From c22b533058a3cf7194b09a8eed0d5f6cf3e30604 Mon Sep 17 00:00:00 2001
From: glasstiger <94906625+glasstiger@users.noreply.github.com>
Date: Mon, 2 Dec 2024 16:59:06 +0000
Subject: [PATCH] Entra ID OIDC integration guide (#90)
Entra ID OIDC integration guide
---------
Co-authored-by: goodroot <9484709+goodroot@users.noreply.github.com>
---
.../guides/microsoft-entraid-oidc.md | 274 ++++++++++++++++++
documentation/sidebars.js | 8 +-
.../active-directory-entraid/10_overview.webp | Bin 0 -> 46182 bytes
.../1_app_registration.webp | Bin 0 -> 33668 bytes
.../2_spa_redirect_uri.webp | Bin 0 -> 44458 bytes
.../3_application_id.webp | Bin 0 -> 57874 bytes
.../active-directory-entraid/4_cors_pkce.webp | Bin 0 -> 49870 bytes
.../active-directory-entraid/5_ropc.webp | Bin 0 -> 46692 bytes
.../6_token_customization.webp | Bin 0 -> 46666 bytes
.../7_API_permissions.webp | Bin 0 -> 41788 bytes
.../8_add_openid_permissions.webp | Bin 0 -> 40008 bytes
.../9_permissions_final.webp | Bin 0 -> 43212 bytes
12 files changed, 281 insertions(+), 1 deletion(-)
create mode 100644 documentation/guides/microsoft-entraid-oidc.md
create mode 100644 static/images/guides/active-directory-entraid/10_overview.webp
create mode 100644 static/images/guides/active-directory-entraid/1_app_registration.webp
create mode 100644 static/images/guides/active-directory-entraid/2_spa_redirect_uri.webp
create mode 100644 static/images/guides/active-directory-entraid/3_application_id.webp
create mode 100644 static/images/guides/active-directory-entraid/4_cors_pkce.webp
create mode 100644 static/images/guides/active-directory-entraid/5_ropc.webp
create mode 100644 static/images/guides/active-directory-entraid/6_token_customization.webp
create mode 100644 static/images/guides/active-directory-entraid/7_API_permissions.webp
create mode 100644 static/images/guides/active-directory-entraid/8_add_openid_permissions.webp
create mode 100644 static/images/guides/active-directory-entraid/9_permissions_final.webp
diff --git a/documentation/guides/microsoft-entraid-oidc.md b/documentation/guides/microsoft-entraid-oidc.md
new file mode 100644
index 00000000..10107862
--- /dev/null
+++ b/documentation/guides/microsoft-entraid-oidc.md
@@ -0,0 +1,274 @@
+---
+title: Microsoft EntraID OIDC guide
+description: "QuestDB Enterprise guide to demonstrate Microsoft EntraID OpenID Connect."
+---
+
+import Screenshot from "@theme/Screenshot"
+
+This document sets up SSO authentication for the [QuestDB Web Console](/docs/web-console/) in
+[Microsoft EntraID](https://www.microsoft.com/en-gb/security/business/identity-access/microsoft-entra-id), formerly known as Azure AD.
+
+For a general introduction to OpenID Connect and QuestDB, see the
+[OIDC Operations page](/docs/operations/openid-connect-oidc-integration/).
+
+:::tip
+
+To enlarge the images, click or tap them.
+
+:::
+## Set up the client application in Entra ID
+
+First thing first, let's pick a name for the client!
+
+Then head to _Microsoft Entra Admin Center_, and register the application
+under _Identity - App registrations - New registration_.
+
+
+
+The QuestDB [Web Console](/docs/web-console/) is a SPA (Single Page App).
+
+As a result, it cannot store safely a client secret.
+
+Instead, it can use PKCE (Proof Key for Code Exchange) to secure the flow.
+
+When registering the application, select the SPA platform.
+
+We also have to specify the URL of the [Web Console](/docs/web-console/) as Redirect URI.
+
+
+
+After clicking _Register_, we have created a client application with the
+name _QuestDB_.
+
+Each application is assigned a unique id (known as Client ID in the
+OAuth2 - OIDC standard). The client will identify itself with this id
+when sending requests to Entra ID.
+
+
+
+We find the platform configurations under _Authentication_. This is the place where
+the previously set redirect URI can be viewed and modified. We can also specify
+additional redirect URIs, if necessary.
+
+The redirect URIs of the application are automatically eligible for the
+_Authorization Code Flow with PKCE_, which is a special version of the OAuth2 standard's
+Authorization Code Flow. It is specifically designed for applications where a client
+secret (e.g. a password) could not be kept safely. As single page applications run in
+the browser, they fall into this category.
+
+The redirect URIs are also added to the _CORS_ (Cross-Origin Resource Sharing) policy
+of EntraID. CORS is a mechanism to allow a web page, such as the Web Console, to access
+resources from a different domain than the one that served the page. In this context
+this means that we let the Web Console to access Entra ID, while its origin is the
+HTTP endpoint of QuestDB.
+
+
+
+If we scroll down to the bottom of this page, we can also find a section where we
+can enable the _Resource Owner Password Credential Flow_.
+
+This OAuth2 flow is legacy, and should be enabled only if there is a requirement
+of connecting to QuestDB using SSO (Single Sign-On) via clients not supporting
+redirect based web flows.
+This could mean a Postgres client without OAuth2 integration, such as _psql_, or
+a standalone in-house client application, or could be just a jupyter notebook.
+
+The main issue with this flow is that the client application has to be trusted
+with the user's login details. The user's credentials are passed to the
+application, in this case to QuestDB, and the client application uses these
+credentials to authenticate the user by forwarding them to the identity provider,
+in this case to Entra ID.
+
+It is guaranteed that QuestDB does not store the user's credentials in any way.
+They are not persisted into the database, not even in encrypted form.
+The login details are treated as passthrough information. Only exception is
+that server logs can contain the username, logged for audit purposes.
+
+
+
+Our next stop is the _Token configuration_, where the OAuth2/OIDC access and ID
+tokens can be customized.
+
+Note that users can be authenticated without customized tokens, but authorization
+would prove to be challenging. The user's security groups are not included
+in the tokens by default.
+
+QuestDB can be configured to request the user's groups from the UserInfo
+endpoint of the OAuth2 server, but Entra ID cannot be configured to provide
+this information via the UserInfo endpoint.
+Therefore, we choose to customize the tokens, QuestDB will decode and
+validate the ID token, and take the group information from there.
+
+QuestDB authorization relies on receiving the group memberships of the user.
+Entra ID groups should be mapped to QuestDB groups, and permissions can be
+granted to the QuestDB groups. Detailed information about group mappings can
+be found in the [OIDC integration](/docs/operations/openid-connect-oidc-integration/#user-permissions)
+documentation.
+
+
+
+The customized tokens contain user information which cannot be accessed
+without permission. User information is provided by Microsoft Graph, so
+the client application needs specific permissions to access
+Microsoft Graph APIs.
+
+These permissions can be configured under _API permissions_. It is important
+to note that we will be setting _Delegated_ permissions here, meaning we
+are not granting actual permissions to access user data. Instead, each user
+logging into QuestDB will have to consent to accessing their user profile.
+
+
+
+By default, the _User.Read_ permission is added to the list, but what we
+really need is:
+ - openid: to be able to issue ID tokens
+ - profile: to access user information
+ - offline_access: to be able to issue refresh tokens
+
+By clicking on _Microsoft Graph_ we can select and add these permissions.
+
+
+
+The _User.Read_ permission is not needed. It can be removed by clicking
+on the `...` at the end of the row, and selecting _Remove permission_ from
+the popup menu.
+
+
+
+With this we have finished setting up the QuestDB client application
+in Entra ID, and now we can wire QuestDB and Entra ID together by
+adding OIDC configuration to QuestDB.
+
+## QuestDB configuration
+
+The below should be set in QuestDB's `server.conf`:
+
+```shell
+# enable OIDC
+acl.oidc.enabled=true
+
+# the claim contains the username or user id
+acl.oidc.sub.claim=name
+
+# the claim contains the user's group memberships
+acl.oidc.groups.claim=groups
+
+# groups are encoded in the token
+acl.oidc.groups.encoded.in.token=true
+
+# OIDC configuration endpoint of Entra ID
+acl.oidc.configuration.url=https://login.microsoftonline.com/12345678-1234-1234-1234-123456789abc/v2.0/.well-known/openid-configuration
+
+# application ID taken from Entra ID
+acl.oidc.client.id=8de84b90-1ea5-4e41-9e84-dba860aa01a6
+
+# redirect URI, QuestDB's HTTP endpoint
+acl.oidc.redirect.uri=http://localhost:9000
+
+# OAuth scopes the user has to consent to
+acl.oidc.scope=openid profile offline_access
+
+# enable ROPC flow
+# optional, required only if ROPC is enabled in Entra ID
+acl.oidc.ropc.flow.enabled=true
+```
+
+The application ID and the OIDC configuration endpoint's URL can be found
+in the Overview of the application in Entra ID.
+
+The application ID is displayed right under the application's name, the
+OIDC configuration endpoint is displayed on the panel which opens up when
+the _Endpoints_ button is clicked.
+
+
+
+## Map groups and grant permissions
+
+Now we can start QuestDB, and login with the built-in admin to create
+group mappings.
+
+As mentioned earlier, authorization works by mapping Entra ID groups
+to QuestDB groups. When the user logs in, QuestDB decodes Entra ID
+group memberships from the token, then finds the QuestDB groups
+mapped to them, and the user gets the permissions based on the
+mapped groups.
+
+```questdb-sql title="Create a group which is mapped to an Entra ID group"
+CREATE GROUP extUsers WITH EXTERNAL ALIAS '87654321-1234-1234-1234-123456789abc';
+```
+The above command maps the Entra ID group identified by object
+id `87654321-1234-1234-1234-123456789abc` to a QuestDB group called `extUsers`.
+
+We should grant the necessary QuestDB endpoint permissions first
+to make sure users can access the Web Console, Postgres and ILP
+interfaces as required. [Read more about endpoint permissions](/docs/operations/rbac/#endpoint-permissions).
+
+```questdb-sql title="Grant endpoint permissions"
+GRANT HTTP, PGWIRE TO groupName;
+```
+
+Now we can grant the rest of the permissions as required. We can
+grant access to tables, for example.
+
+```questdb-sql title="Grant database permissions"
+GRANT SELECT ON table1, table2 to groupName;
+```
+
+## Confirm group mappings and login
+
+To test, head to the Web Console and login.
+
+If all has been wired up well, then login will succeed, and the user
+will have the access granted to them.
+
+
diff --git a/documentation/sidebars.js b/documentation/sidebars.js
index 6d9f134e..4c1e8fb7 100644
--- a/documentation/sidebars.js
+++ b/documentation/sidebars.js
@@ -376,9 +376,15 @@ module.exports = {
label: "Guides & Tutorials",
type: "category",
items: [
+ {
+ id: "guides/microsoft-entraid-oidc",
+ label: "Active Directory - Microsoft Entra ID",
+ type: "doc",
+ customProps: { tag: "Enterprise" },
+ },
{
id: "guides/active-directory-pingfederate",
- label: "Active Directory",
+ label: "Active Directory - PingFederate",
type: "doc",
customProps: { tag: "Enterprise" },
},
diff --git a/static/images/guides/active-directory-entraid/10_overview.webp b/static/images/guides/active-directory-entraid/10_overview.webp
new file mode 100644
index 0000000000000000000000000000000000000000..2077228be71b66f80291cc74afba1b70887542d1
GIT binary patch
literal 46182
zcmZ^KV~{A#mTlX%ZQHipecHBd+qP}nwr$%wt=lr^SC%v40etzoisb8c1mi%Eq
zJMuq2FQIp0=2y##%#5)z>fLVTOt@0ML0Uc2a!*oD`d;gaS2-(GY>
zRS`9hYL)*P9rqOD$fHCR6I}>lvI48&oJh_hFRT23umQ!CKN^Xkl@Ti1=Mx)CQx>mz
zj#aoJwJxi1_ra#bkMnWaz-RGKezxSELAs-+{~4?gRmKG0M$Zo6#gv5`n~Fut`ZAv6
zM|E}mpCAJn{}(Dc6-)vO|F3)g(~}w0NpEKMWW-E{7Pj#|E?jlby;JW$L6AkLb}RPT
zcPAZgSVhNT()Lk~l+ipbJz#|a8IB_8OGD}q&}g@CA`Ph>&fffAW1cz#tA{79VN`RT
zhC|$P?26?tXyxXaajYd<`9lu=WV=q(KL#j)KienWQFi$|uIwSg)f_WD0}8H|CYJ*S
z)XnjEO%e3Dx)=|myI#CbB0a83r2BjB{b;YkkP)T?nP*w|Pl@(zA+v8^ChH+T`Xm&8
zafTn*^Oj}Uvy4015be(YfJakNaaqLFtv+8-7RA7|rts=xvGc$Zji#)7;G|{ScPySF
zCK2$jqJx<$j-D${F?hqppt$c-T8)wMV2PkVsEmje^nGkII_%w9rGgbLEkiO*IEu}>
z2IO}nCKQX-(&%npr{C*%m6dgHQY-(9O}|=YYYF#OW3|7ui(TXRjeM$aD57V547csk
z-qDO9!cPjFcOcI-x#iAu@Ki-2
z;|4!@Abo7V*L|Bv`5zrs*GiY36QF+BRqIj6b-?_!`5+)uz3g?{D;
z!++k~ouBff+FrnAnTiXw2!co}ww8OG4I>x(g`r+ZM3hTF1oOw*LeupT(b?viW{eK%cd*<{-p
zz-(rV#&R6@J|^-W8rcWEYLTJUftFSkzDsP#WYa1H%t>c;5SDUz67!M(4c#fDRytnP
z-QKucBq=2HrtN$^&R7-i3{wbk_buI%amV!KafAF+RaF`bCFGAzJAhD-FvvrY%Bf_<
zB}XOE+9}rtvhODNJ)P0Bhx!lMeo@JIg^{QAj+m&C^`CXB9Gy*l#J!FvUIYOhBLPNpLQy|7dN1H)lH39Kvw6J*D=?W;
z*K7IWo>U3zu74v|_8%XC#2u
zxf-jC)Q*4*L_pt9xb-mj+rRO~b;xZ#v*BTYt+PrI+qd+KQr%nEm@@j_5H3*9`iEyL
zN%9ar^3!Paq&x3r7+@d
zVc;I53+%|$$t8@O%}>1+6}4~iP9|B`4m6w{G4Bfi3q?UAy6XASN^fo#E@KCaFJQ@-
z+T}JLY)%yIX2cN^l7vu_rp9rA$b23XM;^a&|LWe&t5zku$L>Y1T!DSfU1aF_y;@rle{ETr0{ISz(>
z!Y>Hu1Xu)Y@*lRt$~y>~pd}96mzXK9Jp3XSaBA8_v|AB`8skAL@U`x)KS1!q%G}kP
z)BKm9>mid?LgtTctat%`Dh0gPdYBb$?cdZDf~M?&sn$WRqUIkHG%JIF@3(0{Bx!br
zd!DvDx{Ws0`Czk0C{lmxFln(=JjQOe$M~ji$$Uc#d2_=3>(N|#y9{a})k64^JNcXW
zmSM4?b6(2f)H*3#Ma-;@2eVdUpY1`Iqpze__NL=r?nJdd*sq%
zO4}y%Ax{AXu?1tp=%-5RkL_(94^rHD^u}Gc+2C>
z*0IIR%yi>6bYEgdwp7l5YFv>V?b7q0N5*tQzAtSf4^nxLp$Kn%=ZGS*QQn1+??
zO!0%V23Q7B$bZ^|ZmP;FZn8F76>faD`-|Z2QCXylTK;Re|9z
zQW!wHnA^|U4;d?b{No^9`wr=vp&o%amfCgfT*;P38z8td#JJMjRIAWXwt}fW(3=sW
z_O-wprBm#YZ#6E)g8o+AYC%+Z=UQfLDIzVW~;Wn+${fr;_;y~
za%@80>YaR&lnECHp}9@-**?m;DY-&o@OFFzkoxnzk*&H%;hec9VbW
zmh-QqPykfY6TDZrKwvHIzkc$Fk%p^Ont5d
z(VE!NRD3h0_&9HwV~Y4$gp-*CYi`^)j^=+
zr(*#UAeGb2UFTR!(4cee-D8-_DKUW>2#uxksUFsP5v1zeQ&hiolIjR<4BwIAXUJw=
zN|i0AgIZP9V15`WT)P_ARfNhC9{lysR2Y@yP7`$|fg}sQ2B*XE?qm@l+pDmZp(TQM
z8u4QPxmmUwIdv6PCEW3e3&u7l#;#OHl<<%@+xUsbNIm)IGRQv@9;5DMQZ;L?x}5|t
z{fn98-D={=-+a%vIgL`p)akjnLyDL=uZDDXs>k^bVavw#(Vdx>>oHNxDdZnhP-FRz
zV(L-ib|$2!y-e6Dfb_6a(Iipn-b>{4Vv~nzzJkx<&)g&Z>i`6I?Q=xPC|3SxlVpyq
zn4Xm|G3Bv)zXK7ss+wy;u0LcICuG@|Uf8RF+p*Yt98lmKk*r~?qJhXBLheL!B3J(D
z|NlcBWU~mWuLY6X8%I^7o%f#xxj)CaT#RFIZ8|VS|2s3iGer-jsNZYb$+Z@vEBGC0
z8v8@D_E`U!VLD!IYHCYOZ;AZhx#a&S_R1te!@xBPEkNPv)8_(FRJV&Q?EA({&y~RW#u^Oz!C5{P{%6EKI3|g5KlkX
zy)In)mN?{r4lnq6JquZX5yv>IIZ&=Qy#SrBW}wD38c^W$IT2pQK26*$>f3>L>G_X0B
zF7ngoqLQt{iZ-v0DHvn@Y$28outztcyHCq5-V5jt&&c(LG&k#Sto|Y(MN3Y=lVkAt
zxaORd|L-*J_J9Ps;X_P*$j2*)XEdJxrMs`eyqpY`0a(26Un6v*F&5#^uEL$k7iq+NzGPxAO%(p_)^ov@wb
zDDK-*GgVroERWti9oU_}MbckWQFk${WCIJuPy2k(>0Rn4o(^;kHT#4^SrWQ`YO!_u
zY10yS=ufAD;f?(Rw;n`;6$PH1qj{LjGjPU<0O;Ek@@^@pKO9yv+rc)
zjSHLw%z9>rV@mwRs#~@qglIQi1H1h~wmw*B-dHD?Vq9|=XJ;R{PLKYVFiWZOVn0);
zuN7C>UAo=rVm}qj%+8UWo!yOO0nn-B#cJPZ*bm7L`+|u)(u-~wR5~Y{>D;gCcCk}=
zII{M(dyrVL-vGRy!mk@kr9ANe629`SJbPR|t~3Q4ODK?rTXT+ENt$VT6yw1GuY1Sg
zo-{c82R9l3g3kW-PCtfh
zw0zQ!SCr!bg>R^rttFUDrv{sSk9?#EF0}D|{(R#sMuY;WlzoW~*_q&k@#j!%X_lH!
z5H0wDM!-8bGsTo4khjAIu!=|+AabzZe|@I#-!~9;u~|#oR&0nhqM3VWRo1^B&4;EQ
zSHkgPss3hMCnW#nzJII#hANByZ&qAH|6?!WKb-8@1Kdo^IK&iZiPN9(@kPE0e5jbE
z+ZNzFU_>D@p74ro_6LC@zp>&{BeNS0VinsR;q~hY(7b_HSCjy)x5ooO7Kg$l9u58Z
z0Q#ImKW()Ok14c0B4Yp$z1iKXY)K3y&)%y-CYvIBd9+Pyt&d~?+@%Nd=#Wai$-T!<
zo)b|Z9wwSz65WU0OUW`6lnRiM>M4h~Z+h2zKv9Bh+_OSxb>p~4j!xW@KXMoX(~iOg
z!W0+H*i6(}KS@mENKcB6pHwlTA-c?X{h8J6)_ep<5ZB>@sM??R6&h<=*x;F!Zc9Q3
z@MAH%Ch^jL{hT%{U?b+-d;}t^m3IqU$@)ar#$WCn?T3QTC7bGrv=coH$!oR6QbA(F
z;-0LrT1t9{-_B5yi2!sHh=JXZ*evk_V9XlaTvPKm(xcbYfPm@8#<}ek(&xFTLs#Ui
zjswoOdG@s1Dp(&Ho_X#P(#l~JO7e+++B8vpJnM3tA(+M%E*n@BSK4jR2-~+*S{Z_n
zYD9f)cU4^;MN>F-RSo8dK6F1gYs`*Dl9|c}o1iCPLMwHIkx5)
z`yOPOcm%OiyEEhdh5jf&XXqv7N%Q#Zf;ixpVZPAzp9HhzECi-d#KW}_%k=qBq
zT!qt$oU{tXlL)Od?2x4KJ^NEHlhdZ9RDvT9|KQG4*=={thhNMhlJKJz|h7n
zERt*S0yWl0BO5M1#>V*Qbh&Edtu{^EWH)X5*_=<;J0#k=esNbFZ^p@kdG^%OZFxJOSbB^XrdTV&@32vT&~C80$wcf-o@50OB_$5l=;Wa8jAg+(@N49S
zlFfxPZ3+k1>BbHmp5yucD_Avd-l>!*k~{XX3@^|Z&(Z4zwgL*C2Y36!m7>)&cbTkB
z1cugTAgBhQAaKM&#V~iCD=U;WcHgu(&W8NY>=U!<>u@1Ah=G4D%@L2F>Iu#*rHh`A
zUfoy_PCO$yF8USc5!`9RI`M4XZ-Ug5cGH_2k`*5sfWLe8c|xZ!;>>kCVAxG(x0Sp_
zw|bQXu6%k6f~$E$?kxnNn0%AEFA39uUx&oRvciA?7P3wdl0F
zeQ$=J`8~PO)GITq8$?&8fE4Bbt(w%<1Lw1l8|5@}dj^xwwD6P07cY`iEflugBZD!@
zKWYUvO0xz7Sl94F&)e66f%$^;nJTjJ!Egm~T-&q$#?Gb8Da5)oQ&g68R<}ds9mhS4
zn%WUjbt&ln9ZvEDf#-HsTS;I1PJ+wZR_a&2r0yB;;_f}OVyn7kzf(&kR
zAR7V|O`EoV@ELxPLN4ihzFgW_yE!oub9U%KFLS$VkOWBW&2xKFHxAXoJ?CBg_5z~e
z&6$vh_64zpR?ugkOUpWu62N#3G
zwoxiUj%IC9dt>jt?b>>?&pi)+>I?swbCaHq!gsVtl)_~e6Dj}0N8~Fw!tooE{rb$&
zqZ#R^*iE*?OM>cH?c868VuQl`$HHLoozV9y7=l+KbUPk^L4)dK>eXd89G2_{?;@v@
zJ)m@{I9%%rh#&3*008V_8}tj1{QtPb^=X<75JFhd~Vdk_$D45*Q43FSe+O=#E0!&hG7qb^~g~ZoEcD
z2Vey`X|(xYY5j$mYuZ@BnqG{pKsasS52vFeIF5^;>#p-Kh{NvON2!$!ED<~pWCtRk
zTb8qda1VKJ&y%4Ia2}e#vL
z*a&pz67f8pk7KRSEPw}MP6)}4Y)91(biSFOkd2b0}X>-YB_-Xr)K)%nrhL(8vlVu0shjeQ?6F
z<&KiqnS6dKj0zFuP*ly(7HVBcxUqBDA^RJ(SdN894g^oKeRL7g_K(5=kFzid?wp>R
zmA9O_L~~r0;F`O}Fm`^a>F;Xqk~l#-$4Vi%d_^~E&6H7>KD{fTFw=+a1hE);(nK@K
z2Y3;z<
zPlSX)NS(+Pg3z4e%+OU)M#e}Ij@h#ry&oRV_F2)-{`PG#
zZ)ct@03V#B0>wy_XQ6TzTuVOFhAYEw)3(}`zdPOROE_L;9wk8zo&4p|I|Ll*8nV4X9Ep7#1B`l-ta
z(v&_+n>01-rXio&TkQK_6`#iK3{#7$d`-3meY*`M*n(R5mCuP7m
zZ|f0dC4v9TQI>Hm=Y2Phgf!OYwX;J*eO%Xg#M)L|#$nlTENKw1nmYtfZ01ehy3mPV
zym9mxK-f2$smS|tE_G*Ejoy95hky3Hwk04YbBxk;h;{LiZ<36A={9{xO*y942#ya%X
zWgK4ry(3|#CWlZhcHDO=)`T!kHXyk>7Ev6*cgMofU05Z@%*x
zgr8TIg0J+v8a>3v16@h(&ImV4L#=Ou^q2>Q3=?rI^pm!DX4aoCQmM(x+&#R9A2}7;
z@Pw6O!?EeKb%T9wuMfzSOy68Dyj!wsCRA5h+n8nKHJd6B?e2Q}dq_3QZ?Tf@3{ad$
zY>%_{7Efn39xqnQ!x0HpR(W|XZp0fEPi5w>0Q-9gZ@g@)Hqh!uE
z*!fp=RuGPecEvX3(^2H7JcgB(EIQZjX+^3&qGoVrm$(>JKhpT1)ltah=K+0}`_X5x
zs=<8G2kdEvUwHzPJQ*$okXW=v9IGCkU8eUi)$%?egl0ZiKCBv~xFC7%{>hS>qO%
z+4wlI${rXyY?~vNd!2ih)3-AL;tz^-jZo1mXto8RU&00CT5Wr|TRY-ln4VYVdAxFapLIYKib4v(
zKlWvzWNo{$L>b30Y!9hP-Y~_f4&Wm}g-+HYUr=EM&Q#8p!Q^HWj4#1GxL0{8i&#P)
zW3?dA-c?!N<~;M&1`Yf;kDuj%7gmzn`;{+Rl?Nmw^2BFJu-Wl=WFC1XfxMpd6w_53
zSkMmulCK{&G9$ft4wmsq5X|+L=0V!PuaEWV3%ngFGD;f(?zQ~qLIlJZMdyJEoXL4l
zb!A+PUX`-KcEG&PMyJ;gweid|Ug5B416Re-3|;cMWk`Z8ugKG&>q9iq#&1Fk=$!G;
z@|)nCqE?6
z!yn4>hkbU+EbL-UCRU`V4ZY^5lFCu)(t&*z&{C?-5Rok7Lk&Lj$xdKbUFrBfBJueKfQEwvX|i3FQ1H9{G4h
zbl*e?JROV)pX&5thf7n66@bQsgEp#j^gCGQ83B~+
z4on%BLhppj2TH3GA=s2Gi!^VC-kF7pbC;Jo!-V=uZ^RO-2Iuw8%-u2>*J|iV$&M({
zIbPSIg%GDBr0zki5W3KTdP|*~!XFEWINm8H8(@M;5hRRObj8<{Dp8(^h97;?BDRML
zT^bFP^mvv4&YqRJnyNwTm{P7uSq*0xb}$jPPl$C4l0M#6aE|RFhut0)8(RCk2GHohim?ZQfJFF
z&!>q*fla~p1K36AdOyb_e)moJDSX`${C&Z90;klEPDBnwRp?P$`C9;iyER-1ryyB5
zYq$lo4a4H{2ZFz|T=L~RRK=!H4K)D6A5xkK$lF?12O#Kikre)3H-r1bHbV0F0zZVa
z()rYv*k!~z?B&~GgpW8X-B>eROVr+HN!U`6H!(sDXrD9po`HPzL-v8Reol@}`G;pZ
z2o{87UgRiW3CiT2&D#W=hV4<%BeMZf9BNWUkgP6pY@Xze9Inc`U}CVMnaKG4du?Wp
zJ`Gev+RTmDzC>rIE6jn{;o3t%L{Hv4fK!4lu*uDQ
zTn`Mq2RKPpMDW*>sR7Lo0ykEL`-YVv{Y5EA^4Vld3HKRZ(n&VjpL&Zwp8DFQ5{;Jk
zaAWh6p16yMOF6T$_~qXK%AlQUVg<3yU5=ndxSFX(&$)4@vXS^D4TVhnifA6_&*
z8V0iGw+^&@zw?^EIOVh??~cN^IPxRb$h`M30lcyAeOOTiSCs!mEFA%HZp##}!9LXE
zuMryODcUR-u_!F8v@H#JLFzlaC7zwVw&f~n?=o3YFsMiwCG*et_ryIYA}2_&a>Hh(
zZnj}M-y>=(`Z+J)kj(JW;w_`IHo;q_y1DG46`U~H8lzJtiM!dyNL{kz<95byMZa(6
zV?5n(dtsS_->SLIEIMFZnM&If&O?F3%qlo$o(Kq8-TJtI+_bHRw-*{BbT`Id>!FX>dN(b$luN;FI@YDV)xA!ws5@83
z4^kh}%QG2nJowJ2B-?8^7ZLRCHi<@+Sjj1EuVf&8A+fVm6X^tTasF1R;9)RCLDI_ulMW))mGrGC+(2}cc=4K3CAgS`^F
zrHnJP*9%*)zKkw8akFCVx%$TK157q?x}NHk-rE|WO#Xq9A3#pZZpzxoocB*
za+<{y5(Z9A$qzOKAr>u~3(*5FO>cf6y(7U;WQl*BW#(c9#S#kPy3jlIVU_aexQ523
zQXI75R=J+&86BDv04Y-$d3=$1ce^40U+_%eCLOF$lJhS1r_Afa)rLa`SwP&QG2@8{R@M$A)K
zK-N>!IV9h$@_`N6iTDzjXH4TZ(mumS{^Yj_X&4?0T(tZvw8H1ApjdOZjQGstdJoXR
z(G5{lZXqlAyl|AeR`FEz#ATmOKP>9axqMHvAI6=V(VD*V9nG~x?5Z|Pd=a~@CG07v
z{08%y*Z5Omgf=0FW6GHUak`|H^R~D|aSoki_()o1dR4yAqvvBJEEiI$!YM*$3snZml`85%{}Dtl
zq}k6=Q5by6_u#KdnKbltv6biXUJidPPax6a(1+7}rjMYjRS*E%1%H5Jf7V@ny6jRQ
zX=C>#{nFqe@cTF|kS}V@sg@T+dNmX+GaJ~nax`=G;rc;7iM1WZzWlt)m8?Z{kjjt2
zpUObmVw=VxL$tJcg`xmly_N@Gu^1r+OmvwKt2^`g4J=N$lTe`3cCi3vb5-z9*kKoZF{Y`we!9f|yv2S|n**%pZ|bkWx{c@nmU!L%nIQeR^!6~A~;zCLK3
zR#GGpa^XQ9`912O&fth+tYdkY8@%MH@wv942uUk+ooSKBSvw@P(uSa@V9K7@6#D!^
zChxcqM#yQdH>5xkDw0(g>*NGt*bYp=5FqP6zNxI`)gfigad9?1yp{??)Uyh{=%v~#
zH3JtruRIk^y>YB<`pb+dFqc96M8pNeMc;v?dswbse#%zl{W0&GIF_*Yww^!serqqI
zpFwGwm5}5xOl2hQE^g#eK(>Q{8R9urns3FP@5Fha)ysSe@!f=QIh$MV!&_=gvfa1Q4dcjN#m!7*9UuL#=fQwlkO
z{e;;|p%OXbuK*7F6(#JT7eD2CVsPOp0ElEhTQ;(P|(Vdbj2f
zeYR$Jg^WUy#!FSuoDZWpW+B%2k-{z6jpShjjcA6BtWN?Jq;q21uVfqn=>OX1JN|CdsYOYY3Fu4!BXB;BqJBPg)&zyo-DH&97CiGF<>qxcg6)R3!?Yd_Mwr&W
zmHoxXU4#P!5!iG=)7Zl5J1@)6r?JM_Xhvqm5kw~4fI>m_e8oUA=dB`GC?s`p)ffOD`-RciCCbJ&r=07_Q81=i{QyuR~%rUJ_^K7kN
z&6)5vZxYVjnH}VX6!AL}G^h)_ic5V(vJ)SZrqJO#b_UhV2kr~_b
zJeKtH1?tewr|PQn`*JAUXp%s}9qhvK{PSE4e?N6^lCOr9+4H(vbz0&6biEt$)JbA=emPoPt`RQgW9~IWv)2tVjyF-qBr*bcnM&-G7!JYExUhQPM8*zWnv9517Q)0=J|go@SG`{&S>
zM6}0@6G^nM{N#i5$+3jvDq0l)fcm{{e0@TEQz|z6Q_9OG?)&M}uL2<7jtP0xcyXY8
z?X<_EdO))I-9oK?$#?6F5bMp+ArU3fBrsq_(&n9TYg;Bi&T-0P+0c9wqhvz9e+>7>
zYgPL)wmo81Ikp2A_R_X=%72BD!+bUDju_1hk{mItI84uEhZ`h<%rsABmd8{qRWeDW(uV4m9E4ZYj5WD@P_CkXvMLS;d?GyY(=UMkZlotHr#ufcHbjD;
zDfHZ1t}*?|*yXxo0ZQ8AIO{>A_7>ASXm)Szca_Sn3!*X`hOf?q#
z`(wUHKD$mMg(GYX#qcm(A=re>i%zJuV2CI^amDVN4Zb5~D$67e>xC4`)8Vh;c)Vy;-RAehP{Cyj<_fV8cR
zu@%BFybQvxnr2S{q*6qW(&(S7$VUd{i;3tq)%@8U{^D`pdk}+TW9Ak^>+_pfV(y){fCHJ
zW#GXKoeO;WGD=pHm(7QaX2g9bYDm$=d-7Ixx7^Jh%La^q+Fqj`-}6g-b-XJYM@-kI
zDaQI^L@k9*s|u-gA*o!cTn*uA8&7xKaQPnx=$)c%oW^BJyK2*9&J
z@Hg%hY3dkNF2<@&Kc_N+aV`K9_#!#N1UNjB@q)?B5~?$HSPOjo8a!jUveRh8!a65j
z(J(KIwcO5*mj+G;P$C5g-=+EN
zlb0;GU8x-g(8(eC3a~uhc86QmmLy(bc5RmEef~XZq~1VCmeZVDI`t(i{B)xeMb6XM
zPsOUajDr2heJ9O`Z)>Jk9%+mod{evH0r;TX_%moM;ybWAPg$>-Pv6VX%9{1sJt
znhR$tN4v{QXL
zbMvVH_y-nZFc^>*KZCV+`O$^D9``vx_MTloqSY^NBoo=-l}Ko6`k_dU@=T=yZ|Et(
zr(Gpo=r71@%?PG&=F%&`vgsYVo#A&6KS3fu$6{^2R|ENMrb7VyQsCE^;}U?y)&D5-
zZQ#WvWAYB3Y1gCW0*%Z@PAQ*@w#R&7{?Pl)mbM3sZ59Z`F=-Uy%MQx5Yv*Nu5ADKZ
zA69}M`jlS(_RUHK5yOCXhu;2
zO&UiE$-FYx$l0-$v>zP-lnbau^p=V-iTn*_kI)kKRYhN3tq7wxA5IX%fEw|$KitMG
zWkgj>>sSz4jtFb{oT-!3!~*{Lc`HN)-@mi6GAbmQ+><(FiHlGh1>8dEKNyuLibCX_S9
z1nWxZC&hT&HmBUrbo*&r)vmlf$QgeS8@rT-6&Y2!vpFIi0~u1=9^5|2BJh1*NJFXq
z5%rcmXHk3=e}cE0iJt_;8BPh4_}ouvq0ITi2^pk!frW*e213zp)c1o@>Z{uk~9y)DyzzMO#Cs
zMHWi;+!~8O5%tzK*4Iy`Z*7m==KpcNbgqT%4sk@{N21r6eX0khv+yHWpS@8~Y
z9dXbLIoxBt*Pxa-qIRgus){qRs)mw4W`-YDQXogn<|HX^ENDd`{%D?~G*tK6@9FPk
zet-%~wZsjO6bQn!W{FP$WN9O)v~&3ppnpQ%X~iKkHlt%(tC~$SBS@h|#7VtfB1Ggb
z3HW!^z6~sp0AbMBuC^RW9TrHX=c(5)qTD|{Oh0F6{7&WkopKmfz=Ho<@s=$5peFfO
zX0E?kS<4k<-kxaCJ!-8C`T(J*YGOv%tp=AAP4vmn`P|Xl2K~VrV6nm+*rWyrr&xHK
z8X0^n49#j(8Ve_9u0&PvmYC~d|-aqwJtzxMWx%QA>{4U)I#A6ZSijhl6w}
z5hcd;y&-sb0u=xhNtBV_iVCiff;HlZTu+Awb??@bZ~|qFl-*uHI%Uu3g8}e7&U;3j
z>B;XcEQL-u?MAKn`=aW-f4e=YpEimnozSBirmnW|A%hL=%b9bPbQ2arAl1M0U4o(BKeM!m9R8
z`h%ham^dz6$-=(4W-8=tj7jlxI)ybMq^0--%LfN#hW5ho);*&Q-3dH?pA~0mK~S&2
z9x|eWv!%p3{_cFK4p$s02BjNdTS;}QPH&nKJ6GDXbHGGe@LcB4g4~Q}Eo|>O#*Wt9eN63DHAJTNn)sGlmkyxV<^U<2KWInbNue3*R@Xp)pVy
z^}11Fzo7q~Y_8dN{^Lv71UWo%3M8K8)N7I>GDk2<|HlI6gR6BOZ2mkoW>JPy3Py}}
zI2BEDHUB_en9Pyf&b^>@lQKoZi>~8%rWSW+3g=UYvEhN8sdHRrh20WN)xAjMSocjK
z4TJOM43zZEl~ClK@sQye7pe~9`tUO4Hp+S$MkH?$b%Bi*{J4=R`Pa
z5@OFo+HE?5a@JsL8rRo*0YCdy3wG&D6L0to18oYU6*Uc}`M{csv4erv_R7f#0^3SN
zU7}uhcv%K^9JbL}ca`5UZ5cb=T-cu4EZTvU*3Gx#S&e!j1HcE+b9-?&q8EhiVU+n9
zf0w}VW@1?VA~*~d*P;I|&h_y!>W0D?c(;dIug?p_JDzc5YtfK!lVpF9YK-WsUBvl7LFY3Vl^O_9m!*inh#G_|#Cxx1OX
z5A7%3IKO2*`Vi-&4VB#hy2gk1@+b5eV~6<0N~}q{W0QP=_j~r?t+KBW-EQtIe2`b`
zWVAxk$lpIuU=KJrY=>512~{23zM^}RB(l#HLG$Y)Nsp6x*iu@Iw}-CRhfZ>%W1_OX
zy~$wUoGT1G1p0N(aElS50j=j9;MGUraabW0lwA%76DNP$?-)*tv@KjJ6m-h{l}Pl>
zh|+Dj{|S)0HO#Ho{99#mQdj-&{Dv4Q>Yb}iFakh%mWRobN)h{dmSW&UhE>s&)0ev5
z#kHtjpb$zXr#}_sYhWuv5+j6VRzQS-ds7Y-8EqN5ZW1s??wb<6-6dOtP0(mQvdtro
z85R=^MB7o^bb;1q(S@Z1_`~MHtpG^fYlHTjQ+4<8Rf-#wio866SzwNXnFy`Veq-oY
zNttYBYD!y&86nvgfpe^+7CFc+k?rN4&PA{BnvPj@@QMA{r=Tk_8oKcNU*XiFL~(-v
z6+se99odYO!9%mz%N##zh_B3<_fN`<4TdTVum{v;FO^Cll@-0L-~~Io5Fm80(ezW*
zs=$9gL=AZI1osm+fLcvVM+kJL8yV=VY!1V}@JReq=3ZwG?NS1P(RkzeTF!E+Ush~+
zLQ9t&y2zqs+}=^;$*z;74l`Sc;pKR5Bb3+YpydN^S(SS`%sV7CwF7iu`k345RIjF&
z4ev*oAyh&EIDQ=t;6_248K~ji6!}<8c$AuwQuvw;nDl7o&8b0HA(V^7&D9Ks&%C?w
z&ABx8d*z@&7E!vU)}=!*(NvOah~G+3$20G-GG$q*2O>UkaktP#BVF>3
z55l5;jhnICeIPl)8*msO)B`3vJD8d3u>MvuV=R98atn-U>f@E)BL!39P*XZ-g-K{(
z@6uHDywS8QLy7!HOQeyvs_pbpJW|-B%*8tkBQKjl?)D<&OG?&I&^l6aFTO3!c9_)N
zK9?9l{r>|$K)}D(4pz)3S~x$Mb|C6uCKfG1sd4;TZqT(3_SF|oxtJ`sp!rRin(lAQt?3P*^9%5AX+Ho|M9kRPGeh&`h_})gt&!OAtEFB?HwAuSLB4;kpG#|
zSPR8DiUKh6zuQbcTcK#1VK0<&dL_vmKC2_FFTsY29K+eyB&2P{*CD%|R~af)+Q(;9
z==U#Q&q5@IX(0&9R$P{*kEZM3mi(ey-aWWJOI6y7Hia*vi+^O2#yA!sF6qW#4BLGl
zyu^~6eC=yNLwvFtUcNmiX&zz8MhDnP#ePJdjrRT@Y9BI)kz-v9MF`nG0!w6ESr<(D
z)pDjV7gFyYWg};)5!iX-fU1BF=0)`IBuh+Ev8>nhOR5UnV}C(E)vGt8E(ullh5uCq
zTS(#gBm#K~<$q%K)Xe-v8X#-F|FH}S!siyv1N#*+ofhdW^jPi%HsPn#5EnPu;Ds;n
zk-S|%KPHb#)Z|Yhj+yyFUw6s@a43_gR@)ff=3%kA0j62n8~WOF30R9zGUlNsqcy~7YAx8Oti`+
zN=UZ+IpJO=}AgsJk!bvgdroh*sYZ0~6*NfkuDg-G+^BI_29?
zZhiY1GIZ{fcio6|nfgImXX8a4FZ!03LKJ)=X(RsWAfP)2utsrz$7P@K0@*R%-M
zCyp3fM7P&R>X*_0Y5@?*;cE5DZ+NX4)1uL=>+1TV57wS@9Z`Nt?--FmUrz&tTL8&d
z29!nF1JoF1SUJtk1~M`*>)waChCz0Y`YjYpF2I#JkbG3@1OPjN>v
z$x;Ul6*phgU98=-V;3z6#<(GhY?2o;bcYLpXJ6?F$X@=%HhNONEnOFN(4n|9rzXiL
zOHqV3L$k71{|N%+JPIPsxYAKY-g5J-xim7s5R3N8RLikSnR>~Wv$ltJWI-@1=M
zdHqvxK?#as<%Or8wB`$Jvgi9}*9yl_c|kPL_?pDpk%W8<&adhYUK}s?q3xbZ8Z*KDqCkEbW>KyJlG68xlTtg=&4bCj%;-ek
z^5mxqz`JzW;B8f1+`>NlLy?DF#tfMc9K^VX4ZIuP(5_iQtd)PNBccY96k@Ny
ziOU)y4~Juv%qtV8_}Kv2cC7=p0(bJY&I_JLMMhu2BxFuhK`%_r(=~Zp8g+Vzl|4b8
zUPM&^5mhp|O_D5A=k!}g)NwN;oqx?Y665wGOs%WfQ}|E1zC%!#kN5<0x}qgEl7CHZ
zWt>LxdZ{5p#97WKw=M&0%FrE;!KF4?va6Tqo&I@JG>C_ifE?m5iX>>mlrP>M?$k|p
zuCqe`$BBK&2OkUd=3n}-mS+V^bX4`9X-8qKo?MhYk@b?~{0S>66>Aw#99?C34|y=7
z*qEPbjWkxwFUK~IXW+zazk4j87{YO|Qd32=)>sU0Mq877riE&K@B>7ohJS{&S
zcKOoack(*L_p$U&1MG@RsYd7OD%=4h{pTn-G(12pb8s*gQt`&W5+*r(Y@vBOogUIF
zPHMn-IGetZ`8`+H9rqj<0@xQvEG_OO4)xZ%r9=ocYNKz5e!X%#L82p@@g=^e)%@|5
zG2V$PnS2Tijw(~i6xxj*9(1i6I{I5R`tHFhs?1xH*EY5bSK)T3*ZJlvs;yh%FW$=S
z^_>-xidzZ=LUC-9XMtS6^)CS8QNOoci8%YI_qOD>H7Q*B7@TiJU3w8ncU|IwiArTP
zNfFr%q$G+;_;=WPlKcqbBEk(CRzK8kU*5VqJ
zN|i`R{2*wWSf*`T?s(wEKB(^-oC;BDJ2O?I*ql@ZP*SO#~obuov6{rtJQfV7u!OwgXAX3(%>dYhe+Oaz*YUk8&OuZN3
zq@va+03_y#=Z(^T5zrZjf4A#cBUP?2j65t2xliew;9OechMq*NC@X?9y{{-2!!)BK
zV7DPm+80chgYjI5lgzh%Onn(Ww`T9|9<+|-#FlsQE|50YQ_BTFAPy%cQ8my<3MO~v
z(|=6Oz14_C1oXCNk9^`cbhqgh)mr``@pd!;GRro-t~62!=mXCL$tJS8ngO)bp0d6U
zUcWBGmw0v^;K}ZNyOU#N9zw}lAm#X|{Z0j8AeUUoCe%+XC#drhZ<}OVE&OSTghKNR
zLF>blVv*5;|HeG1K)hNu`;4?Q7<_tcf7_Xv3@6=3oilO8*F}oK5DSM<&LI)YVdjSz
zHucGYCl)mF?AW!BII-7VmG>ML)QEjlt6pFA>3*B2yaAtVCg;i)g_{0RhIR(fkP)(+
zb-RlVq2D@xrvSwcv0%eZyxy47m8`(T_mfpp7p;|jWu=CsMrT3+A~dp
z*r-u4feZ@~!zS?JWD{+{Fw5*+_KRk6S{KRUA<9$CcR?x3cOIs|xQ`91u5`2u&1}+Z
zkF%+9(c$p?ybgMT5miLGwgJs3m+RcsD3SA63N+e;8Aw}r2jd*a`9&#DGC%&$!w@QY
zHc-r0QxfSBfpbkkOpy)l^8SxBz^q3@0TOMkN=$&F#!Vb~b^fzG6i-!ol)r?Mak4jd
zmz#`_dkLPy>D4uG{&z!-xD$lgP)vRzUG(!Sfe83)uQtIo4sA1o=*X66kFch(P^oF}
zRQ%;pZ;B)_T`G?8U)KB&4FohZCD)PV-;AMtvu$B9rp$gX0N2-*;sPaDilaN%%ER(_
zQ=@LKEN|b`*E^->)x}20wD!ceR5BVOgWlEQz2g9^f6V*ie|Q2_w8;u|r!%~>^EM?}
zNpa6)ggnx0h7(=dO=Nf|?~>{iP_lgQh=;CoWQUj?ZZ??{)24^E?qR8cSAYunSvcB{
zT4M_ARHvgSrlO)RZQU{$BO=jJ(gEuQ{RJmGm2M~903$nnYImtFPAa&S*Hjyz
zngy0Pf2mv}-HFcew0+a|s*i#>o9sT?Dys5L|iZp|(Sbl_E=o#okqX+59n*I$_Jm*(6Z2kHel)|b+f
z3eYrDhTX1|aVMyE(do6eug*(O&%l+&JZYg&njUkjOV@1luF@~(v(P>!il8(u;8rF;
zm%N=m%RUu(i&P(RD1G!cyy`IZ1a%6d>1DXA9KaJ^4^sZRSF9`c+u{gye}o5rg%mOB
zp~6(zeb;@wQY5Nv!n(U$e)}|raM2uxYprWv)ijVsP{~KIvyg^Lu9gB{&d<}lpg>N0
zJ%6H`*(b~p)rZ-r2NKk7lqyjLk$G6Bzu`Sk8Y{r~*9s4Nv2~WvpSt=TTmg2sRqF5|
ziLE)7x#xNS3TCGvv#@tG9?k8
zbPIxbAm}}56&KHH;1Cr8nL$8PePce&_DZ(m-Uj!RIn_Z~p<*XzkRoU3na2r*YMkWD_o@H6HPV#j6JYuld)^dD=HU}I*_U^;G4Qyyk
zOJQEm$JFNy$_a7k(pfOdWY=h7-ln#AJPcwgE4j!>l-QMKLrB65O0JOWHoou1DH0W*
zo6e+kk>z)#Ef1}YJZhVK=GK2#Q_b@k9WCY*PUfuMn&Fjj{z87P^L;fusWkXF#ztwF
z+2O_CJ#eOwaKWv`W^vAe$#&=>K3-kdF!5)9rOdYoO?j#W+^wAnd<-N?)!S1sI=+Ow
zahhi5A14+l8EJ9T`R8^2(f=mWy-a@ESLjtqgGH@oM93#RhS=2Xdfm6%9)e9QZ*;bQN{wqBwMNB
z4!aU&S^v&lElWY6*7qRxSli13g-DhS&2v4{^tViEEqFl6*ZGbef>SMN>SrXJ1YplvF;}F7dA0;JGhb_%A%+buh
z4(z%(U5Wqm&sLNWlw0w0o5I$LTS9iZI_yXEcG}jgvNZU}pieFO`}>J0zqfN<(scGL
z^!czu!Lv$rUJHfnYNGMP35wx3`{O`sj**g(Em35y>O!ZgRN)Zzav+&3`v>;^YgJ~H
z1HWzRd#&Ut*fK>D|W9
z!mu#It}$BjcE#F?!n+%65S)f1Y8YdICr|L-!E)&u?saCF7
zDthaXt;d~rkV25>41Lp{ofV;=fO4$TUKdEY+
z-vv@Y2p0PK@cl6^W2g6NQ)!>cbE(t4Y`Su`O`*e1F+R#8lp=_W9(+!N8t;z|N^}Ep
z*cOzlxhT-m1D7z&Nvx^-
zSN|n^M+g;yCmCd9QD%)(@de94Ra*(M`Zv>aMP1qt8I|kau7FXPMDa#%qILv8596()
z?i7xlQ4m4dR6V%*!=Bq%F;u09f#{^hjli_u2mfn3$2Qlj5;JJmcbKEKSk1Q;Fp$eM
zF3fRKLw7u`>ZKW9H{l`cZL2WKomgQwct2K4*Vc@mN8<m&z8WY9sC3+>Q$5@0QCnez?|~z49i^i2SWyugMxKEjjvlZx079
zwJSFW`V9}}-!;i~1n9@imRLC1EpOaP2>Q%%RM}}d8zz*Raa8+uC(q)`-^r;zGGTmy
zLF=3r`anw#RM8s0S(t^N#tXo&cgyK$v9#SSw7eAQSHQ-2G?UoGo;gf>jqINMT7;B{SWuTZG+)vZ;vevnvcvt{P_Oc!ap=R4sFbhDTqWj5kns*^Y@L5MbKKYXJ>
zQ6Yv?)(}-*&@{5(izYudlYVGODE7eH7J}n&BTZvFWhHqWLsw_Wqtevq_
zaJpRX{l7i2o;;KN3|pT+H>6g@41xGfKEQ`AHT3{Tfe%n3>
zhduEOxE(JnkHV%AB$}&OCm~Ma+CMxF?cH8bt_`zKL`!c<)gA$ZRInA|kN^htgGls;
z)~iZo5`${4E~cl96WE7XVEeJn1Z_qfC2tpdx@0*^4N|tv7={@oH?y-SO$e*{rpq&@
z+3BRMv{nyE=T2
zS$pD`CbYB-j-)&>Aa+^Rz#ujvYJrsXrRI+GtbiU9!(SWR=BdFw;i9ON#ODz7XN4t{
z?JNpK13LU!NJ97p81$~Fb^)E#x*GL6@J_zA7S+|MpnnacA?s%jcq{)RKus>t&dK@=t
ziA18Eud60!ABel<7!*%{q4e=m-48yo()0KE9u%=Xx)IJs<1uZ(w3wp~h{3LGogrA1
z3O@Mg`m>3=B$Q25d~it&=l6~Dy}I~Hq?J`W<-qjZSrx;QJ>1jbQffV2Uk;@?~!q2QGtWhH5uI^77m-^oR%cU<{Y0Q>$r((
zmm<2^O!_wr%>*d`Gnv*~Qohz~uhqu~IkCezEU2smq|>~U3Zlyj$Zid=Vq5%*;UCp$
zrwbz+2#`oTN7F1oODnJtDPf?3S@|ve2fC{QNBO2}{6X0qpVgHq_u~nrP=x~&&d$2L!l$>lt;xpCM<1|PS=ZHg6Ecg7gXT7YK*NdH+><;J>K_Ktp6I?
z|KD``B`5du%^u#wycE?uZKcs9vJV$q@EE#O+!#-@k9#u5Rvf!4d<(Fz4oi-Re&MhJ
zF*EHv{I5=M!qZ5d$8VWIBEIz(Uh$T4ZosKg&HDOKMPPU`^~UiqHX48;UBJh{AY{|3
zZ^JLme&jYrv*-glNe)zDLUgA%Kn3q9hJPU3T2Ec9yGWL6k@(ANrDhzX^s$s3rui?7+Pb5Ai~oe
zAqEu7=x6Ed!+u~3jgxe$5#+OpmSF;}gk9@)-IjY?n
z_X~xm5}SoZXEexi;0#D#7P$xq$z(cXG8lZYPCPxy;Z=$rYV}ss+daPkk&cCrk~@9g
z7@>!5=Z1HCIyQQj*#u+5?VQ(4lC5wi)%WS}*`I9y#89aG*quaD+pi&>b>dM^QW%s`
zppoQ-BB%~B03FGy)jolwqHR)cJ}b}c^zvRKsqDFTBp{zW(AjqBgwS@o6R2Cb{&X{OAE@>vedZ~#jE};vbMDzv6mAs{GwpGIs6Dd5OVIp59-oaT63U7
zKvokVLzS+Ew#jz_1akUhLJRRR@mp5STs~Zauo;&mE8U2YLO*7hA>q2%-UqRMm8l`4
z9#YC;k-n2{5)?w3KxJ6OL1(g3lAu{MQ8asjI;rmB_mUh~(m=aQ!Ti4hEE
zv>f>5E7`k{6kU2FM!STKXDItoOsDiZ0!3rUl%eN@g*RuI&
zF_sUZ4mIspCS-6ayQ2D32V?LtBp8dETd%N-U!?}y*rpAA-wfWq^*V;+g2pT38;t%HS^&1|?b3uuQ*|8%&`iRGd}5MF>mMXXHl
zg;%&R#mcz{K!fR=O{Hl2k83vXbJYdii%>`+7D_`{gO;VaY)pEYiq47p4qM+LLAn`qhIY=_f*HVs(LX%k3~rTH@yP$NFW?md?(=
zV|smXLws!}hSeyu*we&qEN^n+19uQ8<`Q0MMz^Nqa=D*
z>X7vu)U{-xap*Bhh`E2L0-11>v4NH&8VA=B_d)Axz|>
z!&ryhkiFqV5B*_N$3**J3q1u^Vg`Bi;hU_fv9n6VD0K;KNp@HVGA*y%omp
z^oD)1kzC(OA=_xWj`p(ph7tY1v2kyOdx{axj1Vl6d*#)p$(xEZ=DtZfRHPuFmzJE<
zXs4(AUOEccA@qDYCLvpm`)yh{!glrbBEp^2a_>JdcN66$vX#>XH0uCGts>#I7+eJRxWS1p0TgT0CGG1YYZ
zh2CR*JtWrfWD93c`FSEzn;^=2(-jthm@hRkb=c`wRq5_~10oz)wh{)${-a74iWmgk
z&|~C~x25puF_nG?;VZ?{Ar`rLlnE;AWINk1Q$k?(&v^7EsvB5Il}iD8!tp$C^%*&8
zk?CAc7T@TDyFb`U0KK*j4E-fgt6KB}s2L^cuu0hzv46x*jx^3lFG@iHg$|hLw4-E=
z(sJSL<6ca!54u@llYY4acLLFq6qaur$wJ1v(m4YG6PrrU*+wVe^HmUszXCk2S&`$I
z)XN%LWXn?ZTq)fUwjPxoxh
zz1-f*k7@g{#HA}O3+{Y1RGbbNQMdwD>8X*zJ=fiBj~z`_lB7Czw=)w3Q(AEm4?@~6
zb}@*u^2up3-P^%{J2^9L&-*CZ?D&P6h(5fLE=m`=-sZ<)=(_nhY56vm2ctOo*oWjC
z(se%sJ>qgb2P=IUv912wrfbMCn`;i==mZMf^%#v_mqEOa?}Z5f9E9S?p?$agk(&Ub
zK;TGP)T}VdlM_MQFNK`&*jVyo|D+e|qJE|5!cCRZ{f0qNHx>w!iaz*#nGSHm*Rta;
zsJ~deVm?}Bq&G~l%+lh06l#?nScpDtc+cdIC>z^(<2_%8oK3>&EDw
zvUgGLfxi`NhSdKC+O|xYoX#<5tz-y!*e8lh_tb2b(ACT
zJFrPii%5GP2-kNov_uWLV{xs3-z^n4)k<}sWlQZ-a(`!3;#V;q;;@FlPbGzXG^gZD
ze{G%Fqh$`&8B*YfjgT{y@B}L{x7A)^?hsV@%Ut=c4&bHwjS}~=D
zGHchXknL$7K2D123t|?#FQnmM?_9YuehXe4ta{)S;M{CD$6`^N9J-(n49H0dn-C87
zoM4plPf~$QZr|Kt}
z+UsG1)$cuMJc1)jcL#9hb}3BZ8!YX9vVVTaLzlJfAy_$fao83>mv_lM{5~g9>?XNc
z{a9&?2Lk1`0)u?mg{Q^ehU&-kJRYGIZ?v^n%fmbFvoIRK3XK!!F%}}k`PW(Gh}KVN
zPo_KhMyb-aEZDGZrl68K)O7U}?-Z0(_&I7WTr<-;f>fnqR1)Xx10l^^#U7#VJZ7?a
zb@Wr>Dessjjme_JOnrSUksjDUDzip2Y}l{j(rb;al_u91Agj{TOx}u@T1_s6qJ-iN
zOu6(~sWNe?I@KA5ry#?{zYAE-;(zi@z020-(*mM2WJ`D#SR$)7tQo7|vlutAas!%X
z)S^rf*e`pVtcWpFinRc$GFVr;D@LUEg)>}DS1#0nc}1vK=5PmJa9gO`bc!&tcn-);l1C2XhgIffX
zk#i<1PtKm*S)}(uUn>!k|f$C>QI+Q5TxHPF6inu3E{09Qkm2k$O=u+n!&;PON6CcN=#bZeL;3%vbmA$=#SxLKdLGkvjtflkLWf}7;g$QBXV`nKH9d!JU$X&
zdgX?t0o^eHwnKY4VIOv1cHup3QWtKyzbQNtiI*lULVz^XsV-E*)nfPk$Hjc(pYkMEyk#YF2_JsEh^N1#Bo}!7P3Hq=fP4Nks)OjvxYby
zwI05LVH@xyuX=S&3p@F47^fLE=_6D@&@`lhGx7t1D)S9PxChmmYF?P|il3T<^$iX)
zmWS`XU}>Y_}@bBeLNBo3R(@A+s^`eR6LO>AQKuggXXwwYOG8Q`XQrg
zb*MfgxWR{-Lz8^P581lgSkwW6u1q*`_L6rI9mVYPjCQ&j;vOM#x
zxWK4}x!0B7IGGk4X-rAD@5NBXg;Pr=`r$p=I97CT)>WJ>M?AIXf7J^QdXB8N?pCRK
zcemoJFX71n)LAqS+zChR{W6S1i+MhD@p#Y8E`)Gz`xtFr%td)h6lWSORx@HHl4FQ&
zf`T*aJsXwEz2f-Dg48UQ#W~LjEZQHK=qsmI3u{SuJ*jk=ZFtrAh*PIA6*dVMd&zVH%;gP^6c-WNyYIS3`p@ktsV9Qd_SNt2A#>62
ze1OxiNWG^5^{Vt3Bfd2!T9mh@C2b?xnr027?C@{Fv5TyzI*+zvY`iX_-kn^_rcXF;
zN_-kF1?8QkBThL~V1N%ik5}TcJc&elPT!wLb&ABtI?a%s#W_&bZt@A_J(Aduj9?Xz
z{aRl;4c#2LXH6)Um`jo`VP%~Msrb+vi9%>+02VxD&oq8x=$75ff<>4*zR@~TM;2~%
z?)^GD!dNN_xDU~u&}&(w&Nt#emRTtqawE+
z+!u$o5X*KeuVa^IP;}1%_W0s+A+ED<+#B8+m1o!cXW@cJKOY$45oFycYwGs-)q_6+
zzxwp?Gp-V!DIvwGJTGLbqm24scm&DI7|P)&YDc4os^}2%ikdd|hwrkmg7CTVoq`G=11M&UnKc;ECO
zkx&=9iGaCz3{vX@sOXZ%WA)0W++5FmhPn)oQxdf9n6w^UnWMdHA{RsMWED=tCPiB*
zHbEI%fD9?HWsD0kSIppljyqGS+`p~l->ct~8(rCRJPCZ`eE
zg|!PT`GM5PTHkHOs$khty8w)hLbPtf1F?@OkVCAS<}4k#V-yY$dfnuGs0mep$6tUD
z@eDe}V%>svtgvSWhOt9%Z+L1M-&`zHbDG_`$^_0RnIP
z7Cirw7nL-PB+fwEIMH(sikYRVVXJZ)m+ixw99MoHb0}*j7ZKXK@3`aR#2@yB(t`vL
zr?M|s@BY+nsWz*#lsbMYm8le8J4DEV5~tMaKHen@QX2K-7WMqYLW9Z@&Xn&p!j&sc
zpbdOoW3(V11l7xyE_P94$=^V9e)n}flJ%IpV&dpr{I^5k@V_D;<%LRXd+)Rh}h9oDGH@6PBh|w8}aeYTrt{L**)v#swnS_6kw4
ziHFeDypxyorHY!%dsEDI?`)t8%foC}J{9y=JvQJQig_gX!)jOd2mpg|Qb1{j@S^u(
zI?{U$Gm^J=uGZtX;qJbJijM(+{dv!h9H+_R0BSBpjI@1y7k02xhs^jTbs{fw)=R6V
zpTfEiM#$yhw+Ar-8BN*eE;{i(V)iy+Mz%Aews00N;aC(9VHK$FqXNyLz7X%S%GNk+*in1zIX
zDW~F;Cb~=E!vdhC6VG^>U6Lk%m!s7tt*;+UCs#5Nt}#=ca{Cid>kNA){6K;7NPL-w
zU?HU29kG+Oo_yohcVXqpK!_(N`_%^mvhwk@LBlD1F*O|{6d;PI~;-y`m;BNt>tP8xUp-nWX2uk8VaJr
zFKXr66OVpv!8iVk{ytxkY{=BC|P(=3iI|V$ol+1)}unIMLAhqK*SpFQpo)Kz6lly_^eZ{zwPG
zPZ2m&E`!i#R8O%c>JJWu>;SA0Yw#8k!2!Ee+JhL5jtbFyH0eS>PT>o);nvw
z=TPQ2Wbg9FT&!~4c=}#%2!|O{?mjqBt_ryIW1BDf4WZX#+wVnzVz5QtCS&Ro?%kl-
zIo%Cx7{v;O!X3+TkwbhOkklB;gI%9nG^g|PA_q-SO;U`FHYw)`$RDKn2>i>h->Xf7z~=F(2QEA95MiDtfwK18MFJ*mlqaoj13DAq#OX*I#gSu4mbt%Jr3g?D;&z$#du1xXS
zPYd1^+Jjg5Blu=kl^;lLW0uODD;sgC2_koBRZ2SEC|kKB11!_71{1&GDv#1CPgBdg
zauxH*NSa~&LYIU0Fxv>LH#}P|Z^zpG*|~%(3Q?oj(zr1B*NuLdp6A9Xj;)Zk4iu3@
zs!ZWjEs>uqyEHoaR%G<=wibl5R=H&XA1oI7b@`XWskSx4Q?u2s*_00%_fS=v*-?I>
zJcM#=5qfq*gFSLO>une-3qyJptusqIcug+9ZD3#LGp@Fy=~
za!Z!4Y0Pqk6$liM#SqtiaD)rPtJELFdy(at+HFK=e((z*Y
zj;x9**W0SpCVjCr2;sqNFc~{4oiczErQ4DlDXQyk_XO7Ya~eMeBM_s)5GPEC4p`7_
z#2&-ApV;x_xgP0L)G^6NZ+6t;k+^)Xhd24lZ1M_|a*PxOt+aLGyuIYeHMTXuNt7tK
zwe>FhH8TvFQPi8I3Uy9IJ#+KHq1@he)$vuly6<|%ckPbYR}Eu-iv`n3y?l9wv9bFFwDrfedTuJ
zs2^#0jdzS;J!E#`MS+g6rjIXC5Ok+keWLu{F3cY`$q(EovPz8fSAr!?|Lwebh*Ioq
zl75-yczSG@L!_9dbNoYg5@%vC_{<`fcE?&4i{80G_I?z|;#y8e1)T@K?+A?fPIrL9
zgQPB5-~Mq5tn{H19!w3vF3{Dv-9|QvYFTnp8<`UBU1*Jd(7`k!C6kY%N;e}e@iSer
z=|C}Amc>o=x*TwInS#AdpS(Mb)|F4&MZZM;X(dowpWzbUo&ywKfXn<5g9kp_E;+Xa9Zc`d2I+{|4(3+2A?x
z;+1JgBk{WJ{rYq9$*R7{7_}`IvQCjKrOJ-Ez9u{HX}4l~hG2jzjp!
zV-StID83cMxGKJ**6B`(UX+Ez@>uqjM(=(2A4Mp{^WCEmU6w*Tcn2G7Ha@@9qomwY
zUhoh2g>Mo;DwpInR{KLiLrlhFYUw`3Q1asL>FD_kS3qsRh#V3Z>(5+y7+HfG-E*P{@5w!oy
zu%IC76-o_!Ilspf3mlA<_BF*fYC-f4ced!Ba|&ZKnq0zXSS-Jh1Ol2=r`Dz
zHE+{*>Lrx&1zGhE)QF@Y-w?l|Z7EqML-hjjEm?2gno*
zjT6*Z=D^!6&L8X6Jv9cg9FGynpg$gj2XJ|~9B15f^CLwV*pBH?Yb!!*UxL2*@BtIw
z!g`VcZ}nAOcu(jsYWH9)%*f&9uJtu6iXwrX2d%0^JQkd47#lCf{&biw70i<9-tLU$
zl|Yltz;ocf0v%>@x*=*iLjWXi%Y+z~_Y!57P9xaraCA*4)8BYLjy7g+NxJ0F|DDl4
zf9KumUzWsUPTmi={(-dK+s$*U@Sd=#empNLo(-fGjCvFRW%+)y*ky>|`7{m(M@K?O
z+WmY43FhjS0cBI@eZj!Jj5XNaChRfmw3r-N$#6|Z?g
zQineV79z9cm{RI+Bn;v`OcKFMd;-6@4F`0`5g0i-Y!2C&d_NQgZHdkpv07}im9OY>Pbr@S)^PA}HFgzwH4ODKhs-I$BD3u4
z9QiSr&hQVwi{s}HeYiKoY>gUhC9JVwf@7PJJmZDP1=eOlG%vx(z9K#~&(&1KysYz@
zxi}d&NDDcDzQuKi)R04J)gee;oST^$bS2>M*=<2@>}w44<
zeg3==0V*9o5oB7VWNN?w0000me}RoVdjR+u5p1&yP+4C$mBo?eRZrjdvqt*+Abaxt
zy%`of@cfv>c{e1`A>5Lsm|%Kw6f?#h%MU;9bIombeiwVeF|XWT-dk&b&Lr@&C8oq!
z2XGAs+o&3gE^&@jopl&D0ek>OAdXgd3JM*e8!w5PuUvtCZx{1GJ_qsTp2!VL1$q=%
zMq|O#3MXhw-j4_pY$Fo8F9s5iP?j_6@2vUjAKnw8oG}iDH#kbA-!1#BR*ccBHYzts
zGmkC1AYwJ2R&*HwvzD72pm*33wd1^~aOpUEYr>L|!ICVMZvEdT{1@u*9oL=XQ=;e16-Z#+oHqQfJb3AT$#oW326<*mbH${sK*
z!@g(M>EiQNc5A!W$}~x29KX71I}kLCobR-pkkiDIBb7kA9nU{5)YHAlv~0u?W(m&cS^yL|Y|H1LJmojP+R}}eO*Kx6iWT5me<5MbyOo4RA
zJC(0DDP0;n0mk%&h?Sf*{VAfZk!ehbdr>q@!WGt=h?c>UN}iU3rwqHx^5cmy
zm(HWnn_6YtyJN*2*J9k&Ao!Uq
z)EF#z)=Q#mkh;cO$4RM$@u743ygON;i@aO-Aabygs6ie-P*Y@0|IiZP^)vua8};Dn
zFvtIDOWlGYHd_~odPbv_@EwMkY`{By3Z2aveZzc}g0&Ny;uU=C?)4gl~Kf#cK%2?V_N3tWjq$LFe7
zm>4gmxRMvZSGQs}yprruCUlce}!zol?D#s6H@l7~Q
zlWuIie<9<24@}@L6rc1iRqRlhAK6o#M-?NKnoV0`{wGu^6(|c*TG~oFnV8Y&pG@)&
zD<}d+iWG@}XBNCEWMnsF%|ecz8LgxM#F}=qML-?@VUK@}XY?Yul8mf7xnn
z;v6P5S&8qwe}1M25?panCjM_fupZfn+|rVH9!vkQSw}-&r+yibF^IH(GFP5?DK=9b
zQsjXX6y0ygnhccZ@zp$@OkswgK#!&a{_L#p2%%%XA6cfII)YOLsJSnwu*f+p>0bBX
zg5w*>#?P>>vr$80iuWw96<7M#+Sh^r`kYz;Vndd+j~0FxC}wUX%tF*PD}ng-evW+D
z_28`WlQYpiU+>=jF{F4~;-JPV^UJx<7pEfx<5Hzf#
z^qbX2S04vxz6AHk*UW#35r&ZNoKcc{JMSx23Y_JlmftRPV5nwEvgpT&a5Ef*yLNc*=
zAS(SB5w|4+N_6HpiUmNp&%-Ybn)UlMxIyWuEwiV#oj0|ecr=`DJx`S5wtKFSGPzYS
z@l%Xn3~srA+-ks_9db%gbz|ud%I4bOEIZOiwz$3e^FX#apk-!*XGC2va2YHgt3|d7D6%d5{`3
zwWl!8$BhUxHY|2LQU`z3rmCD4{IloMzkA(hsTulHiaj$52h?%jnS3otGm-Q2bejDc
za1rUY0KE@!qzy(22IV0IT>bkh{H)L#TJ1j#K6f4CV71kN=|DA7)@^?F6r@yuZp0^h
zFPQL&Lleb65n220P2Qb(-YM2k9XJd$UycWS$Y`ct8dgJ*_`VY>H
zI*#B2-oc^q{jMAeI~wSnicxd7F-fi>$oOn*2MUbk=RR=O_~Z;?Z>TAR-x)b?<*1CtKyLKHwEA
zUZodsj1gun_@HH(r#DG53+!@SSU#Ka2#^_^ICB#-F>H~+lL_u%h6ytrM$?|x+PsKlj+;oe!aI?O+1Rrr(`kej
z@JJ%|&Y~$(Mjg}iV%X()3kiyl`i(NUpMD7?AaP0hGemMq)Bm9JqECmM!?*Uc!W54A
z*FkTXLgUIqa|mdOTnwmmH~JNw2!F}LjCB;jy&UD~W#?bGXGUL{7o_duGYJ$DmsrDPX_+Dwhi#&upNFE=O17j70?HHw1wbLppUVxdE!bJo}!~yFnPF>^n51b5uud?jTx5Yv7xvO
z4NG-!9f8olhKgsB;Gw$1P7^UXq4?zq#H)@E`K$IG1oiNks;ESOTgh;jiBi4r&re&j
zWXX8(RFV?=O)7gv;XWiR9v6)J1^O?vF}qd2ns9U~c_-HN1@m^UllgUVocgs^!k!2+
z0ljheEOi_i(28(}DRj5tI5nm*RvnE*AQOPI;peyUs=xC?1YbHcycf>NZ^t*4pq*VU
zj0Keu4TBhD?NI&+WeB-I=Ggt3Y(??~vM)yY=D9_oMrmc7>QsF3NHLE(_{UMh|4SS-
zcR|7W-d6AW1X|WF9&dpE*U1#+
z>ZNB5x|(Mf2|9^)U%I!-+@3UGJ8}0
zagxTvs|@sTCZ6|2Cltrs0RncMaF#Ci9+Fjj4rU9#tH(PEZdjrkF@Q{dN0q9})N7Ha
zAN1O0xJG|ZBSNlNJBS145*E0UtjrxXLKhv}Uw4zgr&18VVfpsd1#l
zOfr*(t*s?z?VZjXF$g8=05lclWE9m}BsK>=N&v^N>tqUn{3JPdbHJFyRAh@K1Y-fk
zz(B1&3j7pE^5b^e1TJ{9UnrJlC{3ux61^EYS?u5}|A|*|%Ek-s`seN45pDa$F({o2aoKuJ%zNV+kfMn_LUawqoP?G^?e#pP))&v
z(ur){ArX`nO1S*tJ~+YWr^8h#beJ1xIlq-=P9KP})lhP@#@cG-e@xzMihvC!BBejB
zs9iZy-iA;a_ERG;Y4RvEf|pVkdsUj$etyceaAN0DX;IS-f+gP@kfydhIm7yE*wt$X{+
zW>mp+zNIxfGZ$AuV$yQuEF00LTZ*b-Z%DaYV7;kw!ClO};>%jKI}?0WLBD~&>H{QT
z?uvP?F|-DuTI5OnG%P-bCW0OA1}P=A3*AAe2&Y!+W>lu@^%rsLK-43+_{9{3S)M3ONri(}fUqR6L3oSdE!>16
zYj~?`Z~sjnK&6HzZZSCXLGXu`obImYcMG*#GkMK%8g*NN`fV$p-8RG?6dmE%z9Ds_
z5)2HJHk*~blrmT|@S~5kV!?5Z9K=--J3w%;bLX+2tcmZ4=hM%t23G(?2GKd@xW>|Z
z0r^zg($$%0SNlhQDVfG1s*f(Uqx0!p@5->#z9%yWgFFa0bND0ylxc+4A?K8|
z^8l=6ayLSuT3gwurm;KdwZPp=x0ObM0^+XPJxT-xX14TESnQz
zOGAyuL%2rl*+g_Rcn)8!#lQeShJ2Bn!z*wu&T=K5VJ~x39Th$J7JG`B9_qHhKK1Ji
zDkxz@tV5TuZ<67ENWdxV4et9Fpj-PQ_F0D&QD^UDbuRrnY3WKA{51aaJV4EpSXSo@
z8Xmw1o9*P1DqJBU|AGYAq7~7u7D15!aJstr
zi;9JZR(VJUNE#-?AJ13@8u#cd|J(_^8mIWe6xMnr97BZf4tLsKJOG4+49uAZ-W%Ti`>w~HS;EzZusy<0ou$w{yR@h~(``^h5#Pzo&2zWAZx`nZ
zKo^EuFx8gq<8mWS7c9{1!I#}c{dG}!#a(Cy4`2<(ZF-i~%l#y@*WUId1V9M(rj6G<
zhy=UP0+QOIs!hClAT=G6A2Dyp>dvZ4RX~QWP-k4Gdo=xqFvsSpwH1$Yun@Xx!+i8#
zxfgeK_It|GXbRY$Cab8nd1mg0XZ!BEYCH46PqI3A*S+0GR4_>@mqXG;3rzzQ6h)j@
zrw>W3eF?p{%{D48v$V^&7th*5n^6B0eJMw}f47;b7_-K_5}WR2eAPD#|865vSWDd@
zQxrK3i&(ifq$&dxH=od$rHmkZqvzu&eemkkv2h}WaT~f=a&oQO3dXOLhS@s4TPuq4
zxu{(Og#WWnG68>D>CW@KHCjc%+SSo=XS7v-=<-z`Foj99K{*uvHL_&lS1zV7Ch6L^
zho?&l<2u_YTfe`g(orNxb-{2UuyDJa19@KWu*4TuO%hu~G!J6_F0Nn&fr1}lmRJ;xO_p($?M$2Hw7ZK2^j_K;emBV>NdHLJgVimr)V
zN(^y;pU`>NiKQ>VaSv!j5FHpJFItZBQLs^J96yyV9~v?E%h
z{+htwE&F@f9dtJR*Uq|G8%}>tvS|#Fbb7AmE4fj2ZH8Jr6Nkj_L5)AptcFE2OhGmB
z{jots|M)FMox2Lg1X&w`1L;uvp#?IiqV7UL);}2g1m)^EM;X+8MAJ)NjR9PGt&=N_
zYVSS1rGld+usUT%5K)QuC?mu6S2Z!h`p*J%E>2Whc5(y?0dQO!bYH^%7%bppn_v#{
zo|50KNS?D-vnbN_{|i)v7&4xxV6Rkk}m!L<(r^hlK;vB-|GiGP?87~
z(%A>$cTOdyQ%@>q0c-vRquN~%sd|MhxA=}mT!@MIF0gqolx_&;H65gnBUAm
z4-B)J0XSBU#+tw#6;P@Bs1C@>|4|nzm0@@lG#buo=y1;LqQ~6f7(|D`xbUlt*~_8}
zmPiDlPkcnAHBtEaG8YP}*}03ECH8N9|8`=L&*>Ki1i#?z8tS}NDN}EYUK0jb)YmFW
z1;~YFYiQ>vHXZm2=DuNmQRVbZ06%m=(Az+zk1URtt>gbO
zB`^mdMe7Bbq-*82>O+XrI$NHZ}9CAw|{a1b4+&h~?58b>r<8
zc8rsl)~a87GrMU^Hk(Wg)d)A`Kc+XJIM)$bwK%i>?Rp9SaZtMvx{HZ`RwkAd$FAadD~a36fq
zu#$Gmv@X)onj_a%rO$n;m1OQ=El-VonT>WYi8jE>zgm1KxYRt$aiCv|b>BHpCug%;
zGcZK3Yy+@=*>>~!;|nbT<2ns{hkr++J#sXy&&p;_Y=&=?RsR!KhT?zX3-{4NAp(j_
zaM9(PZZmCjpxAhj6s^h<9HMpHL4Uy`@#Cc;$d|>gtBgFt-V%-UbTduEQ-_V==C^A;
zN{Kifs7$5U%R`2#;(CfPVTi>hKVt{Dw3ne8!VEI7u)Il0sIZX0SsQaT
zf$(@;p_44aw4&HYx%7Lrr*aKo79-s#d1bywai6T5gNI#$k*5S47FmL7**QVJ38Aqx
zuU_rb80Un~XAUO;BUP2PGgm+QRKi_MMBI==G_}+9udEoZvKI}M9eSU5nb*BsTYgvC
z80Z=|@~fidGH}-*WR0m92B)EfgzZ)saudb~IJR7;R=nmK{`%Czj!$&y(HaH05yRbXh?H|T#2Xx
zr!;eoUU50%>n3~RL-saFuN*GR~zCV%1%^)i!z@^$gi@fGnpUes1<#_Ky}2U^hL
zI6hzvcC8_{${Ub%IT9O~SpuEvaVNWOe<9x@4=mgaEC_kib=V?G1fuJ5#)ub{9o$|o
z#XPj+=I)Fov01?+?+d8YNPDvHqQUqb*R`e
za5;mjavRP*`i-Ngvz=h0CPn9AENR0hE)Nlrt@Ey+IWWCGAr%V<32*IGJ5VMhu~WE5
zf)*xt7rNzOC<|WFVRaXcla%d#?F$N*qj7R;8%!=6bl~i%G^(dSl@Frgx$2TpMi0GG
zD3L=jTO@8^1HRm#lW|}Z2S#hEGsz_6Jzad=+B^;7jBxw)*2suI2W&up`vrNOE&XS)@CI4f=
zW%cc*+sc*45v?qvE5e`^oQ7=(9bxO!_WY?g%&L&Lp)$q`6{+EH<_j%xS2%-n83YJ=
za3aLbWh|cemQgtOwfen!yzs%gXLlpPO`nOn`vG&Mmfgb+$I^47z#rqw=zYCN@u8cLIxCV=
zIy@d?3bW#0$efQD$gH$ycpox7hOCOinjMf*op`%krnrzJS-B9>p9EF*k{f%smRW($%eJrFmQbA=0U
zm-Pe<0L%T;tv}ht_-c#9)Vlq*yuHI)E_e=uuXh0-yvh~v1@j&Rfn{2-KdhN;P81RN!br2l`zS^o!@Tg@zFSApiUPXz?Ig
z3x+R@`@4fA(3{4ykO@@SYq?MfdxNyBwkTPeR5N@Tj20mO1;3tsbRPCao!=!E+asAf^2BS?L#u7*X)EkTQ-Edble$>
zp{z@`w5AqDs;?3kJ96M9jq5N{9s>1d#S|q%~)T-h5n|>*Hi7Xkd-~K>8!%k3tlXINhe4Eo+12#6hT8<*iFV?ODo2izX!D
z%<0q<@{+Nx{&RB{mCi^_I@TSNAh8u&d1S^f;f0`dI=q<@Q6Ans43QVdB${R+_6m+h
zvPeUlCbulav1}o;P1osE4db}Qu+IQG9>X1;i?+(LRT=}yH10m%q2^E=v6o~Yyn~8l
zu-)t72Nv54ae%iZ5u;trhy+^*{8gby)KVx>UGn+QZ5!zv5@KPlzeX*w~beH@Bv-KH*
z7X7YN?mnJ#-L{3IZHFO-vQ;O_RVT7Ii5+3xf6#OcY&$|etfoVX;}x8q&OGj37syKG
zDU1M?|AxlW@Z;?D3wr2=HxEyjEsD!!U2Yj3GYaolTOBi27ewhip=;AFsq{{ILP*G=5DSR
z!cB09Q|Xc3GYo?)-|e9+jKd29idS*Xv--c#dc-0#AN%5xi*T2!qf3}D7z1APj}xEdHp(QPIUCY{72ke?fwmo>^-9@u=!U>4A
zMqxv0gLaqtc|RY{{|j=iWv5-AgdQcq!o1~NPHtQTNEn03L28sb_f31chn6_3o8(0_
zTC27MGrfC^B%DUF<%r<@Qd=Cxj1PtFevu$Y3?U!hYMqw_8-c=4l=l+CYb|Vhl2m2$
zyAYxYGj;tmubrPZVu^9!9%n#oVI-;8$0C@wIN?Z(x&jHQ(ub!~+wD?K!CkE^qbs#*
zK6}!x`g}EZaK0-hQAlq06c(h+av_E`A3Yg*Ji&-=NLV=y{{WE&Vx*rRQ{{(S{&g>0
z?M~?xd*)$xVd@nl6X*1nVe$T4ki)2cH%iSHc)1~{R0PubrXrtvcDaNw_RoBCTjsZ;
z0h?E+Zvn+ff?8_r{ZS8VWk6k}2#(@s-S?dYvW2d}G_*1O#^*=2hk4P_>N~FhfoHj3
zJ2utmSSEp}3TWe119=wBJpPLUJHTP{GO6xYyCCj+49b!Y(eWuSgB6H4Qhx$BCj=gx
zg2wOF%h@;AnZ_1ShsqK@4hcmOYV;LfSc8y-)8$Ob>mqT>i%BQs;-YQ|Cwz5|2ppEo
zkig|SsL7)JJc_vpPzh;y_>>(SsJNh_hpgc*rAiMe>N;;JFitSu33d2bl|+y#aW|5G
zI}mS|>_ys7#&2cI5^{4|ttR`DZY(mxxGsNQB9$xN?2&1h$UcW0U!Rk_NLQKUbIU;Y
zAC)LelC~6gOTVEev*Z08+*ngZW3FyRfgc@niT&$7I6$~!|#@WGjA)oL>%DpF6CkC4jw)B6=%lblj
zX!XQD!epgzJWZ^=!3CnUfzrBfWJ2Mg$+?Z+{H}QwtRfQB!Z~0V5M1o1vu~7ol~*!+
zchP(y(G5rMlLziQj*XFI!785+3kS}QH}Bf(scfh0+Q^NU4$}0MSqGstnEve8CbP|{
z;1kID1>=Sfu*n}%oDuntBNBpcZUs?`lu~@s+D@r3O=R|8J*gR2>DwZ~&#jMg3B+N`
znpL^P14AGO=TGD~CBp(qp#+oStv5VPG1JInn+>PWLDh9xYb5RZZhZaKmNWA7CXq&Bh>;u9MRX?_rNuUd
zL;|;jUwWC(XO({6c`WhUzy}Tg&!=8b@4lWRFh!v_bM^sy5de?CI)&VL*gdo}B&
z?~gi@t<2Lw8v;_kBZlVjVX74<(HXT>K9h|X+{*_8iv9*Q@@88PcieYju}FBfK@FDG
z2jIbrM4;W0XHbYpUs@xmrbIe4@R5Di6}ikuwH~SdiV--5@s-G6rs3ksd$$$U!h`j_
zwA^f3eVi6?Y}_2@Ag?VD%b$n3j>fpQ&@2vm>*_RR!%ZC!yiuf
zPuji)#-iX(Ryq7rUVm0wt^cO%MlnFg1s=AfjHnrq1{5CHo2x`2+ql^|z6^QS3nG*f
zXhnD2H-+03WQT*MBxf4|^3>rO2z#q9V!opDRh~dF)Ix6vej{e1m+;6VR^*lWcH
zw-%I#i)0YoVS9Z-wYN2%)Y*s3QT#0-Eb+$WbsLz3huX?mJdT(i(q=O
zHY>-Fm;@^GYNa@M8n5X7Q*MznuQ)h*?9y(Zd+zI{m$)m3W`R&KY4=HHQRl*7Rnk0C
zYBoujG`;3>d0wZ!EuFC$!fmprGiUbR-EdmwkWa^94I}szSTS=B01!d{vs|Z&-@bEx
zwHO_^O)H6GxuQ44r)LjHAI71YMRS-D6d4LuiPaVc)R`)FFhdtI{gLxTl53Yc#Ze>a
z+ItvWUWA*
zhZHx-EGha+R6bzmkjZrJc>mXh(LKZU8+NjU4))H0AWbYx|Ghdl;|q_$7R5Cr;g32wMP@z^!e=B}H?TA(t4JG!J@Rfm+}yPP|zQ
zH=vt>V~FyESpu_J%^KOUf9JcL+J>bLgRH+y73R~>I`O64Q1RvJKn