozl/Frn1v8+Kv01FmjqG6soLikJ+s0hEEDTCV/m+hIRAIBALB1coVlWwZ0S5atz/HE7/YxPtxa5nMWIRT7x+mXoomt0HhRuo+3MfB1iiuomLKfR5kdTIL774RefMhjux+m9cOrsXl8hHIKaa4YjRjxo5keFkOwT6+A+3Ys4KXnzrCkTVp5/zevGYXezumMG4QzfoYkRaO19Wx9+hpjNLxDPOCx1PDjCULCa/ewa66Naxs2MI7ihd/diEFZSMYVTOKmuFFZCeznQKBQCAQXIb0WYjaqnrvtLipVdajvxiGcdHir6ahET21l93bmzl53teIncfa6MgdzKr1Om3HdrPjvZd46XjvT+FT7F1fywlPETWzJ1LtVZApZsqtf0Le8C1s27qF7XvqOFS3j9179rJj6y5qj89n3vWzmTsyCyWuj87fnT3aXMe+3WGiJ89dIN91qJHTPm1Q7exsPMCe1S/xUkvvT5FmDu/cwe6OIGMWzWa0X8YrFzBm/p3kVNQwYvMGtny0j4MHDlC7r5Yd23fx0YEZnFy4kKUT887YmUiBXLt+FC9vR+el/K+/+uy29UorRO20j86/nk7L7iRiZ7L8z2nctGScyCYScw3T6FcxXYFA0IOJaa8Qta7rlzzAMAwMw6Cv485H1/VzisD2F9M0z9HVU5amt56aJ43cOV/hLx+YxISyszM+RqSDfY99lm/WDuZmnVGOb32Vd3es4wPrAztvFsVjrmPBbbdyy6IJZJgmRqybsBGgcOx1lE2YzzIMTL2L5o9W88ovfsiTr3dQH8lg7Ig5hHr71rJbls9esOwp9/PZO25g6YRzSwcd/N3X+d7mc2e7BpYYTfvXsKHuILusry49QXKrpjFr8XLuvmsmIRnMWJiw7iFr2DQWjpzBQkwgRkvtOt5+5lGeWv08jzRnMn3CzYRME7n3Bm038bH6x8nu9ZasHd893//s6B0on3dSp9DuGE1Ep6XPSfIbr9NJkuc0Fln6kuV/Rpy/27VT1/Wkx1xDN8C09oQRCAR9YoLZO05NqR/JVhKaNHBIMrjTycgMkZOTfuZnPezhlFdGHdQtWn2MWPIQy+97iC9OtNojIcsKiqKiKGBoEdrr1rCluYiKyhIqCtMBGUkJkD36Bu5ctondj+9n79HDHDXgkhUYXQHSgtnk5OSc83OL34Xbfk1mG3gpmXo3E/70+/z97N6fJAlJklEUFVXtWQjfeWQLu04FSMstZcywLHp+dZNRNYsli/dS3/w+v95fywEdMkwusq+YQCAQCARXP2pf1eyt6X5FUejr2PNxUoE+/ilQUZTemnznZo2SdO6TpiRJJGPvTFlx4fb68fsv/O+G1g0HV/Drx04TnHYzy267jhlVGfgxiDXXsnrNVg50ZZM9voJyBWR6ikmftfPc16Dn25ksZFnFdQk7Acxj7/Pyr/dTnz2dWz51CzfUhPAroLUeYuvm7ew83k36sBFUK+CRZCQD274QX4/Rru/12GHfby/kf3YYKJ+3g6UvWXZa18Xy3WTotGTs2hmv16n/2bUzXq9dnZCamKsoSs/DbFIiqUBwFSBJSHLPGJWlvseb2lfAs/7dbiFip3KJyqYSyeXDN3oJN0x6jc0HXuWpH7zB7xUJWZGQTBktnEvV7LnMvH4UmVy5dgJ4q+Yyc2KY93es4aWHN7FCkZBUkE0FPWoQGDuf+26YREgCBTDjblz9Jf54J/3jVPZK83nJQd8mojNeXyrGdrLtTKbORGQT9iFbEgLB0Ebq/V9/x9sV8hpRxp9TSc3iB7g/UE5+xrkvpSTFRWjKHdxRUs2IquyPGRWquY7r00wiBXkX1aC4fRTNuoe7OiYxrix4jm6kQsYuWE5QHUnxxU+BpHpwl89hye0K+Vt3svPASRrbY+iyhOoNkV8xhglTxlFTnYMLk48v55dx+UNULfoid3lrGF7w8amlzLGLWJzmx1VawPl70GdWTmb69TlkpBVfvJFA3qSl3FSSR6jqvBeZUi7V0xdzQ4WH9KJLngJX0WRmL1HJKtzC5r1HOdkSRZNB8WSRUzyCmgnjmHBNAW7A3soTgUAgEAiuLiSzj9WbsViM5uZmcnJybE1pxy/WtDulbS0MdfKq4UrB+mrImsK/Wu0E574Qv0BZVe0/F7S2tiLLMunp6X0f3Esi/pcqn+/o6EDTNDIzM5OiM36BvN3XiInY2d3dTWdn58fWMfaFpvV8vZtM/3PqC5CamNvS2cTru59CUT0UZw0n02+vjwWCocTR5r2c7jhBZe4oppTP69drxEFdUi4QCAQCgUAw1BHJlkAgEAgEAsEgIpItgUAgEAgEgkFEJFsCgUAgEAgEg4hItgQCgUAgEAgGkStk6weBQCAQCK4sTD1GpOEQxyIBvFIMohrdko9QWQaxI4fp8haQmZVOpl8BdEy9g/q9pzCy8snIDuCJttLacIr2QAFp0RYi4TDdURNT9eHPzqUg5EWVJSRTI9LZRltjM83tYWKGjMsXJCMnm8wMP95BrToi6A9XdrJl6Oh6jEjs/B2rejdclBVUl4rSuwu9oWto0RjaxTa7kFRcbhVVkZFMA8PQ0TQdwzhbZlKSFWRFwaUqSIZGLKah6cZFKopJSLKM6vagygnszWwaGFqUiGZw7kYdEkj0lAxSVRRZRpZMTEMnFomimxepdCYpqC4XqiojmyamoRE7z04kGVlRcakKMhpaTCOmXczOnuNVtweXLHEV72IhEAgE/UbrOM2hJ77NP9VNYbjSgNTQSq23hk/+y/XUf+cv2Dry69x063XcNC4NzE6M7rU8/pXHidzyFRbcPonK+vd4/aePsnriQ0xvXMXh/XXsPdZNLFjNiKWf4ev315DnV1GiTRzf8g4rf/cir6w/SFPYT9aoWcy/cxk3LprEiGxZbFqbYq7oZKt7/9usee7HfPUXO0F2c+YuL3txZxRTNnYWd3zu0yyoKaDIf5y977/A/337v3mpEfTzswbZC8FF/MWPvsyyqVXkN9eyf92LPP7Um2w72EF7LILhyiSrbDJTb7iFB++fRcGB3/GD7/2O597dS5OV7+n0bJkOIKdRMGoed377hzwwDtIdFgiMnthF3R/+mc/97zZaI1JvWQ1AciF5cygbO4ub7r2HxdNGMDzjNKf2r+LhP/0WLzdCS+wCJwzO59PffJB7bptGZecJmrY9z/89sYINe5po7Aqjq378uTWMmbOcB++fzfCON3n250/ws2c3cMLaodSgJ3uUAMmLPzSa5d99jAemBikNXkCnQCAQDDUkCdxutIPbOTJiHvPvnc4nr8kiI62J1/uV/RjEOtqoe2UVY75wF3fcn09+x052vPUev3rmSd6a/W0WVZtE17zOG69vY41rPg/+eBbVnmZ2/OFp3n9nBc9pbr5y3zhEWE4tal+V5a2N8pxWoLdb9f58XbIsX3Q7fDPaSVdnhHr/XP7fN5YwPNOPF0AP09V4iA/ffYVfP5KB6/NLWTJZJ9rdRlubSdHyf+eT17gpSIs/mwKuQmqq8siO7mfn6td49nebaLjmU9x/Zw5ZHgk6T3Jw13bWv/ZT/tlXwN/NnsrSz5UwbmkbkegpWg+9z//880YqHvw8syeWU5HmwhfMo6wSvBdIa+M3TbyknVqEaHszB6VJ3PP5BUytziMNwIihdzXy4dt/4I2nAmjRZdx7Ywgt2knjoROElv47d08uZeT5Fa/VAoaNraIgdoyju97kl99/mYNjb+Gm64ooznAhh09z6sAu3vzjf/I/gTS+OG8E1975ZfKnNtGtdULre/z03zbimX0T06+fxJhMBdWTQekYHyHfhe104gvxm2fa9T9LHrAlG+9/djfdHCift6vX6iendtrVGX9d7JKonU5iUSr8z6kvxMsmNeYauu12CvpGAlyShKRnUTR6ODUzh1OZZRDrbur/TJPLjVkylgmjyxhemU1arIuWY3sIPfM+h+p1wkVHOLBzH/XNfioXLGDW+CKCSoRsvZ1ArUY0z3eBaiWCRDExMQ0DQ9cxpb7HjtrXAIsfvHYHcCJy5//9ooFZ9aOGxjBz4RKm5Ad7khA9QvjkbkZF3+ePj25l/7HpNE3IBmRUTwbFU5axYL6XqottuN24mfr9B9h1xM+0b9zMDeMyyfMo0H2KoxWF5Gbv4ljIjyczl5rSUdQAhA/RsKOZZ70HGDH5Oq5bPI7xfWzoHd8/VvHZi9opqxAcwYQ5N7B4cjlZAIaG0XWS0do61j++l7p9RzihhcjpGeLkj53PnIU1zLxY9Z7Wrew/sofV20ym/OkNzJ1VwfAMF3KklebD5aSbCseLs0jPKqcybySV4wDtNJxs5bWfHsE/ZjrXLr6JuZcoYRRva/yf/SG+f+zuwn2+vF0ZwHZCMVA+b5dk63Qqmwo74WzSnUgMs+t/Tn0hEdmE5AyTnkUHIuEaaGSA9ELyC3MpyPHikrptlTCTVRfpJVWUZPpIc0lIshd30Ee60kVHl4nWfpKGk510U8yoESVk+xXARV7NVKYXRgkrvZMQggFDi+rUfXSI93duYVXmOvqzSKhfhaglSbp0InARuXh5O1jHX2q259InkJFdHtLT/XgVA9l2Xq+gKCqqFKWj4QBHD+VDbhaZadmUXHMd+VVT6VazSb/ALI6tZsb1q93+7T0BkuImkObHp3aiSPbtlGUVr9uku+kwx4+opMdCZKWnkT1sOjd/dgRhVza+BFdXOi1cLMsypmk6LlqcaLFkuzdYUYi6bzkr8UmmnZYfOYlhqSi4nUj/OtYpn1kTYEtO0E/S0vB53fgu1b0mYH48hkuyjD/gxyXLZ4sfy6BIEDXBDHcRCUtoshdfIC5WB0KEAgNshwDoKQHW1NDM9s27Oew7Qb+Srb5qb1lP97Is26rTBTiu02XRr+BoxDC6Gjiyv5aMljT8mJixDtqO7GLdqgPoo+6isiiHPBUOYmJoYVqPfcT+vR6icSXzJFlBDRZRHPLjy6ykZGQFo3M38PrPHoM5E6gZUc2wkgLyQlkE0oNkpZ1dIuYU6ybQrzpxpgGRJuoP76c2LUwGJqYeIdZymHVv1dKaP4NJlcWUuCGMCeh0nKzj4D6JzLZzT+UKFpKXnUYwrZDsYaOZPeaP/OHJ36LtG8+EMSOoKiumMDcLf1oGWX4JB5NK52D5j5PadBZ2fQ/O1sKzW78vXt7uTStRn3dSMzBRO+3qjE8E7Oq0jndqp12dll5L3s51iU9anPif09qI8XUnkxVzFfnqrs+acnqTo56r2ZPUypKEhMmZr55MA6JhdNO0Nz2gKMhKz4dRkYjBmR2d9AjhsIaOitvvwSUu74AhSRKllcVUP1DDyPzx/aqNeEUvkAeg6wRdG9/ka7c+iixLYGhENRekD2P8otv48p/fx/xRuQQ5CGh0Nn3EH/9mNis5d5MxxZdF8d2P8vifz2LG8GLGzP8M3xg+hSkvPs2rH/yaH/6slsPd6aRXX8vCpXfzpw/eyOighC9Zn9RqXfDRL/nXB37Df7hkMHQ0HbqlAsYtvI3/n733jq/quhK2n1Nuv1dXvXchVAFRTe9gijEu2Lg7iR3baTOZJO8782VKZuabSZlJJn1mUpxixzWOC2AwYGMb08H0Kopo6qhLt59z3j+kCwKD0b0CCcN+fj9A6O591t7nrr3OOrus9YUnH2TBuKHEU08NOtDB+h/ex8ofyFzaxLS7f8b3vnoH941PIXPYYv76f4Yx6q1XeGf9Cn732mFONAEZY5g69wGe+uICRmW6iDUNUD8FAoHgpkZCwoxJAckIXZjN0jSM9hbade0TNvtTccUR4wJTfRstDT7A3v37lmMc2dVAA0mUzCwnU4R/uGZYbGZSs1LITyxmTM5UpFvC2bKnYB89jf/8/hLKEhzYO/azY/VqXl3WSMbCRxmbG0vC+QVrFXtCEbd/43m+PNZy8ak5ScEUm0V2Uo+iqk5iMkcw45EcRt/twePtpK32BIe3b2D95p/ztVqDn35rCsPSY7AMRD9VOxQ9yt99czFTS9OJ8VRx8uO1/PS7H5E+awmjirNIP7/hXwZcTP7Gc9w7pYCKS/ZUqe4M0hJ7Oq9YMMcVMP6eL1M693E83i7aG89yau9W1q36L/7tvwL8zVNzmDUsNTyEBQKBQBA1KrIcS1qyg46aGhoamvFoNmiqY/+bWznZ5iMtkqktUz4FQ9PYf/IoO1a/w/bCuRTam6hc9gZv7zWhlM9mmAhffs0JL+nSx2X7z76zJZuRHankFZVQmhKDM5iG0+el7dSfeX7VZs6OnkdqrKl74zwSimojNrucorIrb5APtFbT2OKhnURK8tKJSQLQCeVkk+kMYWk7xptrt1P11Bjy02KwDMT0rCSDNYmM/CJKynKIC2WTaldpnr2D323dyclR6RSl2zD39BMUYtKGMqS4lGFX2CAf6jxHy7lGqgNJlOUnkx4vAzpaTi65iXaSWjfx5TUHqGoYQ5uRil1MQwsEqRYgYQAAIABJREFUAkE/kVFMLkrm3E7JWyfY+/ofqN6cgDvWhN1dRJarFrtypSCJl0FykDVuOuO9Jro2fsSr39uGjIEWVIgtHc/oMbnECts96Hz2na1LMSWQWjySiTP2sfwnz7F2azEp9mJK4vt+Ce3cEQ5u3MuHNenMX3o75ZkuXKbuIJ+KIqOHQkgWOxZZimy691qixuDOLGP6fdNY+cOVbN2WT3ZyHBMz+34Jre00Z3Z8wHM73Cx4aCEVBYkk2NXufqoKWsAPZgtmRbkJFUUgEAiuL7LFjnvUQu5MzWJobtz5l2HZZCVx9Bxm+/dQeaadLsOCKymOlJJMco1EKMkkK8ZEjFxIxcIlOJKTiHX0WGHJRVzmcKY8rBIqtBBrlXHElDBsqgWLax+Hqpro0kw4UgoYOrKM4qEJ4jTiDcBN+Qy1JudRMGEOD65YzcvvbKAsPZ60MQA6IX8bNbtW8YFm5nDvkxqSBJKdtOIK0gMGgZYzHN26H69d50xeLG6rjORvo/H4PvY0OJmwcBJDYh04BvGNwRSTRNrk+7nn7a/zyrYtbEnPZGhSHN2vREEaDq5nk6OK5ksdTclOUn4x6YqB5mnizMfbWO6WqS5MJsVlQgl10V5zjN2VJoomjqEoLQG3eDMSCASCiJAtDuImLuXBSz+QFIgbwqiFQxh16Wdlwy78HFfGuKwyxl1U101C3jjmfqn3bx3E5w1jfN4wxl/D9guuHZ9pZ0sy2bG5E8lIdmFR5Asb3mU37pQR3PvEQt770RaOnBxFaUkmFqsTuz3EyRe/zr++cOnFFFCyWfjtH/O5+dOYclcMMfZXee7tn/PzM510ajqyLYGk7BGMmf55/v2xieTbpQs3UFKQzTEkZaTgtpsxX8M1ckk1Y3Ylk5HixmFWLvRTsqHay1jwwDy2/s9Rzhw9zMEJkyky2YhLT6Dune/xs+WXuaCSyZQnv82jD85j6vwY/tn0J/6w7E88/2Yzzb4QWGJwpxRTNuEZvv74dIalurgQ/F4GxUl8ahJWlw2L2HQpEAgEAsGnIhlXiX4XDAZpbm4mMTExomPI4WjG0RxDDkdOvtrxcEMLooWCeEIKdru5Owfi+Q91jJAfj19HNlswm2TQgvi9Pj6RSvE8MiabHbOqoBBCCwYJBENo4ZyBktSTh9CE2WxClrhYnh7E2xVCtlkxqQrKp8wGhQOZ9in0g66hBX14QgpWq7k7d2Pva4V8+PwahmLGbFGR9SB+j5dgr1PFl/ZTtVgxm02oko4e9BMIhgjpRnd5SUKSuvMtms0mFLnXfcUAPYjXE0QyWVDNKupVZr2i1YXeEfZVNfL3gra2NmRZxuVyXb1wD5Ho36UMhM5fjs7OTkKhELGxV4mie41k9o6sHmnoh/700+v10tXVRWJiYkT1QqEQEHnoh/7oX7S6AINjc1u7mlh98BUU1UJGXCGx9sjusUBwK3G2uZKWzjrykooZkzPt5g/9ICkmVMVEzOWOA0oyksmGo3fIAtWC3dXXs4MqqkVF7WtxSUZSLNgv25h+IisoFgdXarqkWrH1/iYVMzaXmb7FXJVRzDZsfc7bKIFsxuaMMtGjQCAQCAS3GOJAqEAgEAgEAsF1RDhbAoFAIBAIBNeRz/Qy4qX03n4W6X6QUCjE8ePHURSFpKQk3G73dZcZLf2V2dDQQFNTEy6Xi8zMvsWKGIx+CgQCgUBwM6D2zj93OcKbuMMbuvtKuGwkdeBC5vpLf+6rzHDi4kg3pXZ0dPD9738fu93O0qVLmTx58nWX2fseRbpBOXxfosnZtmbNGpYvX86YMWP45je/ed1lhvsZqQ71/v4j1aPe9aOVGY3+9f43GpmR6kLv+v25t9HqXzR9jUbmpXWjqTeQ+hetLoTrhNsa6fcSjUzDMNANvc8xNAUCARh02wdD19H7MEzVpqamTy2gaRper5empqaIT/JE44T0NoiRJgLuj+PT1tZGMBjE5/PR1tbG1e5Lf2UOVj+h+1RXMBikq6srqn5KfUxPABceWAN9jwB8Ph+SJOH3+wdE5mDoAoDf70fX9fOn7q63zMHqZzAYJBAIROQAX6t+DpTOwwWb29zcPGA2t8PfSjAQQFHEwReB4GoYQEjT6Ors4lxTU99OI8bExHxqgVAohK7rxMTEDLizFc0MSrQGLhyCwWQy4XA4uNp9uRYyw8fgB9rZslqtKIqCxWKJuJ8Q+fcSbT/7owvA+fvjcDiuXvgayBwsJ8Tj8RAKhfr8XfZX5mDoPHQ7lV6vN6J+9kdmf3QhLDOaezQYNtfwhqIKryIQ3IpIgCLLWG1W3DExfUtEbbF8eqgCWZZRFAWz2XzDxdm6ksxI4/8AmM3m8301mUxc7b70V+ZgxDkKE5YXdriut8zBiHME3TNbsiz3uY/w2YyzFQwGkSRpwPo5WHG2dF0nEAhE1E/47MXZGgybaw6Zo3KABYJbFVmSUVUVs8XSp5ktcRqxF7eKoQn3M5LlGIFAIBAIBNEhnK1bkFvFqRQIBAKB4EZAOFu3KJGetBMIBAKBQBAdwtm6hFvBCRHLiAKBQCAQDBzC2boFEcuIAoFAIBAMHMLZugURzpZAIBAIBAOHcLZ6iCRo4c2CWEYUCAQCgeD6I5ytWxBJkm6JvWkCgUAgENwICGfrFuRWm8ETCAQCgWAwEc7WLYyY2RIIBAKB4PqjhtNnXIlwCohIM8mH60W6XNU7pUc06Tx0XY8qX2BYZrivV7sv11ImRNbX3ulSoiXafkYjs3dexWh0QZKkPrfzUrlARHV7y4xW/wZS53vLjfQe9Vf/otH53roQzf3tfa+ikTlQ+het/etdd0Btrq6Jly+BIAIMDAxdR9c0DOnqY0e92gALD9xIH7S9B32kAz9cPlKZYaMajVNwaXv72uZoZfaWEamR60/dK13nesoMPzQifUD3dlyiebD3R//C+S6j0b+B1PlL2xyNzGj1LxqdD+tCNHobrfMyGPoXrf3rXXdAba5uAOE/AoHgqhiAYaAbBnIfxo16tcEcfuBE+uAJl41mhiDauuGy0SRU7S0rErmD1c++fCehUOiyCX97///Sz8IPmEsT4EarB9D9fUTjvFz6nURKtO3tr/4NpMzedW40/buWMi+VOxAyb4R+Dqz+hf8IBIKrIgERjFP1alnlw29XiqJElIEeiDoDfZjLOQp9qR9ubySEZYXbG0n9aGT2p5+9DfGnyfR6vXg8HhRFwWKxYLFYzssLXyf8s6ZpeL1efD4fJpMJt9sdlczLEe5rpLrQW4kjldlb3kB9L+H6A63zA93PaHXhWvTzs6R/0egCDI7Njeb7EAhuZSQkpB67K0tXH2/qALRJMEg4HA5+9KMf0dzczPz585kyZcpFn/deuqqrq+Pll18GYNKkSYwfP37A2ysQCAQCwc2IcLYu4WbaJCpJEoWFhbz66qt861vfory8nLvvvpu2tjYMw6Crq4vdu3ezfPly1q1bR2trK08++SQlJSWD3XSBQCAQCG4ahLN1kzNmzBg2bdrE8uXLOXHiBGfOnMFsNnPy5EnOnj3LiRMnOHToEEePHmXOnDkUFRV9YglRIBAIBAJB9Ahn6yYnIyODMWPGUFJSwo4dO3j//fcxmUxA9wb6HTt2oKoqhmEwd+5cSktLB7nFAoFAIBDcXIigprcAI0eOZOHChZhMJkKhEF6vF7/ffz4uD0BWVhajR48mPT19kFsrEAgEAsHNhXC2enGznsYZMmQIEydOJCEh4fwppd6BKV0uF0uXLhWOlkAgEAgE1wHhbN0i5Ofn84UvfAGr1fqJOFs2m40lS5YIZ0sgEAgEguuAcLYuw810IjFMWload9xxB3Fxcedj98iyTFpaGosWLSInJ+d8HC6BQCAQCATXDuFsXcLN6GgB2Gw2CgoKWLhwIQkJCecDuKanp7N06VJcLtdNu4wqEAgEAsFgIpytWwin08mjjz5KZmYmiqIQHx/P8OHDGTduHGazebCbJxAIBALBTUmfElGH/402oW+0CXJ7y4+kriRJUSV//bT/96VutDIHKhG1xWJh0qRJDB06lKqqKkpKSpg/fz42m+2q1+pv8uv+JOWN5vsM1+39b1/r9Ff/BjIp9KVyB0Jmf+tGU+9y17jecvtrT/qj872vcb1lnq8TUSsFglsbI/yXYdCX0aNqmvapBTRNQ9d1rlbucvWiHfi9ZUWytBWWqet6xDnFerdX07Q+9zdcL5ocetH2M3ySMNplvzvvvJO6ujrKysqYOXNmn/raH5mhUAiI/OERlhkt4bqR6O610L+B1Hm4cJ8Gqp/R6kJ/+xmtLeqtf5HkDOyP/kWrC+G6g2JzDR2EyyUQ9A3DwNA1QpqGLPXB2RqAJkVMV6CdLVVraPU2EdJDfa/Y28BEaMgD/gBGaiu6KrOt8R3ObNt13WWeryud/6uvFS/YxCicn7aYVoZMT0S2t/PG/t/08QHUD5mD1E9NCyEhIUfkeF+DfkZct3/91HWtJ5lwhMM52u/lGuh8emwuQ1NGkBGbF1l9wXVBM0I0dzXg13zUtFShyDfko0EguCEIan5UWcVhcdLXFxT1ajNAmqZFlYE+/GYVrttXdF0HCdp9rWgYWMxOVNnU5/rRYjcbTJw6pTsUgtOCyXL9ZQ4WjtRY3FNSkCQJu9022M25jpz3YAa1Fdefz1Y/Wz31eINdhPRgRLZBlmVkWY7YDvU+fRvJzJYkSedn32RZ7vNMXO+ZpUhlwuDYXEVWMSlmrBYXNpMDVbl57Z9A0F+6/O2EehwuWVZQ5KuPN/VqBiRsZHobnr4gy/L5aftI60mSBJKEzeQkwZmOwxLT5/r9ImlgxNwQJAx2AwS3Kv6QB1lWIrYp4bKR1gkvBUYjr7ezFUm93vu9Il0uHQybqygKNrMTi9lJoitj4GyuQPAZpKHtNO3eczisMX0ebzf8XLHN5MBljRvsZggEgmuEWKK68ZCQMClmJEnCKmyuQPCptHkaUf0mrCZHn+uI0A8CgUAgEAgE1xHhbAkEAoFAIBBcR4SzJRAIBAKBQHAdEc6WQCAQCAQCwXVEOFsCgUAgEAgE1xHhbAkEAoFAIBBcR4SzJRAIBAKBQHAdEc6WQCAQCAQCwXVEOFsCgUAgEAgE1xH1alntdV3HMAx0XY8oBUS4XqQZ73Vd706vYXx6uwQCwWcZA8PQuZr96U1vW9RnKRGWv1ReuG6k19A0LSqZYVmDYXMjrScQ3MoYGKAb5/M5X43r7mzJshyxcTR0vSe1rhj8AsHNSNgpiNg2ROE8DYazFY3T01vuQNtcr8fHwZ1H8XWFiLVVYze7omn6TY2uh78TkBXlM5L2feCJiY0hKyeLzJzMwW7K9cXgwgtjX5ytqw3m3glRo00aG0k9wzDgfHmhzgLBzUl0SaWjsSfR2qLe5SNNJt27fqR1+2tzL/35ahiGgafTy7uvbaSzyYtZtWJSTRG1eSAJdp6jzaMRUF2kxtuRGJgnRVtbG03NTcTHx+NyuVBkZQCkfrZo72gnPTuduYvm3PzOlgREME5VRfl0hQm/XSmKwtXKXkr4LUuW+741LJyBXpLEdjKB4GZFkiRkOTKbIsvyeVsUDZHaot5GNBqZ0dg/GCSb2+M4zJk9l4rhI0lISIhI7mVagq5p6LqBIauYlEsfRgYYOqGgBora3eY+ekyNG5/n7d0tVMdP5RsPVmBlYJytDRs2sGbNGu666y7KysqwWCwDIPWzxXvr3qP+XN1gN2NAkJCQevwVuQ/+ijoAbRIIBALBZ4Ti4mLKysr6dxGtik0vPsfyddV0LvwXfnhXCha11wMp1Eh79Tr+5fPPIj/879w1fyyT0vt2aV9hCuUNPjqsGYwpSR6wma2GhgbWrFmDoiiMHz8et9s9AFI/W+w/sP+WcbYiRThbAoFAIDiPxWLB4XD07yKaGSnURWdrK+2aBbvDiVXt5RKFOgiaQ3Q0NCIHFWSLg76KtOWUYkvX0WQzLru5f+2MgPBMliRJ2O32/t+jmxBVFS7FlRB3RiAQCASDjqf2MMf3bWdV21DmJNVxtraR6sZOgqY44vNHMWNmOUmqRNexjWw91sk5ZyF3jDKx4/UV1GTOZszwQkrS7Oiec3RUfsiLG0IMmTGV4YVppAycTyYQXBbhbAkEAoFg0PHVHubAO8/ygz2j0WfGYgQ6aTpXQ12jj87NJ9FyC1iUa6X94HusWV3LkdS7mFmaSu3Hr/OXjQE8xj0kxmZhqd3Ptj8/y4u7R7O0ZAxF+YPdM4HgBnW2tJBOS2Mbhi4jdThot3oHu0k3JIqi4HA6cLldEW/CFVwfOto76OzoJBQMDXZTbljqaxsJxmj44vyD3RTBDYQsgxrsIHB0Gyce/DFfXljGsNiz7FrxAr/40Vv8ad3jTLo/48JDS3FgTyjjvqeWsPPv17N3Rx6pqR5yTm/ihTWtlH/lIWaUZ5FtG8xeCQTd3JDOVntzBy/85E3OnqghFDCiOnZ9K5CQmMDshbO4/7H7ccWIuDg3AmtXrOWtV5dRW1072E25YQnpASrGlWP9fAKlWRWD3RzBjYQag5I8lTtm5pGbYkORM4lPzaMk08OOqhqC/qSLHlqS2YV5xNN8bu4efrxrEy//YjOjHVVsKXqaFxdmUZAo1g8FNwY3pLNlYKBpGjNnzKYwf6g49XEZqqqqOFR5CF3TRezXGwhd18nOymb6lOnk5uQOdnNuSNa+twaTU8KIMtio4CZGNSElJpFgUbHIABKKLGFWwB8y+GScWAkkK4X3PMCUuj/w6juVvJ47mSe+vYhctx2LeE8X3CDckM5WmLjYeCZMmMCQIUMGuyk3HBs2bKDqdNVgN0NwGaxWK3m5eSxatGiwm3JDsm//Xtr8TYPdDMF1RUWRFFQMCIXo9pJ6eT66DiEvIVRssnQhxpYkgcmEKl8oLUndPxtc6b1Sxua0o4R8dDa10JIQwmR3YZIkERZbcMNwQztbAPHx8WRlZQ12M2444uLjBrsJgk/BYrEIvb0CZpMZxHatmxvZgd3hwGby01JbS5eRjRkI7yzVfB46T52kVotjWIwZR9T7qgzAy6ltmzjeFUtiyTAKE1vZunIrc9PGUhBr6ZkhEwgGF6GGAoFAILi2SG6SMzLITJY4t/tDNh8+Q3VTBx2dnXQ013Dm0D42vbuHhoRy8rNiSHFGJ8bQAgTqd7D27S3U2EqZtPQ+7r3NTfWKP/Huvlrqu4Jil4XghuCGn9m6XgQ7m2j3+PEFLxmKkoSsmDBZrNjsdhzmnnQZgU46Oj10eC8evJIkI6tmzBYrdocdi9pr6trQ0bUAPo8Hrz9AMKSjGxKSoqKaLVhtDuwWGUUcABBgQCiAV1NQVaU7vYmhY2gBvCEVi1lBkSX0gBdfVxstHu2S+t2pI2TVjNXuxGE1dV9DD6L5OjjX6iN00YYXCUlWUE0WbA4HVosJU+9XLyNEwOfF6/XhD4bQNANDklFUM2arDZvVgsUki2UawRWwkl02gnFj97L2F3/h578yc/f0CgqTFIxzh9i/eR1vvtNA1t3fYnJhKllW6IhUhKER6mrg1Nu/5I3jaYy6fzJ33luG84SdRe9+m1dfncqQuDkkliVhH+w0hloAvyaBpGAxyYABWgBfqDvdi0mVMbQggc4mWjw6mn7pc0lGUU2YbQ7sNgtWVQZDB387Te1e/EH94ueSrKCoFqx2OzarGXPvdEmGRjDgw+f14vMHCWkGRs9zz2yxYbVZsZlFou1rzS3rbB3909f5tz+tZ/Whzos/sDqISy9i+NRF3Hnf/XxufGr37/c/x69/+QI/efMwnl7FTbZEEnOHM2bWIu5/dClz8i0XHlqhdpqrdrLm5T+xYv1ODpxsoSWgYE3OY8jomcy991EemJRGssMkphhvdUJ+OLuZd0+lU5ifQXGWE/xtBM7u4q2TOUypSCcz0Ubz/ndZ86v/j6+9dslpR9WEyZVAWv5oZj/yJR6dNYzhGU5oruTcuz9g/t+upbozQDgghaxYsLgzyR0xjbsee5w7JhVTnNDLHPjOsmvl66xauZb1u45RVe8lYHGRMvQ2Js5bwl23T2RqSTzirJfgSiip4xm9OJ7vul/judfe5Ll//hmn2zQ0ewpZxbcx5Zkv88WHxpEbaycqXyjQQMfp1fz8F7tw3/WfTBxXzhCHCyNnBA98aQHvfutZVg3PIj45nvGpg+xt1e9hx2kLkjuTiSXxoIWgeisfnEoiIyuDYbkxeOqPsfcXD/H0K7VUtwYv1JVlsDlJyxvFxMWPsnThNGYVxUGgHTb9K1/9p5V8cKiRQLi8JGN2ppFZOoHZ9zzA3QsmMy69V2LxQAPHN6/lnTeXsWbLPirPduJTHcTlDqNi2iLuuGM+d41NwczApEG6VVCbm5s/tYCmaXi9XlpaWiKK5aTrOoZh9CSc7Xs9wzBob2/H0K+8HfJaoPk68TrLGXvPRB68vZSYnt8HQ200Vm5n9973ePmnzRD/z9ybBy7Nh88fQ1L5ncx/5k7G9Oiu5m3izKHt7NrzGj883YntB08wJsGCS6/h4Adv8dpzb7CsJpHRkx7nifvjiFX9dDVWcezgdl77+y0ce+YfeHr+MIal269bXwU3PiFfJ7UfPsebp+9gsT2W4iwnvpZajq97nperH6IgJ4HMRBuGFiCoK/iy7+Xvn5lKQYIDM6Drfjzt1ZzZ8S7v/u6nGIGvcP/iKYxDwwgEaPPlM/NrS5lcmkW6DIbmx99WzZ4PVrDqt0E6O5byyL0TGGL2ge8Yr//H93hpRwf+pDImPXI3jydYUQLNnK3cxc7Vv+J/jxzi+COP8fSklKj6q2kaXV0ermZ/ehMMBvH7/RHVgQu2KJzIuq8YhnE+KXQ0yaSjkQmDbXOvIbIJe3IBpbd/nr8esYjWLi/eoAGKBaszlvjEVDLi7Jh7dsc7h0xm2jP5rPAkUdqj12Ampfx2lnynhImWoeQmWpGnP8WXRwTwqrGkJut87VfD0FIKSU1yokgShjOT1Alf44e/b8OSkUdK/OC/ytZ9vJy1BzOJLZvDxJJ49JCfmg0vs7xqKlOnuxmWGwO6RtDTgSdpFg9+bjITS1KxAYahEQi2cHbne2xc8ydeaPcSfPJB5iUaEOyiw5fGiLvvY+acURQqgGEQ6qrl0JZ32bH8eZrOdWL9q0UMtwO+Y7z/h//llbWHOCplM/Ker7MkxYUp2Mq5UwfZv+91/rh/D4ef/CbfmJmGyzLYU4I3JgYQ0kJ4emxYnxJRW63WTy0QCoXw+/1YrdaIBrCmdS9zRDPwzWZL9LG1vPWcPbyTjz7Yys6zbajuHIpuK8XdVou/xcA+/XMsLOwuKrvSyC67jVnzJhJ/vt0e2kekEau8xl/e2cg7W6qZn5aCC0ByEpdexLjbb2e2udvr1wMdNBU7iJHf4ld/WcP6yscoHGkhdHQjm95dz/qaOG574PPce1shQ5KdOJQg/rZ6ThfvIkV7mV2nztDQlo8/3Y7IIX9r4ms4xtF1v+fnf1zHuvYaaioPUDUukSTlIMtfeJctvmb+s3Yydz28gGILoNpQksoYP2MWFelurIBhBAl4GjhXYqPuH5/lxP4DHBwxjHG5ADLIyRSNncTUySUUKGDoQYJd9ZQm1XLmJ3s5uucoBydNICeumbp1v+XlD2qQKhZy+9wZTC3JIC3GhBLqoql6OHnvLGdrbTOnqmrpmJSCk8jfgCVJxmQycTX7c3EdCV3XI6oD0duisPMC3QGEB0ImDJbNNV+XaQzZZMWemE1BYvZVy6rORJKciSRdfAUsMSlklqaQGf5VUj4FvQoNHXtxBmtJsWKKzWfYuH42/hqgedup2/Asv3phBctOOLBuOUrngaGMLqhh2XNreLfpKJUHDnGuZg4Tx8YiSRJSXAHDbpvC7In5OAHD0NFCnTQNteP/2fN8fHQX2w7OZt7UnploOY7s0tFMmjuXkSYAA83bTHl6J12/38D+nR+z7fQihhcb1G/6C2+/f4gaeynTFt3FwpG5ZMXbUEMe2htGUrTxfTbuPMmxQ6donZKMzaLcustfV0GWZEwmtXuc9sXZsts/fUYlGAzi9Xqx2WwRGRxN086/2UU68K1WS8/Aj3T0Bzl3dBsb33mb1zY3YU1PI0Wp4/j2Gup37eKcN42ioZ9jXjiShNy9N8vutHPhLthxxQyjpGQ7met2sbXqHMFgYrgCimrG4bBjDzcRO05zMcMqt5PoeZ9T9To+fxuNu7ey92gbevFSnrh/DuUuMIdvQ1IaSanZZMeayGjNJDWm1xSv4JbDAHQtSHNzC34jiKbraJpOQA/Q3NJKwBxC03R0w+iZ65VANWOz27A77YRdD4fLSlzSFMrSfkNVWxPNTV2QG5aiYLH16Hp4GLtsxE4cSf6zWznS2kJ9qx+PfJptby6j0nwXj86az+IZZWSePymWQFxKNklOO1lVzTTYo9zVDMiyhNls4mr2pzeSJKFpWkR1oNt56ZYZmS3SdR29JxZYpAl2o7V/MFg21yqCR18HDAwMQ6O1rZ0un4yqaWiaRkgL0tzSis/vJ6Rp3Xsiw5VUM5aesX1B053EjBpHWd6bHDzQRG1tO5yfIlAwWyzd5cOPEqeDktHDKXpnG5UH6zl7LgR6C3vfXcvBziwKFizgwQWTKDw/hOOJT8kkOT6BrMJD7PTFYFaFPlwJiW57YjKbsdvtfXO2rn+zBhC9haNb17N+yylay7/Ez/52EUO0Q2x5+b/5Q301p8yZFF3NdhkagY5W2ls76NKsON22TzdcehBvewctrR78ZgexTglVOsuJqjM0huIpGDOJUZeJyWpyxpM+7REe7leHBTcDtuQhFN7+NR778CVqpft49NE7eXRyBo2HNqDsfIdT9s/zV1+byfTSeBq3H+HAZa9ioIf8eM/V0uqRkJxWzNZPceINHSPko7W+iY6QjGo147B04umsYvP2Oty3T2ZYXkYvR+sC7qHjmTj0GnVeILiJUW1uMud+i3u3rqUi9GqzAAAgAElEQVT29EgKZ3+B7ywdSqCzGWXjX2j038X99y/hmVnZdJ3dz87LXsUAQ8Pb3EhbR5CQbMVmv8puSd1PR3Mr7V4dw2olxhbA0I6zZ38NpM6jpKS4l6N1AXtGMcMyihl2DfouuJiby9nyV3KyqprWUBYT5s6jzC0BpUy7fQKHDx7n+AG6g130OOyGHiTg99DZ0X7hRmhd1Gxdy6YPd3HAn8+8CTlYreFPdbSgD09HOx3h3Yi+cxzbvIkPP6jkZNJEnipWibG30dbuwyCB1PTUAbwBglsDHTQ/XV0ddHTI3Rtj9SD+lpNULv8t71VaSRqVT0FePFDXUydIwNNFV3s77Sqg+Qm1VvHhy2/zcWsyJTk5FGf4CZ5spbYOktLSsTvFPkKBYMDR/Hg9XXR0tKND96lDrYOjq17hg10teAqmMLw8Feg53GVoBH0eujraaTfRHUDWU8O2Fe+y+WiIwNBSRhVoQBONjRqOgiRiRZzGAefmcrY6m+jyyGBNJDO511t9ei6JyWlkHrp4A2ioajV/3rCW939tuXAaUPOjqUmklM5k3l89xJcqzLjNPd5Z8Dh7V73PV6f8AWt4hjXgxzAnkjZiLl/6zpeYm2rBrQQBDc2AoMhIIrjGGF31dG36D75wxy8uhF/QNQwDgtY8xt3zdR5ZPIHJGQq0AIYfvOv51Vd280e7BVWiO4J3IIAeW8a0Bx9n6R0TKXd0UNdzpimowbXeLy0QCD4dw9AI7P0d//r0i/yXTe15Lhmg+Qhaciieej/3LVnI4iEqhKO/+D/mrR9uZc2zzp5DBQb4vejOAobPfYjH7l/MeJcOuh8wCOkQEs+lAeeqzpaiKMTGxka872BQ0DWCBoRkBdXUa71ZNSErCur5g+/dKAlljCobyz3TC3CigX6WDS+8wn5TOcNnLOTB2UUkWaQLjpicTEZpMXO+MJcyFVBAVe04YxJJysgiKy8dt1lG1pOIdzkx6W3UVVcTpAgVcYxWcG2QzG4s+aN59PGx5MbZMBkt1BzaxkertnFi1IMsvXMCY4ck4Dy/50IFpYjJS+9kTFE6yQrIqorZ7CI2KY2M/CFkpcRgljXMagpZyfBR7RnaO4eiER/dsfybAEmSIt4YH6Y/9lKSJCyWfhwSEnyGkVEzJjN71ljGFiZiNbroPHeI937zPMeL5zJ33kzmjMzAbZIuOFtKLsNnjWHS9GHkqCDJEiazi5j4ZNJy8snKTMAq+zH0TNISVPa01tHc3ESIjJtstuXG5qr3WpZlLJbPyDk5qx2zyYCgh/YuDcKPidZmOjs6aDZsZPQqLrsyyR8xmYV3jSceDfRmhoYaeX69B19DAw0hM0VcVIH4rHImLrqbGRaQZJBVCxazGXPviJByOtm5GSTsPcDeHZv5+K4iRsX32iAPhLqaOLd7OW8dSWfE1JGUFSThutVtqxGEYBUbXtmNL6uCvBFDKRi02W4Daj9m3YfnCKXlUTapiIwbxTKpVtSU4Uy7fSEj0t1YjU6aSjPI1Dr58Z5KGj2z8eq9ghJKCphSKZk0izmTislXAVlGNdmwW1XOP9MNJzZHLmPGJLHq4Eb2HS+hPD+eXMfF4juOb2LngVpOGfnMXTSSZPnmTEXRH2env3WjdfIElxA8wc53d3DsnIP0WQuZnH71KoOJJEnI8UWMmjKbRePzcBo+vM2VDOk4zk93N9La1kWbbrpwMhNASSBn+ARm3DmHET3BsRSTHZtFRTkfzNSCJOdTVp7K6j0HOXLgCJVjMyi9ZD+xt/YQlfv28GF1JgvvG0emw3xjJ/Ou38WWzfU0W9IYPncEmZcbNoFOqN7Ma+9ppE4cTklJOgmD0KcBeXx4PB6qq6vJzMzEYrFcv1kyWxqJ8TZswToqD5ykpbSAGKOFmv0HOVpVzTnjkoTWigmLzYE7zk23zsUzbt5ijp18kZUH3ue194oZunQYiWqP2ybJqBYrrjg3bsunzFRJbnIqRlG6/yR7Pl7F82/mEpyQR26yC6eiEexo5OzhnWx49Xcs15cSW15MccH1uSWDhebtwNfZRac1lUQHKH36ynUwOmg4dpIucx6JwavXuG4YBjTuZdOyo/grDBJuu87OltR9j0LeLrw+P75Qd0RoGaM79o4/gF8zupf2JBlUCy53DO44N1bcuErHY1pYywcf/ZHVa0aSEmsjtjy5O2QJgKRidTmJiXPjvtJzXLJgi81kzOJ55P1kF9vfX0usNcT00jSSYiyYQh5a606ya/UrrD0QwFt0LzMWXc9oeIJoueY2t3E/uw5UUVnd3r0+IEkoiorZHkNMfAqpGZlkpycRc6NFuTU6aa4+yamzbtSJg9cMWQI94MPn9eAJ6khG93jXfF14vT58IR0tPJBUMw6XC3ecGyduYpw2Zj30CJsO/JH9GzeQmJZM+tRczr+HygoWh6P7uXTFMzEKKAmUzZxGYeUmjm1bzesZDkKjs0mNtWPWvXQ1VXN402rWfbSHrfb7mHqXxg2/2th4kF2r93MiZgRJs67gbOkh6Kjj1JEAcukQ8ge8kd2o+/bt6/5JUlAtdlzxSSS6bVjU8F6QEJq/naamVjq6vPiCOjoKisWG3RlHYoILm0lB+RRPsampiVWrVjFixAiys7NJSkrqPi55rZ0ucx5DivLJPrCRj95bzrq82eSrZ9i77TBHzrYi9WGCTs2ZzrTZhznbuIblf36Zd8fkcke+43zQ076SUD6NyXMaOXP6VZY9+yP8p2dTUZhKiiWIt+YIB3d9zOo9DqZ84zbKspOIvZHfHiJGx1N3gtOHjnIi615mFUlc7fAMAJIZLCVMfiwBzRmHcyBmtQxuiPVdWZZxx8ch7T1K5cGD7M91Em+YcMe6MA7uY9/+XDITLNiu4IDKMZkkjVzElx54h2+9+TofZsSRmTqd0REOMbMrkdyFX2bpzu/w4tZlvHXuJNXjR1Ka7sIRaOHUng/4cOc5QgWzWDSjgqzP2pSWESIUDNDhU3A7zciyRMjnJaRpGFYnNgUINFNX20RLhw/tIuWQkE0WbE437rhY4u0mwKCr8RSNLZ10+LkwS4iEYrbjcMcRGxtDzPlsyAYhbwed7W20dnTh8YfQDQnFbO2+rjsGp7X/s1phm1tRUUF2djaJiYn9s7lH3+DFH/2ZP2w8hz0lDqcEqsWCIzaZxKxiykZPYtr0KYwvScVl4lOfBwOKuZBR890U+iRsGVcvfr1wxsSgdtVRfXQ/OysTyUt14oiNRT5xkhOHD7K3KIaUK9wzyezCVHIfSxdv4Pt/2cDGNXEUDVnKzGQiXOKXSJ/6AAsP1/Piqs2884d6Wk5OYUReAq5QK42V29i68wRVFDHzoUkU2M3YbpTvsT+YnZB/O/c+GcSREod7kPqkjh8/vvsHeyyJQ25j1qN/w1/dXUFxmgsV0L0tdBxawR+efYXVG/dw6Gw7nUocsbmjGDdnKV95ciGjsmI/xaPujv9SXV3Nd7/7XebPn88jjzzC+PHjsdvt13hfQgxlUxewqKONE//9U56a/29Y8sax6PFJZI/wYqnqZQwlqTuA3CfEm8iZPI/ZDdWc+MXbfO+XU6n4zhSGIiHJErLRx/aaMxk2+3HS8ksY9sLveWXNT/neL+poDTpwZ5YybPJcnv7pkywdm0CcfYDWp8JxmgwDg3DfL74H4SCO4X+7v5/eZQwMnYsdlPMOS085o4uG43vYuuojKufewaR8MzZzj/Pe04bLX18CbCTl53RfV+qRd+nUSfj/n/j+esr2ikfVffkL+SqN3hfrPlGNrEog9a4rIWEM6JSN2WZn2Jw7Gbr+JV76j90cOPEUX3p6OhXTZ1G4+k/86Ns72ffVb3L38HDQSukSJ1HGGpvK2Kf/lnu2/jVvvfsesck5lEyTQJKR5B59v1pDZCvYR/DgP/4XQ1a8wltvrWTVT17gxzUdYMsgt2ISs+/+OkvmTWRKYaSvIDcA/iaaa06xcn8M987Kx+Uw03ziALVN7RjlM6mIA06/zs//zy/40+qDNEqmC/dMMROTXsyI2UtY8uCDPDEpDYkAu3/3Vf7z+XW8fUwinEoVxUJs7m1MvudzPHT/Qu4sdfaoc4Dmw+t4b/lrvLJqE1uPNNDhNxOXW0bF7Pu4996FLJ6Y2+8lB03TqKmpubY21zSEUYsf5fP/+CjTzQY+fyN1x3exeeWfefu5d/nLykX88/9+l4UZEu7wy5Vh9MSaCl/k0jF5yfi+dOxeUkaS5IvH/Ceu32NTzl/fSlx6dvcsUPgU+kUGrFddqY9jJAoKJ0ynePMfef733+Wr+4/yrf/6W2ZPW0DRxhd488e7OXD0Czz5xDSyJAm5xyb26hFgpuy+J7jj8L/y0q41/PHNcm57agguws+xPrbaWsTtT/09ueWrePu113jjd3/Pr6vOoVvSSCsezcR5D/HXd93B4or4q19rQLi6Te8p1q0H+sXlJEkCWQVHEjmFveoZPde9oAb0VOt2EsJKYVz4XX/1Qn1/+3acaATaznDq41X85rf/zO9t3+eB+aMYZT1G5Uev84N/f4OWsQ9wzz/+HSNzY7GHGqk+tJnVr/+Qf/qXZr74zJ3ccVsOV8qKkJKSwn333cdLL73EsmXL2LBhA6NHj+buu+9mwYIFOByOazfLFVdM6aJv8P+Pf4J/MHQksw2XaR+rf32Cmiorcc7ue1f4yE/58b0qqj28hNgLcw7DFvwN/zL+i3itKWTFWVEdj/HF797Hw9hI7GuwZTWGuNxJLPhqKZM+58UbCKEZMorJgtXuxOWOI+YavMX2hWBbDXV73uON1zaxr6qVLlMiGSMnM2XeTOaPTerewN98iJ3rPuSDdbs4eKqNdtlOasEYJi2+nQmjcslxNtNUtY3ffXMdiQ9NQ687RcPhI1S3hQg48xjzwGPcOUalad0rrHhxGWsOtOHZ8wVOvH8/X3tqMqMSmji5ZT1vr/yYA1XNeLESVzCCcbfPZtr0EQxx+cC3g+f/diWdwxcwesFYhnTtYsOzv2VP2WMUtu6m8eQJjtX68NsyyJmzlMcX5pHqMqFonTQd28eO5StZvfUEdV0G5oQ8hk6czpTZE5hSaAOa2fDzH7FLS8evqygnj3PANpP/++2ZpLXsYMs7H7D2o6Oc6bLgzhnB7aM7afDon9SP64BsicE57q/43vOP0xlQsLrjiI9zYM34Nr9e/hW8ugVnQiIxVgO9YhRjA25ykl0XZx2QrWAfyyM/ep3FOLG7Y7HbDayLvs+qcQZxmcnE9HWYWTMpv/1JciY+wOc9fvwhHWQVs9WOIyYW92c0LITWeIKzW1byvzsmMXtiNi5bMyd2bGLbUS9xmTMZEdcztuViJj54P7OeuYuJ4T1rupfGvatYu3Yby37pIy7/2yxI7v4oZuR9PPq5h/jWgqyesm2c2fQGyz9YzUu/8eH+l8eZGgPnPvw5P/3DNg4Esxn59H/z9bIskqRWao5u4f0163jrVyfYX/sMf7cgg/7c4etjc1WsdidJKYkkmsEw4khJyaawtIzyEa/x8vNr+e4Pp1D4D1MYnubC0lHFiZ3v8epLK1i/7yxNuo3YrJHcNncRCxdO57ZUA3zr+Z9vLaMhIQlzkkrzli1U1jcRSJ7G4kdmku2r4vj6dWysaqPeF8v4x/8vD88oZliaBb2jhqYDq/j1H1ey9VANDR4JW2oxw6ctZOmj9zI6ASyh7Sz/5ZtsORlH8Zf/hkeHNrHyO19lg3s6DkXHcXozW44309BuJnfe0zx69wQmFcVf82we9vIH+cp/zufhLh3FFkNCqhVn6jP8028e4Bt+GbMrjrg4B6bst1kRiCUp0f3J799axryv/4IJPhnZmYDTYkaa9E/88iUNU2wccX310C3J5N52L4+XzOHub/jwBUIYkorJYsPujCEmxnX1awwEvlY6Tu7m7RfeZtPhGho7dRR3KtkV45ly5yJmDrX1fE8K/qYzHHnnt7z75kYO1AYxpxQxZsECZs4eQ4mtGQ68xD/9T4DCh+cxfbKT4PbNvP7z3cQ/PB7/zl3UnDhDkxFHUvlY5t8zjK7Vb7HzUDUnW2QcQ8YyfvFi7h3Vv/uiFpWW4sZA82eR5jZxeNUqthw9ztmRGaQHdrHx3Q3sT1nM15csYGJZNuluCybdQ15mCukJNpIOp5BsVT45+9ALq9VKXl4e8+fPZ/ny5VRVVdHa2srJkydZvnw5c+bMYcqUKWRlZUUcqfli/JzZvowPNx9mn2USTz48lRybl5qNlRw/66MrqYzhGd3r56aELLKudBnJjM2dQoa7V943WwJJkU5DSwqKxYk72Yk7OcouXQu8Z6nes4Flz22lJncCU8Y6sXlOc+roPja96sGU8DAzMps4tOwN3t/noyNjEgvmJOGgg+otW9i6QsUXmMbCGbEYwTbOVe7kwLpUxkwexrh7h0NjFae2b2L1qx8wJGMqBeXDKRl1nKrGE3hmPsY9U4YyJNnDiQ0f8sF7hzkdO547vpiGM9TMyY+3cWzTRwTUWLLmJ2HRO2k6XU1beiddQZ2Qv5PmqiN8fGo91pmjGDZ3JBWdpzh94AArX3qdbWVPM3loDKajW9m2bhPvnIxl5L0PM8suEayt5Ojx7bz/mhfbUwupiAfvuRpOHDuHP2s0o26bx5LMHJLVanYuX8PmIzqm8nksLYvHqTdxessOGhrNRJYcJkokBcWRTEbeJYpiSSMnJu3i3zljiL3sRWSQHSRkFZDQ+7exmRRevsKVkc3Y3EnY3EkMpupeUxp28fH7b/DLF1ZzsPEI3zVXMSLlOAc3bGHHCYN4r0rrnV/gQbcGkhVHQjrZRaWUhifwjBCexDYaTp3h2OrDHKyGOT03WrHHE59RQGlpz75Qw0+Wu4UzVX9m3ZGd7Dz2AJNLDrP2L+uokioon7uYpXNKyE5yYZP8ZGenkRKTwK7TIdrsUr8nVcM2d968eaxYseKa2VxZllFNKqoJQMVktmJzlDFq9FmaD+zijWVvs/uLI8lM8NG+aQUr3/qQrfoY7njmQeJMXZzbv519m1fw+3aDpK9OIwcvLad2s+1wFtlz5jDnoc8zraOSlb97g1XPVpM1aiKjpj7G4xPrOLn2N7yy4j0KMlykJcfhP76Jt371Au/r05ixZDE5Lj/Nx3azf+df+IWaxw++UE666qG1/izVpwMkeQ0MI0RbzRF2bdOIHTWHuVMf44lpLbQfWslz7y9jfUY8SakTGHaN37BkWzzJmfEXjyVzEumOi5MTYSuk8MoXwZ2SffHLnzOd7EgTOUgmLI44LI64i+zEjUWI9pqj7Hn7dd47N4TbFkwhNVYi0FDF6VOHefvFOLL/zzQKAIwm6ms9HD2Vycg7H2C4p55DH23g6LYtmOLSKJxoQu1qoPqkn4R2HwGsBLvOUXNwNwc+LGD2hMkU39ZO9a7d7Nn8Ns/X11Nx23hGFcqUV25md+Uh1q3MZMyI6aQrEG2+l55RJqFYXMSk5TMkOcAHXR14O6upqa3kwGEvGXcsZerIHDJjTD2njly4M0oYmRCHY0gIe3IsNsNA7xWYp3deMVmWcTgcLFmyhF27dtHQ0EBTUxMtLS3s3r2bkydP8vHHHzNmzBgqKiqQ1WhnuSTMZgmj8wyVW17ifxs3E2+CrtoqGpxFjBw3leGx3c7WrUSg/iSn9h1gS00CC56YxfTSONze4xz8aCe7KnU8Hj9G/T62bzpFo3s0w2fOZc6YJFxGO2ccZzn2h4Mc3ZPJsYoxFMgSst6FZkknu3gk40YmYW1K4pRvP3/+9SHONk2keEwB2YW5ZO1opWPkDKaNMxNna8WbkEPeqATSCyYwZ1w6Tq2Zo9oxXv6omkP7TtN6++Uf7AYGHs1BRlE5o8Zkkqylc9zewvuvrqPy7OMMzwjgObCfQwebkUcsYOaCEaQ5IVCThPmVt/lo/zY2HJxO+QQJWQJf0EZM6lDGz5pIUTyYGtawd2cdHcnjuW3+POaVO1A7T7PjxHo+MhnnT1gLriHGhUTPfa5iGBHXAc6XlxQbqsmCVdaQ7AmkpiaSnFzLMZOKjJnYpFRSXCpXND+GTsjrxe/T0Ex2XFa44uqNZMGVlkFKvAV7oI2mJi9Ub2Hj3iD2ORWMn1ZBcXp4/sSKKzmf8kl2Uso8NOoxKIaBoesRbVC+1Oba7XaWLFnC7t27qa+v/4TN3blzJ6NHj6aiogLF1I+VBclGbEomRaU5xP7mICcb/bTXHuPgjn3sOGEm54l7WbywiGRTF425QTzPf8Da9evZdPc00lJlZAJgTSFlyASmzcknNjSCjtV/5OdHO0hx5DB6+mzKlRpa/Ct46WcHOVU3iSYjkThnKmnlM5iXdzcLJxWQHxOgfrOGXvdnfvzBLmoeHEriJyYjDEDHq1vJyyhi3PRplDk70MpbeXfFi5ytquF0K9fc2RJESghPWyOnDx2lxjmfYVMnMiLHhtZwghOHT5JQF4/TJHf7I0YI2eYmtmAME6blEk8LqR0HeHVXHceP1eKZmH3xnmtJQpIMZEnDiBnK0NEjGZZpUE0rDTt3sOwULHyygtH5biwpLXjqN7JnfyVn9OkkyxCOKmVggN5jj/rgU6jhalqgnY76Sk42Ktgy3dgsHbQ1t9LYEUfJqCG4zJcc75ZNYM9iaFn3ZsxDe45QX19//uNLs94bhoHX6+2uKsvouo7Wkydq8+bNbN++nY8++ogZM2aQm5+L3+fvWVuPBDMppVOYqqsEjPf4qHIPZzU7rvQiRkyexdRJFaTdKMf3B5CuunrqzjbTnDaL8cNTSLarmN3FlE2LJ6W4A1+sgXLmAMcbHdiGDaGkPJXudI1ussePIP8vhzhSV8/peo0CK4BKWnE5GamJuFQZrHbiMlJwearx+kIEtMvcZCmOjJIKzLF11LSc5sDGKnQJPOe8dHb56Wpto13nkiS0PVUVFVt2OUMz3CTZZSTdgSUlnmS1hfZ2nUBHPTWnazl9uhOltJmjm9ZzDAnopL6jHV9nC4cPn0Mb1215pfhMUrJzKUmzoYa86KeOUd3qxDEqm8KieGwmILaAkRV5pG6sv/FP5HzGMIDmplZ279qLy9z3UxCBQAC/34/LFdl0ftgWJSQk4HalMmdUHisa5vHYQ7PJTcgkdLyVzpCDkfc8zH2FIB1TwOigsWov29auJNSznqMHfbRWfczeBivuUeMYl8WFPVqfEBqgs+YMjc0BfJYEkp0BOHOIU740yjNSyE775EKVHJtKSiw4Ojs5cOAAra2t55NLR9LPSGxuSUkJM2fOJC8/F78vcPGexghQLBbssTHE0YG3S8N/ppIzZz2cc5Ry94wSUmygSi7Shw2jpGAn2/YcYefxIHemAJKFxKxCcoYMIdGsoElpZKbZsHmHkJ2RTkm8guoxkZSTSVygjqDfh9eIIT99GJPvsJBQ20j1nhrOGAa+U/W0+aGrvo7moE7gCt2xZhRTkJ9LcZyCZJhQs/JIsXs45fXS4YnqFgiuKRImqx1XYgLWuuMc2f3/2Hvv8Diu62D/nZntfRe990YQnb2LvUkUJVmWZKtFdhw7LnFJnDj5kt/jljhfnMRxzSd3SZYskRJFiSIpsYO9ggArSIANIACit+078/sDAAVSLNglQVLUvM9DkdqdM+fO7L1nztx77jkm5K5YopwO4stm8qTDyOU0goIFZ2Iq+eNyiDcDxJKaHIPjeDctfX30w1XOFgOZBXRWkoqLiXOYMWoEzFY70Yk2JCWXongDNr2A5LDisBrR9/fQEwJ5+KNNGYj/G7Gzde7MGazI+LrOcGbPO2y6mMWYpzJIifXTFoCAYsZgUhBuMB10+vRpXn31VTZt2nRThc3NzVcYAxgwEn6/n+rqaurq6oiOiUI0XDlTNmKM8aSNX84L45fzQvjS9yWefi+9bi9ilAObZminkBZLbBKWWFD8/QRqOukOGTCbDZiHBwuYo7EaZaRAP+4+PxhEwIDZYkQ79KQRBdBKaAgRUpQPtzAPJ+imo/4w+zZsYdOhRrp7AgQlCPVeojWQTkoCXC/TgyAIWK1W9BrNZYdflEArgU8Gub8Xd18PDadquNh0gSNX7XzUJ+STrfQjMDDfbrSYMVvMaABFVgh09dKnGDEajRiHPQMNTgcWfSe+MO+3ys1QOFN7jhM1p1jz1tqRSw3OakWag6q0tJR52VquUe7xGsqaObnzAEdObWalRgGCdJ5vRUiZxOTlT/PcpxczZdjsh+ztoftSA2fODLYt0MX5bVs4fEFGzihlUqaMeLAXr2REo9NhuMFLX2dnJ6tXr2bjxo243bf+5L+Rza2pqaG+vp7omCg0JjEymwsowQAhnxu/oMWoExD6uunxKHiMDqKdw2YAjS5MFiNWoYuuTvegPgN6gwH9YPyqAGi1WrQmGwbdYFyOIIBeh0YQEGUg6KW/uZbDa3/PbzedoLndg1eRCXq66OmTCLjAz/X3uFjMZswG44cbEQbtiayo2dXvDfTYE7Mpmz+TPT9dw6oXD2BPTiUrN5eCsWMoq8gjKcY4kDFfMGAwGHEM86gkjTSQbkMOXWdlQkIQjBgt2oHNRgwukev0aCQrRlEY2OkpSYgaCUlhIIns1bvXhWGB+DdB88D48QiChGRyEZVWxuwvfJenZxWQH32aSgPohA7a2/2EQjqu575lZGTw+OOPM23atMufDU35X71T4ic/+Qn79+//yFKAJEmYTCbGjRvH/AXzePO915FGlpxJ5eNAyw62r1rHB8eNZDz5D/zLgnRMEvTv+jUvrW68TnHlMBDtJI57iHnf+jpP51+1vCOIiBoJnbYbAI14Zd6vIFx79irEQEWCW22bykdIy0qhuKiEyeOmjlgmEAjg8/mwWMILUhmyRTExMUT1VFO7d8PNhcQsJj/+DMu//TRzrQEIneWNb36ZdUoppWXjmZN1pcvWfeh11r/5Fm99b7BjSRaiMiuYvuwpnnlkEeOs/Yi2aCy+C/h6vfR7AfNH1QI4HA4WLqHwifEAACAASURBVFzIuHHjwprZitTmVlRUsGDR/Fuyub6eHlrONnJGl0lsnA5zX0SnuRKR62fL7TzMyS0v86//cwD7l37Idx8uYmyCmdDJNWxa+TJf2nBPZHRRuQU0tiSSZzzDP094mLOHD3Ci6giH967jjfVreK30Wb73/80iY/BYSeT6y//hIDDyDM2CgCCKSJIGUbi5kGbF2rVYEBAkDRq9BUdsAnEOI1pNEjHxCSRF7+SD97bRXD4Nq3HQkwSQPdB/lFUrzmIoLCUzt4SCgoLLJx6a0h7Ypi7i9/vZtm0bbrebYDA42NaBTMkWi4WlS5eyePFiSktL6XP3smr9CtThcnswWU3YTHpCjc20BhRsOpCEED0NZ2k800y7M59xziic0lkCvR66+gA7A158dwvd/SI4rNjske/R8V28SFOXDiG5kGmzMnBa9IhCgKbOPnq7+7mlKHSLDbMV9EoXnV1BDCbr5bi8gMdHMBBENGqv2ZsEUcTgsmESzxNwu+n3wOAEGL2XLtHn8ai98DYjIOBw2RlbXMicOXNGLOf1enG73bhc4W1LH3JYtFotvhOXqB2R1NCuYRMmswJKLguemMfJl+qpraxkc8VnmRv/4byJbeyDPPr4Y3x1/mBub0FCa7Bij4ohKsqIpAlBTgUFzu2cPXmao7UVlJVdmToj2FJF9bEmDrXHMXV6LgWFhUhhpGkYus6rba7H47mmzV2yZMllm+v29PP2upUj1nUFgWbO1Faxdvt5zNO/QXGUhViDE4dZwHCxg4Z2UGIYMOd9bfR3u+nFRW6cBelGAbQ3+Mrf3salhi7OWcbznYeKyU5xYtcrNHm9tDR1qGP2PkAOyQS9MoLZRVrpZOKySxg3tYgjlTt4eeVWDl2YQtSwZYc7/ZuHq09TPn78dba2O0jOKWbSxINsWvULfv+6n6WzJlCS4sAsd3Kpbh873nuFN+rLWZJZQqndjFP74ataKBS6HD8giiLd3d2sWbOGxsZGZFlGr9eTkJDAvHnzmDBhAsXFxWRnZ+N0Oqk7c/oWboHK1ZgT40lIj8K5by8bdkzEWB5LlLeeI5t2sfeoD+ejRZSnlpCXeJwj505wrCqPgqkJWEOd1G/ZQ22/C+vYZLISRWgdud5QKEBfWztebxRmUUBLkFDAR39ARJK9tB7bSc3JFi60+gk5+vFFOoWkSyIlNYH4I0c4vHk7NYVzyY0WkFuOcqjyKLVtJrIffYgpcdeQFUWktFzS7Eeoqz/N8Zpi8srsiF0n2bbvLE1tEgnXEFO5NTRaCbPZhNM58pgtj8eDVqsNSwa47GiIooii1wMh8HjwKkObH2RCcgiP/3pnEEAwElu+lCn7f82a43t45/1iyp4pupzFW7LGEZtVzIQJ2dc+hWIE5xQWzFvNb/ZuZf0KDVZ5NtPHJODQeOk8U82ute9QeVZDsOgxFplMOMxmNGGkZ7ja5vb09PDee+/R0NBw2ebGx8czb948Jk6cSFFREdnZ2bhcLurP1I3g6SHj93no7uymWwcEPfRcOkNt1WY2bNrLbn8Rz3xhFtlRZkyOAtLS9xFbf5Sta6uY/XgxsZoeLu7fx+FTPXQnlTMlV0IbSQytICBJIjpJQQz00eXTooT8dJ4+SM2hgxy8EELxtOPxh64d0qBy7yN3celkDbveqaK34kFmVSSSEG1B77VhFCEQUBClG2xQuQe5QVfX4kguomLOgzxxYSVVB9ez+mI1ex1mDIKP/u5WGs9rSCweQ0aiE9sNztTf38/Ro0eprKykr6+PMWPGUFJSQllZGTNmzKCoqAiDYWBqI9IATZXro43OIK2knFlHNnFsw3usOWbCEGijtcVHwJJHWbwBKaaQCQ+MpfdgG2c2vsPKeid6xUPbsS70eRMoGpdLug38I3G2BBNWZxQuR5Dq7W/yrmYcMwrjSci6QFT1Cbb/6XW643Qo7j5kRyKJiY00XjzG9rUZxMyWrxu7dV1EJ0lF5ZRe6ufigZ28/+cODlsE5J6LXGwKIkcXkn+9QSlqIKaIiokH6Kqu49DbK/AdicIk9NMRNCNqQmgVhdA9GsfRc3IrB88H6HfkMXusnb6qd/igI5eiohwKUh1qodmr0FlsOFw2HFs3sGKlgdkLohHsJnT+Ova8s4I33TOYq7+21y86C6mYVkx9yw42bnyPzVOyWZw+QmdI0IA2mfIlj3LWt4ldZ3ey9o0GTsZaMWll/D1tNDZ5EeKKqCiMx8Ct1Zu8ns0tLS1l5syZkdncUCvnD2/mzZ/3US0BhPC7O2lvbaVbSKX8ocU8PSOFGBOIQi6FEyYyvXULG7f9mT/07MIseemuO06TLocJC+cyLha0EY4ryZVCfF4Bk+K2sfvlFwmkWLApXmSvicQxWaSfq2bzmztIWOqnV32kfAwRQPYT7D5L9Ya19J+0YjOKhPpaab+kJ2VmBXlROkwfo4DaG2ZYEc2JJJct4QtRUby7ZhM7Dx9g5yEvQa0DV2oexQseZcmcYtJcxhum9W9ra+P999/H4XCQm5vLnDlzWLhwIWPHjr2NlxLE09FCa2sbrV299HuDBBXQ6syY7dHExsUQ47Kg/ySGgRniSRwzhYeelBHWHOD04W48WhfxY8YzedZUpqbp0BDDmLlLCBl3sn3nEaq2HccnmIjJqmDGgumUFSTiEDvpMsWSNakMXbwJy9CasmRA60ihcIKWJKcRo2TDnDGG0ilnqKs8wbGjceRUjCNvuoDs386uml1U1jpJLZvD7JklZCRWsWfjOZqqGuicnUBCUQFymgunQUInO0koLKMwzf5hGRNBh94ST8b4cgJxesw6CVt2OeUaIxppE1sO7mavR0GwxJFaMokJMyYyPh40aHFmjCHbl0yia6jxIujSKF04D69+B9v3nWD/dhO25DHMnD4TpE7MKQPlSe4Uir+fns5WLl1qo7PXjScgo4g69GYbjqhYYmOjiTIOdOT2/W+yYmM/zVlPMimngM6qd3m3fh6G6Dhyb6uzNRAh2tfWTchgQm8yDuyV+JhhiEklo3QKC3Zv5ui+I6SULSVzbAkljS28f2IHO1NLmFwSR+bYApwJCbiuiMXXk1AyjUlNbjor2zjf5COUYsKeWkKBLglb3M1D7+1jl/KIIZbkHVvZuOsoe4504hFNOJNzKJiwhJlTxjE+y07gFgPj29raWL9+PXa7nezsbObOnXtrNteeTnZhOil9DVzYsZkLAFoTFlccyTmTmTNlOjOmlpB1OZzORWbFXBbpTQTeXk/lluP0KUYcSYVMfGAu8x6oIEEMgBJNWnEpuqQE4oc25ggi9owKSm3ppEYP3lNRB7YsiibYSIl3YInKxjVhPk8+dInXd2xmT72D2DGzmDmtgmkzGrB0rORA1Wmap2VhzxrDGIODFKuIIBiIy59IkT6VJOdgWIQggRBFesl4NFnxgzvabgcKcsiHu7WRptZOOno9eAMhFEFCp7dgccaRmBiN3ay7nE5AZRDRTkxGMTMf8+J9bw8nqo7S5VWQrLEk5Jcyb+4DFDh06HvjSMrzIJrisA6zR1pXCmk5DswuJ3pJB84MCsoCpMRYMQoGQq5EssaNweASL29W0dmjic8uoFSyox0KANM7cKakU1BsIEq6tbRRgjJKU0lDU9qCIHD06FF++MMfsnDhQhYuXEh8fPx15RRFoe7MaT77uSeYUj6TZ59+lpKSkhsrU2QUfzM1a9/g3XUb2HjwNHWX+nCHwOFMJW3sLBY8/CAPzh9HrkNzX6znr1u/jhd/8yKp2Sk88dwTWO33SNbfTzgrXl7BycO1zJ45mxdeCH8/rBLy0nv+EHs2r+PtNZs5UHuexq4AQb2LmLRCymcsZPGDS1lSHIVBEjj3p6/x40Fn6zffnoa+6RR1HidxcVFE229nOtYQKB3sX1FJf3ohyYV5ZEWY4vyrX/0KrX1NLF/2CI8ve2rEch6Ph/7+fqKjo8PSN3wZ8bbXYx0FQqEQbrc77CzvV9vcH/zgByxcuJBFixbd1ObWn6njs59/gsll03n26edubnM/gfzpT3/ixz/+MY899hhf/OIXcThukilY9uLpqGf/it/x+oY97D15kYvdXkKSEVdMJlkVi3jymWXMLE4lwXxnKomMNj/+zx9z8PABSiaWsPTRpXe7OaNGQ0ctnX3NZMTkMy5t5sgC5Ee7UX6/n7S0NH75y19iMBjQ6293IQRQgl76Nv+Mn/zqMC3x41nynb9ndkEMTtFHy/HNrHrldda+2k6Dx8S/P1vMvVaYXkVliMC5tbz8k9+wYnc30pi5PPMvE8mPM0PXBY7v/YAN217k+9sP0vzj/8tn867syYJGhz4xnzxFuP1OheIDz34+eG0N8lwzD2RH7mypjC5DNvdXv/rVqNlclZsTvHSK82v+m6//uJ68J57lq39dSmmiGZ27mfPVG/njr/6Hn/oUvM89ymdmpEacmVzl48GoO1tarRadThdxbpyRIIdC1B/ewzljIaVTHuChGaUkW3XoBJnYaBcWvYP8RhElyYCfgXT73rPb2LRuA5v2HKe+M4hkSSC1Yj7LHppOSVoUjs4aTu9+n39eCUsWuDm2+xwhqx3BEk1Hg4mHv/9VplkFrBKgdNJweBtrfrOCE5O/y1fmJ5EUPE7V9o28t2Ef1Rd7QR9NYvEsZi+YybTSDOIClwjVvMS3XoGsAi/utiaa3BkUPfVNni0ayoWl8skhBLSx+83XqDxjJPaB5Tz72TmUJjix6jUQLCB/bC5ZudvYuvU0F041Ecy4sn5UoLuFurf+hf84N5MHH5zJvPIkpP5LtB/fzBsr3mdffRvdIRO2lLEUTZ3DIw9OIlUPmrp3efW9Mxzp1DBpnMzBDUdoauvGY8mgaNYi5s8eQ6qnkl//7b/z+vYz9NceZceJYyxe9hm+PPu+KeZz33AnbK7Kzenr6uDUsRoupD3EV+ZN44GyVKINGsRQMnHxidh0dna6c0lxagkCkreLvtObeWPFB+w62US7T4c5IY+CyXP51PJppBlF9GfX8c77R9l4OsTk8b1seauO+Em5tDVIOFKKWfK5ZUy6XMuziQNvvcbWw70Epn6Jby+Ixl2/mQ/e+4DN+2s51yWjsSWTNm4+yx+eRlGiA1v7IY7s2MS/r1FYstDNoS1nkcY8yozFS1iQcYOLVbkpN3W2FEUhGAyi0WgiqhZ/p6butTotireT7p4eenwKGtdAaSGjM4mcSfNx9gTwaWzoZC9Cbw3vvvQGu9v0kD6RGaUCiqeN+n0vsULSEVowhZmWHnoba9j1/nkU10RyEvLJTTfQea6eY3tPsaH6c5RUGLGaRehtoPn4AdZvbSBhrh68J9j1/jtsOniRtqgypo/Rowl0cP7EBjatC+CWH+LJQh90naKqsp5TXbmMKUghvzifLIea8OITieyH3ip27zyL276YKTPnMbUwFdvlzmDG4rBhMjhJTDtPe7QNs15keDojOeChr243u4+nUTZ1PCFfE81Ht7Hit29z1FxA5vgibBo33U0N1G18lV8JMXxrURox/Q2cr97EplNm/M7ZlE2cRkZfMyd37qCm0kDIGs2XxidQXJzA6n192HPKKa0oojBxROlBP7YMj7AI1/bdiuyt8nFZLr3fEUUBjUYk2NNMW48XX0hE0mqRtFqscVmUzH2UqH49Jocdrb+Vtrpd/Pmnr3LEPIbEkhzGGnz0tV6kYdMf+ZkQy9cXZZDmaaHpxB62VgZxW8vILJ9AVo6WfYcrOX3Jz75ZC5lUMjiT2XaMo/tr2HfKTvF8Gbp2s+r3r7Ov24o2czIz7ApyXyt1O3/Da5IBZeF4Juu66LlwmJ0bmpCjJpCdUkhWdiKJ4dZfVPkIN3W2huIHrFbrHTcaI0XUaIkfN5/xNXuoO7yWV+UGarJSiY1y4YqKISEhjuh4MyatiOxtp+/I27y1oxnHrMd55FMLmJoiEWo7wvaf/R0/3raHA6mpFI8XEAghedrwOKcwbdl4JqaFaKh8i46tO9iwtY6uvFzizQZ8TWdprD/LWes4nip1om9ZxZbdJ6mVSlj26ed5uNCBxn2GfX/4Pr/eVUWlOZfZBZnESRIabzt+cz75M5awrCIRu/6TV7tRBQj5oeUotU1aLLOyyc1NGuZoDaHDnpBFUULWiE7pbz3FqYPbWHlIYOl3n+DxCWkk6ztp2LWCd15/l/99bTvLp8ZhAcRgPyHFCcnTWfJwDhY6ORyo5Vfb6zlQ3YI8t4R5yyfwyrsh7FOXsGjpXKaHl+7qY4ksyx9JEjoShhKMRuL0DL3gqny8MbjiSR8/i+n7D3Ng3et4zueSnZJATFQ0UdExJCYmkeLSopUEAi3HuXBoA3/Y7mPpdx/msRn55Fj6uFS1hnV//D3/+upWFo+LJloQEWQPKAaU1MU89lAuiaZL2E9U8/aBi1QfasRfkokW6DtdxZk2mWDcGCZnhOipfouV2y+RtHQhyx6ZzaREAf/Fg1T+fCv/vmk3uZnJFBQOPPdEbxdu10xmPVJKeZoLs7rGecuMaGbL6/WGnbX5TiJodLimfIanOrWsfm8DlWsPs0MbR1JKIknJqeQWFDEmv4CctASi8dC4cxMnAwVM0weh/QQ17UDAjSU5idCGWs5daORCiRUBDaIQRfG0CjJT4rGbQoSSMikptPKrym00PpFIWoxA2/lz1J9vR1P2KONjNHi37ud0ux93qhG7t46aA4MNtboQextpPnWCWm8mcQCyjaziQvIKMoi6vycKVG6ELEN7O10hMzaHGZvt1peA+hrPce74SeqM40nRNdN0qpN2QHZrsNiM9H6wg6M9S8iQAcFFdHIuZVNzsIsATuKT4rAbL9DQ1UE38EnbgjHkMEXiNA2XjcRR8/sjr1Oocm+gi0olfe5zfLPtd7y6YQcbjuxiky2epJQkklPTKSgsZUxeDpmJTsSWi5w7fJjjxgpe0LXTcaaaw4DcLWCLceBetZ0THQsYYwEUAzZXEhWzKkhygFEykJ+fzu5TNWw9dIjmpzNIFL3UVx+jOWTEVVBIgbaPxu0bOBEqJ0vvJ3TpONWXQPF5sacmE9hwjDONzTTmAooGrSaa0pkVZCRHYVND/m4LI3K27n1EkOIofugrFC9+np7ms9RWH2b/4X1U71/Bi6/8GiVvGcue/0u+OkNL07km3Meq+OWOP/Hi1dNIuhIS3F56PFbsgg5Bk0BcrMRAShoJV1wSxSVFOP+4kcOtS8hO6uX8mXPUX9RT9NmpxGg0HG9uo+fkFta+8zYb/vcqI63JYvwjE+joBxBAisXlMmD7pD3JVD7KYDX6gYf0rZ+ur7uPttNVXNpeyeeX/OTK5WnRhsE5jdYeGZ8CoEevNeAY1g81GpDEELIc4Lr5Pu9x7pb9+njYTZVRRTBgcOQz/a9+xPS/6KC57iTHqg9x4NAeqja8y6v/FSD5ob/nyy8sZVLIzaX6Y3iqdvP1x3+JONxBF0ygH0dbXxCPDhAsGIxRxMXCwDuAltS8MeTuOseWffvY2f0wD5pPUXW4CZ9uCoVFhZj9jRw5exHPseP85Jsv87OPPPfKyXV76fUaEAU9ojae+DgJdW/F9Ql3hGtuVnsrFApdrhYfDkPT4OEWjo1E1xVIJizxuYx1ppEzaT6PPOehcduveXnlcfa/s4YtxQ/jEEFb/pf80+NLeGRqxpWVYgQ9FpcTe381Jwc/0g7Pr+GMx1JUwhznGxytbmOKdIELF3po1uWxaKoTSSOACJq8pTz+6eV8+8kyrti0JWgxWGw49H1QN/DR1bX6VD6BSBIkJBIjtXHpYistLV6IvUbqBoWBQo4jGVIiCNHZJC57gpf/eT4JZt0wMRFBMuJMiMI22NFFAXR3KKZaUcIf65HYIkVRLh8/NNM0UmRZvqKe4EhnqG5FJ9wlmyvfgs1VuTlaOzFZZUxKHkPZnEfx9LZzds0P+Nc/b2T7ziSMY0G0J2Ke8y1e/uf55MVZh82EiCDocSbEYj27i218OFYv98iUPJJy9pK9t4otOzqZm1bJsWYr+rIMxhZawcdAse3xX+J7zyxhybgUrvCjBD3WKBe2nn1UDX6ku8W8Uvc9ioIiy4RCQRTh5uNNM1JDEInRGJpCD/stL5zDFS9B73l2r6qkLXkWBfnp5MXoMGh0GMwDr+n2wkxSNtdSfbGNFo9ETkIsuqMg2aKJyswmQQQUGXy99MlmtFoNeu/A6QUYrOo9qE/jxBw1lrkTDfz8ZC1VvVU09UAop4LpsRJaEVzRLkyAqDFjycwmc8iR8vfhCWpQJAMmf9/lAseCoAbFf+KR9BA3npKcl1lZX8WB/eXMLhhHwhVzzx5aju1g9wdb2ez8NH/7cM61C2gPYraYcdpsiM0y2pQMkp1GzAIQ8hH0++lTrNiGxQjejX4YyQxQJHZo6O9wZK8+PhK9kdrNa+kfqeyo29y7QhDoYMsvfsQB3QwKJ81i4dhrF5q7J1C6aDt3koOVJ+ktfpRZOSaiTAZMOgMmqx2H3YKzNAvX64fo6e7BgxGX04lwNIA2MZXE9KiBmM1QgJDfQ69sw2q4cpf6Fb6/LpXklAzGpOzn5e1VVJ+t5JQpjbEZWYx1iGg6tMQlxqE9rqCxxxCdlU2cwOBzr4de2YJOp0E/uONGuPr8KtdmcBVCGcEA0twsFkEUxcuFTcOJWxge6xCunBBOfIQAshykrXotb+9o4uikmSyckkd6tBWzEKS/8xynDx6jrl1BF5NAZpSR5IqppK89yenDNRwsTGV2pgVNXyM1769ku7ecsvElTLpuvjodRkscE+aW8csV+9l9uholtZTUkhJSdQMlNmIKSkjbsJ2jJw+wtaqUuJJ4TIE2aivXsKvJjjlzPA+VjGxyQuUTgqAFQy5TF83g8OuHOb7+T/zB2Mfc8iySHXrwtNFcd5Cdm7axrboHyxMGEMQbOkeW+CRS0pOI3VLJuu3ziJqWQ5bFR+fpgxw8cIwD0kw+91AuMSNqnwAaDRIe+vvcdPUE8Fu16CIMnB0w5uHlAxtui8Jh6Phb2aUXacxWJDrvjs0NM65MDuFvquFQ1VFOnLlIc7cHT1BCb7ThTM6luLycvPQYom9bXl0F6OdC1Sb2GRIxZk2+tdOFOmlt6qPPpyM2K47bljT+MgK+7mbO7lzBqn0++h6azMSCJOJterSBPnou1XJs90laBAe5LidpKXbE3GzS3tzKll1zSDAVU+iS6TtXQ9WuPWyTH+C5pXmkXFedidjkNPLzY+h9Zy3vxRzHnzmbtIw0YjUgGk0kjZ9OxppjHK86QlVuIjPSTIjd56l5fyXbAlOYMrmICjVueOQIIAgDY21ESU3vRWdLDGvga5E0saTnp2J8/wjVm7voa8wg1WXCKMj4eho4c/Q8nbZsymdMoDTOjFO/jEUVP2fHuT1sfNNDR6YNbX8TNVu2cT4lnpQxBcg3SA6sNZlJnjyXrD++xsHz7SRmJzC7+MNpWUveDKZUnKNn/0kqV65ArEvAHGyjdvcO6jTFFEWNRcaoOlsqwxABO/kPLGfxJQ/vVtayY9Wf6ajNIMGqR/G303r+NOfbRKSCeXx6ehoOk4ZLNzijPjaH7IrJLNr5Z46ufZt3L6WTZA3QVX+ME3UdtBeW4wuN5J0MECWwJZMUE6Dm1G62bY7HMamI6QU3yaJ9PYTwna2hXYGqs3V7dSqKMqKHxWVCXkLddex868+sP9JEY4+PgCwTkEGHgm/vfo5d6GPBwmk8UBw3MJt6r9FzmuP7z1HXE8+8zDhMt3tWVzBhtseTlumCDevZ/F4T54/EEWvWoQ25cXdeoPZgH7aixVSUZJOfasRbMYvHSv6Xo1vX8l73KY67FPobajlWU8+FvHL6A6EbjlVzfBKpedmk/GolGy6JlM3JIDMteiBZqtGOo3w5S8p/yu5TO9mwspfWdDNiT+PAcy8zk7ySPBTV2RoxAgKIwsidrTvQplFGQtK7KH3yb/lSzLu8v2k72zfuZsOlTvplHc7YTLJKZjB74VwemFxIvBaImckTX+jFuupd1lS+xE/f9COb4smsWMJnHpvLlIIE9D0tGBzxZOZaceg0V94orRkyZjB9zNs0KWNJzRpDafawVzhHBXMe9WOxv8Mb777FL9Z349c5SSmaw9JHFrNwWi5Gmgma40jN1BFjNaK7Fw2Syh1HEzeRhc+4SMvfxPo1m9i+6SCbOv2ErNEk5pQxZekCFi2YQXnswJSS1h5PfIIbKdqMJOnQx2SS2RON06xDNKWSVr6EL30tyO9eeo8Nf1xNq1+PLamIcbMe4dtPTybeCpLBSVRiIkmKC9OwfqixxBAb7yfFZkMnGSBmPNOnbeT85r3sWi+hM0RH7mypfHzxteGpfYv/+dk6grOf4aEXFjO/OBGHth9/UzVrfvPfvLZ9I6aoaAoL48iQZAj209nRRW+/F19QQRG16I0W7FEuLDoJjQjIAYLefjraO+n1+AkioTVasdpsOG0aNB+xkQpKKIC77SJtPgMmux2H1YAk+/H3dtDW3Y83EEJGg9ZgwWJ34LLpkTxtNFdXsnn9CQ5580mYnIYmMZkoo4D2tsXOanGkljDzhb/HEv06q7dXsePNC1zq9hLS2ohKyCF//JM8u3we43PicBogNGYRX/tHH7/943tseX09b7k1mOLzKZ76Kf7hL6aT4RTRuO044hNICUVjudpBtCbgzCplQeGbvNEznZKCZNLjB6eeNRaE2Nk8/eUerCvfZe3m37OlPYhgTSSz/FGe+fRsJmbHoOu6gNEVT0Z2CLtWVCcEbiP3gbMFA8WEEyhc9DnGLHyBv1GGv60LgzFXwhVr0Oa8JXzq7xbz2N9+eKwgiB8eF1NK3uMlvPMYiNJVyzWCHqR8nvqvd3hCGXjbvtqxNaROYsbzE5n+3LCdZYKAeLkd8Wgm/yMvrgZEQV0fV7mMxpHN2HnZFM79PN8Y3pcHZ3aGB2onL/k231nM5b7l/PJKVjB4HIAtiYTpf8XfT/sCaweSngAAIABJREFU3x7WDwUG+qwAkPM4z3/vUyhc2Y9d0/+av5kGICAigJTBvG/9krnfVFAiyD2lcn8g9/fhOX6Yo3Ipn31wNg/MyiVVEhCwgj2WZ/7OQuZ+N35nMtoggAeaNvPGT37Dmx8cpKbJQ9CWTv6EB3nmm3/N0jEu4kwiuFtoObiOn//Hr1i1v55mxUly+YMsf+oz/OUTpSR95MkfxNdzlp3/8Sw/rC7ngWef4+nl5cT11HNi1f/wby9v5EBdKz2aWFLLF/HQky/wtccLsVX9Lz/8tz/yp21n6Vbs7Nu/iSf+cyV/M0lPyu3cFS4aMLjymPLsPzHpGWUgvmfou6FZWkG8bPslUxSOcc/zN+XP8bWhY4fN5goAGQ/y6N8v4RFFQJSucrYEJwljlvHNtx7kGwgIovCRAHdzwTKe+seHePJyWz60KYIAxI2j5LMVvPUUCFc/91RuifvE2RogrOSDwrAH0rUPQBAErr+pR0AQpRt4/sJHHLyPHiIiqq8OKh/hwxeEmx8qXmFQBfEaBvKqYz56juuMhWvIXfP8Kp8oRIMeQ2oSKYFdVG87zNjUBOIKYrGKDPQZVykV02QUjQ69to+elv28+Z3/wxphCdO/8UW+U2iHizXse/sNfvY9LYb/81kWlBho3/MOq377FnsTP893XiwkSajn4Afr2PfOi/yX4R/490eGtyJEX0MN1W//jB/szWD6Fz7DkgcKiWk/SM0Hr/MvL3dR9vzP+XxBNE7PCQ5XbmPzn37Ejxz/zTfKnueLT3fhM5/miH4y3/7OY5Sn6ogblVqfA07PiM38zZ4JgoB4o51vgoB4o52oI3zujWBznUqY3FfOloqKiorKKGOMwTDmMT73ZCfv167kD9/fwpqkVDLT0shMzySrYCy5iQ4cJgn6G2k7tYvVuyTivzaTyTOnMCHFABlmnIEa3v7HTRw6vpACi5u2I8fZe8FB+T8tZtqEWOKkHOJ1EjEnO+i2yAQQL88MuZsOU9W4m5c2+Ch64i9ZPK2IvBgNPftOUnPoKK05n2Hx9PGUpdkwBpOx+broqPszL687wNOl04iLcxHldGE1JZOdn0miNBA1qaIyWtzTztbJ2hOsWLGCHTt23O2m3HOcrD1JR0cHqdffn6Jyl2hvb2f79u34fL673ZR7khMnT2Jy6e52M1QiRWNGG1vBvKf6Me0+RFXtRVp6m2k42Urr6cPs276VlPwJjJ9cSrGzG/e5U1T3ZfDC2ExSE60YNIAjjtTyYrJZS0tjJ5eimmlv6qJRzOBTE1KIsoFRjCOzYjaOrF66NHZEoReAQOdJqivrafE0cSZuOf/04BTGxumwSB2caWngZM0J2nQH+OC1C+zSD7hQnovHONXQSX3TKdq8E3De86kuVO437klnS5IkXLEO2lsusXHbBjSSWpjpWlhtFixWS9jbtlVGD6vdht6kp+5cHXXn6u52c+5J+n3dOJMz0OlVh+vjiYAgGYkeu4BlY+cwv62RprOnqK2vo/7kSaoPvMfqg7Wc61XQPuDC1t1Lh8aBySKhHzLlkg7RFIVD10+jx4O3sxePJ4hbZ8Np+TCflN6ZQIIzgQQCQC8C0Hv+ILV9CjZTLLaFuSTbRfQaQOnH7e6lvbULt3KInZUGdMOj6u1FzEyPwaiT7v20Yir3Hfeks2Uw6SmfXogoaom2JmHW2+52k+5ZJElCq1Wd0XuFvDG52Oxq7aUbUd9ag1FrwhXtvNtNUYkAORQg4OnDgwmzQYsxOo3M6DQyx80FFPxnfsePvvVrDuzZw9bE+SyTJDRKiJAM8pCXo8gocpCQMpinSCMhiiDIQQIhUAZjhpSgn0AwREBRMBkHsm11d4ApPoHkaA3H1r3EuqXZLM91Eq8XEUUN1sQxlCx8kVc+n06cdfARN5RgVhQRga5jd/6+qXyyuSedLb1BR35ZNhqNniRnNnZT9N1u0j1NOKU5VEaX1PRUktOS73Yz7mkMF3xYdBYSk+LvdlNUwiZEf2sdNat/zXrpEZ6YX0TBVVv4dPGZRDuN6N0+fEgY46JJDJyitc1PrwewAAEvcvsFmvodOFx2HEl+/DYJu7uRs5cgmABooL/xGCdOXuBkKINHFppRgMTpjzJlyXwWm/fxyr/9F//z3xPJ+c4iHDkO7HYHUTY3F+tq8QSTkNEgAiGfD3+/G7/dhVU1lyp3gXvS2UIASSMhaSQ0Gg0azb3ZTBWVqxElEVENtb0hQ2M70gSjKncTEY0QwhisY9sf/i+XLj7MonmTKM+Iwarx09/RSPX6P7GxFsRx6RQWp2EKTGJexlqqP9hKUayV1FIH8vnjVP75fapcM/liQQxphVHozqaQu2kDb/52LWXPjSNPOs/Bd19jTVU/nqlf4dMMpDrQaXSYTPFkFU7liedOc+hHL/L6uiRM2vEUpeZQnJ/Cn1a/zKs70nl8ahYpnOfY5jWsXl9D+/zv8535MZg1IAX6cHe10tDjJtNkQq9TS9SojB6qF6OioqKiMkIEdLZ4UqY+xWPn1lNzdhNvvriN1aLIUD42xe8jaupyJs6ewYRkF9bARJ764qO8vHs/m353hF0mLfi9+HpTWPj8k0zLTyDWLmKumMmyh9r4/d6X+M0PV6FV/Hg9GqwZ45gzLgZpMGZr4I8WgzOD7CnLeeGBKn67ZQ0bY+04p5ZQPO9RPtv8Lsfe/Ck/Wq/FKPrxeQFrHtOzLRh1IobEbNLjqtmxbQ2/+ZGPxoe/yINFZqLN6guAyuigGV7V/lrIsny5DMTNjr2WXLgoioIiDySAU1FRuX8J16ZEYoeGywmCELYNk2U5bLkh2Ujs33DZId2jrVNRFOQw5CSji6ixS3n8aQfph45xrL6Jli4PXlmDweQgPi2fsRMmUZSTRJJJhFAaZcueo8+6jf0nGrjYE0SISiRjXBGz5k0gL0aPUQRj5jimPazHZ97GkXNd9MixJI8tonTCBKaPcSIIArmzHsevLSUnyQgaC4b4EhZ85mlaNvZgceoQbUkklc3jKVHDhl0nONPWh0+0kZiVT0H5ZBYUWbGIICaWM2FOPx79cS5IWjSSOqulEh4Kg4lqZRl5BH1nxM5WKBQKqyG3NPDl0GAVbdXhUlG5H1EUGUWRI3qBC9fxGW67wlm6HHK2YIQJZq+S/Tg5W8rgdba1tXHk6BG8Xu8IJG1E505iRu41vgpcpOHYRRqGfaRLKWNKStmVh12o4siF4Z8YSalYQErF8M9aOLmvZeCfWbMZC9B5jD17hr7PZ9xMADfdx/dRBaDLomRmFiVXaGvj+L62D//XXsD4JQWMB5CPcboGTt/gauvr6/F6vTQ2NnLgwAEsFssNjv5k0tjQiM/vv9vNuDMooMgyIVm+cdLoQUa8jHhHS3Nc1qW+aqio3J/cubEtCELEjs+Q/H2PABqNxI5dO9i2rTK8wtSfEAL+AD6/j1Vvv8Wa99Z8MvpFBGTlZX2i4jFH2gs0Nws+l2UZURSRJCmiXW8DJW9GLifLMpIoqR1ZReU+ZqDemxTW5hdJGgiqD0dmuJMlimLEM1uSNHKbdCs6h/QOXeedsrlmq4mKWUWUhQScpliMOjV9ydV0dXTS1NiEJElkZGeg1al54q6FVqshPvETsNNYGCzZJ0mII6i7d1OrFanTM/Q2Ga68IAyVMledLRUVlVvjdr20hXOeoRqtkc6m3Q2bqzfoGVOegyjpSHRkYDNGRdSG+5mAPzCwvCqA2Wz+RM3ehItWd//nfrzspoxwvKm7EVVUVFQ+4UiSiM1pQdLocTqd2E2uu90kFZX7CtU1V1FRUVFRUVEZRVRnS0VFRUVFRUVlFFGdLRUVFRUVFRWVUUR1tlRUVFRUVFRURhHV2VJRUVFRUVFRGUVUZ0tFRUVFRUVFZRRRnS0VFRUVFRUVlVFEdbZUVFRUVFRUVEYR1dlSUVFRUVFRURlFVGdLRUVFRUVFRWUU0XR3d9/wgFAohM/no6enJ+wiroqiIIpiWLW6FEWhz9tHMBik19uNx9+PTtKPWF5FReXeprO/Bcks0e/u52b2Zzh+vx+fzxeWDNyaLZJlebBodvjFpCPRCXfH5vYO2twe1eaqqNyUfl8PIgJej5ee7m4E4ebjVHOzwTzc2IQz8IcKooZrqBRFQSvpiLMm4g72ISvyiGUZXvg13GKuioLf70er1SKEY1hvUeeA3OX/jL5OIOD3D1Qql25eqfy26Iz0OlFgSG0E1xkMBBAEAUkTTgnQW9B5W+5R+NcZCgZRFBmNVndndN7idcZZk7AbotBrDGHZhkjtyZBcuLKyLF8+fkg+Er2ROGq3eq3h21wtsXfa5qLg96k2d1R0qjZ35LIRXKeks6OTDJj0FgRRRByJs2W1Wm94QCAQwO/3Y7FYkMLoKKFQ6PJbVrgDX6fXki+UIopSWP1EluWBGxihgevu7sZisaDVjrxiecQ6FZDlEABCuG+ig2+wkVwnQE93D3qDHr1+5G+viqygDBrhsAwGIIcivE5FQZEj0wnQ39eHIIqYTKY7onOoLwiCENbDY7jOcO8RgMfjIRQMYrnJWL5dOm+l/w3vCzajE6tx5G3WDBrwm9msqwkGgwBh2yJZlgd+02G6R0qk9g8+tLlWq/UO29yyAbk7ZHMVWaG7uwvzJ8Xm6vXoDarNvZ0677bNdThc2Gw2hBEMmvAsyB1CI2lJdGQgSVJYN2HI2AiCEJaRgoEfzRBqw+FwoNONfIYgUp2KohAaHBDhXufQQyCS6wRol9sxGo1hDYhb0Xk3HnYA3WI3oiiG9XC+ld/lVh52keoE6NMOLAE5HI47ojPSvnCr16kyegzY3PQ7bnP1qs0dFZ2qzR09nTDM5tpGbnPVAHkVFRUVFRUVlVFEdbZUVFRUVFRUVEYR1dlSUVFRUVFRURlFVGdLRUVFRUVFRWUUUZ0tFRUVFRUVFZVRRHW2VFRUVFRUVFRGEdXZUlFRUVFRUVEZRVRnS0VFRUVFRUVlFFGdLRUVFRUVFRWVUUSjDK8tdA2GipsO/RkpQ1lohzLghiM3pCccfUPHRyo7pHe4/tHUOVxueA22cNo6lDk3XCL5PYfLhJupd/j9uZV7FG6W30j77a32vzvZ54frvdP9b+g8d0LncF23Mj7vVP8bsn/h6hyS/STY3OHj5X63uVfrD+d41ebeXN/HweZqhlLW36xRNzvuenKRGNThuiItHREuw52tcK41Up1XX2e4nXOoc4X7uwzpCvc6b0Xn0PGRDMKhB0ikv+lw/SPhdvS/O9nn4cP7dCvXGWn/C4db0Tlc78eh/0XqMA2XVW3u7dV5N21uJH1Xtbk35+Nkc9VlRBUVFRUVFRWVUURzswKXQ9OtkiSFXQxzyOMMdwp0iEgKREaiEwY820iuUxCEiIvyDhHudQqCcPlPJEVRI73OW9EZye8iiiKhUOiOXufw3yWSQqx3o88P6fu49L9IdA7JhHudQyiKcsevM1JbpNrcm8upNvfmqDZ3ZDojtUWyLId1nZqbKRn6fuhHHymRyt0OnVf/ezR1Dpe5k9cZqc5r6b8TOiORHb5UEKnOSGQj7Ud3o88Pl7nX+9/Vv2ekffdO9YXhbbzTv2cksqrNHT2dqs0duc5IZD9uNjcSOXUZUUVFRUVFRUVlFAl/zk5FRUVF5a7ivnicM61+3MZEynJjVEOuonKPo45RFRWVexAFRQ7g6evD4/HiC4To93jxeH34Q2AwWTAbdeg0IldO5MsEfR48bjduj59AMEQgJCNKWgwmM2azGZNROzilr+DraaPXL4DeSpRVz0cXBRQU2U9PSxO9fpmgfOW3gqhBo9VjtFgwGfXopciXmK5/K0IEg0ECAdCZ9IhA+77X+fPWTs4lLufn35qJ+fZrHVnTAh7c/f24vX6CskJIAVGUkLQGjGYzZqMBXWRhfSoq9xWqs6WionLvEfIS7D7F5pd/xzsbd7H/+EWaekJgjSa5YAKzln2GTy0oZWyyA8MVgm6aD63h/dXvsmpzFcfOXaIvpMOeVEDxtKU8uGwhS2fl4pIA/Bz+w9f5VZUZccJf8osvVKD7SEPc9LUd4qW/ep7/d6CLC30feluCIKKzJpJcOJUFn36K5YumMiFeOwr3opWW+gaOnxAoWlZBFBA74Uk+m+XHY4jHDNdwEu8M7vpK1r+9irfe383B+maa+sDqSCS5cAbzH/kUjyyZRmnMXWqciso9hOpsqaio3FsEWrl4bAuv/efPWdXgIqf0QZ5alIRTF8LdcYHepqNs/e0/cfroszz2+BKWT0rEgAy4qXnlB/x61WGOBxPJXvxFlqQ7MIfcdDQcpfrQe7z2ixNUnf0c//RCOQ4g5Pfg8YiI/hDXzkakoChBfO5eLBP+gr+aWsG0bOvAN0qIYO95jlZuYM9br9De4cHw5UUU62/z/Wg9Se3uPbyyO5ZvLa3AIYIuOo00h4wsau+OoyUH4NIGXvrFH9jeYiVq3t/w3aJk7CYFub2OQ1s+YO/qP9DU5uY7X59PmqQGCKt8slGdLRUVlXuIED3naji0bjWvHzZR+hefYcnEsYxNdqHDR39nM4JvMpmW/8erezaxeVM0SWkPMT3KTbD+bVa8uZcz+nLGLVzEQ1NzSI22oA156O8ooTh9HZWHLnHmTD0X+ssxG8NrmTmhgOKJM5hT7hr4QFEIedsoTPDQ85ud1B46wKHzcxmbdYltv/5fjjseoGjceKZnWUDxQfA4b/73BvpyZ1M0ZSxpniMceGclJzKXk9FzhPamBs61+/BqonCNmcZnFzuI6djBxlWv8uuVe9l90YX3m2eZ9+kvUe6ppLahjzbXBJ6ZnUDXlhd5pTmXVEM/Bncjxy700Bc0kzx1OQ/EN9Jcf4pDxy/S6deiT53M8ocnkxVlwijKeNvPcubAZtbvPkFztw+/zklcVhnlEyYyvSQBA9eYOZODBE/vZt9JH6Gi6cxYtoB56dGYdQqhvgKyYnREH+qhw6YjEAiB1MXel1/kmJIKWgOG1hMca+2ns1cma+JiZk4ppjDVjk4JIvvaObFlLTsPn+b0pX58WjvRqYWUzZrPtEwLZi0g99PdVMuRbVvYduwC7R4dpvh8xk6YzNSJhaTerXVVFZXrcOvOVrCHpvpTnDlzloaWTrrdIUKSFqMtmriULLKzUkiLs3HF5HrITXdrI2draznT0EJHX4AAEjpLFK7ENNIzsshLNCMBKB1cOFpD7ekeggVzmZ1tQPuRuAgZ5BaObNpBg5JEbH4p41PDtKT3KoEeei6d49jRU5xr7qTH4yOgSGhNdlwJ6eQUFpMfZ0Q3GrEiKip3GqWH5rojHNx7mo6cv+CxZQuYkGzBJoHH40GvNxAdVUGKrZ1Ttb9j7/ED7DwxlcnlIS5uf4vKBjt5n57DQ0umM2lwSS8YtOKMiiU5xkx81gWOttoxEf5Mi6jRojcYMJlNH35oMZNXPpbsd/dy+kwrje0hyOjg+KbX+SAxAV1KCdOzAAIQOsvu1atpn5mOpTCP6O56qt79HW/E6JmTbyVWKyL52+msP8GOmn7yS7OZqhEJ+f14PR7cSGg0GiRRoK9uF7t2t1OfmsjjU210Vb3Nqu0Z5ORkU5FqQPB303tqO6/V9dJU7CLeArLgwdN6kj2VtZgzcnhkfDIpSj11+zbz5ts7OKtx4dBJCO5mzhzYRHtLJ4r1CWanXcvmMrDUG5RB0qE3GjCadOgEwJlC7qTFWNN66fBZcIkyAr2c3vEWbzckIqVXUJEsoRFB6DpK5eogfvTobePJkS7RvPcNXn33GF2KDlGvRfC00VS9mdozHvSfX0ppqhXx4lEObVvH6x+cQbZb0ePj4pGttHR00a6YeWFO+rWdRBWVu0TkzpYSglAPF6q3s2nDVvYeruX8pR56PMFBZ8tFTHoxFVNmMmfmOMYmWgaUyW46zlVzYPtWPti6j1NN7XT3BgkgoDE7cSYVkF8xk2VLplCUYMEkNXOy8nVeXlGP99lJTEnXX8fZqmf7Kz9hi/IA5U/n3R/OluKlp6GGg1vW8frG4zR29eJ2ewgiIurMWOOyyZ7i5/lHJpDpMmBUA1FVPu6EWmlpPk99i0Tmk/MpdhmwXd2vBQFDzizK8lZSc+Q8tSfP4yl0cnz/YdqjnqSgII0x14idEl355E8eQ/5ta6wCQS9dl9rp6FcIGcxYw5pRUQgFfDSdOI/xsW+wZGYe2YFqDr33R/7q71azo+45cidPY9qMOi40+amvm8g3/u0rFEjQfPbDswgCaCSQWxrwTlhC4bIlzHQ0cn7t93n0O6+ywfhNvvi5ZTw/XqSj6h3+4/n/w7YDf82krGjsHXvYv20j7zXk8eXvfZUl+Q6MXVVsee33vPn/s/fe8VVcZ8L/d2buvXN7Ue8SaiCQECBAFAMGY6qxjeOCW2LHceJks2/Kvpvd5LfZzSabbDbJ7rspjkuKHdtJHBuDAWODKaZ3EL1LSKCCer39zszvDxVEM+iKEsfz/Xz8wVzmmeeUZ555zplzzrNxOa8nT6b0iRxcknRx4CJKGDKLGZl1kp1n9rJhhQPD2FySnDacDicOlxt3WiLJJhEI98hA8/lWPCOHMOGzjzA1Lsj5Pb/lZ//6Nnu35xA/LI9k+wm2vfYSa5SnefrzC7lvQgaOjmMcXPVHvvvvv+L9ktHEOJMwHtzC5g93UOb8HP/1D/ModnVwetWrLN1Ryd695Tx8VxYmQHeJOn8tRB1saYqXSOMWXvvhv7GiJo7UCXN5+InJjMp0IIeaObnzXd5d/A5/LjvCwfPf4Cd/P4F4g4DWeYLNf3mR3797kPLEGTzx9NeYlheLW2ul7ugWPvpgLSt/vpn94V/yi8cKyImJtoAqRAJ0+KH7UFqFSFhF0wCDGassoEbChMMRFA0URIIRDVXrFY8QCQUJBMNEVA0QEA1GjCYZs2zoGxWrkSDBQIBQREOQDEhGGVmMEFZEBIMRi9mIiIYWCREMhgj16EOQQJQwm02IYrfDvAyljgMbl/Hab9ZwpOirfPsbsyjJsmMPN3CubA2rliznxZ/+HOeIX/PEaDNZpgDBUJiQZsAiRghGVFSVbsdokjHLRnrjVC0SIuhTCIYjKGp3eQwmGVk2YpR6d3hpKCE/gWC47zrJaMJqs2OSBER92Khzo1Ha8XV10BUwkZ6ZiGS42usyheQ4J1axi9aWRjoiEufPN0NCHDEOO86bUDQ15MPb2UZra0+ZNAU6q9iy9AN2VWlIo4czfsjA7ikYZeTiWUwblkSOS0JUYnHkZJFpeJvzDQr+4ABu5hlNQUEuQ7NsGEM24vILyDAcJKlkFEOGpGEz+fG6s8lJD3KguZ6AP5WzJ09wsqoDR+ksZiRHUH1t+OQhDMnPp+D4KV7ctIfWRzKxy9LFLwvRBFmf4dGnvBj+9BfefmkVb/46nuyCAopHFDNy7CTGFeUxLM2F2Xwh6DFmFVMwYiSTkw0IqoYxZxrj8t9maccZyk8dpi3tMKs/8pL/z9MYlurGFOgiaIolftRE7kx5nk0Hz1KX24JSXs6ZeheTnnyQ0gwZq9HD+DmPE5vfQIU/BgF9Vkvnr4sogy2FQHM1R37zI5ZW5jLpi8/y6L0TKfaYMEoCAtmkZg+nOD+DN99YzbsrXue1aWP4cpGJptV/YvWOOvxFi/juP36JeRlmZIOIiEb20JEMLRhLyftv83pdJe3hbAbiay7CW4+651c8/T9QWAqC/xx7t5bT4jVhG/95vvWolfrd29m8fi8nWjSCyaU8+NwXeWSsh1Q5Que5fez74M/85i8fUVbTRcAUS+rIGcxd+ABPPzCO5J7dTHW7F7PsnSW8s6mcOi2JvDseYlHWXtadScRTNIt//uIdxEdCdB1bxht/WMx7W49S0S5giR9K3tTP8MXPz2ZsmgfXlb5pdJ2lsa6dDtNI5j6+iKnDzbhkAU2xkXfHQtyZRaQVV+KJseIQoG7L6yz+cAtvtRXzf1PLeGvXeWrqfRhTxjD+nof40pNTyTABhGnc/wGb13zAm+sPUtEUhJhcxs97iscXTmNKYSIWFDSlnfKVL/LKO2v46OB52qUkMsfczcPPfZn7RjiJterjRp2bhAYoPX8OhGhkrpPKld/nWx/8F/8u9zysGhCMYEgYxvh7nuChhXMZbespw3UiiiKxMbFYjcbugEQAwQAmCcIqfYO/68JhxW4xYhcAUQSTGVmIxWM3YpUBJETRiCz33FtpprW1ifLdH7F55R7GvmDoOxFbDfkIGJIxl7TQFNZI0sBwWfRiInH8I3x+xFweaKih7tQRDp08yckjG3hn9au86hnHhM88xdefnUhmj6vwxHiIiXFjBDREIAaXy4ja4aWzoZ6QtZazzTWU/csCVv3AgFHsbmhVCeFr9ePJPk+wyUKgPYxXcFOQ1D1YBSAmi0xnBqmaiAl9Qb7OXxeGa2Wt7s2qfdF1WjvtrSdZt/YkUuFTjCssYHisBbnv3StiNNuJLbqDolGnOFB+mHWbD/PUEDtle45QL6WTV3IHd2bYsfbba22QrcTmjmbCI/GkBN0McZmRerJrd2cvV1AVBUW51AMpoHbPWmmahqqoKEoYJdRKW+V+dsTMYebdi/jG1Hbajq3jVy+8wP+0lTJ5+iTu+fpsZlftZdPit1m6qoTSdCcJ6jn2b1jBa0vLUad9g38aGYc9eIKDW/Zw9P3FvBKby7emOhHOrWTF22vYVp/C6M8u4pvZFgIVm9myfje7WosozfYTDjThrd3ML//zDSqSJjLti4/yxbgIvtqj7Hjvl7z4hoOvPjSRiXnuy6e8jXYsVgnJd5aybfuozB9HfowRWRAQTR5i04u4675cBJeMw6DQGOikq/Igp0572TDiKR75qg1X5AxlGzezd90bvBibzb/OTcJ/fAVvvbOLE4EhTHluEV+LE/DV7eGjte/wvhQkIN7H3NQOOvb8np+8egxp+D0smpmKx3uGM2U7eOn7Ipb/+Cx3Dksk4TrC9Qv99+nIQD/Qet6t77NxAAAgAElEQVSODPSD0dmrb6DlvD6ddmSrHbMpQMWZs4RCmSiyoU/vhXucp7axA6/iwOVOwCZYiU/yQEUdDS1tNIdTcPe8bXt1apqGpmrdQZIIoKD29Vd3+/Vvwe56KihKt2+JGXkfc8cVMS7LDuFWAue388qLZbgn3s/MmdOYmO1AUsMoSveMsqb1yiugRiAU6Pmt53dV7S6KIKD19l+fzWt9soqq9pRT7fZ/gKr2lFtVe/RpaAKgaWh9chpoAgIqmtbzm6KhQY9cBC2iYU4uZvy85/iHu2Ix9p9JNNiQPRnkWCQkVblyDCmZsThMmC1OYhPSSR85iSl3t9N0+kM+fG8Xh9YuY8mYMXxltIqqgSAYABFVUXr6E9DorlckjKKIaKYspvzdvzK7KI5M+8XqzMkjyLfsZ8NmjYgmEFFVFKU3vhUQJKk7kFMuL+/tsPn+ugf6jA5Gp+5zb55OiM7nGq5VwP4V6btW6SLQVc2x037i7x5KSpwbm6jR/1aapiHaM0lOSSPDtYNdJyroDHk4U92GZi0hPWsIscaLZQAkiwN3ej5uehJEqlrPQPUK5bigDXqcT7cn6bkODTGi4UjNJW/0RCZmddIa28J7/7uEQ5EFxGWNonRiGlqiRmTHH3nnZCXNXT5CyU7ickqYcm8+MVPnMCnbhTWUj6vxFOc3HWPnwVrUKQ7aDm2i7GwILa+E2QtmMS1RpCtboGrXeuSWIBoaoY5G6ne/z8pKJzPnTmbmzDEMcyv4q+OIq17Hdzbv5HBpNnnZLhIuHYoZ08ktLmXK6UY+2PYiP695n6z0FFKSU0hKySA9M538rERkQOhpJVE1YjbGk3fHREpz7cSJQ3G0VVFzZicbNh/hy3fbObN7I4dbXDhGT+PeWXeQ5xEINaejndrP0orD7Dw4klJbmIOrlnNAnc2TpTOYPzELh6+CMwkGmtZomDRQIxradUxu9T6A0TwQvdcPRO5S+Vul84rPyk3WeaneW6EzWtnrkhMTSEjMJDtpC9s2r2H/PY9RanbgNPSvp0rwzEb2n2onaClgVH4GZjlAfkkRnr2HOXyknEPF2dyRJl+kS2k5xpEDJ9hTYaTggXsodvXzP30+4/Ly9v5uTxtJyR13c8+oGFB8BJuGEi5vYG1HI00tHfjEVGI00DQJSRQQtAia2v0yQFWgqx2vohBGu6BPg/6+jf79eIn+C2Wiz79p9P937TIZ7dJ6aBfqrGHDZrXgjHFgiR/KtLtGYTUZEAUBNRQiElFQzRZkEYSL2kZDVQLUla3neDCd1PQM8lIdWNxWLO4EktIhJ62LmkOHObqxklO1QZTibt3erk66urqIaBqCpqBp7XR2RhAlGZvLhWi147FEkNOLKZk0lDFJ3YG2pqgEurwY7DYEbxWyRURWu2hp8qOqMpoogO8852tbqOsykz4ymxjx4tmt22Hzl8rfqmdU97k3T+eleq+X60pELQjd2dkvXBtBi3TR0QUOhwOzWb4sMuz+ux2bxYHLquHr6CCEgS5fBNFtw+pwXDWa7P29O4t3b7LHnqSaF5WjTwLEfklje/5fFAQEEsnKTSMt3YnJpGJ0J5PsVKnPGU5qYgIxJhN+s5OURBeR8k78ioJiTSElR6EkfIrK0xtYf1RBI0L1mXqafF5aWtoQBYHzFRU0GNLIzM6jON2BSRSIGTaD8cNfYmOnEUEQCHu7qC/bTaU3h9qTO9kRKecAoPqbCbRD26kjVDW10RQRSLz0fB4ployR05gjGZHWbGNveQVn2mupLrdjsblwxaeQUzSOCaUjyXCZEAQQLR6cKYVMGeHGJYJIIqmpGWTF7WVp+UkaIrkcP17B+fpEvFUH2fl+NTt71DU0tFBVU4tWVUlDkZGD+85gGDmGYTnpZMTYUZ25DL/TzReSW7AnOXEYhCuvNbsEURS7g+8r9t215W5lItb+cgPJIt8r118+GtmB6uyvb6AJXPuPYG9FglxBEPoc1FVlBTfJOYWUjMtm5Z+Xs3hlCuFJwylKi0UmhK+tga66IxxcuZyytlgSJ49m0vAYTNZOMu64n0kfvMLefRtY6bFinjqU9Hg7RjWAt7WGc2UfsG7TafaHSki/XwBRvGC/ff7iAt32JyKK3b9LJit2hwu3xw24UV0e7l20k6Mv7efAliRS0hO5f6QLo+jEY5dRvB14u7yEiUUMdNJw4Di13gAiAoIgdusToM+3CRf7MYTu50USBSQiqEEfHaEIEdnQLdPnEy+/T9/96T589YJN91wrCIiSi6S0NNJiD7Pj8Hb21eQyOt2FTWmm5uhhTp3rJDL8Lmbk2no+5/XrJjVC58k1rN4XQ0LhRGZNKyIrwYPFqBH2d9FcVUddq0LE4iLO3RN8CgL+82eorjzDmfYscuwKwfMHOFUdRkpKJCUrG4e7jVHZYT7cv4/ykXHkxMRjV9toqjzB5k1nSJ45j/zEFBKTYkmwHOD47jLOFo8m3Rai49g2Nu2q5gRFPFGcg0e4eN3W7bD5K8nfCp26z71+2Vvlcw2S9PFTE73TmKIo0netZkQyypiNEAyGUVWNK91H00KoWvdicaPVikkyYTaKKEqEYCiCeOkOFy6OMkVRRKDXKQkIgtRTjksbRwOt23EKdAdkkiR2r1vAic0mY7VISJIBSTJhMoLV7sRksiBJEpJBQjYZEDQFVQQl0Ejdkc2sfmcVW8968SsqCBpdDeU0iunEigqiJNLR0UVQtmO1u3D3tY+dlNREnE4TCCJKRKGlvoFwQysfvXOKvVZT32hL08CZ6MBhNSNpElfqCikmi9wpWeRMehjv+ZOUnzzJ4aNHOHywjEN717N02R4e+/6/8XhpOrIoIpjNGORYEo1S324ci82C3WJC62yiU2mhsdVHy+ndHKs8Q9XWS74DJnpIcmkEQu00N0ewuWORLd3tJAg2rDF2Rt2R87E2c7kdaH39ORDD7nWMwBXt61r06huI7GX2F8WnsoHWc7A6o61n7/XdfRvdS2CgOnvr+nE6PdlFlMy9n4cO/py3F7+GWl1KZeEQ4iwaoaazdNYeYM2GWuTSJ5g+cwLjUyQknEgFD/HIA0doW7yP3cubaT9fSunQROz4aD5Xxv5dR6gW8hh+/3QmJ0lYL/ItIqIkXfQpv9v+xJ4+oW+wd6HdLGTMeJJ7957kjd07WLcqk+LsuxhujyNnaA7mvbVUHS2jLK0Lq7+GkzsrafEFiOm5T999RbE7xY0kgdrzOwL0lEm223BYwNh2ip27y3DmFiGH6Cu3JParh9hTD6n7N3rr1nP/7nv31sVC2tAxjCosZ8OSjby1Oo/A6ERiQ6c5sH49OyogxjCRO3Psl/lcwWAmPjkW5dxOttY20NpZz4T8NDwWjUB7A+W717HnrIi5YCLThtswGtoQBTB01FB76jCbd8cSiA1SsWE1+1viSZw4nKL8PDyiwpwFY1m3Zj07tlixBIeQGKmkfPd6fre4mZnZU0mISye7oIjCocfZtm0xq/KDDHd3UbNtLVsrJNRR47Ebuxf09+/P22Hz/eUH+owORqfuc2+uzmjqGd0CecmC0ZJIWpLAhppztHfmoxFz+e4PrZGWtgbqWgzEF+TgkOykx1nZ2nCe87W1BDU35kuEutclRFBUAUGUbszWXZEBrZbsOrSKdUuW8srRLD7/X8/z5Kg44s0Kx976Pq+v2MHG3gsFAQTtsm0vRk27oE4AwWzBVPp3/ORfH2bemDTM9H4zjqDR/SBdcWef1rNWAwFRMmBPHU5x6nCKpt2LGjjP2b0r+eU3/4k3353NxFQHBX1yF38OAdDQuh0vIAhGUmf8PY8teoZvzoy7XK/aQs3h1Qhc+Gxx4dYqqkLPrIBweZ/r6AwWYwKpRQv4xs+HUPCH11m25i+88GYVNZ0KJlsyaUUTmPH0f/Lk7JEUpTl6nJgI2Cl+4nt8O3s5q5Yt4e33f8rSX9bTqThIyB7N+Lsf5sn757BgUjq9S4FEyYDBYEC86jl13UGPZDBhNEjdAUwfEphymPHo/ZyqfoOVm5bx+qhx/HiOhzEPPMX0mt/x9hv/xgevOknJz2b8onsoyTiPZtEQNfrua7hoZ29PAGU0IkgCIiCnDSNnWAbDl/yRHz+2lQP/8mceDGtIBgMGqWfWXzJ0l6+fIxFECYPR0DOr1PcjktGEoScYMw25g/ELrXxNfYGf//bv+UJ9ByE5gaySedzz0GP83fwkzFd4S4hGC4l3f4d/ML/JimXLWf6nH/D6mSaa/eBwp5JTNIlp93+BBfOmMyXhgpynsACjsYYTv3qan5TV0iilMenRbzN/ziSmpEgY1VxGf+WnfEf8L15b/m98839a6ZBiSS6Ywtx//i8en5BCqkNCGDObOUYLoZef5/V/fJ1KnwV33gzmPvokTz1+B8kDszgdnZtOdMGW4MHuGsHMGSm8v3Ml2yZnk5sTw7BLzpgJnN7OkbKjHPVnMXN6EbJVpGjMED545xSHt23lo+nDmZt6sYz33H7K3nuVH2waxj/+6BFKM6Os2SCorz1PjV/GPeZuHi+OJVYWEdUaGpvbqGkAeiZ2PG4P5oAff2cHHYAFFfBSWXWetrY4EgBZlklOSUTaU8P5Lh/tKphFuhfM+pppUzw4bBLmy5Oy0XlqI9v31VAh5HHfI6Uk0i9mNDqwuFMYmqzxnjeEP6x2Lwj1+Qm3N1CjgFvs3kHk7+yko8uHFJ9KijmNzAQTOxrqaG6sJ0xc34Gz4fZ2QgYTksWKyZxASopGc905On0jULAgaF58rVXsWnkYw4Q5FGTGkGi9vNw6OoNGsmCMHcmML3yX8Y/68YXCeH0BAsEw8YnJWB1unHb5CoMxK0mj7+GhvGnM+XKAQDhCOKIhGc3YHC6cTjsXTNbEyM/+P37yiABmzxXyIgJYsMeO46nfbOJhOQGX8/KDtIzpc3ni3yZxf9iAOcYNgghpU3non0Yy72sRFMGAwWTE7LTBhJlothhsDgtmdRZP/WoUD8rJJLh7MjyKSaQULOJbfyrFnZdAnAMQhzLy3n/kfyZ/ie8rIvbYFBzaPzM1pBI2OnA7ZRyff43XH5GxOx3dgaSciH3YZ/nvDx7AGBffc/6XEU96CQ/+fBuzTMnEOa2AgCOlkImf/QHD7vMR1gDRgNFsx+5w4vnYNDsmEkffyyO507nnK0HCSm8iaiMm2YLF4cBuMwCRPgmDOZ2iux7i8+P+D8/5QjS1dZGQmkVCnLv7ZSSaEG1ZTHrmPxjxiB9/SEUVJAwmCzZ3LB6bAVFT0QwukkbM5In/GM+CbweJqAKiyYrN6cJ1M8790NEZJFEe/SBh9aRQ8sRz3HlqCbve+h3BxirmTi4kN8mJJdJB9bGtbHn/PbaUG0iafj8PFluwGCFr+v1MOf0GS3e9w69/5qP5nqmMzIrBRRdtlQfZtfEjVm+rRJp8PwlWGcttmDoxm0yYtQjB1hbqIhIxgRYqtn7E3sPlVIYEgh0dtAEJBUOJX3ecc8eOsL2iiAUZGvVlS9h4qJGzrd3BlsnlIX38FEb8ZRM7NpSQmRDD9Gwz4dqDbH7zd7yv3cujCycxYVg8lx7DaDYGaKvYxurt6yn3dbFwcgFD4uzIES/tNQc5sHEVH56KIe+pXGLdNsQGINREZ/Velq86Q9zUVJLDpzh65CCHagXyJo8hweChcPRI1i+t5NSOzawZk8LdeXZo2MfK1xZzzDKWodNmMzcxicl3lvDKirVs3ZtOkqeA1MBxjmxYxi/+onD/sCnkZEV7CJqOzjUQRASDBXuMBXuPmfn9frxeL3FxV5iN7UPEaHHitjhx9yRAjkS6X/aXf2oQsMSk8PHHH4uIkoWY9FyuZu2C0YEnyYGn/49GO+4EGzGX6nS4+l3kICbNccl9jRjNbuIzM4lzGnqWFsiYnQmkOPtNEWHG0e9vUkwGGa7uxfgigGBAlD2kZPcvlYBksuJOzcPdX9ZoweZJwuYZ6Oc1AYPFidvswHO9n7pEExZHLAlpicSpKs6mJtxuByZTr6yAIJqwxSRju0qDKwrd5wKaHXhs7ovbXUfnr5SoDzWVLC5iix/gsSd8vLelnOodK3jr2EfIsoSsQcDfSkcggYyJE5g6ZwojPN3KjFkTuHNBJ4q8gS3HN7Pqz8fYJEuYRQE16MMXMeAes4CH7ysiy225ymjz5hKTU8iI/DPs3bSOF37SQrZLxiTIGJLyGOWrYNOR1fx6aTZPjJjCpFEtfHR0E28/X8uRlBhkgmh2O1Znd0IQyRqHZ+R9fPbeGjac3cjK3x5ht9uI5uugrtKLPMmG2XzlZLLG2Dzyi0Ywpno7hzYu5s3DVsxGA4IGaqALvy+AdcozLJyeS1acBe0kIJvBJiEdWsKS4xEC7TWcqWwnmDGFB+7Kwy7JJI+Zz/TqNeyq2MXS39SyO8aIFGjk3LkA8WPNuG0mZGcyuXM+z/3lq6nYuZhXj1mxRTroavciF88hK96G8/JDunV0dHR0dHQuQfre9773vY+7QFVV/H4/Vqv14hGaIIHBQ3peLqkxVsyKl7bmRuqbWun0gxyXS+GUucyZNZVpIxIw0bO0SbQRm5xBZmYyiXKYrrYmmpta6QyKGGOGkD9+BnMXzGPWMDdWk4RAiK7WLsJiDEmjJlOacaV0PRrgp7m6A2PycHKHFzA8QYRgG1Ud8QybOJK89FicqCjhAG11bThHzWJkTjxJDhEt7CfY1cY5MZs7JxSQnZmCy2LC1NXAmapa2gIGYgvvYOLYAgoTDATbu2g15VFaWkRWjIQx0Ex9zXnOd4pYhkyh2HqMSn8s9vQi7p6Qi8OaRM4QF6KvhcbaGqrqWmlX3SSNmsuDCyZRkOLCcqU1I3IMsYlJZKbYEX3NtNTX0djYRHNHEEWOJ7lgIjM+8xBzimKJsUp0le/gYHkdR8zj+XJpiNPHKzhTr2BMK2HCzLncOykdp0EgZHSTmmjHbfBz/mwlZ2rqaQ07SR83j1kzShmf48ZkkjHG55DhUgi21VNXW09L0IIn7w4WPPEAkzKduEzXNwKOdgdQ/wXV0ewYCQaDCIKALF+6zfPaent1DrS8EN3OmGh1AoRCIVRVxWw23xKd/XcUDrRfBlPPSCRCOBzGah3Yt+vbYX+DsYWr+tybqPNG2PzHl1WhrbYOMbmYvPw88hPNaJqGz+fDbDZHtaD6VtrfYGweumdljUYjRuP1j1AHo1P3uTdPJ0TncwXtGgdFhMNhWlpaiIuLG9AD0XvYWDS7BHoPChvojpFendHs3lBVlaamJtxuNybTdc6nhdtprGnGr8nY4uOIsRnRQl3s+Pkz/PJ4DqnTHuX7nyvmSq+GwdSz/2F3/etZ++H/8sbSTbwpPMH6Xz+AgyvnBmtubsZisQzopXU1ndfD1T/jXJ9OAINh4JOw7e3tiKKIw+G49sU93Aj7u5U2D3SfWxSJ4Ha7r33xDdAZrS0Mtp7X9xnxcm6H/UVrC6D73Jul83bYfC+6z706nxafq2c0GAxn3+Glb3+Dr337Rd7YXU8g4Kfz1Are21iOT04iOyfrioGWjo6Ojo6OzqeHqNds6QBpc7nngRbUVRtY8b1HeDMiYTDb8GQvZP69M5g90n7te+jo6Ojo6Oj8TaMHW4NBTiT3jgUsTB5OcW0LnSEB0ewgNn0oQ3PSSHXc2kTN7sJZzHMUUyBk0708X0dHR0dHR+d2owdbg0LEkpBLQXwOw6P8ln8jsaYMpzBlOIW3tRQ6Ojo6Ojo6/bmuRNS9f0aT6PF2JKUcjOytKu/tTIra/z63QudgbSganf3lByKrquqg+6V3UetA5aLR2V/+VrVttG3UX6eqqlHvJPsk2F+0iYD76/o0+NxL73Ezdd5unzuY/hzMs6L73KvLRaOzv/xAZA29K/KvhqIoqKrKta67kly0D35/XdHujBkovR2uKMqA6hqtzsHUs/8ulWjo7c+B1HMwOnv1RPMQ9t/CPFB6ZQdSzxthf9E4xmh1woV2ulX1jNYWLtUZTQATrS/q1Xer7K/Xn0QTbH2afG40vuiT6nMH2qf9dX4SbL5Xvr/+6+HT4nP1ZT06Ojo6Ojo6OjcRw7XWGfVO90uSFFXm8cFk447m/IveEc9Ay9o/u3o09YzmzJdebnUG+mj683ZkoO9/UN3tyEAfrf3dapu/1fWM1hZuRz37673V9heNLcCny+cOpp66z706us+9uTqjqafhWkp6/32gJ7RGK3c7dfb/71bpjEY22rJeTf/N1jnYeg60rJfKf1LsbzCynxT7u1FtdCt0Dsb+Pon+T9f58XK6z71++b9lW+gvMxA5/TOijo6Ojo6Ojs5NRA+2dHR0dHR0dHRuInqwpaOjo6Ojo6NzE9GDLR0dHR0dHR2dm4gebOno6Ojo6Ojo3ET0YEtHR0dHR0dH5yai50bU0dHRuc1EWss5dbKcirowEUsMafkSp97bgzy0hIyMJBKt0dxVA/ycK9tBdSQWZ2o+I1IsN7jkOjo614MebOno6OjcVjRaDy3n7VeX895+I/Ej7+DJb6Sx+xdLsD/2HWa7BhNstXFk9aus845iyIxkPdjS0blN6MGWjo6Ozm1DA0Ic37SOg11DKHr6Gf71syWYvFWM/lEhhvQ8YmOjvbcAxFL60D+RrTowx3luXLF1dHQGhB5s6ejo6NxWgnh9QUyOOBITk4g3i3QGHGSMSEWSLUhRe2kBMOFMz8GKhBj9jXR0dAaJ/vTp6OjoXIKvZi/7tm9hw/bjnGkOIrizGHnnAmaW5jM02YYU7iTUcJDVK9ax93g1tV0akjOFzILxTJ0/i6JYAYt6gh3v7+TgsS7ckwsI7NlGVWMzrWE7cQWTmTR9EpOTW9j+25/xxvqj7Gyr50h1F8ETo7nrM3FU/Hgn1plPMH5CIYWOVtrPHmD1O++xrbKVgCmJrNEjyPSIBHbuJ3zf97inwEjCRZ8bVaCVPYtfZJ8/l+Qxs7i/SEZtOsaq5avZcayK2o4wmD3EDRnJxDn3cWeuA5dZIth8ivL9m1m9vowT9Z0EJBfxWaMZN2kSUybmkyyF4NQyXljRiSHGQJLHy8myShpaO4l4hjFhznwmFeeQYb9NHaij81eGoaur62MviEQihMNhvF7vgBI9qqralyByIPmDNE1DVVWgXyLMziqqT57io2NGxj84mUyzAXO0OpUANOzjvY0duApHMLQgnQSpW28oFMLn8xEKha6rrIIgoKoqqqoiCFdKFhqiq6mKY1s2cC5pLpMKEklyGfvqqShKXz0H0kYfr/Pa9NavfzLOgegcSJ/29mc0yUKj1dlLIBC4pToVRYk6KWq0tgDd9YxEIni93luiM1r7G4wtAASDQUKh0GX1vJYdD9gXeU+ybcW7bCg7yznFjssuo3YcYNNiLwHfAoLT8kn2HqVsySu8fUjC4nZgd4so3hpOb36XI40azz0yllxHDeVlG1n93lkM/hAT4hxYXBG85Uc5vLmLuqCRlIcz0GwerGYjstmKzenE4xAQvBXsXPkB5oQpJOamE1t/gLIP/sjv1zYSm51Bolmhq2I3m89WUL6risQR36A02YLtonqqQCOnd69hS2c7ue7RTIkNULnqJRZvUhDtNhxuK1qgnabD63i90YH7CxMZ7mqjYstqPvxwB4cD8STFxmHBT8uxDaxtbqQxtJBHx7sxVe9l++qDNLkyKZmQQ5zDgUfzc2LvclbiBFEmpsh91WaOxuf2yvV/RgdCr81H+16KRidc8Lm977abrXOw799o69nrcwf9zr9Ooq0ncJH/Gyi9Pvda8VN/DOFw+JoFUhSFcDg84JcWDDzJo6Zpfc6zzzA76qk/dYCNG2WS55YQL8lcqXmuS2ewHSo+4I1fnSPz6SexDEnCY7rQ4eFweEBBSP/y9nbeBfx0tlRzasdayoaNJS/FSYzlwr17y6soStRtdLnOa6MoCpFIZMAOrn8m+YFwI2whmgdfURRUVf2rr2d/2YE4414ikQiKogyonoPRORj7G0wbXa2ePp+Puro6vF4vLpeL+Ph4rNYLUzwD1Rk4sZpVaw9x1j6Gu558gFm5RtTK1bz68i7qq2uorDGj1mzhzTe20XTPv/OFz0xkfIaRQPkmNix9k3///WuMGDMERwFoqg+f30vIn8Skz8xliE3Fv/03vPKXfazfVEbFQ2MZ++BzzDyyldbWsWTf/QTPzTLRfG45EhqqEiESauLcqb2sX7mTM1nf5IvPTmdcfCfndy5j6cGNVHglYrUwkYiBSKR/PVUgTETRUBUFNeKno/kce99fzH7Lt/nyA/OZUxwDDcc4smMjfy5rxBsI0N6ygx0btrL+lJ2pf/8lPjchGVv4HAeXvsTbH21j6bspTCqaQZqiIPjr6bAOx5Izk4empWJXW9j0oy/wy6MHOZyVx93DbFc9X+hG+NxPki+KRCIDHoR9EuvZ26fR6ByoL7rdPncg9TR4PB+/aDIcDqMoCm63e0AR4A0d5dvGMdqZw3fGaWSkJuAwiFcMtnp1fuyIO6CCw4zRYMJsteNwe/DI3Q0eiURwuVyYTKYB1/PKOp3Y5cnc95V0prhySIu1YpfFq9fzOhnszJaqqlgsloteSDdTZyQSAYh6lgnAYBj4F+9efQ6H47plBtMvt2tmq6uri0gkgtt99VmEG6lzMDNbg6mn3+9HFEX6+yyfz8epU6d49913qaqqYvjw4cyePZvCwkLM5u7574Ha39lThzmrppIwegrzpwwjRdQwZD7NFywjqTemEWOopq3+LGXtxXzuoVmMGxFHmhlwjYXQaRb/7g+crJW4a4QNq0UmNjGT+On3MzbNjlEEhuaSlXAG2/EgAYsbl1PCbjZiks2YbU5cThNekxGTIGGw2LFbfES89dQ0upj4jUcZn28izSmQLjfjrz/Buv3HkZ1uHC4LLld/+1MALzazEVPIjNnuxOWyY7XakEUB1BBhTcKROoYJiyYw4ykjRoNEw3tnaeiQEIbN5NEFhWRKIBHL9GkTqar4kMlrdyEAACAASURBVAPHTlBpeoChdjMmUzrZxWMYO6WI9FgJtFhGjsjAVqMiqBpOjwfjVdr55vjcq6P73OvXCbrP/Tii8bmfjDVbJjuOJBuFCSBIIgNrltuJhNHiJn6okzhh4NOcOjo6H8/mzZt5/vnn+fDDD1FVFVEUOXXqFM8++yyTJ0+O6p71dQ345SQsbidOEboXmtvJLJlCBgJq+Wm2NHdQb04hIV7C3BsnmBwYXYmkWJroamknFIwAJkwmEx6P7YLfMhiQDAKiFiaowDUndfwdBLsC+MQkhqfKmHqjl9hE7OlDyJGOX+fp1DLO+DzueupzvP/d5/nPr/+Zl/JGMX78BCZPmMSsO/LxSNDS3Eq7ImBOTCZJunDytcHtxu40YvE1UtsM3e8qC1azCUe/GMJoAokIqArXP1+lo/O3zScj2Krbyb51a/npSgtPvfgVJsqH2PDCGo6c13CPy6Zry3pOnm+gORJH5qR7mDvvLmYPc4Gm4Tu5jMWLV7FmTxXnFQ+p2QXcN8ZHW7CfGwh1EKjZz7Lfv8GOY1XUdGoYPEMYNm4G9y5ayLhEI/79r/DmylOUy2NY9HcPMdYBglLFlt+9xPpKO/ZJi/jaPdlcPD7z0lC+k1W//Bm7in7Ic3OHUeho4OTuj3h3yWo2nKjBpxqxJxcwavoCZs+cypSs7nNw2o+vYNV761i78yRn2iJo9jSGlszjwUfupDgzBlfzIY5vW8t335Z47HErVftPcPp4Da2KDUf+ZB764heYlAj2qw0rdXT+Bjh+/Djbtm0jGAz2/VZWVsbRo0ejDrY0Ve0OEgSh38BOQOydXRB6PoEhIIgC/Ud/giAiCiqa1ruWrPvfLxpoDXjMpaGgERIERGM/eUEAQUS87lsKSNZ44iY8x/dfns3xo0cpP32a8tOr+POmxbz2/pf43j/MwKRpffW/KIjraQ8Brbt+Pfc0iGCQ+mvR0dG5lE9GsBVsp722nAMH7TSFVcKyl6bKA+zY3onF5GHB1AXkRNo5v+sDtu3fzCprHCPyxpMaqeDD195g/dkYrMNnsTDHgSV4nqObdtLQEU8IQPPSfG4fm199kQ/PplBYuoBSj0Sw8QzVJ1fxy+dlvvONu8lMziFB3kPZ0Q28s24sxfcNwbtnOWt311LjKWVepvsKnzYVQr5mao7v45ing66gj5qKtWxat5ldwXzufvAubIKfzrOHOLlvC+9F7GQ+M4b0tl0s/v1b7G6PxVU8jweTJJTOOo5s+QNvGgwE509mmqsT3/lD7N9wGmvOIiYPn8hdQ700nDjAwbLlvLCklJzH87DGmvWcTDp/s/Suhbn0t2jWMvbijvUgh/z4OzvpUMEmAoSpP7KPOi0ee0jE4rTiCTfT1KYQTABMQNhPpLOVpqCLGLcVWR7YGrqrYjJjMBuRlU6aWsMoigEQoLMdf3MjtSpkXe+9BAnEGDIL44lPzaJwZD11Z8o4vONDfrV4GXs/U8Iokx2b2ECotYWWnvpLQKjTS5c3QlBOINYNUkPPLQU975uOzrW44cGWoig0Nzeze/duqqurMZlM5OXlMW7cOEwm0435lCZKiPiJaAYMnkKmzJ1GqjlCu6eKyt+f4OThU5z1jiClcTMfrj9LcOocZj+8kHuHGQif3cnaI4tBUIgA+M5Tf3wvy1edxfTIo8x6cCqjU034qzazedlfWPPKUnY+MImEwjGUTjlNY8tWVq14ly3DZ1C3ZAvVhpEMLb2DyXmuK64ju5ggDWeOcaKinq78J3jwyTuJF7toP7GVrYc6aLGaIdhFx/5lvL+zlZiZ87h70VymZZqINBxm8/kN/GTLdvYMyWDEeEBTkEJeQrEjKZ5SQkmaRPMuM1LFTr694QAN96WTFmtGHnyL6+j8VTJkyBCKi4vZsmULqqpis9koLCwkNzc36nsmFgwnZcMJmk4fYW/5MGakmqDlEOsWv09d6nSKx8STkpFFoXU1B7afZKJnJPFJEqHaSk6XHee0YyyPZzlx2zupuhGVlONweeJItTdzaMdB6nKHEyMFaTl9gkP7T1KvQmbPpZHWc5xv6KCFGLJHpODsfx/NS2fDEXa+uxlv4d0UF6STNiyV5DgJU8t+pJZyOvxhbBk5pLmr2H/2AFuO38UDQ11YQo1UHDvJ6aYI5twRDHfSvf5MR0fnurjhwZbf72f9+vW8/PLL7Nu3D6vVysyZM7Hb7YwYMQKj8QZ81xIBQcKdlEZe8XgyLQAG3CnJxFoqkDo7ae30oZzYw7GOFMaNGMrwvFhsMqjJI5kztYBfbQohAVprDc2nj7G91smdtk6qT+whUGmASDPtBjPO+o2UlfuZnBVPUfEUJtS3cPTlFfzuT2dp2m2i5OEJTJuQT8J1VUtEtruwWQwoTafYv99FotNBXNx4ZjzgwmE1obSepWLXVirlqYwvHsGobDdmEbTYodw1Ywwvb62kuraW6qAToyAjGodQfEcByQkOZBHsrjhSU134T9XRroQJgx5s6fzNMnr0aBYtWoQoini9XtLS0li4cCHFxcVR39M1cjqlQ8+xtnwfq5fZUfPNKOc2sWpnC0mzVUxxmcRZxzJ/4ke8s2U1W81NtKYa8VXspaysHfv0h5mQ7yA+qhQ7V0BKJDF9GCXFdjZveJt1yVNpSFJoKz/OoepOTP1GeYHqfezeeII9oRE8OTyFof3HtloAf2s5Bz74I/uOh6gen09+kgW1pYKKY16sRWPJTrCSkjaWkYUVnDx3grXvriVmQhx2/1n2bq+g1pTGuLsmUGAAo/69UEfnurnhwVZ7ezu/+MUvOHDgAD6fj/b2dtasWYPT6eSHP/whLpfrBmmSMct2XM5+ub4MRiRRQ4hECAYVQo0ttAoeTHYLlp6DuUTJgD0xCbexDhlQvR14G09R1bCbP/7Lbt6WRMS+2TcRyewkoyuEGtHAnk9e8XjunbCCRf/5Ep5FL/BMyQhGJV7vThE72WPvZPzZKra/8jO+tCWTopFFjCmZwJSJYxlTmIk9onC+5jxhdxwuu71ngW73xgBTYgIu8RThTi8dXiexSAiCDY9DwNTTk6IIRoMGSoiwpjHwTa06Op8csrKyePbZZ1m0aBHV1dXk5OQMaMfXFYmbzv2PB5GXLuaPy37Kt+p8CPGF3Lnoq9w7fzwTMlwYgpN57Fsa/ud/y/Ln3+HXbSDH5zNqynx++OXHKIlXsIoGZKsdp0vA1n8wJsrINgculxW5Z8u6yebCGbJhkyVARBBl7DFuDBYTJslCSv445j32MCd/8lve/NFSfu/OY/zsMeRNmsLwYxsxiN2f80Id56kqP81+XxwLVdD6uyYxlrjMJD7/nUb8Ly9lyU9f4FxbCM2RQnrhndz3z19ienY8iY4U3PNUbPLb/Pr1H/EPf2gmIsWTOWYe8x5cyEPz8jERAIMNh9uBbJEx9AVeAqLZidNpx2ox6uu3dHR6uOHBVjgc5vjx4/j9/r7ffD4fFRUVl62tuJloQBCuvBtGgZDWvTEaAGMC9qzH+b+/eYY52SkkyP2WuQsisiMGu1kEIgR9Xlob29CsMt6GGjq9nQSJ43o3Lsuppcx4Zhgj51VxZPdWDh86zO7lP+GjlcUU3/sM31qUNqAdPAJgkkDUvZrOpxSDwYDL5cJut0e1Xf1KOPKmc89XxzP980EiqoZkNCNbbFjNxm6naXJizpnJ0z+YxKPhCBEVBNGA0WTGagNJAyjirme/x9SnRSQ7GHo/u6XexX3fmMLsiIjFJWASHEz5+m8YqxoxyFYQI5hi5vLddx9AsrsxmwExhbjxT/IPL3+Gb0oaSAaM6kkOrV3OvoidNIeAQQL3uCf44shHeVow45C47NgFyRKDe/TjfP2/H+ArYQVF1VAREUQDstWKw9LdfqakEYx6MJv/N//rhBQVEHvawIzFCAgyjPoq3/tNCM1owtbb7IJAwoIf87+zBAwm8ydkUbCOzs3nhj8LJpOJ4uJi9uzZ03e6qt1up6Cg4MZ8QrxORIOELS4Gu9ZIwOvHHwCsoEYitNeeozOkEgZEmwOb201cpJUOJQZnTBJJDhMQJhIJ09lmwCVLiCIojQc4tmc7751I53M/fpyGJZvYvyOflMQkZuVf32haDYMo2YkbMoLxzniGjp3BzKnvseSdIxzbs5O9d2cyIiUJ4+lm2ru66FTBIoKmqPjqGmhT7CQ6bTj7p8EQ0LcA6XyqieZE+o9DMMhY7EZk61XOHBJEBIMZm8uM7QryigKaZsRsl7FeWi7JjMVh5sKcvIDsiOn73B8OqwiiGWdcbM/5SiEaj21h69I/80rzdL7+xbsZk27Ee7icI3srqEoYzaNDJBwyiAYbdnNPW2hhwu2V1Df48BlkDLLcvXvRZMVhuuCv+p851DtoEyQjRqsR91XdmgBGO05Pz5lX/atnceG2XE1OR+fTyQ0PtpxOJ1/5yld44403OH78OLIsM378eB5++OG+QwZvBYJswZhXzFDba5w7dIxjRcPIyTfir97PB1vKaepMQQUEdyox2TmMdr7B3nW7uTMthrgcO2r9YQ7t2sV7B5J46MuzGRob4NyezWzdW0lH0cN8474pNLYd5a2ju9gcm0RW6kSGWQMEz+5hV6WMJ3cIWRmXzHcptRz+aA+HKoIYS2Yza1QqKZ5EXN44HAaBcFcIwWohpXQq2WuOU3H4BIeKhnBnukS48STr1pfRGjeZcempZMid1N2y1tTR0bl9iJhtDmLjrIjbl/HGL3aw3CKjedvxaulMeXQh4+KNF2aXAJQOAo37eOuXv2dtuRnH9CHkp18pLNTR0bkV3PBgy2azMX/+fIxGI6dPn0aWZYqLiyktLb3Rqj4eow0h/Q5mTV3D8rPbWf+XTlpz3Bj9NZxRPBgQMKgaqiWZxIJx3DdnG384to51S5o4nWRFba3iXOV5jmvT8SsR2su3s23bMY50pTD56XmMSowneO98DlWuYP++jawdlklGiR3vkZUsWeVm2H1zcadnXTzhpCmEOqo5c/AYFVVtNB92YxZVArVHqRKSyS4pZnicHbftfhaMf5kdZ3fx4VstVCcJKC217D7jZtjUiYwrSCdePKoHWzo6nwoMOJKHMmr2ozyjrGZneSMt/iCmmFwKC8cxadp40s1S9yGivWsQNA1NixCMxJI3ZQyF08YwJk3fKqOjc7swXCsnVe+/989fdC0sFgv33HPPRcfoX69sfz19MiYnjqQsCkdYiTEIGLATm55NlpxCglXrczCaHENiZhY54URcBjPII5n95KO0v/M+6/as5O19caTkj2Lh/Q/S2XmW7Bg7ZqzEZpQw/7mv0vry62zfvozdnQqiO5Ockpk8s+hBRsVD66HjNCuJJJZM58GJcYCGPGwWM6Ydp2tvJzUnzuEbM4xwOEiHL0ggpKCqGqIG0HMCoJRO0dTZqKLA0pUbWbajES9G7EkFjJx6F7NnTWG41QzWSXzm6Xbk91azeuc7/KEtgsGeTv6kp3l04SSK0tyIzTas8RmMKA4SJxswat3tIMpOnCn5jBmWjMtkQOw9oPBj+jbqfhkAvfK3WudAZS8tYzSyt6Oet1LnYGWjkbvSPaLRGU0bCYIQdRsNVOdVy2twYM8oZf5zpcy/shRKf52SE3PSXXzhx3dddM2VinIjbCHaNrpUfzSyA5G5HTZ/6X1ulc5Pky/6JNRTCIfDH3t1OBymra2NmJiY25cbcYA6o8klpaoqLS0tOJ3OG5inq4Pqgx/yxj99jfUT3+QHT46hdEj3VP7tzNPV2tqK2WzGYrn+hRWfxDxdHR0diKKI3W6/9sU9fBLzdHm93r4cc7dC5+3KjRgIBPD5fMTExAxI7nbYX7S2ALrPvVk6dZ97/TpB97kfRzQ+Vz+W7iai+FvpbKii6ryAZLEjSvreHB0dHR0dnU8bhmtFzIqiIIoikiQNOLqOZvTRG1VDdBFntKMsoee8mxtWT99x9n24lNd+s5o91jtYWJJCYowZSRL7ZHqJZvTbv7wDpVffQGR79QEDHk32Xj/QevbXKYoDT+QdTT1vh/31t4VodEZTz8HqjMb+Bmvz0dbzdthfb10HpFPtpObQVjYsXcqyw61kLPj/eGZWPgXJ1z8b8kn0uQPt02h16j53YDp1n3t1oqmn4VpKejuqfydcD9F2WP/1XdHqHKhcf5kbptNgx5MygrF328iNHca04lgS7RIX5aMdRBv1Ti9Hm/4omnpG2z69D1O0OoEBO8b+8rfa/qJxUjfKdm+FzsHY341qo4HI3A7767Wjq+pUvXjb26g+p5A0PBW7QULqquLMvm2sXn+M5vzJTEpwYJMN113mT6rPHWh5B6sTdJ97PWXUfe7Hyw5UTv+udbOQ08mbmE7exNtdEB0dnb86/OepP3GA5eskFmQnkmWXkNrPUX/2PJWBXKY/9RyPl6QRZ9FdtI7O3wL6k6yjo6PTH38T9a0RQqqCQQzh9arYkoYQawUh2EFnRycd3gBBRUOQTFjsbtwuGzazERENUAl0NNLe3oUvpKAKEqLRjNXhIdZlwaR00VGxnz3rPuBP73tIuTsXKcOD+VwtNfWd+FQbpkg9je2xOAQJNdBFe0cX3lAEVRMwmCzYXB5cdisWPUGhjs4nAj3Y0tHR0enPvhf44fPnqCPAkMRa1n3Qyaj/XMt37hQQDy9hxZtv8ac1BzjS5EeOG8a4+Z/nC4/NYe64DKyoaGobJ1b9gj+8+SEfllVRG5JxZ45lymf+jm99bgLDmlew5Lcv8d3fb6cuZOGL897n/sdLaD52jLItB2kKaZx8+ENWPPsa/3OPiL9sOa/++T3WH6+jU5GJG3oHcz/7VR6fP5nJmbfuoGgdHZ3o+XQFW0o9zZUb+Nmzf8b9f37C/Cn5FMZe4brQMXau+IBlS2pI/tZ/89kCcF3/zmQdHZ1PMkYJyVvBmbYU4kZ9lh/+toAhwyx4jv6GF17fSlmwhId//C/MGCLjq1rDW6+9w7K3lf+fvbeOr+M6E/efmcssvLpiBssgWzLJzHFMsUOOgw2Usm23u4VN221/pe+23e222223KSTZNMy2A4YkZpDZMkgWWcysqytdnvn9IctRUoMkK3a8mSefxPlczznvgfe8886ZM+9Ln/oB7kvtwbnvv/nVU6WYZzzK9786mWxLF01FH/L0n77H7y2/55HFi1i6zkW3x8gvT47j//36AWYlh6E9v42NL37IS8dMrPm3R7htfDqe937G9tNetEv/P57/zywixB4qdz3Pawd3sM1gIPahWSQp35QrKHzm+Xw5W6IBnTWFKYvnYkywEHK5h0K5n96OeqpLq6EPAtJlrrvRyF4kTytFJz2EZ8QSHm5BiRGt8HnC7/dTVVXFrl27aG5uJikpiXnz5pGcnDz6SgUBISBji0oiY8ZCZuSGY9H7OHl0N8VOG6F5C1m1YBoZoWr8STbajh7hxdoyjp0uZ0mkxOntb1NuvIsHZ8xm0awsovUeEkI11G3fyHPHT1M+OYGMcDtx9hA0Jgdp2VkkhBsx+x3E28MxGS3EZWWSHqPiWGcjbb3h6KIymJI3mTDBS0KogfBpAnpHAqHKW0QFhZuCz5ezJZgwhI5jwf1RqMLDMN/sO/C+XvwNB9j0doD8DYvIC7OgU4yvwueIkpISNm7cyObNm2lrayMuLo7u7m5WrVpFamrq6CsWrIQ7YknJjMaiDaKmhfPl9fQbMsjIyCA1bOCxRhOaQXZWLJaqHppry6nvtXD2dD3aSZNITYwhyqxGFK1YozKZkWPnLwVVNHd00jusNIU67KlZRJ2vpOTIZv5XX0VSTDRxsYlk5UUSZtGjVta7gsJNwU3jbEn+ftyd9VTVtNDh8uCV1WiNoYRHxZCUaMd0IdxFoL+T7rZGGpq76Orzg9ZCaHQicdERRFokAp4OGitq0KpCUWt06IYbJiPQS1dLE42NLbT2uPFLIhpTKOHR8URHhmCVe+hsLOd0VyTZE+KJsOjRAEheAv2NnD3egDoxmxiHDXOwm87GWqrq23H6AggaE+YwB9HR0cRHWVADvdUnKHcaMYTFkBFnRYUM+GkpKaTRb8NoNmPvP8WRLRvZtF1LV7iKoDifiUnxxAw/eK+Cwk3N0aNHeeGFFygvLwegrq4OjUaDw+G4RmfLhNFowGoGkEDqxukMoDaaMFtMDDUbFpsFveyio7eDTq9EVxeYQ2wY9JqLUaNFlYqwiFDU/S76PF76r5rlQwBMpM5aydzO9+jac5rtmytxOBw4ouIZl5vP1NwsMuJsym62gsJNwKfmbMmyTCAQQKVSjSpex8eQ/PS3lnP2w7/xl1cLOFPfRY9kwOIYz5Q5K7n/S+uYEaVDK3norDjInq2beH37Kc41OJFtCYxbuIG7br+FlXki7up3+NU9vyfil6/xwKocpkcNqzf42s9w5L2NvLF5L8eqO+j1aDA7Mshd/SB3rJzPdG0xp1/6AQ9sm8Mv/vg4K3ITiBRB9rbhKn2Jn35xMzHf/A33rMomsX0fH77+Mq/uKqHG2Y+sjyB63DwWr1jDQ7fnE2cQqd74E352Mp3Ehffy84dzMSMD3RQ8/QRv9M4hIzeXNcJm/vV3WyjuNlL3P2XUdAvc/+B9rMu4tuFWULhZaGlpoaqq6mO/NTQ00NzcfM11iwKoL5ouFSoVyHKQoBREhotJ5qWAhIQKQdShFlWo1BAMBpCkoR6VTCAQRBZ1iKJq2Kk7dHFzWfnl6cxZV03Z8QMUnihk384/sn3XOZY9+BDf+MIs4kceY1NBQeE686kdrXS73dTV1Y2J0cN5jtJ9r/CL/9hNz5wf8+8v72DXlqf4xfpoVEf+zPd/W0C900ugcy8fvv4mmw5A8hf/xOY9H/L6T+YQXfQm77zyLu9VBkbZAB/F7z7L6x+WUT/uy/zn5r0cPbCZ36410rr7bd7aVkBjqJ1xc2eT1bCfwrJuarsHSgZ6umkrKKA0dDbZWZHEduxk72uv8uReE/k/eIW3t+9jx9P/yN32co6+9Gd+/UEXgeAwklvaJ5O+7B946p/mETP+Pr79uz/x70/cycpreJhXULjZiIiIID4+/mO/RUVFERkZOYZSVKCKIdKhw+9tp7O9Hf+Qv21vbseFCmNEHLEmOzHxMp3N9fT29TFocQL+AI1VDfisIYSaTdiGaXkDfW58PjBGpZO77H4e/M4vefL3X2NlRBedxcUUto1hNxUUFD41xtzZcrvd7N69m6985Svcf//9PPTQQzzxxBOcP3/+YnLMkeKqO09V0XlKQxZx59pcxqc6cMRkM23qDJZOCqNx9wcUdnuoPnGUokaBQOpcbl82kaToeNLn3suGRzawZkE2cbrRZmvXkLbkcb7xnR/z00dXMS0xilB7ElPn55Gq9+NvaaNFsmNKn8uSrFoqzhRTX9cJeOjubuJAwXnM0+aT7rDQU3GGsw196Kffxj2zEomNCicqcwkzp08mM6STw/tP0CHLXHWkRDUqjQGLQYOo1mEwmzEbdWiVp1yFzxH5+fncf//9JCcnI4oiEydOZMOGDcydO3cMpYggWMidmUe0u56ywwXsrHYjB330lb3NtoM19BvjyJmUTbzNwYJlc9Cf28XBk+UUtfkIOOtpPv0uz+/uI2HiRNLi7FhVoMZHsKeZup5eej1BLuTFHUCWwHeW9/7wI375y6d4cX8TfWjRazU4mzvo8qgQDAasw8/ko6CgcANRD81LdCkGs2oPpiq4Gj09PTz77LN88MEHtLe3o9FoaG1txW6389hjj101G/jQrOOD4fCdbe00tXTjjbmV8TFmLBoBQdBhibATGxeGrqWUmg4vtopaWn0qNNEJpIZfODxqTWbiXDPJQS0aYz/BPgkZGVmWkHpLOHFsH9u3F1IXkPF4/GQs/xLLp/qQJRkZGUmWkCTQGjQE2k9xcucW3nO68AJ0neZ4RS8RsW5cfiNaawYL5yXz4ckzlFWOoyk1lN6GCg4XW8j5ThaOMB9tTa109GuITMsk3qIeOIulDcER4yDGJtJ5vowG33z8kowsX2inJCERBKSLv8mSRFCSCMqALCNLg9ddnYE6ZK4291eal+EyUjmXkxkMBkecUmGw7LX0cyQyJUm6OLYjbedoZQ4tP5J+fnJeRvKqf9AmjLSt1yITPhrfoXUkJiZy9913k5WVRVdXFw6Hg5ycHKKioi55/fAEyR9bI5IEwaCKyKnruLV2G3tP7eX1fz/Nhzo1kq+bNv108ubNZ/GEcPQmI/FLvsT9Fe9RdOQF/nx6EyaVhN/noWfKI6xbOpHsGCPaPjuR8VGkuw/y0i9+SdPqR1kV4UOS5Qv2CSTCiEuKoOjwafY8V0Lhm2oQBKS+Djxp05kxcxLp+oH2DR2f66l/gzJHq7cfjfHI1uj11r/R6vwnZSs298oy/y/b3Ks6W0ONznAa1N/fz549e+ju7kaWZXw+H01NTRQUFPDAAw9gNBqvKu+Tg+DxeOjz+hCsVkyCjCBLSDKg1qA26NAHnLj6g/Q4+/HKOlR6HToGjZAac2Q0ZoCAm5YLkyLLMnLQh6ffSVdHBx1+Ga83SHefH69fujB5MrIURA52UHJgK+/vLaGoW0t4hBmtGpBkJDmIJAcJBkVUujCyFswnem8RNZXVFFf0oquu4LQqjy9PDCfc1Emt20sgqMZkMSBKEjIgCwIarRa9Ro3U68IZkNDIDMgfXKQXIlPL8uCcSBf+HTTOg9ddnWtZ+EPzbo2k7GgY2sah+bOGy2icykvp30jaK8vyxTxq10PmYPlr7edoyl7LzW40enSpfhoMBrKyssjKyvq760dj+AGImMzM5VG4o9OwCwN2RBRFVI48Zi0DS+hRDhfX0+YGdVgWMyfPY2ZeBuPsGkCFNnkxa+6UCD9yhtIGJy7ZgjV6ArnTFrMoJxq7WUTQJJE49RYevMtAkUuPUQWyNZHUaXNZbdWSqAZRtDNu3q0EzMewFFZQ296HV1ZhSpxB3rQ5zJiUgl31987W9dS/m9XZSBPcjgAAIABJREFUul46P7T8aB9wFZt75fbeLDb3qomoR5oMUxRFdDrdx64VBOHib8Op45MJItUaNVq1CtnjwScPOCcCIAWDBHwB/KIenU5Eb9CiRsbv9+NHYKAaCU9PF+6gCkEtfaxuTKlMWBxFfN46vAGJ7u5uwuLSiDCVcejidTKCt4R9727jcGcqKXd9iW+unUiMHoJnfs/3m3ZRKwggCKi0BqyTFzPNvpfj9ZUcPtBKYmMDzty7yIs2EKbXodGqEcUgPq8XWRAQL7QlGAgQCMoIOhN6UUQelM8FowIg+wkEJCRpQB6CwMA/DPwpDPb56lyvpKgXx/oaZA6tY6RyR2OQr6W9l/r/kZS9XklRb7TMT/7/9ZA57LJJt3DnVy+1s6AnLH0289NnM/+yhVUIgpnoqWu4I281oiheegdF7yAmZzUP56z++O/ZU8nx++nq6kInCqgcE5i2YgLTVnwK/RyDsp8nmaPVv0+Wvx4yFZs7/LLXy/6pVaorH/IZ9KxVKhVXuxbAYrFw22238eqrr9Lc3IwgCMTGxrJ06VKMRuNV6xjqSatUKgRBICQ0BHuIGU5WU++VibWKGAQZr8tFV6sTpzmBaLuWhEQ7IUcbqG1rodkPkXoROdhP/fHdlLhCMaQlMEkULzgmIiqNCWuYCWvYQD/b29sJCTGilVWIooCAiCiIiD2VtHSosSXmMHX6JOKMAkh+uqqraet24ooVEEQVKo0GbDOZNTOKo2eL2LPTR66+n8m3zcNhNKLXRBIeGYLJUE9VfT1ukjGLAiISzi4nHU4vhrhY4nQq2nV6RFlCloIDdRNE8rTT1e3HLYmIomrgy6eL35ZfaMMwzmwN3gCGM5+DDFWukZQbOqeXvfFcRSYwYplD5Y2krCiKBC8cnhnUv5Ew+JQ1kn5eSudHwmj6eS0yB5+0R6oLY9HPm0n/RqMLMGCLBudzNH293vo3eLMcaVsFQbimfl5P/bsW+zdYXrG5ly/zebC5Y35APjQ0lCeeeIInnniChx9+mMcff5wf/vCH3HnnnRgMozvNaU7OIG1iGhkN7/DCpjLq2j0EndUUHy/gvWP1hC5bzUyrgfS8aaTbPbjPfMjz752j3dlD4+HnePEvL7JpdyktQc3IhQsCmB1Y9T5cbQ3U1bTi9vbQfvoVntldRV1zN4K7H6fTz8DH4Fom508n2VPG+cNF7O8ex7LZYeh1ImAkPXs84x06OvZs5oUzvfR4Jdw1uykoOE5hm425i6ZhF0ViYu3Y+ptpr6+lxCUR9Dpp2vEWBRUt1PVfaJoIWq2M4GymuauLjj4vfv8V+qKgoKCgoKBw3RnzOFuiKBIaGsqqVauYO3cuGo2G8PBwTKZhhUy+dJ22DDLy1/CNh/t5fdev+PEOH8gCgjqU8Ekb+ME904m16tAa57J4pRNJs4ddz/2Qx571I4lqTLGzmLdwDnMT1dAwYulgmsb8lbNoe/8Y7//6yxx6LoaI6CTyFtzFLd5NHDm3g41P24j8+pdZniigzcgnK3YfSTFa1ONmMN+uQi8CCJjS5zP31gC9ng/Z94tH2CerEVQqVCEpTLhtAWvn29GIAqFT17Co8HW2n3yRnz++gzi7jciYDKJjQ+i0yiAFUBmt2CbOZpb1Dfb+8Re0VX2BdatWsWKcEuZQQUFBQUHhs8KnFtQ0Ojoah8Mxqm30v0NtISRhMnPuUKNKOkdNhwuPpMUUnkBi5gTyxoVhUoMsRpI0ZSHLLVFEn6ujqasfTFHEZeUyaVwS8bYgnuAsNvxIh3FaNPGX+zBSHUv69FVs0PVgTRQw6iPJWnA7a8MzSK/uwqUKISQ6nWkzkiAylIzSRjrNKcSYBwIhojeiVduIS4wmMj+XWA0XI06rLHEk5y7mNn0YjjPVdHhA0IcSnpBFRnYWE+1aREAbnce8NQJh6TXUumT0FithSTnYsw3kqxIITbAh6DUYM1bx8NfDKe0IYEhJIHa4AXwUFBQUFBQUrgs3Tboe0WDDlj6b5emzL3tNENCGJpA2PZHM/Eu/SzVF5LLm67lXFqZykDjZQeLkIb8l5JKfkEv+J2VGRpE548L5AVEiGHDReOY4Ze1aDEk5zMuL4+MtUaMPSyJ1diJJM6/wnlodRmLeEhLzPtm4zI8O7goCqtCJzN8w8QoHdhUUFBQUFBRuJDeNs/WZJ+jB19NCaWkRR97cyilvJhlzp5GfpAyxgoKCgoLC5xnlndNY0X2e9h0/58HbHuKX+wykLFrN3SvziLjR7VJQUFC4FEOCIV8xmtJgYGVZvvJ1CgoKl0XZdhkrQtKw3/Jz3tz3XSStBUtYGLYrB8tXUFBQuHGUvcKzL53hkCeL+396LzMvdfLC54TC/+Gbv+sheu0a1t4xi3HKI7qCwohRnK2xQqVDbY0hxRpzo1uioKCgcHU8XXQ0NlDrsdMHl961ErVgz2PWwj5CU6IIG3mcSwUFBRRnS0FBQUHhcqi04JjOopUBNGYTZsXZUlAYFYqzpaCgoPB5RYCgx0l3dSEFNU30+UVEYwRR8YkkxjsI0wTBVUdVuQ9jQjwJJglVZyPnjjVhzEog0NmKq7ub/oCAaAzHkTaetAgtOrXilSkoDEV9tUSTQ/9+JEkpBxM1jjQj9yevl2UZAm48fS7ae0VCYsIwisKlT/Z7e+jq9uBTGQi1hzC8ePV+fO4+Olt66RE0mCwymlEk3xQE4aN2yx56O/vwoUEfYsV0mYj+g9f7Xe04PTIBlZnIUMNVv1oYOkYjTRR6KfnDvfZaZI627N+N7acs85L6N8KyY6LzI2SkMofKGW2y2dGWHU25S9VxPeSOVv9GqwuDZYfWMfR3j8dDMBhEpVKh1Wo/li5kNDJl/PS3l1O05RneeLeA8+1eAuZ0cpev5+71a7klwYvqzFP88gedJD70IA89lITh7Eb+4+FXifz2QxjqS2ivLKOuox+vMZXx9/2AJ9YkkxCiHZYdu1Q/hztGo52XoX+OpJxicz8dmZ8Xm6sezEl0OYLBIJIkEQgERpQHKBgMjnoQhrZJEASo20vBxrf41ktmvr31xywNNV7y7ECw+AX+8mQhJ/XT+epvHmP+cJrrP0/Jnrf4929sIeTHf+VrS2yka648JkMZjHklSdJH4+M+zFv//jZn/SlM/85XuN1+5X62bPtP/rCzm5q4tfz3vywhnIHEP1eTOZpEoYPlg8EgV5v7sZI5VBdGEuB2aCLg0TBYdiT9vKT+DZMx1fkRMLhGr1c/R6sLN6KfAIFA4KL80ejfter8SA355frZ19fHkSNHaGxsxOFwkJWVRWxs7OhlBoPIvhrq62QOVj3Ad//wA8apSznw7H/z6sG3eEoOJ/dbeURIEjIykhwkKIEsB8BTyfb3Knj824/x2NQETJU7KHjtKb74m2dZMO0bmMz2q57vGhzf0dqij9ncYXAjdH5oecXmXprPi829OV4jykGCfh8et4/AlT4/Dgbw+3x4xQAjUGmkYACv24M/KCON0MG95ARXF1Pjgv6ISFJtw6gj6MPn8+H1B8fg02oJr7OFmt0v8dKWoxTWdNCLhciUPKYvXsO9a8ajAgIlm3h96zb+8G45H0+nqCI2bxVLH/4XvnQh9mugo4jDu7by3rb9FFa7cBsiGTfjDm5fN4fp4xxYr7KWr+VJUEHhRvNZ0N/Tp0/z1FNPsWfPHhwOB06nk8zMTNavX8+tt956DTWbiIxLYv6a1UyJDcWqzmXB/BmU1J5gV9FZTrvzmCczcHpeZiBYkAgqtZq0OWuYlJRIrNmIyhFNSnoi1udqaXP56Q9A2ChS0Q6Hz8J8fNZRxuizh/pqXq8oihezjo80q/agVz2acjAk67goIooCCAKiONAO8VKOqEpAvJC1fEDuMASK4kAZGFJuZN82S5L0sXIt5RV0asyY45JJ1V+mrXw8M/vF7O6iyHCf1QbbO5RgZyUNBW/xyz/tRkqfQs6CfKxyO611pRx48UmkyJ+yMlkgqqeZhmYnLdpM7libSyQXUgqJArb48WQ6RERRBl8VR95+nQ8K2+mOzGdpjhHBU8uZY++yO9KGwRrG3ET9FdupUqmQZXnE2dUHr71UP4fD4Jxcs/6NsOz1lAmj6+eg3MHyo3l6Hs28XIvM0fbzRujfaHUB/t7mVldXs3v3bkpKSnj44YdJSEigurqaI0eOsGnTJiZNmkRcXByiKI5MpigiiFZsYbFkjbdj04NGrScyPh5H6FlU5W0094pwwTYJg+OvUiGKJqITkwmzWdCpQdQbMVnNGP1teIMgCcOzv2Nlc4fLjdD5oeWupexIUGzupycTRtfPYTtbIx38sRiEQbkDix3koBd39SF272+kt70PnyaMyIQspkzLIcHER9cyaBgAVy1lRcWUnm+guceLX23EFpHMuNwcUh02bKKIIAogBQk6z3Nq52lOu3voDmgx25PJzM1nYrQWnTpAX3MlNaXFnDnfTFt/EHQ2QqNTycxKJTMpAosI4KK6rB7JMIuoxASsgT76G89ytLCC2jYXfQEVGksk9oR0cqZk4dDDQLMlvD3N1B59jx1FtfR41egi0kgfP44JmTGEqGSQ3DSfO0lR6XmqWpy4g2q0NgcJ2XnkZkQRadHi6+2kpaqcEsbz0K13siAnkQi5nuJdr/PCn97g3YJ68iMchHh8eNWROHIWc/9jq4njgrMlgKjRotGKiEIQX9U+dh1poNWaw9x1q1mSaUPbf54DEYfocYRh0VzdCR/cCh+pDg0aVGDURmq0eju0/EjLjonOj4DR9nPo2F6PG8+1yhy8fjQ35uutf2PhbA22t6amhvPnzxMTE8Ojjz6K1Wqlra0Nl8vF4cOHqaysJDY2duTOliAgCAY0OjNWq4ggDoyxWm9Ap1OhkXx4vCICH92ABVFEEFQI6DAY9ajVKkRRRlCJiGoVaoLICPApOluDfbwZdH5ouWt11EaCYnM/PZlDy4zI2RqRhBEQDAbxer2oVCqMRuMY1OjH72mnZO8HeM/X0trYTle/BkPMFKqw84VZdj7+xk4CyUXD0Xd4b8sxjp/vwBWQCAhqdKowklvuY+2yXPLiBq6VAi7aig9wMNhGb2cLLd1uMCWQWG/hnzZMIEnfTMXhD9i2ZQ+Hmtz4gjIBlRadJYWpi5YhWBeQFylAoIbScjeGlAjiEyz0t5dwavMzvHCog3aXj4AkImjNhMSNo078EndPDhl4dejroauumIKdfk6eKqe1owcnSUy65XbWh69hToSMv+UkOze+wq4zNdS7AuCXkbUGTGmtPPjgSuZOiEWjDcGYOIN1j81h3dxUHDYdomzAmzWe8faXONDmxO+PxOP24PF5CNKPq/ocxX0+UBkwhUZht0cSZQQ5KNF2bDfnfLFEJySTYemkpqQJSWMkZfEGYqJCCDFpx2BuFRQULkd/fz/BYJCYmBhCQ0MBCA8Px263o9Fo6O7uvobaJYKBIB4voBv4Rfb7CAQkJJUavZYrHyBVUFAYFmPubMmyjNfrpaWlhfr6egwGAykpKZjNZtTqaxAX7MHbW8Su04v47j88zvwkL027nufF57bx339MYd6E9WQPfU0tuZF8Z3jz939ih24l+Q9+h4eXJRPSc5a9v/8u33/uRXQWI1FrwgA/fn8Hpw43kvsv/8iX58RhrtrGluee40e/fZIp8/6N1drD7P/wCHub0lj+k+/ztSkW+mr3sfHJv3Kk6Cj70qeRF65D7jjDuQY7xtxIEmO6aC46yPN/ep/2LzzNt9fPYHpkH42HNrN541Ze2HyaxakzMAJ0V9HebaXS/jX+9S/jCWl5m7/9v/9hV8FOto6fz+wFGpyHXmVzQRfWBQ/znbsXMtPQTP3+P/G17z7N1owMwmJjmRubRV5sFkPzV0u+Hnq722nqMZGUGINep8Xr8eJzNtBWt43nf/Y8J6o68WqiiM+9lVtWr+D2xZlEqYKUnSsjqAunr/YoH/7xNLvONNFJGOlz7+XeuxYxb2IcoRrFGisofFqEhYVhNBqprKyks7MTlUpFW1sblZWVuN1uYmJiRn1wG8lJv6uNhgYvQbMOjRikv6ONrl4/flM4MaGgqhnb/igofB4Zc2erv7+fHTt28Ktf/Yry8nJMJhOzZ8/m+9//PhkZGdfgcOnRm1JZdu+9TM+MwGGRCZuSz/KyUl59poDCnrXEDv2IwuOEc1vYez6WlMcWMW9WBg6DCkGTysLHbiNvz1vUlzZS3BhGMqDSGohfvIGlU1LJjLIimPKYc2sZuW++yekiD7Ni+/F6gwREHeYLuzmm2Bnc/sR4VkoqNAYTst+J7+xxSs0O8h3hxJl89AY8uDw61HoLJo0KrclOwrwH+OK0u7lX0mE1aWgD0CSSmDmbu9bnEG9SozLOJWf825ScdtHR1IGoTyfslh/xm9wgapMRi1WPVoggbu588uxvU9fmpKMzAFGfHF8/Haf3cvj9/ezSrOSJ2xJwGNz0okYtC0SGxpJwx1dYn2Ckv+xt3t74Nq/9uY5G1Xf56SItne29tB3dRcP4FcSt/Bo//YIaX8m7PPmn3/JMQMIl3sV9k5W8RAoKnxY5OTk0NDSwd+9e7rnnHtLT0ykvL8ftdrN06VJyc3NRqVQj/koTCZC7aKo9xc539rIscTEJqhoOHTxKYauEZcoUxhtApTxLKShcM2PubPX29vLXv/6V4uJienp66Orq4tChQ7z88st897vfxWKxjK5iQY9aF01qhgmLSYUogs4aQqg9FJu3kY6uIF7fR5fLfh/e+hrqpXDS7TbCQ9QDB9XVOnTRGUQbXVT0dtHj9AIqVGoLcUkxWM161KIIRhvGSDt2XSctbb24c3LJnVpO2Zs7+es3zrFvUg4TsyYyfkoOWclRxGoEAi4/50+cRoq+E0eEnUhVOIbYPNat3c5/vfYEPzw8jnHZ45k4KYeJEycyKWHIKziTDVO4nQSTBrUAgtqMQa9BrZLoC0iAhCi3cf7gNvYeLaK8uZv+QABJbqe4opO4OT6kYJCPTanUw/ldr7Lx3QJO9GZy37ceZl60HtnlJmTe/Twy5U7WSWYio6MIM6gJpkegc7t5bXcth3cfo2VRHv6AhC9iPDkz5nD7gqkkmEWE5ATuKzrFXxvPUVxSSe/kSYxyVhUUFK6CwWBg7ty5GAwGdu7cSX9/PxMnTmTKlCnMnTsXjWaUn/0FIaiJJ8KuYZx2D//1tWdo7eqh22cibvoK1q2bRoTAVeNlKSgoXJ0xd7a8Xi+FhYW4XC5kWSYQCNDZ2UlxcTF+v//qFVwWFYJoxGgQLh68FFRqVFotWrz4/fCx8CCSjOR248GKSqPiow01ETRGdOogBP0E/RIDR8MNGPRaVIOViypEjRajGMAZCBA0JTFh0Vo2WOPILKmi0dVM5eEKTh86QPL0hSxZPoMcXTOnCpsInRRPZGQYWsGI1TGROQ9+HX/6acoae3C2n+XIe6cp2JVA1or7WT8jauDMlkaNqNOiu/gU+dGhPVkO4nd3ULb5z7y8oxd/SBxZ+XmE631I/vN4T5chihIXs5vJfvC1cOKdl9lysJpm/XhmLVrEilkpROigqw8MkUlEJH7iLJ05jayMJOJP1nGktoFWaRYavRpNeDzR0fGkRlrRCgIqSwjjM6PRVzrpaG3HKXHh4wAFBYWxRhAE7HY78+fPJyoqCpfLhdlsJj4+nqioqNFXHD+HxRsySHGKJMcHqI5ModstI1hjSBo3gQmZoWjVXki7nUe/6cGSnUmcGII6eREP/NyONteGw3ShLmMs9ilr+d4vuxiXFEr4zRFUSEHhujHmS0KtVhMdHU1nZ+fFYIJarRa73T6qTyw/QkIOenD1yQSDgAiy34/f48EjGjHqBdSeIZeLIiqLBbPswefx4/EBekCWwN1Dv0+DSqtDp1dBj4Qs++jr9xEMXvDYgn4krxtPQIvRpEOtNhIak0t+dCZ5c+spKy+jvOw0e7fu5eg+ATnKzrjsSo6Xm4ldYScywggIiIZwQrNvYX3WTOqrK6k6X0bx0YMcPvYhf3GlMzVrKXaZgUOol3NYZD9+dyPH332HYvkelq28nXuXZBFncOLv+IDSZzbRMOikyT68znqq977J5g/O0hE2lbwly1g6K5O4iyH1fXTV19EQNCGEJpDmuHAylgtfcgoCiGpUgpEoRzj6LvB5A3hk0F6QIwgfNVaJ6KKg8OkiCAJms5mpU6eOXaVRk5gaBXkXAjxOzuESoQJ0EDefVXcP+Skml1u+OBCEbyCoJKCPIDQjivszxq55Cgr/lxjz/QiTycT69euZMGEC0dHRxMXFMWnSJJYvX45Op7t6BZdD9hDw1lN+rh2ny09Q8uHqbKOpoR1XSCKxoSoMQ3bTBa0ObWImyYZ2OutbaGjpxy9JSN5eukpOUesJwxQRgT1MCwSQgt00VtbQ7vTgDUr4nJ101jVQLccQ6zCh9TRQVVZCUW0vgYhMches5e5HvsL6BfGEy62UFZXjri+i0JVNXJyNyBARAn24Wms4efgs1X0mwjNmMHfVfdy3/jbumGqj/sRpmtxePJft9CABpEAPLS39WKLTSI6PJkofxNvTTuPZUhp6/bi8QYJBiaC7nZZzu3npDy9zxjCP+WtvY82sFKJUfvw+P/6AhCy7aTq1gx1vb+KtPeW0ON14/T7c3Q1UVdbT1CsQnphIjEpLavY4ItxtNFVVUNTai9vrwdtdT8X5Znx6C2ERYVcNaqqgoKCgoPB5Zsx3tkJCQvjWt75FYmIihYWFGI1G8vPzWbhw4egrlYCgG4+nkj1vv8/8+FuxxXmoPnOCnSeaMEx/kGybHkvXkDJ6K8K45SzI3sjGY/s4HB9L9vIUTB0l7P7fzZwxLObu7CTGOWQ6iiHo81K3fxNHFyQRHRqHpqSIQ7tOU2yfy6OZBsTSP/L0m2c5rprF49+8l2WJZnydZdQ0deMTYgnXynSWFFOePJXYSBPhWqCjlModr/LtHxeS88Mf84WFmWRa3LQ2NVDV7MESF0+4Tj3k1eFlEDSImgjsUTq66iuob2ikNc5Eb8lh3vzbSXqNfpx9HTh7nHRVnqFw0/P8rn46P/vHiaTagjjr63ECCCowhKIVdRj8rdQeP8S7u5vQ2h7klkwr7tNvsmnbCUr845mzYBrhogrmrmLqO7/lgwNv81KIFePCaAznX+XlD9sQZ49j/LhUrKOfWQUFBQUFhf/zfGpv1pctW8a8efPGJs6WDJIqAnVEPrdPruSdX32R31Y00y2EEz15LT/5+jKSrQY+FvFJ0CNoxnHXt7+H/OrbbH36G9z2az9BjY3IuDnc9/WHWDkznSi5nLaACLo45i1LpPqtn/Avv66i3qXBGD+DL/7omyyOsREZs4G1ro2Im97lPx96hu/3BJBNIUSnTGXRqhXMSvJRuqmCqAlfJNZkwQQQkkXyrNv510faePqlf+ZLv3HhDooYQ+JIzlnED5+4i/HhZrxXHQAtelMsK7/8Nc78z2be+PEmXjTFkjwxn6UP/oivH/opT279Gy8GOylL0WE+dILeihP89LH30GtUFyPSCzobmslf4mf/vJB5Cx/gLnMcutc28sb33uHPbgGNLYGkKcu5beVy7pptA0GEiAXc83gP5s3vsvml7/DAHwIIlihSZz/OfXcvYlG26YotV1BQUFBQ+LwjyFdJouT3++ns7CQiImJUiahHE9l18BPmi+cH+lppa2yksB7SUtV0NLTR4/TgV5mx2uNIz0gmTAd0lVN6vhunOpzUySlECoCng4aaGuqaO+jqDyKpdJhCokhOTcZuM2AQeulpa6D4ZBO+SDMmXx/ufjf9khadzUFsWgZJIWo0oo/e1gaa6uqp73TR75VAo8dksxMTF02kMUB/fQlV2hwmJVmxGdSATNDrorfpPGV1bXS5fPglAbXBii0ihrjEBCINILWVUNkWoN8Qw+RM+wWnMUBX1RnqumUCoenkJhiRehsoK6uivsOFBx2WMAeJ6SnYOospr+vBbYrCZtKgay+jrOvvk4kKKi1iSCrJcSYSIk2IbifNtTXUtvXQ7wdRbyPEHkdcrIPYcMPFd8xBVytN9bVU17fS7ZYQ9TbCY1NJjg8n3KK7anqhwbN7I9WFoUlRRxMypKenB1EUR/QF7CX1b5iMqc6PAJfLRSAQICQk5LrIHJogd7SJgEfTT7fbTV9fHxERESMqdyP0b7S6AJ8RmztCmSPVBRgY3/b2dkJCQtBqhx8cebQyb4TOD9LR0YHBYBjRxsO1yFRs7qcnE0Znc28OZ2uEMpWFf2WUhX95Pi8LX3G2ro7ibA1fpmJzr4xicy/P58Xmqj2eKx/P9vv9BAIBPB7PTbPwR5vYNBAI4PV6LyrbcMtd7xvPtS78QCCAz+cb1SIcjczRzstQmYPGYyQM9vFqOj6UwXkZzHt1Myx8n89HMBgcVT9HI/NadF6SpFElyIWBfg7aopFwI/TvWp0txeZeuZxic6+MYnOHJxOun81Vu1yuK14QDAbx+Xz09fWNeNJg9IklYXQJZ0cjc1Cuz+ejv79/xAv4erf3WmQCF43bSBbTzdpPQRAu1vFpyxyLfo5Gdwfn83rJHHpjvJ5r1O/34/P5uJrNGiuZN8oWffZsroTX1U9QrUWt1aIdcslY2Ny+vr4R7aLc6DWq2NzLo9jcy6O+2pa8zzcQlj08PPy6PGUN3ca83lvasizfkC3tkY7RtfQTrm1LG0a+vTwWW9qjefoYzZb2jdC/m+014o3QeRjda8RrkXkjdB6u3eaOdF6urPMS0EvR0RM4o1KIysogZojZGAuba7PZRhQW6Ebo3418jQiKzb0cN5PNveosjDrB6Si53vI+C4y0zzdyjG6U7Osldyzk/F/X4ZtpjG5Gfb3WNo+pPZH94D7Bjte2sO9oFc1X/3R6xNyIObqZ1ujNqMPXW87NMJ9KUgUFBQWFzyn+zvNUFB7k/Z1HKGp2IWjDiEjLZdqcfPInhWPuOcarv/gdb+wqwnnsq19HAAAgAElEQVSuhBP1NZTccjsPz7LRe34XO3Yc5lhxA21eLebYbCYvXsOKKXbCjGolp6KCwhAUZ+umxEt75SlKz5yjLnola3PDMeuvJRXS1XHXFVJUUskpfyb3rJiASRQUY3qzIAcgcJ59b52gL2oiyTkTSDM4cdUeZdeBIhr67KRMn8aUqWlEK5P6mUSWZVwuF0VFRfT29mKxWEhMTCQ6Onr0lbqrKT74AR/sPEGxL4TIKCsa2U13yU52uXrpCS7l9jQ9IXqZIBo05jDCwsMI1Xnwt5Wz7YXX2d+ixqc1YjG48dYXsOnPXWj/8WEWjIvCYfzs7zYoKFwvFGfrpsRLa+kBPnzxFXbl5rIoO+RTd7b6qo5Q8O52/tp3B7cuH49+zJ0tH77+diqOnqUvegqJMWFE3PTGWgZ/M+WnKmjo0WCISWRcVjTWT3RL8vTgajjHkdIOVNETGZfsICb0GlJb/R1BCDZTcvAAHZkh6NLHk+BvpnrX0/z5hWp81pksj04hPTdtbBJ4SX5kdzeN/UZCrXqMuk9XN/+vI8syzc3NHDp0iD179uDxeNDr9eTk5DBv3jxSU1NHVa+34TAH9h1iX10ki7/xDe6fFoXRW8WJl3/D8/sPs4UMbsmdxtqHFrLlgBb9kg3c+cBtzNPW0HFkEy+8XUPs+i+zdk0+udYWGo9t5b9+c5jShjvJSY7EYVTmXUFhEOU59mZBlgh6+3F7A/iDn9XUzxI+jwevz09AGmEbZSfOlt089dW7+ckLxzlW5/t0mng9kQPg2sfLP/smX3rwO/zgLx9S7PnkuMj42koofeNfefTuO3j4P95nT0n32LZD0II+lxVf/QfuWT2VyZFB+rpbObVzF5XRd/PoD77FV9bMIH2MHr1kTy/eip28c6CK+nb32FT6Oaa/v599+/bxb//2b1RUVKDX6ykvL+fZZ5/lueeew+sd3UGqzrMnKG/x0e/IYlqcn+6melq6dThSUnFo/bSdPclpLwQ+obLenm7qD+znrCWfKTMmkpdmJzx6HFmLv8B3fvAwC9PDCNfe7A9KCgpji7KzdVMgIfl76Tyzm0L/JBITrzH90aeCBLg4d/AI/dY4otNSSQrRXLXU5wLRgtFfTW/jcfYWr2dGnpaPbkX9tLfWc3BfCWKIEUHzaewGCICZ6PQMEEQE0U9r0EtfX4CQtFSiQ8xYxnCqvM5WKt5/iteavkpaioOMWPPYVf45pLCwkIMHD5KcnMwzzzyDKIq0tbXx+9//nj179rB8+XKmT58+4no7WjroKt7GntObueV5zUdP3kEfPimalLkJNPfAJ7/i93l9NDY0E4iMxGrUYxABNOjMDrIWrUAW1Yii4mwpKAxFcbY+ywRctNec5dSBHezce5hjbSHk3RnDHbEJaABkHwFPDTv/8iwnzlRQ2iFiSJrKjFvv4KurszECYn8VxQU72f7eLvaXNNHt0aCPTCV/1d3cumgmebE65ICX/nNv8/qmXew5WUODU0K0xRE3cT73PrCG3PjBVNMSvt4myt76Gf+1/ThlTQFE+2TyFq3kvnvySdTKBFsK2PLCaSoCUaTMXMTihQuYkmTGpBFHvo3aWsjpPTv55Ttw1x0ixUfLqapow2dKIWX6fB5ZpmLPqx9wurSOpmAYjtwlrL3nTubHgICfzpJd7N/xIfsKq6jo8IEpkpRpK1i3ZgFzJsZhE2WC/l5qdj/Ha+8e5GhVH4GQDMZNyGZF9En+p3AyG+5byuLceAzORlrOfsBLL2/lSHUnvZKZ0KTJ5C1Yxu2rZ5J4pbd+YjiJsR14tV0c3VuEL3cKWmHABcJVQ1vteQ5WJjAxq4yqi350EE9XHdUHN/LK2wcprOvGKZsITcwhb8EKHr5rBpEqUFe8w6ZNZzncJLJkoYGj207R2NpFvymJ8QtWsXLlInLDveAp4Jnvv0Vn+mwiIgM4N/+OPx920lD0I751ajZ3fmUDt6/MxlF3nLdffZM9Z6tp6hPR2zOYlL+YFWuXMzVKg0rop6XwA/Zuf5/tR8qpdspgiSE9bzmrV81lkrGKc2/+Jz96+gglwRZ+07gK7yN3snJZ7khnX+ECXV1deDweUlJSMJsHHNeYmBiSk5MpLS2lqakJSZJGHGJCRkaMn8Hs3OX8y71TMMJHn88LOoy2SGLDQfPJsGbyhfhGn4hPJAgiKo3yskRB4VIoztY1cObMGQoKCigrK0OSJFJTU1m8eDFJSUno9frRVSr5wVVPUeExThw7zbm6broFM2HJC1i1KJ2Jk+OJDVHTCgT6nLSd3MfZ+Smkzk4lvuUcJaWn2fWyluxp2cyLCNB9+D22bjvKgc5IJt86C4faT+2JvZzc8T4B0YB9/QTsfefY8vQLFPgzsE9dzoxQAX93M5VnXuOld+Mw35ZLPICnnb6GU3xQOZPE6beS7Kyg5NQ5Crd5MWVN4qu5ehJyl7BUF03s+Vpqq3bx1pkdvBM7nslTpjM1J52UGNuFJ+Fh4OvB1XiKE/saMWXczYzx88hIKqH4+DkOvVJDe2sek9NnMCM5m5rj+yg+9QGvO3LI35CGtvso+7e9z+4SN6qMJayN00FvOScObWa7wYhgiGBFYh++yvd5/untlFvHkT47mQSTD3djAS/v2sNej5WFq90EPHVUF+7g9b9tpzR8KtOWWbCqe+moOU/lzlf4ExF8b3Xy5XeHBA325AT84ToaD+3jhGsyOSYBowiuhkpqqqqois5neUQlbYMr0t1A49kP+N8/v09N4iymLIkgVNVOc2UVRe+8yDPR4/jKNDPh7hZayw9RcEqLOn4V+YtuZVJ/MyX793C+YCfvhKYwaXUUaqmD2qIimrUTCc3KJXvWfPLOFONxzGPJwjnMyrLhLz/I+2++xjvNyeTNyWG6MYC7sYK6U9v4a7eWiG8uJr7nGHu37GFvhUTIjNvYEKbG09tI2ant7N+rJTgzm6Rxs5kStZMG3Uzy8qeRmuwY3VpQAMBsNqNSqaitraWzsxObzUZ7eztNTU14vV7CwsJG9em7JcSCSR+CyRpLysxZJIugVqkQAh68QYGgoMco9v5dObVWTXh4KKqqDno9HjwyGAQZf383zWeO0RQyhZTYECLMypktBYVBFGdrFAQCAdra2njppZeorKwkEAggCAINDQ3U19fz2GOPkZycPOInzYCzhbbSAnYeOENFayddvUHU1jgysnPJy8shJy0Cs1oEqZtWQAoKeCQ9SVNvYfkUB7aeA+x46VX+/MpBCmphqg0EtY3IpFzy82Zyx8opJOk9nH2rnl//rYLSwnNUrUoj1FPJ4b1FdC65naUrVrEmW4+vpYzCHRoOaPQYBm2mP4jgF9GPX8zS/ARiKeXAC0/yytZT7C9s47FJiURk5jMvZTzj68spOnmU4yeLKWss5mRXEzWlqWTk5DJ9xiRShvlmSZADqPxupOjpzFySxQRjMfukdgp37+FAwwo2PLScvDg1jYYW+jcVsO1EBf33pKFGQB+WSOaMeCbecisL0ozQdYLnz/0TW0uKOZU9i2VhPbQef48t59TM+cYK7lw5jUyhjtI93Zzd2oJkDYIA3pYSSk8cYkuFidu/sJ47chw41B3U7n+FTW/u4oW3DrJ+cSyZVi2Xc7H1MenYYy3IZw+yvfhRUiYaMBr6aK6soqaml5AZS0hqfAX9kHumSm8lNHUGqavvZcmUOKJVDZx+72+89LetbN7fwP0TUgkXQAh6kEUrYsIslqxOw6ZyctZbxl921XDiVCW9q6P4KPSejtCEieREd5G/5X8pz1jGyrVzWRDTwKG3T/D+/nZsj/wza5ZnkRbqx1myla1vbOGv722h4O4FhPSWUFxUT4M2j9vXPMQDWXq8HaUUbP2QOlMIofYkEiIXszDtPzhoXMCsBXPISo8c0TpQ+DjJyclkZmayadMmnnzySRITE6murubcuXMkJyeTlpaGKIojitoNEJ6cQay5ibKqQvadzcc+3o4l2E3TmYOcagBf5GRWTreiUakQBS9utwdXXwBBZyZ20kQcH5ympGQm5UlhjDf30Vl+gs3PvEdgZSK2MBsRyttjBYWLKM7WKHC73Rw5coTt27ezYMECVqxYgVarZd++fTz11FPk5+djt9tHFEUXwNN2ntKtT/KjJxuJX7qO2+5cx4r8bDIjP/6OajBZimiwYU1exC058SSEGhAticSmRhMtltPYDv6AmtjJt3CLo4OmTjedxSdoBZxeEdHbT7Cnh44+EUFtIMweRo2zkbrSIorUDmy2GMbd8T3yTRpUokDreUATijlqCiuWZZCgVWEU0ohLSCAhtJQ9rV3IUsJAwzRWwpPzmJc0mdkre6jc/xabX3+Td17YxZ4zaxFSh+9sgR6NNoEps5KIDDWgVkdgDosg3m7EM2kuaaEGzGoNYaFhRITo6O/uxAWYQ3OYvkRPapeToKucU8eDIPgJqv24ejvp6e7G09dHzdlzNDvWkTMhiXSHCbOcQlLeUhZn/YE9HQMt6K2tprqsghp1HpH+CsoLq6gGpG4JlVrAeeowZ3vXEWvWor+cf21JJibRjN2xizc+rODu5Ewi5CqqKpuo7Qxh1rJMzG8NedVqiMaRvZB7H0mlw99BW1k7rQRo7gmi0vTR1NBEIJB4QRFshDlSmDI7HZsaVIKNqGg7IcYeSrs6cALWyzRrELm9iuaKSgrbLayMcFJTfIQOEfC58ahF9E0nOVQeYE6kGYtVh7qnnfqSQk5KkVgt4UxY+xVmmbToVAJdlcOdW4XhkJiYyMKFC6mqquKNN97AbrfjcrnIyspi3bp1xMXFAVyMiD1cLOkzmDKhgvMfFrFj41bCutMIldoo3bONo23hhM6MYdmMUDTmSCJtXs7VnOXYkUxiJ4aSNfNWFif8hdJj+/lA6qYlpIvWkqNsOdHDgjUqRLXyOlFBYShXdbZG+rR0reWvVd61Mhz5fX197N27l+zsbNasWcOcOXMQBIG0tDTefPNNioqKyMrKGrazNZhuIBgI4PH4EBwppKQkkxBlQqcO0O8R0WrVqEQBgY8OrKq1asKjwtCJqoGbtKhCpVajVoM3CLIcoL/lDIfffYc3thyhuKmLfgECHifdnaFMTArgl63orTNZ/4WZlP7pBf66fyNvpeUwLS+PqfmLWJgXT4RVj4wMOj3q8EgcKgGNAKBGJapQqcAXhI9GTkaWJIIBH14vmO1xxKamEHu+HKfswem/5CB88ocL/9UgCDpCrSIaNSCrEEUVer0aszUMURjYdlOpRNT/P3vnHRjVdSX833tv+oxGo9476hICIXoH02xcsB0ndhynN6du2u6Xbdlkd7PZJE5PNs2Ju2MbbGMwGNMxvYsiJIpQR72NZjQzr3x/SAOCYNCMKLHzfv9IGr17zz33nnfmvHvvu0cU0ZQAPk1D8XdSf3Ata97YzJ4zHbR6AgiShqezAU/xdMqQ8ftlLnT2oEQlEW2yYAc0zYDZHElufhqmA0Prgu7efjrPHaV5516+9ODvh3JpBZspuohIjKLHrRKQAdMVNhT8VXCRmJpB4sRE/mv1WmofSiSp4zBnmzw02sbz2fEmul8XLhbRFA99zZXseeF3vLjzHLVdXgZVlcBgLx7sKKm+oTEB0IyYjGZcEVxslySBJCqoqoxfGx6Ti43RLu9vTUPu76G/4xRV1ZWcfnQjBoERm/hFbLHZpPf6UcvnMXd2NfXPrOZP//gWq4srmDx+MhVz5jC1NJPs2JEvb2gjjeKK4dZuyanPN8qfhNresci9WtnS0lK+973vceDAAVpaWkhISCA/P5+UlJTwZUdNYu4KBYf9Jf7w7M/4xlOd+EwxpJQs5O4P3MdDd0/ELsoQP4XpFWs4+ebLvNDYTMtDX+I3n1jBV7/Vz+///BrrfvU8f/JYceXNYvE//BcfnpVCSmRoSYFvNbdyPMfK7foOfS/do7fLhkLBcL3EmIqioKrqxRxEo2VkbsRQk1KG+oQWJJhjKZwp9WDZ0SQLDfbJyOtFUbyo82jrCf5fkiRUVcWWUcbUz/+QPxa+zdsbn+GXX/8zQko5c5bdyb2LZ1IYa8IggqoqKKqKqjEU1CgysizC8OcaGpoio/irWPf071l1REWa/01+/oHJpFqh/8Sz/PYXu2gRVFRFRTM4Sbnz3/hhxaPUVB3n2NEjVB59mR8+9UuefezHfOtDU8hRVFQ0NFFBUWQURATkEe1QhtsBIDPYfpaz+95m9eo3WXewC0veVKbd/ziLZk+mPC143Qg0BUW5VJeqDP+taoCKynD9moKiaKiahqYpF3UfKquBpqIqCp2bfs1zq47QED2Ph3/8AIvHOTHhZ89PP8KTFwQ0RR0eR0BUUTQFRZaHxk9RkFQQhn9XNBUhroCsBx7hxe8uJdowYgZKEBElMxExNsyCjCyPsHlNgeF2aZqKMS6ZhAmTmfLEag5U34O/8Qj1XpXIsgpKJIl31KHxVBUF95nd7F/1R76z1s+yb/yYr05KI8MpcmHvSt588Y/8nzbUfllR0TQQUJE0GVkZOs9FGc47p2lB+xj+e7h+RVVRNIb6Sx3ua2MqyeXT+ZcXvsoUCewXB0dAlAxYIu04zTbil3+Jf6y4mw+fPc6RY0c5cvA5fvn6y6y75xN86NH7mCUOjSPBNo4Y7CttPhSC910oyXyD5TRNC1lm0BeF84UTbm7YYNmr+Vyz2czkyZNRFAVJkjAYDJf1RTg+1xBXwoT7s/jvRV/CJ6uIBiMGowWLzYbNOmRPkMq8L/2UyZ/2ExDMmG0OVCScZQ/x6e/eyaODAVREDGYrFlsEDquEJstcb5SCfvJKG7keY/Hz4drfyNyI4Xyxj0XPsdjfrbT5kXJDTbgd7nf+jYgzwgkqw/FFo15GfC89fdzop8orsVqtzJgxg//5n/9h3bp1qKqKyWRi165d9PT0kJ+fT3x8fMhyBIMNe3wBE+6IIrFkNvNqqzl9qopT2//E99Y8Q8rE+cxbspCKHMvwjIHGlVMHl01YdFdzvq4fzVXOxNkzKUmPxiqBcNiNz+dlQA2WEfArJiKT8hnvSiGjcArTplcx742f8b3duzk5K4OokWJGTFhcaoEGWoC249vYtX0z7xyto9HrJC1nMR+5o4js9GTSU5NIjHVhfzerG9H4oXovF/pXPfZusyZA3cmTNBJLWlE5SyZkk+IQEJV6vG6NQe9QbQaDAVekE7GlE7ffhxewI+Pz9XP+XBt+vwxo2CMcuOwOaBxEjk8i1mLAKgDyIIFAgAEtArsEqvpXo8FlPWWJw5laxuLxv2FH5UYuHGvBllxG2aQcjHRcVqanrY2zdW30ZK/g7qmFlKa5cEhddBsVersFiAn211X6ZWT3XOWf2oiu1oYnuSSHc0hPdYBeIYWYeIgxAvgJ+GU8biNOi4igBfCLFhzx2RTEJJJSMJkZdyxh+5M/ZWNzFQeOTWZmmTZC9ogxvU2zAyP9wq32J2PhSrmCIISUsHlUSCZMdiNRlqFZ+Ksn5TVgcUZjuWItWjTZiXBZcISZiDpcwh2X271qcit5L9v8eyHPYTgYrvfUJYoigiCE/IQ29FQd+pNdsNxI2TdbZpDR6ulwOJg2bRrz5s2jvr6eP/zhDwiCgKqqrFixgtLSUpxO5zXreTc9RdFGREIWEQlZZOXkkJ+XT96pamrOnKOx6xSnayeQEZuIQRQQEIZmVi62WUQc/lwQRURJQtA0NBUEwYhZCOBtOsKuyjqa2/tQEv14e7vw+w7x1HOniJm1gIoJ48jKjCbKMIDXJaH4AyhoCKKIIAy93i1KwzIREYWhk+SH+m6QppoaWnoknDlTmJ+eR2FBPrnZKUTbDJgN1+hbTRzuB4Z0Ekb8HdRHFBE1EUEULrVl+HPhYtmhMTSKIMgqqiCBUURzt3Jq1wZOtHloH1Tw+f1oDgfphblEbqnk2Ok5lI5LJEdrpPH4O2ytCeCxgSCKRKZlkpGZQMy+d1i9bTGuGdlk2ry0n9zN/kNnOGaZz+fvL8BpFBFH2p8mgSgOjYcgIhoiiIjOZOGSfN7cvp7a5mjmleUyOS8C0dd1USdBEDEgYNA0VL+KarYgaV7aq45y8uhJzgwaCLjdeABVFBGFkbY7NLMlDi91Xvo8aC8j/770fyk+m8SsZHKlHWx+dQ/TH5qAI15ksOEgh/efYHdDGg98djHRZ9fw9sE+PFEFzJkzgfzMBOLjRE47QWoLEJBBEkVMIvj6uxgY9BHQBMyScNHur7T50TLSF4VaLvhzLH4hFMbii3Sfe32CMz63Ss8g4djCyHK3yv4kSRrTuABhlQvK+1u3v7HaQji+6H0ZbN3sG8JkMpGWlsZjjz3Gjh07OHXqFKqqkpuby+LFi0lPT8dguPak4Wj0NDmTSCtJIq2wgjk9DZw4cJA6mxOHScQvBAOOS4EICIjBegQR0ZFHXmEapyvPcXTd87zQEIfB20ytFkd8fBNd3Wc4vGM3JeO9NJ/YxTF3H+dqUkmLEFB6L9DUGE3x1HJyE2Nwtg1/WSNcDISCwVYwyBFECVtsDsWzKojJySc/LRqLeGnq/pp9GwyiGKGTMKyPIFwKrDRhKLgYDjQvBmEXz/wZKptcXEHewUrOV27hxb/0kGUO0N3oJSI9nfizHTSdOMLOkqlMm7yIeSmrOLfzTVb2nibH7qevvgk10gWKCUGQsCYVUlAxjaVHX+fompW81pBKgtVH9/lqzrbIyBNnoQbbfFmwJcBwYAgCgmDAEhFL3sIlJK/8Da2R44nKKSQ/SkRsuzxYdMalkpOXw7iTB1izKoraODNiXw9dPgeZ4+I4fGYHG/flExHtRQ320YhgSwj2xwj7CH52sS8vjpuIGJlBZlkFi2ec5MVdr7BequKYS8DXeppz9f1ccMTiR0ALdNNSfZDjfadobz1FpsOI7L/AqY5IkrLzmJAbi9mqkJydhW3rPo7sTqA43khJbspFf3Atm78Wwfbf6mBrZB2j5e8t2LqVQUhQx/dasDXWPgqFkcHorQy2wtHzvRhshdO3+tuIY6CsrIySkpKLzuamTaNLFowxuUxYkssEQFX7OeOMIykrn7xEK0YpaCgWbK4kMgry8UeCyV7MtGVL6ZFfZ/XOl/jjoURSSxZw5/J7mBAXwf53qjhReZKq2Y/zsY918OqGd9j12ibWejTMzkTSSpfy6MN3MCkrEskTS1xqNoXeKIwXN0+LWFyJJGXmkZ/kQBIjKV5wJ8VhKWnAYIomtbAMJclJpEUAkwN7fBqFRSIxRmnYWE3YXEmk5OYhxkgEz1CUHDHEpWRRFBGDGYiffj+LznhZ/fYB3n7uBI6UIqau+CT3zUwg6s3NbKmrZvvxCcx+9D4+8WgzL6zdy+5XD7A/qYySovHcOX0vG4/YkAQJ0ZZB9uS7+KRB45kX3mLnyrfpkq1EppVSMXc5H/zAJGIsIKjKFat2AkhRJGVlYUmJJtIIgtmBsegOFkzeTWzyNIoLsogEBiQjkekl5JpjiLIbsacVU7pgOY+cfY43Vj9DpSOF/FnLWTjvAyzo20LXr3fwzq7TlM+24EpJI3MgFueI+97gTCQpfZBcUxRmRATRRdK4XEwpMUSZBQxiBLHZpeSlOHGYRRAiSC2azb2flFCf/gub1x9m84CKKS6PoulL+ej991DqMCBNWsHyHhHz+k1sfW0Pa3tVcMaTP2kxdy+cz9zSGCx+mYKFDzH3xHqajx/kXEkWJbl/vZFbR0dH5+8FQbvO4mwgEKCrq4vY2NiQgolwN4iO3Lh29f0D15cZTuCjqiodHR24XC5MJtNNlzkWPUdunAwnwOvs7MRqtWKzjT7tz1hkjmpm6xoygevOFF6N3t5eRFG8xluhGqgqincQTGYEgwE0lf6G4xz62cN8pflz/L+v3MeK6Wnven7WSG6HzQO43W5kWcblcl3/4hsgM1xbGKueXq+XgYEBYmNjQyp3O+xvLBvkdZ97c2TqPnf0MuFm+dy/5kbY33vB5+qHoej8/eK9wEDlr/nyvY/xzV+uY/vZHrw99TQc28izmztJKigiMTaaG7wlWUdHR0fn7wx9GVHn7xeTE2PSVBZOP8r6A3/mF7ufwSiJIBqQJ32Ox5YWUJBkIfSdHTo6Ojo6OpfQgy2dv18kG8bYUuZ98GEsR09xurmHftmIxZVIasEU5pbEEmfX87vp6Ojo6IwNPdjS+TtGQJCsRJcs5M6ShcDV1vJvZ/t0dHR0dN4P6Hu2dHR0dHR0dHRuInqwpaOjo6Ojo6NzE9GDLR0dHR0dHR2dm4i+Z+s9iZfmY9s58M4+TmV+gscXJuGy3dyh7K/eyt4Dx9nmr+DrH59OpCigbx1/DxDow9tayZrn32B/g0rCzEVku2SU0wc5m/NxPjU7jmiHPpJ/66iqSk9PD3v27KG7uxuXy0VRURFZWVm3u2k6OjqjwHC9jOCqqqJpWsjZx4PlQiUoC0akHAlRpiiKIWU6H1l25KFuobQ31LaOTU8f3Q0nOLR5DVvK7+WjM+NwWkJPVRCKnt4L1Zzct5nXB6L47GNTcCCO+kiEkakRriGBwb569r22me7cOynLTyHdJV7s21DHEwir7Mh+EcXQMslfy+YDvRe4UF9D1ek6mtp78cqA2UlkbCrpWTmMG5dCrDl0Wwi2+d3GU+lrpe3QGzy9cg+MKyNaFJEUP16vF69fvezgxFD0DMfmg2Xhxus5mnKhMlLPcP1JOFzpc1VV5dy5c2zYsIHDhw8jSRKKonD8+HHmz59PRUXFmGTqPnd0bQ3X5oOyQ7Xdsci8HTY/Uu7fgs8drcxw+zdUu31fBlvhGlk4HTjyNOObd+NraKpCoL+TPs2J2aygqhoaGmhq2M4q1Btf00DTVFRFRRGutgYt09fZg2qwYrbZsBqHdAq+3XftRvXT336A137wz5x+IJPPRcaS6jRf1kehMhZHHmz3jbB5f9d5avZvZ/uO3eyuaaKrz01ABtVox+pMJC13ApMWLGbZ1AzirAJGMfhNZpIAACAASURBVPQA5t309PV20nr8IAf8xXzjY5/h/mnZxPv66M0votzqwmokrHv7Vn/ZBeWGE2yNyv7eRV649ncjg62Ojg62b9/OCy+8QFlZGenp6dTW1rJlyxZaW1vJzs4mMjJS97nX4XYHW+H43HBl3g6bD5Yf+XM03AyfG4rMW+WLRr32FE7Hj5VwkkMGb8K/dZmju15Dlf34Bz0MuDtprdxDjXka+eOcweSEaJqCt7+bLlkgoIBgMGGx2YmwGocu0WQCvkG8nkEGAzKqJtDn9hAZFY1ksmCSBEBDC3gZ8HgZ9MkoGiAYMJgs2B02TAbhYntQFQKeHnr8MpqigWTCbLFhd5gwMMDZ/bvoNMQSnZVDVnwEVosFSRAQGMUNMaJPBEBQ/QQ8Hno9EOE0EPAFkGUVTTBgNFtwWGFwwIs/oKAgIpms2Ow2LMOrYmpgkEG/D593gIACiCJGkw2bzYLZJA0HixryoJsBzyA+WUMTJCTJgFXyMaBYcThsWE0Sgqag+L0MDHjxySqqJiAaTJitVmxWM4Z3G07NR8uep3n+Txt5uzmJknse5YsLislwwGB7DYe2rmH9thd44lAXMb/5GvOSjbhEFcXvY9DjweOXUTUQRCMmixWL1YLFIAAq3t4ufKIFr2cAddCD7PejaGCwRGC3mTBoPty9XTR2elEiI7HjR5NlAkYrFicgScOJy1Vk3yBejxevX0ETJIxWBybNi6JJCCYbTuvYl6lvhw8Jyh2LX7id7QY4ceIEhw4dIjMzk5///OcAdHd385Of/IQdO3ZQWVnJzJkzb6jMUK4fq88NlZvrc98fBPsonHIjf95q3s9jZLhe/iNVVRFFEUmSQsrPNPKGCKXcyKfscPIkBTN4h5OnK5hfKZScUOHKHHkjvGtep0AfF87uZ8+G13h93TZ29WSx5DMFpOdGYRFFRPwovvNs/M0P2bLrOJWtIrb8OSz80Kf410fLcQCS+wxH336dl194g/VH6uj0mohIHc/CRz7DQ3fPY3amFS3gpf/YC/zxz2+wdlcNtd0aUlQWWVPv4gtfeYxZOVFIkogogL//Aqdf/jeeeXkHR+v8SCkzmHPfI3zx84vINRmQuvex7qUdHHbHkj3vHlbccw8z8yOJMEkYrpW/SpUuyhBECVGSkNoPUfnm63z1GfjUJ0UObzvOqeMt+CIKKJy/nG8+KLHmN6vYV3mWOiWe9Jkr+Ojjn2Z5OgiCn+5Tm1j/2irW7DjJibZBcCRTOO9hPv7YcpZOziZaUlF8vdS+9VN++9wGtp3qJxBbysTJFTyc/g7/vmsGX/jSCu6bNQ57dyPN+1fxq1+/yJbqdnpUJ3F5M5h194N88tGF5FrBcKXNazL0bmfdq9s4rkxk3uOf558fHEeEyYAkgJZfQOn4fMonb+W5l85w4YKMnCBiMHRQd3ADbzzzIi++c4oWLziTSqi48yM8cO9ilpdaUeR23vqPR9kctQyT6sNyZisH63pp7jWRu+IbfO6RORT3b2bzk9/nX14+SddgFf/yifVs/OTjVMR5kfeu4dCUX/DLR9JJdPZSvf0VVj77F17d14TblkH5A19gat9KmpRkjFM+yw8ezr01Nn8NJEkK+f4ci8yRT/nh5E8LR2ZQ7kif63a7URSFnJyci7rHxMSQlZXFyZMn6ejouCjnvehzJUn62/G5N1jmSHmh6hlunsKx2ny4thAsE+o9OhaZtyPOCJZRVTUkPa975Vgjzffa00co8vfs2cP69es5evQoiqJQUlLCAw88QGFhYUgJRy+Tqfih7yz7dmxm29Z9HGsJIMfmUvLAv3J/yThysrJJjlKoBwJ93bTs3MSZ++/jwX/6CI+0HmT/O8fY8/xLrJ1Tzp1JATo2v8xrbx3jmGsJX3xiKjnmQU6+9Rxvb3+TlQYziZ+aTKr7MC/87DmOxSxiyT98jvJkEV/LKQ6sX8XTL+UQ9fAM8hDAcwF3/X7WdNzP8q/cy4e9Jzi0eSeHtrzEc6VT+fYcO7mLPsXjefOpPnWCymM7eek/VvFUwkSmzVrIvJnjKcqMwXG1e/+v+l0ALYDiaaL7fC0bz32BBx5ZzmPacQ5u3M6qVX/iW61zWLH8i3zpYR91W1ex4+RWXnhzKos+V4q5bQtvv7aBnU0JFH/0I3y50AGd+1j3wptsfDMK0ZrAh/L6Gaxaya9+vZOukhV85MFSCiwdNB/dyFMvHqLOVMSgrKJ5zlC9Zw1P/t9WOiZ/la99Mp54Ywf1h97h4DtP8X01nic+WkikSRiakQvqoioEju/jaIMd+4QyZs0bR7TdMmL51YAxOpeimTF8Iasfc5KdKItCw/aXeXX1bjYNVvDYf32NvChwn1jP27vW8OqAG/NXPsyCWBWfu52aYztwTFzEnR/6Ng9GBXAff4WfvPw6O7LjiFo4h9kfHOCfAr/g345P5kuP38Xi2eMYOPgGm/t76fMqqED33pW8uXY3B7WpfOB7i5iT6OP8zk1sPnSYEw4nkydePjbhPjW/q83fRG6UnHBnfG6ErJiYGIxGI5WVlbS2thITE0NTUxOnTp2iv7+f1NTUy75Q388+93bJvBE2Hy63azzfS/fo7eijUOvQ30YMA7/fT2NjI7/73e/weDwkJSUhSRJ1dXX84he/4Jvf/CYFBQUhPwH5O8/TcGAtz795gjbMWCLyKZubSVZuPrm5OeSkRGKRBFB7ANBECzhzmTZjFnMKYnG4HRj6mqn801EON8CCWBFXxhRmLS6i2FnM3JnjSDT6SR48wNHf1dBWU0t9fxlJ/maqT7QwsCST3IkzmF9kI9CdR2ZCHIXGHNKjLQgtgGrEZEqicN4cZpYkEE8m9s46mhtOcLSqDXlGDs7EceTHJpOUkU1WTi6FNWc4VdtM+76VPHt0FxkTZ7LoznmMjxpdnwiagAEz8SWTKJ2UQ4E1Ermxmm3rTnDOVEppaTklSQZSuw5Rd24nr1Wfx62VYrSlkDttERFaAnkzZjIhxQz9yfRsW8fKprOcruvGn9RH84FN7OxN4u7pc1iyeAJZQivnrN0c3/AqBlEBAbyNVdRUHmOnJ48v3n0HC3OjiZH6aXO4kdvf4ldvbqfqwRzGG83YR7RdU1U6z9fSqsYSn5RGdqLlr/e5iVbsUclkO4dPrec8VfsOU9MoEj//bu6+YyLJDvBkqnTWPsmmc/vYcmwpC+YDqAQssSSk5zG5fCITEkXU9EZefu5JWhvbaNdmU5JZRGm6C2NTJoUTyynOsXK+6mILATfnD+3hTJeEs2QRDy2dT67DQ46lier971DtBQT9hJjbSW5uLhUVFVRVVfHtb3+bzMxMGhoaaG5upqKigry8vLA2qEMPzdVnqGv2o6aPZ0q6Beik9kg1LQN27JmFlKUYgE6qdx2j3ZBKXGY2+fHGm6Cljs77Gz3YCgOPx8OuXbuorq5m6dKlLF68GKPRyP79+/nhD3/IsmXLSEpKIjo6OqR6fd2NnN+5ij+u7CFv2QOsuPMeFk/OJyf6cucWdKmSJYLI3ClMyY4nIcKCYEskLiWWGOkE7T0gKxLxGYXkyXXU1J5gx6sH8APu8420dXQhJLrpHTQhmRPIK0qmofkQe98GoTmDpMREEic+yP0xFoySQBuAMRJbfCGzJ6eSYJSwCqnEJSQQH3GUk939l578DDacibmUJuRQPKWf+v1v8MYrr/D61iOcaDOQMGP0wRaYMRhSKCxLIsppQpJcWCNcJMZYceeVkxJhxioZiHQ6cTmM+Pr78ACRjkyycjsQ65pp2LOa034FBJlTbd20Cr243f34BrzU15ylM/4RCnKSSY+2YNWSScqfyqyCCNY0DwUZfc1NNFRXUdebS+2uVazaK2IA1M4qqpu66amupLpPZlyEmZGpFDUN3P1u/IZoLDYLjtHcbQPnqWvoZUAcR2l5KWkRQxVGpE8kLzuaA/XNVJ26APNjALAmjSM1NZX0CBHBYERKTiXWOkjdoI8BL2C+ljAN1G4a6lvxmkpJKygi12UEIkkun0lR9hucrB3tOOncLBISEpg1a9bFjfJer5dAIEB5eTnLli0jNjY2vIq1TuqObGHTnj5YkkNFmgW0NmreWcue1kQSlmZSlmIHtYWj61/hmG02pUuS9GBLRycM9GArDAYHBzl8+DBZWVnMmTOHSZMmIQgCiYmJ/Pa3v+XcuXN0dnaGHGwJBgsmVxJZxQlkxVkQPa00N1kxBKKJjYrEZhQvW22TjBKR0U5M0vAxDII4tNdJAp8KmuahrWYPO97azsZDjfTJMooI/r5GzjdJZBQpyJodU8RE7np0CfUv7uDgW9VUHUwjJyubzNyJTJ9ZTn6qa2h7u8mE5IoiVhSGN4RLSKKIJEFAZcQWeA014MXb10VHezstPQGEqBRSM+2Iic6LG9hHhwFBMBHhEDBIAEN7EEwmCas9EmF4+UQUh/Z8aaqMH/B3neHk7rfYtPMEdW4IaCqCqNF1uo2mDBkFlYAs09nrRo2Mw2k0Yx2WZzI5yMhIwNg+dHt4Bzz0tdXTV9/JG0/XYBCES8deCE7yC2MxqyKCCpcdPiaA2WxCUr0E/IP4lCv+PxJt6HoGenB7BRSTg8jIEZGS6MTusGI0+Ojp7gGGgi2bzYbNbL5UrQgGEVSNoRcdrofaT59bRjDaiXBGXPrclERsrB1X5yjq0LnpjBs3ji984QvMmTOHjo6Oi3u24uPjw69UA00JoMo+UNXhD0CT/Siy/9JMmaahyT4UJXDbltJ0dN7r6MFWGAiCgMFgQFEUAoEAsiwjCAJ+vx9N08LeTOvILGPqZ7/Pb4tXs+rlV3j2P59nML6MOXfdzf3L5lKaZMNqNo76fCvkaja++DSvnrTjWv4NnvjELDKt0H3oV/zovzdRKwKISCYXqcv+H/899yOcPXGYA3t2sWfXOn7/h5/y3KO/4XufnksJDAUD11lR0hQZWfbS33yK6l3rePW1tbx51ENM+WKWPPh57p5XTmliiB0TlDv04uSo6N72e15eU01H1l18/F8/zr2FkZgYZOu/38nP6oaUEASG3sYT1KFjNIY0QEDDoI4QJApI8flk3P0ZVv/qQeJM0vCNM/zlhIAgBF9JH1lMID4lmUj/Sbpa22noUSmOv/J8Mg01EMDn8aFZLFiH64Lg6/SX3gTVlCGRwru++hgOV8oLoqKqGqr+3fo3g9VqZcqUKTeuQjGHGY98m+kPX0q+jljI0q/+iKUjr5Mm8MH/fpIP3jjJOjp/d+jBVhjY7XYWLlzI1772NV566SW8Xi8mk4lNmzbR2dnJ+PHjSU5ODqNmA0ZbEllzPsLnyu/nofpKju3bzpbtv+EbTz1B4rR7ufuD9zO/xDm66jpP0dQq4EidyIw5FaRZQRTA29BAe08vPa6hyzRNw93rxmqLI73sDhILZjFvcTUPl/0bH9+wm6rGfBKvu21HA3w0H1zP+jdeY93+elrEbKbN/QLf//pU8pKjiIty4LBZw+iX0KmtOUenI5OCCRNZPM6JCRlBOU9d8yDdfUPXGA1GYqKiEOva6PUN4gEiCDA42MOp6mb8PhkAZ2QE0TYLgTMN1MoaTiNDM3uBQfx+P/1qJFGOqzRCMmAaP4vSxL1sqjzItq3TmP1QHpdd6mvmzK71PP3Ltbgf+QVfnR6Ny6lhaOimvdUDxcO7wJQWOnt68PrspIxlNuOv2mjHGWFAa+2lv7cLGDYK7zmaW/po74q5bB+ajo6Ojk7o6MFWGFitVioqKnjsscc4cOAAP/nJTwCIjo7my1/+MsXFxVgsljBqFhAEA0arE5fVSUSEDVdCJuMmzGXp+dNUnaqjtbGbthQrowpZTBGYDQp+dy/dXW5UWaPn/Hbe3F9LY2svJHnpb29moHsL3//JUeKX3c/82eMpjrWimVQ8/V5UowWz0YDxuntvNWCA+ppGBiNKmP3Be8gdN46MlGQS46Owm0VMkogY4oGd4RJhs2HyuuntddPqC2Dta+ToulUcbnPT5vfj8Qzgj3CRMb6ImLV72Xd0JgUZcRRQy+ndb7KuWsAdOVxXei7ZuSkkb9/AMyvn41xaSF7EAE0HNrBp2zH22e/lu5+pINosXj7xJ0gIsTNYfNdOGlcdZudTT/D9nru4a1oxiZHg7zxH9d7NbNl2jH2eXD6Va8PhKqSgMJVDzQ0c2ryZI+V3U+wM0HN4I4eOd9JtLWTepGSg7wb0kghCPDnjUrCeb6T60H4OzEmmwuXlxNoNHD7TyAUhi8wbIElHR0fn7xk92AoDSZKIjo7m/vvvJycnh/r6ejRNIzU1lSlTphAfHx/y2TpXlWOJJDo1kuikLPKLixiXU80FSyKJERK9o6nAXkLZlELqdtWw99kf8J+7ErCbBNS4YooL+6lrO8LW1RtIX5hErLGVqs3Pc+bAG7hMAvgGGGjLZNaS2ZSkxeGov54wATCTWDSV6UUROJPTSE9wYhJAluUx90WoJFfMZ2LlDg7vXcnP+ypJi7AiSfHkl5dRf7iZs7u3sCrtDu6tuIcVE5/h+Pbn+N3praRG2TB4ZdJyYjD2mQEBY2wBBVMX8qGzK9m28U/84UQkDpPCYE8vA0STMjcaoyhcZXlXAGM8BfMe5D45AvvuE1Rv/gttB+yIEqD6CQxqCDETuXP5UuZk2HBaIsiduYhZ7q24j67lyR8dIcak4O+sp81SzPiZd7Awx8aNCbYALKRNXczkhrd5+8Rr/OZ/T5AZE4kZE5LNSqwJRr9uraOjo6NzNaTvfOc737nWBaqq4vV6sdlsIQUQwf0f4eYdAi4eIheOzFCDHU3T8Hg8WCyWUR/ZEB0dTX5+PlOmTGHatGmUlpbicrlGfdDZqPUUJUSzk+iUbNITInBawOfuI6Caicifxaw8J1aTCAQYdA/il50kT51HebKLpBgjBjz0tbfT6taQYoopn1HO+NQIHAYBvymGtKnLmJutIbs7ab/QTmtXP17BQXTRQu5dPo/xqU6s/m4GVDNSYjHzKzKwCgIiKn53H37Bjj1nGnML4ohPSycpKZ5ohxkpeNzUqNIiKCgBH71tfmLKFzJhXDwJVh9er0K/lMLURRNItRgxCzI+t4eAZie2bA5TUo1YjAKqtxePakaML2ReRQYx0bEY/R4C/d109w4yaIwmY/qd3DEhgRiDiqLZMMcXMGXqeNLtPnx9nXR1D+A1xhObOo5y8wG29JQxe2YJJTlpxLhiyUxxoHQ309rWQUefjBSTS+mMRdy/uIxEq4jwLjZvcqWSkp5CWrwdyT9Ab18v/R4Z0RZLSuF0Zi5axj0LS0mxihhFCVtMPNFREUQEOmmsa6Cjpw85YhzFsxdzx9xJjI8zgqbgbmvFkDaZnKxUMmNMWKxm0Hx0NvuIKphCfm4aqdZBAt4Bep0lzJ08jmSXGdXtxq9ZcebPYHqOA1dCIhEWIwZvN62tXXT7TSRPmkFc7zEGxGgseXNYVhx5md0GDxIM5z4blc1fBVmWCQQCIZ1hB+HnYxyZhiZcPcNNBaL73JsnE8LTM1ybB/B6vRiNRozG0b/JORaZt8PmAXw+H4IgYDZf8zXoq8oNygzX/m6VzcPQ8U+qqoa0giVo13m9JBAI0NXVRWxsbEg3RDB/Vagn2Grapc2a4ZxmHM5psjBknB0dHbhcLkwm002XORY9R+bMCuc0487OTqxWa0hfWmORGZzZGssJ3qGc1Bukt7cXURSJiIi4+gVqANXbRcO5ToTYRKKiIrFJAbrOHmTHjz/BfwW+wT89fhf3TEm+9gkKw9wOmwdwu93IsozL5QpLJp4OLnT68GAjITmaSLNAwH2cV/7j33m7N4/0B7/FdxbHXCwbri2MVU+v18vAwEDIRx3cDvsL1xZA97k3S6buc0cvE26Sz70KN8L+3gs+Vz+tUOfvF+8FBip/zVfue4xv/XI928724O1poOH4Rp7d3ElSfjFJsdGjCrTey/Tt+j9+8e0v85l/+zPrzrsBH227XmbbIS9uczZF+THXrUNHR0dH590xXC87uKIoqKoachbxYMSpqmrIOYtGnoQc7lNWqATlKooSkq7hyhwZWQcj85stM8hIXUMtEypX6hnKOT1jsQXgotx31dMUgzHvYb76pS5e3P47fvCpJ/gPzYTZlUj83d/l8buzKUiURt1Pt8Pmg3JDHc+R42Kf/AB3thsIrF7HLz76Aj9SBMz2BFInreDO5XcwN15hZNW3w+ZhqJ8um5ELQ+atsr/gzEKoMkH3uTdLpu5zQ5cZzhI4XMPn3mCZ4dr8lX4kHD1DtVvD9QYi+P9QB23kenOozmakzFDLjaXslXXcTJlXyrlVffRu8kd7/VjH81b20XVlCkakiHTK7vk41tJGWro9eBUJgzWSmNRcSjMiiTCNXt/bYfNXyg7neikik5K59+NMn8ictj68Mhhs0cSn55GZnkCUUePKqm+XzYcTvNwu+7td7dV97vXLhVp25PW6z71++Vttf6H20VjsdmSZUMoarhfdBzePhbMmGnx6CKfcSNmhlg13E+NY9AxV5lj0vLK94ZYbS9lQCF4frsyRdYTCqPQUJSIzJzA5cwJw+VNWqGv5t8sWgptDw5Yp2YhKLSAqtYCyUZYd6RfCkRmuHb1X7C9c/xeUpfvcGy/zvepzIXT7+5v2uVegqupl7X2/+lw92BrBe+fGl+lvq+NCQzNd0ROZlOnAYhy97HAMxd9ZR2NzG/VKEtMnpmERrnbUwdW5XTd+OF/OI8chXPu7qKemQnc1R2oGEeOSSM9OxHWV6sZ64wfl3UpnE9y4G67McDalhmO3oAdboy03UnaoZd//Pvfy9oZTbqx9FAp/tz43xHLhyAyWCVWmvkH+PYmHhoOref4H3+Af/1JL18DNP8eq78RbrP3D//DlX26nU9G48RIVVHmArqZ6Wnu8eAPvgzwxagBOPsVP/vUn/HLVXmpC336ho6Ojo/M+QA+2dP420HrobnqTH947gy/+cic7zg3e7hbp6Ojo6OjcEPQT5N8TqKgBD701+zkl55GUNPozaW4dQ+l6qvceZ9CRQFx6GskRoZiXhqYG8HnceP0ysj4LdHMI9qt+KryOjo7OLUMPtv6WUbz0tpzj9LF97D90jOONCqnzP8bS6GQkAE1G8V/gwGubqT3fRH2fiCmxgJIZ81kxKwsLIA42U3vsAHt2HaKyroN+vwHRkUjZnEXMnFxKQZwJTfEzeH4Hm7cd4nBNC20DGqIjnviciSxeNpv8+GAqYo2Ap4P6rU+yam81DR0yYnQeBRUzWbKohESDwkD9LjYfbKDNlEx22WQqJpWTl2jFagjj272rhjOHD/D0O7BwgcT5kw00N/YQsCaTUlTO8qkih9/ex5n6VjpUJ7H5k5mzaAETY0FApq/uIJUHDnDs7AUa+mQwu0gpmsG8OeWMz4nHIWiosocLh9axcWclVc2DyI40MrMzmR5Tw6ozeSxaMoXJ+QmYBzroOrePDRt2c7KljwHVijM5j/zyKcybWcJo418tMIDcvJ91G/dz7EwLHQMqgiOepLyJzF8yn8JYN43bXmXvOQV/3p18at6lhOaBxr3s3XOcLQ0x3P34fRSK3TTv38Y7uw9y9HwHfqMTR3wuE+YuYkZhMqkumc7zR9m7+hXOZN9JdP1+mtyxJJXN4J7FBVwtd7aOjo6Ozo1HD7bGSCAQYGBgAICoqKiwNyNeRJVhsIO6s6c5U3OaM+cbaWjrwT0oY0zOIzPFRZRdog9QBvvpqdnHQSkAPgV/z3nO19ZT3aCQVfxpJjgVPCe3suWt7Ww84cERH4VDUug6u5sNbokBzUbM0mwivefZ8/JzbKiVGBBtRJgFlN46ajafos8Sx4cXFhIH4O/Fc6GKHYfS8HhV5MEWmg6ep7axCylzHB/MMxGXkUVaYzfdDfVU7emk6dRhEjJyyMvNJz8nlcQYO+bRxl0DLbQe38RLz3YyYJ1DolFDUtuoP17N/v1VdLXlYferKJJG79mDnGlooyuygNJlyRgGTnFk6wbe3l9HuymG6AgDeM9xaH0zHlUCy1xmJHjxN+/jjWdfYWe3BcERS6zYTkvlGV5t3sqfW+8ldXw+47NEumt2s+HlNezotGK3ShjFATrO7KG9tYV2MYZPzkjAet1jXgbxdNew//nfsarKimCxE2nR8LVWc+TcKZrEFB6/MwFfWxXHdzZQVZfKnbOTSZBAIkBnzT72btnJWwMLuEvz037oDdauP8SxRjeC1YINHwPndrC+bRDlvmXMmxKPv+McR9c+xeuJAhOjNBxRMSQJ74P9cDo6OjrvIfRgaww0NTVx+vRpGhsb0TSNrKwssrKyiIuLCyn9RBBlsA93y2mqT1RysLKS4ycb6BTiSBg/hwXzZzO7LJlIo4ig9nAcUAb99PS2Ynr4M9w/PZWYrm1sePZlfr/6LTbVfZpx+Sp9TU20exzETFvB5x6bS6HNy4Hn/oUf/eUAuyKSmTw3gVLPcda/so2m+f/MQ4/cw72FJgYbDrP9L39gTUs7bncWsQC+fuTedpriPs0nHs0lg2Nse+q3vPD2VtbufYwVWSmkTVnBB8vmMufMEfZu28zWd97m0JFKqnLHU1o2ntLx+eRnpxI7mmPZBRA1L6KniUZpOh/+4AQmOirZ9syT/O8TW/izPY+ffvfjzMgw0Pj6j3n2tX1s3HGCry9NIsLTSHOrByF5Onc++CFWlEVA2zZ+/81/Y+veXCIzJjLN3kPPoVd4bmMnhZ/5Oh9eMZ3x4jmOvfUnfrymHl9cAASQu05RtXcjz23qYsq//A8fn5VOmrGF028/wyur3uGZ54tZMmEZmQ4D18x8pvnweTs5cbwVU8mXuG/5LGZnSfQeXcMrv/pffrRyF0sn38+kklJyDrVy+MRe9nQsZlmsiJVOas+cp6XPQOb0SRSJrWxb+RSbW8pJn/lhPn5XMUXRKi27n+Q7332NbfEpRGcsoBADgqpyoaaLhH94nBWzCiiIM2MCQjsyU0dHbMpFxgAAEcVJREFUR0cnXPRgKww0TSMQCPD888/z4osvUltbi8FgwOVy8elPf5qHH36YlJSUkF8nHWw5ydHnv8unfnaG6Ln3cs8HvsXjs8dTnHR5ssuL225s0Tjy7+VDM3PJirUiRueRU5JO+hs7ON8C/hwj4+74LI9PC+CRJUyah54BiMnOJtXSxoWuLlr7NErFAApWBA2UQQ9evwVjylSW/NNslksiggBtTYAUgzNhGh96eCK5Zgm7UEpOXi55R+rY0diGqiYBIpijSSpewH1Fc7n7E12c2vwXXntpJU+vXYm14gEe//d/4IH00faKBaM5i+lLikiOs2M0JuGMTyIn2Y48dRnjY+1EGo34Y+NJirHgbm/HDdji57H8M3ksVsARZcDv9oCtjNwME9tb2uhs72Swf4Dag4epS1rGx6blUZIRSaRWRP7cB1m+9s8c7R+aAeqvreFsdR3nUxbwvUkR2JU+3Iqd+IxCxufW8MLLWzniXkiM3UD0tYZciMSVMo+P/7SYXs2MQYSAX0N0JFCcm4h3dS2tnkGEwjLG5Rwh9cAhNu4dYN4iBxb/KU6f66ZTSWHStHQM3p1s3dGOY34phfnpOPz99Hpt2CYsZXL6S2xqOEfNuUkURgCSGSV7PvPGZ1CSbEci/IMZdXR0dHRCRw+2wmBgYIAdO3bw1FNPsWDBAp544gksFgtr167lxz/+Mbm5uURGRoaUjBNAHvTS39VFnyuLKYUlFOclEx/97lNARpOR2KRYLJI09FqpaEA0GjAawScPbVkPdJ3iwPo3WbXmHY7Ud9APyN5uOtsjKb5nBgEtEotzFo9+YiL/+eyP+a8tz/B0UTnTJk9h6uwFzC6Kxm4eXh+zWDHEJpBsEDAJAAYkyYBkAL8yJO8yBAnRGElaXhF5xcc4fOYkXe5u2kJ60dCIKEQTEyliMlySabEacEbGXly2NRgkjJKEqvoZBDQ8XDi8hrfWvs07VRdodgdA0nC3nsVdOJEcZHx+meb2bpSYFGLNViKG5VksURQUZWE6MjQ72dfdT0fNXuq2bOPeST9AEob3lys+fH4LqnM2TT0qvmjgOhOairebjv1P8ZtX3uFQdSudngAB2YOvz0OvdQJ+DRRzLpnjcsjP2M9TG7fRNecODFWHOdNjw582kVnjgPYmWvva2frrr/LG702YJRBFAVDx9nZjn9NBRX8vRIAoScQkJmEzmQk9ha6Ojo6OzljRg60w8Hg87N69m9zcXObPn8/EiRORJAmDwcBrr71GbW0tHR0dIQdb9vRiyh/7Z36Yso+T1Wt5/gebWZ02nilzZrNgxkSyXUakkVvCBJCGZ54ufTT0hwagnGP7ymd4bW83vYUf4MufLyDODP2nV/PScycYEDU0JCRLPHn3/RP/WljFydO11NbV03zoFX72+gusfugf+dRd40kCEAUEozTCaIakCVwZaCn4uuppOL6brVt2sP1oM77INLKWf4yHpk5lekoovSIAIqKRoYNKhgUJgoAgSlxSXrjYEA3o2/00r76xi2qKmPP456lIsWEQAlT++Vus8gz3kaahqCoYDIiCONxzAqIgYjdKiMNVa6hokWkkzV/CD78wi0iDeOnMFMGIwRxNVoadmGuuIQIDdbQffYP//s836J72IHd/KZ+CRDta+0nObn2Wf9w2LFCwkJiRQ0lBFry2lUOd5cQePk6POZ7kkmIKzICqoJDAxIc+xISpRZRFyTgcl7a8m2KyyEhzQX0VggBmk4Qk6q8g6ujo6NwO9GArDDRNw+v1YrFYcLlc2Gw2BEEgMTERQRDw+XwhJ5EFMNhjiS+ay10RKYw7dYpTp2upb2nk1MbnqdrxFpklFUyaVkF+8ijnJ/qqqaqspV0tpGTeXSyan0qkES74t7PBItCrwVCQYkR05VA6PYWMgnZamppoqKmkcu3TPPP2LqaMT8IWjKau+X0t033uCMeOHODQiXPUtw8imiPJmlpCek4eBYX55GUkEWe/Vh1XIYwYofHobk52CrimTuHuJQsoiDEiqc10rLRjGg62DJJEhMOB0NaLR/bjB6zIBAIeWpq7keWhMbTarEQ4Y7D4UihacAe5FgMWAMWPLMsMajbsZlBVhWutzin97XTUHGF9jYtHvj6HufOKKYw24a5R8e5VMVxUVcCalEV6USGlz7/O7gMzcezqRcqYSFFJBhGSjBwRjcuqICeOY9yEmSzIkXC5XAD43AMIJhMGk5/G+iHZepylo6Ojc/vQg60wMJvNlJSUcOTIEQ4dOoTdbkeSJE6fPo0sy6SnpxMZGRlGzSKS0Ul0djnTs8uZ1H2euqrD7N93mMNV56ja5yHgTMNpjx9d/BFw4/VqiKZIomOicIgBBjvOcfxkHS0dvfjiZXwDffgvnOGtjXW4SieSNy6D/PJMMhMjia9/nT+ub6PX48V/3ZcsVcBL4/EDHDlYyek+E9bEEiqmTKFiQh5JThNWY/ipI0Jl0D2AX4jF5nQR6zCgeTppOLmTqgseOgYU/H4/mtVKcmY6jl2nON3QQUt+AqlaO63njrCregCvNBQ5RSQkk5IUjePIQTYfvQtXcRJJFj99dSeormnkjGkS985OxSpdLxYNoHgG6RecRMVHE2GTCHTXU3/mJIdrvSg+NwFZQdFAdCQRn1XIvJw/8sLalahnbcybkkNplhMkD4Izn5IcA2/Un6SmOpv25AycjgE8LVXs2F6LKb+c3MLEW9LXOjo6OjrXxhAIBK55QSAQQFVVZFm+mKB3NARndsLJXxWUE8y/NlpUVb2YMyuUtgbLBvW8nkyTycScOXN49dVX2bJlC3V1dRgMBk6fPk1hYSFlZWW4XC6u1bej0VNwpJA5OYXMifO5t+MM+zZv4ZQSwDfgw6AoqKqGqsrIgQCBgACqjKwoQ3UrAWRTMvEJdsS6Wqp272C/Fk2gaQ/bG/zIqBj7mjl79AjnYw+z8ncbMMxbzswZJZTGivhaqjleqxKblUm8w4qpf0iepioE5AABTQQCyIqKompoiowc8NDnMRJfuozxxROZmJeATRy2BU0mELiGLWgBZFlB1UBVFBQ5gCzLyKqKpjH0dyBAQJOHZGoamjL8WUBElhUURUVTFeRAgOiUTOJpprXmKJv2RpCrtVO19SAdkgVN7qW9/hw1ffmklE2h8LlNHNm1iziTh2JTC+f27qHabcNnB0WWMSXmkFVUQPmmN1n/l/XELCkiJ8JN08EtbN93njOZDmZNiiXeIiExwuaVAMgqmqaiKTIYbdgTkii07+Lk/sPsVy6Q0F/D2aPHaBITcPrqqKs5T2NGNM5YG3ZXOlNmZvLzX7xFb86nuDs9lQx7gIBsQBPzmL5wEtvXnaBql4XNtnK641U6K1fz5Mo2Uu9zcV9iDGmKgqIy1C9y4KJN3oj7LPh7KAT9QqgygYs+6Ho+691khpoDbaSeob5QEK7/g0s+N/jzZsu83T43EAjcEpm3y+aDZWRZDsl2b8R9NhZbCOclGmX4+ycUPcci83bYPAz5IkVRQtLT0NXVdc0LFEVhcHCQrq6ukDN5Bwk3QWQweefNlhmU6/F4UFUVSbr+Mp3NZuMb3/gGb775JgcOHEBRFCZMmMBHPvIRIiMjuV6/hqynKY2ipY9RBKhqHzUePwFNRPD109PdhVk1gdpH/0AARRTRBrro8Y9jwoIZ1L/0F17638d4XkomvWwZH/7ovSyzrWHbW5t5+f+3d24xblxlHP/NxfbO+DJr7252k6ZpE6KWJNySFhFSumqQUlpoaKpIpUmBUkEqcREqqoA3HvpQhKjyAkhtJBCoFBUQFJGXUhACIVWCUFDbF6SSVFEaKemub2OPx3PxDA+bSZxVLjt21gby/R6tOfqf75z/+Xw8czzfMw7q15/gcwdP8sLRI3znx29z1onJTd7AzR+4h4cP7WbbjEHvTBevF6NGLo1qjYyuksGl6fj4kYLqt6nXYfPu+9h8rsvdRo0uF+blinFGDeqNDoGWgaCNY9eohQ6O10PXY7qNBo1sDy1qYjs+IQqxW6dRD8gGKs12l24Yo0UuzVqVdbftZf6Nn/CLo9/jiV/+gOKN7+MjB77MQ3uLZH/9Ei/99jme8h/h24/dz6P7/82PfvU0Tz4fkVn/QW67fTuf/Ojr/P01cGybur+R2fd+jMcOtXn2h4d58ucLLIYmkzftYNfd+/jap99Pxm1ju8v81/OgFdAjoud3aDHJzJY9HLrvHxx55kv83jWpbNnN7j138uChW4jePMyLTx3Bcz/Lg3t3sClWmNyxk1vU1+ls3cRcuUBUq1FbMhAz936Fh/3n+M3R53n6xe+yGBoUZrdy18Evsmfnu9icqXPW7uCho/htWo06taI/mP/6p2oMaxuWNiFBEKRKyMNoLi9Wm4YVef4yJDk3re7/e84dVnNccQK4rovnebiuu+I24/DfsGu02+2iqiqe541Ec1y5yPf98xvolaIEwZUr/gZBQKPRYGpqKvXCH7QyezKAaRbgMJpJ21qthmVZZDJXO+m8RBAE2LaN67ooioJhGFiWteJ+D/6Le+nxn9Nq45tzzJay5w7OB3hOG7vhEpfXMWUAXot2q0XL9QnR0XN5otjDJCTuQVedoFSpYAQN7HYH1wsJY1BUnUwuT2nSwsyqxG4Tu+XQivPcMGede/4cE3SatNsd3Mw0c5PZS54NWlmcEVHYoX5mkSA/S6kwgYFLp2Wz2FSobJjB1FQ0evhOi5bdISzOMZ1X0RSIui3ajosdmczNFNAjjzOnT+N0PPSJPKqewyiVKWounbaDE2hk8hYzlo5fPUvTDehGKmhZwsbbnPrpIR4/+Sjf+Oo+HvjwBowoJOy2aDTbuH6PXqygZiYw8gVKpTw59VL+i6FbZ6HeQzHzFC2DbM+n06jR7PgEkYKWMzGMCYxMQGuhjqcUKFQsioUceustFl99loOPv8X8t77J/ru3s7XQP349vLbNO+8sYDtdzOIkqp7FLE1SMnPkdAi9Dk69ipNdw3QpR7bvTf7D3vEZZJ0NqglLibzT6VCpVEaiOUwuGibO6yXnxnFMtVpNlXOH1RyH5wHq9TqGYTAxMXH1i88xDv8Nowlg2zaappHPr/xg7jj8N2ycjuMQhmGq40K6rl/52FYcx6iqiqZpqTqV3E5U1XTndOI4Pm8UTdNSGSXRVBRloElL4rzamCTouk42mx1Is//Xedo4o0hFLVYwS1PLNHV0yyDfP/+ZMrlCmam+j6rVKoZhYJpm36drMCevoKmVqZgWU8vi1EvTGKWV9fuqXtCzzN58oRNRpJHPmOQr9M2Jjm7lMJd7vFCmUihz4WtYp1iZxZpWl/0r1CRfmlp6I763iHviD3z/8DGy8/czP7+dbaUWp46/wct/rbPmjluZm57C1HU0dPTsBHOlmct2/5KeL6xhbX9dHD2DNZunv/uJ582bykteiCOizgKn/3WMoy+8gv+hL3D7rRvYVMqgXzR8OvrkDDO6QTkMzx+Qv+gK3WIib100/4lmQnr/RedvvY/K80kbVVVXvD6XkzYX9T9eSKupKMpA+Q8k566W5jg8n5DMSZo4E71BNft102pCes/DYGv0WvhvlJ5P2sRxnCpOOSAvXL+oOkrOosRpXv3jzzj+2stM53p07EVOrLmXvXe9m81z+ZG/m6r55l849sqf+d2xU5y238Oez9zBthvLFEbz3wJBEAThGiObLeH6JWORXX8nDzzSIPenv/HPEyc5HmYxZzay86F72LdzHeut0S+RwKmysFijqq5ly8c/wafmN7KumL78kyAIgvDfgWy2hOsYBVUvsHbXAT6/6wBwqdvLo+/V9I79HNixnwOjlxYEQRBWAXkwIQiCIAiCsIrIZksQBEEQBGEVkc2WIAiCIAjCKiKbLUEQBEEQhFVENluCIAiCIAiriGy2BEEQBEEQVhHZbAmCIAiCIKwievJOocuRvA7/atddrl1/wceVsFxr0NIRaUnKMfR6vVSxDqo5TJz9pSMGoT/WUWgmOmm9kGhCuvHpb9+vn1Yzre44PA+Dzec4/NevmZTYSENSB22QXJRojsp/g3qhv63k3GurOc6cm9Tik5x7Zc20uv9LOfc/jnYPWVUWbI4AAAAASUVORK5CYII=;" parent="1" vertex="1">
+          <mxGeometry x="-187" y="1430" width="187.14" height="153" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-80" value="Working addTrusted and measurement go programs with logging, error reporting, documentation" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-132" y="1760" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-82" value="Time Schedule" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="-120" y="1720" width="100" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-86" value="Week 1" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-134" y="1890" width="120" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-88" value="Integration into cmc" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="16" y="1760" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-89" value="Week 2" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="16" y="1890" width="120" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-90" value="Integration into cmc done, implementing device description, app description, app manifest interfaces" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="171" y="1760" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-91" value="Week 3" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="171" y="1890" width="120" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-92" value="Research into how to adjust Kata Agent" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="330" y="1760" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-93" value="Week 4" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="330" y="1890" width="120" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-94" value="Prototype of modified kata agent for container attestation" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="488" y="1760" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-95" value="Week 5" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="488" y="1890" width="120" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-98" value="15.03." style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="640" y="1760" width="120" height="190" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-99" value="meeting simon donnerstag 11:00" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-64" y="1960" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-100" value="(theory how it could be adjusted)&lt;br&gt;&lt;br&gt;writing report and presnetation" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="408" y="1640" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="Y_2FnxaHt-eN1trxS_el-101" value="Fr. Zillner Abschlusstermin festlegen" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="248.5" y="1640" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="ZTTN_e5Rj1R6s8ROxFlu-1" value="can shim be configured over containerd?" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="800" y="80" width="140" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="9ajpVGPg1e3shznrGVk3-1" value="verifyswresults" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1000" y="1690" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="9ajpVGPg1e3shznrGVk3-2" value="get measurements and ref values,&amp;nbsp;&lt;br&gt;&lt;br&gt;check if measurements are ok for this ref value set, not less/more than expected" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="998" y="1730" width="122" height="230" as="geometry" />
+        </mxCell>
+        <mxCell id="9ajpVGPg1e3shznrGVk3-3" value="/home/hochmax/fraun/cmc/attestationreport/sw.go:23" style="text;whiteSpace=wrap;" parent="1" vertex="1">
+          <mxGeometry x="910" y="1960" width="320" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="9ajpVGPg1e3shznrGVk3-5" value="manifests richtig verwenden" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="275" y="2040" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="9ajpVGPg1e3shznrGVk3-6" value="rebase" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="126" y="2060" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="9ajpVGPg1e3shznrGVk3-7" value="kurze folien masterarbeit" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="216" y="2140" width="124" height="120" as="geometry" />
+        </mxCell>
+        <mxCell id="_qTjJuFehhuUL4dlcXf_-1" value="" style="sketch=0;html=1;aspect=fixed;strokeColor=none;shadow=0;align=center;fillColor=#2D9C5E;verticalAlign=top;labelPosition=center;verticalLabelPosition=bottom;shape=mxgraph.gcp2.check" parent="1" vertex="1">
+          <mxGeometry x="80" y="2160" width="100" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="_qTjJuFehhuUL4dlcXf_-2" value="" style="sketch=0;html=1;aspect=fixed;strokeColor=none;shadow=0;align=center;fillColor=#2D9C5E;verticalAlign=top;labelPosition=center;verticalLabelPosition=bottom;shape=mxgraph.gcp2.check" parent="1" vertex="1">
+          <mxGeometry x="290" y="2210" width="100" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="_qTjJuFehhuUL4dlcXf_-3" value="" style="sketch=0;html=1;aspect=fixed;strokeColor=none;shadow=0;align=center;fillColor=#2D9C5E;verticalAlign=top;labelPosition=center;verticalLabelPosition=bottom;shape=mxgraph.gcp2.check" parent="1" vertex="1">
+          <mxGeometry x="390" y="2080" width="100" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="_qTjJuFehhuUL4dlcXf_-6" value="" style="sketch=0;html=1;aspect=fixed;strokeColor=none;shadow=0;align=center;fillColor=#2D9C5E;verticalAlign=top;labelPosition=center;verticalLabelPosition=bottom;shape=mxgraph.gcp2.check" parent="1" vertex="1">
+          <mxGeometry x="232.5" y="1583" width="100" height="80" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-18" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="RWa7G3H1R2EpTvNY5ZMt-10" target="RWa7G3H1R2EpTvNY5ZMt-14" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-10" value="Corpus / Fuzzing Seed" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="1080" y="2640" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-14" value="Mutator" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="1200" y="2700" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-16" value="Target Program" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="1320" y="2760" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-22" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="RWa7G3H1R2EpTvNY5ZMt-17" target="RWa7G3H1R2EpTvNY5ZMt-14" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-17" value="Monitor" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="1436.71" y="2820" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-19" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="1357.46" y="2720" as="sourcePoint" />
+            <mxPoint x="1397.46" y="2760" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-20" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="1480" y="2780" as="sourcePoint" />
+            <mxPoint x="1520" y="2820" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-21" value="Modify Input" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="1230" y="2735" width="90" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-23" value="Check for anomalies" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="1451.71" y="2860" width="130" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-32" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="RWa7G3H1R2EpTvNY5ZMt-25" target="RWa7G3H1R2EpTvNY5ZMt-31" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-25" value="Application" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="1120" y="2960" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-18" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="RWa7G3H1R2EpTvNY5ZMt-26" target="d2MjHSMMN7cnZeNCp1QW-17" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-26" value="Kernel syscalls&lt;br&gt;(using network, peripherals)" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" vertex="1">
+          <mxGeometry x="1120" y="3080" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-28" value="" style="shape=flexArrow;endArrow=classic;startArrow=classic;html=1;rounded=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" parent="1" source="RWa7G3H1R2EpTvNY5ZMt-26" edge="1">
+          <mxGeometry width="100" height="100" relative="1" as="geometry">
+            <mxPoint x="1199.76" y="3070" as="sourcePoint" />
+            <mxPoint x="1199.76" y="3000" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-30" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="RWa7G3H1R2EpTvNY5ZMt-29" target="RWa7G3H1R2EpTvNY5ZMt-25" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-29" value="stdin" style="ellipse;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1005" y="2960" width="80" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-31" value="sanitizer output" style="ellipse;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1320" y="2960" width="80" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="RWa7G3H1R2EpTvNY5ZMt-35" value="Read from (system) file" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="1195" y="3025" width="150" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-9" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="d2MjHSMMN7cnZeNCp1QW-10" target="d2MjHSMMN7cnZeNCp1QW-15" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-10" value="Application" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="1540" y="2960" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-11" value="Simulated syscalls" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1">
+          <mxGeometry x="1540" y="3080" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-12" value="" style="shape=flexArrow;endArrow=classic;startArrow=classic;html=1;rounded=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" parent="1" source="d2MjHSMMN7cnZeNCp1QW-11" edge="1">
+          <mxGeometry width="100" height="100" relative="1" as="geometry">
+            <mxPoint x="1619.76" y="3070" as="sourcePoint" />
+            <mxPoint x="1619.76" y="3000" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-13" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="d2MjHSMMN7cnZeNCp1QW-14" target="d2MjHSMMN7cnZeNCp1QW-10" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-14" value="stdin" style="ellipse;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1425" y="2960" width="80" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-15" value="sanitizer output" style="ellipse;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1740" y="2960" width="80" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-16" value="Read from (system) file" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="1615" y="3025" width="150" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-17" value="Slow Peripherals" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1120" y="3150" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-19" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" target="d2MjHSMMN7cnZeNCp1QW-20" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="1620" y="3120" as="sourcePoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="d2MjHSMMN7cnZeNCp1QW-20" value="Fast Static Library" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1540" y="3150" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-2" value="Application" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="2014" y="2970" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-3" value="Kernel" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" vertex="1">
+          <mxGeometry x="2014" y="3090" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-4" value="" style="shape=flexArrow;endArrow=classic;startArrow=classic;html=1;rounded=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" parent="1" source="Ebp6lTG2UBThMlCNcLZx-3" edge="1">
+          <mxGeometry width="100" height="100" relative="1" as="geometry">
+            <mxPoint x="2093.76" y="3080" as="sourcePoint" />
+            <mxPoint x="2093.76" y="3010" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-15" value="Syscalls" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="Ebp6lTG2UBThMlCNcLZx-4" vertex="1" connectable="0">
+          <mxGeometry x="-0.0215" y="1" relative="1" as="geometry">
+            <mxPoint x="30" y="-1" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-24" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="Ebp6lTG2UBThMlCNcLZx-12" target="Ebp6lTG2UBThMlCNcLZx-17" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-25" value="Fuzzing Seed" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="Ebp6lTG2UBThMlCNcLZx-24" vertex="1" connectable="0">
+          <mxGeometry x="-0.4167" y="1" relative="1" as="geometry">
+            <mxPoint x="13" y="-9" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-12" value="corpus" style="ellipse;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="2270" y="3012.5" width="120" height="75" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-14" value="Playbook" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="2195" y="3028" width="70" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-17" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="2468" y="2950" width="210" height="200" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-18" value="Application" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="2493" y="2970" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-19" value="Simulated Syscalls" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1">
+          <mxGeometry x="2493" y="3090" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-20" value="" style="shape=flexArrow;endArrow=classic;startArrow=classic;html=1;rounded=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" parent="1" source="Ebp6lTG2UBThMlCNcLZx-19" edge="1">
+          <mxGeometry width="100" height="100" relative="1" as="geometry">
+            <mxPoint x="2572.76" y="3080" as="sourcePoint" />
+            <mxPoint x="2572.76" y="3010" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-21" value="Syscalls" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="Ebp6lTG2UBThMlCNcLZx-20" vertex="1" connectable="0">
+          <mxGeometry x="-0.0215" y="1" relative="1" as="geometry">
+            <mxPoint x="30" y="-1" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-26" value="Analysis Stage" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="2044" y="2920" width="100" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-27" value="Fuzzing Stage" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="2523" y="2920" width="100" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-29" value="/data/config.json" style="ellipse;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="2230" y="3070" width="100" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-30" value="/proc/1/net/..." style="ellipse;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="2330" y="3070" width="100" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-38" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="Ebp6lTG2UBThMlCNcLZx-31" target="Ebp6lTG2UBThMlCNcLZx-35" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-31" value="Application Code" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="2000" y="2560" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-41" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="Ebp6lTG2UBThMlCNcLZx-33" target="Ebp6lTG2UBThMlCNcLZx-34" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-33" value="LLVM IR" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="2000" y="2700" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-34" value="Binary Executable" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="2000" y="2770" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-40" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="Ebp6lTG2UBThMlCNcLZx-35" target="Ebp6lTG2UBThMlCNcLZx-33" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-35" value="LLVM" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" vertex="1">
+          <mxGeometry x="2000" y="2630" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-37" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="Ebp6lTG2UBThMlCNcLZx-36" target="Ebp6lTG2UBThMlCNcLZx-33" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-36" value="Simulated Syscalls" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="2199" y="2700" width="160" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-42" value="Replace application syscalls&lt;div&gt;&amp;nbsp;with simulated syscalls&lt;/div&gt;" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="2194" y="2660" width="170" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-43" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="2550" y="2580" width="210" height="180" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-44" value="Corpus" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="2625" y="2550" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-45" value="How to build fuzzing corpus based on monitored syscall playbook?" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f8cecc;strokeColor=#b85450;" parent="1" vertex="1">
+          <mxGeometry x="2575" y="2600" width="165" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-47" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="2780" y="2580" width="210" height="180" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-48" value="Mutator" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="2855" y="2550" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-49" value="Ho to make reasonable mutations to corpus?" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f8cecc;strokeColor=#b85450;" parent="1" vertex="1">
+          <mxGeometry x="2802.5" y="2600" width="165" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-51" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="3010" y="2580" width="210" height="180" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-52" value="Compiler Pass" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="3065" y="2550" width="100" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-53" value="Scope of relevant syscalls to simulate?" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f8cecc;strokeColor=#b85450;" parent="1" vertex="1">
+          <mxGeometry x="3032.5" y="2600" width="165" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-54" value="How to deal with encryption?" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f8cecc;strokeColor=#b85450;" parent="1" vertex="1">
+          <mxGeometry x="2575" y="2675" width="165" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-55" value="How to maximize code coverage?" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f8cecc;strokeColor=#b85450;" parent="1" vertex="1">
+          <mxGeometry x="2802.5" y="2675" width="165" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="Ebp6lTG2UBThMlCNcLZx-56" value="Depth of syscall behaviour/errors to simulate?" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f8cecc;strokeColor=#b85450;" parent="1" vertex="1">
+          <mxGeometry x="3032.5" y="2675" width="165" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-2" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-555" y="340" width="265" height="310" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-4" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="I-7VY2PXvZfyI8hd-fUS-3" target="pgizBxfaGac9f-lPa-GT-3" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-3" value="Rootfs" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-405" y="370" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-2" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="I-7VY2PXvZfyI8hd-fUS-4" target="pgizBxfaGac9f-lPa-GT-1" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-4" value="JSON config" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-530" y="370" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-152" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="I-7VY2PXvZfyI8hd-fUS-6" target="I-7VY2PXvZfyI8hd-fUS-2" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-153" value="Blueprint for" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-152" vertex="1" connectable="0">
+          <mxGeometry x="-0.2537" y="2" relative="1" as="geometry">
+            <mxPoint x="15" y="-8" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-6" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-980" y="340" width="330" height="310" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-7" value="Rootfs" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-647.5" y="157.5" width="55" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-151" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="I-7VY2PXvZfyI8hd-fUS-8" target="I-7VY2PXvZfyI8hd-fUS-10" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-8" value="image.json" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-913" y="374" width="120" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-9" value="OCI Image" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="-868" y="339" width="80" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-16" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="I-7VY2PXvZfyI8hd-fUS-10" target="I-7VY2PXvZfyI8hd-fUS-15" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <Array as="points">
+              <mxPoint x="-850" y="470" />
+              <mxPoint x="-850" y="470" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-17" value="Reference" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="I-7VY2PXvZfyI8hd-fUS-16" vertex="1" connectable="0">
+          <mxGeometry x="0.0257" y="1" relative="1" as="geometry">
+            <mxPoint x="29" y="-2" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-22" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="I-7VY2PXvZfyI8hd-fUS-10" target="I-7VY2PXvZfyI8hd-fUS-19" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-23" value="List" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="I-7VY2PXvZfyI8hd-fUS-22" vertex="1" connectable="0">
+          <mxGeometry x="-0.4757" y="-3" relative="1" as="geometry">
+            <mxPoint x="49" y="32" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-10" value="JSON layer dictionary" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-913" y="460" width="120" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-15" value="JSON config" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-913" y="542" width="120" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-18" value="Reference" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="1" vertex="1" connectable="0">
+          <mxGeometry x="-699.9999999999998" y="454.9962068965516" as="geometry">
+            <mxPoint x="-123" y="-17" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-19" value="File system layer" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-783" y="542" width="120" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="I-7VY2PXvZfyI8hd-fUS-20" value="&lt;span style=&quot;color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: center; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: rgb(251, 251, 251); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;&quot;&gt;File system layer&lt;/span&gt;&lt;div&gt;&lt;span style=&quot;color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: center; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; white-space: normal; background-color: rgb(251, 251, 251); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;&quot;&gt;...&lt;/span&gt;&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-783" y="589.5" width="120" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-1" value="Mounts" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-530" y="437.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-3" value="/bin&lt;div&gt;/etc&lt;/div&gt;&lt;div&gt;/home&lt;br&gt;&lt;/div&gt;&lt;div&gt;/opt&lt;/div&gt;&lt;div&gt;/usr&lt;/div&gt;&lt;div&gt;/var&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-405" y="437.5" width="87.5" height="122.5" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-5" value="Environment Variables" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-530" y="477.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-6" value="Capabilities" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-530" y="517.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-7" value="Command" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-530" y="557.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-8" value="AppArmor /&lt;div&gt;SeLinux&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-530" y="597.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-14" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-9" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="-390" y="-142.5" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-20" value="gRPC" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-14" vertex="1" connectable="0">
+          <mxGeometry x="-0.2199" y="1" relative="1" as="geometry">
+            <mxPoint x="5" y="-7" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-18" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" target="pgizBxfaGac9f-lPa-GT-17" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="-547.9999999999999" y="-172.5" as="sourcePoint" />
+            <mxPoint x="-470.5" y="-240" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="-540" y="-172" />
+              <mxPoint x="-540" y="-240" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-9" value="containerd" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-574" y="-172.5" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-11" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-10" target="pgizBxfaGac9f-lPa-GT-9" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-10" value="OCI image" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-710" y="-162.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-19" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-17" target="pgizBxfaGac9f-lPa-GT-23" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="-340" y="-180" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="-355" y="-240" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-17" value="OCI runtime bundle" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-496" y="-260" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-25" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-23" target="pgizBxfaGac9f-lPa-GT-24" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-26" value="invokes" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-25" vertex="1" connectable="0">
+          <mxGeometry x="-0.37" relative="1" as="geometry">
+            <mxPoint x="8" y="-9" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-23" value="shim" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-391" y="-172.5" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-24" value="runc" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-250" y="-172.5" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-28" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.25;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-27" target="pgizBxfaGac9f-lPa-GT-9" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-27" value="Config arguments" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-710" y="-212.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-30" value="Becomes parent of&amp;nbsp;&lt;div&gt;first container process&lt;/div&gt;" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="-432" y="-116.5" width="140" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-31" value="Terminated immediately&amp;nbsp;&lt;div&gt;after creating container&lt;/div&gt;" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="-289" y="-116.5" width="150" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-34" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" target="pgizBxfaGac9f-lPa-GT-38" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="-557.9999999999999" y="-460" as="sourcePoint" />
+            <mxPoint x="-480.5" y="-527.5" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="-550" y="-459.5" />
+              <mxPoint x="-550" y="-527.5" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-53" value="Measurement" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-34" vertex="1" connectable="0">
+          <mxGeometry x="-0.3714" y="-1" relative="1" as="geometry">
+            <mxPoint y="9" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-35" value="containerd" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-584" y="-460" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-36" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-37" target="pgizBxfaGac9f-lPa-GT-35" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-37" value="OCI image" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-720" y="-450" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-38" value="Reference OCI runtime bundle" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1">
+          <mxGeometry x="-506" y="-547.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-39" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.25;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-40" target="pgizBxfaGac9f-lPa-GT-35" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-40" value="Config arguments" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-720" y="-500" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-43" value="Reference Value Generation" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="-547.25" y="-820" width="170" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-64" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" target="pgizBxfaGac9f-lPa-GT-65" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="-418.5" y="-527.5" as="sourcePoint" />
+            <mxPoint x="-350.5" y="-467.5" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="-365.5" y="-527.5" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-65" value="shim" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-401.5" y="-460" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-66" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-69" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="-413.5" y="-662.5" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-67" value="gRPC" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-66" vertex="1" connectable="0">
+          <mxGeometry x="-0.2199" y="1" relative="1" as="geometry">
+            <mxPoint x="5" y="-7" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-68" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" target="pgizBxfaGac9f-lPa-GT-73" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="-571.4999999999999" y="-692.5" as="sourcePoint" />
+            <mxPoint x="-494" y="-760" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="-563.5" y="-692" />
+              <mxPoint x="-563.5" y="-760" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-69" value="containerd" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-597.5" y="-692.5" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-70" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-71" target="pgizBxfaGac9f-lPa-GT-69" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-71" value="OCI image" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-733.5" y="-682.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-77" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-73" target="pgizBxfaGac9f-lPa-GT-74" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-73" value="OCI runtime bundle" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-519.5" y="-780" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-79" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-74" target="pgizBxfaGac9f-lPa-GT-78" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-74" value="shim" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-415" y="-692.5" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-75" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.25;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-76" target="pgizBxfaGac9f-lPa-GT-69" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-76" value="Config arguments" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-733.5" y="-732.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-100" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-78" target="pgizBxfaGac9f-lPa-GT-99" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-78" value="Reference OCI runtime bundle" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1">
+          <mxGeometry x="-289" y="-682.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-80" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-80" y="-820" width="676" height="205" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-81" value="Secure container start" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="85" y="-820" width="140" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-82" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-85" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="207.5" y="-662.5" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-83" value="gRPC" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-82" vertex="1" connectable="0">
+          <mxGeometry x="-0.2199" y="1" relative="1" as="geometry">
+            <mxPoint x="5" y="-7" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-85" value="containerd" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="60" y="-692.5" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-86" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-87" target="pgizBxfaGac9f-lPa-GT-85" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-87" value="OCI image" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-64" y="-682.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-88" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-89" target="pgizBxfaGac9f-lPa-GT-91" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-89" value="OCI runtime bundle" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="117.5" y="-780" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-102" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-91" target="pgizBxfaGac9f-lPa-GT-101" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-91" value="shim" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="206" y="-692.5" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-92" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.25;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-93" target="pgizBxfaGac9f-lPa-GT-85" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-93" value="Config arguments" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-64" y="-732.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-94" value="CMC App Manifest" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1">
+          <mxGeometry x="303.5" y="-798" width="94.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-96" value="CMC Attestation report" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#f5f5f5;strokeColor=#666666;fontColor=#333333;" parent="1" vertex="1">
+          <mxGeometry x="303" y="-758" width="95.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-99" value="CMC App Manifest" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1">
+          <mxGeometry x="-289" y="-750" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-103" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-101" target="pgizBxfaGac9f-lPa-GT-96" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-106" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-101" target="pgizBxfaGac9f-lPa-GT-105" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-101" value="CMC" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="315.5" y="-692.5" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-104" value="verify" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="344" y="-720.5" width="50" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-108" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-105" target="pgizBxfaGac9f-lPa-GT-107" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-113" value="false" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-108" vertex="1" connectable="0">
+          <mxGeometry x="-0.2433" y="-1" relative="1" as="geometry">
+            <mxPoint as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-112" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-105" target="pgizBxfaGac9f-lPa-GT-111" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-114" value="true" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-112" vertex="1" connectable="0">
+          <mxGeometry x="-0.3351" relative="1" as="geometry">
+            <mxPoint x="-7" y="-8" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-105" value="Attestation Result" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="420" y="-682.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-107" value="Abort" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#f8cecc;strokeColor=#b85450;" parent="1" vertex="1">
+          <mxGeometry x="420" y="-760.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-111" value="runc" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="517" y="-770.5" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-116" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.001;entryY=0.416;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.308;exitY=-0.03;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-85" target="pgizBxfaGac9f-lPa-GT-89" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-119" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="124" y="-490" width="145" height="180" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-120" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="299" y="-490" width="145" height="180" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-121" value="Operating System" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="150.25" y="-410" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-122" value="Application" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="150.25" y="-460" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-123" value="Container" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="156.5" y="-490" width="80" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-124" value="Virtual Machine" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="317" y="-490" width="110" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-125" value="Application" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="326.5" y="-460" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-126" value="Operating System" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="327.75" y="-410" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-127" value="Kernel" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="328.25" y="-360" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-128" value="Hypervisor" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="327.75" y="-310" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-129" value="Kernel" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="327.75" y="-270" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-130" value="Kernel" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="150.25" y="-310" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-131" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="567" y="-490" width="145" height="130" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-132" value="Measure state" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="587.37" y="-460" width="102.63" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-133" value="Store attestation report" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="587.37" y="-410" width="104.25" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-134" value="Prover" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="608.69" y="-490" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-135" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="792" y="-490" width="145" height="130" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-143" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.991;entryY=0.379;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-136" target="pgizBxfaGac9f-lPa-GT-131" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-136" value="Request attestation" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="812.37" y="-460" width="102.63" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-137" value="Verify integrity and authenticity" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="812.37" y="-410" width="104.25" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-138" value="Verifier" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="833.69" y="-490" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-147" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-131" target="pgizBxfaGac9f-lPa-GT-137" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <Array as="points">
+              <mxPoint x="740" y="-390" />
+              <mxPoint x="740" y="-390" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-150" value="OCI Runtime Bundle" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="-492.25" y="340" width="130" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-157" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-155" target="pgizBxfaGac9f-lPa-GT-162" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="243.75" y="-866" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="190" y="-960" />
+              <mxPoint x="190" y="-960" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-155" value="runc" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="85" y="-986" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-158" value="starts" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="160" y="-968" width="50" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-160" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-159" target="pgizBxfaGac9f-lPa-GT-155" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-159" value="shim" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="85" y="-1076" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-161" value="invokes" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="113.75" y="-1018" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-178" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-162" target="pgizBxfaGac9f-lPa-GT-177" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-179" value="Uses" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-178" vertex="1" connectable="0">
+          <mxGeometry x="-0.2371" y="2" relative="1" as="geometry">
+            <mxPoint x="3" y="-6" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-162" value="Container PID 1" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="243.75" y="-980" width="96.25" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-167" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-159" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="260" y="-980" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-168" value="Becomes Parent" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-167" vertex="1" connectable="0">
+          <mxGeometry x="-0.6915" y="1" relative="1" as="geometry">
+            <mxPoint x="20" y="10" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-169" value="Container namespace" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="276.88" y="-1174" width="140" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-173" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-171" target="pgizBxfaGac9f-lPa-GT-159" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-171" value="OCI runtime bundle" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="76.25" y="-1140" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-174" value="passed to" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="113.5" y="-1101" width="80" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-180" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.998;entryY=0.373;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-175" target="pgizBxfaGac9f-lPa-GT-177" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-181" value="Manages" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-180" vertex="1" connectable="0">
+          <mxGeometry x="-0.1329" y="1" relative="1" as="geometry">
+            <mxPoint x="-1" y="-10" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-175" value="Container Network Interface Plugin (CNI)" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="499" y="-995" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-177" value="eth0" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="398" y="-980" width="40" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-183" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-182" target="pgizBxfaGac9f-lPa-GT-175" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-184" value="configures" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-183" vertex="1" connectable="0">
+          <mxGeometry x="0.14" y="-2" relative="1" as="geometry">
+            <mxPoint x="-35" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-182" value="kubelet" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="499" y="-1049" width="70" height="24" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-187" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-186" target="pgizBxfaGac9f-lPa-GT-182" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-188" value="configures" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-187" vertex="1" connectable="0">
+          <mxGeometry x="0.3811" relative="1" as="geometry">
+            <mxPoint x="-34" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-186" value="Kubernetes Control Plane" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f8cecc;strokeColor=#b85450;" parent="1" vertex="1">
+          <mxGeometry x="499" y="-1135" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-195" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-196" target="pgizBxfaGac9f-lPa-GT-203" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="863.75" y="-855" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="810" y="-949" />
+              <mxPoint x="810" y="-949" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-196" value="runc" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="705" y="-975" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-197" value="starts" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="780" y="-957" width="50" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-198" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-199" target="pgizBxfaGac9f-lPa-GT-196" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-199" value="shim" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#f8cecc;strokeColor=#b85450;" parent="1" vertex="1">
+          <mxGeometry x="705" y="-1065" width="70" height="60" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-200" value="invokes" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="733.75" y="-1007" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-201" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-203" target="pgizBxfaGac9f-lPa-GT-210" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="1018" y="-949" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="970" y="-959" />
+              <mxPoint x="970" y="-1019" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-202" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-203" target="pgizBxfaGac9f-lPa-GT-211" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-203" value="Container PID 1" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="863.75" y="-969" width="96.25" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-204" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-199" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="880" y="-969" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-205" value="Becomes Parent" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-204" vertex="1" connectable="0">
+          <mxGeometry x="-0.6915" y="1" relative="1" as="geometry">
+            <mxPoint x="20" y="10" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-206" value="Container namespace" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="896" y="-1069" width="140" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-207" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-208" target="pgizBxfaGac9f-lPa-GT-199" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-208" value="OCI runtime bundle" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="696.25" y="-1135" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-209" value="passed to" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="733.5" y="-1097" width="80" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-210" value="Container PID 3" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1010" y="-1039" width="60" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-211" value="Container PID 2" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="1010" y="-989" width="60" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-251" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-212" target="pgizBxfaGac9f-lPa-GT-228" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-252" value="Measurement" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="pgizBxfaGac9f-lPa-GT-251" vertex="1" connectable="0">
+          <mxGeometry x="-0.0702" y="3" relative="1" as="geometry">
+            <mxPoint y="-6" as="offset" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-212" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-638.75" y="700" width="265" height="310" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-213" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-214" target="pgizBxfaGac9f-lPa-GT-218" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-214" value="Rootfs" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-488.75" y="730" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-215" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-216" target="pgizBxfaGac9f-lPa-GT-217" edge="1">
+          <mxGeometry relative="1" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-216" value="JSON config" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-613.75" y="730" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-217" value="Mounts" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-613.75" y="797.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-218" value="/bin&lt;div&gt;/etc&lt;/div&gt;&lt;div&gt;/home&lt;br&gt;&lt;/div&gt;&lt;div&gt;/opt&lt;/div&gt;&lt;div&gt;/usr&lt;/div&gt;&lt;div&gt;/var&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-488.75" y="797.5" width="87.5" height="122.5" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-219" value="Environment Variables" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-613.75" y="837.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-220" value="Capabilities" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-613.75" y="877.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-221" value="Command" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-613.75" y="917.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-223" value="OCI Runtime Bundle" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="-576" y="700" width="130" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-228" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
+          <mxGeometry x="-260" y="700" width="265" height="310" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-229" value="Application Manifest" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="-197.25" y="700" width="130" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-230" value="" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;" parent="1" source="pgizBxfaGac9f-lPa-GT-231" target="pgizBxfaGac9f-lPa-GT-232" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <Array as="points">
+              <mxPoint x="-186" y="750" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-242" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="pgizBxfaGac9f-lPa-GT-231" edge="1">
+          <mxGeometry relative="1" as="geometry">
+            <mxPoint x="-57.75" y="797.5" as="targetPoint" />
+            <Array as="points">
+              <mxPoint x="-58" y="750" />
+              <mxPoint x="-58" y="778" />
+              <mxPoint x="-58" y="778" />
+            </Array>
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-231" value="JSON Reference Value" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-170" y="730" width="97.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-232" value="Mounts" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-230" y="797.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-233" value="Environment Variables" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-230" y="837.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-234" value="Capabilities" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-230" y="877.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-235" value="Command" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-230" y="917.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-236" value="AppArmor /&lt;div&gt;SeLinux, ...&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-230" y="957.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-243" value="Rootfs" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="-88.87" y="600" width="60" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-245" value="" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-108" y="837.5" width="100" height="82.5" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-246" value="Hash&lt;div&gt;over&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-88.87" y="797.5" width="61.75" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-247" value="File contents" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-101.5" y="845" width="87.5" height="22.5" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-249" value="File attributes" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-101.5" y="867.5" width="87.5" height="22.5" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-250" value="Ownership" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-101.5" y="890" width="87.5" height="22.5" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-256" value="Terminal Config" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="425" y="976" width="88.75" height="15" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-258" value="Host Path" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="425" y="953" width="88.75" height="15" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-259" value="Annotations" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="425" y="930" width="88.75" height="15" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-260" value="resource limits" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="562.5" y="968" width="55" height="34" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-263" value="Orchestration Manager" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="458" y="-1169" width="150" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-267" value="Container runtime" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="83.75" y="-1174" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-269" value="Container runtime" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" parent="1" vertex="1">
+          <mxGeometry x="681.88" y="-1164.75" width="120" height="30" as="geometry" />
+        </mxCell>
+        <mxCell id="pgizBxfaGac9f-lPa-GT-270" value="AppArmor /&lt;div&gt;SeLinux, ...&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
+          <mxGeometry x="-613.75" y="957.5" width="87.5" height="40" as="geometry" />
+        </mxCell>
+        <mxCell id="dfeGwJ4GioFZ4fCVBI6Y-2" value="Syscall Fuzzing" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;" vertex="1" parent="1">
+          <mxGeometry x="2050" y="2290" width="110" height="30" as="geometry" />
+        </mxCell>
+      </root>
+    </mxGraphModel>
+  </diagram>
+</mxfile>
diff --git a/doc/manual-setup.md b/doc/manual-setup.md
index 65039d7c..a7506caa 100644
--- a/doc/manual-setup.md
+++ b/doc/manual-setup.md
@@ -135,6 +135,13 @@ sudo parse-ima-pcr
 ```
 Then insert those values into the json `referenceValues` array in an app manifest.
 
+For OCI containers, currently the `containerd` tool `ctr` is supported with the custom cmc
+runtime `cmc/tools/containerd-shim-cmc-v1/containerd-shim-cmc-v1`:
+```sh
+sudo ctr run --runtime ${runtime} -t --rm docker.io/library/ubuntu:22.04 CMC_GENERATE_APP_MANIFEST
+```
+the reference values are generated at `/tmp/container-refs` and must be put into an app manifest.
+
 **Calculating the reference values based on software artifacts**
 
 This currently only works for QEMU VMs with OVMF and a Linux kernel. it is recommended to use
@@ -171,6 +178,20 @@ sudo calculate-ima-pcr -t 10 -i ima-ng -p /usr/bin -p /usr/sbin -p /usr/lib
 ```
 Then insert those values into an app manifest.
 
+For OCI containers, the `buildah` and `umoci` tool can be used in combination with the custom
+`cmc/tools/measure-bundle/measure-bundle` tool can be used:
+
+```sh
+buildah pull ubuntu:22.04
+buildah push ubuntu:22.04 oci-archive:myimage-oci.tar:latest
+
+tar -xvf myimage-oci.tar
+(cd image ; umoci unpack --rootless --image ./:latest bundle)
+
+measure-bundle -config image/bundle/config.json" -rootfs image/bundle/rootfs)
+```
+Then, insert those reference values into an App Manifest.
+
 ##### AMD SNP Reference Values
 
 tbd

From 5da747758c862c70d75947ab4086df477243e2df Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:20:36 +0000
Subject: [PATCH 21/26] example-setup/setup-cmc: allow specifying the container
 engine

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 example-setup/setup-cmc | 3 ++-
 example-setup/utils.sh  | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/example-setup/setup-cmc b/example-setup/setup-cmc
index 94de4c24..cc05dad1 100755
--- a/example-setup/setup-cmc
+++ b/example-setup/setup-cmc
@@ -15,6 +15,7 @@ fi
 cmc=$(set -e; abs_path "$1")
 data=$(set -e; abs_path "$2")
 ser="${3}"
+client="docker"
 
 if [[ ! -d "${cmc}" ]]; then
   echo "CMC directory does not exist. Did you clone the repository? Abort.."
@@ -63,4 +64,4 @@ cp -r "${cmc}/example-setup/"* "${data}"
 "${data}/update-app-manifest-live" "${data}" "${ser}"
 
 # Generate container example manifest
-"${data}/update-container-manifest-live" docker.io/library/ubuntu:22.04 "${data}" "${cmc}" "${ser}"
\ No newline at end of file
+"${data}/update-container-manifest-live" docker.io/library/ubuntu:22.04 "${data}" "${cmc}" "${ser}" "${client}"
\ No newline at end of file
diff --git a/example-setup/utils.sh b/example-setup/utils.sh
index f651eba4..dd305699 100644
--- a/example-setup/utils.sh
+++ b/example-setup/utils.sh
@@ -14,4 +14,4 @@ extendarr() {
 
   # Add new value
   json="$(echo "${json}" | jq ".${key} += [${param}]")"
-}
\ No newline at end of file
+}

From b2075238d29a8fa5013f58eb13780ee5cf6e3bd6 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:21:00 +0000
Subject: [PATCH 22/26] example-setup/update-container-manifest: add script

Add script to demonstrate how to generate reference
values for containers.

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 example-setup/update-container-manifest | 106 ++++++++++++++++++++++++
 1 file changed, 106 insertions(+)
 create mode 100755 example-setup/update-container-manifest

diff --git a/example-setup/update-container-manifest b/example-setup/update-container-manifest
new file mode 100755
index 00000000..be5ecf1b
--- /dev/null
+++ b/example-setup/update-container-manifest
@@ -0,0 +1,106 @@
+#!/bin/bash
+
+set -euo pipefail
+
+trap '[ $? -eq 0 ] && exit 0; printf "%s failed\n" "$0"' EXIT
+dir="$(CDPATH='' cd -- "$(dirname -- "$0")" && pwd -P)"
+source "${dir}/utils.sh"
+export PATH=${PATH}:${HOME}/go/bin
+
+if [[ "$#" -lt 3 ]]; then
+   echo "Usage: ./update-container-manifest <container-image> <data-folder> <cbor|json>"
+   exit 1
+fi
+
+container="$1"
+shift
+data=$(set -e; abs_path "$1")
+shift
+ser="$1"
+
+input="${data}/metadata-raw"
+tmp="${data}/metadata-tmp"
+output="${data}/metadata-signed"
+container_name=$(echo "${container}-oci" | sed 's:.*/::' | tr : -)
+
+echo "Creating reference values for container: ${container}"
+echo "Using ${data} as directory for local data"
+
+# Create a temporary directory
+tmpdir=$(mktemp -d)
+echo "Using temporary directory ${tmpdir} for processing"
+
+# Pull and push image to OCI-archive format
+buildah pull ${container}
+buildah push ${container} oci-archive:${tmpdir}/myimage-oci.tar:latest
+
+# Prepare the image directory within the temp directory
+mkdir -p ${tmpdir}/image
+
+# Extract the OCI image
+(cd ${tmpdir}/image ; tar -xvf ${tmpdir}/myimage-oci.tar)
+
+# Unpack the image to a bundle
+(cd ${tmpdir}/image ; umoci unpack --rootless --image ./:latest bundle)
+
+# Ensure the container's rootfs path is correctly set
+container_rootfs="${tmpdir}/image/bundle/rootfs"
+config="${tmpdir}/image/bundle/config.json"
+
+refvals=$(measure-bundle -config "${config}" -rootfs "${container_rootfs}")
+
+rm -r ${tmpdir}
+
+# App Manifest: Replace existing reference values with new reference values in the App Manifest
+json=$(cat "${input}/app.manifest.json")
+json=$(echo "${json}" | jq 'del(.referenceValues[])')
+json=$(echo "${json}" | jq --argjson ver "${refvals}" '.referenceValues += $ver')
+
+# App Manifest: Set name and reference value name
+json=$(echo "${json}" | jq ".name = \"${container}\"")
+json=$(echo "${json}" | jq ".referenceValues[0].name += \": ${container}\"")
+
+# App Manifest: Store
+echo "Writing ${input}/${container_name}.manifest.json"
+printf "%s\n" "${json}" > "${input}/${container_name}.manifest.json"
+
+# App Description: Create corresponding app description
+appdesc=$(cat "${input}/app.description.json")
+appdesc=$(echo "${appdesc}" | jq ".name = \"${container}.description\"")
+appdesc=$(echo "${appdesc}" | jq ".appManifest = \"${container}\"")
+
+# Device Description: Add/replace app description to/in device description
+devdesc=$(cat "${input}/device.description.json")
+exists=$(echo "${devdesc}" | jq "any(.appDescriptions[]; .name == \"${container}.description\")")
+if [[ "${exists}" = false ]]; then
+  echo "Adding app description to device description"
+else
+  echo "Replacing existing app description"
+  devdesc=$(echo "$devdesc" | jq ".appDescriptions |= map(select(.name != \"${container}.description\"))")
+fi
+devdesc=$(echo "${devdesc}" | jq --argjson desc "[${appdesc}]" '.appDescriptions += $desc')
+
+# Device Description: store
+echo "Writing ${input}/device.description.json"
+printf "%s\n" "${devdesc}" > "${input}/device.description.json"
+
+# Sign the metadata*
+key="${data}/pki/signing-cert-key.pem"
+chain="${data}/pki/signing-cert.pem,${data}/pki/ca.pem"
+
+rm -rf "${tmp}"/${container_name}.manifest.*
+rm -rf "${output}"/${container_name}.manifest.*
+
+# Convert to CBOR if specified
+if [[ "${ser,,}" = "json" ]]; then
+  echo "using json serialization"
+  cp "${input}/${container_name}.manifest.json" "${tmp}/${container_name}.manifest.json"
+elif [[ "${ser,,}" = "cbor" ]]; then
+  echo "using cbor serialiation"
+  cmc-converter -in "${input}/${container_name}.manifest.json" -out "${tmp}/${container_name}.manifest.cbor" -outform cbor
+else
+  echo "serialization format ${ser} is not supported"
+  exit 1
+fi
+
+cmc-signing-tool -in "${tmp}/${container_name}.manifest.${ser}" -out "${output}/${container_name}.manifest.${ser}" -keys "${key}" -x5cs "${chain}"

From fd778d6d9e0e9fa75b2f01c3bf48807a2826baf4 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Fri, 14 Jun 2024 12:21:38 +0000
Subject: [PATCH 23/26] example-setup/update-container-manifest-live: add
 script

Add script to demonstrate how to generate reference values
for containers based on dry-running containers.

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 example-setup/update-container-manifest-live | 141 +++++++++++++++++++
 1 file changed, 141 insertions(+)
 create mode 100755 example-setup/update-container-manifest-live

diff --git a/example-setup/update-container-manifest-live b/example-setup/update-container-manifest-live
new file mode 100755
index 00000000..c011e18e
--- /dev/null
+++ b/example-setup/update-container-manifest-live
@@ -0,0 +1,141 @@
+#!/bin/bash
+
+set -euo pipefail
+
+trap '[ $? -eq 0 ] && exit 0; printf "%s failed\n" "$0"' EXIT
+dir="$(CDPATH='' cd -- "$(dirname -- "$0")" && pwd -P)"
+source "${dir}/utils.sh"
+export PATH=${PATH}:${HOME}/go/bin
+
+if [[ "$#" -lt 5 ]]; then
+   echo "Usage: ./update-container-manifest-live <container-name> <data-folder> <cmc-folder> <cbor|json> <container-client> [<container arguments>]"
+   exit 1
+fi
+
+# Extract the -env parameters
+keys=()
+values=()
+found=false
+for arg in "$@"; do
+    if [[ "${arg}" == "-env" ]]; then
+        found=true
+    elif [[ "${found}" == true ]]; then
+        IFS='=' read -r KEY VAL <<< "$arg"
+        keys+=("${KEY}")
+        values+=("${VAL}")
+        found=false
+    fi
+done
+
+# Set all parameters
+container="$1"
+shift
+data=$(set -e; abs_path "$1")
+shift
+cmc=$(set -e; abs_path "$1")
+shift
+ser="$1"
+shift
+client="$1"
+shift
+args="$@"
+
+input="${data}/metadata-raw"
+tmp="${data}/metadata-tmp"
+output="${data}/metadata-signed"
+runtime="${cmc}/tools/containerd-shim-cmc-v1/containerd-shim-cmc-v1"
+container="${container%/}"
+container_name=$(echo "${container}-oci" | sed 's:.*/::' | tr : -)
+
+echo "Creating reference values for container: ${container} with args ${args} and runtime ${runtime}"
+echo "Using ${data} as directory for local data"
+
+# Delete temporary manifests
+rm -rf "${tmp}"/${container_name}.manifest.*
+
+# Calculate the container reference values
+sudo rm -f /tmp/container-refs
+
+echo "Generating reference values for ${client} client"
+if  [[ "${client}" == "ctr" ]]; then
+    sudo ctr image pull ${container}
+    set +e
+    sudo ctr run --runtime ${runtime} -t --rm ${args} ${container} CMC_GENERATE_APP_MANIFEST
+    set -e
+elif [[ "${client}" == "docker" ]]; then
+    sudo docker run ${args} ${container}
+elif [[ "${client}" == "runc" ]]; then
+    cd ${container}
+    sudo runc create references
+    sudo runc delete references
+    cd -
+else
+    echo "Client ${client} not supported. Only 'docker', 'ctr' and 'runc' supported for now."
+    exit
+fi
+
+refvals=$(cat /tmp/container-refs)
+
+# App Manifest: Replace existing reference values with new reference values in the App Manifest
+json=$(cat "${input}/app.manifest.json")
+json=$(echo "${json}" | jq 'del(.referenceValues[])')
+json=$(echo "${json}" | jq --argjson ver "${refvals}" '.referenceValues += $ver')
+
+# App Manifest: Extract the reference value and add it to the file name to not overwrite the same
+# container with different arguments such as environment variables
+refval=$(echo "${json}" | jq -r '.referenceValues[0].sha256')
+
+# App Manifest: Set name and reference value name
+json=$(echo "${json}" | jq ".name = \"${container}-${refval}\"")
+json=$(echo "${json}" | jq ".referenceValues[0].name += \": ${container}\"")
+
+# App Manifest: Store
+echo "Writing ${input}/${container_name}-${refval}.manifest.json"
+printf "%s\n" "${json}" > "${input}/${container_name}-${refval}.manifest.json"
+
+# App Description: Create corresponding app description
+appdesc=$(cat "${input}/app.description.json")
+appdesc=$(echo "${appdesc}" | jq ".name = \"${container}-${refval}.description\"")
+appdesc=$(echo "${appdesc}" | jq ".appManifest = \"${container}-${refval}\"")
+echo "Adding environment variables"
+for i in "${!keys[@]}"; do
+    envs="{\"key\": \"${keys[$i]}\", \"value\": \"${values[$i]}\"}"
+    echo "Adding $envs"
+    appdesc=$(echo "${appdesc}" | jq --argjson envs "${envs}" '.environment += [$envs]')
+done
+
+# Device Description: Add/replace app description to/in device description
+devdesc=$(cat "${input}/device.description.json")
+exists=$(echo "${devdesc}" | jq "any(.appDescriptions[]; .name == \"${container}-${refval}.description\")")
+if [[ "${exists}" = false ]]; then
+  echo "Adding app description to device description"
+else
+  echo "Replacing existing app description"
+  devdesc=$(echo "$devdesc" | jq ".appDescriptions |= map(select(.name != \"${container}-${refval}.description\"))")
+fi
+devdesc=$(echo "${devdesc}" | jq --argjson desc "[${appdesc}]" '.appDescriptions += $desc')
+
+# Device Description: Store
+echo "Writing ${input}/device.description.json"
+printf "%s\n" "${devdesc}" > "${input}/device.description.json"
+
+# Sign the metadata*
+key="${data}/pki/signing-cert-key.pem"
+chain="${data}/pki/signing-cert.pem,${data}/pki/ca.pem"
+
+# Convert to CBOR if specified
+if [[ "${ser,,}" = "json" ]]; then
+  echo "using json serialization"
+  cp "${input}/${container_name}-${refval}.manifest.json" "${tmp}/${container_name}-${refval}.manifest.json"
+  cp "${input}/device.description.json" "${tmp}/device.description.json"
+elif [[ "${ser,,}" = "cbor" ]]; then
+  echo "using cbor serialiation"
+  cmc-converter -in "${input}/${container_name}-${refval}.manifest.json" -out "${tmp}/${container_name}-${refval}.manifest.cbor" -outform cbor
+  cmc-converter -in "${input}/device.description.json" -out "${tmp}/device.description.cbor" -outform cbor
+else
+  echo "serialization format ${ser} is not supported"
+  exit 1
+fi
+
+cmc-signing-tool -in "${tmp}/${container_name}-${refval}.manifest.${ser}" -out "${output}/${container_name}-${refval}.manifest.${ser}" -keys "${key}" -x5cs "${chain}"
+cmc-signing-tool -in "${tmp}/device.description.${ser}" -out "${output}/device.description.${ser}" -keys "${key}" -x5cs "${chain}"
\ No newline at end of file

From 452d4b9b5d1ccd8ae25dda00b3ba7bece5911db9 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Mon, 24 Jun 2024 15:31:00 +0000
Subject: [PATCH 24/26] treewide: refactor attestationreport module

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 attestationreport/attestationreport.go        | 744 ------------------
 attestationreport/cbor_test.go                |  30 +
 attestedtls/libapi.go                         |   9 +-
 cmc/cmc.go                                    |  11 +-
 cmcd/coap.go                                  |   9 +-
 cmcd/grpc.go                                  |   9 +-
 cmcd/socket.go                                |  13 +-
 generate/generate.go                          | 130 +++
 sgxdriver/sgxdriver.go                        |   3 +-
 snpdriver/snpdriver.go                        |   3 +-
 testtool/libapi.go                            |   9 +-
 tools/fmspc-retrieval-tool/main.go            |   4 +-
 .../duktapepolicies.go                        |   5 +-
 {attestationreport => verify}/iat.go          |  47 +-
 {attestationreport => verify}/iat_test.go     |  37 +-
 .../intel_helpers.go                          | 129 +--
 {attestationreport => verify}/jspolicies.go   |   5 +-
 {attestationreport => verify}/sgx.go          |  78 +-
 {attestationreport => verify}/sgx_test.go     |  98 +--
 {attestationreport => verify}/snp.go          |  91 +--
 {attestationreport => verify}/snp_test.go     |  92 +--
 {attestationreport => verify}/tdx.go          |  88 ++-
 {attestationreport => verify}/tdx_test.go     | 168 ++--
 {attestationreport => verify}/tpm.go          |  55 +-
 {attestationreport => verify}/tpm_test.go     |  78 +-
 verify/verify.go                              | 673 ++++++++++++++++
 .../verify_test.go                            | 118 +--
 27 files changed, 1427 insertions(+), 1309 deletions(-)
 create mode 100644 generate/generate.go
 rename {attestationreport => verify}/duktapepolicies.go (87%)
 rename {attestationreport => verify}/iat.go (81%)
 rename {attestationreport => verify}/iat_test.go (93%)
 rename {attestationreport => verify}/intel_helpers.go (91%)
 rename {attestationreport => verify}/jspolicies.go (87%)
 rename {attestationreport => verify}/sgx.go (89%)
 rename {attestationreport => verify}/sgx_test.go (98%)
 rename {attestationreport => verify}/snp.go (88%)
 rename {attestationreport => verify}/snp_test.go (96%)
 rename {attestationreport => verify}/tdx.go (90%)
 rename {attestationreport => verify}/tdx_test.go (96%)
 rename {attestationreport => verify}/tpm.go (88%)
 rename {attestationreport => verify}/tpm_test.go (94%)
 create mode 100644 verify/verify.go
 rename attestationreport/attestationreport_test.go => verify/verify_test.go (81%)

diff --git a/attestationreport/attestationreport.go b/attestationreport/attestationreport.go
index 79d12946..0bcd06df 100644
--- a/attestationreport/attestationreport.go
+++ b/attestationreport/attestationreport.go
@@ -16,22 +16,11 @@
 package attestationreport
 
 import (
-	"bytes"
 	"crypto"
-	"crypto/sha256"
-	"crypto/sha512"
 	"crypto/x509"
-	"encoding/hex"
 	"encoding/json"
-	"errors"
-	"fmt"
-	"strconv"
 
-	"github.com/Fraunhofer-AISEC/cmc/internal"
-	"github.com/fxamacker/cbor/v2"
 	"github.com/sirupsen/logrus"
-
-	"time"
 )
 
 var log = logrus.WithField("service", "ar")
@@ -78,20 +67,6 @@ type Serializer interface {
 	VerifyToken(data []byte, roots []*x509.Certificate) (TokenResult, []byte, bool)
 }
 
-type PolicyEngineSelect uint32
-
-const (
-	PolicyEngineSelect_None    PolicyEngineSelect = 0
-	PolicyEngineSelect_JS      PolicyEngineSelect = 1
-	PolicyEngineSelect_DukTape PolicyEngineSelect = 2
-)
-
-var policyEngines = map[PolicyEngineSelect]PolicyValidator{}
-
-type PolicyValidator interface {
-	Validate(policies []byte, result VerificationResult) bool
-}
-
 // MetaInfo is a helper struct for generic info
 // present in every metadata object
 type MetaInfo struct {
@@ -411,722 +386,3 @@ type AttestationReport struct {
 	DeviceDescription  []byte        `json:"deviceDescription" cbor:"6,keyasint"`
 	Nonce              []byte        `json:"nonce" cbor:"7,keyasint"`
 }
-
-// Generate generates an attestation report with the provided
-// nonce and manifests and descriptions metadata. The manifests and descriptions
-// must be either raw JWS tokens in the JWS JSON full serialization
-// format or CBOR COSE tokens. Takes a list of measurers providing a method
-// for collecting  the measurements from a hardware or software interface
-func Generate(nonce []byte, metadata [][]byte, measurers []Driver, s Serializer) ([]byte, error) {
-
-	if s == nil {
-		return nil, errors.New("serializer not specified")
-	}
-
-	// Create attestation report object which will be filled with the attestation
-	// data or sent back incomplete in case errors occur
-	ar := AttestationReport{
-		Type: "Attestation Report",
-	}
-
-	if len(nonce) > 32 {
-		return nil, fmt.Errorf("nonce exceeds maximum length of 32 bytes")
-	}
-	ar.Nonce = nonce
-
-	log.Debug("Adding manifests and descriptions to Attestation Report..")
-
-	// Retrieve the manifests and descriptions
-	log.Trace("Parsing ", len(metadata), " meta-data objects..")
-	numManifests := 0
-	for i := 0; i < len(metadata); i++ {
-
-		// Extract plain payload (i.e. the manifest/description itself)
-		data, err := s.GetPayload(metadata[i])
-		if err != nil {
-			log.Tracef("Failed to parse metadata object %v: %v", i, err)
-			continue
-		}
-
-		// Unmarshal the Type field of the JSON file to determine the type for
-		// later processing
-		elem := new(MetaInfo)
-		err = s.Unmarshal(data, elem)
-		if err != nil {
-			log.Tracef("Failed to unmarshal data from metadata object %v: %v", i, err)
-			continue
-		}
-
-		switch elem.Type {
-		case "App Manifest":
-			log.Debug("Adding App Manifest")
-			ar.AppManifests = append(ar.AppManifests, metadata[i])
-			numManifests++
-		case "OS Manifest":
-			log.Debug("Adding OS Manifest")
-			ar.OsManifest = metadata[i]
-			numManifests++
-		case "RTM Manifest":
-			log.Debug("Adding RTM Manifest")
-			ar.RtmManifest = metadata[i]
-			numManifests++
-		case "Device Description":
-			log.Debug("Adding Device Description")
-			ar.DeviceDescription = metadata[i]
-		case "Company Description":
-			log.Debug("Adding Company Description")
-			ar.CompanyDescription = metadata[i]
-		}
-	}
-
-	if numManifests == 0 {
-		log.Warn("Did not find any manifests for the attestation report")
-	} else {
-		log.Debug("Added ", numManifests, " manifests to attestation report")
-	}
-
-	log.Tracef("Retrieving measurements from %v measurers", len(measurers))
-	for _, measurer := range measurers {
-
-		// This actually collects the measurements. The methods are implemented
-		// in the respective module (e.g. tpm module)
-		log.Trace("Getting measurements from measurement interface..")
-		measurement, err := measurer.Measure(nonce)
-		if err != nil {
-			return nil, fmt.Errorf("failed to get measurements: %v", err)
-		}
-
-		ar.Measurements = append(ar.Measurements, measurement)
-		log.Tracef("Added %v to attestation report", measurement.Type)
-	}
-
-	log.Trace("Finished attestation report generation")
-
-	// Marshal data to bytes
-	data, err := s.Marshal(ar)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal the Attestation Report: %v", err)
-	}
-
-	return data, nil
-}
-
-// Sign signs the attestation report with the specified signer 'signer'
-func Sign(report []byte, signer Driver, s Serializer) ([]byte, error) {
-	return s.Sign(report, signer)
-}
-
-// Verify verifies an attestation report in full serialized JWS
-// format against the supplied nonce and CA certificate. Verifies the certificate
-// chains of all attestation report elements as well as the measurements against
-// the reference values and the compatibility of software artefacts.
-func Verify(arRaw, nonce, casPem []byte, policies []byte, polEng PolicyEngineSelect, intelCache string) VerificationResult {
-	result := VerificationResult{
-		Type:        "Verification Result",
-		Success:     true,
-		SwCertLevel: 0}
-
-	cas, err := internal.ParseCertsPem(casPem)
-	if err != nil {
-		log.Tracef("Failed to parse specified CA certificate(s): %v", err)
-		result.Success = false
-		result.ErrorCode = ParseCA
-		return result
-	}
-
-	// Detect serialization format
-	var s Serializer
-	if json.Valid(arRaw) {
-		log.Trace("Detected JSON serialization")
-		s = JsonSerializer{}
-	} else if err := cbor.Valid(arRaw); err == nil {
-		log.Trace("Detected CBOR serialization")
-		s = CborSerializer{}
-	} else {
-		log.Trace("Unable to detect AR serialization format")
-		result.Success = false
-		result.ErrorCode = UnknownSerialization
-		return result
-	}
-
-	// Verify and unpack attestation report
-	ar, tr, code := verifyAr(arRaw, cas, s)
-	result.ReportSignature = tr.SignatureCheck
-	if code != NotSet {
-		result.ErrorCode = code
-		result.Success = false
-		return result
-	}
-
-	// Verify and unpack metadata from attestation report
-	metadata, mr, ok := verifyMetadata(ar, cas, s)
-	if !ok {
-		result.Success = false
-	}
-	result.MetadataResult = *mr
-
-	// Verify nonce
-	if res := bytes.Compare(ar.Nonce, nonce); res != 0 {
-		log.Tracef("Nonces mismatch: supplied nonce: %v, report nonce = %v",
-			hex.EncodeToString(nonce), hex.EncodeToString(ar.Nonce))
-		result.FreshnessCheck.Success = false
-		result.FreshnessCheck.Expected = hex.EncodeToString(ar.Nonce)
-		result.FreshnessCheck.Got = hex.EncodeToString(nonce)
-		result.Success = false
-	} else {
-		result.FreshnessCheck.Success = true
-	}
-
-	refVals, err := collectReferenceValues(metadata)
-	if err != nil {
-		log.Tracef("Failed to collect reference values: %v", err)
-		result.Success = false
-		result.ErrorCode = RefValTypeNotSupported
-	}
-
-	hwAttest := false
-	for _, m := range ar.Measurements {
-
-		switch mtype := m.Type; mtype {
-
-		case "TPM Measurement":
-			r, ok := verifyTpmMeasurements(m, nonce, refVals["TPM Reference Value"], cas)
-			if !ok {
-				result.Success = false
-			}
-			result.Measurements = append(result.Measurements, *r)
-			hwAttest = true
-
-		case "SNP Measurement":
-			r, ok := verifySnpMeasurements(m, nonce, refVals["SNP Reference Value"])
-			if !ok {
-				result.Success = false
-			}
-			result.Measurements = append(result.Measurements, *r)
-			hwAttest = true
-
-		case "TDX Measurement":
-			r, ok := verifyTdxMeasurements(m, nonce, intelCache, refVals["TDX Reference Value"])
-			if !ok {
-				result.Success = false
-			}
-			result.Measurements = append(result.Measurements, *r)
-			hwAttest = true
-
-		case "SGX Measurement":
-			r, ok := verifySgxMeasurements(m, nonce, intelCache, refVals["SGX Reference Value"])
-			if !ok {
-				result.Success = false
-			}
-			result.Measurements = append(result.Measurements, *r)
-			hwAttest = true
-
-		case "IAS Measurement":
-			r, ok := verifyIasMeasurements(m, nonce,
-				refVals["IAS Reference Value"], cas)
-			if !ok {
-				result.Success = false
-			}
-			result.Measurements = append(result.Measurements, *r)
-			hwAttest = true
-
-		default:
-			log.Tracef("Unsupported measurement type '%v'", mtype)
-			result.Success = false
-			result.ErrorCode = MeasurementTypeNotSupported
-		}
-	}
-
-	// The lowest certification level of all components determines the certification
-	// level for the device's software stack
-	levels := make([]int, 0)
-	levels = append(levels, metadata.RtmManifest.CertificationLevel)
-	levels = append(levels, metadata.OsManifest.CertificationLevel)
-	for _, app := range metadata.AppManifests {
-		levels = append(levels, app.CertificationLevel)
-	}
-	aggCertLevel := levels[0]
-	for _, l := range levels {
-		if l < aggCertLevel {
-			aggCertLevel = l
-		}
-	}
-	// If no hardware trust anchor is present, the maximum certification level is 1
-	// If there are reference values with a higher trust level present, the remote attestation
-	// must fail
-	if !hwAttest && aggCertLevel > 1 {
-		log.Tracef("No hardware trust anchor measurements present but claimed certification level is %v, which requires a hardware trust anchor", aggCertLevel)
-		result.ErrorCode = InvalidCertificationLevel
-		result.Success = false
-	}
-	result.SwCertLevel = aggCertLevel
-
-	// Verify the compatibility of the attestation report through verifying the
-	// compatibility of all components
-
-	// Check that the OS and RTM Manifest are specified in the Device Description
-	if metadata.DeviceDescription.RtmManifest == metadata.RtmManifest.Name {
-		result.DevDescResult.CorrectRtm.Success = true
-	} else {
-		log.Tracef("Device Description listed wrong RTM Manifest: %v vs. %v",
-			metadata.DeviceDescription.RtmManifest, metadata.RtmManifest.Name)
-		result.DevDescResult.CorrectRtm.Success = false
-		result.DevDescResult.CorrectRtm.Expected = metadata.DeviceDescription.RtmManifest
-		result.DevDescResult.CorrectRtm.Got = metadata.RtmManifest.Name
-		result.DevDescResult.Summary.Success = false
-		result.Success = false
-	}
-	if metadata.DeviceDescription.OsManifest == metadata.OsManifest.Name {
-		result.DevDescResult.CorrectOs.Success = true
-	} else {
-		log.Tracef("Device Description listed wrong OS Manifest: %v vs. %v",
-			metadata.DeviceDescription.OsManifest, metadata.OsManifest.Name)
-		result.DevDescResult.CorrectOs.Success = false
-		result.DevDescResult.CorrectOs.Expected = metadata.DeviceDescription.OsManifest
-		result.DevDescResult.CorrectOs.Got = metadata.OsManifest.Name
-		result.DevDescResult.Summary.Success = false
-		result.Success = false
-	}
-
-	// Extract app description names
-	appDescriptions := make([]string, 0)
-	for _, a := range metadata.DeviceDescription.AppDescriptions {
-		appDescriptions = append(appDescriptions, a.AppManifest)
-	}
-	// Extract app manifest names
-	appManifestNames := make([]string, 0)
-	for _, a := range metadata.AppManifests {
-		appManifestNames = append(appManifestNames, a.Name)
-	}
-
-	// Check that every AppManifest has a corresponding AppDescription
-	log.Tracef("Iterating app manifests length %v", len(metadata.AppManifests))
-	for _, a := range metadata.AppManifests {
-		r := Result{
-			Success:       true,
-			ExpectedOneOf: appDescriptions,
-			Got:           a.Name,
-		}
-		if !contains(a.Name, appDescriptions) {
-			log.Tracef("Device Description does not list the following App Manifest: %v", a.Name)
-			r.Success = false
-			result.DevDescResult.Summary.Success = false
-			result.Success = false
-		}
-		result.DevDescResult.CorrectApps = append(result.DevDescResult.CorrectApps, r)
-	}
-
-	// Check that every App Description has a corresponding App Manifest
-	log.Tracef("Iterating app descriptions length %v", len(metadata.DeviceDescription.AppDescriptions))
-	for _, desc := range metadata.DeviceDescription.AppDescriptions {
-		found := false
-		for _, manifest := range metadata.AppManifests {
-			if desc.AppManifest == manifest.Name {
-				found = true
-			}
-		}
-		if !found {
-			log.Tracef("No app manifest for app description: %v", desc.AppManifest)
-			r := Result{
-				Success:       false,
-				Got:           desc.AppManifest,
-				ExpectedOneOf: appManifestNames,
-			}
-			result.DevDescResult.CorrectApps = append(result.DevDescResult.CorrectApps, r)
-			result.Success = false
-		}
-	}
-
-	// Check that the Rtm Manifest is compatible with the OS Manifest
-	if contains(metadata.RtmManifest.Name, metadata.OsManifest.Rtms) {
-		result.DevDescResult.RtmOsCompatibility.Success = true
-	} else {
-		log.Tracef("RTM Manifest %v is not compatible with OS Manifest %v",
-			metadata.RtmManifest.Name, metadata.OsManifest.Name)
-		result.DevDescResult.RtmOsCompatibility.Success = false
-		result.DevDescResult.RtmOsCompatibility.ExpectedOneOf = metadata.OsManifest.Rtms
-		result.DevDescResult.RtmOsCompatibility.Got = metadata.RtmManifest.Name
-		result.DevDescResult.Summary.Success = false
-		result.Success = false
-	}
-
-	// Check that the OS Manifest is compatible with all App Manifests
-	for _, a := range metadata.AppManifests {
-		r := Result{
-			Success:       true,
-			ExpectedOneOf: a.Oss,
-			Got:           metadata.OsManifest.Name,
-		}
-		if !contains(metadata.OsManifest.Name, a.Oss) {
-			log.Tracef("OS Manifest %v is not compatible with App Manifest %v", metadata.OsManifest.Name, a.Name)
-			r.Success = false
-			result.DevDescResult.Summary.Success = false
-			result.Success = false
-		}
-		result.DevDescResult.OsAppsCompatibility =
-			append(result.DevDescResult.OsAppsCompatibility, r)
-	}
-
-	// Validate policies if specified
-	result.PolicySuccess = true
-	if policies != nil {
-		p, ok := policyEngines[polEng]
-		if !ok {
-			log.Tracef("Internal error: policy engine %v not implemented", polEng)
-			result.Success = false
-			result.ErrorCode = PolicyEngineNotImplemented
-			result.PolicySuccess = false
-		} else {
-			ok = p.Validate(policies, result)
-			if !ok {
-				log.Trace("Custom policy validation failed")
-				result.Success = false
-				result.ErrorCode = VerifyPolicies
-				result.PolicySuccess = false
-			}
-		}
-	} else {
-		log.Tracef("No custom policies specified")
-	}
-
-	// Add additional information
-	result.Prover = metadata.DeviceDescription.Name
-	if result.Prover == "" {
-		result.Prover = "Unknown"
-	}
-	result.Created = time.Now().Format(time.RFC3339)
-
-	if result.Success {
-		log.Infof("SUCCESS: Verification for Prover %v (%v)", result.Prover, result.Created)
-	} else {
-		log.Infof("FAILED: Verification for Prover %v (%v)", result.Prover, result.Created)
-	}
-
-	return result
-}
-
-func extendSha256(hash []byte, data []byte) []byte {
-	concat := append(hash, data...)
-	h := sha256.Sum256(concat)
-	ret := make([]byte, 32)
-	copy(ret, h[:])
-	return ret
-}
-
-func extendSha384(hash []byte, data []byte) []byte {
-	concat := append(hash, data...)
-	h := sha512.Sum384(concat)
-	ret := make([]byte, 48)
-	copy(ret, h[:])
-	return ret
-}
-
-func verifyAr(attestationReport []byte, cas []*x509.Certificate, s Serializer,
-) (*AttestationReport, TokenResult, ErrorCode) {
-
-	ar := AttestationReport{}
-
-	//Validate Attestation Report signature
-	result, payload, ok := s.VerifyToken(attestationReport, cas)
-	if !ok {
-		log.Trace("Validation of Attestation Report failed")
-		return nil, result, VerifyAR
-	}
-
-	err := s.Unmarshal(payload, &ar)
-	if err != nil {
-		log.Tracef("Parsing of Attestation Report failed: %v", err)
-		return nil, result, ParseAR
-	}
-
-	return &ar, result, NotSet
-}
-
-func verifyMetadata(ar *AttestationReport, cas []*x509.Certificate, s Serializer,
-) (*Metadata, *MetadataResult, bool) {
-
-	metadata := &Metadata{}
-	result := &MetadataResult{}
-	success := true
-
-	// Validate and unpack Rtm Manifest
-	tokenRes, payload, ok := s.VerifyToken(ar.RtmManifest, cas)
-	result.RtmResult.Summary = tokenRes.Summary
-	result.RtmResult.SignatureCheck = tokenRes.SignatureCheck
-	if !ok {
-		log.Trace("Validation of RTM Manifest failed")
-		success = false
-	} else {
-		err := s.Unmarshal(payload, &metadata.RtmManifest)
-		if err != nil {
-			log.Tracef("Unpacking of RTM Manifest failed: %v", err)
-			result.RtmResult.Summary.Success = false
-			result.RtmResult.Summary.ErrorCode = ParseRTMManifest
-			success = false
-		} else {
-			result.RtmResult.MetaInfo = metadata.RtmManifest.MetaInfo
-			result.RtmResult.ValidityCheck = checkValidity(metadata.RtmManifest.Validity)
-			result.RtmResult.Details = metadata.RtmManifest.Details
-			if !result.RtmResult.ValidityCheck.Success {
-				result.RtmResult.Summary.Success = false
-				success = false
-			}
-		}
-	}
-
-	// Validate and unpack OS Manifest
-	tokenRes, payload, ok = s.VerifyToken(ar.OsManifest, cas)
-	result.OsResult.Summary = tokenRes.Summary
-	result.OsResult.SignatureCheck = tokenRes.SignatureCheck
-	if !ok {
-		log.Trace("Validation of OS Manifest failed")
-		success = false
-	} else {
-		err := s.Unmarshal(payload, &metadata.OsManifest)
-		if err != nil {
-			log.Tracef("Unpacking of OS Manifest failed: %v", err)
-			result.OsResult.Summary.Success = false
-			result.OsResult.Summary.ErrorCode = ParseOSManifest
-			success = false
-		} else {
-			result.OsResult.MetaInfo = metadata.OsManifest.MetaInfo
-			result.OsResult.ValidityCheck = checkValidity(metadata.OsManifest.Validity)
-			result.OsResult.Details = metadata.OsManifest.Details
-			if !result.OsResult.ValidityCheck.Success {
-				result.OsResult.Summary.Success = false
-				success = false
-			}
-		}
-	}
-
-	// Validate and unpack App Manifests
-	for i, amSigned := range ar.AppManifests {
-		result.AppResults = append(result.AppResults, ManifestResult{})
-
-		tokenRes, payload, ok = s.VerifyToken(amSigned, cas)
-		result.AppResults[i].Summary = tokenRes.Summary
-		result.AppResults[i].SignatureCheck = tokenRes.SignatureCheck
-		if !ok {
-			log.Trace("Validation of App Manifest failed")
-			success = false
-		} else {
-			var am AppManifest
-			err := s.Unmarshal(payload, &am)
-			if err != nil {
-				log.Tracef("Unpacking of App Manifest failed: %v", err)
-				result.AppResults[i].Summary.Success = false
-				result.AppResults[i].Summary.ErrorCode = Parse
-				success = false
-			} else {
-				metadata.AppManifests = append(metadata.AppManifests, am)
-				result.AppResults[i].MetaInfo = am.MetaInfo
-				result.AppResults[i].ValidityCheck = checkValidity(am.Validity)
-				if !result.AppResults[i].ValidityCheck.Success {
-					log.Tracef("App Manifest %v validity check failed", am.Name)
-					result.AppResults[i].Summary.Success = false
-					success = false
-
-				}
-			}
-		}
-	}
-
-	// Validate and unpack Company Description if present
-	if ar.CompanyDescription != nil {
-		tokenRes, payload, ok = s.VerifyToken(ar.CompanyDescription, cas)
-		result.CompDescResult = &CompDescResult{}
-		result.CompDescResult.Summary = tokenRes.Summary
-		result.CompDescResult.SignatureCheck = tokenRes.SignatureCheck
-		if !ok {
-			log.Trace("Validation of Company Description Signatures failed")
-			success = false
-		} else {
-			err := s.Unmarshal(payload, &metadata.CompanyDescription)
-			if err != nil {
-				log.Tracef("Unpacking of Company Description failed: %v", err)
-				result.CompDescResult.Summary.Success = false
-				result.CompDescResult.Summary.ErrorCode = Parse
-				success = false
-			} else {
-				result.CompDescResult.MetaInfo = metadata.CompanyDescription.MetaInfo
-				result.CompDescResult.CompCertLevel = metadata.CompanyDescription.CertificationLevel
-
-				result.CompDescResult.ValidityCheck = checkValidity(metadata.CompanyDescription.Validity)
-				if !result.CompDescResult.ValidityCheck.Success {
-					log.Trace("Company Description invalid")
-					result.CompDescResult.Summary.Success = false
-					success = false
-				}
-			}
-		}
-	}
-
-	// Validate and unpack Device Description
-	tokenRes, payload, ok = s.VerifyToken(ar.DeviceDescription, cas)
-	result.DevDescResult.Summary = tokenRes.Summary
-	result.DevDescResult.SignatureCheck = tokenRes.SignatureCheck
-	if !ok {
-		log.Trace("Validation of Device Description failed")
-		success = false
-	} else {
-		err := s.Unmarshal(payload, &metadata.DeviceDescription)
-		if err != nil {
-			log.Tracef("Unpacking of Device Description failed: %v", err)
-			result.DevDescResult.Summary.Success = false
-			result.DevDescResult.Summary.ErrorCode = Parse
-			success = false
-		} else {
-			result.DevDescResult.MetaInfo = metadata.DeviceDescription.MetaInfo
-			result.DevDescResult.Description = metadata.DeviceDescription.Description
-			result.DevDescResult.Location = metadata.DeviceDescription.Location
-		}
-		for _, appDesc := range metadata.DeviceDescription.AppDescriptions {
-			appResult := AppDescResult{
-				MetaInfo:    appDesc.MetaInfo,
-				AppManifest: appDesc.AppManifest,
-				External:    appDesc.External,
-				Environment: appDesc.Environment,
-			}
-			result.DevDescResult.AppResults = append(result.DevDescResult.AppResults,
-				appResult)
-		}
-	}
-
-	return metadata, result, success
-}
-
-func checkValidity(val Validity) Result {
-	result := Result{}
-	result.Success = true
-
-	notBefore, err := time.Parse(time.RFC3339, val.NotBefore)
-	if err != nil {
-		log.Tracef("Failed to parse NotBefore time. Time.Parse returned %v", err)
-		result.Success = false
-		result.ErrorCode = ParseTime
-		return result
-	}
-	notAfter, err := time.Parse(time.RFC3339, val.NotAfter)
-	if err != nil {
-		log.Tracef("Failed to parse NotAfter time. Time.Parse returned %v", err)
-		result.Success = false
-		result.ErrorCode = ParseTime
-		return result
-	}
-	currentTime := time.Now()
-
-	if notBefore.After(currentTime) {
-		log.Trace("Validity check failed: Artifact is not valid yet")
-		result.Success = false
-		result.ErrorCode = NotYetValid
-	}
-
-	if currentTime.After(notAfter) {
-		log.Trace("Validity check failed: Artifact validity has expired")
-		result.Success = false
-		result.ErrorCode = Expired
-	}
-
-	return result
-}
-
-func collectReferenceValues(metadata *Metadata) (map[string][]ReferenceValue, error) {
-	// Gather a list of all reference values independent of the type
-	verList := append(metadata.RtmManifest.ReferenceValues, metadata.OsManifest.ReferenceValues...)
-	for _, appManifest := range metadata.AppManifests {
-		verList = append(verList, appManifest.ReferenceValues...)
-	}
-
-	verMap := make(map[string][]ReferenceValue)
-
-	// Iterate through the reference values and sort them into the different types
-	for _, v := range verList {
-		if v.Type != "SNP Reference Value" && v.Type != "SW Reference Value" && v.Type != "TPM Reference Value" && v.Type != "TDX Reference Value" && v.Type != "SGX Reference Value" {
-			return nil, fmt.Errorf("reference value of type %v is not supported", v.Type)
-		}
-		verMap[v.Type] = append(verMap[v.Type], v)
-	}
-	return verMap, nil
-}
-
-func checkExtensionUint8(cert *x509.Certificate, oid string, value uint8) (Result, bool) {
-
-	for _, ext := range cert.Extensions {
-
-		if ext.Id.String() == oid {
-			if len(ext.Value) != 3 && len(ext.Value) != 4 {
-				log.Tracef("extension %v value unexpected length %v (expected 3 or 4)",
-					oid, len(ext.Value))
-				return Result{Success: false, ErrorCode: OidLength}, false
-			}
-			if ext.Value[0] != 0x2 {
-				log.Tracef("extension %v value[0]: %v does not match expected value 2 (tag Integer)",
-					oid, ext.Value[0])
-				return Result{Success: false, ErrorCode: OidTag}, false
-			}
-			if ext.Value[1] == 0x1 {
-				if ext.Value[2] != value {
-					log.Tracef("extension %v value[2]: %v does not match expected value %v",
-						oid, ext.Value[2], value)
-					return Result{
-						Success:  false,
-						Expected: strconv.FormatUint(uint64(value), 10),
-						Got:      strconv.FormatUint(uint64(ext.Value[2]), 10),
-					}, false
-				}
-			} else if ext.Value[1] == 0x2 {
-				// Due to openssl, the sign bit must remain zero for positive integers
-				// even though this field is defined as unsigned int in the AMD spec
-				// Thus, if the most significant bit is required, one byte of additional 0x00 padding is added
-				if ext.Value[2] != 0x00 || ext.Value[3] != value {
-					log.Tracef("extension %v value = %v%v does not match expected value  %v",
-						oid, ext.Value[2], ext.Value[3], value)
-					return Result{
-						Success:  false,
-						Expected: strconv.FormatUint(uint64(value), 10),
-						Got:      strconv.FormatUint(uint64(ext.Value[3]), 10),
-					}, false
-				}
-			} else {
-				log.Tracef("extension %v value[1]: %v does not match expected value 1 or 2 (length of integer)",
-					oid, ext.Value[1])
-				return Result{Success: false, ErrorCode: OidLength}, false
-			}
-			return Result{Success: true}, true
-		}
-	}
-
-	log.Tracef("extension %v not present in certificate", oid)
-	return Result{Success: false, ErrorCode: OidNotPresent}, false
-}
-
-func checkExtensionBuf(cert *x509.Certificate, oid string, buf []byte) (Result, bool) {
-
-	for _, ext := range cert.Extensions {
-
-		if ext.Id.String() == oid {
-			if cmp := bytes.Compare(ext.Value, buf); cmp != 0 {
-				log.Tracef("extension %v value %v does not match expected value %v",
-					oid, hex.EncodeToString(ext.Value), hex.EncodeToString(buf))
-				return Result{
-					Success:  false,
-					Expected: hex.EncodeToString(buf),
-					Got:      hex.EncodeToString(ext.Value),
-				}, false
-			}
-			return Result{Success: true}, true
-		}
-	}
-
-	log.Tracef("extension %v not present in certificate", oid)
-	return Result{Success: false, ErrorCode: OidNotPresent}, false
-}
-
-func contains(elem string, list []string) bool {
-	for _, s := range list {
-		if s == elem {
-			return true
-		}
-	}
-	return false
-}
diff --git a/attestationreport/cbor_test.go b/attestationreport/cbor_test.go
index c7f957d1..63de0956 100644
--- a/attestationreport/cbor_test.go
+++ b/attestationreport/cbor_test.go
@@ -16,6 +16,7 @@
 package attestationreport
 
 import (
+	"crypto"
 	"crypto/ecdsa"
 	"crypto/x509"
 	"encoding/pem"
@@ -25,6 +26,35 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
+type SwSigner struct {
+	certChain []*x509.Certificate
+	priv      crypto.PrivateKey
+}
+
+func (s *SwSigner) Init(c *DriverConfig) error {
+	return nil
+}
+
+func (s *SwSigner) Measure(nonce []byte) (Measurement, error) {
+	return Measurement{}, nil
+}
+
+func (s *SwSigner) Lock() error {
+	return nil
+}
+
+func (s *SwSigner) Unlock() error {
+	return nil
+}
+
+func (s *SwSigner) GetSigningKeys() (crypto.PrivateKey, crypto.PublicKey, error) {
+	return s.priv, &s.priv.(*ecdsa.PrivateKey).PublicKey, nil
+}
+
+func (s *SwSigner) GetCertChain() ([]*x509.Certificate, error) {
+	return s.certChain, nil
+}
+
 func TestVerifyCbor(t *testing.T) {
 	type args struct {
 		ar AttestationReport
diff --git a/attestedtls/libapi.go b/attestedtls/libapi.go
index 959a4e0b..7fe5e3c8 100644
--- a/attestedtls/libapi.go
+++ b/attestedtls/libapi.go
@@ -24,8 +24,9 @@ import (
 	"errors"
 	"fmt"
 
-	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
+	"github.com/Fraunhofer-AISEC/cmc/generate"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
+	"github.com/Fraunhofer-AISEC/cmc/verify"
 )
 
 type LibApi struct{}
@@ -48,13 +49,13 @@ func (a LibApi) obtainAR(cc CmcConfig, chbindings []byte) ([]byte, error) {
 
 	log.Debug("Prover: Generating Attestation Report with nonce: ", hex.EncodeToString(chbindings))
 
-	report, err := ar.Generate(chbindings, cc.Cmc.Metadata, cc.Cmc.Drivers, cc.Cmc.Serializer)
+	report, err := generate.Generate(chbindings, cc.Cmc.Metadata, cc.Cmc.Drivers, cc.Cmc.Serializer)
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate attestation report: %w", err)
 	}
 
 	log.Debug("Prover: Signing Attestation Report")
-	signedReport, err := ar.Sign(report, cc.Cmc.Drivers[0], cc.Cmc.Serializer)
+	signedReport, err := generate.Sign(report, cc.Cmc.Drivers[0], cc.Cmc.Serializer)
 	if err != nil {
 		return nil, errors.New("prover: failed to sign Attestion Report ")
 	}
@@ -66,7 +67,7 @@ func (a LibApi) obtainAR(cc CmcConfig, chbindings []byte) ([]byte, error) {
 func (a LibApi) verifyAR(chbindings, report []byte, cc CmcConfig) error {
 
 	log.Debug("Verifier: Verifying Attestation Report")
-	result := ar.Verify(report, chbindings, cc.Ca, nil, cc.Cmc.PolicyEngineSelect, cc.Cmc.IntelStorage)
+	result := verify.Verify(report, chbindings, cc.Ca, nil, cc.Cmc.PolicyEngineSelect, cc.Cmc.IntelStorage)
 
 	// Return attestation result via callback if specified
 	if cc.ResultCb != nil {
diff --git a/cmc/cmc.go b/cmc/cmc.go
index 08d41262..803a743e 100644
--- a/cmc/cmc.go
+++ b/cmc/cmc.go
@@ -23,14 +23,15 @@ import (
 
 	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
+	verify "github.com/Fraunhofer-AISEC/cmc/verify"
 )
 
 var (
 	log = logrus.WithField("service", "cmc")
 
-	policyEngines = map[string]ar.PolicyEngineSelect{
-		"js":      ar.PolicyEngineSelect_JS,
-		"duktape": ar.PolicyEngineSelect_DukTape,
+	policyEngines = map[string]verify.PolicyEngineSelect{
+		"js":      verify.PolicyEngineSelect_JS,
+		"duktape": verify.PolicyEngineSelect_DukTape,
 	}
 
 	drivers = map[string]ar.Driver{}
@@ -60,7 +61,7 @@ type Config struct {
 
 type Cmc struct {
 	Metadata           [][]byte
-	PolicyEngineSelect ar.PolicyEngineSelect
+	PolicyEngineSelect verify.PolicyEngineSelect
 	Drivers            []ar.Driver
 	Serializer         ar.Serializer
 	Network            string
@@ -75,7 +76,7 @@ func GetDrivers() map[string]ar.Driver {
 	return drivers
 }
 
-func GetPolicyEngines() map[string]ar.PolicyEngineSelect {
+func GetPolicyEngines() map[string]verify.PolicyEngineSelect {
 	return policyEngines
 }
 
diff --git a/cmcd/coap.go b/cmcd/coap.go
index cf672862..940a8248 100644
--- a/cmcd/coap.go
+++ b/cmcd/coap.go
@@ -34,10 +34,11 @@ import (
 
 	// local modules
 	"github.com/Fraunhofer-AISEC/cmc/api"
-	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/cmc"
+	"github.com/Fraunhofer-AISEC/cmc/generate"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
 	m "github.com/Fraunhofer-AISEC/cmc/measure"
+	"github.com/Fraunhofer-AISEC/cmc/verify"
 )
 
 // CoapServer is the CoAP server structure
@@ -128,7 +129,7 @@ func Attest(w mux.ResponseWriter, r *mux.Message) {
 
 	log.Debug("Prover: Generating Attestation Report with nonce: ", hex.EncodeToString(req.Nonce))
 
-	report, err := ar.Generate(req.Nonce, Cmc.Metadata, Cmc.Drivers, Cmc.Serializer)
+	report, err := generate.Generate(req.Nonce, Cmc.Metadata, Cmc.Drivers, Cmc.Serializer)
 	if err != nil {
 		sendCoapError(w, r, codes.InternalServerError,
 			"failed to generate attestation report: %v", err)
@@ -136,7 +137,7 @@ func Attest(w mux.ResponseWriter, r *mux.Message) {
 	}
 
 	log.Debug("Prover: Signing Attestation Report")
-	data, err := ar.Sign(report, Cmc.Drivers[0], Cmc.Serializer)
+	data, err := generate.Sign(report, Cmc.Drivers[0], Cmc.Serializer)
 	if err != nil {
 		sendCoapError(w, r, codes.InternalServerError,
 			"Failed to sign attestation report: %v", err)
@@ -172,7 +173,7 @@ func Verify(w mux.ResponseWriter, r *mux.Message) {
 	}
 
 	log.Debug("Verifier: Verifying Attestation Report")
-	result := ar.Verify(req.AttestationReport, req.Nonce, req.Ca, req.Policies,
+	result := verify.Verify(req.AttestationReport, req.Nonce, req.Ca, req.Policies,
 		Cmc.PolicyEngineSelect, Cmc.IntelStorage)
 
 	log.Debug("Verifier: Marshaling Attestation Result")
diff --git a/cmcd/grpc.go b/cmcd/grpc.go
index e9295584..9a5aefed 100644
--- a/cmcd/grpc.go
+++ b/cmcd/grpc.go
@@ -34,11 +34,12 @@ import (
 
 	// local modules
 
-	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/cmc"
+	"github.com/Fraunhofer-AISEC/cmc/generate"
 	api "github.com/Fraunhofer-AISEC/cmc/grpcapi"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
 	m "github.com/Fraunhofer-AISEC/cmc/measure"
+	"github.com/Fraunhofer-AISEC/cmc/verify"
 )
 
 type GrpcServerWrapper struct{}
@@ -97,7 +98,7 @@ func (s *GrpcServer) Attest(ctx context.Context, in *api.AttestationRequest) (*a
 
 	log.Info("Prover: Generating Attestation Report with nonce: ", hex.EncodeToString(in.Nonce))
 
-	report, err := ar.Generate(in.Nonce, s.cmc.Metadata, s.cmc.Drivers, s.cmc.Serializer)
+	report, err := generate.Generate(in.Nonce, s.cmc.Metadata, s.cmc.Drivers, s.cmc.Serializer)
 	if err != nil {
 		return &api.AttestationResponse{
 			Status: api.Status_FAIL,
@@ -105,7 +106,7 @@ func (s *GrpcServer) Attest(ctx context.Context, in *api.AttestationRequest) (*a
 	}
 
 	log.Info("Prover: Signing Attestation Report")
-	data, err := ar.Sign(report, s.cmc.Drivers[0], s.cmc.Serializer)
+	data, err := generate.Sign(report, s.cmc.Drivers[0], s.cmc.Serializer)
 	if err != nil {
 		return &api.AttestationResponse{
 			Status: api.Status_FAIL,
@@ -129,7 +130,7 @@ func (s *GrpcServer) Verify(ctx context.Context, in *api.VerificationRequest) (*
 	log.Info("Received Connection Request Type 'Verification Request'")
 
 	log.Info("Verifier: Verifying Attestation Report")
-	result := ar.Verify(in.AttestationReport, in.Nonce, in.Ca, in.Policies,
+	result := verify.Verify(in.AttestationReport, in.Nonce, in.Ca, in.Policies,
 		s.cmc.PolicyEngineSelect, s.cmc.IntelStorage)
 
 	log.Info("Verifier: Marshaling Attestation Result")
diff --git a/cmcd/socket.go b/cmcd/socket.go
index dc6556b6..4440472e 100644
--- a/cmcd/socket.go
+++ b/cmcd/socket.go
@@ -33,10 +33,11 @@ import (
 
 	// local modules
 	"github.com/Fraunhofer-AISEC/cmc/api"
-	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/cmc"
+	"github.com/Fraunhofer-AISEC/cmc/generate"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
 	m "github.com/Fraunhofer-AISEC/cmc/measure"
+	"github.com/Fraunhofer-AISEC/cmc/verify"
 )
 
 // Server is the server structure
@@ -89,7 +90,7 @@ func handleIncoming(conn net.Conn, cmc *cmc.Cmc) {
 	case api.TypeAttest:
 		attest(conn, payload, cmc)
 	case api.TypeVerify:
-		verify(conn, payload, cmc)
+		validate(conn, payload, cmc)
 	case api.TypeMeasure:
 		measure(conn, payload, cmc)
 	case api.TypeTLSCert:
@@ -123,14 +124,14 @@ func attest(conn net.Conn, payload []byte, cmc *cmc.Cmc) {
 
 	log.Debugf("Prover: Generating Attestation Report with nonce: %v", hex.EncodeToString(req.Nonce))
 
-	report, err := ar.Generate(req.Nonce, cmc.Metadata, cmc.Drivers, cmc.Serializer)
+	report, err := generate.Generate(req.Nonce, cmc.Metadata, cmc.Drivers, cmc.Serializer)
 	if err != nil {
 		api.SendError(conn, "failed to generate attestation report: %v", err)
 		return
 	}
 
 	log.Debug("Prover: Signing Attestation Report")
-	r, err := ar.Sign(report, cmc.Drivers[0], cmc.Serializer)
+	r, err := generate.Sign(report, cmc.Drivers[0], cmc.Serializer)
 	if err != nil {
 		api.SendError(conn, "Failed to sign attestation report: %v", err)
 		return
@@ -154,7 +155,7 @@ func attest(conn net.Conn, payload []byte, cmc *cmc.Cmc) {
 	log.Debug("Prover: Finished")
 }
 
-func verify(conn net.Conn, payload []byte, cmc *cmc.Cmc) {
+func validate(conn net.Conn, payload []byte, cmc *cmc.Cmc) {
 
 	log.Debug("Received Connection Request Type 'Verification Request'")
 
@@ -166,7 +167,7 @@ func verify(conn net.Conn, payload []byte, cmc *cmc.Cmc) {
 	}
 
 	log.Debug("Verifier: Verifying Attestation Report")
-	result := ar.Verify(req.AttestationReport, req.Nonce, req.Ca, req.Policies,
+	result := verify.Verify(req.AttestationReport, req.Nonce, req.Ca, req.Policies,
 		cmc.PolicyEngineSelect, cmc.IntelStorage)
 
 	log.Debug("Verifier: Marshaling Attestation Result")
diff --git a/generate/generate.go b/generate/generate.go
new file mode 100644
index 00000000..1181e389
--- /dev/null
+++ b/generate/generate.go
@@ -0,0 +1,130 @@
+// Copyright (c) 2021 Fraunhofer AISEC
+// Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package generate
+
+import (
+	"errors"
+	"fmt"
+
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
+	"github.com/sirupsen/logrus"
+)
+
+var log = logrus.WithField("service", "ar")
+
+// Generate generates an attestation report with the provided
+// nonce and manifests and descriptions metadata. The manifests and descriptions
+// must be either raw JWS tokens in the JWS JSON full serialization
+// format or CBOR COSE tokens. Takes a list of measurers providing a method
+// for collecting  the measurements from a hardware or software interface
+func Generate(nonce []byte, metadata [][]byte, measurers []ar.Driver, s ar.Serializer) ([]byte, error) {
+
+	if s == nil {
+		return nil, errors.New("serializer not specified")
+	}
+
+	// Create attestation report object which will be filled with the attestation
+	// data or sent back incomplete in case errors occur
+	report := ar.AttestationReport{
+		Type: "Attestation Report",
+	}
+
+	if len(nonce) > 32 {
+		return nil, fmt.Errorf("nonce exceeds maximum length of 32 bytes")
+	}
+	report.Nonce = nonce
+
+	log.Debug("Adding manifests and descriptions to Attestation Report..")
+
+	// Retrieve the manifests and descriptions
+	log.Trace("Parsing ", len(metadata), " meta-data objects..")
+	numManifests := 0
+	for i := 0; i < len(metadata); i++ {
+
+		// Extract plain payload (i.e. the manifest/description itself)
+		data, err := s.GetPayload(metadata[i])
+		if err != nil {
+			log.Tracef("Failed to parse metadata object %v: %v", i, err)
+			continue
+		}
+
+		// Unmarshal the Type field of the JSON file to determine the type for
+		// later processing
+		elem := new(ar.MetaInfo)
+		err = s.Unmarshal(data, elem)
+		if err != nil {
+			log.Tracef("Failed to unmarshal data from metadata object %v: %v", i, err)
+			continue
+		}
+
+		switch elem.Type {
+		case "App Manifest":
+			log.Debug("Adding App Manifest")
+			report.AppManifests = append(report.AppManifests, metadata[i])
+			numManifests++
+		case "OS Manifest":
+			log.Debug("Adding OS Manifest")
+			report.OsManifest = metadata[i]
+			numManifests++
+		case "RTM Manifest":
+			log.Debug("Adding RTM Manifest")
+			report.RtmManifest = metadata[i]
+			numManifests++
+		case "Device Description":
+			log.Debug("Adding Device Description")
+			report.DeviceDescription = metadata[i]
+		case "Company Description":
+			log.Debug("Adding Company Description")
+			report.CompanyDescription = metadata[i]
+		}
+	}
+
+	if numManifests == 0 {
+		log.Warn("Did not find any manifests for the attestation report")
+	} else {
+		log.Debug("Added ", numManifests, " manifests to attestation report")
+	}
+
+	log.Tracef("Retrieving measurements from %v measurers", len(measurers))
+	for _, measurer := range measurers {
+
+		// This actually collects the measurements. The methods are implemented
+		// in the respective module (e.g. tpm module)
+		log.Trace("Getting measurements from measurement interface..")
+		measurement, err := measurer.Measure(nonce)
+		if err != nil {
+			return nil, fmt.Errorf("failed to get measurements: %v", err)
+		}
+
+		report.Measurements = append(report.Measurements, measurement)
+		log.Tracef("Added %v to attestation report", measurement.Type)
+	}
+
+	log.Trace("Finished attestation report generation")
+
+	// Marshal data to bytes
+	data, err := s.Marshal(report)
+	if err != nil {
+		return nil, fmt.Errorf("failed to marshal the Attestation Report: %v", err)
+	}
+
+	return data, nil
+}
+
+// Sign signs the attestation report with the specified signer 'signer'
+func Sign(report []byte, signer ar.Driver, s ar.Serializer) ([]byte, error) {
+	return s.Sign(report, signer)
+}
diff --git a/sgxdriver/sgxdriver.go b/sgxdriver/sgxdriver.go
index cc972294..f1676395 100644
--- a/sgxdriver/sgxdriver.go
+++ b/sgxdriver/sgxdriver.go
@@ -36,6 +36,7 @@ import (
 	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	est "github.com/Fraunhofer-AISEC/cmc/est/estclient"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
+	verify "github.com/Fraunhofer-AISEC/cmc/verify"
 	"github.com/edgelesssys/ego/enclave"
 	"github.com/sirupsen/logrus"
 
@@ -352,7 +353,7 @@ func downloadSgxCertChain(c *ar.DriverConfig) ([]*x509.Certificate, error) {
 	resp.Body.Close()
 
 	// Extract FMSPC from PCK certificate SGX Extensions
-	sgxExtensions, err := ar.ParseSGXExtensions(pckCert.Extensions[ar.SGX_EXTENSION_INDEX].Value[4:])
+	sgxExtensions, err := verify.ParseSGXExtensions(pckCert.Extensions[verify.SGX_EXTENSION_INDEX].Value[4:])
 	if err != nil {
 		return certificates, err
 	}
diff --git a/snpdriver/snpdriver.go b/snpdriver/snpdriver.go
index 672777d4..3d8e0632 100644
--- a/snpdriver/snpdriver.go
+++ b/snpdriver/snpdriver.go
@@ -42,6 +42,7 @@ import (
 	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	est "github.com/Fraunhofer-AISEC/cmc/est/estclient"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
+	"github.com/Fraunhofer-AISEC/cmc/verify"
 	"github.com/sirupsen/logrus"
 )
 
@@ -276,7 +277,7 @@ func getSnpCertChain(addr string) ([]*x509.Certificate, error) {
 	if err != nil {
 		return nil, fmt.Errorf("failed to get SNP report: %w", err)
 	}
-	s, err := ar.DecodeSnpReport(arRaw)
+	s, err := verify.DecodeSnpReport(arRaw)
 	if err != nil {
 		return nil, fmt.Errorf("failed to decode SNP report: %w", err)
 	}
diff --git a/testtool/libapi.go b/testtool/libapi.go
index 172d30d4..260fffaf 100644
--- a/testtool/libapi.go
+++ b/testtool/libapi.go
@@ -28,10 +28,11 @@ import (
 	"fmt"
 	"os"
 
-	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/attestedtls"
 	"github.com/Fraunhofer-AISEC/cmc/cmc"
+	g "github.com/Fraunhofer-AISEC/cmc/generate"
 	m "github.com/Fraunhofer-AISEC/cmc/measure"
+	v "github.com/Fraunhofer-AISEC/cmc/verify"
 )
 
 type LibApi struct {
@@ -65,7 +66,7 @@ func (a LibApi) generate(c *config) {
 	}
 
 	// Generate attestation report
-	report, err := ar.Generate(nonce, a.cmc.Metadata, a.cmc.Drivers, a.cmc.Serializer)
+	report, err := g.Generate(nonce, a.cmc.Metadata, a.cmc.Drivers, a.cmc.Serializer)
 	if err != nil {
 		log.Errorf("Failed to generate attestation report: %v", err)
 		return
@@ -73,7 +74,7 @@ func (a LibApi) generate(c *config) {
 
 	// Sign attestation report
 	log.Debug("Prover: Signing Attestation Report")
-	r, err := ar.Sign(report, a.cmc.Drivers[0], a.cmc.Serializer)
+	r, err := g.Sign(report, a.cmc.Drivers[0], a.cmc.Serializer)
 	if err != nil {
 		log.Errorf("Failed to sign attestation report: %v", err)
 		return
@@ -116,7 +117,7 @@ func (a LibApi) verify(c *config) {
 	}
 
 	// Verify the attestation report
-	result := ar.Verify(report, nonce, c.ca, c.policies, a.cmc.PolicyEngineSelect, a.cmc.IntelStorage)
+	result := v.Verify(report, nonce, c.ca, c.policies, a.cmc.PolicyEngineSelect, a.cmc.IntelStorage)
 
 	log.Debug("Verifier: Marshaling Attestation Result")
 	r, err := json.Marshal(result)
diff --git a/tools/fmspc-retrieval-tool/main.go b/tools/fmspc-retrieval-tool/main.go
index 5183b872..821a1361 100644
--- a/tools/fmspc-retrieval-tool/main.go
+++ b/tools/fmspc-retrieval-tool/main.go
@@ -7,8 +7,8 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
+	"github.com/Fraunhofer-AISEC/cmc/verify"
 )
 
 var (
@@ -47,7 +47,7 @@ func main() {
 		return
 	}
 
-	sgxExtensions, err := attestationreport.ParseSGXExtensions(cert[0].Extensions[attestationreport.SGX_EXTENSION_INDEX].Value[4:])
+	sgxExtensions, err := verify.ParseSGXExtensions(cert[0].Extensions[verify.SGX_EXTENSION_INDEX].Value[4:])
 	if err != nil {
 		fmt.Println("failed to parse SGX extensions")
 		return
diff --git a/attestationreport/duktapepolicies.go b/verify/duktapepolicies.go
similarity index 87%
rename from attestationreport/duktapepolicies.go
rename to verify/duktapepolicies.go
index 4678511d..a25dd00a 100644
--- a/attestationreport/duktapepolicies.go
+++ b/verify/duktapepolicies.go
@@ -15,12 +15,13 @@
 
 //go:build !nodefaults || duktapepolicies
 
-package attestationreport
+package verify
 
 import (
 	"encoding/json"
 
 	"github.com/Fraunhofer-AISEC/cmc/attestationpolicies/duktape"
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 )
 
 type DukTapePolicyEngine struct{}
@@ -29,7 +30,7 @@ func init() {
 	policyEngines[PolicyEngineSelect_DukTape] = DukTapePolicyEngine{}
 }
 
-func (p DukTapePolicyEngine) Validate(policies []byte, result VerificationResult) bool {
+func (p DukTapePolicyEngine) Validate(policies []byte, result ar.VerificationResult) bool {
 	vr, err := json.Marshal(result)
 	if err != nil {
 		log.Errorf("Failed to marshal verification result: %v", err)
diff --git a/attestationreport/iat.go b/verify/iat.go
similarity index 81%
rename from attestationreport/iat.go
rename to verify/iat.go
index 48fd5a02..ccb59413 100644
--- a/attestationreport/iat.go
+++ b/verify/iat.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"bytes"
@@ -21,6 +21,7 @@ import (
 	"crypto/x509"
 	"encoding/hex"
 
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
 	"github.com/veraison/go-cose"
 )
@@ -47,11 +48,11 @@ type Iat struct {
 	Vsi               string        `cbor:"-75010,keyasint,omitempty"`
 }
 
-func verifyIasMeasurements(iasM Measurement, nonce []byte, referenceValues []ReferenceValue,
+func verifyIasMeasurements(iasM ar.Measurement, nonce []byte, referenceValues []ar.ReferenceValue,
 	cas []*x509.Certificate,
-) (*MeasurementResult, bool) {
+) (*ar.MeasurementResult, bool) {
 
-	result := &MeasurementResult{
+	result := &ar.MeasurementResult{
 		Type: "IAT Result",
 	}
 	ok := true
@@ -60,23 +61,23 @@ func verifyIasMeasurements(iasM Measurement, nonce []byte, referenceValues []Ref
 	certs, err := internal.ParseCertsDer(iasM.Certs)
 	if err != nil {
 		log.Tracef("failed to parse IAS certificates: %v", err)
-		result.Summary.SetErr(ParseEvidence)
+		result.Summary.SetErr(ar.ParseEvidence)
 		return result, false
 	}
 
 	if len(referenceValues) == 0 {
 		log.Tracef("Could not find IAS Reference Value")
-		result.Summary.SetErr(RefValNotPresent)
+		result.Summary.SetErr(ar.RefValNotPresent)
 		return result, false
 	}
-	s := CborSerializer{}
+	s := ar.CborSerializer{}
 
 	log.Trace("Verifying CBOR IAT")
 
 	iatresult, payload, ok := verifyIat(iasM.Evidence, certs[0])
 	if !ok {
 		log.Tracef("IAS signature verification failed")
-		result.Summary.SetErr(VerifySignature)
+		result.Summary.SetErr(ar.VerifySignature)
 		return result, false
 	}
 	result.Signature.SignCheck = iatresult
@@ -87,7 +88,7 @@ func verifyIasMeasurements(iasM Measurement, nonce []byte, referenceValues []Ref
 	err = s.Unmarshal(payload, iat)
 	if err != nil {
 		log.Tracef("Failed to unmarshal IAT: %v", err)
-		result.Summary.SetErr(ParseEvidence)
+		result.Summary.SetErr(ar.ParseEvidence)
 		return result, false
 	}
 
@@ -110,7 +111,7 @@ func verifyIasMeasurements(iasM Measurement, nonce []byte, referenceValues []Ref
 	x509Chains, err := internal.VerifyCertChain(certs, cas)
 	if err != nil {
 		log.Tracef("Failed to verify certificate chain: %v", err)
-		result.Signature.CertChainCheck.SetErr(VerifyCertChain)
+		result.Signature.CertChainCheck.SetErr(ar.VerifyCertChain)
 		ok = false
 	} else {
 		result.Signature.CertChainCheck.Success = true
@@ -118,9 +119,9 @@ func verifyIasMeasurements(iasM Measurement, nonce []byte, referenceValues []Ref
 
 	//Store details from (all) validated certificate chain(s) in the report
 	for _, chain := range x509Chains {
-		chainExtracted := []X509CertExtracted{}
+		chainExtracted := []ar.X509CertExtracted{}
 		for _, cert := range chain {
-			chainExtracted = append(chainExtracted, ExtractX509Infos(cert))
+			chainExtracted = append(chainExtracted, ar.ExtractX509Infos(cert))
 		}
 		result.Signature.ValidatedCerts = append(result.Signature.ValidatedCerts, chainExtracted)
 	}
@@ -134,14 +135,14 @@ func verifyIasMeasurements(iasM Measurement, nonce []byte, referenceValues []Ref
 		log.Tracef("Found reference value %v: %v", ver.Name, hex.EncodeToString(ver.Sha256))
 		if ver.Type != "IAS Reference Value" {
 			log.Tracef("IAS Reference Value invalid type %v", ver.Type)
-			result.Summary.SetErr(RefValType)
+			result.Summary.SetErr(ar.RefValType)
 			return result, false
 		}
 		found := false
 		for _, swc := range iat.SwComponents {
 			if bytes.Equal(ver.Sha256, swc.MeasurementValue) {
 				result.Artifacts = append(result.Artifacts,
-					DigestResult{
+					ar.DigestResult{
 						Name:    ver.Name,
 						Digest:  hex.EncodeToString(ver.Sha256),
 						Success: true,
@@ -152,7 +153,7 @@ func verifyIasMeasurements(iasM Measurement, nonce []byte, referenceValues []Ref
 		if !found {
 			ok = false
 			result.Artifacts = append(result.Artifacts,
-				DigestResult{
+				ar.DigestResult{
 					Name:    ver.Name,
 					Digest:  hex.EncodeToString(ver.Sha256),
 					Success: false,
@@ -168,7 +169,7 @@ func verifyIasMeasurements(iasM Measurement, nonce []byte, referenceValues []Ref
 		found := false
 		for _, ver := range referenceValues {
 			if bytes.Equal(ver.Sha256, swc.MeasurementValue) {
-				result.Artifacts = append(result.Artifacts, DigestResult{
+				result.Artifacts = append(result.Artifacts, ar.DigestResult{
 					Name:    ver.Name,
 					Digest:  hex.EncodeToString(swc.MeasurementValue),
 					Success: true,
@@ -178,7 +179,7 @@ func verifyIasMeasurements(iasM Measurement, nonce []byte, referenceValues []Ref
 		}
 		if !found {
 			ok = false
-			result.Artifacts = append(result.Artifacts, DigestResult{
+			result.Artifacts = append(result.Artifacts, ar.DigestResult{
 				Name:    swc.MeasurementDescription,
 				Digest:  hex.EncodeToString(swc.MeasurementValue),
 				Success: false,
@@ -190,34 +191,34 @@ func verifyIasMeasurements(iasM Measurement, nonce []byte, referenceValues []Ref
 	return result, ok
 }
 
-func verifyIat(data []byte, cert *x509.Certificate) (Result, []byte, bool) {
+func verifyIat(data []byte, cert *x509.Certificate) (ar.Result, []byte, bool) {
 
 	// create a Sign1Message from a raw COSE_Sign payload
 	var msgToVerify cose.Sign1Message
 	err := msgToVerify.UnmarshalCBOR(data)
 	if err != nil {
 		log.Tracef("error unmarshalling cose: %v", err)
-		return Result{Success: false, ErrorCode: ParseEvidence}, nil, false
+		return ar.Result{Success: false, ErrorCode: ar.ParseEvidence}, nil, false
 	}
 
 	publicKey, okKey := cert.PublicKey.(*ecdsa.PublicKey)
 	if !okKey {
 		log.Tracef("Failed to extract public key from certificate: %v", err)
-		return Result{Success: false, ErrorCode: ExtractPubKey}, nil, false
+		return ar.Result{Success: false, ErrorCode: ar.ExtractPubKey}, nil, false
 	}
 
 	// create a verifier from a trusted private key
 	verifier, err := cose.NewVerifier(cose.AlgorithmES256, publicKey)
 	if err != nil {
 		log.Tracef("Failed to create verifier: %v", err)
-		return Result{Success: false, ErrorCode: Internal}, nil, false
+		return ar.Result{Success: false, ErrorCode: ar.Internal}, nil, false
 	}
 
 	err = msgToVerify.Verify(nil, verifier)
 	if err != nil {
 		log.Tracef("Failed to verify COSE token: %v", err)
-		return Result{Success: false, ErrorCode: VerifySignature}, nil, false
+		return ar.Result{Success: false, ErrorCode: ar.VerifySignature}, nil, false
 	}
 
-	return Result{Success: true}, msgToVerify.Payload, true
+	return ar.Result{Success: true}, msgToVerify.Payload, true
 }
diff --git a/attestationreport/iat_test.go b/verify/iat_test.go
similarity index 93%
rename from attestationreport/iat_test.go
rename to verify/iat_test.go
index 83a4261d..0d9f5361 100644
--- a/attestationreport/iat_test.go
+++ b/verify/iat_test.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"crypto/x509"
@@ -21,14 +21,15 @@ import (
 	"reflect"
 	"testing"
 
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/sirupsen/logrus"
 )
 
 func Test_verifyIasMeasurements(t *testing.T) {
 	type args struct {
-		IasM            *Measurement
+		IasM            *ar.Measurement
 		nonce           []byte
-		referenceValues []ReferenceValue
+		referenceValues []ar.ReferenceValue
 		ca              *x509.Certificate
 	}
 	tests := []struct {
@@ -39,13 +40,13 @@ func Test_verifyIasMeasurements(t *testing.T) {
 		{
 			name: "Invalid IAT",
 			args: args{
-				IasM: &Measurement{
+				IasM: &ar.Measurement{
 					Type:     "IAS Measurement",
 					Evidence: invalidIat,
 					Certs:    [][]byte{validIasCert.Raw, validIasCa.Raw},
 				},
 				nonce: validIasNonce,
-				referenceValues: []ReferenceValue{
+				referenceValues: []ar.ReferenceValue{
 					validSpeReferenceValue,
 					validNspeReferenceValue,
 				},
@@ -56,13 +57,13 @@ func Test_verifyIasMeasurements(t *testing.T) {
 		{
 			name: "Invalid Cert",
 			args: args{
-				IasM: &Measurement{
+				IasM: &ar.Measurement{
 					Type:     "IAS Measurement",
 					Evidence: validIat,
 					Certs:    [][]byte{invalidIasCert.Raw, validIasCa.Raw},
 				},
 				nonce: validIasNonce,
-				referenceValues: []ReferenceValue{
+				referenceValues: []ar.ReferenceValue{
 					validSpeReferenceValue,
 					validNspeReferenceValue,
 				},
@@ -73,13 +74,13 @@ func Test_verifyIasMeasurements(t *testing.T) {
 		{
 			name: "Invalid CA",
 			args: args{
-				IasM: &Measurement{
+				IasM: &ar.Measurement{
 					Type:     "IAS Measurement",
 					Evidence: validIat,
 					Certs:    [][]byte{validIasCert.Raw, validIasCa.Raw},
 				},
 				nonce: validIasNonce,
-				referenceValues: []ReferenceValue{
+				referenceValues: []ar.ReferenceValue{
 					validSpeReferenceValue,
 					validNspeReferenceValue,
 				},
@@ -90,13 +91,13 @@ func Test_verifyIasMeasurements(t *testing.T) {
 		{
 			name: "Invalid Nonce",
 			args: args{
-				IasM: &Measurement{
+				IasM: &ar.Measurement{
 					Type:     "IAS Measurement",
 					Evidence: validIat,
 					Certs:    [][]byte{validIasCert.Raw, validIasCa.Raw},
 				},
 				nonce: invalidIasNonce,
-				referenceValues: []ReferenceValue{
+				referenceValues: []ar.ReferenceValue{
 					validSpeReferenceValue,
 					validNspeReferenceValue,
 				},
@@ -107,13 +108,13 @@ func Test_verifyIasMeasurements(t *testing.T) {
 		{
 			name: "Invalid Reference Value",
 			args: args{
-				IasM: &Measurement{
+				IasM: &ar.Measurement{
 					Type:     "IAS Measurement",
 					Evidence: validIat,
 					Certs:    [][]byte{validIasCert.Raw, validIasCa.Raw},
 				},
 				nonce: validIasNonce,
-				referenceValues: []ReferenceValue{
+				referenceValues: []ar.ReferenceValue{
 					invalidSpeReferenceValue,
 					validNspeReferenceValue,
 				},
@@ -124,13 +125,13 @@ func Test_verifyIasMeasurements(t *testing.T) {
 		{
 			name: "Invalid Measurement",
 			args: args{
-				IasM: &Measurement{
+				IasM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validIat,
 					Certs:    [][]byte{validIasCert.Raw, validIasCa.Raw},
 				},
 				nonce: validIasNonce,
-				referenceValues: []ReferenceValue{
+				referenceValues: []ar.ReferenceValue{
 					invalidSpeReferenceValue,
 					validNspeReferenceValue,
 				},
@@ -178,19 +179,19 @@ var (
 
 	validNspeMeasurement, _ = hex.DecodeString("73deb833155c9c317d838b5368b6a63bd38706fa874e874c1b5affe4571b348b")
 
-	validSpeReferenceValue = ReferenceValue{
+	validSpeReferenceValue = ar.ReferenceValue{
 		Type:   "IAS Reference Value",
 		Name:   "SPE Measurement",
 		Sha256: validSpeMeasurement,
 	}
 
-	invalidSpeReferenceValue = ReferenceValue{
+	invalidSpeReferenceValue = ar.ReferenceValue{
 		Type:   "IAS Reference Value",
 		Name:   "SPE Measurement",
 		Sha256: invalidSpeMeasurement,
 	}
 
-	validNspeReferenceValue = ReferenceValue{
+	validNspeReferenceValue = ar.ReferenceValue{
 		Type:   "IAS Reference Value",
 		Name:   "NSPE Measurement",
 		Sha256: validNspeMeasurement,
diff --git a/attestationreport/intel_helpers.go b/verify/intel_helpers.go
similarity index 91%
rename from attestationreport/intel_helpers.go
rename to verify/intel_helpers.go
index 7973a0fc..14f056dc 100644
--- a/attestationreport/intel_helpers.go
+++ b/verify/intel_helpers.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"bytes"
@@ -35,6 +35,7 @@ import (
 	"strconv"
 	"time"
 
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
 )
 
@@ -118,7 +119,7 @@ type ECDSA256QuoteSignatureDataStructure struct {
 
 type TcbInfo struct {
 	TcbInfo   TcbInfoBody `json:"tcbInfo"`
-	Signature HexByte     `json:"signature"`
+	Signature ar.HexByte  `json:"signature"`
 }
 
 type TcbInfoBody struct {
@@ -126,8 +127,8 @@ type TcbInfoBody struct {
 	Version                 uint32     `json:"version"`
 	IssueDate               time.Time  `json:"issueDate"`
 	NextUpdate              time.Time  `json:"nextUpdate"`
-	Fmspc                   HexByte    `json:"fmspc"`
-	PceId                   HexByte    `json:"pceId"`
+	Fmspc                   ar.HexByte `json:"fmspc"`
+	PceId                   ar.HexByte `json:"pceId"`
 	TcbType                 uint32     `json:"tcbType"`
 	TcbEvaluationDataNumber uint32     `json:"tcbEvaluationDataNumber"`
 	TcbLevels               []TcbLevel `json:"tcbLevels"`
@@ -154,9 +155,9 @@ type TcbComponent struct {
 }
 
 type TdxModule struct {
-	Mrsigner       HexByte `json:"mrsigner"`
-	Attributes     HexByte `json:"attributes"`
-	AttributesMask HexByte `json:"attributesMask"`
+	Mrsigner       ar.HexByte `json:"mrsigner"`
+	Attributes     ar.HexByte `json:"attributes"`
+	AttributesMask ar.HexByte `json:"attributesMask"`
 }
 
 type SgxCertificates struct {
@@ -168,7 +169,7 @@ type SgxCertificates struct {
 
 type QEIdentity struct {
 	EnclaveIdentity QEIdentityBody `json:"enclaveIdentity"`
-	Signature       HexByte        `json:"signature"`
+	Signature       ar.HexByte     `json:"signature"`
 }
 
 type QEIdentityBody struct {
@@ -177,11 +178,11 @@ type QEIdentityBody struct {
 	IssueDate               time.Time           `json:"issueDate"`
 	NextUpdate              time.Time           `json:"nextUpdate"`
 	TcbEvaluationDataNumber uint32              `json:"tcbEvaluationDataNumber"`
-	Miscselect              HexByte             `json:"miscselect"`
-	MiscselectMask          HexByte             `json:"miscselectMask"`
-	Attributes              HexByte             `json:"attributes"`
-	AttributesMask          HexByte             `json:"attributesMask"`
-	Mrsigner                HexByte             `json:"mrsigner"`
+	Miscselect              ar.HexByte          `json:"miscselect"`
+	MiscselectMask          ar.HexByte          `json:"miscselectMask"`
+	Attributes              ar.HexByte          `json:"attributes"`
+	AttributesMask          ar.HexByte          `json:"attributesMask"`
+	Mrsigner                ar.HexByte          `json:"mrsigner"`
 	IsvProdId               uint32              `json:"isvprodid"`
 	TcbLevels               []TcbLevelEnclaveId `json:"tcbLevels"`
 }
@@ -478,8 +479,8 @@ func parseECDSASignature(buf *bytes.Buffer, sig *ECDSA256QuoteSignatureDataStruc
 // Params: QuoteType = 0x00 (SGX) or 0x81 (TDX)
 func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any,
 	quoteSignatureSize uint32, quoteSignatureType int, certs SgxCertificates,
-	fingerprint string, intelCache string, quoteType uint32) (SignatureResult, bool) {
-	result := SignatureResult{}
+	fingerprint string, intelCache string, quoteType uint32) (ar.SignatureResult, bool) {
+	result := ar.SignatureResult{}
 	var digest [32]byte
 	var ak_pub [64]byte // attestation public key (generated by the QE)
 	var reportData [64]byte
@@ -492,26 +493,26 @@ func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any,
 		if uint32(len(reportRaw)-SGX_QUOTE_SIGNATURE_OFFSET) != quoteSignatureSize {
 			log.Tracef("parsed QuoteSignatureData size doesn't match QuoteSignatureDataLen. expected: %v, got: %v\n",
 				quoteSignatureSize, uint32(len(reportRaw)-signature_offset))
-			result.SignCheck.SetErr(SignatureLength)
+			result.SignCheck.SetErr(ar.SignatureLength)
 			return result, false
 		}
 	case TDX_QUOTE_TYPE:
 		if uint32(len(reportRaw)-TDX_QUOTE_SIGNATURE_OFFSET) != quoteSignatureSize {
 			log.Tracef("parsed QuoteSignatureData size doesn't match QuoteSignatureDataLen. expected: %v, got: %v\n",
 				quoteSignatureSize, uint32(len(reportRaw)-signature_offset))
-			result.SignCheck.SetErr(SignatureLength)
+			result.SignCheck.SetErr(ar.SignatureLength)
 			return result, false
 		}
 	default:
 		log.Tracef("Quote Type not supported %v", quoteType)
-		result.SignCheck.SetErr(EvidenceType)
+		result.SignCheck.SetErr(ar.EvidenceType)
 		return result, false
 	}
 
 	// for now only ECDSA_P_256 support
 	if quoteSignatureType != ECDSA_P_256 {
 		log.Tracef("Signature Algorithm %v not supported", quoteSignatureType)
-		result.SignCheck.SetErr(UnsupportedAlgorithm)
+		result.SignCheck.SetErr(ar.UnsupportedAlgorithm)
 		return result, false
 	}
 
@@ -535,7 +536,7 @@ func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any,
 
 	if len(ak_pub) == 0 {
 		log.Tracef("Failed to extract ECDSA public key from certificate")
-		result.SignCheck.SetErr(ExtractPubKey)
+		result.SignCheck.SetErr(ar.ExtractPubKey)
 		return result, false
 	}
 
@@ -555,7 +556,7 @@ func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any,
 	ok := ecdsa.Verify(ecdsa_ak_pub, digest[:], r, s)
 	if !ok {
 		log.Tracef("Failed to verify ISV Enclave report signature")
-		result.SignCheck.SetErr(VerifySignature)
+		result.SignCheck.SetErr(ar.VerifySignature)
 		return result, false
 	}
 	log.Trace("Successfully verified ISV Enclave report signature")
@@ -581,7 +582,7 @@ func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any,
 	pck_pub, ok := certs.PCKCert.PublicKey.(*ecdsa.PublicKey)
 	if pck_pub == nil || !ok {
 		log.Tracef("Failed to extract PCK public key from certificate")
-		result.SignCheck.SetErr(ExtractPubKey)
+		result.SignCheck.SetErr(ar.ExtractPubKey)
 		return result, false
 	}
 
@@ -589,7 +590,7 @@ func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any,
 	ok = ecdsa.Verify(pck_pub, digest[:], r, s)
 	if !ok {
 		log.Tracef("Failed to verify QE report signature")
-		result.SignCheck.SetErr(VerifySignature)
+		result.SignCheck.SetErr(ar.VerifySignature)
 		return result, false
 	}
 
@@ -601,20 +602,20 @@ func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any,
 
 	if !bytes.Equal(reportData[:], reportDataRef[:]) {
 		log.Tracef("invalid SHA256(ECDSA Attestation Key || QE Authentication Data) || 32*0x00) in QEReport.ReportData. expected: %v, got: %v\n", reportDataRef, reportData)
-		result.CertChainCheck.SetErr(VerifyCertChain)
+		result.CertChainCheck.SetErr(ar.VerifyCertChain)
 		return result, false
 	}
 
 	// Step 4: Parse and verify the entire PCK certificate chain
 	var x509Chains [][]*x509.Certificate
-	var code ErrorCode
+	var code ar.ErrorCode
 	switch quoteType {
 	case SGX_QUOTE_TYPE:
 		x509Chains, code = VerifyIntelCertChainFull(certs, CA_PROCESSOR, intelCache)
 	case TDX_QUOTE_TYPE:
 		x509Chains, code = VerifyIntelCertChainFull(certs, CA_PLATFORM, intelCache)
 	}
-	if code != NotSet {
+	if code != ar.NotSet {
 		log.Tracef("Failed to verify certificate chain: %v", err)
 		result.CertChainCheck.SetErr(code)
 		return result, false
@@ -624,23 +625,23 @@ func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any,
 	refFingerprint, err := hex.DecodeString(fingerprint)
 	if err != nil {
 		log.Tracef("Failed to decode CA fingerprint %v: %v", fingerprint, err)
-		result.CertChainCheck.SetErr(ParseCAFingerprint)
+		result.CertChainCheck.SetErr(ar.ParseCAFingerprint)
 		return result, false
 	}
 	caFingerprint := sha256.Sum256(certs.RootCACert.Raw)
 	if !bytes.Equal(refFingerprint, caFingerprint[:]) {
 		log.Tracef("CA fingerprint %v does not match measurement CA fingerprint %v",
 			fingerprint, hex.EncodeToString(caFingerprint[:]))
-		result.CertChainCheck.SetErr(CaFingerprint)
+		result.CertChainCheck.SetErr(ar.CaFingerprint)
 		return result, false
 	}
 	result.CertChainCheck.Success = true
 
 	// Step 6: Store details from (all) validated certificate chain(s) in the report
 	for _, chain := range x509Chains {
-		chainExtracted := []X509CertExtracted{}
+		chainExtracted := []ar.X509CertExtracted{}
 		for _, cert := range chain {
-			chainExtracted = append(chainExtracted, ExtractX509Infos(cert))
+			chainExtracted = append(chainExtracted, ar.ExtractX509Infos(cert))
 		}
 		result.ValidatedCerts = append(result.ValidatedCerts, chainExtracted)
 	}
@@ -650,12 +651,12 @@ func VerifyIntelQuoteSignature(reportRaw []byte, quoteSignature any,
 
 // teeTcbSvn is only required for TDX (from TdxReportBody)
 func verifyTcbInfo(tcbInfo *TcbInfo, tcbInfoBodyRaw string, tcbKeyCert *x509.Certificate,
-	sgxExtensions SGXExtensionsValue, teeTcbSvn [16]byte, quoteType uint32) TcbLevelResult {
-	var result TcbLevelResult
+	sgxExtensions SGXExtensionsValue, teeTcbSvn [16]byte, quoteType uint32) ar.TcbLevelResult {
+	var result ar.TcbLevelResult
 
 	if tcbInfo == nil || tcbKeyCert == nil {
 		log.Tracef("invalid function parameter (null pointer exception)")
-		result.Summary.SetErr(Internal)
+		result.Summary.SetErr(ar.Internal)
 		return result
 	}
 
@@ -679,7 +680,7 @@ func verifyTcbInfo(tcbInfo *TcbInfo, tcbInfoBodyRaw string, tcbKeyCert *x509.Cer
 	ok := ecdsa.Verify(pub_key, digest[:], r, s)
 	if !ok {
 		log.Tracef("failed to verify tcbInfo signature")
-		result.Summary.SetErr(VerifyTcbInfo)
+		result.Summary.SetErr(ar.VerifyTcbInfo)
 		return result
 	}
 
@@ -687,14 +688,14 @@ func verifyTcbInfo(tcbInfo *TcbInfo, tcbInfoBodyRaw string, tcbKeyCert *x509.Cer
 
 	if now.After(tcbInfo.TcbInfo.NextUpdate) {
 		log.Tracef("tcbInfo has expired since: %v", tcbInfo.TcbInfo.NextUpdate)
-		result.Summary.SetErr(TcbInfoExpired)
+		result.Summary.SetErr(ar.TcbInfoExpired)
 		return result
 	}
 
 	if !bytes.Equal([]byte(tcbInfo.TcbInfo.Fmspc), sgxExtensions.Fmspc.Value) {
 		log.Tracef("FMSPC value from TcbInfo (%v) and FMSPC value from SGX Extensions in PCK Cert (%v) do not match",
 			tcbInfo.TcbInfo.Fmspc, sgxExtensions.Fmspc.Value)
-		result.Summary.SetErr(SgxFmpcMismatch)
+		result.Summary.SetErr(ar.SgxFmpcMismatch)
 		return result
 
 	}
@@ -702,7 +703,7 @@ func verifyTcbInfo(tcbInfo *TcbInfo, tcbInfoBodyRaw string, tcbKeyCert *x509.Cer
 	if !bytes.Equal([]byte(tcbInfo.TcbInfo.PceId), sgxExtensions.PceId.Value) {
 		log.Tracef("PCEID value from TcbInfo (%v) and PCEID value from SGX Extensions in PCK Cert (%v) do not match",
 			tcbInfo.TcbInfo.PceId, sgxExtensions.PceId.Value)
-		result.Summary.SetErr(SgxPceidMismatch)
+		result.Summary.SetErr(ar.SgxPceidMismatch)
 		return result
 	}
 
@@ -728,7 +729,7 @@ func verifyTcbInfo(tcbInfo *TcbInfo, tcbInfoBodyRaw string, tcbKeyCert *x509.Cer
 
 		// Only TDX: Compare TEE TCB SVNs from TDX Report with TCB Level
 		if !compareTeeTcbSvns(teeTcbSvn, tcbLevel) || tcbLevel.Tcb.TdxTcbComponents[1].Svn != teeTcbSvn[1] {
-			result.Summary.SetErr(TcbLevelUnsupported)
+			result.Summary.SetErr(ar.TcbLevelUnsupported)
 			return result
 		}
 
@@ -736,7 +737,7 @@ func verifyTcbInfo(tcbInfo *TcbInfo, tcbInfoBodyRaw string, tcbKeyCert *x509.Cer
 		if tcbLevel.TcbStatus == string(Revoked) {
 			result.TcbLevelStatus = string(Revoked)
 			result.TcbLevelDate = tcbLevel.TcbDate
-			result.Summary.SetErr(TcbLevelRevoked)
+			result.Summary.SetErr(ar.TcbLevelRevoked)
 			return result
 		}
 
@@ -746,7 +747,7 @@ func verifyTcbInfo(tcbInfo *TcbInfo, tcbInfoBodyRaw string, tcbKeyCert *x509.Cer
 		return result
 	}
 
-	result.Summary.SetErr(TcbLevelUnsupported)
+	result.Summary.SetErr(ar.TcbLevelUnsupported)
 	return result
 }
 
@@ -776,8 +777,8 @@ func compareTeeTcbSvns(teeTcbSvn [16]byte, tcbLevel TcbLevel) bool {
 }
 
 // verify QE Identity and compare the values to the QE (SGX/TDX)
-func VerifyQEIdentity(qeReportBody *EnclaveReportBody, qeIdentity *QEIdentity, qeIdentityBodyRaw string, tcbKeyCert *x509.Certificate, teeType uint32) (TcbLevelResult, error) {
-	result := TcbLevelResult{}
+func VerifyQEIdentity(qeReportBody *EnclaveReportBody, qeIdentity *QEIdentity, qeIdentityBodyRaw string, tcbKeyCert *x509.Certificate, teeType uint32) (ar.TcbLevelResult, error) {
+	result := ar.TcbLevelResult{}
 	if qeReportBody == nil || qeIdentity == nil || tcbKeyCert == nil {
 		return result, fmt.Errorf("invalid function parameter (null pointer exception)")
 	}
@@ -832,27 +833,27 @@ func VerifyQEIdentity(qeReportBody *EnclaveReportBody, qeIdentity *QEIdentity, q
 		log.Tracef("MRSIGNER mismatch. Expected: %v, Got: %v",
 			qeIdentity.EnclaveIdentity.Mrsigner, qeReportBody.MRSIGNER)
 		result.Summary.Success = false
-		result.MrSigner = Result{
+		result.MrSigner = ar.Result{
 			Success:  false,
 			Expected: hex.EncodeToString(qeIdentity.EnclaveIdentity.Mrsigner),
 			Got:      hex.EncodeToString(qeReportBody.MRSIGNER[:]),
 		}
 		return result, nil
 	}
-	result.MrSigner = Result{Success: true}
+	result.MrSigner = ar.Result{Success: true}
 
 	// check isvProdId
 	if qeReportBody.ISVProdID != uint16(qeIdentity.EnclaveIdentity.IsvProdId) {
 		log.Tracef("IsvProdId mismatch. Expected: %v, Got: %v", qeIdentity.EnclaveIdentity.IsvProdId, qeReportBody.ISVProdID)
 		result.Summary.Success = false
-		result.IsvProdId = Result{
+		result.IsvProdId = ar.Result{
 			Success:  false,
 			Expected: strconv.FormatUint(uint64(qeIdentity.EnclaveIdentity.IsvProdId), 10),
 			Got:      strconv.FormatUint(uint64(qeReportBody.ISVProdID), 10),
 		}
 		return result, nil
 	}
-	result.IsvProdId = Result{Success: true}
+	result.IsvProdId = ar.Result{Success: true}
 
 	// check miscselect
 	miscselectMask := binary.LittleEndian.Uint32(qeIdentity.EnclaveIdentity.MiscselectMask)
@@ -862,14 +863,14 @@ func VerifyQEIdentity(qeReportBody *EnclaveReportBody, qeIdentity *QEIdentity, q
 		log.Tracef("miscSelect value from QEIdentity: %v does not match miscSelect value from QE Report: %v",
 			qeIdentity.EnclaveIdentity.Miscselect, (qeReportBody.MISCSELECT & miscselectMask))
 		result.Summary.Success = false
-		result.MrSigner = Result{
+		result.MrSigner = ar.Result{
 			Success:  false,
 			Expected: strconv.FormatUint(uint64(refMiscSelect), 10),
 			Got:      strconv.FormatUint(uint64(reportMiscSelect), 10),
 		}
 		return result, nil
 	}
-	result.MrSigner = Result{Success: true}
+	result.MrSigner = ar.Result{Success: true}
 
 	// check attributes
 	attributes_quote := qeReportBody.Attributes
@@ -882,14 +883,14 @@ func VerifyQEIdentity(qeReportBody *EnclaveReportBody, qeIdentity *QEIdentity, q
 	if !bytes.Equal([]byte(qeIdentity.EnclaveIdentity.Attributes), attributes_quote[:]) {
 		log.Tracef("attributes mismatch. Expected: %v, Got: %v", qeIdentity.EnclaveIdentity.Attributes, attributes_quote)
 		result.Summary.Success = false
-		result.Attributes = Result{
+		result.Attributes = ar.Result{
 			Success:  false,
 			Expected: hex.EncodeToString(qeIdentity.EnclaveIdentity.Attributes),
 			Got:      hex.EncodeToString(attributes_quote[:]),
 		}
 		return result, nil
 	}
-	result.Attributes = Result{Success: true}
+	result.Attributes = ar.Result{Success: true}
 
 	tcbStatus, tcbDate := getTcbStatusAndDateQE(qeIdentity, qeReportBody)
 	log.Tracef("TcbStatus for Enclave's Identity tcbLevel (isvSvn: %v): '%v'", qeReportBody.ISVSVN, tcbStatus)
@@ -1052,74 +1053,74 @@ func downloadCRL(uri string) (*x509.RevocationList, error) {
 }
 
 // Verifies a given SGX certificate chain, fetches CRLs and checks if the certs are outdated
-func VerifyIntelCertChainFull(quoteCerts SgxCertificates, ca string, intelCache string) ([][]*x509.Certificate, ErrorCode) {
+func VerifyIntelCertChainFull(quoteCerts SgxCertificates, ca string, intelCache string) ([][]*x509.Certificate, ar.ErrorCode) {
 	// verify PCK certificate chain
 	x509CertChains, err := internal.VerifyCertChain(
 		[]*x509.Certificate{quoteCerts.PCKCert, quoteCerts.IntermediateCert},
 		[]*x509.Certificate{quoteCerts.RootCACert})
 	if err != nil {
 		log.Tracef("Failed to verify pck certificate chain: %v", err)
-		return nil, VerifyPCKChain
+		return nil, ar.VerifyPCKChain
 	}
 
 	// download CRLs from PCS
 	root_ca_crl, err := fetchCRL(PCS_ROOT_CA_CRL_URI, ROOT_CA_CRL_NAME, "", intelCache)
 	if err != nil {
 		log.Tracef("downloading Root CA CRL from PCS failed: %v", err)
-		return nil, DownloadRootCRL
+		return nil, ar.DownloadRootCRL
 	}
 
 	pck_crl_uri := fmt.Sprintf(PCS_PCK_CERT_CRL_URI, ca)
 	pck_crl, err := fetchCRL(pck_crl_uri, PCK_CERT_CRL_NAME, ca, intelCache)
 	if err != nil {
 		log.Tracef("downloading PCK Cert CRL from PCS failed: %v", err)
-		return nil, DownloadPCKCRL
+		return nil, ar.DownloadPCKCRL
 	}
 
 	// perform CRL checks (signature + values)
 	res, err := CrlCheck(root_ca_crl, quoteCerts.RootCACert, quoteCerts.RootCACert)
 	if !res || err != nil {
 		log.Tracef("CRL check on rootCert failed: %v", err)
-		return nil, CRLCheckRoot
+		return nil, ar.CRLCheckRoot
 	}
 
 	res, err = CrlCheck(pck_crl, quoteCerts.PCKCert, quoteCerts.IntermediateCert)
 	if !res || err != nil {
 		log.Tracef("CRL check on pckCert failed: %v", err)
-		return nil, CRLCheckPCK
+		return nil, ar.CRLCheckPCK
 	}
 
-	return x509CertChains, NotSet
+	return x509CertChains, ar.NotSet
 }
 
 // Verifies the TCB signing cert chain
-func VerifyTCBSigningCertChain(quoteCerts SgxCertificates, intelCache string) ([][]*x509.Certificate, ErrorCode) {
+func VerifyTCBSigningCertChain(quoteCerts SgxCertificates, intelCache string) ([][]*x509.Certificate, ar.ErrorCode) {
 	tcbSigningCertChain, err := internal.VerifyCertChain(
 		[]*x509.Certificate{quoteCerts.TCBSigningCert},
 		[]*x509.Certificate{quoteCerts.RootCACert})
 	if err != nil {
 		log.Tracef("Failed to verify TCB Signing certificate chain: %v", err)
-		return nil, VerifyTCBChain
+		return nil, ar.VerifyTCBChain
 	}
 
 	root_ca_crl, err := fetchCRL(PCS_ROOT_CA_CRL_URI, ROOT_CA_CRL_NAME, "", intelCache)
 	if err != nil {
 		log.Tracef("downloading Root CA CRL from PCS failed: %v", err)
-		return nil, DownloadRootCRL
+		return nil, ar.DownloadRootCRL
 	}
 
 	// perform CRL checks (signature + values)
 	res, err := CrlCheck(root_ca_crl, quoteCerts.TCBSigningCert, quoteCerts.RootCACert)
 	if !res || err != nil {
 		log.Tracef("CRL check on TcbSigningCert failed: %v", err)
-		return nil, CRLCheckSigningCert
+		return nil, ar.CRLCheckSigningCert
 	}
 
-	return tcbSigningCertChain, NotSet
+	return tcbSigningCertChain, ar.NotSet
 }
 
-func verifyQuoteVersion(quote QuoteHeader, version uint16) (Result, bool) {
-	r := Result{}
+func verifyQuoteVersion(quote QuoteHeader, version uint16) (ar.Result, bool) {
+	r := ar.Result{}
 	ok := quote.Version == version
 	if !ok {
 		log.Tracef("Quote version mismatch: Report = %v, supplied = %v", quote.Version, version)
diff --git a/attestationreport/jspolicies.go b/verify/jspolicies.go
similarity index 87%
rename from attestationreport/jspolicies.go
rename to verify/jspolicies.go
index ce8c4e26..565e4fcc 100644
--- a/attestationreport/jspolicies.go
+++ b/verify/jspolicies.go
@@ -15,12 +15,13 @@
 
 //go:build !nodefaults || jspolicies
 
-package attestationreport
+package verify
 
 import (
 	"encoding/json"
 
 	"github.com/Fraunhofer-AISEC/cmc/attestationpolicies/jspolicies"
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 )
 
 type JsPolicyEngine struct{}
@@ -29,7 +30,7 @@ func init() {
 	policyEngines[PolicyEngineSelect_JS] = JsPolicyEngine{}
 }
 
-func (p JsPolicyEngine) Validate(policies []byte, result VerificationResult) bool {
+func (p JsPolicyEngine) Validate(policies []byte, result ar.VerificationResult) bool {
 	vr, err := json.Marshal(result)
 	if err != nil {
 		log.Errorf("Failed to marshal verification result: %v", err)
diff --git a/attestationreport/sgx.go b/verify/sgx.go
similarity index 89%
rename from attestationreport/sgx.go
rename to verify/sgx.go
index f208e431..89c06991 100644
--- a/attestationreport/sgx.go
+++ b/verify/sgx.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"bytes"
@@ -23,6 +23,8 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 )
 
 // Overall structure: table 2 from https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf
@@ -76,12 +78,12 @@ func DecodeSgxReport(report []byte) (SgxReport, error) {
 	return reportStruct, nil
 }
 
-func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, referenceValues []ReferenceValue) (*MeasurementResult, bool) {
+func verifySgxMeasurements(sgxM ar.Measurement, nonce []byte, intelCache string, referenceValues []ar.ReferenceValue) (*ar.MeasurementResult, bool) {
 
 	var err error
-	result := &MeasurementResult{
+	result := &ar.MeasurementResult{
 		Type:      "SGX Result",
-		SgxResult: &SgxResult{},
+		SgxResult: &ar.SgxResult{},
 	}
 	ok := true
 
@@ -89,12 +91,12 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 
 	if len(referenceValues) == 0 {
 		log.Tracef("Could not find SGX Reference Value")
-		result.Summary.SetErr(RefValNotPresent)
+		result.Summary.SetErr(ar.RefValNotPresent)
 		return result, false
 	} else if len(referenceValues) > 1 {
 		log.Tracef("Report contains %v reference values. Currently, only one SGX Reference Value is supported",
 			len(referenceValues))
-		result.Summary.SetErr(RefValMultiple)
+		result.Summary.SetErr(ar.RefValMultiple)
 		return result, false
 	}
 	sgxReferenceValue := referenceValues[0]
@@ -102,19 +104,19 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 	// Validate Parameters:
 	if sgxM.Evidence == nil || len(sgxM.Evidence) < SGX_QUOTE_MIN_SIZE {
 		log.Tracef("Invalid SGX Report")
-		result.Summary.SetErr(ParseEvidence)
+		result.Summary.SetErr(ar.ParseEvidence)
 		return result, false
 	}
 
 	if sgxReferenceValue.Type != "SGX Reference Value" {
 		log.Tracef("SGX Reference Value invalid type %v", sgxReferenceValue.Type)
-		result.Summary.SetErr(RefValType)
+		result.Summary.SetErr(ar.RefValType)
 		return result, false
 	}
 
 	if sgxReferenceValue.Sgx == nil {
 		log.Tracef("SGX Reference Value details not present")
-		result.Summary.SetErr(DetailsNotPresent)
+		result.Summary.SetErr(ar.DetailsNotPresent)
 		return result, false
 	}
 
@@ -125,7 +127,7 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 		sgxQuote, err = DecodeSgxReport(sgxM.Evidence)
 		if err != nil {
 			log.Tracef("Failed to decode SGX report: %v", err)
-			result.Summary.SetErr(ParseEvidence)
+			result.Summary.SetErr(ar.ParseEvidence)
 			return result, false
 		}
 	} else {
@@ -155,7 +157,7 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 	referenceCerts, err := parseCertificates(sgxM.Certs, true)
 	if err != nil {
 		log.Tracef("Failed to parse reference certificates: %v", err)
-		result.Summary.SetErr(ParseCert)
+		result.Summary.SetErr(ar.ParseCert)
 		return result, false
 	}
 
@@ -165,19 +167,19 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 		quoteCerts, err = parseCertificates(sgxQuote.QuoteSignatureData.QECertData, true)
 		if err != nil {
 			log.Tracef("Failed to parse certificate chain from QECertData: %v", err)
-			result.Summary.SetErr(ParseCert)
+			result.Summary.SetErr(ar.ParseCert)
 			return result, false
 		}
 	} else {
 		log.Tracef("QECertDataType not supported: %v", sgxQuote.QuoteSignatureData.QECertDataType)
-		result.Summary.SetErr(ParseCert)
+		result.Summary.SetErr(ar.ParseCert)
 		return result, false
 	}
 
 	// Extract root CA from PCK cert chain in quote -> compare nullptr
 	if quoteCerts.RootCACert == nil {
 		log.Tracef("root cert is null")
-		result.Summary.SetErr(ParseCA)
+		result.Summary.SetErr(ar.ParseCA)
 		return result, false
 	}
 
@@ -194,7 +196,7 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 
 	if !bytes.Equal(quotePublicKeyBytes, referencePublicKeyBytes) {
 		log.Tracef("root cert public key didn't match")
-		result.Summary.SetErr(CaFingerprint)
+		result.Summary.SetErr(ar.CaFingerprint)
 		return result, false
 	}
 
@@ -202,7 +204,7 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 	sgxExtensions, err := ParseSGXExtensions(quoteCerts.PCKCert.Extensions[SGX_EXTENSION_INDEX].Value[4:]) // skip the first value (not relevant)
 	if err != nil {
 		log.Tracef("failed to parse SGX Extensions from PCK Certificate: %v", err)
-		result.Summary.SetErr(ParseExtensions)
+		result.Summary.SetErr(ar.ParseExtensions)
 		return result, false
 	}
 
@@ -210,7 +212,7 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 	tcbInfo, err := parseTcbInfo(sgxReferenceValue.Sgx.Collateral.TcbInfo)
 	if err != nil {
 		log.Tracef("Failed to parse tcbInfo: %v", err)
-		result.Summary.SetErr(ParseTcbInfo)
+		result.Summary.SetErr(ar.ParseTcbInfo)
 		return result, false
 	}
 
@@ -219,7 +221,7 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 		referenceCerts.TCBSigningCert, sgxExtensions, [16]byte{}, SGX_QUOTE_TYPE)
 	if !result.SgxResult.TcbInfoCheck.Summary.Success {
 		log.Tracef("Failed to verify TCB info structure: %v", err)
-		result.Summary.SetErr(VerifyTcbInfo)
+		result.Summary.SetErr(ar.VerifyTcbInfo)
 		return result, false
 	}
 
@@ -227,7 +229,7 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 	qeIdentity, err := parseQEIdentity(sgxReferenceValue.Sgx.Collateral.QeIdentity)
 	if err != nil {
 		log.Tracef("Failed to parse QE identity: %v", err)
-		result.Summary.SetErr(ParseQEIdentity)
+		result.Summary.SetErr(ar.ParseQEIdentity)
 		return result, false
 	}
 
@@ -235,7 +237,7 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 		string(sgxReferenceValue.Sgx.Collateral.QeIdentity), referenceCerts.TCBSigningCert, SGX_QUOTE_TYPE)
 	if err != nil {
 		log.Tracef("Failed to verify QE Identity structure: %v", err)
-		result.Summary.SetErr(VerifyQEIdentityErr)
+		result.Summary.SetErr(ar.VerifyQEIdentityErr)
 		return result, false
 	}
 	result.SgxResult.QeIdentityCheck = qeIdentityResult
@@ -253,7 +255,7 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 	err = VerifySgxQuoteBody(&sgxQuote.ISVEnclaveReport, &tcbInfo, &sgxExtensions, &sgxReferenceValue, result)
 	if err != nil {
 		log.Tracef("Failed to verify SGX Report Body: %v", err)
-		result.Summary.SetErr(VerifySignature)
+		result.Summary.SetErr(ar.VerifySignature)
 		result.Summary.Success = false
 		return result, false
 	}
@@ -270,7 +272,7 @@ func verifySgxMeasurements(sgxM Measurement, nonce []byte, intelCache string, re
 }
 
 func VerifySgxQuoteBody(body *EnclaveReportBody, tcbInfo *TcbInfo,
-	sgxExtensions *SGXExtensionsValue, sgxReferenceValue *ReferenceValue, result *MeasurementResult) error {
+	sgxExtensions *SGXExtensionsValue, sgxReferenceValue *ar.ReferenceValue, result *ar.MeasurementResult) error {
 	if body == nil || tcbInfo == nil || sgxExtensions == nil || sgxReferenceValue == nil || result == nil {
 		return fmt.Errorf("invalid function parameter (null pointer exception)")
 	}
@@ -278,14 +280,14 @@ func VerifySgxQuoteBody(body *EnclaveReportBody, tcbInfo *TcbInfo,
 	// check MRENCLAVE reference value
 	if !bytes.Equal(body.MRENCLAVE[:], []byte(sgxReferenceValue.Sha256)) {
 		result.Artifacts = append(result.Artifacts,
-			DigestResult{
+			ar.DigestResult{
 				Name:    sgxReferenceValue.Name,
 				Digest:  hex.EncodeToString(sgxReferenceValue.Sha256[:]),
 				Success: false,
 				Type:    "Reference Value",
 			})
 		result.Artifacts = append(result.Artifacts,
-			DigestResult{
+			ar.DigestResult{
 				Name:    sgxReferenceValue.Name,
 				Digest:  hex.EncodeToString(body.MRENCLAVE[:]),
 				Success: false,
@@ -294,7 +296,7 @@ func VerifySgxQuoteBody(body *EnclaveReportBody, tcbInfo *TcbInfo,
 		return fmt.Errorf("MRENCLAVE mismatch. Expected: %v, Got. %v", sgxReferenceValue.Sha256, body.MRENCLAVE)
 	} else {
 		result.Artifacts = append(result.Artifacts,
-			DigestResult{
+			ar.DigestResult{
 				Name:    sgxReferenceValue.Name,
 				Digest:  hex.EncodeToString(body.MRENCLAVE[:]),
 				Success: true,
@@ -303,25 +305,25 @@ func VerifySgxQuoteBody(body *EnclaveReportBody, tcbInfo *TcbInfo,
 	}
 
 	result.Artifacts = append(result.Artifacts,
-		DigestResult{
+		ar.DigestResult{
 			Name:    "MrSigner",
 			Digest:  hex.EncodeToString(body.MRSIGNER[:]),
 			Success: strings.EqualFold(sgxReferenceValue.Sgx.MrSigner, hex.EncodeToString(body.MRSIGNER[:])),
 			Type:    "Measurement",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "CpuSvn",
 			Digest:  hex.EncodeToString(body.CPUSVN[:]),
 			Success: bytes.Compare(sgxExtensions.Tcb.Value.CpuSvn.Value, body.CPUSVN[:]) <= 0,
 			Type:    "Security Version",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "IsvProdId",
 			Digest:  strconv.Itoa(int(body.ISVProdID)),
 			Success: sgxReferenceValue.Sgx.IsvProdId == body.ISVProdID,
 			Type:    "Product ID",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "IsvSvn",
 			Digest:  strconv.Itoa(int(body.ISVSVN)),
 			Success: sgxReferenceValue.Sgx.IsvSvn == body.ISVSVN,
@@ -335,43 +337,43 @@ func VerifySgxQuoteBody(body *EnclaveReportBody, tcbInfo *TcbInfo,
 		}
 	}
 
-	result.SgxResult.SgxAttributesCheck = SgxAttributesCheck{
-		Initted: BooleanMatch{
+	result.SgxResult.SgxAttributesCheck = ar.SgxAttributesCheck{
+		Initted: ar.BooleanMatch{
 			Success:  getBit(body.Attributes[:], 0) == sgxReferenceValue.Sgx.Attributes.Initted,
 			Claimed:  sgxReferenceValue.Sgx.Attributes.Initted,
 			Measured: getBit(body.Attributes[:], 0),
 		},
-		Debug: BooleanMatch{
+		Debug: ar.BooleanMatch{
 			Success:  getBit(body.Attributes[:], 1) == sgxReferenceValue.Sgx.Attributes.Debug,
 			Claimed:  sgxReferenceValue.Sgx.Attributes.Debug,
 			Measured: getBit(body.Attributes[:], 1),
 		},
-		Mode64Bit: BooleanMatch{
+		Mode64Bit: ar.BooleanMatch{
 			Success:  getBit(body.Attributes[:], 2) == sgxReferenceValue.Sgx.Attributes.Mode64Bit,
 			Claimed:  sgxReferenceValue.Sgx.Attributes.Mode64Bit,
 			Measured: getBit(body.Attributes[:], 2),
 		},
-		ProvisionKey: BooleanMatch{
+		ProvisionKey: ar.BooleanMatch{
 			Success:  getBit(body.Attributes[:], 5) == sgxReferenceValue.Sgx.Attributes.ProvisionKey,
 			Claimed:  sgxReferenceValue.Sgx.Attributes.ProvisionKey,
 			Measured: getBit(body.Attributes[:], 5),
 		},
-		EInitToken: BooleanMatch{
+		EInitToken: ar.BooleanMatch{
 			Success:  getBit(body.Attributes[:], 6) == sgxReferenceValue.Sgx.Attributes.EInitToken,
 			Claimed:  sgxReferenceValue.Sgx.Attributes.EInitToken,
 			Measured: getBit(body.Attributes[:], 6),
 		},
-		Kss: BooleanMatch{
+		Kss: ar.BooleanMatch{
 			Success:  getBit(body.Attributes[:], 8) == sgxReferenceValue.Sgx.Attributes.Kss,
 			Claimed:  sgxReferenceValue.Sgx.Attributes.Kss,
 			Measured: getBit(body.Attributes[:], 8),
 		},
-		Legacy: BooleanMatch{
+		Legacy: ar.BooleanMatch{
 			Success:  (body.Attributes[8] == 3) == sgxReferenceValue.Sgx.Attributes.Legacy,
 			Claimed:  sgxReferenceValue.Sgx.Attributes.Legacy,
 			Measured: body.Attributes[8] == 3,
 		},
-		Avx: BooleanMatch{
+		Avx: ar.BooleanMatch{
 			Success:  (body.Attributes[8] == 6) == sgxReferenceValue.Sgx.Attributes.Avx,
 			Claimed:  sgxReferenceValue.Sgx.Attributes.Avx,
 			Measured: body.Attributes[8] == 6,
diff --git a/attestationreport/sgx_test.go b/verify/sgx_test.go
similarity index 98%
rename from attestationreport/sgx_test.go
rename to verify/sgx_test.go
index f6da6638..a47b3774 100644
--- a/attestationreport/sgx_test.go
+++ b/verify/sgx_test.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"encoding/hex"
@@ -22,12 +22,14 @@ import (
 	"testing"
 
 	"github.com/sirupsen/logrus"
+
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 )
 
 func Test_verifySgxMeasurements(t *testing.T) {
 	type args struct {
-		sgxM  *Measurement
-		sgxV  []ReferenceValue
+		sgxM  *ar.Measurement
+		sgxV  []ar.ReferenceValue
 		nonce []byte
 	}
 	tests := []struct {
@@ -38,18 +40,18 @@ func Test_verifySgxMeasurements(t *testing.T) {
 		{
 			name: "Valid Attestation Report",
 			args: args{
-				sgxM: &Measurement{
+				sgxM: &ar.Measurement{
 					Type:     "SGX Measurement",
 					Evidence: validSGXQuote,
 					Certs:    validSGXCertChain,
 				},
-				sgxV: []ReferenceValue{
+				sgxV: []ar.ReferenceValue{
 					{
 						Type:   "SGX Reference Value",
 						Sha256: validSGXMeasurement,
-						Sgx: &SGXDetails{
+						Sgx: &ar.SGXDetails{
 							Version: validSGXVersion,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_sgx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -57,7 +59,7 @@ func Test_verifySgxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: rootCACertFingerprint,
-							Attributes: SGXAttributes{
+							Attributes: ar.SGXAttributes{
 								Initted:   true,
 								Mode64Bit: true,
 								Legacy:    true,
@@ -75,18 +77,18 @@ func Test_verifySgxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Certificate Chain",
 			args: args{
-				sgxM: &Measurement{
+				sgxM: &ar.Measurement{
 					Type:     "SGX Measurement",
 					Evidence: validSGXQuote,
 					Certs:    invalidSGXCertChain,
 				},
-				sgxV: []ReferenceValue{
+				sgxV: []ar.ReferenceValue{
 					{
 						Type:   "SGX Reference Value",
 						Sha256: validSGXMeasurement,
-						Sgx: &SGXDetails{
+						Sgx: &ar.SGXDetails{
 							Version: validSGXVersion,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_sgx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -94,7 +96,7 @@ func Test_verifySgxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: rootCACertFingerprint,
-							Attributes: SGXAttributes{
+							Attributes: ar.SGXAttributes{
 								Initted:   true,
 								Mode64Bit: true,
 								Legacy:    true,
@@ -112,18 +114,18 @@ func Test_verifySgxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Report Signature",
 			args: args{
-				sgxM: &Measurement{
+				sgxM: &ar.Measurement{
 					Type:     "SGX Measurement",
 					Evidence: invalidSGXQuote,
 					Certs:    validSGXCertChain,
 				},
-				sgxV: []ReferenceValue{
+				sgxV: []ar.ReferenceValue{
 					{
 						Type:   "SGX Reference Value",
 						Sha256: validSGXMeasurement,
-						Sgx: &SGXDetails{
+						Sgx: &ar.SGXDetails{
 							Version: validSGXVersion,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_sgx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -131,7 +133,7 @@ func Test_verifySgxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: rootCACertFingerprint,
-							Attributes: SGXAttributes{
+							Attributes: ar.SGXAttributes{
 								Initted:   true,
 								Mode64Bit: true,
 								Legacy:    true,
@@ -149,18 +151,18 @@ func Test_verifySgxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Tcb Info",
 			args: args{
-				sgxM: &Measurement{
+				sgxM: &ar.Measurement{
 					Type:     "SGX Measurement",
 					Evidence: validSGXQuote,
 					Certs:    validSGXCertChain,
 				},
-				sgxV: []ReferenceValue{
+				sgxV: []ar.ReferenceValue{
 					{
 						Type:   "SGX Reference Value",
 						Sha256: validSGXMeasurement,
-						Sgx: &SGXDetails{
+						Sgx: &ar.SGXDetails{
 							Version: validSGXVersion,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_sgx,
 								TcbInfo:        tcb_info_old,
 								TcbInfoSize:    tcb_info_size_old,
@@ -168,7 +170,7 @@ func Test_verifySgxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: rootCACertFingerprint,
-							Attributes: SGXAttributes{
+							Attributes: ar.SGXAttributes{
 								Initted:   true,
 								Mode64Bit: true,
 								Legacy:    true,
@@ -186,18 +188,18 @@ func Test_verifySgxMeasurements(t *testing.T) {
 		{
 			name: "Invalid QE Identity",
 			args: args{
-				sgxM: &Measurement{
+				sgxM: &ar.Measurement{
 					Type:     "SGX Measurement",
 					Evidence: validSGXQuote,
 					Certs:    validSGXCertChain,
 				},
-				sgxV: []ReferenceValue{
+				sgxV: []ar.ReferenceValue{
 					{
 						Type:   "SGX Reference Value",
 						Sha256: validSGXMeasurement,
-						Sgx: &SGXDetails{
+						Sgx: &ar.SGXDetails{
 							Version: validSGXVersion,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_sgx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -205,7 +207,7 @@ func Test_verifySgxMeasurements(t *testing.T) {
 								QeIdentitySize: qe_identity_size_old,
 							},
 							CaFingerprint: rootCACertFingerprint,
-							Attributes: SGXAttributes{
+							Attributes: ar.SGXAttributes{
 								Initted:   true,
 								Mode64Bit: true,
 								Legacy:    true,
@@ -223,18 +225,18 @@ func Test_verifySgxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Measurement",
 			args: args{
-				sgxM: &Measurement{
+				sgxM: &ar.Measurement{
 					Type:     "SGX Measurement",
 					Evidence: validSGXQuote,
 					Certs:    validSGXCertChain,
 				},
-				sgxV: []ReferenceValue{
+				sgxV: []ar.ReferenceValue{
 					{
 						Type:   "SGX Reference Value",
 						Sha256: []byte{},
-						Sgx: &SGXDetails{
+						Sgx: &ar.SGXDetails{
 							Version: validSGXVersion,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_sgx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -242,7 +244,7 @@ func Test_verifySgxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: rootCACertFingerprint,
-							Attributes: SGXAttributes{
+							Attributes: ar.SGXAttributes{
 								Initted:   true,
 								Mode64Bit: true,
 								Legacy:    true,
@@ -260,18 +262,18 @@ func Test_verifySgxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Attributes",
 			args: args{
-				sgxM: &Measurement{
+				sgxM: &ar.Measurement{
 					Type:     "SGX Measurement",
 					Evidence: validSGXQuote,
 					Certs:    validSGXCertChain,
 				},
-				sgxV: []ReferenceValue{
+				sgxV: []ar.ReferenceValue{
 					{
 						Type:   "SGX Reference Value",
 						Sha256: validSGXMeasurement,
-						Sgx: &SGXDetails{
+						Sgx: &ar.SGXDetails{
 							Version: validSGXVersion,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_sgx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -279,7 +281,7 @@ func Test_verifySgxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: rootCACertFingerprint,
-							Attributes: SGXAttributes{
+							Attributes: ar.SGXAttributes{
 								Initted:   true,
 								Debug:     true,
 								Mode64Bit: true,
@@ -297,18 +299,18 @@ func Test_verifySgxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Nonce",
 			args: args{
-				sgxM: &Measurement{
+				sgxM: &ar.Measurement{
 					Type:     "SGX Measurement",
 					Evidence: validSGXQuote,
 					Certs:    validSGXCertChain,
 				},
-				sgxV: []ReferenceValue{
+				sgxV: []ar.ReferenceValue{
 					{
 						Type:   "SGX Reference Value",
 						Sha256: validSGXMeasurement,
-						Sgx: &SGXDetails{
+						Sgx: &ar.SGXDetails{
 							Version: validSGXVersion,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_sgx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -316,7 +318,7 @@ func Test_verifySgxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: rootCACertFingerprint,
-							Attributes: SGXAttributes{
+							Attributes: ar.SGXAttributes{
 								Initted:   true,
 								Mode64Bit: true,
 								Legacy:    true,
@@ -334,18 +336,18 @@ func Test_verifySgxMeasurements(t *testing.T) {
 		{
 			name: "Invalid MRSIGNER",
 			args: args{
-				sgxM: &Measurement{
+				sgxM: &ar.Measurement{
 					Type:     "SGX Measurement",
 					Evidence: validSGXQuote,
 					Certs:    validSGXCertChain,
 				},
-				sgxV: []ReferenceValue{
+				sgxV: []ar.ReferenceValue{
 					{
 						Type:   "SGX Reference Value",
 						Sha256: validSGXMeasurement,
-						Sgx: &SGXDetails{
+						Sgx: &ar.SGXDetails{
 							Version: validSGXVersion,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_sgx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -353,7 +355,7 @@ func Test_verifySgxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: rootCACertFingerprint,
-							Attributes: SGXAttributes{
+							Attributes: ar.SGXAttributes{
 								Initted:   true,
 								Mode64Bit: true,
 								Legacy:    true,
diff --git a/attestationreport/snp.go b/verify/snp.go
similarity index 88%
rename from attestationreport/snp.go
rename to verify/snp.go
index 20602f99..85b81175 100644
--- a/attestationreport/snp.go
+++ b/verify/snp.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"bytes"
@@ -27,6 +27,7 @@ import (
 	"math/big"
 	"strconv"
 
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
 )
 
@@ -84,37 +85,37 @@ const (
 	signature_offset = 0x2A0
 )
 
-func verifySnpMeasurements(snpM Measurement, nonce []byte, referenceValues []ReferenceValue,
-) (*MeasurementResult, bool) {
+func verifySnpMeasurements(snpM ar.Measurement, nonce []byte, referenceValues []ar.ReferenceValue,
+) (*ar.MeasurementResult, bool) {
 
 	log.Trace("Verifying SNP measurements")
 
-	result := &MeasurementResult{
+	result := &ar.MeasurementResult{
 		Type:      "SNP Result",
-		SnpResult: &SnpResult{},
+		SnpResult: &ar.SnpResult{},
 	}
 	ok := true
 
 	if len(referenceValues) == 0 {
 		log.Trace("Could not find SNP Reference Value")
-		result.Summary.SetErr(RefValNotPresent)
+		result.Summary.SetErr(ar.RefValNotPresent)
 		return result, false
 	} else if len(referenceValues) > 1 {
 		log.Tracef("Report contains %v reference values. Currently, only 1 SNP Reference Value is supported",
 			len(referenceValues))
-		result.Summary.SetErr(RefValMultiple)
+		result.Summary.SetErr(ar.RefValMultiple)
 		return result, false
 	}
 	snpReferenceValue := referenceValues[0]
 
 	if snpReferenceValue.Type != "SNP Reference Value" {
 		log.Tracef("SNP Reference Value invalid type %v", snpReferenceValue.Type)
-		result.Summary.SetErr(RefValType)
+		result.Summary.SetErr(ar.RefValType)
 		return result, false
 	}
 	if snpReferenceValue.Snp == nil {
 		log.Trace("SNP Reference Value does not contain policy")
-		result.Summary.SetErr(DetailsNotPresent)
+		result.Summary.SetErr(ar.DetailsNotPresent)
 		return result, false
 	}
 
@@ -122,7 +123,7 @@ func verifySnpMeasurements(snpM Measurement, nonce []byte, referenceValues []Ref
 	s, err := DecodeSnpReport(snpM.Evidence)
 	if err != nil {
 		log.Tracef("Failed to decode SNP report: %v", err)
-		result.Summary.SetErr(ParseEvidence)
+		result.Summary.SetErr(ar.ParseEvidence)
 		return result, false
 	}
 
@@ -143,7 +144,7 @@ func verifySnpMeasurements(snpM Measurement, nonce []byte, referenceValues []Ref
 	certs, err := internal.ParseCertsDer(snpM.Certs)
 	if err != nil {
 		log.Tracef("Failed to parse certificates: %v", err)
-		result.Summary.SetErr(ParseCert)
+		result.Summary.SetErr(ar.ParseCert)
 		return result, false
 	}
 
@@ -158,14 +159,14 @@ func verifySnpMeasurements(snpM Measurement, nonce []byte, referenceValues []Ref
 	if cmp := bytes.Compare(s.Measurement[:], snpReferenceValue.Sha384); cmp != 0 {
 		log.Trace("Failed to verify SNP reference value")
 		result.Artifacts = append(result.Artifacts,
-			DigestResult{
+			ar.DigestResult{
 				Name:    snpReferenceValue.Name,
 				Digest:  hex.EncodeToString(snpReferenceValue.Sha384),
 				Success: false,
 				Type:    "Reference Value",
 			})
 		result.Artifacts = append(result.Artifacts,
-			DigestResult{
+			ar.DigestResult{
 				Name:    snpReferenceValue.Name,
 				Digest:  hex.EncodeToString(s.Measurement[:]),
 				Success: false,
@@ -178,7 +179,7 @@ func verifySnpMeasurements(snpM Measurement, nonce []byte, referenceValues []Ref
 		// As we previously checked, that the attestation report contains exactly one
 		// SNP Reference Value, we can set this here:
 		result.Artifacts = append(result.Artifacts,
-			DigestResult{
+			ar.DigestResult{
 				Name:    snpReferenceValue.Name,
 				Digest:  hex.EncodeToString(s.Measurement[:]),
 				Success: true,
@@ -218,8 +219,8 @@ func DecodeSnpReport(report []byte) (snpreport, error) {
 	return s, nil
 }
 
-func verifySnpVersion(s snpreport, version uint32) (Result, bool) {
-	r := Result{}
+func verifySnpVersion(s snpreport, version uint32) (ar.Result, bool) {
+	r := ar.Result{}
 	ok := s.Version == version
 	if !ok {
 		log.Tracef("SNP report version mismatch: Report = %v, supplied = %v", s.Version, version)
@@ -232,7 +233,7 @@ func verifySnpVersion(s snpreport, version uint32) (Result, bool) {
 	return r, ok
 }
 
-func verifySnpPolicy(s snpreport, v SnpPolicy) (PolicyCheck, bool) {
+func verifySnpPolicy(s snpreport, v ar.SnpPolicy) (ar.PolicyCheck, bool) {
 
 	abiMajor := uint8(s.Policy & 0xFF)
 	abiMinor := uint8((s.Policy >> 8) & 0xFF)
@@ -242,28 +243,28 @@ func verifySnpPolicy(s snpreport, v SnpPolicy) (PolicyCheck, bool) {
 	singleSocket := (s.Policy & (1 << 20)) != 0
 
 	// Convert to int, as json.Marshal otherwise interprets the values as strings
-	r := PolicyCheck{
-		Abi: VersionCheck{
+	r := ar.PolicyCheck{
+		Abi: ar.VersionCheck{
 			Success:  checkMinVersion([]uint8{abiMajor, abiMinor}, []uint8{v.AbiMajor, v.AbiMinor}),
 			Claimed:  []int{int(v.AbiMajor), int(v.AbiMinor)},
 			Measured: []int{int(abiMajor), int(abiMinor)},
 		},
-		Smt: BooleanMatch{
+		Smt: ar.BooleanMatch{
 			Success:  smt == v.Smt,
 			Claimed:  v.Smt,
 			Measured: smt,
 		},
-		Migration: BooleanMatch{
+		Migration: ar.BooleanMatch{
 			Success:  migration == v.Migration,
 			Claimed:  v.Migration,
 			Measured: migration,
 		},
-		Debug: BooleanMatch{
+		Debug: ar.BooleanMatch{
 			Success:  debug == v.Debug,
 			Claimed:  v.Debug,
 			Measured: debug,
 		},
-		SingleSocket: BooleanMatch{
+		SingleSocket: ar.BooleanMatch{
 			Success:  singleSocket == v.SingleSocket,
 			Claimed:  v.SingleSocket,
 			Measured: singleSocket,
@@ -283,7 +284,7 @@ func verifySnpPolicy(s snpreport, v SnpPolicy) (PolicyCheck, bool) {
 	return r, ok
 }
 
-func verifySnpFw(s snpreport, v SnpFw) (VersionCheck, bool) {
+func verifySnpFw(s snpreport, v ar.SnpFw) (ar.VersionCheck, bool) {
 
 	build := min([]uint8{s.CurrentBuild, s.CommittedBuild})
 	major := min([]uint8{s.CurrentMajor, s.CommittedMajor})
@@ -296,7 +297,7 @@ func verifySnpFw(s snpreport, v SnpFw) (VersionCheck, bool) {
 	}
 
 	// Convert to int, as json.Marshal otherwise interprets the values as strings
-	r := VersionCheck{
+	r := ar.VersionCheck{
 		Success:  ok,
 		Claimed:  []int{int(v.Major), int(v.Minor), int(v.Build)},
 		Measured: []int{int(major), int(minor), int(build)},
@@ -304,7 +305,7 @@ func verifySnpFw(s snpreport, v SnpFw) (VersionCheck, bool) {
 	return r, ok
 }
 
-func verifySnpTcb(s snpreport, v SnpTcb) (TcbCheck, bool) {
+func verifySnpTcb(s snpreport, v ar.SnpTcb) (ar.TcbCheck, bool) {
 
 	currBl := uint8(s.CurrentTcb & 0xFF)
 	commBl := uint8(s.CommittedTcb & 0xFF)
@@ -329,23 +330,23 @@ func verifySnpTcb(s snpreport, v SnpTcb) (TcbCheck, bool) {
 	ucode := min([]uint8{currUcode, commUcode, launUcode, repoUcode})
 
 	// Convert to int, as json.Marshal otherwise interprets the values as strings
-	r := TcbCheck{
-		Bl: VersionCheck{
+	r := ar.TcbCheck{
+		Bl: ar.VersionCheck{
 			Success:  bl >= v.Bl,
 			Claimed:  []int{int(v.Bl)},
 			Measured: []int{int(bl)},
 		},
-		Tee: VersionCheck{
+		Tee: ar.VersionCheck{
 			Success:  tee >= v.Tee,
 			Claimed:  []int{int(v.Tee)},
 			Measured: []int{int(tee)},
 		},
-		Snp: VersionCheck{
+		Snp: ar.VersionCheck{
 			Success:  snp >= v.Snp,
 			Claimed:  []int{int(v.Snp)},
 			Measured: []int{int(snp)},
 		},
-		Ucode: VersionCheck{
+		Ucode: ar.VersionCheck{
 			Success:  ucode >= v.Ucode,
 			Claimed:  []int{int(v.Ucode)},
 			Measured: []int{int(ucode)},
@@ -364,13 +365,13 @@ func verifySnpTcb(s snpreport, v SnpTcb) (TcbCheck, bool) {
 func verifySnpSignature(
 	reportRaw []byte, report snpreport,
 	certs []*x509.Certificate, fingerprint string,
-) (SignatureResult, bool) {
+) (ar.SignatureResult, bool) {
 
-	result := SignatureResult{}
+	result := ar.SignatureResult{}
 
 	if len(reportRaw) < (header_offset + signature_offset) {
 		log.Warn("Internal Error: Report buffer too small")
-		result.SignCheck.SetErr(Internal)
+		result.SignCheck.SetErr(ar.Internal)
 		return result, false
 	}
 
@@ -404,7 +405,7 @@ func verifySnpSignature(
 	// Check that the algorithm is supported
 	if report.SignatureAlgo != ecdsa384_with_sha384 {
 		log.Tracef("Signature Algorithm %v not supported", report.SignatureAlgo)
-		result.SignCheck.SetErr(UnsupportedAlgorithm)
+		result.SignCheck.SetErr(ar.UnsupportedAlgorithm)
 		return result, false
 	}
 
@@ -412,7 +413,7 @@ func verifySnpSignature(
 	pub, ok := certs[0].PublicKey.(*ecdsa.PublicKey)
 	if !ok {
 		log.Trace("Failed to extract ECDSA public key from certificate")
-		result.SignCheck.SetErr(ExtractPubKey)
+		result.SignCheck.SetErr(ar.ExtractPubKey)
 		return result, false
 	}
 
@@ -420,7 +421,7 @@ func verifySnpSignature(
 	ok = ecdsa.Verify(pub, digest[:], r, s)
 	if !ok {
 		log.Trace("Failed to verify SNP report signature")
-		result.SignCheck.SetErr(VerifySignature)
+		result.SignCheck.SetErr(ar.VerifySignature)
 		return result, false
 	}
 	log.Trace("Successfully verified SNP report signature")
@@ -431,19 +432,19 @@ func verifySnpSignature(
 	x509Chains, err := internal.VerifyCertChain(certs[:len(certs)-1], []*x509.Certificate{ca})
 	if err != nil {
 		log.Tracef("Failed to verify certificate chain: %v", err)
-		result.CertChainCheck.SetErr(VerifyCertChain)
+		result.CertChainCheck.SetErr(ar.VerifyCertChain)
 		return result, false
 	}
 	// Verify that the reference value fingerprint matches the certificate fingerprint
 	if fingerprint == "" {
 		log.Trace("Reference value SNP CA fingerprint not present")
-		result.CertChainCheck.SetErr(NotPresent)
+		result.CertChainCheck.SetErr(ar.NotPresent)
 		return result, false
 	}
 	refFingerprint, err := hex.DecodeString(fingerprint)
 	if err != nil {
 		log.Tracef("Failed to decode CA fingerprint %v: %v", fingerprint, err)
-		result.CertChainCheck.SetErr(ParseCAFingerprint)
+		result.CertChainCheck.SetErr(ar.ParseCAFingerprint)
 		return result, false
 	}
 	caFingerprint := sha256.Sum256(ca.Raw)
@@ -459,9 +460,9 @@ func verifySnpSignature(
 
 	//Store details from (all) validated certificate chain(s) in the report
 	for _, chain := range x509Chains {
-		chainExtracted := []X509CertExtracted{}
+		chainExtracted := []ar.X509CertExtracted{}
 		for _, cert := range chain {
-			chainExtracted = append(chainExtracted, ExtractX509Infos(cert))
+			chainExtracted = append(chainExtracted, ar.ExtractX509Infos(cert))
 		}
 		result.ValidatedCerts = append(result.ValidatedCerts, chainExtracted)
 	}
@@ -469,13 +470,13 @@ func verifySnpSignature(
 	return result, true
 }
 
-func verifySnpExtensions(cert *x509.Certificate, report *snpreport) ([]Result, bool) {
+func verifySnpExtensions(cert *x509.Certificate, report *snpreport) ([]ar.Result, bool) {
 	success := true
 	var ok bool
-	var r Result
+	var r ar.Result
 	tcb := report.CurrentTcb
 
-	results := make([]Result, 0)
+	results := make([]ar.Result, 0)
 
 	if r, ok = checkExtensionUint8(cert, "1.3.6.1.4.1.3704.1.3.1", uint8(tcb)); !ok {
 		log.Tracef("SEV BL Extension Check failed:")
diff --git a/attestationreport/snp_test.go b/verify/snp_test.go
similarity index 96%
rename from attestationreport/snp_test.go
rename to verify/snp_test.go
index 18cd3f28..e20e9851 100644
--- a/attestationreport/snp_test.go
+++ b/verify/snp_test.go
@@ -13,13 +13,15 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"encoding/hex"
 	"testing"
 
 	"github.com/sirupsen/logrus"
+
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 )
 
 func Test_verifySnpMeasurements(t *testing.T) {
@@ -27,8 +29,8 @@ func Test_verifySnpMeasurements(t *testing.T) {
 	logrus.SetLevel(logrus.TraceLevel)
 
 	type args struct {
-		snpM  *Measurement
-		snpV  []ReferenceValue
+		snpM  *ar.Measurement
+		snpV  []ar.ReferenceValue
 		nonce []byte
 	}
 	tests := []struct {
@@ -39,16 +41,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "ValidAttestationReport",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    validCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: validMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: validFingerprint,
 							Policy:        validSnpPolicy,
@@ -64,16 +66,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid Signature",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: invalidReportSignature,
 					Certs:    validCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: validMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: validFingerprint,
 							Policy:        validSnpPolicy,
@@ -89,16 +91,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid Certificate Chain",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    invalidCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: validMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: validFingerprint,
 							Policy:        validSnpPolicy,
@@ -114,16 +116,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid VCEK Certificate",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    invalidLeafCert,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: validMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: validFingerprint,
 							Policy:        validSnpPolicy,
@@ -139,16 +141,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid Report",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: invalidReportData,
 					Certs:    validCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: validMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: validFingerprint,
 							Policy:        validSnpPolicy,
@@ -164,16 +166,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid Measurement",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    validCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: invalidMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: validFingerprint,
 							Policy:        validSnpPolicy,
@@ -189,16 +191,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid Policy Parameter Debug",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    validCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: validMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: validFingerprint,
 							Policy:        invalidSnpPolicy,
@@ -214,16 +216,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid Nonce",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    validCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: validMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: validFingerprint,
 							Policy:        validSnpPolicy,
@@ -239,12 +241,12 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid Reference Value Type",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    validCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "TPM Reference Value",
 						Sha256: validMeasurement,
@@ -257,7 +259,7 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "No Reference Values Present",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    validCertChain,
@@ -269,16 +271,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid Firmware",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    validCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: validMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: validFingerprint,
 							Policy:        validSnpPolicy,
@@ -294,16 +296,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid TCB",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    validCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: validMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: validFingerprint,
 							Policy:        validSnpPolicy,
@@ -319,16 +321,16 @@ func Test_verifySnpMeasurements(t *testing.T) {
 		{
 			name: "Invalid CA KeyID",
 			args: args{
-				snpM: &Measurement{
+				snpM: &ar.Measurement{
 					Type:     "SNP Measurement",
 					Evidence: validReport,
 					Certs:    validCertChain,
 				},
-				snpV: []ReferenceValue{
+				snpV: []ar.ReferenceValue{
 					{
 						Type:   "SNP Reference Value",
 						Sha384: validMeasurement,
-						Snp: &SnpDetails{
+						Snp: &ar.SnpDetails{
 							Version:       validVersion,
 							CaFingerprint: invalidFingerprint,
 							Policy:        validSnpPolicy,
@@ -840,7 +842,7 @@ AFZEAwoKCQ==
 
 	invalidLeafCert = [][]byte{invalidVcek.Raw, askMilan.Raw, arkMilan.Raw}
 
-	validSnpPolicy = SnpPolicy{
+	validSnpPolicy = ar.SnpPolicy{
 		Type:         "SNP Policy",
 		SingleSocket: false,
 		Debug:        false,
@@ -850,7 +852,7 @@ AFZEAwoKCQ==
 		AbiMinor:     0,
 	}
 
-	invalidSnpPolicy = SnpPolicy{
+	invalidSnpPolicy = ar.SnpPolicy{
 		Type:         "SNP Policy",
 		SingleSocket: false,
 		Debug:        true,
@@ -862,26 +864,26 @@ AFZEAwoKCQ==
 
 	validVersion = uint32(2)
 
-	validFw = SnpFw{
+	validFw = ar.SnpFw{
 		Build: 3,
 		Major: 1,
 		Minor: 51,
 	}
 
-	invalidFw = SnpFw{
+	invalidFw = ar.SnpFw{
 		Build: 4,
 		Major: 1,
 		Minor: 51,
 	}
 
-	validTcb = SnpTcb{
+	validTcb = ar.SnpTcb{
 		Bl:    2,
 		Tee:   0,
 		Snp:   6,
 		Ucode: 67,
 	}
 
-	invalidTcb = SnpTcb{
+	invalidTcb = ar.SnpTcb{
 		Bl:    2,
 		Tee:   0,
 		Snp:   6,
diff --git a/attestationreport/tdx.go b/verify/tdx.go
similarity index 90%
rename from attestationreport/tdx.go
rename to verify/tdx.go
index f240338e..c455d115 100644
--- a/attestationreport/tdx.go
+++ b/verify/tdx.go
@@ -13,13 +13,15 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"bytes"
 	"encoding/binary"
 	"encoding/hex"
 	"fmt"
+
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 )
 
 // TDX Report V4
@@ -192,14 +194,14 @@ func parseECDSASignatureV4(buf *bytes.Buffer, sig *ECDSA256QuoteSignatureDataStr
 	return nil
 }
 
-func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, referenceValues []ReferenceValue) (*MeasurementResult, bool) {
+func verifyTdxMeasurements(tdxM ar.Measurement, nonce []byte, intelCache string, referenceValues []ar.ReferenceValue) (*ar.MeasurementResult, bool) {
 
 	log.Trace("Verifying TDX measurements")
 
 	var err error
-	result := &MeasurementResult{
+	result := &ar.MeasurementResult{
 		Type:      "TDX Result",
-		TdxResult: &TdxResult{},
+		TdxResult: &ar.TdxResult{},
 	}
 	ok := true
 
@@ -207,24 +209,24 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 
 	if len(referenceValues) == 0 {
 		log.Tracef("Could not find TDX Reference Value")
-		result.Summary.SetErr(RefValNotPresent)
+		result.Summary.SetErr(ar.RefValNotPresent)
 		return result, false
 	} else if len(referenceValues) > 1 {
 		log.Tracef("Report contains %v reference values. Currently, only one TDX Reference Value is supported",
 			len(referenceValues))
-		result.Summary.SetErr(RefValMultiple)
+		result.Summary.SetErr(ar.RefValMultiple)
 		return result, false
 	}
 	tdxReferenceValue := referenceValues[0]
 
 	if tdxReferenceValue.Type != "TDX Reference Value" {
 		log.Tracef("TDX Reference Value invalid type %v", tdxReferenceValue.Type)
-		result.Summary.SetErr(RefValType)
+		result.Summary.SetErr(ar.RefValType)
 		return result, false
 	}
 	if tdxReferenceValue.Tdx == nil {
 		log.Tracef("TDX Reference Value does not contain details")
-		result.Summary.SetErr(DetailsNotPresent)
+		result.Summary.SetErr(ar.DetailsNotPresent)
 		return result, false
 	}
 
@@ -232,7 +234,7 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 	tdxQuote, err := decodeTdxReportV4(tdxM.Evidence)
 	if err != nil {
 		log.Tracef("Failed to decode TDX report: %v", err)
-		result.Summary.SetErr(ParseEvidence)
+		result.Summary.SetErr(ar.ParseEvidence)
 		return result, false
 	}
 
@@ -255,7 +257,7 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 
 	if quoteCerts.RootCACert == nil || quoteCerts.IntermediateCert == nil || quoteCerts.PCKCert == nil {
 		log.Tracef("incomplete certificate chain")
-		result.Summary.SetErr(VerifyCertChain)
+		result.Summary.SetErr(ar.VerifyCertChain)
 		return result, false
 	}
 
@@ -263,12 +265,12 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 	referenceCerts, err := parseCertificates(tdxM.Certs, true)
 	if err != nil || referenceCerts.TCBSigningCert == nil || referenceCerts.RootCACert == nil {
 		log.Tracef("Failed to parse reference certificates (TCBSigningCert + IntelRootCACert): %v", err)
-		result.Summary.SetErr(ParseCert)
+		result.Summary.SetErr(ar.ParseCert)
 		return result, false
 	}
 
 	_, code := VerifyTCBSigningCertChain(referenceCerts, intelCache)
-	if code != NotSet {
+	if code != ar.NotSet {
 		log.Tracef("%v", err.Error())
 		result.Summary.SetErr(code)
 		return result, false
@@ -278,7 +280,7 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 	sgxExtensions, err := ParseSGXExtensions(quoteCerts.PCKCert.Extensions[SGX_EXTENSION_INDEX].Value[4:]) // skip the first value (not relevant)
 	if err != nil {
 		log.Tracef("failed to parse SGX Extensions from PCK Certificate: %v", err)
-		result.Summary.SetErr(ParseCert)
+		result.Summary.SetErr(ar.ParseCert)
 		return result, false
 	}
 
@@ -286,7 +288,7 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 	tcbInfo, err := parseTcbInfo(tdxReferenceValue.Tdx.Collateral.TcbInfo)
 	if err != nil {
 		log.Tracef("Failed to parse tcbInfo: %v", err)
-		result.Summary.SetErr(ParseTcbInfo)
+		result.Summary.SetErr(ar.ParseTcbInfo)
 		return result, false
 	}
 
@@ -295,7 +297,7 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 		sgxExtensions, tdxQuote.QuoteBody.TeeTcbSvn, TDX_QUOTE_TYPE)
 	if !result.TdxResult.TcbInfoCheck.Summary.Success {
 		log.Tracef("Failed to verify TCB info structure: %v", err)
-		result.Summary.SetErr(VerifyTcbInfo)
+		result.Summary.SetErr(ar.VerifyTcbInfo)
 		return result, false
 	}
 
@@ -303,7 +305,7 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 	qeIdentity, err := parseQEIdentity(tdxReferenceValue.Tdx.Collateral.QeIdentity)
 	if err != nil {
 		log.Tracef("Failed to parse QE Identity: %v", err)
-		result.Summary.SetErr(ParseQEIdentity)
+		result.Summary.SetErr(ar.ParseQEIdentity)
 		return result, false
 	}
 
@@ -312,7 +314,7 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 	result.TdxResult.QeIdentityCheck = qeIdentityResult
 	if err != nil {
 		log.Tracef("Failed to verify QE Identity structure: %v", err)
-		result.Summary.SetErr(VerifyQEIdentityErr)
+		result.Summary.SetErr(ar.VerifyQEIdentityErr)
 		return result, false
 	}
 
@@ -329,7 +331,7 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 	err = verifyTdxQuoteBody(&tdxQuote.QuoteBody, &tcbInfo, &quoteCerts, &tdxReferenceValue, result)
 	if err != nil {
 		log.Tracef("Failed to verify TDX Report Body: %v", err)
-		result.Summary.SetErr(VerifySignature)
+		result.Summary.SetErr(ar.VerifySignature)
 		result.Summary.Success = false
 		return result, false
 	}
@@ -344,7 +346,7 @@ func verifyTdxMeasurements(tdxM Measurement, nonce []byte, intelCache string, re
 }
 
 func verifyTdxQuoteBody(body *TdxReportBody, tcbInfo *TcbInfo,
-	certs *SgxCertificates, tdxReferenceValue *ReferenceValue, result *MeasurementResult) error {
+	certs *SgxCertificates, tdxReferenceValue *ar.ReferenceValue, result *ar.MeasurementResult) error {
 	if body == nil || tcbInfo == nil || certs == nil || tdxReferenceValue == nil || result == nil {
 		return fmt.Errorf("invalid function parameter (null pointer exception)")
 	}
@@ -352,14 +354,14 @@ func verifyTdxQuoteBody(body *TdxReportBody, tcbInfo *TcbInfo,
 	// check MrTd reference value (measurement of the initial contents of the TD)
 	if !bytes.Equal(body.MrTd[:], []byte(tdxReferenceValue.Sha256)) {
 		result.Artifacts = append(result.Artifacts,
-			DigestResult{
+			ar.DigestResult{
 				Name:    tdxReferenceValue.Name,
 				Digest:  hex.EncodeToString(tdxReferenceValue.Sha256),
 				Success: false,
 				Type:    "Reference Value",
 			})
 		result.Artifacts = append(result.Artifacts,
-			DigestResult{
+			ar.DigestResult{
 				Name:    tdxReferenceValue.Name,
 				Digest:  hex.EncodeToString(body.MrTd[:]),
 				Success: false,
@@ -368,7 +370,7 @@ func verifyTdxQuoteBody(body *TdxReportBody, tcbInfo *TcbInfo,
 		return fmt.Errorf("MrTd mismatch. Expected: %v, Got. %v", tdxReferenceValue.Sha256, body.MrTd)
 	} else {
 		result.Artifacts = append(result.Artifacts,
-			DigestResult{
+			ar.DigestResult{
 				Name:    tdxReferenceValue.Name,
 				Digest:  hex.EncodeToString(body.MrTd[:]),
 				Success: true,
@@ -376,55 +378,55 @@ func verifyTdxQuoteBody(body *TdxReportBody, tcbInfo *TcbInfo,
 	}
 
 	result.Artifacts = append(result.Artifacts,
-		DigestResult{
+		ar.DigestResult{
 			Name:    "MrSignerSeam",
 			Digest:  hex.EncodeToString(body.MrSignerSeam[:]),
 			Success: bytes.Equal(tcbInfo.TcbInfo.TdxModule.Mrsigner[:], body.MrSignerSeam[:]),
 			Type:    "Measurement",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "MrSeam",
 			Digest:  hex.EncodeToString(body.MrSeam[:]),
 			Success: bytes.Equal(body.MrSeam[:], tdxReferenceValue.Tdx.TdMeas.MrSeam),
 			Type:    "Measurement",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "RtMr0",
 			Digest:  hex.EncodeToString(body.RtMr0[:]),
 			Success: recalculateRtMr(body.RtMr0[:], tdxReferenceValue.Tdx.TdMeas.RtMr0),
 			Type:    "Firmware Measurement",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "RtMr1",
 			Digest:  hex.EncodeToString(body.RtMr1[:]),
 			Success: recalculateRtMr(body.RtMr1[:], tdxReferenceValue.Tdx.TdMeas.RtMr1),
 			Type:    "BIOS Measurement",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "RtMr2",
 			Digest:  hex.EncodeToString(body.RtMr2[:]),
 			Success: recalculateRtMr(body.RtMr2[:], tdxReferenceValue.Tdx.TdMeas.RtMr2),
 			Type:    "OS Measurement",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "RtMr3",
 			Digest:  hex.EncodeToString(body.RtMr3[:]),
 			Success: recalculateRtMr(body.RtMr3[:], tdxReferenceValue.Tdx.TdMeas.RtMr3),
 			Type:    "Runtime Measurement",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "MrOwner",
 			Digest:  hex.EncodeToString(body.MrOwner[:]),
 			Success: bytes.Equal(tdxReferenceValue.Tdx.TdId.MrOwner[:], body.MrOwner[:]),
 			Type:    "Software-defined ID",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "MrOwnerConfig",
 			Digest:  hex.EncodeToString(body.MrOwnerConfig[:]),
 			Success: bytes.Equal(tdxReferenceValue.Tdx.TdId.MrOwnerConfig[:], body.MrOwnerConfig[:]),
 			Type:    "Software-defined ID",
 		},
-		DigestResult{
+		ar.DigestResult{
 			Name:    "MrConfigId",
 			Digest:  hex.EncodeToString(body.MrConfigId[:]),
 			Success: bytes.Equal(tdxReferenceValue.Tdx.TdId.MrConfigId[:], body.MrConfigId[:]),
@@ -440,23 +442,23 @@ func verifyTdxQuoteBody(body *TdxReportBody, tcbInfo *TcbInfo,
 	}
 	seamAttributesResult := bytes.Equal(tcbInfo.TcbInfo.TdxModule.Attributes, seamAttributesQuote[:])
 
-	result.TdxResult.TdAttributesCheck = TdAttributesCheck{
-		Debug: BooleanMatch{
+	result.TdxResult.TdAttributesCheck = ar.TdAttributesCheck{
+		Debug: ar.BooleanMatch{
 			Success:  tdxReferenceValue.Tdx.TdAttributes.Debug == (body.TdAttributes[0] > 0),
 			Claimed:  tdxReferenceValue.Tdx.TdAttributes.Debug,
 			Measured: body.TdAttributes[0] > 0,
 		},
-		SeptVEDisable: BooleanMatch{
+		SeptVEDisable: ar.BooleanMatch{
 			Success:  tdxReferenceValue.Tdx.TdAttributes.SeptVEDisable == getBit(body.TdAttributes[:], 28),
 			Claimed:  tdxReferenceValue.Tdx.TdAttributes.SeptVEDisable,
 			Measured: getBit(body.TdAttributes[:], 28),
 		},
-		Pks: BooleanMatch{
+		Pks: ar.BooleanMatch{
 			Success:  tdxReferenceValue.Tdx.TdAttributes.Pks == getBit(body.TdAttributes[:], 30),
 			Claimed:  tdxReferenceValue.Tdx.TdAttributes.Pks,
 			Measured: getBit(body.TdAttributes[:], 30),
 		},
-		Kl: BooleanMatch{
+		Kl: ar.BooleanMatch{
 			Success:  tdxReferenceValue.Tdx.TdAttributes.Kl == getBit(body.TdAttributes[:], 31),
 			Claimed:  tdxReferenceValue.Tdx.TdAttributes.Kl,
 			Measured: getBit(body.TdAttributes[:], 31),
@@ -473,20 +475,20 @@ func verifyTdxQuoteBody(body *TdxReportBody, tcbInfo *TcbInfo,
 			result.TdxResult.TdAttributesCheck.Pks, result.TdxResult.TdAttributesCheck.Kl)
 	}
 
-	result.TdxResult.SeamAttributesCheck = AttributesCheck{
+	result.TdxResult.SeamAttributesCheck = ar.AttributesCheck{
 		Success:  seamAttributesResult,
-		Claimed:  HexByte(tcbInfo.TcbInfo.TdxModule.Attributes),
-		Measured: HexByte(seamAttributesQuote[:]),
+		Claimed:  ar.HexByte(tcbInfo.TcbInfo.TdxModule.Attributes),
+		Measured: ar.HexByte(seamAttributesQuote[:]),
 	}
 	if !result.TdxResult.SeamAttributesCheck.Success {
 		return fmt.Errorf("SeamAttributesCheck failed: Expected: %v, Measured: %v",
 			result.TdxResult.SeamAttributesCheck.Claimed, result.TdxResult.SeamAttributesCheck.Measured)
 	}
 
-	result.TdxResult.XfamCheck = AttributesCheck{
+	result.TdxResult.XfamCheck = ar.AttributesCheck{
 		Success:  seamAttributesResult,
-		Claimed:  HexByte(tcbInfo.TcbInfo.TdxModule.Attributes),
-		Measured: HexByte(seamAttributesQuote[:]),
+		Claimed:  ar.HexByte(tcbInfo.TcbInfo.TdxModule.Attributes),
+		Measured: ar.HexByte(seamAttributesQuote[:]),
 	}
 	if !result.TdxResult.SeamAttributesCheck.Success {
 		return fmt.Errorf("XfamCheck failed: Expected: %v, Measured: %v",
@@ -504,7 +506,7 @@ func verifyTdxQuoteBody(body *TdxReportBody, tcbInfo *TcbInfo,
 
 // calculation of rtmrs according to Intel TDX Module 1.5 base architecture specification:
 // chapter 12.1.2. RTMR: Run-Time Measurement Registers
-func recalculateRtMr(rmtr HexByte, refHashes RtMrHashChainElem) bool {
+func recalculateRtMr(rmtr ar.HexByte, refHashes ar.RtMrHashChainElem) bool {
 	if len(refHashes.Hashes) == 0 {
 		log.Tracef("no reference hash values found")
 		return false
diff --git a/attestationreport/tdx_test.go b/verify/tdx_test.go
similarity index 96%
rename from attestationreport/tdx_test.go
rename to verify/tdx_test.go
index c976b294..abeb5f05 100644
--- a/attestationreport/tdx_test.go
+++ b/verify/tdx_test.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"encoding/hex"
@@ -23,6 +23,8 @@ import (
 	"testing"
 
 	"github.com/sirupsen/logrus"
+
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 )
 
 func fetchLatestTcbInfo(tdx bool, fmspc string) ([]byte, error) {
@@ -77,31 +79,31 @@ func fetchLatestQeIdentity(tdx bool) ([]byte, error) {
 
 func Test_verifyTdxMeasurements(t *testing.T) {
 	type args struct {
-		tdxM  *Measurement
-		tdxV  []ReferenceValue
+		tdxM  *ar.Measurement
+		tdxV  []ar.ReferenceValue
 		nonce []byte
 	}
 	tests := []struct {
 		name  string
 		args  args
-		want  *MeasurementResult
+		want  *ar.MeasurementResult
 		want1 bool
 	}{
 		{
 			name: "Valid Attestation Report",
 			args: args{
-				tdxM: &Measurement{
+				tdxM: &ar.Measurement{
 					Type:     "TDX Measurement",
 					Evidence: tdxQuote,
 					Certs:    validTDXCertChain,
 				},
-				tdxV: []ReferenceValue{
+				tdxV: []ar.ReferenceValue{
 					{
 						Type:   "TDX Reference Value",
 						Sha256: validTDXMeasurement,
-						Tdx: &TDXDetails{
+						Tdx: &ar.TDXDetails{
 							Version: 0x04,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_tdx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -109,19 +111,19 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: tdxRootCAFingerprint,
-							TdId: TDId{
+							TdId: ar.TDId{
 								MrOwner:       mrOwner,
 								MrOwnerConfig: mrOwnerConfig,
 								MrConfigId:    mrConfigId,
 							},
-							TdMeas: TDMeasurements{
+							TdMeas: ar.TDMeasurements{
 								RtMr0:  rtMr0HashChain,
 								RtMr1:  rtMr1HashChain,
 								RtMr2:  rtMr2HashChain,
 								RtMr3:  rtMr3HashChain,
 								MrSeam: dec(validMrSeam),
 							},
-							TdAttributes: TDAttributes{
+							TdAttributes: ar.TDAttributes{
 								SeptVEDisable: true,
 							},
 							Xfam: validXFAM,
@@ -135,18 +137,18 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Report Signature",
 			args: args{
-				tdxM: &Measurement{
+				tdxM: &ar.Measurement{
 					Type:     "TDX Measurement",
 					Evidence: invalidTdxQuote,
 					Certs:    validTDXCertChain,
 				},
-				tdxV: []ReferenceValue{
+				tdxV: []ar.ReferenceValue{
 					{
 						Type:   "TDX Reference Value",
 						Sha256: validTDXMeasurement,
-						Tdx: &TDXDetails{
+						Tdx: &ar.TDXDetails{
 							Version: 0x04,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_tdx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -154,19 +156,19 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: tdxRootCAFingerprint,
-							TdId: TDId{
+							TdId: ar.TDId{
 								MrOwner:       mrOwner,
 								MrOwnerConfig: mrOwnerConfig,
 								MrConfigId:    mrConfigId,
 							},
-							TdMeas: TDMeasurements{
+							TdMeas: ar.TDMeasurements{
 								RtMr0:  rtMr0HashChain,
 								RtMr1:  rtMr1HashChain,
 								RtMr2:  rtMr2HashChain,
 								RtMr3:  rtMr3HashChain,
 								MrSeam: dec(validMrSeam),
 							},
-							TdAttributes: TDAttributes{
+							TdAttributes: ar.TDAttributes{
 								SeptVEDisable: true,
 							},
 							Xfam: validXFAM,
@@ -180,18 +182,18 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Nonce",
 			args: args{
-				tdxM: &Measurement{
+				tdxM: &ar.Measurement{
 					Type:     "TDX Measurement",
 					Evidence: tdxQuote,
 					Certs:    validTDXCertChain,
 				},
-				tdxV: []ReferenceValue{
+				tdxV: []ar.ReferenceValue{
 					{
 						Type:   "TDX Reference Value",
 						Sha256: validTDXMeasurement,
-						Tdx: &TDXDetails{
+						Tdx: &ar.TDXDetails{
 							Version: 0x04,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_tdx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -199,19 +201,19 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: tdxRootCAFingerprint,
-							TdId: TDId{
+							TdId: ar.TDId{
 								MrOwner:       mrOwner,
 								MrOwnerConfig: mrOwnerConfig,
 								MrConfigId:    mrConfigId,
 							},
-							TdMeas: TDMeasurements{
+							TdMeas: ar.TDMeasurements{
 								RtMr0:  rtMr0HashChain,
 								RtMr1:  rtMr1HashChain,
 								RtMr2:  rtMr2HashChain,
 								RtMr3:  rtMr3HashChain,
 								MrSeam: dec(validMrSeam),
 							},
-							TdAttributes: TDAttributes{
+							TdAttributes: ar.TDAttributes{
 								SeptVEDisable: true,
 							},
 							Xfam: validXFAM,
@@ -225,18 +227,18 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Certificate Chain",
 			args: args{
-				tdxM: &Measurement{
+				tdxM: &ar.Measurement{
 					Type:     "TDX Measurement",
 					Evidence: tdxQuote,
 					Certs:    [][]byte{},
 				},
-				tdxV: []ReferenceValue{
+				tdxV: []ar.ReferenceValue{
 					{
 						Type:   "TDX Reference Value",
 						Sha256: validTDXMeasurement,
-						Tdx: &TDXDetails{
+						Tdx: &ar.TDXDetails{
 							Version: 0x04,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_tdx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -244,19 +246,19 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: tdxRootCAFingerprint,
-							TdId: TDId{
+							TdId: ar.TDId{
 								MrOwner:       mrOwner,
 								MrOwnerConfig: mrOwnerConfig,
 								MrConfigId:    mrConfigId,
 							},
-							TdMeas: TDMeasurements{
+							TdMeas: ar.TDMeasurements{
 								RtMr0:  rtMr0HashChain,
 								RtMr1:  rtMr1HashChain,
 								RtMr2:  rtMr2HashChain,
 								RtMr3:  rtMr3HashChain,
 								MrSeam: dec(validMrSeam),
 							},
-							TdAttributes: TDAttributes{
+							TdAttributes: ar.TDAttributes{
 								SeptVEDisable: true,
 							},
 							Xfam: validXFAM,
@@ -270,18 +272,18 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Measurement",
 			args: args{
-				tdxM: &Measurement{
+				tdxM: &ar.Measurement{
 					Type:     "TDX Measurement",
 					Evidence: tdxQuote,
 					Certs:    validTDXCertChain,
 				},
-				tdxV: []ReferenceValue{
+				tdxV: []ar.ReferenceValue{
 					{
 						Type:   "TDX Reference Value",
 						Sha256: []byte("12345"),
-						Tdx: &TDXDetails{
+						Tdx: &ar.TDXDetails{
 							Version: 0x04,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_tdx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -289,19 +291,19 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: tdxRootCAFingerprint,
-							TdId: TDId{
+							TdId: ar.TDId{
 								MrOwner:       mrOwner,
 								MrOwnerConfig: mrOwnerConfig,
 								MrConfigId:    mrConfigId,
 							},
-							TdMeas: TDMeasurements{
+							TdMeas: ar.TDMeasurements{
 								RtMr0:  rtMr0HashChain,
 								RtMr1:  rtMr1HashChain,
 								RtMr2:  rtMr2HashChain,
 								RtMr3:  rtMr3HashChain,
 								MrSeam: dec(validMrSeam),
 							},
-							TdAttributes: TDAttributes{
+							TdAttributes: ar.TDAttributes{
 								SeptVEDisable: true,
 							},
 							Xfam: validXFAM,
@@ -315,18 +317,18 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 		{
 			name: "Invalid Attributes",
 			args: args{
-				tdxM: &Measurement{
+				tdxM: &ar.Measurement{
 					Type:     "TDX Measurement",
 					Evidence: tdxQuote,
 					Certs:    validTDXCertChain,
 				},
-				tdxV: []ReferenceValue{
+				tdxV: []ar.ReferenceValue{
 					{
 						Type:   "TDX Reference Value",
 						Sha256: validTDXMeasurement,
-						Tdx: &TDXDetails{
+						Tdx: &ar.TDXDetails{
 							Version: 0x04,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_tdx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -334,19 +336,19 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: tdxRootCAFingerprint,
-							TdId: TDId{
+							TdId: ar.TDId{
 								MrOwner:       mrOwner,
 								MrOwnerConfig: mrOwnerConfig,
 								MrConfigId:    mrConfigId,
 							},
-							TdMeas: TDMeasurements{
+							TdMeas: ar.TDMeasurements{
 								RtMr0:  rtMr0HashChain,
 								RtMr1:  rtMr1HashChain,
 								RtMr2:  rtMr2HashChain,
 								RtMr3:  rtMr3HashChain,
 								MrSeam: dec(validMrSeam),
 							},
-							TdAttributes: TDAttributes{
+							TdAttributes: ar.TDAttributes{
 								Debug: true,
 							},
 							Xfam: validXFAM,
@@ -360,18 +362,18 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 		{
 			name: "Invalid TcbInfo",
 			args: args{
-				tdxM: &Measurement{
+				tdxM: &ar.Measurement{
 					Type:     "TDX Measurement",
 					Evidence: tdxQuote,
 					Certs:    validTDXCertChain,
 				},
-				tdxV: []ReferenceValue{
+				tdxV: []ar.ReferenceValue{
 					{
 						Type:   "TDX Reference Value",
 						Sha256: validTDXMeasurement,
-						Tdx: &TDXDetails{
+						Tdx: &ar.TDXDetails{
 							Version: 0x04,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_tdx,
 								TcbInfo:        []byte("0"),
 								TcbInfoSize:    1,
@@ -379,19 +381,19 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: tdxRootCAFingerprint,
-							TdId: TDId{
+							TdId: ar.TDId{
 								MrOwner:       mrOwner,
 								MrOwnerConfig: mrOwnerConfig,
 								MrConfigId:    mrConfigId,
 							},
-							TdMeas: TDMeasurements{
+							TdMeas: ar.TDMeasurements{
 								RtMr0:  rtMr0HashChain,
 								RtMr1:  rtMr1HashChain,
 								RtMr2:  rtMr2HashChain,
 								RtMr3:  rtMr3HashChain,
 								MrSeam: dec(validMrSeam),
 							},
-							TdAttributes: TDAttributes{
+							TdAttributes: ar.TDAttributes{
 								SeptVEDisable: true,
 							},
 							Xfam: validXFAM,
@@ -405,18 +407,18 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 		{
 			name: "Invalid QEIdentity",
 			args: args{
-				tdxM: &Measurement{
+				tdxM: &ar.Measurement{
 					Type:     "TDX Measurement",
 					Evidence: tdxQuote,
 					Certs:    validTDXCertChain,
 				},
-				tdxV: []ReferenceValue{
+				tdxV: []ar.ReferenceValue{
 					{
 						Type:   "TDX Reference Value",
 						Sha256: validTDXMeasurement,
-						Tdx: &TDXDetails{
+						Tdx: &ar.TDXDetails{
 							Version: 0x04,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_tdx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -424,19 +426,19 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 								QeIdentitySize: 1,
 							},
 							CaFingerprint: tdxRootCAFingerprint,
-							TdId: TDId{
+							TdId: ar.TDId{
 								MrOwner:       mrOwner,
 								MrOwnerConfig: mrOwnerConfig,
 								MrConfigId:    mrConfigId,
 							},
-							TdMeas: TDMeasurements{
+							TdMeas: ar.TDMeasurements{
 								RtMr0:  rtMr0HashChain,
 								RtMr1:  rtMr1HashChain,
 								RtMr2:  rtMr2HashChain,
 								RtMr3:  rtMr3HashChain,
 								MrSeam: dec(validMrSeam),
 							},
-							TdAttributes: TDAttributes{
+							TdAttributes: ar.TDAttributes{
 								SeptVEDisable: true,
 							},
 							Xfam: validXFAM,
@@ -450,18 +452,18 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 		{
 			name: "Invalid MrSeam",
 			args: args{
-				tdxM: &Measurement{
+				tdxM: &ar.Measurement{
 					Type:     "TDX Measurement",
 					Evidence: tdxQuote,
 					Certs:    validTDXCertChain,
 				},
-				tdxV: []ReferenceValue{
+				tdxV: []ar.ReferenceValue{
 					{
 						Type:   "TDX Reference Value",
 						Sha256: validTDXMeasurement,
-						Tdx: &TDXDetails{
+						Tdx: &ar.TDXDetails{
 							Version: 0x04,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_tdx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -469,19 +471,19 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: tdxRootCAFingerprint,
-							TdId: TDId{
+							TdId: ar.TDId{
 								MrOwner:       mrOwner,
 								MrOwnerConfig: mrOwnerConfig,
 								MrConfigId:    mrConfigId,
 							},
-							TdMeas: TDMeasurements{
+							TdMeas: ar.TDMeasurements{
 								RtMr0:  rtMr0HashChain,
 								RtMr1:  rtMr1HashChain,
 								RtMr2:  rtMr2HashChain,
 								RtMr3:  rtMr3HashChain,
-								MrSeam: HexByte{0x01},
+								MrSeam: ar.HexByte{0x01},
 							},
-							TdAttributes: TDAttributes{
+							TdAttributes: ar.TDAttributes{
 								SeptVEDisable: true,
 							},
 							Xfam: validXFAM,
@@ -495,18 +497,18 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 		{
 			name: "Missing HashChain Values",
 			args: args{
-				tdxM: &Measurement{
+				tdxM: &ar.Measurement{
 					Type:     "TDX Measurement",
 					Evidence: tdxQuote,
 					Certs:    validTDXCertChain,
 				},
-				tdxV: []ReferenceValue{
+				tdxV: []ar.ReferenceValue{
 					{
 						Type:   "TDX Reference Value",
 						Sha256: validTDXMeasurement,
-						Tdx: &TDXDetails{
+						Tdx: &ar.TDXDetails{
 							Version: 0x04,
-							Collateral: IntelCollateral{
+							Collateral: ar.IntelCollateral{
 								TeeType:        tee_type_tdx,
 								TcbInfo:        []byte{},
 								TcbInfoSize:    0,
@@ -514,13 +516,13 @@ func Test_verifyTdxMeasurements(t *testing.T) {
 								QeIdentitySize: 0,
 							},
 							CaFingerprint: tdxRootCAFingerprint,
-							TdId: TDId{
+							TdId: ar.TDId{
 								MrOwner:       mrOwner,
 								MrOwnerConfig: mrOwnerConfig,
 								MrConfigId:    mrConfigId,
 							},
-							TdMeas: TDMeasurements{},
-							TdAttributes: TDAttributes{
+							TdMeas: ar.TDMeasurements{},
+							TdAttributes: ar.TDAttributes{
 								SeptVEDisable: true,
 							},
 							Xfam: validXFAM,
@@ -1412,28 +1414,28 @@ var (
 	mrOwner          = [48]byte{} // 0x00s
 	mrOwnerConfig    = [48]byte{} // 0x00s
 	mrConfigId       = [48]byte{} // 0x00s
-	rtMr0HashChain   = RtMrHashChainElem{
+	rtMr0HashChain   = ar.RtMrHashChainElem{
 		Type:    "Runtime Measurement",
 		Name:    "RtMr0",
-		Hashes:  []HexByte{dec(rtMr0)},
+		Hashes:  []ar.HexByte{dec(rtMr0)},
 		Summary: true,
 	}
-	rtMr1HashChain = RtMrHashChainElem{
+	rtMr1HashChain = ar.RtMrHashChainElem{
 		Type:    "Runtime Measurement",
 		Name:    "RtMr1",
-		Hashes:  []HexByte{dec(rtMr1)},
+		Hashes:  []ar.HexByte{dec(rtMr1)},
 		Summary: true,
 	}
-	rtMr2HashChain = RtMrHashChainElem{
+	rtMr2HashChain = ar.RtMrHashChainElem{
 		Type:    "Runtime Measurement",
 		Name:    "RtMr2",
-		Hashes:  []HexByte{dec(rtMr2)},
+		Hashes:  []ar.HexByte{dec(rtMr2)},
 		Summary: true,
 	}
-	rtMr3HashChain = RtMrHashChainElem{
+	rtMr3HashChain = ar.RtMrHashChainElem{
 		Type:    "Runtime Measurement",
 		Name:    "RtMr3",
-		Hashes:  []HexByte{dec(rtMr3)},
+		Hashes:  []ar.HexByte{dec(rtMr3)},
 		Summary: true,
 	}
 	rtMr0       = "e1af75e61927410e42b54b39f6681cf9b0bfbae512b15e870e4c8d9d5a5cb385571b0e1dc2f70bf9ccef08560f0a2b58"
diff --git a/attestationreport/tpm.go b/verify/tpm.go
similarity index 88%
rename from attestationreport/tpm.go
rename to verify/tpm.go
index 85504e6b..fbc8dcd6 100644
--- a/attestationreport/tpm.go
+++ b/verify/tpm.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"bytes"
@@ -24,15 +24,16 @@ import (
 	"sort"
 	"strings"
 
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
 	"github.com/google/go-tpm/legacy/tpm2"
 )
 
-func verifyTpmMeasurements(tpmM Measurement, nonce []byte, referenceValues []ReferenceValue, cas []*x509.Certificate) (*MeasurementResult, bool) {
+func verifyTpmMeasurements(tpmM ar.Measurement, nonce []byte, referenceValues []ar.ReferenceValue, cas []*x509.Certificate) (*ar.MeasurementResult, bool) {
 
-	result := &MeasurementResult{
+	result := &ar.MeasurementResult{
 		Type:      "TPM Result",
-		TpmResult: &TpmResult{},
+		TpmResult: &ar.TpmResult{},
 	}
 
 	log.Trace("Verifying TPM measurements")
@@ -51,7 +52,7 @@ func verifyTpmMeasurements(tpmM Measurement, nonce []byte, referenceValues []Ref
 	tpmsAttest, err := tpm2.DecodeAttestationData(tpmM.Evidence)
 	if err != nil {
 		log.Tracef("Failed to decode TPM attestation data: %v", err)
-		result.Summary.SetErr(ParseEvidence)
+		result.Summary.SetErr(ar.ParseEvidence)
 		return result, false
 	}
 
@@ -95,7 +96,7 @@ func verifyTpmMeasurements(tpmM Measurement, nonce []byte, referenceValues []Ref
 	mCerts, err := internal.ParseCertsDer(tpmM.Certs)
 	if err != nil {
 		log.Tracef("Failed to parse measurement certs: %v", err)
-		result.Signature.CertChainCheck.SetErr(ParseCert)
+		result.Signature.CertChainCheck.SetErr(ar.ParseCert)
 		result.Summary.Success = false
 		return result, false
 	}
@@ -109,7 +110,7 @@ func verifyTpmMeasurements(tpmM Measurement, nonce []byte, referenceValues []Ref
 	x509Chains, err := internal.VerifyCertChain(mCerts, cas)
 	if err != nil {
 		log.Tracef("Failed to verify certificate chain: %v", err)
-		result.Signature.CertChainCheck.SetErr(VerifyCertChain)
+		result.Signature.CertChainCheck.SetErr(ar.VerifyCertChain)
 		ok = false
 	} else {
 		result.Signature.CertChainCheck.Success = true
@@ -118,9 +119,9 @@ func verifyTpmMeasurements(tpmM Measurement, nonce []byte, referenceValues []Ref
 
 	//Store details from (all) validated certificate chain(s) in the report
 	for _, chain := range x509Chains {
-		chainExtracted := []X509CertExtracted{}
+		chainExtracted := []ar.X509CertExtracted{}
 		for _, cert := range chain {
-			chainExtracted = append(chainExtracted, ExtractX509Infos(cert))
+			chainExtracted = append(chainExtracted, ar.ExtractX509Infos(cert))
 		}
 		result.Signature.ValidatedCerts = append(result.Signature.ValidatedCerts, chainExtracted)
 	}
@@ -130,16 +131,16 @@ func verifyTpmMeasurements(tpmM Measurement, nonce []byte, referenceValues []Ref
 	return result, ok
 }
 
-func recalculatePcrs(measurement Measurement, referenceValues []ReferenceValue) (map[int][]byte, []PcrResult, []DigestResult, bool) {
+func recalculatePcrs(measurement ar.Measurement, referenceValues []ar.ReferenceValue) (map[int][]byte, []ar.PcrResult, []ar.DigestResult, bool) {
 	ok := true
-	pcrResults := make([]PcrResult, 0)
-	detailedResults := make([]DigestResult, 0)
+	pcrResults := make([]ar.PcrResult, 0)
+	detailedResults := make([]ar.DigestResult, 0)
 	calculatedPcrs := make(map[int][]byte)
 
 	// Iterate over the provided measurement
 	for _, measuredPcr := range measurement.Pcrs {
 
-		pcrResult := PcrResult{
+		pcrResult := ar.PcrResult{
 			Pcr:     measuredPcr.Pcr,
 			Success: true,
 		}
@@ -169,7 +170,7 @@ func recalculatePcrs(measurement Measurement, referenceValues []ReferenceValue)
 				// Check for every event that a corresponding reference value exists
 				ref := getReferenceValue(event.Sha256, measuredPcr.Pcr, referenceValues)
 				if ref == nil {
-					measResult := DigestResult{
+					measResult := ar.DigestResult{
 						Type:      "Measurement",
 						Pcr:       &pcrNum,
 						Digest:    hex.EncodeToString(event.Sha256),
@@ -194,7 +195,7 @@ func recalculatePcrs(measurement Measurement, referenceValues []ReferenceValue)
 					nameInfo += ": " + event.EventName
 				}
 
-				measResult := DigestResult{
+				measResult := ar.DigestResult{
 					Pcr:         &pcrNum,
 					Digest:      hex.EncodeToString(event.Sha256),
 					Success:     true,
@@ -226,7 +227,7 @@ func recalculatePcrs(measurement Measurement, referenceValues []ReferenceValue)
 
 					// As we only have the PCR summary, we will later  set all reference values
 					// to true/false depending on whether the calculation matches the PCR summary
-					measResult := DigestResult{
+					measResult := ar.DigestResult{
 						Pcr:         &pcrNum,
 						Digest:      hex.EncodeToString(ref.Sha256),
 						Name:        ref.Name,
@@ -280,7 +281,7 @@ func recalculatePcrs(measurement Measurement, referenceValues []ReferenceValue)
 	for _, ref := range referenceValues {
 
 		if ref.Pcr == nil {
-			result := DigestResult{
+			result := ar.DigestResult{
 				Type:        "Reference Value",
 				Success:     false,
 				Name:        ref.Name,
@@ -314,7 +315,7 @@ func recalculatePcrs(measurement Measurement, referenceValues []ReferenceValue)
 					}
 				}
 				if !foundEvent {
-					result := DigestResult{
+					result := ar.DigestResult{
 						Type:        "Reference Value",
 						Pcr:         ref.Pcr,
 						Success:     false,
@@ -331,7 +332,7 @@ func recalculatePcrs(measurement Measurement, referenceValues []ReferenceValue)
 			}
 		}
 		if !foundPcr {
-			result := DigestResult{
+			result := ar.DigestResult{
 				Type:        "Reference Value",
 				Pcr:         ref.Pcr,
 				Success:     false,
@@ -348,31 +349,31 @@ func recalculatePcrs(measurement Measurement, referenceValues []ReferenceValue)
 	return calculatedPcrs, pcrResults, detailedResults, ok
 }
 
-func verifyTpmQuoteSignature(quote, sig []byte, cert *x509.Certificate) Result {
+func verifyTpmQuoteSignature(quote, sig []byte, cert *x509.Certificate) ar.Result {
 
 	buf := new(bytes.Buffer)
 	buf.Write((sig))
 	tpmtSig, err := tpm2.DecodeSignature(buf)
 	if err != nil {
 		log.Tracef("Failed to decode TPM signature: %v", err)
-		return Result{Success: false, ErrorCode: Parse}
+		return ar.Result{Success: false, ErrorCode: ar.Parse}
 	}
 
 	if tpmtSig.Alg != tpm2.AlgRSASSA {
 		log.Tracef("Hash algorithm %v not supported", tpmtSig.Alg)
-		return Result{Success: false, ErrorCode: UnsupportedAlgorithm}
+		return ar.Result{Success: false, ErrorCode: ar.UnsupportedAlgorithm}
 	}
 
 	// Extract public key from x509 certificate
 	pubKey, ok := cert.PublicKey.(*rsa.PublicKey)
 	if !ok {
 		log.Tracef("Failed to extract public key from certificate")
-		return Result{Success: false, ErrorCode: ExtractPubKey}
+		return ar.Result{Success: false, ErrorCode: ar.ExtractPubKey}
 	}
 	hashAlg, err := tpmtSig.RSA.HashAlg.Hash()
 	if err != nil {
 		log.Tracef("Hash algorithm not supported")
-		return Result{Success: false, ErrorCode: UnsupportedAlgorithm}
+		return ar.Result{Success: false, ErrorCode: ar.UnsupportedAlgorithm}
 	}
 
 	// Hash the quote and Verify the TPM Quote signature
@@ -380,13 +381,13 @@ func verifyTpmQuoteSignature(quote, sig []byte, cert *x509.Certificate) Result {
 	err = rsa.VerifyPKCS1v15(pubKey, hashAlg, hashed[:], tpmtSig.RSA.Signature)
 	if err != nil {
 		log.Tracef("Failed to verify TPM quote signature: %v", err)
-		return Result{Success: false, ErrorCode: VerifySignature}
+		return ar.Result{Success: false, ErrorCode: ar.VerifySignature}
 	}
-	return Result{Success: true}
+	return ar.Result{Success: true}
 }
 
 // Searches for a specific hash value in the reference values for RTM and OS
-func getReferenceValue(hash []byte, pcr int, refVals []ReferenceValue) *ReferenceValue {
+func getReferenceValue(hash []byte, pcr int, refVals []ar.ReferenceValue) *ar.ReferenceValue {
 	for _, ref := range refVals {
 		if *ref.Pcr == pcr && bytes.Equal(ref.Sha256, hash) {
 			return &ref
diff --git a/attestationreport/tpm_test.go b/verify/tpm_test.go
similarity index 94%
rename from attestationreport/tpm_test.go
rename to verify/tpm_test.go
index 4f0bff6a..bdb1ad86 100644
--- a/attestationreport/tpm_test.go
+++ b/verify/tpm_test.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"crypto/x509"
@@ -24,25 +24,27 @@ import (
 	"testing"
 
 	"github.com/sirupsen/logrus"
+
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
 )
 
 func Test_verifyTpmMeasurements(t *testing.T) {
 	type args struct {
-		tpmM            *Measurement
+		tpmM            *ar.Measurement
 		nonce           []byte
-		referenceValues []ReferenceValue
+		referenceValues []ar.ReferenceValue
 		cas             []*x509.Certificate
 	}
 	tests := []struct {
 		name  string
 		args  args
-		want  *MeasurementResult
+		want  *ar.MeasurementResult
 		want1 bool
 	}{
 		{
 			name: "Valid TPM Measurement Summary",
 			args: args{
-				tpmM: &Measurement{
+				tpmM: &ar.Measurement{
 					Type:      "TPM Measurement",
 					Evidence:  validQuote,
 					Signature: validSignature,
@@ -59,7 +61,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
 		{
 			name: "Valid TPM Measurement",
 			args: args{
-				tpmM: &Measurement{
+				tpmM: &ar.Measurement{
 					Type:      "TPM Measurement",
 					Evidence:  validQuote,
 					Signature: validSignature,
@@ -76,7 +78,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
 		{
 			name: "Invalid Nonce",
 			args: args{
-				tpmM: &Measurement{
+				tpmM: &ar.Measurement{
 					Type:      "TPM Measurement",
 					Evidence:  validQuote,
 					Signature: validSignature,
@@ -93,7 +95,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
 		{
 			name: "Invalid Signature",
 			args: args{
-				tpmM: &Measurement{
+				tpmM: &ar.Measurement{
 					Type:      "TPM Measurement",
 					Evidence:  validQuote,
 					Signature: invalidSignature,
@@ -110,7 +112,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
 		{
 			name: "Invalid HashChain Summary",
 			args: args{
-				tpmM: &Measurement{
+				tpmM: &ar.Measurement{
 					Type:      "TPM Measurement",
 					Evidence:  validQuote,
 					Signature: validSignature,
@@ -127,7 +129,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
 		{
 			name: "Invalid HashChain",
 			args: args{
-				tpmM: &Measurement{
+				tpmM: &ar.Measurement{
 					Type:      "TPM Measurement",
 					Evidence:  validQuote,
 					Signature: validSignature,
@@ -144,7 +146,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
 		{
 			name: "Invalid Reference Values",
 			args: args{
-				tpmM: &Measurement{
+				tpmM: &ar.Measurement{
 					Type:      "TPM Measurement",
 					Evidence:  validQuote,
 					Signature: invalidSignature,
@@ -161,7 +163,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
 		{
 			name: "Invalid CA SubjectKeyId",
 			args: args{
-				tpmM: &Measurement{
+				tpmM: &ar.Measurement{
 					Type:      "TPM Measurement",
 					Evidence:  validQuote,
 					Signature: validSignature,
@@ -178,7 +180,7 @@ func Test_verifyTpmMeasurements(t *testing.T) {
 		{
 			name: "Invalid Cert Chain",
 			args: args{
-				tpmM: &Measurement{
+				tpmM: &ar.Measurement{
 					Type:      "TPM Measurement",
 					Evidence:  validQuote,
 					Signature: validSignature,
@@ -247,7 +249,7 @@ var (
 
 	invalidSignature, _ = hex.DecodeString("0014000b0100740e077a77ff6ac21754d036f751f5f8ec5ec59448aab05bb5fd2b5d81df58bde3550d855ecf16cd25e36b5688122cfaac1a86ab94954b81d49a1b7fc7648ad26b8b808ce846fe7fd49355d2461d049904e97aa687749d55510f09b7c8610b95b6d557ebdaa25a19bfa1663f236419a1a8d974dd05b14de7f28fbce0a54c3ac428a9cf7f0752cc290580ff8d63e33050c0f53582ae24fe4d30792da71d5ef93581e3371147ed4732a0c0c0461489b1b64b1f28dd5153dbc674f04a21e279833433eabec1642cd386fdca6e52b583b2c914ebcd3c7a334214dc5e7c02880b033e321cb261ed6044785e70599d269511f83a20ee45034f0803d623763d461ce763")
 
-	validSummaryHashChain = []PcrMeasurement{
+	validSummaryHashChain = []ar.PcrMeasurement{
 		{
 			Type:    "PCR Summary",
 			Pcr:     1,
@@ -260,7 +262,7 @@ var (
 		},
 	}
 
-	invalidSummaryHashChain = []PcrMeasurement{
+	invalidSummaryHashChain = []ar.PcrMeasurement{
 		{
 			Type:    "PCR Summary",
 			Pcr:     1,
@@ -273,11 +275,11 @@ var (
 		},
 	}
 
-	validHashChain = []PcrMeasurement{
+	validHashChain = []ar.PcrMeasurement{
 		{
 			Type: "PCR Eventlog",
 			Pcr:  1,
-			Events: []PcrEvent{
+			Events: []ar.PcrEvent{
 				{Sha256: dec("ef5631c7bbb8d98ad220e211933fcde16aac6154cf229fea3c728fb0f2c27e39")},
 				{Sha256: dec("131462b45df65ac00834c7e73356c246037456959674acd24b08357690a03845")},
 				{Sha256: dec("8574d91b49f1c9a6ecc8b1e8565bd668f819ea8ed73c5f682948141587aecd3b")},
@@ -292,7 +294,7 @@ var (
 		{
 			Type: "PCR Eventlog",
 			Pcr:  4,
-			Events: []PcrEvent{
+			Events: []ar.PcrEvent{
 				{Sha256: dec("3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba")},
 				{Sha256: dec("df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119")},
 				{Sha256: dec("dbffd70a2c43fd2c1931f18b8f8c08c5181db15f996f747dfed34def52fad036")},
@@ -302,11 +304,11 @@ var (
 		},
 	}
 
-	invalidHashChain = []PcrMeasurement{
+	invalidHashChain = []ar.PcrMeasurement{
 		{
 			Type: "PCR Eventlog",
 			Pcr:  1,
-			Events: []PcrEvent{
+			Events: []ar.PcrEvent{
 				{Sha256: dec("ff5631c7bbb8d98ad220e211933fcde16aac6154cf229fea3c728fb0f2c27e39")},
 				{Sha256: dec("131462b45df65ac00834c7e73356c246037456959674acd24b08357690a03845")},
 				{Sha256: dec("8574d91b49f1c9a6ecc8b1e8565bd668f819ea8ed73c5f682948141587aecd3b")},
@@ -321,7 +323,7 @@ var (
 		{
 			Type: "PCR Eventlog",
 			Pcr:  4,
-			Events: []PcrEvent{
+			Events: []ar.PcrEvent{
 				{Sha256: dec("3d6772b4f84ed47595d72a2c4c5ffd15f5bb72c7507fe26f2aaee2c69d5633ba")},
 				{Sha256: dec("df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119")},
 				{Sha256: dec("dbffd70a2c43fd2c1931f18b8f8c08c5181db15f996f747dfed34def52fad036")},
@@ -346,7 +348,7 @@ var (
 
 	pcrs = [23]int{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22}
 
-	validReferenceValues = []ReferenceValue{
+	validReferenceValues = []ar.ReferenceValue{
 		{
 			Type:   "TPM Reference Value",
 			Sha256: dec("ef5631c7bbb8d98ad220e211933fcde16aac6154cf229fea3c728fb0f2c27e39"),
@@ -433,7 +435,7 @@ var (
 		},
 	}
 
-	invalidReferenceValues = []ReferenceValue{
+	invalidReferenceValues = []ar.ReferenceValue{
 		{
 			Type:   "TPM Reference Value",
 			Sha256: dec("1310b2b63dc1222516e5c12cedc1cc48e338f85430849b5a5b5256467e2cd0f0"),
@@ -442,11 +444,11 @@ var (
 		},
 	}
 
-	validResult = Result{
+	validResult = ar.Result{
 		Success: true,
 	}
 
-	validArtifacts = []DigestResult{
+	validArtifacts = []ar.DigestResult{
 		{
 			Digest:  "ef5631c7bbb8d98ad220e211933fcde16aac6154cf229fea3c728fb0f2c27e39",
 			Name:    "EV_CPU_MICROCODE",
@@ -536,20 +538,20 @@ var (
 	deviceCertserial, _ = new(big.Int).SetString("1", 10)
 	caCertserial, _     = new(big.Int).SetString("634815014411613577372985193537194269253199433648", 10)
 
-	validSignatureResult = SignatureResult{
-		ValidatedCerts: [][]X509CertExtracted{
+	validSignatureResult = ar.SignatureResult{
+		ValidatedCerts: [][]ar.X509CertExtracted{
 			{
 				{
 					Version:      3,
 					SerialNumber: deviceCertserial,
-					Issuer: X509Name{
+					Issuer: ar.X509Name{
 						Country:            []string{"DE"},
 						Organization:       []string{"Test Company"},
 						OrganizationalUnit: []string{"Root CA"},
 						Locality:           []string{"Test City"},
 						CommonName:         "Test Root CA",
 					},
-					Subject: X509Name{
+					Subject: ar.X509Name{
 						Country:            []string{"DE"},
 						Organization:       []string{"Test Organization"},
 						OrganizationalUnit: []string{"device"},
@@ -559,7 +561,7 @@ var (
 						PostalCode:         []string{"85748"},
 						CommonName:         "de.test.ak.device0",
 					},
-					Validity: Validity{
+					Validity: ar.Validity{
 						NotBefore: "2022-11-07 08:51:49 +0000 UTC",
 						NotAfter:  "2027-10-12 08:51:49 +0000 UTC",
 					},
@@ -567,7 +569,7 @@ var (
 					SignatureAlgorithm: "ECDSA-SHA256",
 					PublicKeyAlgorithm: "RSA",
 					PublicKey:          "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszEASVD7GIFw2t+k813q\nSyah+290gDAEdpcle1rQlw3bxq94gvHaBa4CWGkH3SHQieBakRNRyTGYAn8q9O2w\n4fWWFFB5bBcuYVyJdzaUoPc2T/922notV3tZonPHwy00yWytiAb22mMaCAhJNDIU\nAJBieZqluq9/w5LRQ/3e9RN4CcIoFEMA4pPcWOlSXrLrpu4CdTW7Uj03tcFR6bqd\nBKXD0rKauBdIbQe9ul7t/pxaY0kLZ0k53HGk3nbcWr0j2Iwg6L4rYNd+zDZKHG0i\nPQ0RbH7+Ao2Gx1WWfkSdhqtJ5/s3Xa0dNJmeXqhNa2dMYxpKY59rVuQSleC4z3FX\n1wIDAQAB\n-----END PUBLIC KEY-----\n",
-					Extensions: []PkixExtension{
+					Extensions: []ar.PkixExtension{
 						{
 							Id:       "2.5.29.15",
 							Critical: true,
@@ -598,21 +600,21 @@ var (
 				{
 					Version:      3,
 					SerialNumber: caCertserial,
-					Issuer: X509Name{
+					Issuer: ar.X509Name{
 						Country:            []string{"DE"},
 						Organization:       []string{"Test Company"},
 						OrganizationalUnit: []string{"Root CA"},
 						Locality:           []string{"Test City"},
 						CommonName:         "Test Root CA",
 					},
-					Subject: X509Name{
+					Subject: ar.X509Name{
 						Country:            []string{"DE"},
 						Organization:       []string{"Test Company"},
 						OrganizationalUnit: []string{"Root CA"},
 						Locality:           []string{"Test City"},
 						CommonName:         "Test Root CA",
 					},
-					Validity: Validity{
+					Validity: ar.Validity{
 						NotBefore: "2022-10-23 17:01:00 +0000 UTC",
 						NotAfter:  "2027-10-22 17:01:00 +0000 UTC",
 					},
@@ -620,7 +622,7 @@ var (
 					SignatureAlgorithm: "ECDSA-SHA256",
 					PublicKeyAlgorithm: "ECDSA",
 					PublicKey:          "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESpo2j3WJNJJtz0EvWIhAhWlkt3zx\nEvkt8fXlJW6AnLjd3SN4T4oe2lADwWkC/FdAcmbfXPlXr6gsbgxB9Uc38Q==\n-----END PUBLIC KEY-----\n",
-					Extensions: []PkixExtension{
+					Extensions: []ar.PkixExtension{
 						{
 							Id:       "2.5.29.15",
 							Critical: true,
@@ -651,14 +653,14 @@ var (
 		ExtensionsCheck: nil,
 	}
 
-	validTpmMeasurementResult = MeasurementResult{
+	validTpmMeasurementResult = ar.MeasurementResult{
 		Type:      "TPM Result",
 		Summary:   validResult,
 		Freshness: validResult,
 		Signature: validSignatureResult,
 		Artifacts: validArtifacts,
-		TpmResult: &TpmResult{
-			PcrMatch: []PcrResult{
+		TpmResult: &ar.TpmResult{
+			PcrMatch: []ar.PcrResult{
 				{
 					Pcr:        1,
 					Calculated: "5f96aec0a6b390185495c35bc76dceb9fa6addb4e59b6fc1b3e1992eeb08a5c6",
diff --git a/verify/verify.go b/verify/verify.go
new file mode 100644
index 00000000..57efaa79
--- /dev/null
+++ b/verify/verify.go
@@ -0,0 +1,673 @@
+// Copyright (c) 2021 Fraunhofer AISEC
+// Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package verify
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"crypto/sha512"
+	"crypto/x509"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"strconv"
+
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
+	"github.com/Fraunhofer-AISEC/cmc/internal"
+	"github.com/fxamacker/cbor/v2"
+	"github.com/sirupsen/logrus"
+
+	"time"
+)
+
+type PolicyEngineSelect uint32
+
+const (
+	PolicyEngineSelect_None    PolicyEngineSelect = 0
+	PolicyEngineSelect_JS      PolicyEngineSelect = 1
+	PolicyEngineSelect_DukTape PolicyEngineSelect = 2
+)
+
+type PolicyValidator interface {
+	Validate(policies []byte, result ar.VerificationResult) bool
+}
+
+var (
+	log = logrus.WithField("service", "ar")
+
+	policyEngines = map[PolicyEngineSelect]PolicyValidator{}
+)
+
+// Verify verifies an attestation report in full serialized JWS
+// format against the supplied nonce and CA certificate. Verifies the certificate
+// chains of all attestation report elements as well as the measurements against
+// the reference values and the compatibility of software artefacts.
+func Verify(arRaw, nonce, casPem []byte, policies []byte, polEng PolicyEngineSelect, intelCache string) ar.VerificationResult {
+	result := ar.VerificationResult{
+		Type:        "Verification Result",
+		Success:     true,
+		SwCertLevel: 0}
+
+	cas, err := internal.ParseCertsPem(casPem)
+	if err != nil {
+		log.Tracef("Failed to parse specified CA certificate(s): %v", err)
+		result.Success = false
+		result.ErrorCode = ar.ParseCA
+		return result
+	}
+
+	// Detect serialization format
+	var s ar.Serializer
+	if json.Valid(arRaw) {
+		log.Trace("Detected JSON serialization")
+		s = ar.JsonSerializer{}
+	} else if err := cbor.Valid(arRaw); err == nil {
+		log.Trace("Detected CBOR serialization")
+		s = ar.CborSerializer{}
+	} else {
+		log.Trace("Unable to detect AR serialization format")
+		result.Success = false
+		result.ErrorCode = ar.UnknownSerialization
+		return result
+	}
+
+	// Verify and unpack attestation report
+	report, tr, code := verifyAr(arRaw, cas, s)
+	result.ReportSignature = tr.SignatureCheck
+	if code != ar.NotSet {
+		result.ErrorCode = code
+		result.Success = false
+		return result
+	}
+
+	// Verify and unpack metadata from attestation report
+	metadata, mr, ok := verifyMetadata(report, cas, s)
+	if !ok {
+		result.Success = false
+	}
+	result.MetadataResult = *mr
+
+	// Verify nonce
+	if res := bytes.Compare(report.Nonce, nonce); res != 0 {
+		log.Tracef("Nonces mismatch: supplied nonce: %v, report nonce = %v",
+			hex.EncodeToString(nonce), hex.EncodeToString(report.Nonce))
+		result.FreshnessCheck.Success = false
+		result.FreshnessCheck.Expected = hex.EncodeToString(report.Nonce)
+		result.FreshnessCheck.Got = hex.EncodeToString(nonce)
+		result.Success = false
+	} else {
+		result.FreshnessCheck.Success = true
+	}
+
+	refVals, err := collectReferenceValues(metadata)
+	if err != nil {
+		log.Tracef("Failed to collect reference values: %v", err)
+		result.Success = false
+		result.ErrorCode = ar.RefValTypeNotSupported
+	}
+
+	hwAttest := false
+	for _, m := range report.Measurements {
+
+		switch mtype := m.Type; mtype {
+
+		case "TPM Measurement":
+			r, ok := verifyTpmMeasurements(m, nonce, refVals["TPM Reference Value"], cas)
+			if !ok {
+				result.Success = false
+			}
+			result.Measurements = append(result.Measurements, *r)
+			hwAttest = true
+
+		case "SNP Measurement":
+			r, ok := verifySnpMeasurements(m, nonce, refVals["SNP Reference Value"])
+			if !ok {
+				result.Success = false
+			}
+			result.Measurements = append(result.Measurements, *r)
+			hwAttest = true
+
+		case "TDX Measurement":
+			r, ok := verifyTdxMeasurements(m, nonce, intelCache, refVals["TDX Reference Value"])
+			if !ok {
+				result.Success = false
+			}
+			result.Measurements = append(result.Measurements, *r)
+			hwAttest = true
+
+		case "SGX Measurement":
+			r, ok := verifySgxMeasurements(m, nonce, intelCache, refVals["SGX Reference Value"])
+			if !ok {
+				result.Success = false
+			}
+			result.Measurements = append(result.Measurements, *r)
+			hwAttest = true
+
+		case "IAS Measurement":
+			r, ok := verifyIasMeasurements(m, nonce,
+				refVals["IAS Reference Value"], cas)
+			if !ok {
+				result.Success = false
+			}
+			result.Measurements = append(result.Measurements, *r)
+			hwAttest = true
+
+		default:
+			log.Tracef("Unsupported measurement type '%v'", mtype)
+			result.Success = false
+			result.ErrorCode = ar.MeasurementTypeNotSupported
+		}
+	}
+
+	// The lowest certification level of all components determines the certification
+	// level for the device's software stack
+	levels := make([]int, 0)
+	levels = append(levels, metadata.RtmManifest.CertificationLevel)
+	levels = append(levels, metadata.OsManifest.CertificationLevel)
+	for _, app := range metadata.AppManifests {
+		levels = append(levels, app.CertificationLevel)
+	}
+	aggCertLevel := levels[0]
+	for _, l := range levels {
+		if l < aggCertLevel {
+			aggCertLevel = l
+		}
+	}
+	// If no hardware trust anchor is present, the maximum certification level is 1
+	// If there are reference values with a higher trust level present, the remote attestation
+	// must fail
+	if !hwAttest && aggCertLevel > 1 {
+		log.Tracef("No hardware trust anchor measurements present but claimed certification level is %v, which requires a hardware trust anchor", aggCertLevel)
+		result.ErrorCode = ar.InvalidCertificationLevel
+		result.Success = false
+	}
+	result.SwCertLevel = aggCertLevel
+
+	// Verify the compatibility of the attestation report through verifying the
+	// compatibility of all components
+
+	// Check that the OS and RTM Manifest are specified in the Device Description
+	if metadata.DeviceDescription.RtmManifest == metadata.RtmManifest.Name {
+		result.DevDescResult.CorrectRtm.Success = true
+	} else {
+		log.Tracef("Device Description listed wrong RTM Manifest: %v vs. %v",
+			metadata.DeviceDescription.RtmManifest, metadata.RtmManifest.Name)
+		result.DevDescResult.CorrectRtm.Success = false
+		result.DevDescResult.CorrectRtm.Expected = metadata.DeviceDescription.RtmManifest
+		result.DevDescResult.CorrectRtm.Got = metadata.RtmManifest.Name
+		result.DevDescResult.Summary.Success = false
+		result.Success = false
+	}
+	if metadata.DeviceDescription.OsManifest == metadata.OsManifest.Name {
+		result.DevDescResult.CorrectOs.Success = true
+	} else {
+		log.Tracef("Device Description listed wrong OS Manifest: %v vs. %v",
+			metadata.DeviceDescription.OsManifest, metadata.OsManifest.Name)
+		result.DevDescResult.CorrectOs.Success = false
+		result.DevDescResult.CorrectOs.Expected = metadata.DeviceDescription.OsManifest
+		result.DevDescResult.CorrectOs.Got = metadata.OsManifest.Name
+		result.DevDescResult.Summary.Success = false
+		result.Success = false
+	}
+
+	// Extract app description names
+	appDescriptions := make([]string, 0)
+	for _, a := range metadata.DeviceDescription.AppDescriptions {
+		appDescriptions = append(appDescriptions, a.AppManifest)
+	}
+	// Extract app manifest names
+	appManifestNames := make([]string, 0)
+	for _, a := range metadata.AppManifests {
+		appManifestNames = append(appManifestNames, a.Name)
+	}
+
+	// Check that every AppManifest has a corresponding AppDescription
+	log.Tracef("Iterating app manifests length %v", len(metadata.AppManifests))
+	for _, a := range metadata.AppManifests {
+		r := ar.Result{
+			Success:       true,
+			ExpectedOneOf: appDescriptions,
+			Got:           a.Name,
+		}
+		if !contains(a.Name, appDescriptions) {
+			log.Tracef("Device Description does not list the following App Manifest: %v", a.Name)
+			r.Success = false
+			result.DevDescResult.Summary.Success = false
+			result.Success = false
+		}
+		result.DevDescResult.CorrectApps = append(result.DevDescResult.CorrectApps, r)
+	}
+
+	// Check that every App Description has a corresponding App Manifest
+	log.Tracef("Iterating app descriptions length %v", len(metadata.DeviceDescription.AppDescriptions))
+	for _, desc := range metadata.DeviceDescription.AppDescriptions {
+		found := false
+		for _, manifest := range metadata.AppManifests {
+			if desc.AppManifest == manifest.Name {
+				found = true
+			}
+		}
+		if !found {
+			log.Tracef("No app manifest for app description: %v", desc.AppManifest)
+			r := ar.Result{
+				Success:       false,
+				Got:           desc.AppManifest,
+				ExpectedOneOf: appManifestNames,
+			}
+			result.DevDescResult.CorrectApps = append(result.DevDescResult.CorrectApps, r)
+			result.Success = false
+		}
+	}
+
+	// Check that the Rtm Manifest is compatible with the OS Manifest
+	if contains(metadata.RtmManifest.Name, metadata.OsManifest.Rtms) {
+		result.DevDescResult.RtmOsCompatibility.Success = true
+	} else {
+		log.Tracef("RTM Manifest %v is not compatible with OS Manifest %v",
+			metadata.RtmManifest.Name, metadata.OsManifest.Name)
+		result.DevDescResult.RtmOsCompatibility.Success = false
+		result.DevDescResult.RtmOsCompatibility.ExpectedOneOf = metadata.OsManifest.Rtms
+		result.DevDescResult.RtmOsCompatibility.Got = metadata.RtmManifest.Name
+		result.DevDescResult.Summary.Success = false
+		result.Success = false
+	}
+
+	// Check that the OS Manifest is compatible with all App Manifests
+	for _, a := range metadata.AppManifests {
+		r := ar.Result{
+			Success:       true,
+			ExpectedOneOf: a.Oss,
+			Got:           metadata.OsManifest.Name,
+		}
+		if !contains(metadata.OsManifest.Name, a.Oss) {
+			log.Tracef("OS Manifest %v is not compatible with App Manifest %v", metadata.OsManifest.Name, a.Name)
+			r.Success = false
+			result.DevDescResult.Summary.Success = false
+			result.Success = false
+		}
+		result.DevDescResult.OsAppsCompatibility =
+			append(result.DevDescResult.OsAppsCompatibility, r)
+	}
+
+	// Validate policies if specified
+	result.PolicySuccess = true
+	if policies != nil {
+		p, ok := policyEngines[polEng]
+		if !ok {
+			log.Tracef("Internal error: policy engine %v not implemented", polEng)
+			result.Success = false
+			result.ErrorCode = ar.PolicyEngineNotImplemented
+			result.PolicySuccess = false
+		} else {
+			ok = p.Validate(policies, result)
+			if !ok {
+				log.Trace("Custom policy validation failed")
+				result.Success = false
+				result.ErrorCode = ar.VerifyPolicies
+				result.PolicySuccess = false
+			}
+		}
+	} else {
+		log.Tracef("No custom policies specified")
+	}
+
+	// Add additional information
+	result.Prover = metadata.DeviceDescription.Name
+	if result.Prover == "" {
+		result.Prover = "Unknown"
+	}
+	result.Created = time.Now().Format(time.RFC3339)
+
+	if result.Success {
+		log.Infof("SUCCESS: Verification for Prover %v (%v)", result.Prover, result.Created)
+	} else {
+		log.Infof("FAILED: Verification for Prover %v (%v)", result.Prover, result.Created)
+	}
+
+	return result
+}
+
+func extendSha256(hash []byte, data []byte) []byte {
+	concat := append(hash, data...)
+	h := sha256.Sum256(concat)
+	ret := make([]byte, 32)
+	copy(ret, h[:])
+	return ret
+}
+
+func extendSha384(hash []byte, data []byte) []byte {
+	concat := append(hash, data...)
+	h := sha512.Sum384(concat)
+	ret := make([]byte, 48)
+	copy(ret, h[:])
+	return ret
+}
+
+func verifyAr(attestationReport []byte, cas []*x509.Certificate, s ar.Serializer,
+) (*ar.AttestationReport, ar.TokenResult, ar.ErrorCode) {
+
+	report := ar.AttestationReport{}
+
+	//Validate Attestation Report signature
+	result, payload, ok := s.VerifyToken(attestationReport, cas)
+	if !ok {
+		log.Trace("Validation of Attestation Report failed")
+		return nil, result, ar.VerifyAR
+	}
+
+	err := s.Unmarshal(payload, &report)
+	if err != nil {
+		log.Tracef("Parsing of Attestation Report failed: %v", err)
+		return nil, result, ar.ParseAR
+	}
+
+	return &report, result, ar.NotSet
+}
+
+func verifyMetadata(report *ar.AttestationReport, cas []*x509.Certificate, s ar.Serializer,
+) (*ar.Metadata, *ar.MetadataResult, bool) {
+
+	metadata := &ar.Metadata{}
+	result := &ar.MetadataResult{}
+	success := true
+
+	// Validate and unpack Rtm Manifest
+	tokenRes, payload, ok := s.VerifyToken(report.RtmManifest, cas)
+	result.RtmResult.Summary = tokenRes.Summary
+	result.RtmResult.SignatureCheck = tokenRes.SignatureCheck
+	if !ok {
+		log.Trace("Validation of RTM Manifest failed")
+		success = false
+	} else {
+		err := s.Unmarshal(payload, &metadata.RtmManifest)
+		if err != nil {
+			log.Tracef("Unpacking of RTM Manifest failed: %v", err)
+			result.RtmResult.Summary.Success = false
+			result.RtmResult.Summary.ErrorCode = ar.ParseRTMManifest
+			success = false
+		} else {
+			result.RtmResult.MetaInfo = metadata.RtmManifest.MetaInfo
+			result.RtmResult.ValidityCheck = checkValidity(metadata.RtmManifest.Validity)
+			result.RtmResult.Details = metadata.RtmManifest.Details
+			if !result.RtmResult.ValidityCheck.Success {
+				result.RtmResult.Summary.Success = false
+				success = false
+			}
+		}
+	}
+
+	// Validate and unpack OS Manifest
+	tokenRes, payload, ok = s.VerifyToken(report.OsManifest, cas)
+	result.OsResult.Summary = tokenRes.Summary
+	result.OsResult.SignatureCheck = tokenRes.SignatureCheck
+	if !ok {
+		log.Trace("Validation of OS Manifest failed")
+		success = false
+	} else {
+		err := s.Unmarshal(payload, &metadata.OsManifest)
+		if err != nil {
+			log.Tracef("Unpacking of OS Manifest failed: %v", err)
+			result.OsResult.Summary.Success = false
+			result.OsResult.Summary.ErrorCode = ar.ParseOSManifest
+			success = false
+		} else {
+			result.OsResult.MetaInfo = metadata.OsManifest.MetaInfo
+			result.OsResult.ValidityCheck = checkValidity(metadata.OsManifest.Validity)
+			result.OsResult.Details = metadata.OsManifest.Details
+			if !result.OsResult.ValidityCheck.Success {
+				result.OsResult.Summary.Success = false
+				success = false
+			}
+		}
+	}
+
+	// Validate and unpack App Manifests
+	for i, amSigned := range report.AppManifests {
+		result.AppResults = append(result.AppResults, ar.ManifestResult{})
+
+		tokenRes, payload, ok = s.VerifyToken(amSigned, cas)
+		result.AppResults[i].Summary = tokenRes.Summary
+		result.AppResults[i].SignatureCheck = tokenRes.SignatureCheck
+		if !ok {
+			log.Trace("Validation of App Manifest failed")
+			success = false
+		} else {
+			var am ar.AppManifest
+			err := s.Unmarshal(payload, &am)
+			if err != nil {
+				log.Tracef("Unpacking of App Manifest failed: %v", err)
+				result.AppResults[i].Summary.Success = false
+				result.AppResults[i].Summary.ErrorCode = ar.Parse
+				success = false
+			} else {
+				metadata.AppManifests = append(metadata.AppManifests, am)
+				result.AppResults[i].MetaInfo = am.MetaInfo
+				result.AppResults[i].ValidityCheck = checkValidity(am.Validity)
+				if !result.AppResults[i].ValidityCheck.Success {
+					log.Tracef("App Manifest %v validity check failed", am.Name)
+					result.AppResults[i].Summary.Success = false
+					success = false
+
+				}
+			}
+		}
+	}
+
+	// Validate and unpack Company Description if present
+	if report.CompanyDescription != nil {
+		tokenRes, payload, ok = s.VerifyToken(report.CompanyDescription, cas)
+		result.CompDescResult = &ar.CompDescResult{}
+		result.CompDescResult.Summary = tokenRes.Summary
+		result.CompDescResult.SignatureCheck = tokenRes.SignatureCheck
+		if !ok {
+			log.Trace("Validation of Company Description Signatures failed")
+			success = false
+		} else {
+			err := s.Unmarshal(payload, &metadata.CompanyDescription)
+			if err != nil {
+				log.Tracef("Unpacking of Company Description failed: %v", err)
+				result.CompDescResult.Summary.Success = false
+				result.CompDescResult.Summary.ErrorCode = ar.Parse
+				success = false
+			} else {
+				result.CompDescResult.MetaInfo = metadata.CompanyDescription.MetaInfo
+				result.CompDescResult.CompCertLevel = metadata.CompanyDescription.CertificationLevel
+
+				result.CompDescResult.ValidityCheck = checkValidity(metadata.CompanyDescription.Validity)
+				if !result.CompDescResult.ValidityCheck.Success {
+					log.Trace("Company Description invalid")
+					result.CompDescResult.Summary.Success = false
+					success = false
+				}
+			}
+		}
+	}
+
+	// Validate and unpack Device Description
+	tokenRes, payload, ok = s.VerifyToken(report.DeviceDescription, cas)
+	result.DevDescResult.Summary = tokenRes.Summary
+	result.DevDescResult.SignatureCheck = tokenRes.SignatureCheck
+	if !ok {
+		log.Trace("Validation of Device Description failed")
+		success = false
+	} else {
+		err := s.Unmarshal(payload, &metadata.DeviceDescription)
+		if err != nil {
+			log.Tracef("Unpacking of Device Description failed: %v", err)
+			result.DevDescResult.Summary.Success = false
+			result.DevDescResult.Summary.ErrorCode = ar.Parse
+			success = false
+		} else {
+			result.DevDescResult.MetaInfo = metadata.DeviceDescription.MetaInfo
+			result.DevDescResult.Description = metadata.DeviceDescription.Description
+			result.DevDescResult.Location = metadata.DeviceDescription.Location
+		}
+		for _, appDesc := range metadata.DeviceDescription.AppDescriptions {
+			appResult := ar.AppDescResult{
+				MetaInfo:    appDesc.MetaInfo,
+				AppManifest: appDesc.AppManifest,
+				External:    appDesc.External,
+				Environment: appDesc.Environment,
+			}
+			result.DevDescResult.AppResults = append(result.DevDescResult.AppResults,
+				appResult)
+		}
+	}
+
+	return metadata, result, success
+}
+
+func checkValidity(val ar.Validity) ar.Result {
+	result := ar.Result{}
+	result.Success = true
+
+	notBefore, err := time.Parse(time.RFC3339, val.NotBefore)
+	if err != nil {
+		log.Tracef("Failed to parse NotBefore time. Time.Parse returned %v", err)
+		result.Success = false
+		result.ErrorCode = ar.ParseTime
+		return result
+	}
+	notAfter, err := time.Parse(time.RFC3339, val.NotAfter)
+	if err != nil {
+		log.Tracef("Failed to parse NotAfter time. Time.Parse returned %v", err)
+		result.Success = false
+		result.ErrorCode = ar.ParseTime
+		return result
+	}
+	currentTime := time.Now()
+
+	if notBefore.After(currentTime) {
+		log.Trace("Validity check failed: Artifact is not valid yet")
+		result.Success = false
+		result.ErrorCode = ar.NotYetValid
+	}
+
+	if currentTime.After(notAfter) {
+		log.Trace("Validity check failed: Artifact validity has expired")
+		result.Success = false
+		result.ErrorCode = ar.Expired
+	}
+
+	return result
+}
+
+func collectReferenceValues(metadata *ar.Metadata) (map[string][]ar.ReferenceValue, error) {
+	// Gather a list of all reference values independent of the type
+	verList := append(metadata.RtmManifest.ReferenceValues, metadata.OsManifest.ReferenceValues...)
+	for _, appManifest := range metadata.AppManifests {
+		verList = append(verList, appManifest.ReferenceValues...)
+	}
+
+	verMap := make(map[string][]ar.ReferenceValue)
+
+	// Iterate through the reference values and sort them into the different types
+	for _, v := range verList {
+		if v.Type != "SNP Reference Value" && v.Type != "SW Reference Value" && v.Type != "TPM Reference Value" && v.Type != "TDX Reference Value" && v.Type != "SGX Reference Value" {
+			return nil, fmt.Errorf("reference value of type %v is not supported", v.Type)
+		}
+		verMap[v.Type] = append(verMap[v.Type], v)
+	}
+	return verMap, nil
+}
+
+func checkExtensionUint8(cert *x509.Certificate, oid string, value uint8) (ar.Result, bool) {
+
+	pem := internal.WriteCertPem(cert)
+	log.Warnf("%v", string(pem))
+
+	for _, ext := range cert.Extensions {
+
+		log.Tracef("OID: %v", ext.Id.String())
+
+		if ext.Id.String() == oid {
+			log.Tracef("Found %v, length %v, values %v", oid, len(ext.Value), ext.Value)
+			if len(ext.Value) != 3 && len(ext.Value) != 4 {
+				log.Tracef("extension %v value unexpected length %v (expected 3 or 4)",
+					oid, len(ext.Value))
+				return ar.Result{Success: false, ErrorCode: ar.OidLength}, false
+			}
+			if ext.Value[0] != 0x2 {
+				log.Tracef("extension %v value[0]: %v does not match expected value 2 (tag Integer)",
+					oid, ext.Value[0])
+				return ar.Result{Success: false, ErrorCode: ar.OidTag}, false
+			}
+			if ext.Value[1] == 0x1 {
+				if ext.Value[2] != value {
+					log.Tracef("extension %v value[2]: %v does not match expected value %v",
+						oid, ext.Value[2], value)
+					return ar.Result{
+						Success:  false,
+						Expected: strconv.FormatUint(uint64(value), 10),
+						Got:      strconv.FormatUint(uint64(ext.Value[2]), 10),
+					}, false
+				}
+			} else if ext.Value[1] == 0x2 {
+				// Due to openssl, the sign bit must remain zero for positive integers
+				// even though this field is defined as unsigned int in the AMD spec
+				// Thus, if the most significant bit is required, one byte of additional 0x00 padding is added
+				if ext.Value[2] != 0x00 || ext.Value[3] != value {
+					log.Tracef("extension %v value = %v%v does not match expected value  %v",
+						oid, ext.Value[2], ext.Value[3], value)
+					return ar.Result{
+						Success:  false,
+						Expected: strconv.FormatUint(uint64(value), 10),
+						Got:      strconv.FormatUint(uint64(ext.Value[3]), 10),
+					}, false
+				}
+			} else {
+				log.Tracef("extension %v value[1]: %v does not match expected value 1 or 2 (length of integer)",
+					oid, ext.Value[1])
+				return ar.Result{Success: false, ErrorCode: ar.OidLength}, false
+			}
+			return ar.Result{Success: true}, true
+		}
+	}
+
+	log.Tracef("extension %v not present in certificate", oid)
+	return ar.Result{Success: false, ErrorCode: ar.OidNotPresent}, false
+}
+
+func checkExtensionBuf(cert *x509.Certificate, oid string, buf []byte) (ar.Result, bool) {
+
+	for _, ext := range cert.Extensions {
+
+		if ext.Id.String() == oid {
+			if cmp := bytes.Compare(ext.Value, buf); cmp != 0 {
+				log.Tracef("extension %v value %v does not match expected value %v",
+					oid, hex.EncodeToString(ext.Value), hex.EncodeToString(buf))
+				return ar.Result{
+					Success:  false,
+					Expected: hex.EncodeToString(buf),
+					Got:      hex.EncodeToString(ext.Value),
+				}, false
+			}
+			return ar.Result{Success: true}, true
+		}
+	}
+
+	log.Tracef("extension %v not present in certificate", oid)
+	return ar.Result{Success: false, ErrorCode: ar.OidNotPresent}, false
+}
+
+func contains(elem string, list []string) bool {
+	for _, s := range list {
+		if s == elem {
+			return true
+		}
+	}
+	return false
+}
diff --git a/attestationreport/attestationreport_test.go b/verify/verify_test.go
similarity index 81%
rename from attestationreport/attestationreport_test.go
rename to verify/verify_test.go
index 8fcc7a7b..ec27db7d 100644
--- a/attestationreport/attestationreport_test.go
+++ b/verify/verify_test.go
@@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package attestationreport
+package verify
 
 import (
 	"crypto"
@@ -28,13 +28,15 @@ import (
 	"testing"
 	"time"
 
+	ar "github.com/Fraunhofer-AISEC/cmc/attestationreport"
+	"github.com/Fraunhofer-AISEC/cmc/generate"
 	"github.com/Fraunhofer-AISEC/cmc/internal"
 	"github.com/sirupsen/logrus"
 )
 
 // variables for Test_collectReferenceValues
 var (
-	vers = []ReferenceValue{
+	vers = []ar.ReferenceValue{
 		{Type: "TPM Reference Value", Name: "TPM1"},
 		{Type: "TPM Reference Value", Name: "TPM2"},
 		{Type: "SNP Reference Value", Name: "SNP1"},
@@ -42,41 +44,41 @@ var (
 		{Type: "SW Reference Value", Name: "SW2"},
 	}
 
-	verMap = map[string][]ReferenceValue{
+	verMap = map[string][]ar.ReferenceValue{
 		"TPM Reference Value": vers[:2],
 		"SNP Reference Value": {vers[2]},
 		"SW Reference Value":  vers[3:],
 	}
 
-	rtmManifest = RtmManifest{
-		ReferenceValues: []ReferenceValue{
+	rtmManifest = ar.RtmManifest{
+		ReferenceValues: []ar.ReferenceValue{
 			vers[0],
 			vers[2],
 		},
 	}
 
-	osManifest = OsManifest{
-		ReferenceValues: []ReferenceValue{
+	osManifest = ar.OsManifest{
+		ReferenceValues: []ar.ReferenceValue{
 			vers[1],
 		},
 	}
 
-	appManifests = []AppManifest{
-		{ReferenceValues: []ReferenceValue{vers[3]}},
-		{ReferenceValues: []ReferenceValue{vers[4]}},
+	appManifests = []ar.AppManifest{
+		{ReferenceValues: []ar.ReferenceValue{vers[3]}},
+		{ReferenceValues: []ar.ReferenceValue{vers[4]}},
 	}
 )
 
 // variables for TestVerify
 var (
-	validRtmManifest = RtmManifest{
-		MetaInfo: MetaInfo{
+	validRtmManifest = ar.RtmManifest{
+		MetaInfo: ar.MetaInfo{
 			Type:    "RTM Manifest",
 			Name:    "de.test.rtm",
 			Version: "2023-04-10T20:00:00Z",
 		},
 		DevCommonName: "Test Developer",
-		Validity: Validity{
+		Validity: ar.Validity{
 			NotBefore: "2023-04-10T20:00:00Z",
 			NotAfter:  "2030-04-10T20:00:00Z",
 		},
@@ -84,14 +86,14 @@ var (
 		CertificationLevel: 1,
 	}
 
-	validOsManifest = OsManifest{
-		MetaInfo: MetaInfo{
+	validOsManifest = ar.OsManifest{
+		MetaInfo: ar.MetaInfo{
 			Type:    "OS Manifest",
 			Name:    "de.test.os",
 			Version: "2023-04-10T20:00:00Z",
 		},
 		DevCommonName: "Test Developer",
-		Validity: Validity{
+		Validity: ar.Validity{
 			NotBefore: "2023-04-10T20:00:00Z",
 			NotAfter:  "2030-04-10T20:00:00Z",
 		},
@@ -102,14 +104,14 @@ var (
 		},
 	}
 
-	incompatibleOsManifest = OsManifest{
-		MetaInfo: MetaInfo{
+	incompatibleOsManifest = ar.OsManifest{
+		MetaInfo: ar.MetaInfo{
 			Type:    "OS Manifest",
 			Name:    "de.test.os",
 			Version: "2023-04-10T20:00:00Z",
 		},
 		DevCommonName: "Test Developer",
-		Validity: Validity{
+		Validity: ar.Validity{
 			NotBefore: "2023-04-10T20:00:00Z",
 			NotAfter:  "2030-04-10T20:00:00Z",
 		},
@@ -120,8 +122,8 @@ var (
 		},
 	}
 
-	validDeviceDescription = DeviceDescription{
-		MetaInfo: MetaInfo{
+	validDeviceDescription = ar.DeviceDescription{
+		MetaInfo: ar.MetaInfo{
 			Type:    "Device Description",
 			Name:    "test-device.test.de",
 			Version: "2023-04-10T20:00:00Z",
@@ -131,8 +133,8 @@ var (
 		OsManifest:  "de.test.os",
 	}
 
-	invalidDeviceDescription = DeviceDescription{
-		MetaInfo: MetaInfo{
+	invalidDeviceDescription = ar.DeviceDescription{
+		MetaInfo: ar.MetaInfo{
 			Type:    "Device Description",
 			Name:    "test-device.test.de",
 			Version: "2023-04-10T20:00:00Z",
@@ -150,12 +152,12 @@ type SwSigner struct {
 	priv      crypto.PrivateKey
 }
 
-func (s *SwSigner) Init(c *DriverConfig) error {
+func (s *SwSigner) Init(c *ar.DriverConfig) error {
 	return nil
 }
 
-func (s *SwSigner) Measure(nonce []byte) (Measurement, error) {
-	return Measurement{}, nil
+func (s *SwSigner) Measure(nonce []byte) (ar.Measurement, error) {
+	return ar.Measurement{}, nil
 }
 
 func (s *SwSigner) Lock() error {
@@ -239,18 +241,18 @@ func createCertsAndKeys() (*ecdsa.PrivateKey, []*x509.Certificate, error) {
 
 func Test_collectReferenceValues(t *testing.T) {
 	type args struct {
-		metadata *Metadata
+		metadata *ar.Metadata
 	}
 	tests := []struct {
 		name    string
 		args    args
-		want    map[string][]ReferenceValue
+		want    map[string][]ar.ReferenceValue
 		wantErr bool
 	}{
 		{
 			name: "Success",
 			args: args{
-				metadata: &Metadata{
+				metadata: &ar.Metadata{
 					RtmManifest:  rtmManifest,
 					OsManifest:   osManifest,
 					AppManifests: appManifests,
@@ -278,79 +280,79 @@ func TestVerify(t *testing.T) {
 	logrus.SetLevel(logrus.TraceLevel)
 
 	type args struct {
-		serializer        Serializer
-		rtmManifest       RtmManifest
-		osManifest        OsManifest
-		deviceDescription DeviceDescription
+		serializer        ar.Serializer
+		rtmManifest       ar.RtmManifest
+		osManifest        ar.OsManifest
+		deviceDescription ar.DeviceDescription
 		nonce             []byte
 	}
 	tests := []struct {
 		name string
 		args args
-		want VerificationResult
+		want ar.VerificationResult
 	}{
 		{
 			name: "Valid Report JSON",
 			args: args{
-				serializer:        JsonSerializer{},
+				serializer:        ar.JsonSerializer{},
 				rtmManifest:       validRtmManifest,
 				osManifest:        validOsManifest,
 				deviceDescription: validDeviceDescription,
 				nonce:             nonce,
 			},
-			want: VerificationResult{Success: true},
+			want: ar.VerificationResult{Success: true},
 		},
 		{
 			name: "Valid Report CBOR",
 			args: args{
-				serializer:        CborSerializer{},
+				serializer:        ar.CborSerializer{},
 				rtmManifest:       validRtmManifest,
 				osManifest:        validOsManifest,
 				deviceDescription: validDeviceDescription,
 				nonce:             nonce,
 			},
-			want: VerificationResult{Success: true},
+			want: ar.VerificationResult{Success: true},
 		},
 		{
 			name: "Nonce mismatch",
 			args: args{
-				serializer:        JsonSerializer{},
+				serializer:        ar.JsonSerializer{},
 				rtmManifest:       validRtmManifest,
 				osManifest:        validOsManifest,
 				deviceDescription: validDeviceDescription,
 				nonce:             []byte{},
 			},
-			want: VerificationResult{Success: false},
+			want: ar.VerificationResult{Success: false},
 		},
 		{
 			// expected aggregated CertificationLevel in Manifests for
 			// empty measurement is max. 1 (here CertificationLevel = 3)
 			name: "Invalid Certification Level",
 			args: args{
-				serializer: JsonSerializer{},
-				rtmManifest: RtmManifest{
-					MetaInfo: MetaInfo{
+				serializer: ar.JsonSerializer{},
+				rtmManifest: ar.RtmManifest{
+					MetaInfo: ar.MetaInfo{
 						Type:    "RTM Manifest",
 						Name:    "de.test.rtm",
 						Version: "2023-04-10T20:00:00Z",
 					},
 					DevCommonName: "Test Developer",
-					Validity: Validity{
+					Validity: ar.Validity{
 						NotBefore: "2023-04-10T20:00:00Z",
 						NotAfter:  "2026-04-10T20:00:00Z",
 					},
 					Description:        "de.test.rtm",
 					CertificationLevel: 3,
-					ReferenceValues:    []ReferenceValue{},
+					ReferenceValues:    []ar.ReferenceValue{},
 				},
-				osManifest: OsManifest{
-					MetaInfo: MetaInfo{
+				osManifest: ar.OsManifest{
+					MetaInfo: ar.MetaInfo{
 						Type:    "OS Manifest",
 						Name:    "de.test.os",
 						Version: "2023-04-10T20:00:00Z",
 					},
 					DevCommonName: "Test Developer",
-					Validity: Validity{
+					Validity: ar.Validity{
 						NotBefore: "2023-04-10T20:00:00Z",
 						NotAfter:  "2026-04-10T20:00:00Z",
 					},
@@ -363,29 +365,29 @@ func TestVerify(t *testing.T) {
 				deviceDescription: validDeviceDescription,
 				nonce:             nonce,
 			},
-			want: VerificationResult{Success: false},
+			want: ar.VerificationResult{Success: false},
 		},
 		{
 			name: "Invalid Device Description",
 			args: args{
-				serializer:        JsonSerializer{},
+				serializer:        ar.JsonSerializer{},
 				rtmManifest:       validRtmManifest,
 				osManifest:        validOsManifest,
 				deviceDescription: invalidDeviceDescription,
 				nonce:             nonce,
 			},
-			want: VerificationResult{Success: false},
+			want: ar.VerificationResult{Success: false},
 		},
 		{
 			name: "Incompatible RTM/OS Manifests",
 			args: args{
-				serializer:        JsonSerializer{},
+				serializer:        ar.JsonSerializer{},
 				rtmManifest:       validRtmManifest,
 				osManifest:        incompatibleOsManifest,
 				deviceDescription: validDeviceDescription,
 				nonce:             nonce,
 			},
-			want: VerificationResult{Success: false},
+			want: ar.VerificationResult{Success: false},
 		},
 	}
 
@@ -409,7 +411,7 @@ func TestVerify(t *testing.T) {
 			// Preparation: Generate a Sample Report
 			log.Trace("Generating a Sample Report")
 
-			ar := AttestationReport{
+			ar := ar.AttestationReport{
 				Type:  "Attestation Report",
 				Nonce: tt.args.nonce,
 			}
@@ -427,15 +429,15 @@ func TestVerify(t *testing.T) {
 			if err != nil {
 				t.Errorf("failed to marshal the DeviceDescription: %v", err)
 			}
-			ar.RtmManifest, err = Sign(rtmManifest, swSigner, s)
+			ar.RtmManifest, err = generate.Sign(rtmManifest, swSigner, s)
 			if err != nil {
 				t.Errorf("failed to sign the RtmManifest: %v", err)
 			}
-			ar.OsManifest, err = Sign(osManifest, swSigner, s)
+			ar.OsManifest, err = generate.Sign(osManifest, swSigner, s)
 			if err != nil {
 				t.Errorf("failed to sign the OsManifest: %v", err)
 			}
-			ar.DeviceDescription, err = Sign(deviceDescription, swSigner, s)
+			ar.DeviceDescription, err = generate.Sign(deviceDescription, swSigner, s)
 			if err != nil {
 				t.Errorf("failed to sign the DeviceDescription: %v", err)
 			}
@@ -446,7 +448,7 @@ func TestVerify(t *testing.T) {
 			}
 
 			// Preparation: Sign the report
-			arSigned, err := Sign(report, swSigner, s)
+			arSigned, err := generate.Sign(report, swSigner, s)
 			if err != nil {
 				t.Errorf("Internal Error: Failed to sign Attestion Report: %v", err)
 			}

From a97e54c49227b01a84eb35fd522bf60b8e8ccf40 Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Mon, 24 Jun 2024 15:24:06 +0000
Subject: [PATCH 25/26] example setup: updated scripts

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 example-setup/update-container-manifest-live | 9 ++++++++-
 example-setup/update-platform                | 7 +++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/example-setup/update-container-manifest-live b/example-setup/update-container-manifest-live
index c011e18e..1267fd15 100755
--- a/example-setup/update-container-manifest-live
+++ b/example-setup/update-container-manifest-live
@@ -47,7 +47,7 @@ runtime="${cmc}/tools/containerd-shim-cmc-v1/containerd-shim-cmc-v1"
 container="${container%/}"
 container_name=$(echo "${container}-oci" | sed 's:.*/::' | tr : -)
 
-echo "Creating reference values for container: ${container} with args ${args} and runtime ${runtime}"
+echo "Creating reference values for container: ${container} with args ${args}"
 echo "Using ${data} as directory for local data"
 
 # Delete temporary manifests
@@ -58,6 +58,13 @@ sudo rm -f /tmp/container-refs
 
 echo "Generating reference values for ${client} client"
 if  [[ "${client}" == "ctr" ]]; then
+    sudo ctr image pull ${container}
+    set +e
+    sudo ctr run --detach ${args} ${container} REF_CONTAINER
+    sudo ctr task kill -s SIGKILL REF_CONTAINER
+    sudo ctr container delete REF_CONTAINER
+    set -e
+elif  [[ "${client}" == "shim" ]]; then
     sudo ctr image pull ${container}
     set +e
     sudo ctr run --runtime ${runtime} -t --rm ${args} ${container} CMC_GENERATE_APP_MANIFEST
diff --git a/example-setup/update-platform b/example-setup/update-platform
index 69a16c44..8b9ad8ff 100755
--- a/example-setup/update-platform
+++ b/example-setup/update-platform
@@ -25,6 +25,12 @@ fi
 
 echo "Using ${data} as directory for local data"
 
+# Replace existing app description in the device description (will be added through
+# update-app-manifest scripts)
+json=$(cat "${input}/device.description.json")
+json=$(echo "${json}" | jq 'del(.appDescriptions[])')
+printf "%s\n" "${json}" > "${input}/device.description.json"
+
 # Parse the values of the RTM PCRs from the kernel's binary bios measurements as reference values
 referenceValues=$(sudo parse-srtm-pcrs -p 0,1,2,3,4,5,6,7 -f json -e)
 
@@ -48,6 +54,7 @@ key="${data}/pki/signing-cert-key.pem"
 chain="${data}/pki/signing-cert.pem,${data}/pki/ca.pem"
 
 rm -rf "${tmp}"
+rm -rf "${out}"
 
 mkdir -p "${tmp}"
 mkdir -p "${out}"

From 686d3fca4522175a2cb413a4fb0d5ad26d172f6e Mon Sep 17 00:00:00 2001
From: Simon Ott <simon.ott@aisec.fraunhofer.de>
Date: Mon, 24 Jun 2024 15:25:40 +0000
Subject: [PATCH 26/26] measure: minor changes

Signed-off-by: Simon Ott <simon.ott@aisec.fraunhofer.de>
---
 go.mod                       |   1 +
 go.sum                       |   2 +
 measure/rtconfig.go          |  90 ++++++++++++++++-----
 measure/rtconfig_test.go     | 149 ++++++++++++++++++++++++++++++++++-
 testtool/coap.go             |   2 +-
 testtool/grpc.go             |   2 +-
 testtool/libapi.go           |   2 +-
 testtool/socket.go           |   2 +-
 tools/measure-bundle/main.go |   2 +-
 9 files changed, 223 insertions(+), 29 deletions(-)

diff --git a/go.mod b/go.mod
index 1f0ec09b..d014d576 100644
--- a/go.mod
+++ b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/google/go-attestation v0.4.4-0.20230613144338-a9b6eb1eb888
 	github.com/google/go-tpm v0.9.0
 	github.com/mattn/go-sqlite3 v1.14.16
+	github.com/opencontainers/runtime-spec v1.2.0
 	github.com/plgd-dev/go-coap/v3 v3.1.2
 	github.com/robertkrimen/otto v0.2.1
 	github.com/sirupsen/logrus v1.9.3
diff --git a/go.sum b/go.sum
index 1ddb38de..780acc68 100644
--- a/go.sum
+++ b/go.sum
@@ -32,6 +32,8 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l
 github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM=
 github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
 github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
+github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/pion/dtls/v2 v2.2.7 h1:cSUBsETxepsCSFSxC3mc/aDo14qQLMSL+O6IjG28yV8=
 github.com/pion/dtls/v2 v2.2.7/go.mod h1:8WiMkebSHFD0T+dIU+UeBaoV7kDhOW5oDCzZ7WZ/F9s=
 github.com/pion/logging v0.2.2 h1:M9+AIj/+pxNsDfAT64+MAVgJO0rsyLnoJKCqf//DoeY=
diff --git a/measure/rtconfig.go b/measure/rtconfig.go
index c4ce8f08..01f9e68d 100644
--- a/measure/rtconfig.go
+++ b/measure/rtconfig.go
@@ -17,14 +17,32 @@ package measure
 
 import (
 	"crypto/sha256"
+	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"path/filepath"
 	"strings"
 
+	"github.com/opencontainers/runtime-spec/specs-go"
+
 	jcs "github.com/Fraunhofer-AISEC/cmc/jsoncanonicalizer"
 )
 
-func GetConfigMeasurement(id string, configData []byte) ([]byte, []byte, error) {
+func GetConfigMeasurement(id string, configData []byte) ([]byte, []byte, string, error) {
+
+	normalizedConfig, rootfs, err := normalize(id, configData)
+	if err != nil {
+		return nil, nil, "", fmt.Errorf("failed to normalize config: %w", err)
+	}
+
+	hasher := sha256.New()
+	hasher.Write(normalizedConfig)
+	hash := hasher.Sum(nil)
+
+	return hash, normalizedConfig, rootfs, nil
+}
+
+func normalize(id string, configData []byte) ([]byte, string, error) {
 
 	// The container id varies depending on the client. For ctr, this is a user-specified
 	// name. For docker, this is a random UUID which changes on different container invocations
@@ -34,46 +52,76 @@ func GetConfigMeasurement(id string, configData []byte) ([]byte, []byte, error)
 		shortId = shortId[:12]
 	}
 	configString := string(configData)
+
+	// TODO check the security relevance of every manipulated OCI runtime config bundle property
+
+	// Replace container-ID which is a random UUID that varies between each start of the same container
 	configString = strings.ReplaceAll(configString, id, "<container-id>")
 	configString = strings.ReplaceAll(configString, shortId, "<container-id>")
 	reproducibleConfig := []byte(configString)
 
 	// Unmarshal the config for further modifications
-	var config map[string]interface{}
+	var config specs.Spec
 	err := json.Unmarshal(reproducibleConfig, &config)
 	if err != nil {
-		return nil, nil, fmt.Errorf("failed to unmarshal OCI runtime config: %w", err)
+		return nil, "", fmt.Errorf("failed to unmarshal OCI runtime config: %w", err)
+	}
+
+	// Make the docker prestart hooks reproducible
+	// The prestart path (proc/<pid>/exe) is a symlink to the docker daemon
+	if config.Hooks != nil {
+		//lint:ignore SA1019 still needed for old configs
+		for i := range config.Hooks.Prestart {
+			//lint:ignore SA1019 still needed for old configs
+			config.Hooks.Prestart[i].Path, err = filepath.EvalSymlinks(config.Hooks.Prestart[i].Path)
+			if err != nil {
+				return nil, "", fmt.Errorf("failed to evaluate dockerd symlink: %w", err)
+			}
+
+			// TODO FIXME The docker network controller ID is generated randomly (// github.com/moby/moby/libnetwork/controller.go:New())
+			// and then the truncated daemon.netController.ID() is added as an argument in the prestart
+			// hooks (github.com/moby/moby/daemon/oci_linux.go:withLibnetwork()). This is a very hacky
+			// way to make it reproducible, ideally, the actual network ID controller ID should be
+			// retrieved and then replaced
+			//lint:ignore SA1019 still needed for old configs
+			for j := range config.Hooks.Prestart[i].Args {
+				//lint:ignore SA1019 still needed for old configs
+				if len(config.Hooks.Prestart[i].Args[j]) == 12 && isHex(config.Hooks.Prestart[i].Args[j]) {
+					//lint:ignore SA1019 still needed for old configs
+					config.Hooks.Prestart[i].Args[j] = "<docker-network-controller-id>"
+				}
+			}
+		}
 	}
 
 	// Some values from the config, which are not security relevant and may change
 	// on different container invocations will be ignored
-	delete(config, "annotations")
-	delete(config, "root")
-	delete(config, "hooks")
-	process, ok := config["process"].(map[string]interface{})
-	if ok {
-		delete(process, "terminal")
-		delete(process, "consoleSize")
-	}
-	linux, ok := config["linux"].(map[string]interface{})
-	if ok {
-		delete(linux, "cgroupsPath")
-	}
+	// TODO FIXME check all properties for security relevance , currently experimental
+	config.Annotations = nil
+	config.Process.Terminal = false
+	config.Process.ConsoleSize = nil
+
+	// TODO FIXME Some container engines such as docker store the rootfs in an non-reproducible
+	// path. Therefore we store the path and hash the rootfs at this path, but remove the
+	// path from the config.json. Check if this is secure
+	rootfs := config.Root.Path
+	config.Root = nil
 
 	data, err := json.Marshal(config)
 	if err != nil {
-		return nil, nil, fmt.Errorf("failed to marshal config: %w", err)
+		return nil, "", fmt.Errorf("failed to marshal config: %w", err)
 	}
 
 	// Transform to RFC 8785 canonical JSON form for reproducible hashing
 	tbh, err := jcs.Transform(data)
 	if err != nil {
-		return nil, nil, fmt.Errorf("failed to cannonicalize json: %w", err)
+		return nil, "", fmt.Errorf("failed to cannonicalize json: %w", err)
 	}
 
-	hasher := sha256.New()
-	hasher.Write(tbh)
-	hash := hasher.Sum(nil)
+	return tbh, rootfs, nil
+}
 
-	return hash, tbh, nil
+func isHex(s string) bool {
+	_, err := hex.DecodeString(s)
+	return err == nil
 }
diff --git a/measure/rtconfig_test.go b/measure/rtconfig_test.go
index de0c864c..ffe5df6d 100644
--- a/measure/rtconfig_test.go
+++ b/measure/rtconfig_test.go
@@ -16,6 +16,7 @@
 package measure
 
 import (
+	"encoding/hex"
 	"reflect"
 	"testing"
 )
@@ -37,25 +38,167 @@ func TestGetConfigMeasurement(t *testing.T) {
 				id:         "mycontainer",
 				configData: configData,
 			},
-			want:    []byte{0x9e, 0x4a, 0x82, 0x2d, 0xa5, 0x65, 0x2e, 0x40, 0x42, 0x39, 0xd9, 0xb8, 0x02, 0xdd, 0x59, 0x0a, 0x04, 0x13, 0x23, 0x76, 0xdf, 0xc6, 0xe0, 0xe1, 0x29, 0x68, 0x5c, 0x4e, 0x3f, 0x25, 0x35, 0x54},
+			want:    []byte{0x17, 0x76, 0xdf, 0xed, 0x31, 0x7c, 0xa1, 0x03, 0xd1, 0x49, 0x13, 0xd6, 0x5e, 0x86, 0x2e, 0x8a, 0xa8, 0x0a, 0x3c, 0x73, 0x87, 0xeb, 0x3f, 0x36, 0x20, 0xd3, 0xe3, 0x2d, 0x46, 0x4c, 0x54, 0x62},
 			wantErr: false,
 		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			got, err := GetConfigMeasurement(tt.args.id, tt.args.configData)
+			got, _, _, err := GetConfigMeasurement(tt.args.id, tt.args.configData)
 			if (err != nil) != tt.wantErr {
 				t.Errorf("GetConfigMeasurement() error = %v, wantErr %v", err, tt.wantErr)
 				return
 			}
 			if !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("GetConfigMeasurement() = %v, want %v", got, tt.want)
+				t.Errorf("GetConfigMeasurement() = %v, want %v", hex.EncodeToString(got), hex.EncodeToString(tt.want))
+			}
+		})
+	}
+}
+
+func Test_normalize(t *testing.T) {
+	type args struct {
+		id         string
+		configData []byte
+	}
+	tests := []struct {
+		name    string
+		args    args
+		want    []byte
+		wantErr bool
+	}{
+		{
+			name: "normalize_Success",
+			args: args{
+				id:         "8d6f55b059bca4d130b60e29807c5a5f63014b8673ad7cee69b7fb84b03b6443",
+				configData: dockerConfig,
+			},
+			want:    normalizedDockerConfig,
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, _, err := normalize(tt.args.id, tt.args.configData)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("normalize() error = %v, wantErr %v", err, tt.wantErr)
+				return
+			}
+			if !reflect.DeepEqual(got, tt.want) {
+				t.Errorf("\nGOT = %v,\nWANT= %v", string(got), string(tt.want))
 			}
 		})
 	}
 }
 
 var (
+	normalizedDockerConfig = []byte(`{"hooks":{"prestart":[{"args":["libnetwork-setkey","-exec-root=/var/run/docker","<container-id>","<docker-network-controller-id>"],"path":"/usr/bin/dockerd"}]},"hostname":"<container-id>","linux":{"cgroupsPath":"system.slice:docker:<container-id>","maskedPaths":["/proc/asound","/sys/devices/virtual/powercap"],"namespaces":[{"type":"mount"}],"readonlyPaths":["/proc/bus","/proc/sysrq-trigger"],"resources":{"blockIO":{},"devices":[{"access":"rwm","allow":false}]},"seccomp":{"architectures":["SCMP_ARCH_X86_64","SCMP_ARCH_X32"],"defaultAction":"SCMP_ACT_ERRNO","defaultErrnoRet":1,"syscalls":[{"action":"SCMP_ACT_ALLOW","names":["chroot"]}]},"sysctl":{"net.ipv4.ip_unprivileged_port_start":"0","net.ipv4.ping_group_range":"0 2147483647"}},"mounts":[{"destination":"/etc/resolv.conf","options":["rbind","rprivate"],"source":"/var/lib/docker/containers/<container-id>/resolv.conf","type":"bind"}],"ociVersion":"1.2.0","process":{"args":["/bin/sh"],"capabilities":{"permitted":["CAP_CHOWN","CAP_DAC_OVERRIDE"]},"cwd":"/","env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","HOSTNAME=<container-id>","TERM=xterm"],"user":{"gid":0,"uid":0}}}`)
+
+	dockerConfig = []byte(`
+{
+  "ociVersion": "1.2.0",
+  "process": {
+    "terminal": true,
+    "consoleSize": {
+      "height": 31,
+      "width": 127
+    },
+    "user": {
+	  "gid": 0,
+      "uid": 0
+    },
+    "args": [
+      "/bin/sh"
+    ],
+    "env": [
+      "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
+      "HOSTNAME=8d6f55b059bc",
+      "TERM=xterm"
+    ],
+    "cwd": "/",
+    "capabilities": {
+      "permitted": [
+        "CAP_CHOWN",
+        "CAP_DAC_OVERRIDE"
+      ]
+    }
+  },
+  "root": {
+    "path": "/var/lib/docker/overlay2/985be77ec6cff5fdb13520443dd9a67e9e9e4d2a70d189009d7dda3e7458b9c1/merged"
+  },
+  "hostname": "8d6f55b059bc",
+  "mounts": [
+    {
+      "destination": "/etc/resolv.conf",
+      "type": "bind",
+      "source": "/var/lib/docker/containers/8d6f55b059bca4d130b60e29807c5a5f63014b8673ad7cee69b7fb84b03b6443/resolv.conf",
+      "options": [
+        "rbind",
+        "rprivate"
+      ]
+    }
+  ],
+  "hooks": {
+    "prestart": [
+      {
+        "path": "/usr/bin/dockerd",
+        "args": [
+          "libnetwork-setkey",
+          "-exec-root=/var/run/docker",
+          "8d6f55b059bca4d130b60e29807c5a5f63014b8673ad7cee69b7fb84b03b6443",
+          "99b3e86f39be"
+        ]
+      }
+    ]
+  },
+  "linux": {
+    "sysctl": {
+      "net.ipv4.ip_unprivileged_port_start": "0",
+      "net.ipv4.ping_group_range": "0 2147483647"
+    },
+    "resources": {
+      "devices": [
+        {
+          "allow": false,
+          "access": "rwm"
+        }
+      ],
+      "blockIO": {}
+    },
+    "cgroupsPath": "system.slice:docker:8d6f55b059bca4d130b60e29807c5a5f63014b8673ad7cee69b7fb84b03b6443",
+    "namespaces": [
+      {
+        "type": "mount"
+      }
+    ],
+    "seccomp": {
+      "defaultAction": "SCMP_ACT_ERRNO",
+      "defaultErrnoRet": 1,
+      "architectures": [
+        "SCMP_ARCH_X86_64",
+        "SCMP_ARCH_X32"
+      ],
+      "syscalls": [
+        {
+          "names": [
+            "chroot"
+          ],
+          "action": "SCMP_ACT_ALLOW"
+        }
+      ]
+    },
+    "maskedPaths": [
+      "/proc/asound",
+      "/sys/devices/virtual/powercap"
+    ],
+    "readonlyPaths": [
+      "/proc/bus",
+      "/proc/sysrq-trigger"
+    ]
+  }
+}
+`)
+
 	configData = []byte{
 		0x7b, 0x0a, 0x20, 0x20, 0x22, 0x6f, 0x63, 0x69, 0x56, 0x65, 0x72, 0x73,
 		0x69, 0x6f, 0x6e, 0x22, 0x3a, 0x20, 0x22, 0x31, 0x2e, 0x30, 0x2e, 0x32,
diff --git a/testtool/coap.go b/testtool/coap.go
index a6d43f0a..00674cff 100644
--- a/testtool/coap.go
+++ b/testtool/coap.go
@@ -148,7 +148,7 @@ func (a CoapApi) measure(c *config) {
 		log.Fatalf("Failed to read config: %v", err)
 	}
 
-	configHash, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
+	configHash, _, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
 	if err != nil {
 		log.Fatalf("Failed to measure config: %v", err)
 	}
diff --git a/testtool/grpc.go b/testtool/grpc.go
index 2e69de0e..719e77cf 100644
--- a/testtool/grpc.go
+++ b/testtool/grpc.go
@@ -158,7 +158,7 @@ func (a GrpcApi) measure(c *config) {
 		log.Fatalf("Failed to read container config: %v", err)
 	}
 
-	configHash, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
+	configHash, _, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
 	if err != nil {
 		log.Fatalf("Failed to measure config: %v", err)
 	}
diff --git a/testtool/libapi.go b/testtool/libapi.go
index 260fffaf..605f4938 100644
--- a/testtool/libapi.go
+++ b/testtool/libapi.go
@@ -147,7 +147,7 @@ func (a LibApi) measure(c *config) {
 		log.Fatalf("Failed to read config: %v", err)
 	}
 
-	configHash, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
+	configHash, _, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
 	if err != nil {
 		log.Fatalf("Failed to measure config: %v", err)
 	}
diff --git a/testtool/socket.go b/testtool/socket.go
index d56ca0f4..485389f1 100644
--- a/testtool/socket.go
+++ b/testtool/socket.go
@@ -140,7 +140,7 @@ func (a SocketApi) measure(c *config) {
 		log.Fatalf("Failed to read config: %v", err)
 	}
 
-	configHash, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
+	configHash, _, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
 	if err != nil {
 		log.Fatalf("Failed to measure config: %v", err)
 	}
diff --git a/tools/measure-bundle/main.go b/tools/measure-bundle/main.go
index 2e0ba441..8ca4d9b6 100644
--- a/tools/measure-bundle/main.go
+++ b/tools/measure-bundle/main.go
@@ -52,7 +52,7 @@ func main() {
 		log.Fatalf("Failed to read container config: %v", err)
 	}
 
-	configHash, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
+	configHash, _, _, err := m.GetConfigMeasurement("mycontainer", ctrConfig)
 	if err != nil {
 		log.Fatalf("Failed to measure config: %v", err)
 	}