From 514bf752766a61507e15a8e77e5374d1325f236a Mon Sep 17 00:00:00 2001 From: Martin Bremmer Date: Mon, 16 Dec 2019 15:59:42 +0100 Subject: [PATCH] Added some security documentation. Signed-off-by: Martin Bremmer --- docs/dev/dds_security_effort.md | 406 +++++++++++ .../dds_security_configuration_overview.png | Bin 0 -> 47873 bytes .../pictures/dds_security_overview.png | Bin 0 -> 49342 bytes docs/manual/_static/pictures/pki_overview.png | Bin 0 -> 72469 bytes .../pictures/rtps_message_structure.png | Bin 0 -> 14897 bytes docs/manual/security.rst | 646 ++++++++++++++++++ 6 files changed, 1052 insertions(+) create mode 100644 docs/dev/dds_security_effort.md create mode 100644 docs/manual/_static/pictures/dds_security_configuration_overview.png create mode 100644 docs/manual/_static/pictures/dds_security_overview.png create mode 100644 docs/manual/_static/pictures/pki_overview.png create mode 100644 docs/manual/_static/pictures/rtps_message_structure.png create mode 100644 docs/manual/security.rst diff --git a/docs/dev/dds_security_effort.md b/docs/dev/dds_security_effort.md new file mode 100644 index 0000000..d554749 --- /dev/null +++ b/docs/dev/dds_security_effort.md @@ -0,0 +1,406 @@ +# DDS Security effort + +ADLink has decided to donate their Vortex OpenSplice DDS Security +implementation to the Cyclone DDS project. However, that will not be a simple +code drop. + +This document catches all the work that is foreseen to port Vortex OpenSplice +DDS Security to Cyclone DDS. + +This document can be removed when DDS Security has been implemented. + +**Table of contents** +- [Definition of done](#done) +- [Footprint](#footprint) +- [Multi process testing (done)](#testing) +- [Runtime library loading (done)](#loading) +- [Hopscotch utility (done)](#hopscotch) +- [FSM utility (in progress)](#fsm) +- [Port DDS Security plugin API (done)](#port-api) +- [De-Serializing messages in DDSI (done)](#deserializing) +- [De-Serializing security message parameters in DDSI (done)](#deserializing_plist) +- [Port DDS Security builtin plugins (in progress)](#port-plugins) +- [Port DDSI DDS Security (in progress)](#port-ddsi) +- [Move configuration (in progress)](#Move-configuration) +- [Failure handling](#failures) +- [Multiple configurations](#multiple-configurations) +- [Example](#example) +- [QosProvider](#qosprovider) +- [Data Tags (optional)](#datatags) + + +## Definition of done + +When this document tells that a certain aspect is 'done', it means that it +has been accepted into the security branch of the cyclonedds repository +(https://github.com/eclipse-cyclonedds/cyclonedds/tree/security). + +However, it is possible that various parts need some rework before the security +branch can be merged into the cyclonedds master branch. + + +## Footprint + +A non-functional requirement is that cyclonedds should be buildable without +the DDS Security support in it. That will reduce the footprint (and possibly +improve performance) for applications that don't need security. + +For that, the ENABLE_SECURITY build option is introduced that translates into +the DDSI_INCLUDE_SECURITY compile switch. However, the usage of that switch +should not explode. That'll reduce the maintainability. + +For instance, the usage of the switch can be minimized by using functions that +will reduce to an inline function that just returns a hardcode value when +security is not included (otherwise they'll do some certain task). +The compiler can use these inline functions to do clever stuff regarding +footprint and performance. + +There can be other solutions to decrease security footprint without impeding +on the maintainability of the code by inserting the switch too much. + + +## Multi process testing (done) + +To properly test DDS Security, multi process testing will be necessary. +This is not yet available in Cyclone DDS. +See the [Multi Process Testing](multi_process_testing.md) document for +more information. + + +## Runtime library loading (done) + +The ddsi component needs to be able to load DDS Security plugins at runtime. +These plugins are provided as libraries.
+Loading libraries at runtime is currently not possible in Cyclone DDS. + + +## Hopscotch utility (done) + +This hash table is used by the Security plugins.
+Both versions on OpenSplice and Cyclone are equivalent.
+No additional effort is expected. + + +## FSM utility (in progress) + +The Finite State Machine utility has been introduced in OpenSplice to support +the handshake of DDS Security.
+This has to be ported to Cyclone. + +However, it already has some technical dept, which should be removed before +adding it to Cyclone. This means that a refactor should happen as part of the +porting. + +The related DBTs should also be ported to Cyclone unit tests. + +It was decided to just port the FSM at the moment. The refactor will take place +when trying to get the security branch into master. + + +## Port DDS Security plugin API (done) + +The DDS Security plugin API are just a few header files. The ddsi component +uses that to link against. The implementation of the API is done in the +individual plugins. The plugins are [loaded at runtime](#loading) (when +configured). + +This means that ddsi can be DDS Security prepared (after building against this +API) without there being actual DDS Security plugins. + +It seems to be just a code drop of a number of header files.
+Maybe add some CMake module for both ddsi and the plugins to easily link +against? + + +## De-Serializing messages in DDSI (done) + +DDSI needs to be able to (de)serialize a few Security messages. In OpenSplice, +some functionality of the database is used. This is unavailable in Cyclone. + +What is available is a serializer that uses marshaling operations (see, for +for instance, m_ops in the dds_topic_descriptor struct). + +The (de)serializing of the Security messages should be supported by supplying +the m_ops sequences, message structs (if not yet available) and some +convenience functions using both. + + +## De-Serializing security message parameters in DDSI (done) + +DDSI needs to be able to (de)serialize a few message parameters that have +been introduced by the DDS Security spec. + + +## Port DDS Security builtin plugins (in progress) + +No major changes between the DDS Security plugins in OpenSplice and Cyclone +are expected. + +The DDS Security plugins require OpenSSL. Cyclone DDS already uses OpenSSL. +However, it expects (or at least it's preferred to have) version 1.1 or newer, +while the OpenSplice Security plugins are build against 1.0.2. There are some +API changes between the two versions. This will take some porting effort. + +The build system should be ported from makefiles to cmake files. + +There are security_plugin DBTs in OpenSplice. These tests are base on cunit, +which is also used in Cyclone. However, it is used slightly different. A small +porting effort is expected (i.e. let it work with cmake and runner generation). + +This means some additional effort, compared to just a code drop. But it is not +expected to be major. + +- Authentication plugin (done). +- Access Control plugin (in progress). +- Cryptography plugin (done). + +There are a few sub-features that can be implemented separately. +- Check/handle expiry dates (in progress). +- Trusted directory support. +- etc? + + +## Port DDSI DDS Security (in progress) + +There is already quite a bit of difference between the DDSI codebases in +OpenSplice and Cyclone. So, the copy/merge of the DDSI Security code from +OpenSplice to Cyclone will not be trivial. + +Most parts of the merging will not be trivial, but should be quite +straightforward nonetheless. Things that are noticed to be somewhat different +between the DDSI code bases that could impact the merging work: +- Entity matching is slightly different. +- The q_entity.c has a lot of differences that can obfuscate the differences + related to DDS Security. +- Unacked messages logic has changed a bit. Does that impact gaps? +- (De)serializing, of course + (see also [De-Serializing in DDSI](#deserializing)). +- Writer history cache is different, which can impact the builtin volatile + Security endpoints. +- Unknown unknowns. + +The buildsystem has to be upgraded.
+- A few files are added which are easy to add to cmake.
+- There's a new dependency on the [DDS Security API](#port-api), which is done. + +Then, of course, there are the tests
+First of all, [Multi Process Testing](#testing) should be available, which now +it is.
+When that's the case, then the OpenSplice tests business +logic have to be ported from scripts and applications to that new framework. +That porting shouldn't be that hard. However, it will probably take a while. + +The DDSI Port doesn't have to be a big bang. It can be split up into various +different pull requests. Examples are +- Extend configuration XML parsing with the security configuration (done). +- Extend nn_qos with security related policies. Fill them with values from the + configuration when applicable (done). +- Add DDS Security endpoints that are non-volatile (done). +- Add DDS Security endpoint that is volatile. This change has more impact than + all the non-volatile endpoints combined (done). +- Handshake (in progress). +- Payload (en)(de)coding (DDSI support: done. Wrapper: todo). +- Submsg (en)(de)coding (DDSI support: done. Wrapper: todo). +- RTPSmsg (en)(de)coding (DDSI support: done. Wrapper: todo). +- Etc + + + +## Move configuration (in progress) + +After the port, the DDS Security configuration is still (partly) done through +the overall configuration XML file (rest is coming from the permissions and +governance files).
+However, according to the specification, the configuration should happen by +means of the Participant QoS. + +The ddsc dds_qos_t is mapped on the ddsi xqos. The ddsi xqos already has the +necessary policy (after the [port](#port-ddsi)), namely the property_policy. +This means that the ddsc qos itself is automatically prepared.
+However, getting and setting policies are done through getter and setter +functions in ddsc.
+This means we have to add these functions for the security configuration values. + +The ddsc policy getter and setter functions use (arrays of) primitive types as +arguments. The configuration of Security is given by means of the property +policy, which isn't a primitive. To keep in line with the QoS API, we could add +something like: +```cpp +typedef struct dds_properties_t; /* opaque type in API, but mapped to + nn_property_qospolicy_t internally */ +dds_properties_t *dds_properties_create(); +void dds_properties_delete(dds_properties_t *); +void dds_properties_merge(dds_properties_t *, dds_properties_t *); +void dds_properties_add_property(dds_properties_t *, char *name, char *value); +void dds_properties_add_binaryproperty(dds_properties_t *, char *name, + uchar *value, int valuelength); +void dds_qset_properties(dds_qos_t*, dds_properties_t *); +void dds_qget_properties(dds_qos_t*, dds_properties_t **); +``` +But this is very preliminary and is still up for debate. + +After moving the Security configuration to the participant QoS, it's possible +to have different configurations within a single application if you have +multiple participants. However, ddsi only supports one Security configuration +for now. That doesn't change by changing where that configuration comes +from.
+To solve this, it is expected that creation of a participant with a different +configuration will force a failure for now. +Until [Multiple Configurations](#multiple-configurations) is implemented. + +After the ddsc API has been extended, we can decide on what to do with the +configuration through XML. +- Keep it. It seems usable: no need to change applications when changing (or + adding) Security settings. However, conflicts between XML and QoS + configuration could cause problems. Simplest seems to be to only allow QoS + security configuration when it's not configured in XML already. +- Remove it. No conflict resolving needed. + +All the Security tests depend on providing (different) configurations through +XML. Depending on if we keep or remove the XML configuration option, a lot of +tests have to be updated, or a few added (that test security configuration +through QoS). + +For the loading of the plugin libraries, properties with specific names have to +be added to the property policy to know the location and names of the plugins. +As inspiration, fastrtps can be used: +https://github.com/ros2/rmw_fastrtps/blob/master/rmw_fastrtps_shared_cpp/src/rmw_node.cpp#L296 + + +## Failure handling + +Currently, when an local action is tried that isn't allowed by DDS Security +(like creating a participant when it's not permitted), DDSI is shut down.
+Mainly because in OpenSplice it's quite hard to get a failure state from DDSI +to the application. + +In Cyclone, however, ddsc::dds_create_participant() results in a direct call to +ddsi::new_participant(). This means that if creation of an entity (or +participant in this example) fails due to security issues in ddsi, we can fail +the actual ddsc API call with a proper error result (there's already the +DDS_RETCODE_NOT_ALLOWED_BY_SECURITY in the ddsc API (not used)). + +Maybe we have to do some additional cleanup when a failure is encountered. + +Some tests probably have to be adjusted for the new behaviour. + + +## Multiple configurations + +Currently (because it's done through the overall XML configuration), only one +DDS Security configuration could be supported. Because of this fact, at various +locations, shortcuts could be made in both DDSI and plugins.
+However, because the configuration is coming from participants now (see +[Move Configuration](#Move-configuration), we should be able to support +multiple different DDS Security configurations. + +Until now, the creation of a second participant with a different configuration +would force a failure (again, see [Move Configuration](#Move-configuration)). + +It is expected that the plugin loading still happens through the configuration +XML (see [Move Configuration](#Move-configuration)). This means that DDSI doesn't have to support +multiple sets of plugins. Just the one set, provided at initialization. This +means that DDSI shouldn't have to be changed to support this. + +So, it's the plugins need to be able to support multiple configurations. + +The Cryptography plugin doesn't seem to care about global DDS Security +configurations. It has basically configurations per participant/topic/ +endpoints, which already works. So, this plugin doesn't have to be upgraded. + +The Authentication plugin does have global DDS Security configurations. Main +function related to that is validate_local_identity(). This function already +creates a new local identity every time it is called. So, this plugin doesn't +have to be upgraded either. + +That leaves the Access Control plugin.
+The main function related to configuration is validate_local_permissions(). +This function creates access rights depending on Permissions and Governance +files. Currently, there's only one local 'rights' structure that is linked +directly to the plugin (see also the ACCESS_CONTROL_USE_ONE_PERMISSION compile +switch).
+This has to change.
+The local rights structure needs to be coupled to a participant. This also +means that we have to search for it instead of having direct access when +entering the plugin.
+The remote rights can be used as example. That is basically a list of rights/ +permissions with the remote identity handle as key. + +Tests have to be added to make sure that a setup with different Security +configurations works. + + +## Example + +A Security example has to be added. + + +## QosProvider + +The Participant QoS now contains Security related information. This means that +the QosProvider has to be upgraded to support that. + + +## Data Tags (optional) + +The specification is somewhat fuzzy about the data tags. + +The following is a summary (still elaborate) of how it seems to work: + +The permissions document can contain the tag on publish and +subscribe level. It's related to the data samples, but don't have to be related +to the keys of those samples.
+The QoS of a writer/reader can also have data tags by means of the +DataTagQosPolicy. A writer/reader can only be created when the data_tags in the +QoS matches those in the permissions document. This check should happen on both +the local and remote level. + +This creation check is the only thing that DDS Security actually does with the +data tags. They are only authenticated by DDS Security, but not interpreted +further.
+This is only a minor security addition, because the publisher can still publish +data that doesn't match the data tags because DDS doesn't interpret the data +nor compares it with the data tags. + +What it can be used for is a kind of custom access control scheme on the +application level.
+An application that consumes data can see if a publisher is allowed to publish +that sample by comparing the data within the sample with the data tag(s) +associated with that publisher. As said, this comparison is not done on the DDS +level, but has to be done within the application itself. + +That leaves the question, how does the application get the tags associated with +the related writer?
+In other words; the application gets a sample. It has to know from which writer +it originated and it has to have access to the data tag(s) of that writer. +The dds_sample_info_t contains the dds_instance_handle_t publication_handle, +which is unique to the writer (locally).
+That dds_instance_handle_t can be used to get the right +DDS_Security_PublicationBuiltinTopicDataSecure sample for the related secure +builtin reader [**note1**].
+DDS_Security_PublicationBuiltinTopicDataSecure contains QoS information +regarding that writer, including the DataTagQosPolicy. The remote +DDS_Security_PublicationBuiltinTopicDataSecure contents have been authenticated +by DDS Security and the data tags can be trusted.
+The application can check the sample data against the data_tags within that +QoS. + +Things to do: +- Add DataTagQosPolicy to the ddsc API and the related QoSses. +- Add DDS_Security_PublicationBuiltinTopicDataSecure data type to the ddsc API + (better yet, all secure builtin types). +- Add the related builtin reader to the ddsc99 API (better yet, all secure + builtin readers). +- Add test regarding the secure builtin readers and data. +- Add data tag comparisons between QoS and permission documents during local + and remote entity creation. +- Add data tag remote/local (mis)match tests. + +Especially because of the lack of access to builtin secure readers, supporting +data tags doesn't seem feasible in the near future. Also, it's optional in the +specification. + +**note1** +That DDS_Security_PublicationBuiltinTopicDataSecure reader is not yet available +within the ddsc API, nor is the related data type. Don't know how much work it +would be to add them to that API. diff --git a/docs/manual/_static/pictures/dds_security_configuration_overview.png b/docs/manual/_static/pictures/dds_security_configuration_overview.png new file mode 100644 index 0000000000000000000000000000000000000000..24df7537f84b9d820b13c14da01e5e3e66d21cc6 GIT binary patch literal 47873 zcmaI81yq#X_cja&0;1BO(jlOTl)%uSq#z~TNT&=#4ULGTgn-l#k|N!mf;31;cMRQK zerNP~e*fS1f7ko2#d@B#ROUYSKKtx_?d!VE1Su&<-?{bR78)Ab9a$L(6*ROPNHjEb zH=LW`Pu$}l;h>?>qRC2#tGeoMCgBc~v>hE6&V3LU*K9RNjkB# zDsh~WpnD&20|Vcs1WDb-u%ag-)OzNF5p03MQYD6|b>kgpAjZ3|KCO2mcZ6cRU#+v% zn7bvdCBxS#!_O6*M)D2RT#kmEHh$4z-=&1m$}@^#{GUHq4E8u}@aD17H$=4P|NBP? zlckTJK*k62pPy7r+`9Ai-2GN!#g4Da=^4-cZ{5c*@YwUe{ot8QLCyMO%Zaj_w_I-< zuPUaX?NnT5J@<0d^AmP9@Zjh+JHPT1^K`3K$k_D}mfjV-!e>iSB^Co|eh@d?0IlP` zBth=Yp5J}s?ct)=n&&4wg*IPxDhsBZM)e%lbF#Z)H1u<>FODbQ#?I8c%k?JkjO?7& z&PK27%~$64C}McwDj_Z&{~H&nvJoN9%SWo2r4_;y~N9hk2E{F2Nm@u=?=p*~Jn z1!R<9x7lp0$Y`+CT=8Mo_l)OdtfBRFpE37keHMgL%CyLFBhdc&X_XKwv`IS^+^Ktw zE3bnS|IXuVf7xoeP9^iD!%qE4*TYy{dV&OLDks(W7#NI43pqePczK8QTjjKK;^hK) zV+8zQ#k6Y(eiVF(%Zx}>H+&_yH(Rvz4)1Bl&jHra39})EvV4O^FDrld!3^1WQr*(q zW5(`St1U_Uz5xZZ4ZngI_IWLSial*OeKQW0oAtDmrp)&Iyeo#an;~2%tw-!)eIz&A zX0+}DKFw2nprNluM1 zq0>xlz&ZW+$!AO=IS{I1y%*pACqr=)q2)Os5=>v|$I~hu0w=(T`9*y*J ziw|+OQ&q(!wnJI39`~OgZN$9NURvX_8ZF4*7q^+nojdny87nsCUS9LCo58Hu;BU=< z*V_$+-sk3ex}C`PRy~dQ?3+em!S%&w9lOq|KPU2`q|%MmxK$Bmt+#2hCEowUge`qIDPBwS(o>8l%_GCUZqOARh}08?Uu-FG1W@ z_AahZ8Vi4P7UhtgS}OGCQ)N#qP1 zNp;qY??t=IbvoyVZ}R=ao%Nkl9E?IgnyXdmuJ7nH@QCZ9Lhl@?X0`$q|8~`4^a;)& z#oIbM@9TpUwR+|x$4?W+;bq3{cjE<|zNzMGt9g=CZI*No&o*A}%N>2et(Z$0QV@J~ zMTPxlKE+|V3#&R4{wjzl6~aCcW?m}$Z+Qw1@re>FC9ibeI^SaId!+#*7<$^jVwFb& zEx6Ikk1M{l9p+YMUG3aB>TE`goJi6+$%{%XtCyZKS&~H5dSd=u(5=n4rkG0$i!tHD zzsbHp*+RNyH(gV{|3IunZz4$ovcJ~oUff*>5e22I+oO(ihh^yF%%);#{oEFBL(8@; zpKY_1pu{uXlg5kb9Wx1@3dy;*nwFwS1Z;TLXm$~_k(Q275N%>dejE4hmWi31ugX-6Lc7Kli zx0FTGqH|9OO!>Z2wx|tBWF2(FIvbFtVJmgmCK;g8tS|Vr@w6ztDe*Z$ZgU0O%B@Dr z7rfBBvFp0cQw#e1F2N2dTMR)O(7UxMp2u4LLu?$0oj*R-!sW)C&q$GWtjH|BcU#3q zA+X9lwI`L^4W1WExrGfXxmz*>yVj!xYTka<4cCx8@Wjq4=;CkyhKG!gIp*NSP9wWs zjiWLRDedqc6vuMD#ee-qZ@hW(quxZm{!sVmt1;v79DIy&s}YsSM`axWm1vkE>c0tf z-aUeY^At78To(90=Sde=Y{_n_N_m$noRk-bv3``iWjHkN~1Y>aFh0q?`TDW zdmmj!1pb?8vSP342|9bHIi9?V8mt;_(T3G?BWCrE!yy-tmmiSS$|tP84FXh%)C zUsgK11PBV~*U@#o8pusgwdQjeHcE!sNtuj3-I`b)d$e9n=FK84z5T=6T!()YeQM6_ zqd<{W;8neX`{cBG-xkjNIK6kRq|?dz9YcNm#Nt`49rP0lp4p|$^z!uSa|WNz0ZY>< zYE1>@@yPZNy_#^2W5+V*&3G3)oPcnAg@MZ>Y_ja@vPn}Z>&kX=8j3w)v6RN6UpiKz zBF8-pW*9`rD~o4-!Uvj`?J#WI$cw$6W?nQ80x^$Uj2@27>g0K2#x$aJ&T*H-sgRTY zP>ug|?g*c^7=avDheL|2mFk-`l1p|Orrn=q!QorJJm}XT%sHYSMwOuwtC7b?B_Ute zaFk-gO+r>ZhC2luh&#x{*iS}!#4!d4PFE7&s&dpTikwM!%DRDJtn!kYlB!(rNsa}F)Mn1^Y2TfXuQS6fM)Eq3QOP6Y=8~=zj#8-7sqgxMS@Sg zp}6K_*_*aoPEtHmFXx{Nn0ApIx#US0_3xfEoCuc-gsu+A%DIsq)*bZ0oRSn0dNU2f zx5+(8bRLz(+djFAK`@U~7hrLs8Q*v~D5v(lsCOZlwLr%WTtanZzWS?8VN-AfzK)nHeLVB zz5Ah;IsG44XwU3}e2g(dH?JjV)Pi|5aIl_RsNTFA!K8rrN4 zYl5VhlA5^th0@hkq{6B5sc+w*;FYiGEDOgBeus9PX**UVzO_Ro>Qz?;iXF>Do0Nn! znsRor!Abe3KCwjDuQhYgi+G2SRzmGS3B3l7v(?9@vVQ?97PC*26TvpfZ%(MpsDXFA zAt|*^q<9~`Z#R3RuG`@%9q1bD2*SK-L(I81 z*WuomFZ8{yoSX{y=n)L%cGKFDI6sv2M)h3unm3Kx{yxl~*=I`*qCn(6Nf>xH#7ai= ztW!}nqHjo1R8PQVJFhR0T_O#_j_LGE>lx-;SJ;8Y9#&Woh|(^m)$mukjbHhTXW#sH zg2&jJ8omP<#09Ii*b@N`-)!9 zg zJnc~YDdXf7{fw=QXwyaM*&!&f?M%!rq`spg1Qud#2F05%2p?liC+I97vPg2S=#un_BL$ zu78>PiCvCvwZqr-M}05m7uzxw<|1C)jl6+7Ho7NI@yLLz9$mndsx{$P09QPATpP$kq596*kCJP3HM1~fQ zT4bT3O$dQKGA-n(ino5fTX`_C&&VEF2h*&pw#+{V_bH}6e3|s@Am#UySbet~2ltai zmcA<@V=p2O93@P9NQBrv&TfOeeu_m1!PlKOa)W4q%W_if{v9%vLNV=4bikCPHe^@3 z#aq4igF-lo@dZ>rG~L&>ivm5^r|yfHB;#B>+KycR*Zog>S0}Tv+T~U`H3YAIf0BDT ze+#bPQA+e@AoXP=h=V}WgpP(^uRCUgp2d_aOM;YL<(!Dn#vnn@*%El5-wIxgtN})7 z=?O~0yDJx*gdqShS|}v({vBO?FtZd>o+b&pWI@;sX^PhAnZ*c|mZ*AGGC!g1bho%r zgvCu&!?F)IMis*Z*1xt;Nc{V&0JBrOtJv9)qP_35X$MuBgQw zTp!eLhuuKzoCAc@spx(Fy88Nj<3NYsn&Iy>?i)>n%IZAL;^%HB+ewz_ZSa?ZQD)43 zVmZM+wc9mvc8yoZTuDB(il8-RI2chqvxv}j8c`c8vwS^Ebp&?iwBdR&T=X+*VV%l{ zyHsvUNresP--JLaJDg0rbk8;W-I!dirTc+3(Ez5@m`5vpf;+0b=5nYZUf=}Y6UW*0 zO7pi1fL<+es>7q7*FCkqDzrs%*1H`&Rz1p#{r5fP=Dy>LMlXg5hAjw{3(I^bmP}QZ zL~G^$^ymp)&#dQ(UiH~ZqG!lPQBuMy#72o<;B}Gn+D6jmffasR^>2Nak&8jmoH>ol zy>Rbn-y7IB*?lxV{R>(tC45+slq8G<@4#E5F+;b@p6h|D1CXSZMid3 zU;FHz8JYilHN88~-P3cqD`q)Tnp#=7+;wlkPrdyr55Zt{2r|P2{0*1oAY=K$U38D{ zclf^U4`dfvU!5O0G-HvQNCgy-+cpKC9B)l#%0@A*pKKJ=J~bvDD+AL&=tsL_x}BWt zm#oljoPS^alZ%P$6`~viuDPf=vJ>~C6ZKH4rR$s*EmUrc=pOxvbF9i zY-MJ;8LXs#Z#Y|_s6L*sUIu5d3r;C7vS~#14{;IUi~%98f72Gct_K3SRWEyi_Ywrs zCkis^&8^W_8gu|4F{`+c+o6THNT5<@#;;d))yrf@g6m@?rXd#4Lc!T^$SlC1 zM6>pUqetnK!`#lBnx=ka8%1|o$j_jZB!>C=Ut6)TVUHVKACzj-A1xq)2J}$vksoglko}?-G}V*Iu*wnJQV|_QqI1HTO>*&_ za}pBWZzra=YCbUiCrcm%Vu#MImJZ8^?|zui30Tw!=gJ%kI1}7+K-9n#uc()Hl3yDH z<3`gaS(v)5Y90&|{F!it{@mNc2Tj_CzuqnU_%3MZZpWLC6orq5#h-3jq{j;H*&U59 z2vOjd-ex}eP4GfkEf$=C`x?wfmv4leHpe&%9&0}R7geEEXi!7!=g?$9R4^HozR}Zu zh44*(uP;DIv-KTyRbL1C{BG~6)(fu|uq#9)E>JRHZ%q^%2WU%H>P^%K!lHN7Q^2?? z&DpB@`}#^PagNErDo1sv8*+YM*~I&}G^Mk}A8(N*+4MgzeGf&^QOeL_`l^tkd$m^2 zbbl1Hv3HSf`BpkAj8qPRWuNcy@j(m1KMakIvm#FgCHN=C!2sHxKH!iKRxnl2p9=|K zes}jNvf@OzRY`FKm7_lfWN`!_?#DJcdbQ4!ZKd-6VFrU?VdzAGA5iD8aDlRUq$hCG z^Ws?TqGZcrD^McL`*?eL<6b_Mxred0%hO8d3rc9!0)0FZkvK3>zEKI+y}!=Mkn#dy zD0()W^Lj*UF>nC{0x3Yo77OWDr`a5JUvesQW~NT@zJ@cE2o`+N5lm`HgLf5^{JR3* zD%?77bRNraY4j~J_3noxfVCWa6&!Ko9DV+5U0~r!KiLWNS6c~;c+N9Ekr4KuS%5L1 zNshffLjfZVqNtGa^AibCDh|$!<#F{4L{Jwy08iiQx^Q@lWjSX3@^!yH!%p|EFqh}K zBWdB>W@-OjgL`uSAxJx3q8)5UKY9&9uOLHv8+0>{LsvH3))$~lLkbK$k75L@0q>eW ze`{gnpK~pSk&I(AULxtdJtYg>4kF`@^ua?9M!S25NQN4HCU*XOsnGi>*CF5id@cJs zX>0C(SPc)tRGnIO-5z-iQ(Vw_CH{8a+oR0CPuoQ^K-YBuzY)M1s1fyVwLGO4gKp!I zb4Q`I@wcPlGA5z5!3W&~kN?8~#9>~8>7*Mlw19WJi${d>0yMMR!uoO;djxZy_whA8 zzx)@!6X5#-BC!L&O5@-I*WHp~6*|y19}D+7X9a=QWna(Zuq3kvm|cYPgysKwU0wTT zto_>As{+^7Gie%6MnGqfNz?!~vfl(Gcd{7c!`BBZy_w>EH)S~koLw2k2;TP;9zgD1 ziaN++0sA>0$JL+W3LJSNJ+krAWn>Zy6FFI+^v^rA!QfGTT!4X3Qe;jK_OGT3a%C=LeYbm0@uCK z9vB}V@O;80W@4PV;yz=vq{EeXVF&=zAQ;B9Dr~f#VUf+PEq zh^ws#X(Amz3)#`zBbQz6*PU$m@Ud11MsFbHWOvCUSQt7XoRe=LU!73$F=>C5$^)dtW;NizcvZuOn)Qgsna5Eyrx<9j-_9qK>eYXHYhNCI|cmQBxGjC-CKpx1-BTk~m zSl3F{K)R_Gq=%5Re}1g?%|2N{<77aah~*x7-P_HHa=H4qx9@XFSpCYoAI}Ey$DE9V zT9FgA!A&f#NSBU36}#-{i?@o@F|M^T{JJbQwfmb03k*u33zYS(a8Xg?Bf!ZiH-Da+ zzll$1Gi&&V8Ysk6&(r)ObW}tex|J7rhfMN$D8l<{!@!}3vt0=xjsDEy{emGz)I)f1-@|fqYtb|qreYUyrXhIYIhoP1-gYEhe_x8qxH%CJ$kyhD3uA&%wZDP z6+Jv}nd;qPz|ognb_XFLFi-(_KuAwJH@M}Cy}pEz8vS;dG$-cH#L`R2`IG_JN!w1KjTMw=;s|U zoV&IrNH_FI{XIB|O{wC3OTVuge=|!{!%en(u=?g*W}XyPW2^0qqTc0@whjJ_QtK9O zL{l^7CK6BLtkCO-6@Z=W&B;nd%Sv9`iRfy3&`!8KPVF@ifFpQd>BVdr7ZjL|%GYiW z^c6yDtaUMUIn)CmG20Kl;>%$vrV?4BQAGZuBb; zPRTPs&gXHZK!4od@AtlbJvVXvgW|2sXn~%vQ3mAX{iAbvaVAU6Jup~xfDyC%9ynfU zJ2apF%-U`8Xf$rn3TMFVz8>mH1v~TL-Y|HZdAEoKAxcsGR~U?Q3TXYYAx~>$ByCZY zFq1K;$s^;-H*VgJKygzq;|yG;osyMQ5biA`o>{3;&z^{@HjV1L=Z7i_y*wKLvM z*QgcL?Z1Sd&IiEAO_l%w?9W=$W5jH!xj&*|ki+7$LXC}DGEMQ{C6i&WY7~(42!;dc z#VV1ctxl`shqRF>((|{l40Jo?ej#|TT`Ahh11x%~87n_*{LcVn!C93gSo(z1gL#cf zK!D$IwBKI^!nfp)rv2q^z*OmB`Yy!%Lp7j19U#|tHTotl!Sj~v)^k;`?vqhJuQvYU zK+tZs;$H#<{K>1O2eNtpdI1u7d$rdl-!`(jOhE&{#I=%omC3RLv{*G(3oqg{k;Ocd zXuV21y~bE(`rklMd8{b3_dfIi&&$WEUn7cfck&@!d*5;k9F`M5=8jj{oK3Cw-^3nG zolW-GmsPy*_d9%DaeR?KYZqdv2+lP(Vq+v1=`IA{x-p#$j*`T7-GRb=0Y{6OA2jD{ z(=M}WPB+(fI6jou6NmjUsLuR2s=J81%#4bv{LZ@x+& zYH*}yLMi!GI3hK2R3t&)y7x^;Umk-oA_*-F9e{*bL&5$Cx)&Lsze|`AXja-Kc>vt% zaD9d($BO;hYWu~|eun)vT$H_^z(l9QrV~dNCkjm4oj}?xz2#Vl@q^u$Hm(0H6%>ij z@VU<6D52k4=PG#d>qY0=tMS(AGiBz$B>nL;o1X8k_{S7zz1EFY%iL}7v64&u9pu?U zxlJ&vFoV9256t{WgBe4LUi-vnGbat?Ri6Qe`_;nNYyrFm^t@pgbht7rvC{=$Gh-6%YGesg$tUm9h4uj3 zfD_?pT<$&#e(r{AZ0*t~xnZ(sLIx=ub^6}@XOht&hOgNhPSXr0Z;`H_fBM#ydTeW8Q8oOJfq-hwKfNy5Z9S*QwFXEx%geC_ zPY>vB!B|%A4t;MXLDq=c%g2rL=5=f|4Ba-Q5wRIx#I_Z`sCYa36q)3r|Klml!w{6RHyMD^8Q2A1VZE_y=3jBmVatkkhW5c5InoFEyGy;!TpYT~+oIX}=p<0wxURKw zUz%h{^ltS|!v&Y!miDUki4G1ypv=(GJq+#V;!sS@!z`sAhigMIcVq+%0D&~JQ$&0`MvYa&Y{X2ozs{R(S7!dNF{Owu znO3RXmLPhi{qB{^)HOzmITT_bP?2;^VKJjsY6!f#Sw!VZRMK$8QRnCq3?+z&x?Dyy|}SMS7N@ zsK2{vf4_DAz++E^dS40Q{*V;f07|P&mO_$tmMV^;5T^CWw}$~#&YGzY4BXZp^2GIm z{)h49(2-DgoPx)SaZI}jzyl>$jNNd#Z@=TAffPj zIPQ!Vr&oB?uAn!oTR{Ec-sO0$OW`xiK?yjQ5h>Z5o+omnmcg*f<3t*=rjcIBnLhK% zHWK7{x_=bXFYLZy#V85Vj$zC;oNs1rT8OLUs8O%+`llbM?Idwij&Rm)A5fC7-o==C zP!7<%-Wmp?)kksPi~f`sdSFh zzoDP3>6OBs+$H3*JM&21G9|-zYOQCmss`g}iu?d^lSVrkn>I@!HWTP}EySqV?}=WG zYJO<+^A=?`SKN2VVe7(r^&eElV-x-GS%YwgncwV%9PIsBMeBfEQ2?Hr?UEpvJ086R zTODN*M#M4^Qs5^dDx})^2yR7d>PybsgaE4&1ycJA)zHbc};6&7^e zU&c+U%7@>E)x8f2Ay_$EIF>+mRX0{Y9h{o=IQV#L>BGoq6*2RgD~|DqN6UNMDPwAU zeZWvO;2OqcX%y<0*o9*b&$N?X0d5UenX7ZL10kl9bqg>9df^@-VVd_y!&FcU$6LD91?PCBQ*l;`o z>vvt5e52SrE(;Lugv!TV)%7aY1qi_)t+H`Yden_57K zDdgV0On466j*Y9l%-1egF$jtWkmA#eRLvbZo0R5jrM$Y{WMM)6rUMgM&Olh|LS0HW z`hoYzDICtL*9NV2h6bb#u_DKIa!+Cw7vp9MZMTh%N{~~bm~Zi{Jg;mkr?ZZA1gSDt zNG$F;3&faCteGxP>0kK^yX_QE1yMB4!{4jH0tEw|%3eut9n<$sPlSur0=%xc5?Euy zinP1j5=MdztM%GYQ-_I)itw(g?Nl8jCZQOct{5u;H1#QZg|`E=_}lOCE#8Gtjgm_s zkP|R!b;NgnYU4XJ-iP(8j?vl`!blP%r%*tM>8D>7MdWwHJ!ZUrdzKrt3z@Oq@*qJf zD+yKI7LD=}A}dk_7&B3#K`yBvnB$DkX*5=Rgm}d@O;eubi}9 zrljw+$$eesY8y~*W&1fuNWZoESfVK1ePeY_!ERWAu+53YEvm6zdQ!G$VoP#%9sjn4 zUzkML?>;iP-pT7Ri!HM&=Q3w^8JyR}mUI!v z7ep5wgj2-q)xd>SHdjT?MA&CNE{%Q$Ie2t<&_ps&7cL7FKZwZpBN@tm@|yC1ji^@r zUReQAJ>vFP@ig69c(^3&zGc&~DPHF}n=|z~SpLtSt0HNxcLUZ>zkq?_tE*s_c{ij` z8F4|$_1OJOGWNtnYThy5zISDQqY+}!n1{(u(K#B$=}#I}yMhC6dwl)T_ z>$=qJ)0Rnf#m!i5@Yt?KV!FSab>9(oDq8`XlWtuSk@%la#=b9Q38%)iq$s2VpX*0sM0Q!_iR3Z=Bary+-%QT z>OI?HofMSX1oChTPLOe@4vgcp@t6y)4N3^+(!v)yZLx7bafC?;+Fz~ZyfFjxg#E*a z!i)Wl!bUR81BpYkjH8Xw+>XjWBI>HN=qG@=^{%Kcez zcpx|61g*UKF93|S!+;7I03(MmlWsm(xt9QMSR$9`=Tb5v7JUryZ8=1Dh4vUTJG6lWtwv z!6;XsH3?E&N+$v-9^vMC2TV_Egn@s9z8LtwgFe?F!NEiM;(e19L?3G{zjEdiYeCg> zT-yxbsnox6@BH+zYx)ua>r;NCBPwd%oA8jmZucD}7%!|I>SCLJhsL5v>M`UM8T)`q zS?IxoHh4s22V4M$2lcXZ{$e1Zf?@1SujBq~ciErqrdDJ-KFcy=JH6xn)=vtHr+;GD zyip)&a=qMCK;==Nk0e+B{Gs;E{p#_|eqzb97Xf!;s05wA!pxw_xwFw9b7xCl(ur=% zg_Z*vM>T1~eZn$3$IKf5juQBR8UI2c!xFF#s5f$E2B0B%f)8lZV-6e%tWbO0g!eaZ z^gECprRM$A<3&b(b-%AK-lcQz4)!~8pjWvrm{zIhYpVcBbZrjO|47*&QuvahP-v+~;>NStV5uhIzYS?Z|o84So`o zT|gW(R4PZkho|)4c5juy4K}~{_X~lOCMlV*#XmU2@I*wMu2;?VEk?+xG{b-8@?%FDY(`;>;O^g@B6mFFg7t@Xk(pdqZp?}nD@j*LZJbPobSKA7NHa#DKrp$s1gb2y1Vze z%|a*SZWF$(EoV?f$zLL&kH-8kjovZ^+B4Q$ZMRPK+~CaH^3nYD`=h|r)C8DfV~aBZ zQ+40Hw{g+!N*t}ZttZC4)GLuyvC5J1>iqs>U@}X;kAIeY zvKQui!UJ#>(6SQ#B>MqcJ!Z2{tW(x1j-ezG##7rM`c#|nczU9f4q`>2NG;M|zrFv_ z%QL~Gaep8W%PLzTDLQbZv6)9V#1^2WT7qh{0cG#OIxJv>5*@oI+f^qDG>4-|QW(ZRZ(s

3SKt>w6Sk z>G|`06+#H^a9_h&;)dNonm+=*5-;-d@mAhgN~80ZwpNwBQGETmz0-Fq(}d&H*O*ly z2fD0Cg~;w+()H8@UFYYAYv=N-p^H*Ez>lIT z`ON_=6VUT61-GuVh~L9OCNHBzt#Fk%HDZ+B-h<#T4Hc6naluJ1V+=-ff!fu4FrS2l zE#~hk-+ZH2TW&p1ZL&;B*1Y9$ez;~;So2!wMy18pioOG^zp~nUhHMm2LkdrRy8k#z zhD8U7IZo*5aW`Y%%G<8p;vXGd)W78>p{KpgBkH{0aQK2%7>-8=fUUHk$St0o{&;R_ zxXOHzAFyZnV73sUY}2Y@Gk}}4 z>o&hvOm{drI7%{ocIYi+IwF}BLL1}~O-ee4AmYQvfe((|pw3m67Z)`p~MZ`0Nk z7vi2JrIin5Ud?6W?Q}=rue{e!ev8VFWM8GPaBpC~8cdhQCzU7eKYRA0Iw)IO^D&@S z$uV5XzYmOSb~FnbQMOPzgVA#B4j~-)^p}BktAFVS^+C$jra5(?8806ONRagvP&=bL zQH)YIKN1mj%Yp>Gb2Cd9efE} zW>mjltVeq%h@MufK0~9{h;+IxYJ~5s?8Awvh$XVH;P1nZY!i@Ir(cUqQ1xaG*tt1( zQEnfU?^NEaYDhgtrS0ITXH{ViIPlcA=>*jBG?fd0w?~yW9Y;ozZ=i#Sq3NOoA}BNq z8k3jDB1Wf%4g`Zd_B)xo)F{}4WMWt~K7-3CazM{4`E|NgIs2`2cz)mi zebb|=zPmz(lQ)d+`ffiIk9(1t7z8-UYQF<;!DsPDt_-aLMjiWNhE7$BrrwfXx|mw0k(V%o|bk0@fwdqbbV~#KP1ft$hdhd<0b? zqi+@P(uIcD7Pjm6{fz@{N&pFgx3gnN=!hni|@T8>R><*J`if@GgcEv&Zjcn%nv_k;9C$sb7M`a zM$z1~Nq^R(6DQj$cj(lptUuk#pRicwmi*6R>^pt|AfN?g_FW9uhhWQ>fc7pG_KXng zLwtbWGg^7DDi|^TcRrUjV6Xn45Vk1LkGEFF%1-feCqi7bh5IY46rkHs0*HzA@YhKB zI1cd#yf*jh2=qbR3GVwYcgMI*IOniLdgZjDDKK0v#8wzTnicmSTFvWC6PZIf(U950FPA#k9DC| zSKfPdn3@Si$y9T|wNfo@sQilln2@ywb;C^#c#AWEH#Yf+Ln*V)9N*B$-}mg4p^4wu zOTix!GM@$-U+6u~=YTF_jCri~$sdp0t>N>1@FthUsCo_z=+e7Jus^!_NjQg^#*%w- z;5QIk5@b%zfW;G#pW>)W+DbFR_;G!6b@Nmw;4altMwG(7#mB%z;qfqeZok%LE5(9Y zVTyH5~W_hN4~q z>>H6dYL}uxxY+9;-YfCu8Nifbb)f~Ws<~oX(QjKl5XV@fD*~4Z%0JqHy8QT;YOV9u z8_wi~DTZHPnbxYNCx23AkHBCflyHY~=FuJMVtC)@opT|IAEBtQi(v%OM(n`pznw#N z1o2b8p1R#f5Uc?G?FljMXtz@jmkKrZcQuYtfEJ*WPuy{qxFG85xWHcX;#a;7 z^GL2nco`cBk{T+-DckOu5!{{yE_9-|)&09Vf;OSeY&zxPcKB?PD~U(_p*a{4G9^RE z1~cWz*~jApP+<}x{FfyK4_bcII4Tc5Q5Kw*y374;0E55Df5dt0bJ)dNXmb4_efV&; zG@k5NvhFDIe42r`e;lNf`S-ZL)?Hdc%za@+31u4ORZ9pgFF`Sm!`Hos7)m~bL&QRj z0qH9L%RQFJP)I_z3C+i3&!ZGYl+Aak9XjZ~NqIUxxOU%P>f8rH`L{+Ih`kt9jyf>W z=6&`D;XkVOItlEBRe+;2&S3^dDgX>*FnvAxiT{)?&$0K*8%|0Ue+}kyJc0+PT=Oyi z%RvY);0p%zB=E@1xbM`<+pY{)I+JKn=6skf%`7@zsuB6WZmta|x>0m}#Vqgq@&9}F zfrZzTn0-2?Zzz4WpuqH@7<+m7|M4k*N;iHyhX*Y7x{(rECv=gM0tZ<_R6(-fiAx^p5H_|UbmAcI6nU-c8|1_#Cs}!hm0rsb(-H)bLjENpB_Sa zN`W?W`tWCosoXfw41)C51y5s*r9f? z{V-Z@<+W9u7{77;=IY&cajmfV#%yC_nZ>~K8ppMTvj?cm4GeDrPDqn~{4J-CjXJUD zBCKbECs zq{)-QVT5rK*X|da`3YQ5>W*cP1s4=LOH8{x47%|?y`tT$LsmL@fm*8w-F6A(6a^)u z1{7{)83edIsnHe7p0Z6CL$GnOGs_OHZFFniD40w9F#Hb^c_5$pkx_{Y01+~CjSJFl zqeo+4h4^xZ-lIrhEjZY}T#8bB3AzpU2gQVEvcOc(l}C#*h*bkuy9qGDs{m4dH8rT? zUj=^u_BUWXw;l)fi&z8@KD*Qp8vP#l@zTvPb=9sUSYzsN^e*{_BvSqN6?rw2f@8^n za6)rE|FeI+0DB;n=v`*u*|(_#o>^fgcYhZ?0=GIIQ`FgqL@AP( z2EZGt#M5zmmFY z?qH{Wjku`iUB6Tg%}ni&wXp@P+1L<(Akp|Dr?gQNtlZ`)o)zu6@oW^nz|DvIZgtgh zP?lL1bX*m5Ho&Tq-pP(+j4%YKo_LC%PQJSmHK?bRI_M?<-^%I%8vC})%43H2Z9s<| z?mF^3nU2*;;>BWmr~LeDvio+m1F-GjhP5W~+9nVctlVPi;?+RVt=BqjWT|HYQ8|CT ziI*zR(QdXu4-j}l0O{qTZkEKK7sqkFoe??;*C*uBxKI{Re{}S?M(_7RTL{*>d#rJq zYtjh@P5j(bHLg$dSrqHfQgG=Z_G;Kw7P>yMnKZZF4-M-MMohjXGz_+_pD zw;W%0x)5Tz&4wt-sDD%E>QyB?_)Y|H)(mk5Gad)8;8#bZ+z;vKIjGZCNwVfJQQrv> z#jHr?AvuamjAhsGECaB-&&m>cKZ$(;^Nzg34rV3WpNVs~q08B{0eO|$e*>og?`ah+ zL$ocQ18k(14CyMmIaOUsPD){fZTnYkY2h%_eAtTDanD+ph=%!*2{_D{3@~ zKYP)UDpL2Ny1IOE=a0j~TMzZ64{ADegS*#QgpMt^%wPBA1ta^(kOTqeZ%?PmbZY9q zPIl_+rL6t(`iFaqiG6qN%He(OVT#{{j%_dLX($XlYBBxtc1M;X9l3hBukP}`O~hMx z{$(3b{j55N-s#hJ&Ok@(y+7)ieH^DlaCxX$;qZ#A!sSH;)Uaaq$%}C4v={8jTq6%& zUQZ%TMNf@AK5C6GqNxQ@F7y?zrgoOyfdwI%E4xL1RwSY5;(@U24nUMirXOV`nG2Ew zc7_3Z=?2bxZY*DR-3g$6ukQLIzr0V4@}ibECS_DA`BQU7frK6A)q7G$vjR6PELtbE z4GaaEBS}#fM+-I$n|kkzVnPZQiw$C?l4qkkycX)eHA(_2mWoO`{ z)NkhURPfc_TDG?hbo=-{M|-M1&xuNS6r|mCU{YYJHD8!)`bUm%GLKGe<0}!P^~wuy z%WZ-G;cV2i9`AX7aubk@@tjktZdJlltq}APCBx?SSkLzhO&;@B=X<1We>4g zY?4J-E5Fsx7QM9KgI{JuxSuX3kQ^vLEjOG_siay24Nm&qD;m;t5dUpK8Pzl_u zEDRNEH*C3v)l|7}IOc^dcJnhmd>u#QbvnN;9x5zrDXXk-ZfVKA#ps)Xx^8eteaj30 zM#HI3_G)ylr>^-0?05CIZY29QqPH4zG#$_h1X=@NY5$}+gT83Vq6 zfo&y{*mh5x>B@r5&=SCMUQ|!vXM*fx=Nd$D?O=OSkL8Y^x9RV+Rh(?C*LS+ow2G|i z*i}oiL8`DKyDMUKLbL@9KVLz`b~4*KaB7iLvX^vdRAEXKA|6!&HN7E_QTNYBx7Z{~ z>oumzMlJi#P>S{G8qTgob~SRU)3_Pz>|(lqt@B8GgHr|vP^6tFX)vcIqHNi#UjH^> z9re%#_w|$I5b3&smY5AglYB*bFG65jdxpogQP_T-(GM0l$4qJQ&!-)&@m~X8uLmac zg~{?6o;aSpF{k7Uw3a$>Is9?3$%M*JSy9`qjC#fhCeVh4hIM9am+N+t)COTID5M}% z)X&e?AILi$M8`;&*x_hBIxz8y-0a}NVWhKlyY~i~=`l>8i>dyE3WLVVHL{e%BVTMZQv}x=l9_JMrp6Hmk zW?=h;*Rst1x*p=DY+t^#`KAgIKF0U57m29S*+W~tkTK4@2#{fJ5WNf1@_1xjG|cFH z%-7j$>CQix8h)c-@7spNwxxB<^K+G@ILSFN|H#u#t50DezOg%gWs_wC_T3+t9L%XV z$Q7d7Qzx7nX)T(=ynnyFwRpK$JiQAnUd_hk+-~%0%@9W{iCnHAH*bd7#U#K z%+eYEj5^MZHKM@nO|a%`ta|54k=07DKHe~P&tglm+zFl$ z3#pBGLPuUJXei8u)G&B1XxEbLAPGC5fOh|=Q2LWRdul|&8gDd{x3D%jGD)_9)6epm*2e8C*Y3E1Fg{B4eU#|B=+cGaGk*K&hpC9PU;O7Ywva6JGaj5v@~`v&Z6wcg)@^)Zi>9HU56bQVLd&yy zPJ+2zsW6^%;SAq>84iD25Y*q2QMvi>Ezi!8;0W?!PCYax-p<96YHqa3t6b1#K%>ZR z^a5|??^ljj9_5kPR^t*qdNz9!smupwf-CzSCcdv&C5dC^tJL-$7u25%M>%Ab`>uNb z{2UwUCLJ1s8_BdFg`ZN_eKXo3R~sT8zn9V|#nDLJ4M9PB4)u$T z=yQbYAAPbM&NZ3RZX10jxJva$I6=PbM*ie1qWJiA_3%YXPp_PBuZxM@eH4Eh#9;0P zBK>yQA>*%J_Xw+qSg?hGMPXMjx47zx3Xi^AD@<$4*EIl{P+D^Bm9!AyeZ%q>9w&(` z$}kD|3z&Ua-#fuM(C*vKvzFFYxM-fu%eUx6_3|!!BEP;-pULjyK2F3ro zc8Kn&%)lhreJitdFZc60mJQ!l_rO?2u?6mCNxT9;pI>BK<$dbPBToq%a{DE|$c(hl#FJCHx#v_ZJKl z5$?=?qO)4=Xm{)!n&gSa{wPh%_6gmc=Ncd{u$>;H#tq)Vb_nQ=#-`kptryL51BLwU zTuG00Y5|SptTyh=gt0VVPdmkQkp`xRj>U?!>UN9p9VogEzqTfHjMv4PE+RF?J&x0W z0Mid<|L1%_(j$(483F^MKZ1p;QcvABDI=29S6Q%&w^iW*VOLv9*+o7N*rC?NHlsUO zSv;rfNm7++OhO6I^$MJOMvpl&qroxyzUg+_9c$q*iM zWu?lbzj`-BcK4p5LT90HKlQMfir9YIy^_(9vFi?2$DVy9AUFHLH70hq*eZm^_~Gg^ z562`aFH=ZiQqj3uQWtFl?$z)fyQ!hfQK_ckmQnh($)rk;jSI3rX(mS(m)4sdL;6BJ z2l9Twk&=r>DeYplUDBfNWPQubhv6`v1lctV!ED_6kf%-mLs%ZW*A^YV_jRVXA-hi$ zBBySpqt6`e6yY2FnO|D)c2|U>ZC6552P781F4wq?$I&Mder}@vPwBs1p?EyyP*sB*QQJXAzI zD*gjWl7H7ighDa|x`-@BIa8!*?91NHhK28E?)5G?vT1TkgaB&+HyXxB6O5Fy6BpBd zfPGcIGm`z4j1KIn>L}G_)-W5RJ5N`u#1sDN9NvL`rG;*wAQ%XyC{#4BArH9xU%{SC z;epSChOPP_Dl>p*XwQI&A>yXGD7%)3754(zQi|K-1UOB+5w|~NYN%VIDQ$%nWZskq zG)8e90w2rBouZICfnet&Ub4uY$V0mK4GW*s+%4Ta)1VcN7yPMrFueLD8h5e{?p^bB z23LKk$W$QL*1N0>h)hsP^xn4Gf*>J*qW)|{LkOCQD=T{U`F^mk;BQLXOIP5XLh_qL zm&7+N;`SE4dBI7^ebiNNY)%w zgqtL8FK@5bZG1=MsqiGY6U@MuF~)0rXeN8ej1WE_A}ofAY|n|l?FmMQ%lL*}vF?*6 zO^rP+0dCx*pO42*fvcDN(D!QuROAUc-obvyvCdIx%*Jb4keuovIWq`iioihM6cJUb zQq4vDh0Eh0#6l7?=r_&<@C9&x09^&q1{i!>qq+4e9JxPua$+9(KUx^jBqt9&&j1g; z{Lt(J8~HPMaK7KKyttvI_UhcE#Ti`<|AW7ww23;j7W(Oy z4{l;f#4#6R=&idbEqreTEz2`AKG`~!EPKQXoQ+T2+Uc)TkPF5_ans955CMKq<9%~zS$ru2(X8p=&h?L*#CI`6re%hsuU1UX^`xyA~jv+p9lXXIn2 z7*-{m#1v!_W%AEb{*v|GNF~!bk8O1WXIpRp?{!WDw^t-kV8sqrvuO|!40MJ`h9e0m zEzC7L{Gwj6sz^f}{!}2rRM=oq5zrhxrs;Jg=oj~`|J|8jurU!8>_QOA}48e}12BLYNl znz5(z1ayQE1q1RU!v)ZA%CBW(%1uUmx_N>BYJpXffaktUi7c@>a`qXo1zW}5E^@e}r6 z?E;-j@VU8V6AO$4GA!z7TIPXcPzkI7H22o?1hC+z%XGmVLsHkMak=-+QvU60GU?r% zkw;&zAFn@c=&5Kum&6EMlWJZ;z#LxqT@K@|#dZ`rcd97swwWmKS^O z2Dk4@x=jCcfv++$p7<@hn6|(f6J2<6cxYx19J~$qs{7n^ zM4;2GD8M%UEJLqY9RfBPtm@8VSsPkv|7~0hkqpL!ot|J1jxaHqdc~B~#P#aQJ_q|> z-YAd&U!c0+luH16`!CGCWbNRgi$VzYAEw)B-CN~0lN#pK+`Bn@){BM^y3~xhG*iq2xaV~sK0E7R+cy&^^5)&^9 zBwp+!G?$uH?`1rJ7Ap9&Y2wYiT;B&w)Zx%vKuPUynjpEA-(eAszIj9P%FS_%DB2Xl z3%(TFj}O@1M+Qm&ons)K$U|Q~NIs98&)591Rkr_t`s>| zBeQ6-V<74e+no`vehC1q;vK~^a<+Y^F5DuzNtgY{B-|{EXHf$myxCmzmrg{Q8ufvs zdwiMnCNLlawp~jqM!2Q)*5%>*!q2z}ZLgw?E9_@QD>a|r?woSWp{Y1Ddf~P zO->cf>rQ5$00+W-) zcduO}`V+ED{2>oHXitU9fL8PSM)g4@l2ehZ_cBbBN1OEx)p1?}uf@m7P391hQJrr#VVyplQ#=$h4Vj4}=ky4w>#}X@>~g4pIM@_tdE} zusuo@Xu->Pq9WP~hu+qqEXd%>y7)b$4szmHy|#b9MD!4_)jo4dD45iYmTkfhnbfFH zg@}I_B3M;{r!t`}RP*=dZ|K7&W^wB&ZGC3M?p||`;ov?g17M0L0C}w>i(Rdf3>aMfAgXAw)1mx(#+}U9 zg>^=x$M5@ZhPS$e{xBX&1+Hug*GUW*tce#?uRhUxz<1PIp{Ik3lKkC3aS z<@6rdFA3){eh(};e)&aU#@&%&GW7cZaa8`;+e}U@f^>qGk=4Fp`Po}>uOi+e^*7k- zC?UHMognebl}u^6WN#wTdtr$`FmqQpJv_7uq(yolIatlBImx!ObgOr~iiVNoxAT!j zb+Qdx53*A2rK93W2rf)hIx=+KIUYh0Hz{!D(*Cb!DZ)d{vdEZ=_6)YiyiF(SD6tx& zMYeini5vydsNhH$kOQNxl5{Gixe`xQe%|FeYj10&x-r$4CCxG~+GMrg6>>yps~_!8 z)4T1?-3t^k?3p z{8vkYjP|Zh6*<}w4(DrsUkiyGb>YZ|vj@4gFR5(^`joS!7Bad-CtS59}mon+dQSeyct~IMqiB!NipzsI8GFBlvE%# z)7+$L_>}2=ky~eBMr#dS6Nm4`aaBM`+L*;%eo7>3J3>y1JE9sCuxn8_)PK!^&pS18 z4fmZPOu|mHv$CX6+)Lrv4?%@^=Srcsm2VC9%;*@|+KD;)s~(_FjVgP}-A^!s?1aYK zm|?>=*UjxB(r>=o)HkeiDlOgaPxRaiM03WhaMhO@Tz=@N*U5pkhkU-R243%%L9fER zbH5R8E_yty|F{LR^OB~DoX%@~>IAd|I=Ks=w!frT^!%1F3m@dVp9&=F?7hm)yNa1T zYc~|+a@2#T2=}1kwA(W3k-H(^e4ezF_+IpUWvkshFtpknmf6FtWq@e-d+|IQl)Cm~ z^V75EoGU>=!kKE@@F1Y_sAjRik07~iuO%?EANMSa__|vENz$?tIxZnF;(4%B zJN3tVV8iJV#jTGSNXC7?t9z7aHTLALPgWHAT;lMBbb95H8!{q#kIeN%ix*o8$%a0x zc35Mo8ZCB4sUy81KJBDDFaD(Cn*A3Dt-XBT<2<$TbOn&mdG|m2UzMcN;RTh=5jZg} zlahGieO7T`zR6=mJiJ@>2siX`8n<_?x>=mqWJh?lF2|dUsLauh;i9#7j|(M5=^1wl zobsrJU1$d^A0(pdsws9ANj!H8xL!p(eKYlRhep|+y?1;136*;D`Lgraw{uUwM^QDc zDg>d?YyB7{$3^9$dx^g7&eg5m0-dOTv;bG)tR{nb2RA>OE?pKX|LiPUXFs#Htt5bU zIwkz_>zIW{XX&tLqFqEGZ2@-H@(SwJ=XYjH4gnno8yJ(`aq2;J5A2%TtbvsIfZ~V2 zJ)BFJbJpoNeGe?U;dqW=MuAt^_!`NJO6e|Aksr=!72{E!?-j4o37f4jNJ5_S7bJ7? z_ukX=O*oXcwrx!sWOTA$(!5rbsU>C?A{sCg|240&bAYj5vsy~MZ+(Q{r*55Or_NER z*eP(yruwbTYV)AY&zaIQ=GOM{SQ*@EO&fhwhQwgKXyY`!%LwzYiEcfPB-bfo_V1Io zwQ`Lc)MOO*G+RL~q`HhmVXH=PT)$P94f}@nV6mUsAQEFNsI?10>l5nPl}sLU(jprh z>^SAKIQZb$rM~spvNrA#be{W@z7oVW^#+VTK12IubL@A^y|M~vn%wWdk<~Hk&-y;J zH$oHQ&fasP%eXFQ@$=GpjGm-J+)K551#4mZ6TASfolLVX6&<_{@jHv1E<2-ETGu=r z6|8!9R!8-F1qFsL%1Vc~<2ep)3!e_r=jC6Q5+7wO;|1Ym!JLtgQf)}oe%Bjm&xtys z?VgsXQRgVf;J%+lgo#raG7Cy2LO;NE9u-J1TwHG7uVdV2LhyWvQz))0F*!X7L-_im zQe)R9`|Rwc1#mxXszn=mTGkluH}*Ote7bT(xPMsx1e!Z*V2RA`@?(NW_U~eTxsjj8 zR!~P^Dn_v$gQiO48j0vo%TH3Ed!jWcwN^vSF)S%iBEDN>e;r%28f2f5UOh zoR8t_8c&N5E)S7v{8{#y#9_*GzX%6p`i9q!`c`Tx;&(6ck_cz#uK?UQ<9~c?4P=j> zLa~C97KKcW)rG(MWP=MugcStqR{*Z)eHk>6ccj}s$^S{7V-R|$vX6Ri-6w%($5puR z;z7}An{D^3-O=fKg*_dR#(``-5U8ivF0xNTjUoq!XNo4%p$?UG@?= z_ca5>a^{}jr6AObns4W0i6ddjWndghuXVQXC)kE$jgCMkuww@sWqAMPXOYOi$hWHH z2_pSVyEAhVp(pxUB%C#Yk@a$Io+dtruSG*a^+zE^;X>1}b>J(e5PL)J*BNO!me7PR zH}={gHs&E8w8Z4K21u>yIZs^;O7O!hH#p*NN+`*2ZVEETi1hn!7l1R}qiId0xUwws zVBA2oSo@>qcqqMi*R5*{N8VL~0Y$gKK zj)s;+C;+vh4s-P3cZiz1>7exsbc*e9N=%E$%?!zAfFz_R{<&a|CoB+{w?AstS;~!F z+&r#c?+8QPw(oMm?++wt8pV&BQ%1P;ir6kd*xfa?$v+KkP_l2@p&-K)nvh47lS9m= zp#k{T<8O+-+Ng6TEPlq!H8|OA_b;}cqW*iJl)GJ;#G1~(Zds?A59hlJ{^I-l5cSdm z>9^_r8pHU3;B3*uc!&~?p7@d;6#tp#y1iz}2gD!(30a>O>J6MRZziZSU-K-^o=Zw= z_{V8!>E%a^ylRPZMj}e<2E6KAdH6{tzh)vB_Oz|_r&0KTMsGaG`MU3v-Oq1mg&d;5 zq&j30oJpn(&(8l&`9synY+J#wwi&NsS^j4te%gf3hL23|G{z~7g@5y!&A##QL^tGt z?%t~(VGE}u@ML)R?kx)+p!&Rx5l>iTT393~4=?(YLMs2IFAM;?RxOUjN4J7XwJ)j& zX$GRX+b1u)4|5FqaxMDQb4atbA3x9^ z9Ct_9ZS|=UspH7^OQR_*)^0IJozV5Ok2SM?rMpw<uQf;ScJYkebu~0! z(xaoj1S3~60HIaTS&bSrU2KbD|S3f=7M*qZLU3NIC$$>?3lwZ?Y-+t z3#WwOk>Fl$FCpvm8*X&AIImgtwW49Wn~ZO;BHx~ibV2l`5*@x28D&4aU?3{^*`Mcl zL(5>J#C$jp-_R?6_zFNiBq8_;98?2I64$!|M{~0~=?_0|D9C;ibMJ4t9pgLu<^q<9OYe}(BM;-;v@erc0r8Lwj9C@4AL%IvSwfzPy zSl9w5dCZwsEEa{Ha{g*Nc8L*}Jwz;2n|h}I1)y4)Uj!6jUQK^ib6Dq{64ZAdH0wTM z5rnAkJQ>(Z(3WS3-(mi|awOUDctagzygs$nG_odR#X2z+fiRNiTcTYsnm+O*cfsh; zvM{<+R9>*Y%o*K(3lpj(usU-=ad@B(Q)v8Y>g*D%(?E&@sk`@^7*d^6IPJMIB+ zm6?A{${_iGIYfrWIDbb|;>t)%zTz%$E(|UZ|9EpNwq|FgdQ=c{^}(|FV&%(y7C$X^ zSh+r|OAKEpSpKtIF!)sGK4akkt)y;!iAt4~EcOnsnSwQwly@d`q+z}9&Uk8|nwT(2si<}|u-T!B*%5O*n~ z2U4OV?}p`9S}|#S+?a+~xuXYkpggkr!7-#n;Kqy~!fUcf)V$k=uqe1r&|3!AP7XXg3mDf?#Sj0{=lca9oe4 z4&e*9OpQw{e?qG~aUZ#$$T20RlPDF)BLEZNG^g~I^4YQ{AZKJDnrLo^ETv{pjJ^X$ zM&858TKNG5R=Db`>&ZYb<$#gj%3zY z*qDZ7er}7`PSJ?c5~{Gg&)EQ&7I`?3zdwPP)t8Uh5;V^cH1H4{my0TVB_l%6;BA-) zkkbmNY>4(dpuzvZ!x|C@*8ZM%@D%|$motS1-n)!fD4@^1XwNc}`~!Vba^Zmsi$KOA zszEOK?OHum&Kq!dwRQD>5vikiM0!Aq$zU5k1B1j1@YBf1ic=2wcSYheAcF zTf+$3gwp-LZc|#QFV&N&r+rq~PE8B`p&OI0Ho!j`HZi9!5&^V;(>%n)yKgKZh0PG8mR7>`;g{~OQvdXs-x;`K6JC_UU&z^4n_%2~Co}S*wt5v* zKoVVPX00@6^!)dI6t4MBRWyr5cKm5+B{Dyd=Cmg5|K_9>ceZhVo|gLWKg}gi7706g z@i0{nncEAfoV964CyYFG@ecXn;`67+i5f%+|0z&H?OU@1^@z5hX45_2cwKPs{YAnl z5vhHyw&kId``^KW{Ev(>1yp1D@YCGn&wMzpFaf4=Oivm*Ctkg@c?a!ZRsU!n4frLiR0)VcfC-Z+xPOV&re>q;S%XrvEGTl_J;Gji( zV;8oa^ZfpOz;0-ruuyi@!@N{VE+Ya&52gR8TY+88_YaGRJSD_1Pe~lcF#q{Q7Jk=X z_dkHc0G6dliGQC?iHRHz&Ei4OHgfsf4~%0Ua(itZ2e7Tb}M4icY=iZm}4i;KDqehZ#FXZDY)aC zId!4G@u!T3k*^~IaPCM5o6`x9MSAC!0zq@t+1Vb`;}m165CZQUju8R7En_DkBK1zL3-`t zjPs{|(whIQ+Zsc#XsebV3~mzKG5~0lbS6d`=~C7L5=v5w-;@72;`(yV`vk_KHyuF>$%iJM7IVut+3ZU)B*_ z0#!W{r=fYPf&ZUT2~h2&6dl-(cv=0l(CW?MMxZEPT5(rTEY_8 zVHw(0uJv(+nCVIpU((5ufmXYDE!L!A3$hzGbhV7~EFis^NKX)KuAD$zDH)wG&HOXy zjzU2xgI_$!_*NXgy=6%Kx7QBs@cNL?hS*%_JQi|S+6?#kDNT^NZ>NI1U<_!1N<*pD zl=(A}8W4`QMqM8e_w(^I^N>|oNOln49X}s=B|W3(p>hC-O)z=7S*?rf(No}OM3ccM z24YC4G=q?MU8WO$AQ4pm)ola0p+>e^qd(fE<|6I#&pMQ&#p+w>=lat4 zFa_K%XJh)d_C0n;bhxFLDpub?V&zkN6t_sA%;k{PgYmIa zLPJe`w~8aiJqj|P`&YsP$zCaapS*kS=utJ|GYSoaAGFl`$>kY%%6}=kzLgnydclSG zz7m^!4OhJHMIDJt49Cwn;VTHTTu>#Kr#|Y#amFM(bLmH^hn;|c%gk7u2X6WGg^Q*? z)i!2tY_!`~d8sE|GjaJjGMgdWuh-xZaz%;=X}xe>VE4D??2Ckq38sU613T_Jz#j+8 z4B#9=+<}!ElmKhj{1n~qmvu<>Kn42G+7om&HrRIr-}td| z@-bAcM2tz}^UF}z=yfS%Wj?rn{?iFLCbB6y2^i`o1|ExrEP^A(-0ez}g@;dI08cQx zD1J8)kHAP?hM+x_m@S-yKsKoj0(L&{ewE&ffE~djo|1Q!FWo3`$Zo_9k_kGHil04Z zaG^!k*!4fX2p3AFT|Q3vi;esiikulbc8v(-#goe^Mpb<~+wel>d5D6+ zDM-tb8$CBO1wN^MNOB*GYJr3|bC{WQU>Zv5T6F#PLRby5Ejr+hLt3BZR6w$**L8Vm zBk?rkr2W8ws4nAff0<;=CSQ}(mow)iz9=)YTkmR^3cemGeI(m^$2JXg0fF+U~Ckr7bPV! z%6^McJ{Gt-Sr;HaMjyAi35#e4>;yVMkLJZG$Azt4ATGv1NN`jdoLk)7CC#!jA@T1= zGkixAU@gl^zfsz7H-|a&$7ATGSZL9s<$l_TqgMuxAePMwmYnMVc@XH+?@|V@PGmsr z0G%9D=M)_ar7;C_EqouG>OZ=^YG}JSMLqv$!psn&0{yg0A?MH>cC(=_XZmZ0Lp&fS zl<$Vv>^uJ^+Wy)QDGMxJK=r*MudzhIU-<|bel%gJ6vv=w8Pefg>Wte7LhsJZhz8gK zeB>N_7K#Raav8sl8D=q5bc5Ox} zujkn*T&(V?FjvU_2rl_S*aQWL(3XUA*Ah&%P#cf47exv6*rf7ynCHnZB&t5o^x4Px z2nCQa3W0^J(>(&+T~!gX%BmPDqL;A<7)^S0X+!+MuYi8fu?jbRlf;l>)H!8>URK|w z=g@9qFRyDdfamp#sctE2I46kIMT;v($b0iRhSurY?5FUf50+-UiY2jkG4uFoPt&Ec zC2=s;T_gsEc=W}gnua1>2)&q%eh9i6f3awW?&=xq@1qhp%K(G36NQ&*tUF30ZHM29 z4ovBXxbhn4dRi{)Pd%pd5pgpOkQr+bbzgz2yIrk-#Y-gs?VU&gd;;rFN;5WZUTKGy*wslAS&FATdPnedX>c;4VUt1Ekb7#uY4LZ6jqao3Cq zoEdytP_=X($=~iV5x$WlFM4q$Tq2nG`}C6F4#F94Lw;Yi21dJ@QP<=d;3*m$6k()B z#RADY?2`FD7qu}YRN3{G+Y+@^?0O#OJ4@BhqR#hYRSZK#V$|lmz4TQu!(Nj((SBWs zJBrve?M~xEec{2rv^bJ7>&UcJzud&gcuaQkE}O7ko~g2?+lX-oy_vzjdd!t@SEOd3 z!r$BXuvdsK!T)nbH22)V)EVrF_ieH~r>pHBQ^}xnsDgBytCnR3=uonI#JUi8ks%5= zecs8lL&?fz)%O;zCX?CaI$y#%?yG+r4Xehl)sA+!&6<*SDP#_+JSX218#xxfn;GTF z>-a*uAbwcrwL#GJ$D{*XoKKwUW95U77QP+oCl=<5V#`q)34He?M&D7ngOAx2*_5Z`co#HXI52ehhV#;_xmN=p^vABd-z$aX=VSNH}NqxCqKr#oF%r}y5}tM zlKaNmcZs>-YM<(Sy#O`!Hp__ep~ImtW~s1S?OE)2hF zElL(^B3bEnorY64gZo8IanVoOeB0*GElqrWbkUA{YAaXPoa7~tnbNe zii79|y;pwAp-A}!$Q5ROZZVnxr zthZLGiISlsW7mWobDR&hx6qyY<5nIn+LD*QpD^?burwGd|R3C zo}dCgUn~`O+CpJjktJ1%@4?#LwuQ%%;z2jJvOYpN6TAw@>lzO;rG;N3)iPb!&4)+ z^TS$GBOOw@7iJsB*T)Fmlw)?hmoFwHt}=ahJ4x&clC%^y8vvMEVJ>AnH`H3f`il_i z5&Z_Qe;-IjJ9?n3kd_=g1I8<&Y@>iFeVV4KOVs8KOz>-|E-D(MhSJyV6kbp2todbbtPfasw;{cJX@Ke` ze^sS(UH25-RDUAM;Tz8)@dd2vV%FOx{Kkkxw%o<9Zci61*cM1cLzhm%!ckc>uPg)d zf)uv<|K(MKMNU`gJPt)Uz!5AIDVnKYz_SGJzH%DcQ*^@_Y}+jHm>hxO;VbC>msf}v35yrlDxo^LBbC!18Dja$>2ne8 zj)h~uX4G0~-VEJ_$zG;cwT&O`EzDawW%udAkU%|W`%#7ggDernJ)N%=5Up_a+}c_D z$*H2k_peQF^c9EEi}wL4@iFI`bnq1%JQ&T}^>~O{pTvwN<@M29mp8O=562tV%5zSV zzLzY=hK8 z1s|*Z6V_qd*_3UperL&vb`-0RapXaE89lyK%;17!@Qnj+_9V-CQI*{M+rzr`d;HHm z%r>GQqMs;yla^PNp>qvF6LU7*aU;J*zEjlI&F!ow&RuPNS>k>T9!^lcA7q-C=TomT zM|m^uS#0%195Gm=B()nHa%%j^r1yMiKDsi`*28V=>0|5HAB~ z&LRa2Z&tj{q@Vh#iWy#StK_F(YvTxiu@7vC>QWmxa7Z zPPqm)*HIJ`XkFUscVpL=l^qPQ1MOdSm|83A+Kl2FJX%MaBttH}d2lmxT{Nt9pKrQ; z8TNi;UyoEoqb`BUBk~Cp>Cm8s7K>U|og1ZwZ0_mj9T^p5zxyg+)Ux*dBt$f(dY9}d#(r8ejbfU&p8K?r;dp029Uhv=P(C3dmH5eA z;^J}n8ryNVkwB%7z^t4#EpB2Pf=XQNkn7V9Cz^lG-!B%7!q9ouCBtJ2dAwpAm~hc* z@N1dFxfknG!r7hZ0E~rvy`967^Hj;G78%mMG*md-Q(7s1a#R9X(=4$Y`VQlHz+@EC7xY)DC^IAOjcEd;#zRn&XMeYer!^Om`w$VhIYey6k5`mFCv- z$N~6R|E%qz{Eu;f6rPTEk?J?G?)=&MTlkFRJiX1917LK%?Xb`)L>}D4XulNy)XIq; zxC$Q9SU5bz0RVxcx*B@-o~lC?0Oq)FiHeUP>dYGwZ@?`+}n1Q>R z$YnvPhy7+#wTBHDcjl}O>MzJ|njn)|FDhXPM_93AKds)sHb>BBPJHItf>O+zGZfLD z%pZ~Ra5IoDeVGyVua^<+v=LVNU{{CG4kkeE+4fpFDqoprc#46djnpXqtAoo6Aph@Q z_PvoPF-U9`L+(;MZ|e}s=j5dX$B$0u+5ydD4Q@Yvw)UJn9Pk2HO1i!@zI66MR<@#6H((KB{abD|lTY7^gr(PM8K@l&e?)n3<1caQ z#-u^w5Q=)Nw9i5KWD9bREcTZf4=$56v)X@y^H;|!cGX~%SYFA-!l1xP*}EDT;3fjm zM*}$Sdt{l}mS$`{Yko$EWD#PA(AD#meHd1KdVjia+O zRX3zbc6HdP&l$5?W`Hd>v+ke%f@W|cODnE8?Acj*vI5Lsy2?>5d1%TL0G1gtpG`SG z-oDs_2}0@SlS?IMgUL4_;4Tg!1vDA}9DV@)AZpbp2TzG6V=j^xPw}V<8vLW4dMg|* zjG_Uj{|=ULnJHp;Xx81cE$!cH)(w^Ln%+7R4D_PrJEv>z+}7bCZ=!&uhR!*!{Ri<6 z?#^(cP(ot)>wlKlp33@_Ka>OfmxWWq)?pu1_d`gk>G^^qJM1PqQVda4BCfxZk#y#i zWRNk$BZjG{(+gSz9Je2x@wyb1qX7%5J}9SP)lY0oslSF`r$}R#A&oh_HVQpA!o&TB z`LS(Z4t*5ez%x?MZz5uke%yzoNec)RXH;Ci6anbwdlbMw#>YtMEQRdH=>8iU$mAzN z)N>aD0>1WQU0|EuZGBDJzg3b3bj%F!S)@;lL3U^kPNS#R4vath14j3uuv0ADf$##O zZd&g3NU4Q&w%7K_&&u>4LB5c(fwdlKHiyA{>bh5DGLEJsRm^Pk>?uaT!4fkit2@X;$d*8fdvCucZp{IP52XvIv4FmEEdzzK3u z&B4TsWtczY50kYBK*3N+3vk~oL>8qg(4!#*1zceF4Tvj1y=e}#g*i+P^)F1XgM_lx z2J9#UBV?cvJ5uBV=$JvXbp{PpyP9Q ziXtAd-rxC#scy8WXt1Kf85qs~NMq7_A4Q2H|L*P~xF}g%IkR3!jidF^8IXXf-UHm$ z4cq>1AVq!vC#+lUY)h$@auV)i2z%4Gj+AgAhfsrus+-SNWsB4=vSXPWC+TD4JUVT& zOTEB|D3nA|gpe6~2x&JSU?Y2y*mKd^PyqHWnJGsz;$d^gQG?@8FkyKCXVFiBzty`k z`ySmWD;&T6$X7baw%d5!KmO(cI zXa+6xWPFN6gD#T{Mfg(#({p*qxxUZ+ciZ|cy>^A$NtK21ztw@*?tsi9^SRznr_<{y z7M4|a)8s}~3*YxF`8_}3pjkLiVsw`Gu)<+HNCL8H-S1$If-71VB>#)T$;F5}bGnFPg0Tr;P0b5I&&ybd$e>L{5?d8+Ay&M7xkEA4Q=zDZHT>r2hxh*NLeYC7#XzeI} z@ae-r`2vmx{Ut|qydZ@U^{)KD(n|>LoncoEbtPK#VI9oX{(B{kCnQJyG;LZIQ~#av zDkh=jvxiN41)BEm2HyM)_#fX}E{rcax!@epyEp)m5ra^vt6nWhYV`Nwuy9f9C+?Xy z>AXKPdunTVdK0y(13p}AE`+8CypB`}@kKoVIYvdFWX<-?>rD166Tq2W0l5(G??K6p z5fiBH8#5<$soyo>XzS-_C6Mg!he@u-LRLKbM6HVA^D{=Ud$!;yU&xcWT?r1|&>Fwu z>x>XfDhOQCCwp4NX^RvS{mKbR&4RFf<3rqLNWGUMy|1G}R@U|V%EqBEvkhp|OsimF zOhCSjJ_j2NrS&L`A@)@dWzw(bFPMo=_0e9F_|6srsO&Xgjs@*y?w$VsQM*oxRe#b<(l0Jr?JX zO%}H7s!@9_)_dX%Uky?q<|Wei+E!k$hkW_@-PuM~(m}D42m6cmKGs0{{J==N|4z?O z9s2M-ajxxymWRry;oOFjnC2<1#qBpmNz;eJf)1wfx8zoSv>X#J3!Z^apk`n-WQx#i z_pf884uBvY-0}iYH8dQwTg9vwEU=i_5o?m`i+(gqIe|k^I7T$_2YjEz$1F`5X*z+Q ztK;z;nId1h@`Sr}AI>iAkdsY!qhNq7(e&O1v@+dNQI8}rUhgGD?a3ZUJA{spNZ{-| zZL)y~vyD=OyHzQ*ui%m0P^|WfFmZG zuuF5q!l$fzi;S@G)V`c(?4<|`@^1_WliT276E(qWg74YnZon$UlDtKf)0kD)eWtUT zSg=zX#6GIa|MkgmueEd^^8fjzw_0vs=9fJW`hE6d&{a@X1-rLhGth|MLKGOUQtljf z)V~`a%knX?jB z$xafmU#I0IYD*V)CgX}EHz2d|vfQ&14o}48KO~BD6-|w&lNrnU_+*TGeF*nLUGOS!Ca2_G;KXv=)20(KR^WDrtUa*IU-(LscUZ~V$badxWDLDY7wJo zx#6?h|McN4T14@6{$+4S{CJX;FL{17(cT;H-mnQ)2>e`FJTqr(h#LshY_B6%rhX zy|gS?NC`RE`IPa6r1xfTkVH^NRTY2ap1JUWH*j;EYRN9+0;DcSA=5uIn)84Ce}LiUwO18Z!h#AaC~RB(x)*)GnIPIl$-Sxp$HW0ksm zjaiDBBdlX4#EdbrkHc+-hwTEKtQ~&d34Kx#qV#N{ z&x}b;C*KHPw#4NHf^fLP@ zlP=`H;G#0M348FO)Yhx8LBDiuQ1AT~yC+)pOu+nTsN-UaNH!K-a~HlZN=(N=zM-jM zN?Xbv4nbChGb7i1Rcl4O$c_H}5Grk4x5J1&gAm!+bP4 z-NNgwb1LZ^c;b5Y7-F@i=oVKW@HTA4n69qqb4)gba1mTORWh5FaH8l|$ZGm6%(KEw z%=So;`c8M4x2d|wB&vU|PTw$8vh0i2#&C7Ow3(qameYW`|u;&3{m0k3%b4Nk|!8jBj?4%-E3gu||Na31&4t-1y0E zo+eJ|d;7Y(aFG!1ymbMk%NBE)Ud4Qy>H-18O+S-<1;CA=j7TuMfit&07IUE;U_7TQ zv)R3RUh6rtqkr7AQ`<-0+`UIy7>+=ej zK~l7*)-er7Xq5Zi9H8a9=503CKg4%u{qVBBa7>i!K3zSG6KT;LJND$YX~U`d!R1AR z7B@-BeVOJ1!LN_a9ds)YpFX&fzuHfea=)LT3f0=#;!u(2|5Q!=lh47|GzE;t>*80I z^O;mE1eeQPKre}rm%B?H9ee=w=(~LSaT9mWp>)np_%l?67JM9KRWY|2;(2 zJ9YSxvVd)00HkTQSN&R_eZZ%meuOZFJra9VoPgle0h%KO;ljqe7~*f?UW}b^Eb+M4 zKhAex)BB16io)F@&3~BLSpj7W=ZD=%psKI08)7Tq}O$w-v8 z`g{eE*?7(=*LC*Pi`Mq;njGJG@p0@j)@wPDmKsj?Y*GQ9n__C;80_YG|x%Sea0w{;7 zx&9DYB~oYsu+Dywj<|7nXefYGJMsb7x)Vg16g+O%fCakrn{}vZ<}x-D0tC2+Zpniq zGyuAX`_shI-r0xa9lO4Vocj6fgImrqP+jH~T@{F0ViaVRC4CB7Ghq>FYmgRj<-IG= za5~-^1k@0c4%{?8Qi|gh{FBvs=hOm{g`W8928SaJVMY3SdXx^-th`kCmU>-{1%%_* zir*-H$2{KzV3AvOo51niQ<*#G=wrCsUqaUh&w^|TwKaVm6;&Fmt`7*g2~BEhyk<E zT>G1Lr25@pR~JPT2a*LLYp~}HoHl22OT>ZT`USmM#jsX2=!IhfMqs{y?WU6EP|zbL zujWxCb4fEs2GMu4Lo>lXnoT-4=ziunrqvBj=eCprZxW-vb9=)wA*INMxopnlZ*MsA z+8aQ&HlRdpM%ne|B>e!q;{;Jwx4@Iq;M99mV<8d=12?#&x*K2J#7po4CSwYKQH>IC z$(DR3KUMf7aoh&<ve{bvCgZO+&C3$5Aw2Lgp#%dE7jn~Yvy)w&8^yw?qSp^B}Ab^uPcPByio3%Vc5)Dy{c7X<@3sP|KU{tw&^>O$| zoInRWzw-{9^1J)Y>Fl+TH&j=FS8Fi9(UoKL%l(koJcu}|&$}<+cqG&z9}rF*w6-4w znQF{_EEz+1P+KUwus#UcHA)1^_ZxOVAlehP+;7pp_MfmbyqHq=*qHG`H|N!q^dsW> zlpvFA8Yso$h<;Cx+eRWDIPa~^HO&>#rh`ojV1~TgeE!31V87W+vdm_b19Ud#Z>c26 z3SHVmTUG%9^va(5;sHlEYg<9G?_q-s>dQ^)0o-54UaNztO3qC6IYMV0p&r}d&G9id z$~Uj<9+pzao&EyG9NGZTe1^7vF)kR9_`&@xF3CT*Hjs@~lKcXzf3(L4A}0|nr!rrb z@gc#jKcTgVSkdXnsgflb5_GI766EXwd`>u;p5q1tvL(Tk zHVAXmtyS?l0AwRCIv1i8cH|)=g2oP~TK6WR8Z+-RL|>3`mA2rbjJ{nKXHaW!t-UPP zSDPKG>D#02m}64j30B7X0sF7D0XwvDR(F3MyOCeZ{sAOfC-bUTlW!K=#Q^X545{m5B6urpGAWEy2)I8o_ z<@}D0tog+b&=InMQ7uh2{){X`$4q2y+7~@8Z1g+Xo3C9}k$h?{fN))lT`{zee~UZy z5(Cp^VFMKEV1%yL=__+IkcZ=|y(Si29`ik~mb(?CFtFCzpHB%|k}n18yvpXo9WkcU zhaz?+87_{cQTz*n`GjN)e)jL;%S57o4k$P#cHPgX)@;llX9bD6`Ok7!%{zb2OD^=o z)QxQF&{yU5E2Y{^3C`k8E73xl51T~1zSQ($t=*ojIUhJfTt%L0pU5>1dm+UY9amzpJ zuzph|e+7(nJ;nYgTXx;>N{I3eS9jHU}N zBGvPI$|X1&u&tGuHB|7Y#7A5nRvYd}w2S=(0TIsmt@Av$2-Um|vlZ|XQ65L@9k#j| zf;}{Cn-cepeSez1Oy^cpLqz)yPBS*@e(^+N;q2S8oYkiDhr97YU{kh^X+vh&_unw$> zE&HB1hm6{f?v|Y+kq2ArkHQ4OV-{^767;Iq*7tfHQc~@${Ef7&77^QZM^;T@NK6pUKcci6i zdz8;M++G19L4w?Rpy9MyY6%LQftlk@n(y+|K9|Fd z$Vx#&+*BM$EtBUfW^>bT+n8oTaP~$O_n$ZL{8~i4vULb?n-xiNXDap7%YCtv1-mi% z5Wgrw0ZB+fH?2^W>Ws6geB;aOYbbGIphU@=+)tubUAcdWNLcQjR7K$F_9qE! zAO^7ef@>|kk%d~Q@aY~0^GVNYkAc;hhd1~@-uGja_5QS#FCpJ?=$JVT39seJE9)aU zdxRdJFR1Ps~^UnxrG z`|pxHscsGBsW(0lt=h{Y81v+*r<)~W-{=M^ACR;om{nSvDprv>9;Nk#QXI%DB9S$@ z-O0=OV?P&0>kS?=%@E`l3#W#TT@S?J=Nq3mkXyYeOZ@-#YKDMBgXw0r`3%EU6Wd|w z__qU6lI6P{g7NhmEEg}GBetsI20qeO?ag1_=afAI}$~|eHh8mQ#vZkiu`S?8q-*iGZ%(HDZ$b;koq8CS6 zVehbH4xdMBA!q-eVFl3F=TUV48H&_(`uRTHk)KWCMJ0sgrvF^6azPa95Ol%!I5p}F zxHj_}eaQ}PGlGzeZ-LLrp*?mmzX83mbsY9Q>pE>WSYxH7kSe38IFl}tW zd>oqY@glKRwC?Wfob@^9MkRvnqOES~=1YVt7!qv@uGg1lbsH_E(W^zSwf05wtNNU{ z8|U?pyAy7VD^Vy?<`4)>V^G@rX?@UAnmG_tn+(kN@n!h-lpqFH?i?s$pS-;mgzcPE zvb_&j<9RqZh$_~@|4HcspNJM}R&?}g4g_gFYk+XrMkL_iC763(o(|f@-t#!pg01Bj z#PjaY@$O;Yi8wrp#5j{Gp;W@}McM_wEw4$xyRv5mN6}zrbAU!~Pq6V#<7K4X-UTU! zg9l^M1_2!!7%toG0g%Cr;8^n;zRW6*um0|Gq8QQQ{=v7mHa~4S<(IHVSuzUlkS`P$ z7UGRM20y*1Puea6`v5@`Eg`aQ+dq6(P#!J#;VH1gwwvWFt{2Ylu#n+;HrHSC7uejm zrnt=>F7MyP8;(p|a$1T4yJI*SBeF1+;*yM{OxOUxo&rw-dqP_}Y|oMYeDVod*jt6& z<6yL7rkjjF^`;3o+yjNc%iP>tyOa`an!jfi=r@o~sRGi*FK-&k=z<2(!ijtslXU2B zRPE43$dM01Lj;;Z5g5dGy!Ag?4sD+~D+P&*=!G1ipp&uY_kc7y(a(^weNFA?p*tNX zgFNy6Q;9{R%&-4I z+#R|Y|F)HPOC8&m(DdKM$_&oJyBvdZ83uN-efnbtzQm+yn^G6*4 zd1N>{X93UTX;*&H^9k`P|4$*6R7om&D-x|m4^Hjl5F{vvd=*D~#(6l-t6~ekHom4H z`V`1AyIyW{4VklLO%I+C`TiGQfZcploWw#g1(>?AvZ&GCSKK9PZ;9gk4B7wCqVE3y?K&0>|u10T6MdF#~@jxUP`9^x!CP7_( zbWNIahJKP=z3v@k5~M)VM`kxaQckMz{J55Fe+-V=`Vno?U1xUEWv^! z$)fw^zW9&|W!O{25P~$RsjC_INPDnenQ&jL zS|`U@S=Yw*$xEqdEhJCK*!bDzjqK(!&%cqVIvRr zt6eH5Mi0r%7)=E>V!Mk@OleqeVR(>?|(SP8LFTk6kzD&o9`xu{}N0)`+ zY0q{kd-+n^lEw{(AX<5R<-tkM?+c@3rDAUY*i)yrmQS@q?xV%86|=1##6XM`RJ$hg zplTTcaaUx2AMSIUfpXR>$3=ti{RzsGcMU5)zkt5>qO5{%e0E3(h3?@>i39QZ! z&uR$>@-ngSRg5<0QfLVdHZFJ7x^!jsqdoXrh$8yImD`3~tPXl{qipXOVaTT5S>hsulSj#=e!uAbt~5 zSzKxwj?a6x|IWRWEf1P`9Syf2d#?>5(nf>d&cfIRJ+CUM+?9KS^DyvyzHc)a@AITa znkNk#IK zxJQw;6PqhbR7omtbhLN(qz5i|68QCYf4Uue;&!>IYP334&WX6;R&+N4eaORN@s=;9FK$l~|%T5)pCeNZ`nywq*nppJ*?APnb? zc=U$CZ}=On?gQs7Gc(Wb7Co}wA9GM+Zw;;PrdU*&xaNw}56yJabB~U*#l65%eL8C; z>njO;gHX!wHRWo4&=#q*eg=&6M+I6V%a~GW$eYkvKs?-lI~SLUzF~M%4{i?hOIo@9 z=j=yfNEdSZ)9nv9fjOh!+NO0UZWWL|Sxybn2s>pVx+t;Jb)wdrI$ z)GqEb&MO095!Y=#ZT$gie*z+m9G*c$PxbiLPusccYVB2EcXmuC`PW9BkGJQ@w^SupHLLZ8D_~O zEStmksLibN-_&&JqbfX}Yx@%GG}2lm&3Pd9u7Osi3Gja%JcT8C-0mmyDy%$o+?1>g z363+E2-+rfaSI7<%w%*nr@h-J=yY1aBS*a12(NpVI;rF-Nie4|-uv?5e{!WZP-t{G z_7$4<2!a*^$1Ij3tOV&M=R}%2?W9KW2c$YqJf2E8t|^w^iT%hW?)$_+qfeM}bd1-{ zWC#?K24vQ1$&l)A5(X+ax3A|!7@XKtpA@G@M0htK5~7{xxhPuILryiqzP;&OBS$`B zI2HrNLT@y`q3wRmr69{4H+fHJjFQ{%>&X~4!TFEv3~NIzNN(5>h&}?k3PU>V$T@mh z5R4q)>_>A;Vycji+7h$R`ykIt60Xh!EmwY`6fy+?sf`VZ1ii?$7=PJ6G5+F@@Jc~Z$U(@ehgTwy&y?8OAH0Z6(l%(oU=()#=X=ktER9}lVkPd`n$a}y!8 zD`$PON>4SQ1D|}-)OgP>EuH=Y(kJEM>2Gjg-Lu<8=e?cp+^27(_+(uPS6mC8zc{sQ zJr#+EjaKJ|y#Rze@bWKU#9tk>zotbW0ObANh$AaJ4`o(4(mK_T6;y++R43ZfGZe&@ zhuD8$)-O5(ugPaF-De@GmD9*CZ~wR`JAj*dBjr)Onk^+ue8+9o7WS`Oh#PXL1G}uB z$(wbduEXhLj`(3|cwnTvkCojA6B*(SZgL9OuYNhi52hL3z8T-m8Qo1m%N@x2OM3{5 zFMD^&RqH5q4sHJ@-c_KbF~Q$_`vFfm$K2>GdU?;-TghhL#bVvnH5u#vfz|qC1#+-GW^P(2kV|d6ndIl5W2y9-C-qTY`YaG->#qXP6 z?|+?P?xSF4M*7UZy4A$yd$3bicjL3gH!`B7wpY|NJezcyV-Z1ntd_sm^#$3msB=n= zZ(p4{F*&{jksfY!3MJRM1)^@842wELdsMpCr*>yLdO4=dXT^TG-!cl}{#68?D1Hk` zrhV+&NNW8x(mzYV8A}Kh9KJALplW~s^XG?~H&ga}-GIfy7m2&~yxflLOoe#hr>3|~>QyrifejH=g6>3|Xo@2Q4DZea zf5aSBsafUn$fJey@h4(mgD+uvrHV&7@FRdmF|vLD9}LH^5!9i)JiQXh2r5?3@}U!; zY{38{cqHVB-s^qhL$Aw0$7aH2=ttQVcH_bBkm;rsuyaTS+i0+93^|;RGT>kzgdwUr z4Vtx(8dkXAGGuvQ#ATqc5me|6Ki>6N*Jk8Ye=IXlOSX0rZ_!CAGjQyr=frR`&3xAOOceIU$KjQF_g$H{e;W`E^&YyD4-iLk< zhQea3Q}j)F3DKH}-s*ZkHeqU!r^M6YQ9j12@ENyQ#lY-PT0i1`wjAEsDi-P$#T>5E zUky*~lGv|&Vtec}2T}&QnrZ}fY6=T$@H2GeSVD%3r{Wwk*wnUO@ zaz=a4uY7H8n|q<9?JOazE$yprdgvgCg-q2rWvmT@uo|o7vX(ywu_nKd6X#jKyxcj4 zWj4Ml`lVdIYvX7;Y4D<4CpRDaIN`NvF3&S3YUF~EKqOTtN3k>`hK(=C>NaldlT&4x z%)nsv(jQkaWcO>{-V9CgF2e2Ou_UBGh4Cv~RP!(hXg5U1iqKbKsYX?Gccg+#P(il^ zl<&L}9$`|d0XurO#Sl8S}*dVRWih*y{(xnw`LtMshQaNV~>*Gllbrx#4G zn%jkR>b=7{a}_+)-6LgREhZcYcBRvkZcG?5dti2JpOdFbUTZMH-~#EL%e(2luF{*g z)}CI!r+ZgO1P%)$F!*mSR->lSEc)i;y-t4FaHJ) z{^(2EuoSNjYg@*h5xh0Vdv~rRbXAQC{-e?MCUfx!&Jktokfd+fQ>qEa`}U;c&F`Dk zZgq+TwauM1wDEOw=TOYcnOpVFD~VL*I^=GNL5+1q3g%ajS5%j=#-Q_W=9PN1_Buy( zxRt?tCb?TE%I&io)n&o&d*{W-?pt5hV^^^cRdw%5$F)54_!mxzgup}FZ9Omn0wcB6 z_ozG)vrUDHu+3BU&_5AFNiYp0^}Vxo#$Ve0m^7p3H(7xVfi|(CBu@7?xhN9Ni(KU| zOh&O9pgcr!CyCxrk{g<^2Am^PhIvqs{RY4j{xw^rDQs?uB|8tt{>9-g*Qsvr$7}V~d;E%4h LfmW`@AA$b|%wS(* literal 0 HcmV?d00001 diff --git a/docs/manual/_static/pictures/dds_security_overview.png b/docs/manual/_static/pictures/dds_security_overview.png new file mode 100644 index 0000000000000000000000000000000000000000..9951bf97541f8ded29da3a630fcdf31c97fb5e8c GIT binary patch literal 49342 zcmeFaWmJ`2+cpZg)CGcoNSC+-M7l&8L>D5ZASEpV(!D526+}u@Kw<$364KouEe+D$ z-QBR~1$w{tx1aYN-yYxCdyM_Vzd9~vo%4+2IL^6z9?41K;ZWdUU|`@$J-DZUfpOjw z0|Rp$egXW8QcuBS42)|SQuoB4IA|@Rv2&=Eg3AN_yg1=-tY;WT7YN_q#H=KEg!`2h z=hihH->>mCRgwHQ zS6Pj)FyUf4*dEwK469`xWY;h}(%^pN+zdjyqpvi#zHq`yh+Ek+yrK`9+6uVneH7}1URmgQDE zMiaOg1{Q(4STHP0fD%#ga9(ca>m9oy%h!0|1MokV_pT-LB??lpQhW(va37XNJjXcu z0s|&M@Uy3ntm3EsJ*=wHs!F26}3-@5o=?jqJ~39WJ%6&*BR46LmyFH-p?Psl2^(tP^* znBK1dfHV-@#%6n8OWtg0?BucUfGs_5~~v9E+&XUqRV z?lCrxH&0-ANvc4TP;5kV>?`Nl|6pL9hx?^iQ%~O_0^nw0?CuF?jDa4uw*2 z)@OSDZ@=!q+E6QDT-X16^a|Vddp4)%<0cHucZ$_#GX`5}jD?=}mrG9w2wbCk?}3B22Gz=M_=KiU|*P?30}T? z4o*fVhBkXn2S0}u0DojC_>|@D8+Ssiq0T-kJl*H*^SG~Q3+Cfm2Y(;j@wJ##zMQ4~ zR}^YajP6mT>DSgI&h~ndsI8lF5uR5b5_~U_ScblW1N+b9{BN9oM1k!SM+Fo4$cU+1=)hD;IFu7QaB7VY ztIwZVoV&XVR=<}~SSsW+rra7kJh+g_stbS36RDgrryxwzeZY{p2A@wR?c`0k5yzlRYMhUIK| z|RAIDMO}$3sVBdupE)L14U#raYV;JA*c@bkT_>=u{j;ft{T3+H!Yf z_wT8F$F@}jw?(B?;KEGD)kMBw2faHhB^%>%ZxrQ)c@2W7=ia+5eetGwCn;f?+oe4A zNm0&cDQl=29pLqu*F^cw>W_05;X{^Hc)EwXYin?y^Os0o&qO)1{bbW8civv?JNL$V zA?;m?_V!lk&ahylUALOm;7ie0(&7((PoVb7Y`jDKy@XWsdAGGfyztealC{SLWGAF9En zGd``SR$!?cITQ2h@;kSgI>N*CTu!~(L=oee=Y?>h-v#WHNyL(&rC-U;%$x{9ZO~9S;w;oPUjSU<%1HQgrt4?XY?U*BoP?ec% zs_yC@mlxjZe4k19&wVXrY?DR%6An5bFC!P9!wk=x804XD$*I$lgyxD)f7bKj_54=Q zM4I6E7SYUjKeZ%^IKD4U&&RGqmd_uVaWz)~*XFkazV?XL!yM;{-{^j~Pnff`m@{&9 zZzh^{LAmfuwC*6+~A@pUD#HroEG@#<3lzvv+b$kE))(F75Rp^#;ESXV+)e z0&+=Y6-TMTpG&88t@Ph1avIIFped1Dp7a5S?F8$YIZcC0V6wDUjqKm3@I46q3Vu6O z6m&_R!3Na$t}{uB#U3pF^g7IZ!L{(9E<-k2#AWnzPD*#kcB-VrWZfXJw~I~FT*wU5 zEBxy}5fce})o_|Lk~%nB0=3g`PnQGZ*+NdA=)z2rZWm}KP*XFc=7`FSgC$*yX?IDOc>#{#js*;Vhl6h}bg8>J zDl{mpQQvR0o4TT^Ydn18Ju&<=z(f93>>^gU(>VkgIUd1mH@qeK62mJhm(6x77RUD* z+ZhEZcbZAv7t+g*-%3jSBn#6`=JiwuR>m1O8|+J6@s{e$WOTgGOa^U-_+Sm|7iL)o z_tzi)dE;%)9E$k+CT4ve&U4>Fy;@zCZ8&F32w7T(f6`WkbTuxamQVr|*R>P!Y3M@J zYx)Q^V7O&~v^hdWBhf^phizgo8R`A1F>8dBJtyYu*tq8XIAwU|8XZ z-nghJVdw21kMZ?Q%#zxtjH&tDaMicNb4*;yBn1%;&?QxyUa;L8x6Cb|qHGtq{p`0d z6^q${6(xcA>)bjr^!8~*fwZ6dpD@cI0V2YSfiNjQv1@H_2yt2d5w72#=bMay^6sIvKEj%&oJk}IEX2$w(_IEPnE@lY+?-g|g zT5bFOrBt1LtP4_ier zHAGBTX>Nhf#WNGaz!U{x>;f_)npc)0Ntr|Hm5$|~p(tceHRSNcKgpq;rGry^1&gV< z{rQLr$~F2?0gnlsXbHtyU2=NkaLzV8(dRUwNHg+CkxeG{`@c`zD-RvrLYdSnG@5 z76PT#(D_)-gD_O4%pv!SPUg?9;a)l2wF`-7IdNdkBGzflsvNPp9czj@f-#PtkZ|C{LpAoy=-^tYD$ zTTA{ez5xaE7p;JZw!iSs|1a?{`)(GkKU#plN$lSw_HPpVH;Mg=@Bbx4{t_a88Kl3I z+h30IG#a}9e?{tc|LXfK0Zn;xUxcq&?STUDJtSe6m z->I)(_+a1ZMwMD$YNsM;n|`Tdy^LOFZ8hZ?#{Xrh-&p}GaBF0`3wiI*iNVjqPb*ZV zdrbzr?_813g|(Sc3|q=p1wXz>BxX2u^~+R(nFE*mQctEF5K%QsTK zkY-fCb;}OL&KpxI-%M5!D75~dU@32)@^EjXYP`l*I#bo{Xsc>>ZK7(ukzLz3(se$C z*pHV%Ya*{U$l*J^yLrc|mkC9h-$RdnX}lLJie|-HwcV4MiP;O9n(0p46!xXb&5L$K z&{!D%9!nOCC3@_z+t=z!67tkIDPz#OF__Dfltq<*KY)^t&5v5}HcRQ|uhPl>-pm}& z%nLvMV{uH6oRct@T)vz2H1>uIkl3M)m=}~J25f3Ly~lqnwG&#Zw%X}ZkC^3PcF?xYR`KGgAiuRNf4h*glZ1`f zEgm^CS9RIys*)604=P|TXrf2177uTwtuAJ_dezZ5vn*y*UDnNRzRj%97V1+ct(~fq zGBv?#ZbIdg@Dy5!#pz0}CZ4XOD{n#HRF>LTp!hg=>$_pPRZsc&y+@3gwh>+;8XcDU zPv#f3jK!Rz!#O-#`DY?Cro&CVfZnc{=NzY}eZNt{YJhzSLc?L~&Dd0^_GKbQIoySm zY`MA22qAZ6j&3ps{{afg@uU!pBD2=w#g4aie&j^c%@HaNoQ@C8bZuR_f)4Trtxfif z27-O#MV%B4d&*l*&1zpI5xeDD``wFq>3&*f^BkS1qfCav~Y36-0K64FKRG)q$p}DFBFpqCb|CmPzR_@apPIY!{ z%af4Uq|?hDemsl*1&?p(Hu{+yRa%>>PW+TN7^CQ0i~0Aw13Gr#W|C8;dhQ^0o48wX z2Q1269D0g}iEk7xeh5sjPaC~R<8Y0lVx6P#aAC^wU?mlZa%4(t&HNE-Poy!16k?Q< z?-(r5L*9xf_b_Lv;eH2gsk0GG(U7#m@AQazZ?z{goo=6E&S0P;n3%d9Yk4hs1*wLm zxDdWWs3wYh-LhaN+D&B8wnKIdXi9Me7c(S!O|zRD9-BWpT_HGz-xuJ&U*V86;XYK9j*3WgjhBI>`7UzD~I|y#o9A9qeNZ{CFe!glf7ej0kcwbb_w*eJWax^d&$D zs{4jm86JJKXxRAw?uaBGca9HM0^PKn=Dy`!jefaa|KbWz^(IkGUD)czseRh;U*41H zkzsQ%H(_(O49;xirll;eywJ0h&`)YV5AZN&y_i)n~2h&y>EsNG%G>>m# zt8G?bUpmm9@Y89&emE;Biqk5*Lxr@w9HPuYQKpo)MqwZ9_qmY<({>?S%w_BiX=S@4 zEj76RJ;8*1Ew(aBF?kWmq)5vJGJU^JIs3S)Uj&y6Cd9H+^ZIW!MF|U1v|LR@&-S@# z9vml_8H!HqBNo3Arqp{0INzj)yktHyA;*aAY(m0^N3!Ul!5xu$nS*0*!a-B&#Ow|n zq_EC?ywX}tLYjEahcViA%+Z|=2LmG_i{Cq&zjYiwb8WahY#8lwo62!A2+|qfdedbF zOZHrBOC&YOx*edLt#a&EO(=Pfdp9W|YQ8=|$BbpE-|m-GSmwc(^pNO0O;HZ!2n5nn z&2#F&xhuP;pfQ~c;lR+A4z7pmk)p8@MMY_WN@BKlLT~zx1-or0DRLDA3zF6Y%@T*T z_u1}(;w8J|zEz&*FI84tq#aC}i|Ns4<9BudGRy!szPWX$Do6ifseZc9W$evl^PZn8HtHFJ|_RE9flB_u-md~`JfUJ3pS$pr{Zu-f7`Zc5s3X)J; zsbo^&Wj5SOeyu3SPhWOJyS3nXabUJ9xHGPIM%~Xn6AY6s^R8!9pWHI7TLijgT6>oK z7Q1HNo@&>=b^>|PBU`G4cg$&TwOeaL4lfI>{t&l%D3mIAaZ>eL)n!2zD(A(_R{>t{ z3mD|1s1BkX#(mCh=-2F87Um6$ry?zD$AOTU;-{$krFx0=h5{*EO7ns-jO6Y}2DwNw zdmG;`k)r+2?!+$zl+MO|Tpl6ZPxglP)~%g6#EcNSmt+fLPL9y_Iu|?nP5XN!hL$V8_nB`- zzj3mi*b0JC8AlCA-OOv`j=bD+WzJCB`MIgG_CLz(% z(Tv;Bbl4mbT`7q>1adXL@W^L_4VRyXDf&r;Eqst>BfrB&SHAFNNMo;;i%3;QiSsdi zI&*pnSINoIN?>j7OBbNnZ)XWUF*IC*l()36Fq-N_71EYk_RN6B_A@s^5XiTu$${p0 z<%YSi@>evW5S8LsQ2GAWF{_hy?sms|N8W;xhAd5jI<$d1#;Z_(*l|5i-cID<+Qn+O zJxX1XRp=q$JiEb@m@QlyVMm+1ebkC3WWi5*uPNgOZpl|V=JLJo#`bB80qgV^zA`HyEkN*T}(QDgXdP@s{VR%EO$Q7~&9H+id0Fw%Ls z5E9dK3ULZRIfHny?bJe;TG$et2FzcSMXt8BX-fH{LT&Sk?NYaGOMXvO=73XV%>$%m z9ua>lLbMg+79z714tpBBNXy|*WuOhb|n*Z4r>s znAtW{rBZ@*3;JI;b?8RQL61ubW(|iF4A~vstrpq|I{VT`N>fEIJu-B5H0-EJayhXv zgq@7xyTQx%nk_0(17@W5Qw^MWN?Ok@GzKJt1>I^XKiVEp;djX@%<+^W5v%Y3euYD` zi1)QS?@$B&@p{y)(5vs)X_!^srGrCs!*@Gc(7u=&M`o5av9+Lm;*>-zSD!l+bj}fx zuWpm4=uxy%cHkwrQes08xCr+)pE2h3)K5q!>rB0naJ7EVaRc9|gRCMe;*Q`~I&Di* zPR|W|-^KtNf{r`dCB}ZEhn$3aWn>lK%ySjcxjRXDnn^nQaW;G)?LbjHc7X0mN6PhB zCpsOed?+j3jXv3nZV>WijB>axbhuj8*_UmASBx!gEH=N`L)##OUYbJ7k|vy4fT$3A z`Qf^5pz!wFI-X7|kUC3`%_pY^7~;ClD@K1uypC#3B9>`oWaE$NDUgnrwV#2d%%a-A z-d}rx!C$=9t#0A}gg!4*ukJFz@>b6d$O%9*2R^PJd-QjQ73UF3*-?MK;eyVF`0;+H zcyp4;2S}qnprV(QpRD)G+)H((jjX>_Z{`{W;|bwH-UbS=*eE|HCnph^wiSr z{xOis`(DT*!&}eS06Sytuv&3(g1>6Oyx7d)aIJ2_TzhZlL1?5Di(tj`p4W@dOe(*D zEJx!{mhJp;4h{7=tJ2=9M2p%tf|;_-md)cj!qei6uGXk^gByJ`$o zUB6Q89EuG?9vL#0+c^t(oEZ>p`ujj9*VR|Fem{V#2!7EZvN!p0Y=ZX0L5TehxA98( z$?+<h%nD1x2oK*9>Fvs4b7br{;=sdKmp;JK>pFeCyS1W22vdx*fIIzAVy0v&n$}^XGIC zD0Iflv(cHUl46sAk)MSetxcItZuD%6-v8ZOSgl)CGmGyE+^3@WecuAnRwYmuWhBEp$ew@~4?8XOYbSLWNrW)>?X+i|6Bd$LZ)Etg~sy27xp$7I!gO*5g`v>u5 zlT4c+C_44Jog8_)Xs1L-4{ao9y>g}1wiN*h2gUra{KG0aT$ppAIy`X8m8lg&*LpvV)j;wLSARt z32!AlsD&wIa*ep@vw+Z{||t$huW8l>Unl zBqb6G4KC~Qt0>~)^ULp=XdgV?on#aZvo4hmOeL0?^KlY#2U&!l$5st?-{$(3vw{g z!q7MdSN&zCgv>zV+1VsHyW%1GXF;>=f|^pFf^#%j2T6u?NmUK0HWi*$-(E2YBKS_L z@2^%^yqut%s6$SfKICUqMO|*Bm(N_uC5&Xv6UtQ-!8wZBDPeS#61mJeBh>Kt3TQpF zf6slHRRe%CZ+U57^%SI9-H0;Aj#2j;H72ezExiFM7ALXwgi5#)ay(FbsjYrWbJ}|5#Beho^97-#U{h|AAJ(hxgt=%fOLZdARL0 zYI}jMxN5}2e9>u?w@c;T=)VR69$7`YN#(Di-bc3{=OEnW8s_dcrlhlFBMijlPj-cj2QuaN;9boJR&s21^+$-bTSy z+s(T0eHU_&&=DWYy>uA5fN85>PM!0oWCb>y+TAyDyq*6_2(|*M1so`mxIjapIW>P; z86<0{PiIL2Yv=Uj^jsRE%R^+@p7b+xi3pr-ba*UXoLKM#*?Ld9>lQN+(vsxkqOog7 z#PC&n_D1^JTp?VEfDgN%#tN75eOhtjQq1TNP?3FR8=|-iHj>lx;-!X$BA$EG{<7!L zpVXiJR{=*>A)A;D6^%RxSh? zaq50Lemb=F{^*;mL*=N%Sw#D~$!o$Cm$z>&f<8~5DIwiHIu=PO4cqqnx=^KpUr-Ec z;8=c^8S0(!UpVokHe1%XAl>|cskevFxu3s2%w;p(bWPqd*YXsVVNJp0v}JIY6X2#u zdh;)vEl9G<6GBXeo22>FWxFh>kKi=2=4+^eUdUY#F36g7``)%EH$s*>lx(L*6%AvV zBSDZMdS^7BXm^GzkL=&P8m-otPKeA9+LZNchw8}Vpc8Eng4S3vfLFZ#u8O##8wE27 zIRy6+_h7l$g2!8Q)dT-^U$$YLIcTtFD~S+iCX;>n@8Wg9Rd#+_VdrrB)5Cj9@R*O* zMQtFvW+s(&+hj9=?MUc4D*w>}D56;nXJ|o-a646q{47*@J-%TbH<pE*q3oob!$Hc5^pf?51;_gfuU-y-+_c%HBH^T zkp5VPPVkNBMp)}>A0kE+JDcAfvTIIzB|eh#BN~>sOz;F8hs=a~o7M zp1fmXu4uGarga$g;BeZU&DicY!T<4Tf@pHV!m&}^lL~vSPV|`bnBio}!tLPND8BIK zqxW|$7E<#suM=|iZE+0dR$QQbt)!yKOVM0@yp>+1X+J~^wXoi}q-y)f5$;7+Y5ls| zs*ak}yKt?RvI=BBSMi?db}s|Vd!doE4;&0Je(lz&gE>+}@uy}r++z4~YIw3NSmL%f zfZ<)I$n^Nf@Sv1udo>)Ct&HPxV^EVZmGw`$%rRmW4MLiis}-tx7FqQSRjBRL8mbO0 z8&Y+;2ctbI^}mWNcY5i8lS%ati55ic9&WS-dZisQxPA*(z9pHYW5KC3b@LqvoB~v~ zZQ|!8lhOv7`9`ShaeT!OV`-0W(lEC>8J+J~NcN)BTkInV2smK4NKa4*a`g&u!nYrZCy6d%-j~WDIKJLK>Jqx#t03_%*^+T(l{J9vX7`RYVS(FB<7@&wdWl zXg-M%+1AQmM+-r@r%P#dJGK!D85>%0wRe~i93hWB793>j(PEEWgoOnD^l86lP!pnV z&To0aDt+c5?=T`z=n6>vOYa;4B!lX?Xe|&2(C&&+cO~#{74rhKa z5GS#>f{;?6cpBc{%M&XYk{U|O!)+yg{Mx~nMq2XW4&>%m=bEx@=1XIsgViZnMeTt{ zDBK0K13pyPK6^}GC;qeWhmr=@4roRv253R~YbZ_0EKmo&BKfmGAJux!^F5pOdPe-K ziQI-QelwR1@%yE3JHp$m(_=YWtiL-Se=;Q>V8diCDxUwI>^ZoSZP1)`DcSdDisjPv z=ivf3+*=x0!~Yi(L#^=8wXz4HDg8%;O4kd$7u5?eGQ-yFJT zb|oWD&`&3Vg6>u^40s0=6CQ0CbRwz>AtMDNAQc#ka$fc+7XS7lb^J<|n%@X0r|y`7 z)Nf6r`8x`c(8A9Cd9EYD`x0BhwL{=I-+C1<7RlNfz3K1VQ=FfE#D@e>F@eb0=?^25zT_Klpi|f_eO-r2 z8&vpdM)UZp15Xa%LlF0FZ=DE9+0l|k-4`cL3-T7bR&55< z{yx3VeS2AM&!bzOKk3>)d-IB0Kk7&#%^@Bj-+h1-W8Zo?gSPhqi90*ku#>m=&aM-b zBV?C_H``PV(=%%+##~mMwcl&@0e0}IaP1m0CUi%=Z!qFHEL30I4ZI^FjJb3Wjg3&H ziR1v45{LOLwN!*4Ndvi1>pbAvJ_#|+ow>W(_$o%NXTFm6LHwQK|8IXPOW z=U0=ct?a~Tz>Zps78TQy=GLw_s|FJ2*q-O!t6-Pr0Qd(`M%@UrJZ!!}%X5JAl$M9_ z52p z0O#EY%e#+#HnR_LizLA#rU0>Otj7syf@_(i=6YUzppj10h7(U|@NBVsE7ihZutc9U z8=I$>f=AP`-gy|0W-%ZO_Pp{5Ajzu>hKER_tofC%X(n zY1_QZz*VP^p&tOZ)>U=go0@3R=2ujmU&MErmC!v{%Ex~uRv%C>)162tGYZF^=#PuS&H+q z`Ll0kHlWxTf(YbG>?H)PFJ_=-{YU2^6Ux&h=H$KzYq;{@%ghR}xy+UjJd#tY>-k5J z1QtehwaO{Ac7TjKo#RcY+9Y^Hm?+)a+4p_w%i}6|r(Jn&RqqW5!Pez_ z*KP~e$m+L!1i)UZnc7W=|Em1Me?e77(68S&K7afa>5^V<`pEI{EMIbvPH>b48^P6 zJ>}zp@j%LgQ$F7ByvGyRX-WI9f{Zqt?xEmmI&fN#Rl&Qt&1|Is0x!NwkTN^h)<7aIJo!47vaLxoob7;T z90Z>Wz=p<|a_`q~sfaS~q^rzBP=FRcfxR2y8H*8G^fM3I<);vCRH!0EkYRh`G^(_D z6i8h`qrxZNq-Aj@-HK85u9xjSP#mWNz=H$SpByILEJT~H8$U5A;?!}0%7nx1_^|Tm zw-TYf;b?)l2qbK1mCMyb+Gq1W`o@;UYW(_%c*_TXA#2vWCs5BqDhs&PYJ}zPipo7x%Gpvi{@6vJk%5 zr`jKpjvX>up~-els3ei2&5kkmbC=-|xbxESSDe&XPKVs3Sfu|gndw?e3tSL%^m>hx zQ!AlLYjT26zpfL8c+)aiXrniLrOI&ztx{hS-kWv%X@xDf0kN54E$afRfhhqhrM+cu z_dUOcmYIPF#?BWg{hij(vdwSe+O4)da#ejMse1Y~R>#L5yq&1QBR0B#AyXQXP+Bz% zcm`9L&r`j3+v&7gGfTmGYv$tB0V5?Y9?7s5TiYK&c7OpWY zS9UDVfA{NZ`9a+R57`cj2a*=y?~?skeTN(<`6|qOJlj24%gweV|%60_A;n zxqy8AjB$!`@nync?Lh$Ldi$dK!Wqhyl*VU=66o&io9m4)!3S7qs(N`~q(c5sRt>xs zzO2lBG&~IIGAq`c!>@!TfEB38>UiYWb6D5IJt0+A)_i-Qdg!g-Qcg$AP=KRNKDs?( z1k-swDFGRRM#1vAT{bcw`0Z&D?`hU?jezNn3qdgE#Ikl@yCYO~ziiS*39JB;p)J*%U>&ka4TGRRgi^j2L_ zFjR@Hx}F^eZI^Ef+=T~Njxx7f86I+Vfd?R&`3nyY<{_{qB^T`3OCU^OX(4^Km$Wf$ zzHPOIl0-hQ{d|b#a}p%4sS49f^|C3`TnHFDl+)*YQR6_I&B~pg9rz1>r#-Vo9L@gl zc}oyZ=iy~z&b=D}O;=5)x|d(TIRmCX!{-oQnUU7ct+~N z(1Hv9EEs*{DatLBlpRV{d>^gpf85aYVO=Dyg)N(FliEk@;Sfri2C-}RETsF}fL)x6 z9jr}?zx$~xwf|^$pn7i9Pz2wb0W@KxD5;VSPqk$+!}^`4myGvL9!pXa$ID04;B}SI zMFf_k2|<&2bm&8e0w^ZauKL$AiOh9>uHeDrbsMu!&?(g?u~ zjfhP9?TL3AZ(dS4b$FE&1QLcopT!-kb?82PqXhwl;VOvaV6#u(`fA^B@Lr&pl)0L0 z2_DyJmR}8lr^Q_|<@x!*$$PPBeO4GTjtw<%_A?2|3+6W-ZG{}ePp*Oua9qJe?8MNV)J{VNGnwZL9wQYHC&ncPCk5J<|vDvm%l6nOB!q@K*39@jr{ku6N zF~j*SF$*6)MPQ_95?P{GV_VXY(RN2K#n753`?qEQrt%v z8JL_aX69e`5p&2$k^`BsyxoSQ$=5%s9FE27CiEa*Qo`@5;_Ys5k-059agdflN;!Ru z-^|SnQhdKdyhnQM6F26iopr9DyyLHhO{%2Zi=wPWGjtfq_}@>GvXk2l z64Vriy*vBRvl~v2LC6{~162W8#gK7)kDW>J9+1>&5{oW@M6MmK1+*>CmOA{-i=!@B z7H2zcr00+SdRJsO*hJOR(h+<@Yxx6nZ49+;zd&9AwknJ+qGremX^AqoKn-W)nB*(c zS-=eOqd!hyz3#F!Bnq@eLaQ_AI9nYWr?Wdd0(gz3<;=11hT%x=(t0^dztQW-FS6yq zjrh0*lIO2!%4+(-=0)@->U^Pc8~K6_^fj-9vR6FTj}RvqJi4E|=0#^vIB1 z_dfc_E5l)J+}wh<|HKUoy`23LP3^CI_D-+wq=6OF^?J3tRd1r4|C3 zT0of)9P*ul5!yG+u3Ot9kWXiA{_dwUZ+g`5$S|GK4fUm^+oV=edg)-~M}Ure z{Wrhdt;4ZTHfj_=@hHtH&B8Q60~l*p{`V*JKY<8j`_%}f$8h6(Pmb*C`IasuEa-ek z!@z6s^E-yCZ=h0NhBHkguBn}x0n(lugI>9oE-10X*Hv^rUN;PKz&%X z)uT;ouP5zXm^D;WbyUe~aXmMRZg{^@k(}K*(AZzrm5Hgm_mh0*^O+Abw2R?2Op+Zx zd!~$CI2IvI7tj`vPHG&!WJxV1Lq6+S&RrypPMw*}rz!8;ztj=5-dfkm#OIGn87vQ1 zWzB=Y`0URJPCR*cfq_tg)9Y52Gs@Kesc0!gLJ2~tKgjw^QrkT_B!4AvuywI{Cc5-K zdT5Dy5xgFGl)eJF{rJ3N%O#6B-}@=VGMViiTMx1!l^b);TJ%wPlm$`|)1S58d7#l|GE4c-TQaqS)EEyHKicw+#GfciWgZ(Cf?U)K8R*7Wjdt0%C$tJPJi z(>No~S9TvfTxqvpC6j9SDZho)QNy~P{#fQDZspIY9z&bFqL(Rk2nU-8>+9>(om% z0S#VfA7jl_eE{7Dc{@Wpe!FeVAUr!%zI{gdcK=R!8K377t6BJ4Q0s6zuRR8}j*yssC-g!(@;o zQtt_kb@-8b(`5Iyql5zPx-#JBNHvG=x$G2=2xpwTTWf9z^L1U1e(<9C%TSsc=N$Kh z;EB^h+DP|=@1$M(Bb1lh_DVOu`a~1uudh>wlHDMB9)g6<|1*$|;O!8k2ibmpXsDmF zk_5>e(Fub-xo+5J)VGS!b2iwzU0&x;^zj2t7M1P%9E+pyLs80vi0yKaP)snq0iuk= z4>fz0q-6vU#{S5#HJsQD)nKeWzj*F~*&zU>CQ&K+SC)3n{6?RK)D6c0cH4LGk2?Qe zejj}u;wR@dYqR2|ytP;vYaj8*rT$NDjeS$rOCYG9i_ch`J_IZhWjWgkiK1#6+J2ZH z(g0@?kVx$Ho22_|lPcb!RO~;TS1Es|4avL6*a}8HcURmF^4%^StdzTDrKjih8;=1( zYVF!+R;*%6H=7O1YuwNCM`Fc@0(4(^*jGL9N~^8N%jC>3z8l`$o*Ofb(q(Q_kyPrP=ALS@L zpm0b<_Uh%8u|~U8wDADyviO6)1XAe@j6V^cl#t_S$!L*1%$FZjP=S{hKg~`BjQWK}_OQ&{#oxi`GjG8+khG-Fe?k8d zU~)N2x3I&du08qyDpw$}pR{ft;)m2M>o4H*rt^!3snY1BL;n<=T>!HAje5FAbjw1j zlRrv#pgK`L%DB_Fl^tZy*wxVt_Mq`2|?UGQ$OFMGIIlRyPulek5xyl1bj;HOXdWx zzv7wOd)s9z(nYAClp5_?_-CpS^5F4rLfX503ddv>U1jBV;i(-iAzMBF!=ldOjiKTr z!*bV=$A&#SG*4!lPLE7LrM_+OX$2V$zt{L5^{29}`c^vukPNCiG^!7Cu`Cu9#(maC zt<$(2u8mE8ln?OIFB4nZ#K`~py-74KZK$sVUE3AuGiZd%sck=CmhTbEA&|Q=wV=PT za#b1!Z5y5~l@6s9yr&O?o>@}i!|U95kR>(1N!U68+#Y@qYf3r4m<8+D?tx&=1kHcmjT)#Gju?wLvPO6eZq zo!XN@!}NF`9lsg=D+afz%%5zw*S%Xl-S_W{WJ5`p1(ez40aV@tnn?=u9aa;z4$+Z`?<3by8xEK&L2Xl zzZ`e&OUMI{eeXjpE4q7Ap*=(k8zCTfs+#;ScRWxHHbMxm@F_7zgbLQz%q+WiJ%i4K z`P)Z;EGOmMsv_&`+e*ti4bj702HQoz@tAdhGHtP_Yv>Tv^Np#QK+XG_@DO4lq1Gnd zq;Daof~+Lk42aRM_y1RO<EQ-I?&~?3+>sJwb+*@G_`*rt;0DD!`)BbZa>;T@xoRZMieymjTg-_kBs; znB@=MHU;{E&lNbIpH|%Tn*Z+8B&gr;DQ$m}G7wy!uGwUiZ3oa7e9x%;Tn6?gc0CEDH_@2E^ zUW*V(K!b-fPV8NS$Y?=|%DQV?iw)W5bT-)N)FwX(j7KgIloafs-LN3f_eo`s^y^T01T!I z&=ggWF4Jj|0UvOZ`M9sksdhLAgN?P!A^|ew{}I)E-F-PcH|ja~{fb#=Z8=Mu+&dQ1 z^NagEWv7!sS{{Wj%)sZng^`w`$$^7(kJtf8sjcUKDiari=mpR+iQCAMEhB`w8$dW} zEHB3V*?iB3iM@wVl8O*?BbL(*DK;njXD{#NTK!5>gSBa9cYibm?}MH)=6Pt>>0`67 zO5n4W<>Z+*St3{`djsWN*FRQW_y`D7uJnHh(_hqro)NLkTprN7nmbT$<@%Eq@cROH zG@O@m*9LX^$V=86n4MM28}vGH;s<`D6^y^j0B2HdZhbk2>Vy-hxeG|FzlEz%8V+rk zOvGts0}_^6Qi4ZX1#AHRnI?e7I!&>Yju2*7jFkNdR&IG`%GlO4CZ*wwhQ5XZ})hOqoe=MC%2 zMS~-s{&VCyQubsO&A&+c#C`}shdJRtYWl?-Tpvroa(hESiXXW1EX9ji-8~t?`VG z32?f&j&}w(T19Eii{|22+a&PcP@{V3OhHe;)J?ub`(&N8vi*5W@M9?VZR{I9F^Qu{ ze$vM;gSwd-l)OZ)Kww>a_lXQ@?3T8={g9paqrL9@GU5Qh3%=Ng5RJ?c!I8a|UODE@ zCy5JDqDoqRCJ`7#(%B;a@m>IEA^y`~+drpv`@zrF8w#S0j8l^W;5Rl-<(+uid+M(7 zLDB)vQ2B6W7|6cfRN;%hY%>S}T;h%HMQbU|W1!%=Mg>%*K$jEpP7Cjv&fLL8q~$r- zeVpJcfC5$ycL-$YST~6z1eefOLMWnM4gp=SNaG;brT?Zf-k_(kJsv zWB&FBvknq>Tv-CcIQE+&H&{KO%3(Qjn1=BcVWF-~6VGo4AEW?y$BTs5Pe07Jpq^9T zQMc!r$57)8B#Zq^Pkgcp9pl&H%2afwyzQC+sKgM8u|8%{HgG4DHp_M6U<7f>9Nnyh zU`}mgUY#z#;<;Vk+}v@l?p?joF-Vj>*=d7EQM)Cf567%SHA>~!&yWmT^nEQ`68rcrEWAfqgQDDUUXWf*{ffobCe8tn%>=Al zUQK6_;IoR8c#pfDegBG!MsX|!>uu;RjM=s5=!Y4Yd-g~H75?bS@4^9lX}o|SuyGAz z+4W2>!hoTmI9NR<@|DXH=U9krOKDHwum}x3=hsguXT9 zhzA6>O<(gyPn*%X5EyzHRFNdM4Xd zZC*dS1BrOctWz#oKsTkyFwz&k_f@kzc5fxQ7S?sX#{sz*X(^TRqTNJwoi%B;j&+Au z$1jBJL0wJ*af(W{n5p=@5vNG#Nhsn*`k>23O#ts9@~&&i#thY1moZ+Z-`gZGU|H>} zU5r2iFMwvH0erP?X6830=FF&C)fF^Bgu2~i1L@)3&yloYSo*oQ7w<_8h+`+c>YMdG zj#ry5K^G}M@9>jle*5Qg?BSs|X7b|nO84p9F zMl>=%9Jhe~nQFZmbIn#bc??~>&~v*~CGnziIeOvK*vU_eA!7~WH?DkC5ZztbcyUZ1 zeH{RQ8&$7N%hh~vo^tn0okPVzzmHWim9|&{|0R12Q0)OdQg30F2aGIRszv%6H55NsXvTLwAst*2aoq^jMY<|O9yuV< zpTE{_yY(+bY>!0r?pMY@Z=^S6bkvugbiuL383CdYPMh~?FxajYRjg)mKl<@$V-=Fm z3>H|jTJ@_pyXTl+=gQ(}B_Q(J+GYk2k1Ay~0>MsL=hk^S*t9;Zl5T0Dt32_wc!CHD z?Z*ms1}Lj@h17<|$BWkQer*W0^`CE^JN;oc0AcJ%z~i{JI|%N04T8zE`a)^^DUgvK zaQ36&_X3{P#z3)5{F?zQ@8`v!n)W56fs&@|4^0F#?mHt0OvH_KT@oLXsQmrX^4KNs z8Kf(tGcBn1`3W%=$$AJg8P&_|`J{3R1h-)s(eNF;fl>D3dfNk&S1H8hW3P&IjVxU_ zCeU^#J+lxJ!eAye`;(r(Qu{iy?bBWCKg_XWj(?C~3Z-&}r1Mestm3=gd^qo3<)7R{oquIZrZX)6%n^FLQx+1nnOQ)Z;|esu6AF zr{Ak_m&X*%IzYcpB;T&fNu*&h&?iVWcu*5?toL=q93ActVX}}~^0u1o{`Ej;CIAHf zpH42^bhHB;!R`_MAk`PBESkN1aa!vUt{+2p=35!>pZ2q$u%^>XQ@(aQyiz$N4^K!M zBX**>wa+YmVzL<>19z$+(8XFh=UJtG%N>0nl(1UuRQFAeabkM{ZN0fgTLfo8)~deC zlsdc=Vm)<)?-t~N-fIX?rzF%s$55?(<@Vs$o30<2Vl9H?244b*Dq89!j^X7>`qvaa82TI% zx_wZ6w3G1U><`2$#=dxv`N0k97pZ|pvIWhdT}-M0FSKJI5mTqwh%~5Ay4F8BdiUIo zMgP+r#0Y!J00TmbK%yATC+2uQ^2tN+tx1tU`AX3J?yMb-Zm>r*EsG&GKJbtIixAG% z4OT2Iyy6rH-T&L_9)WmR@zN;hZ z640~6xa~R*Z|iORpr|}^np5Y@WRUOXSLZb05X1<4MrWx#|EA{d{(ieiY@@&)DeI++ zFc9J$G%IT=;cQG#b9biWqU$GCBzCe(CQO*^~-RmUK zqh{23<}}^hZ2{TY4U1<$Xax_gWaV}mKRL>AdUd*et zh5fyShqu#_H2*}rByw>ia;c!n$=tL8^4iD9J!b9o(uZ#Wl*?gOx;0(?QAAU($uZVz z_5+XVJTMbsWqHOe0ZA7LOj|?pTC*X0FPZw#n326-3Hs(CW0ReYGg3RxFM1l|@22!C z@DvgPc-FaIw>wp;YalZEOI&l8;!3a7!L&ke1lSit1|^}IUC6Bn{4EDMD?1sooiBV9 z7c-z~>NjJ(wL;D;P3R0@m4&1h0Zr#JG<|*UmHQe=-#v@_cR^<*Z@y1CaZ=~}~nAhdBkIMUd9w!DWd<5`|= zq=F!;phe{hj<15k;{MVFGiU(_i?2-l_f&or?oIw|m)5cD6u_jP^L;%LXWo~ys&ynf_IkX_h6?Q==p=v$-N(uG5tB|4ek zatp{L1l)w5u9$_{%(Rk&VE?51Q4w6$Ld?{U8?!OYJ# z6W8h4UJt?k1ulimGD|x^xbSZ`phFLLfZAN&aOdBQSEl1fTv#9ILIB1L+G@3V-5(@kjl_CR8tj&yr?Q9b zT)Hfpz4EFMv|o2n(C3af>75zPR7PK>6@=!la95rwG>&mJx}x%aAGsRSipFc4MJoFf zkgOah5g6vXti5bxXLQAw`JtwcZplRF&2wo2fTQddPz%Y-DMX8`(0~K`vnvQ8vP#VG zl^&6#U}bsZ&idiKIp=98bJ&ZUdm+`@xp4B5ebScQ`rJzS%FR_q^a*M~7nP zQ0Ze2bJOo8!@tvN%$-xr3&N;OLzBWw*m+m`UfYfLncd9P7U?HWZYQW#Q#5~?G_{p7 z5FqgLjI?-;$OHAG4(-_DL|2XV&{L@XS{vtBBG2;e2%cR5p7Q3>h9CW}Da5&F%O^3Ir>b!`c>>}=Mf)zgz)KcGEt>faT|d{cO8wHvN{ zQ<*^C%}XKeR?_ZTdqLvZk&KacVxP|Wp$;3bc7ohgE|Z)s^SP7)dXhVC)!HRvEXqv{ zePrgt9#N5z>6YpbwWakO$Wi_Fyy?aobj;#8yZ0ZZN%?-cxJhIU?`YHZW+s zWn=0TU26LJQBglO+_rGr@kHk)O=rnq;2DnVn(mG>Ex$IW8U%&%kPk&|L>e;R?nQk$ zi&o=u*H5WG{fCPCI&Qv36UNH4j; z(AL;onAx;uiP~!F@|y~I&hf5Qq-KZNNpTB# z?rv(@w5LtAq)ypdn94MiTX-3C_0Aj1s!ZCb%-D(E&Bxrw`!!iMwis1POZqL^yRiMKw)@ z)lS}b)w%?lA7#431?^0~b#$wg&!U^>7o5A=<=yr#mve^eU7ty{@Px$~dSQ!OoHe74 z2TW=B-?Y1WGxDO#{k?4MRNRXCOD)=m_s>$G(hpa3R(?uTR3oo6>*mxfbNJAarYeUJ zRGoeHu)lCByE{``z2g;Td9tOOYu=>6#k+G<6jU8KG}^ z%%54L z|N4IS&K%soeI;)9tKZ|xJ$kpNMN(UeDt~3>CopuxzF)hVy4~^dOR6y{eNwYJBdvF6 z{k7e>WNmLPX?2a^TO{^#EsD%MrXAl~l*MzldPv^9-?FJl3>ymRG)@*bvU5{^)(orF zd^6i$p~Wk`Lk9Crus`TBa5@VF{A(QwirgDzB$UD?Hi=R|wBp*kZF=RD%U)IX zvJ0Q5G|ww}lhr_!P@sKsaXB(IYMCHy>-fTxfunE=HH}NxIa8me>{Y-C*`<`!ding& zawu%lPt$>E!)V$azqfmP6d$o0U|-rx13LVTvWsYIh?7duElQdFu}X=ZDQIp>O=Ic%SyJT+UA?2!;(vsO zj{*p2wxJui(oZl=oR%=YnV|WLw1{>zE5rt(4M4cZH7(pY-I;DY)>PGd-)~#%r%6OB=fCuKw5$l)cb*%wU_o@X+t2F<$H(}T2@f0Y_$Wmn!ZN!`!@ax9 z^;$fqMtO8$ez0_PUx?(MzVjSUZ;5UC%3Oc;}44?;aiftXuDd3KuziBIa@Vs>@a~m%ZroQ>iRCK9hFZ~ zzU$8YP}|RLe%1Top6}Iu&AE&iQMZa<=Jk@Uz!F{ZPfh4Eu*pQ8BuPYJ-YV{~`u2zK zO&cGW0(&qQ)RbMl&NG`AV?j_O-Vab4uV;xAgg7T0p0wWr#2^ghXF~6_oXltUWtY*P^Yl^)o3T zPS?}5f?8<4Ddy1fr|5#z*eTojG?_1hsOsv#Jo@DbTf4wldE1 zfFZgx1+m8p3#E`arzZs5nY+yd}kHYn_O=(iSCu9?oPWcBxTX_GP_icshEAZCgUNL9TwMoWM*p)$8F^mx#-bo1vme*dFw!2#?&1xAMN>IhZ zPPM)FS4ma=oGmSxrQ1$4mVb|JN0lMRsTwITB{xY2(6B;-#qFC&pSjv~Q42 zE=$!v?`hDfx_aqDfmwG$bF|Rs^uc$j-fEa9Rd|FqI@44KiRxxyN$$1HK|8LDt82y1 z??AT;B|7Ebe?Yk?FW;nHD(PmVQQM1F9=)!ID`K42st)7*d|2-nEo2`G9dJe$fHH(p zv(Q}g%R2OH$|T80y#BpA5Pl4|fO&rwuz3&`kk*U~SwMrj*U7&6RgEy<^{%pOUA;fm zbSR^cQ#lJ;c@kAR!)aei4r=wih%{~aBVc}+!Wuz$rZUhLylYIp6`SQX3RcjGs>WHV zNLy%Lx+)bsywvdC)#A4Tk3xj-ernq7SlLZ}8yr2ccoz|$Zt(3K2+B4bk6JExrXTAb znGIes{25W&%Dc*lwwt7hEWODhZ$cX*V3V}7(tgVtTJG;RefBTOQ@e2d+DIknB)25| zti9qk(?@vlHOe~&$F`W-V;1dzoL6Jx3wi7}%k*MbruM|na!VL7 zIonrAo38E?{(huokKtL8M=2A87wvr`(%F6VzViqEx6AgIYYudv6(4>tnUx@J8afWL z!UR!!WuI?XZ|jXtm$P!rb5sf2@UhG9qCE!%>V6`kV!Hud>S2Pm(>GdTL=N*2Ty`0P2cdd#GFB$Ypp+2K{sSL(yYdI8kl55K^ zo#J`EQs|-Oj0^E?m6rb~Hu-SiO8WYgLhnr4)l!#jlN3RTi_ge@b)*K%1MlU<-6l2Z z&0VZ^TfHkOqRNL2%j07V5Iu_9knnGCD0(T6#+-1&+lyK=exYf+Jtmv}nP6knmXA@s zi@Hm&ROil}JMpD;kL)`LWFxuR)w4S4#8PbB5iUgO^7M{p~;$*C+J=i;C1zCijlT5E-fu3s-~-5a@%{73SNpITf!+6M(mIW|51KT zi)#b+#}}ac}YP$t-_< zZE$U_zY$n!o>LyISq1UInhBn|5+jN1%O}!BrM1B-HOh}4Kjz;3Ol(I$$j>Q^O#Q}l z_h4IIaVupb$+xZ*&@*8TxqbA04f*~v#Wo9r^zK>Wfc=ej31pETAlu!=Bp!IWW&N5v zwAegveZXkTm!ry4>X~rSRpl87#dY1PdT4*ZIsm)6HKfxT!I{pV0Pqtl)M}nzu^bYf zF8q+HKSx{+kd6t+o(4mEZ6KDPmoc(}k!kKoVV04)6+ZJJ-Rp<&Q23{ba?3Zfbr zd52@Z9tkv#e&~KGK~A=h#N0MexB4R0gAz}8ska95(q*gz$Y$Gzd(si0w!oDaznq#q z2&tN-HaV_mTeU&A7V!~lf-q=We-|fwHswuJVaoPZB`zP9CUTazStV>6Boz-OkCN}E zPU?;jzHHGA+w{dR7k=dnnfYv_|` ze8v)Uow)9?I07oIUW33NK$sCY5O)sQxXB7G#qdd!F z*7c_2ZHMie@%l{nEjpJKrBt1dxunIazcR0`W&7Hirp0C3Og1}*fcII`$2HBSJpw(# z!N4(`+;Oy*T&Ivx9e0imISopNxXU@0W#2inAQ9~Fo!y*f(wVOt+Uh2y9+@n8>^;L5 z<7|;rjCXNpWXchff!~gI_{i7A(ONl?Bi9Hj5Pjh>4Y{V3qYWLcWHa5_VX)HTZn`ci zDH%2QR+lc3kEDH9BdDL6SC_ukV=tTkuwSi6DO*nj;ehgg+Oek9nb)Cons4xNuxmj1 z?p%LSBe1Kpvz=F))4sEMv5w|;N4F0N^=T35&NGEAPPtQ zx?tEwBFMgkg5$TPL)OHIXsL5bRaZuM$~jGZGV*4o+$hlfzP5HfQs+un-xN^yr1|Jp z_tH|t_#nS|v+D8gtQ;~qAcMR{kN2wN@H!CSyt(SKb&8;DZLr#u;)95es+UngfkCzB zU1_3szg!bkS*pK&y4CpH`>MR{T~4 z=*9XtaWBL1udhsoHOvI>c+MYfX_1dJZi!ifz=e8nAWfBh6Fk_LSrcb*>y3&+hiCE0 zXWJ~z^6QxC@8>p?)`2*Z*72iMpZ1aHlsnmu)urq1hOnt#s)#vChKMhQo19x$bo&G< zxu48@E^)3kLHfgBdD`u+^;w4Bx%V5N2RzN8uQp)N;EKyzI9nKCmP44khUG7yO(${w zm2tXj4eJ2V#LxKpGn;9HQ0gu23GWHa;HJGGn#F$pe9%JWzMe`-kX-AseuVRZ4@SMw$zFOt{T_Ov`z$g}gqF*U37dBkPB zN?b$tEh&a1bgLZFD08U^WV3a0iSy{f1w-CJGV^GCnxxbvhz4iwajQHep}NA&*7UgM z49^$I_!InqY@3)X8t&S^I07+bw|^&;g*19L9`1lK3ZOFKi0~i^lz8oiyyTcVO_ZLU1l`CCcblbg-U)8vPR;yHt?MzpnS$Ijs zBMbBfB2yiyw?|y!4k41}v2h@1{(&zXZ)q44uGjE`AG&;nNL{PcqjR{b40O_XludK% zpjxGyW^7H(HKl!L&~~d@I=jxCrJljuLcbVc#`a5<-b}g{ z?s-_vHg1kewcqQjOx9a8a%1o&$FxN9-I|??m`AHU>iqrUax`}U^-mu$f+2@75?U1G zjEXd9r#ua2-a&%snIK(FMFPY3fJH0ZBsKm_l0f!Iv_W(dW)<-$(QZ#oK z{q@7~7%ZCfGq)o0g&=-dZl5XJXNMDOHBZ8nc&2+qQZlgocC<+nI7cNO1Ipke%J**Z zH-AMgceA#{XBFbK*`uABpOQ{~DO1immUl?pDqPyP4<`l0ICbNneM;mg*myh4^lxWo zajTs#Z|E36ohltXO#051eeE$oS7GU0R$hIJ7V2J3yUFrm@_16U7z*uq_|9ZJa%g`1 zIqr0)4z-{(jGd(-Hhj>YCq)SkA!-Vr3^y>sOTx|ceMOe~kU}cZflFqZEqRL}ZFA! zQ_gPzXE-((;QTV9*CdATM+(`^2D$ETO)a|t7pF{EX2c-G^WU__(sGVsP`)nSDTrwJ zB_C|G16wP*D1nCYcB)*ztUET`5$7ypyg_gxu>5|ltYZ-@QC6Nhww6omM@ zz|$cp8%BpjJUBU^I+(2(sFy;8c9s!9F<0&xunXJ$)ev(!dVi zm5pvf3hdp2YJsVA0a?2djr23Be7l zhyC}leh7G94(;}Tv@xdSHW2g4EUpB_S?qR#!&}@P%YQ6Ej0D-%B}5mR>RtgL_BdYa zy<0F>=LVU3J}`VAMIFSHVnAa_(ahZj&)lCKnlV4gl=WK+LP0a7J_+P=ZZd973GHqS zD$>u%p$YoL6Jfk`g}*9TgNerWSo1Nb@jORzUZ89dx2FEYd9!k*uJz#el9rdr;9xwX zT6bWDC4A5P5RqhbIPsf;fI_!eY>!Ikge_FmqIH1v?$U$r*r~3}$i}X+^70I#vAOmK z91q~JankOSh*;F0I{&b|TI*bdO-;I9Uh|slYr6qr462lT+!d!_c@ku(1u!3l z=DlZ2?dBR1D?iVts-(U~vfGF_mT+WKDH^}AoobVmdP&6uweHvIO-@~;`%4p)_s>zC zMF)K1Ryv1>ypYG^8ImrBJyIUX3c56!MsMndDwb8;!q8;@PUJ)OLIru>;p0GzuzVlx zHpzXmX|1%c)7AUvK1mIbd9gaeoe8r|T^QCcFb(N|lsfOjzQo$899NAvA6vtn zRDWy_y}A}+vM}d$;}Tbom|@(ENst%b)G`i;JpXx;%5!An1(OJ(&fc9HfyA%_M%ZQR zv1YMVe7?n?78Rex1pxs8O6@?(%TmMX*SaCUq-)xh5%Ead!U9PjtX{+*-anFsvUuCj zP<}x%uZHHWFUY9T`SU15M&F1{J9(}8?$@>m_PdSc##9M&$(`35WC}4i-B?!QEy|^AZwuTU!-J+_q$6r4s1toxQO&MqaiSILp zdH9|q=BCRRkX^--gZM&d5$gcW=gMGw!0!y4AyW}wL_B?RcC|Mkhf`w=9T8={Xs=HF z@^tXSul{&gL0kr^o>cqC!Px2;HSb(F3{#T1a&^fB18a`!NOtfx##hw0@VLx(e7E+5Np; z$@0u%*$}o@QBRpqGQFlv_;rE+?HO?fr{l!Y8hFq8*Tqpv&ML7}(nz_X*W4g_?i>5G z`bm_u3o4Z!mftT4IjtAG3~bLyh>LrWdQN_eU<9(!G8!PmjR{N=4BkNe;8%>&4ZsdM z>$u%(ngfx=CEMu^bCG~a5W{1r4mp8M7sexpWhgLT--!Vcks+8x%_nCAml)AT(R1c{ zADZoce(pqLu{DB`ny?BA1R%Nhs8Q??3l!D^t&?GI?)|oObuJ}t3q7eYK@89*NSxC< zGWi()kxLmt4;jtE@Avk&S)n!XT?xQ{jJSt>a{*WgjE=yHxr_A>+@(da??5K30l*oF z5_fF%a{4}+?H?ALJ$&5-?Z5%2zu^2F?(}0Z3V5POA#aq%CXHAPw3~)oOaQX-iiKjc zUIu2bAZS7%BKCM;NOuju{<-&y@jb%ftk*p@m^zKT@DM&LzAGUz4r}x&P-I3@xOmE2 z7pn%PxAb-3tqcJ-*eRP4tCpq13RvP8QV(E1y>Khg550}OO^xHd=zvMEfNS_QA62t(f9U+!FVL9a|>Kii}|sVzbJ z_`aV;tZ;FqAfPj1W>nQF~0ees42=~D1ZCidji5v~o z0MRElG$#}^@fIPOD!FST6I(RoBnN3A$d5Hq&j;jyd*MwO*me+`SYb!*BVvdr9L9_+ z`v-|zb?}MDS2R3^SBd_z(F^n5+^5(cl)u?s(APALci!JV*!5W^_^NqLqhSB_XJ$Vx zz-N=K?=6v?7lxsZT?|;k$GZnBdXJ40XHUeiZ7}CobXT7T#=#g+gfCwsZ}KL(&WToY z<9G-m^%7Dt`tp*xoeuAn1&w-!1_J>BK^vrRr6n@=6tnfpOI%xZptSXQ&$leWr}&JA zJDjbVU3*GQ zKJI-|AqX~6MnORV%d@D68bHG~w~p!Iwi)$~apVdJ0B!V#_ia`nXTCN%Da6R)kGSE# zBKG979J&Cd&yt~t{t6f8RQ2qbH(dHx*~dN_x6mPW8}3}v?$8b{wVh!GWBaus&k>EU z2aj=1mC-&}KX3Iaq~Iu2Hg@BFD;aoJ%^FIqFpVG;j~fKlP(N?GV;;t-`xs60Nt#wV zemX_@{qrchJ`?dbRhP-EnBeq04~#t6MZXvB!BCC2GxQ0$CV}k4kLvg0QC(nTOV>p(mnz} z6?UD&GhH=3>F_w@ebn`fY-iLWgdKBJ!s-B0XN&03h>Q1p_9k<$P7B(W*B9I`_`FW` zwGgDE@UtV`!J(-}<4U81m!*Vx^k7eaQ{8g%LiSV%t1RSsnYu%Oc zpFbN4ANG#}X?Hh7O}|z452uk3o*0j2!FHr)*BH0 z@OqDf$zMVZAd?TiDE;ew5xj87sf`L5iu*eLD^gE#Ut-tJWF^|4b3ZB`6sC88o zV(>jJc@EFc_0H^0i@W5cm5{p2wVsgOb+JP^i+*@;u?!wGN=wa#^PI%0G}}$-RzX$0b#xxM)Kq3u&;@9QP6@f@4W^SE?_81^|n4iuq8V{1yP42SxLOAKORu?A-`{#Xry z639{p-ERz)f$(iLYZ!|4r&skkJk2`Om>@5yLhfJUmbMfiUM^ogodn z?F0id{y7x~$mp(qz#xTvu7KM@?wNtGI+I5%AvsJ>6kj2Fzu}bU$aQ%eK@-FbT*a9I zY|t@0E(8rxAI`qgMh)U_Nn=8QoaZW04-Hf`Ghhg4tKmX7R_4@ZA|vS>w_yL!T14YD zKZ<9=oh4M+>BX~%^;}K)t``NGXH2+cg#y>%Wi>8A?PHC%v{fB{^A zPUEA?;#gCBXv}hl3p_bWW<3rQHo%#nFW^+<-LT2fa zbM(3(y1At#jBm(6f{MrV97IRgUadYSXCFrrHTt*lvVv)=r;fHk-UKb0n46Scz zV{}eyv#bDQxP`q}>b!0dA!wV17}G3hG!!!(iANWcDON84+&w8$(PL43=W^&@ECAfZ zHp8qrgwa3qn8RY$hI{;b<~BeNA= z^ByeRwD|^%xD42r+*OSjFLz`7^#Pl}V|2nAMSKu|P(n7$_+dM)WB}{tEq$Q3g~z0r zTFF6g&-W+^z?ue~LiDzFq4_Idh`I^xFEiv#!$9ZCfU(KFq-M&p2r!5V=phT!ciUA} z5STb+@;y#mEv88Vv#2aaPzk8fQVV5*8VHz+!kXIuI5lYR>j&>U=Osn?>NLD>Wl>2O zc^?{ipXqhio!`q%g7q=bJRmBk%F?ag-8%%k`=dcVgFt;xW=eA7XD` zQrhV>5eunTbz@l*zx-q0K;EHQ}46B)S2-F zy>se{igEhflj8|sk2Uj>t~~5hL6Dqc0q?Dpxw_8=DZoUKoc3NJvG)Shg>rB*01<-^ zz5?RlU5r9KX8oVQpAroYKyzH+XA8*9zDTLu>dMv^ExP$g6#vyJ*!Ca>iN|wnn8H1Q z*U|A04nzubgB^^sog9=IGO_E@x}f8x8E@<&ifIQqm!e-*FdldD*>(y7ycFYeY@vd1 zAoExZ7nn1Lmn`K(m0)Ey>imciA0+W8iVg*~tNnFkB)f66ZRkQBM@r>9uidOhePd%V zLPH}%@4OYOh)2Go#pQR~BWLwTvA6a2hX=#C%MLZFLJ7ILYmgM6Y4eE3g()6qJ*vD$ zfC#J}65xs2MHWb`GVCMuvg!vv5l9-QY9+b?f!@+gcI9(o^WBXU(Klw@SsX}=3}hhw#GS8=QC_X>lgO9_+*L zGsi>tqbFc;630an{gpiyZ}JVE%EC`QaKUji^gx44CvElpJSF_~MmUI6&5@}2voJO{ zpf{(wMoZNAgjd*Zk*7?<6?jwK^hy8(p;;g2vQQOCE@e_ zPm{`F3>UyX`QQh*Dd4k2wjoJ6clUoBn0N{UX{%qpe)tC-BeG0q&x5p9izgU@G-2<+ zw}_~%O8l#UrHu=?XTp6PR$8SeEZw%L|Ks@Kj=uXFi=!ne5UV2LKIT8Il@(G+1xSB9 zgVc*N44^tW{@d%2ijz`;)YLmEfTaM$$+nm{k?N0n_`l2!3WC(U=0X0PB{$%vOpOoocXVkE0rMg8PN7Xi5;F3B#$@jW$@Vv z?#7mbpkT#f^yyKG2B?2?!ObPXfI4f0J6p~{CHWoPsS;iLw_XViAi@af30UbR=$w8r zxMXT==s`=$))0mM6Qv^KVKQOkW}2y<4+(Vj9fh|m^&n+_SIAQ?y;1O%EmEfkMl_%t zC_CE}$=BV&IptU%CA%WXh7TRuu@jIsY@I-g9dD33s+3rx1rMa^MuwOS;?I0iAQYri z22C48dh9;#$e$wGphNXjWJ0<8`)FoCusFdd9I8Pu1*877ER|vATg2t};NA%4>lT_v zkOlz!Kd$!vOl)T>#*6THC<1i#IY#+TLTgoIb*eSN*OgLjx_f(N>h>v=wr%RYvnnpB zwy8PYdeV@5x*naUrCd7gdKL8E2;8(91nsH{VH~!$R7!QLOewO6A9Mz2I~SYHVG8vlOVWE>^<~6! zI#mnA3JD9ly62?TX2E<*+G^O6oZ%KjDg~hAxrn1X*Hx;@4C`N)dm1oP;46_8Lk(^M zh!Kl8*Y)?e!jLNr|7ZD1E`v+PVki6kHwKA0trX7_Au<*h?hZAa-Pudq?X%LX8u~>6 zT8bX&yYDSixjfj}(Q2j7!?^VI9?yC^;f1c^3v7Ql-qqc?oEi2x)veICd2NxufD?Yp zMH|lORdmT=L^cNQF#(^z;q;E8eO+GqYBK^qou+U=t|E zJeA=?KemUirth%!woOJh(%>p7Zlwt@ZQGE}EMmV+EXK$KDOCRY zb;^uFDSYNV&R)Sh&Tl^OYwK!*xPb?4s1J|c{wYj`%&#g!OwDVgBl;MdiYi0;Zic=Y zMRq%FH5}^#1XQvWPBeoilzjBvkT|*Unyw z;>DVylI0tUE_$w;_mwJt{-0T$HKHg+oG9z#dtpt6^KGGq#Z>H_Jx zOp6k>dIEhEM=htjJ9)ZVF|>k@&#S4g&kx%2Ka5t5vXHitnX|rf{f!&VYo%@EM2>xV z*&eORWvsHVr%RplD;<~`;*9>5ZUOY+)gQXUGLm*7znQ%;e4t-8?1VN%B zZlnD=kjjN1q$8}l$w)}}XIs!4V8mvrIY@BI!U5u?S+a9YSPZ!bq>Qu|V$@@SYg@PD zBI}bs{ua)|tBQuWP)Kwh=kG1Tg7>)Hi*XlAK{Z3#YZKse31&_}lsJyuHm>S&>hEeH zqdNs=H-X=@1IY-SlY_0&9J^^r7Ie9pUjq6AIXHepVA3#^92-DQH5gs41jIE~&U z{DYEl_6tKxkXSYKgUf<%fP*gfpKSK8-n`^8fF+ltKrZ4Iu+x+MCsXu2Q=1P7;jVmw zuEB9=Fv7zHh`6PMA3AU%OHt!?I3qI*>*K=m6A$ezHv;YD2~PmuS&~v8%pwOc&RSLM zfhIZFKa4oc2Te-FglrzsNi15S$Gu$_Rq}Z1EL`N&ib1M&kLL#{amXy3Nr4|$5PQy^ z2N`ZR4_Zg*E|J$n$BoH*W$Gy#)Vli55CQ4EU3ylRRQAIULWR%}X1 z0Lz0uT-}CN{MUEHs@}s9mlLx<@*|i96ZZbm8eGRgWl_ z8b}bI?gAjVh}1n){;j=Ga5@?J zAH2b7FG#uY-#M&cPxhcAX6rC*^#b>%@$HxC4NAxMiurB#gIUxf|R^do>&Br~9lI6hnp#un#qOAI`e#f4XX z&mdHgKl0iFYe3PHXB-HXED2y!#s3J`L;Dldtj=_YfiF7Uh@`+*r#sn8R)N6f4TFTw zS7@}*xhwVpQImgdgUso#5Tru$P(8R5>H?5Q@mB&g!_lKh?*niMSYZOc0!7t(B*np; zxPbc}9;h-xzm^2D#oHrbxWa(nMm`n~!cK#aC zL1+!!lJ(#|GN|j?hPb%=frIds7|fW6lgl8$rat}!sJO_Gc&Z-S0Tk7Y z8C-~Pe)?*`&p&oqOc8<(@%m*Q)RWVSrJjJT$Ov@Hxe8oT8A#SD*KSU0_dNo&h06mO zAaB3b4b{DlNkZf{#H;Gk%l~Hy(ARH^%@M1)HCliiO42$&Gd|MX#j&+o{Ag?(ZgXbe zvTb_HvpW3c9-q~fx~Me7pD9MX_50_h2=STF!Vnz`{wi>@wzj_h^b?Z{aPm+&!X1V= z2c?Sx6X2nY%FwM&x-ol%H{^#P&J2ixpzU_Ne+b~n^8m(jS?jGUCbl(1m3qAVSd95+ zZLsn9rs_GtVeIK)7xSq3>Ac2p<#LsyY})G?|nDH)9$R}aMC|5#czSO$ylaUL0Z<$@0x0EX6P96Isy z=Mn7-w{RNbPk4M5pDCI=N=wlAu(TmJ>q!{r4L^{`Ye(K%Fl!q?%+OZpwx5rNtE{{b zd}h7WyY+u9Hvg&fX6oFf9<-j;NaD-g{U4~rD5mG5O)|nm!Zc58#An6-#gFa(XsdTD zihWrIc88@cg;USKJN-)GodeS0dkl;E9ta%49q;hkQZa<)69C7m!g;=bjqfGQjUx69 z&}Y1Y68v7$)<+L!P6?$s<4<31qOaeIOVq8NZu;C9$}wg>@{5Fp{2;DEmeBh;^5N_e z()tm_gW}{x2=JLv_(UfVBDrx8POjKEI;j@Qu9L}V^G>tFJ5hkHa1 zlx#Tz2Npx=v9t5UMQstTO}RdIMDN4hrzwNP|KosRZSV@%i$P=LJ{prMuTYyYFBtkO z{NbPkYp+msc#54y!OfWBl>An41Aw)<1X$S%!mp(NIo}XVy5X(z%^e}3O6=}2&1^z& zBp|XL~fUx36lmm9C#U`{RSVAiD#yg^)%=a1M2u?KJ|CZ-b7Mo$kqD)t4$;iOA>; znzU`t_x(Rw4*qY0ImfnLFjX%-z;dpg8+n(QCyH3IW9_T;#Px>B@vkpk0>h+M*K7&E zrGcVV`Du-vWhqJlqeAoH4{{BYe)$#+AGP$L?Dwy6{*^Z|2ZE&~`^MM$cC)K|6I`>M zS_*n-TeycL|U12%B?F}9i=Lfc|ldBRB5Dd_PwEq<$WX*zz z&3pB**|)T_B}VjEXwR14x~ei1ldCus`|*bQPLW(-*w2^Nm(yaf{EWO7OIijkG1ors z$6g+v?9@(F4Nhy@%c0T}^<4Y^e=@uco$20CHxyN%$7{|SbX(y8o6DYqhEis>+hVl* zp5Zf^$kG6{zD%a+#KdgyTK8n^;{SNKf9HT@#rIeH z+1T+hGSMR1^iuI~{p;Z6N_Y8PlCABSw+xjT{cJ4s&N({Y^Fr>O_B5z792oJfl4xmu z&BV?t8))}Yxl%z=lukVI@2dXK{&}m7%mwm&efv^qqHn)jkJPeoy-~VSH(xEr!Ld*! zO+%cn{Jrm(D+VRRJa#0TKrOQ|I6fgswo`Uu!ZT~zhBK$T>K}=Sr$CGmg4l)H5gU-Q zJ$nqm{wMHbi0~F7~R+bGlN~&NOAS3b+p{5!mLo zoM!rU&@IP1?)Oq7B5JkU7;oB^9owjL47e2tzH{S%g9bX-l;6G?N;p6_QSep6iSoJ0>lvSpDTgf9C}pFe{k+uC7S zs?8;7n@ki`E_EXKx7dlL5M(T>(6%ckNRfaKCf7=;DGG7__fA2(Yfry{%M%Ll3G%tq z3M8*@AJ!4d>9jzs_WVykkxnNt$P#B~x(nz&*n#BMFWQD#6zS@zB>q1~#EO-Bw4Ef^ zv{r$#W8qw?o7l_zOb-15&3R`hAC*iUrM*YD`J`_#{Tbx3%}Ul>qgq~p?BzY>1X;)b zpFz$}F2q|_`SYA!tG&oG_k_(A>2OZM3F%(+F6&4)hKv)+^^HIy31y6^dX4f zeQ-1-g`6@eTHhb_yxm{WC%f(`6uj)+OGYy@uUB8$Ph6;r@j415YL5^67d^e-gqo$UtWwu!I}`2SGOCRvSB{>Q|Ph>av< z^EQCJ_!`@6!Cpt>s@NxF+@jCgQvN$+yesWO?UBc}izqTr18E(dS>LLS`r$@Gdalq~ z(yX(z0Vz{;j1Lfh2xmIb1!ATcolGsB56#U5#FpJz(XL97-N5tUpxTlflYno;E?j7u zL*Fv;^MygDUI|5&=4y&rMv%au|I{^+lvDp$Nq$Utxk37qa{gNiR|{Y1d|&pqkY06Qe`}<5mB$1o`-o z`C8L0Saa{1!Sb&Ptmzi59pYVmaAbRZcJhR_i;^*QvNK*3al~9pfp1GHS5BUtuy*xj z>FeHhRJYIkv9QIM4aYgsh>cCDRAm!-$6rYnuWwr{c$?q46F;!>{akOwy|AdEk55;G zKSU(3ixQ>nVPooN zK3rfnylTdm@7vkc-5$LiNrg(E$z+|Ea%R#rZZ;C|nzqluN^UqA( z-BYWg=nEU7=$8|R_Btm*E2GYnH|%pwbM%x;BMN6H*DgK(fsXW^lZZ zZ<9=aVwXS1?Ho&T)WCYt?L;Y_Jc=Xz&awzp;g+E)qB}$qlKr>1Xngt7*y;*07?@~$ zU*Dh>#DPHmC!|1JOOKn51WR9DtmZo3ihpd;tI_E@y>d`R@r@tjHORg+6iIdD>#wft(TGzdKH4}{$&uYm zyth43Czs%~U6K}t?IEXU8&sk`bm)+X%yn@UzHO$Qd&VB}o93xQM_LYi}fP5j~K&g(f{ou8?eai2>rKzh0_M6F-jtM znPa2X6479B|MF2sE{jP*82{}&-pIqnr*TslK>rtJ( z_OFW}3E@@@ShQ53rpRXg*IfZO`oa6(Z&HDl8K#bm`e2?v_W!vKv4AK3zwH?KdN(6j zb8gS4t{G4T+J~6u7sqpx)mE|2_3E#rtVauAN=dil*Dj}O?YQly_zr)}NfdK{m@7AJ zr~Xo=EAQ;=JX@Qdo_>?hnn2inC#ueVy0r2vW6SP+tM{?gxpVW3^;8Y3rj{1s^w8#x zX&dF2QXT1@2$G=vM7S_t6mAE>0IbvaF$NoND-xo(G{np|mY0LTk$4xtayRY30v7&jw z1CH$%4`ppG4~8Xfiu*J~$iepsRthbn{fh68TT%Mn- zPuFvS^(-14rSV#)i=q}Y2#=z?n#N44W#;)JGU>%%7ZsHeJAU^*p7pMT zizFr_s23;@lBjx47`wB^YnFW|sbAvyf{bcNPfX0u27g(j?mN;*^_TY@Vtc_Rpgf&kVw1G}tB=s?ebU{e+d7 zG4>EMOAg`kwOoI)){d;n{YOl$|0Q|*#m`LJ+lS`|!%J;vJ6bktQ=d)khy`S`l1@_- zQYvU>yHy=s3h~y*OSF<-vZ;n)k#Uv>4^lX`5Rw@=-Oo`B|C+?-wx_H)=Ds}{xR&D` zQ?e1$RK0=o_kCq#21hpBa|g)}V`N0H?6kCHZ(zp_X0PQJO+SclUV_bcZ~FLj5(=97 zpS1tlj69C3y22c)NDU^$Cy@^~xpH5vf}$?xx?|Vif(>&5YIk#N9=B;v+NEIf3sFEBiL!UCwn6LVt%D$m%J#k5z7+txZ zB)nEb+8PD?w&UvA6SBAMCn~74#)$Td!ZQDn53LAaHf)q1yc7UiLr6cbGpS+|Rd8C3 zU7l85kqs#!O}emIcxTrzu|hiiNfi@hfr!^7nNF z@h1}i&IhJsp&|%3E5hC6h@FakKBE=t+w_kwHs-E9RoXx>11ZH3~4jctE z4^&^5T-ot~{`GfXVpOmJ#`kxy({(N?kSNo+}pSKvahfvB1oixd8UT zMt(tyu^j2dxaL~2p1}ZjG?ss!WWhjC|5&mhzMzV}O$yL|tYtW!>_uqQW7y^LR9rM2 zTjdO{FkjGMbBl@Pce4NAwG+8_vOfXsUZKq|!*)EHdCK4x=vl8U8f7IqH z@csLEbRf&oKv?SOt&F{CkHdVuol|8rFLDFuzhIXuBF5Ux=av3>yu(q2*eplHT@`{* zq;)qm^}zE>_jj!5bSmVldD5Pv)f_l>hBfJ&+=jd3YD|=KHTbf@2Ih7PTDpL3&SH1I<*!Xbe((!1c^z!~W0l`WjKR10r2etXk^ooyF4x@> zfmtLZ*bbw32qMYRMsKk9R~)@m|6D4;C^QBEDmPl!P*A^JQ5U`L9D56g_&Ix{+`8N| zT`x5nG-o{0nibB#g6fIB!iL5llALVyAKwO>(vz2Hm%uab*+*CoX1sc~^|j&WlpT@H z8It{fZw4A{QZ8WewS93T0f0{hFpoEltdUI#<@!^JOJCFk`2~)@PlqP6>vk^f=`EQP zJS^3%jPW|!Txsrfv4%U>|2#dmQ?!V8{kln8?p#VR+3GEj!eRIV6i*`WpWE*PuVL&i zgwnwA{(jN8fF7`#1~^HpsB)|z`AoU}j{l)$!PqF1ZT00aox5_bfFt$m2f5TF*0{I$ zB#(DySRJM$ukvHXrG|6Fs{Agzv@49hy&!3X{{2TY-autg#1N7R#)$K$D!!R(KZ}0b zu%YIUTQO?fvTq^%D!B2xiaj4F?;M78-R1h#x1BQRdlmm4Km=(Zg>*y-27&eO#at#5 zoavcoL!>i_>}Kg~UB#RSz8&%Htk z!uaS~paLw*GFUYt^B$#B6lazHmERXd->t82oEnX|o3NYyfuM(IB@tufYm!`Gx#?v( zYy-#2-;ygLTqY`v1rduflidYXs!B>q;v(BA)b}20-54Dkt8!Y9(k^>AIPRlH|ButK zs|HBL4;(-q8dx4BcaTTDB`Y4@?*I1pg_4AvfM;FCy$@lGBY<|22nLbd8w|^AOb>N( z+Sd|1Ut0IEQZJCx(q2EIUT*KDBg~|CGT^rTQW^rFtQN8cVi|W&E|&U@=IGhc7TI!g zmfAng;!A)A6OXTfknbeG)S1VToy1{uh%_ZEjf@&i4qP^qd_^z$6EQ!pHouH` zxfsBzVDFdzX05Bn)!RwpXk2U8LllMj#IT)7{+=tsw7^a;9X@L00RQp>`kX{in&jTK z@XTh@HbRyZRoPlO$ydwI+jeHrvINs#Y*yMo7vUeQTLKvq-!>xir_(Ci-tvE?{O}b`K^Rrj!(`vcA#JD|Z)gesIn33ZnGP2VUrSBGBY` zwE0Ev?W6mWbAu{zHHSaHPp@SvA;xeTch}UBIJtBje-E<&0>Deo0573kz+4W`{3ay% z5KldiK)v5MKzdYvE1*D=?%;#|7tDU4IQQ1(QwpcTnW%i1xxThN_k2sD4&(m%lWaTm z0@LSg(re4AaKu*fMIL`CP3ZJ6?PDag|Jf!B;N|8O682`x7LGuJp3M z9!63S%EQC6J7MZi$I1!=D}Z7pI?|Hty=}f{yZsEY^Lu?X@?9@*rFl-kpUlCz@c^f9 z-i^#hgC;_w1O~p%?djxObihvfgx0cxmY1JUO88N->sH7F-N02Z)n4bilHLoSKwVFg z7VPyk!o_3oREseIHV7>@>K7dw%1F^FFFZH#X}mAPLSr)h6LI~j?m;odhy4O|+2}p0 z-s&JwLwR-oDl~ykmN$q$OR7$i=W{rr*ii2PZ$MlZ$Hg)pYT-{+O5RduyxzvMqgz0Ut39g3o3&oM&FMS+35ghaBoQD zNAY%K`_&}{5sO;)NWMJc15@h!PVchOnr|?Dq8lHMEAOhHoY#8`zs&K*FV21e)uNCK>BF}E+GfV z3q`@o`7?mNEHtj=XiX$@8Vln$hUGZ6?7etb`}7+R3G1y=T8e0w&ZE~G|cJlGoi3YL;LjY{Gpv#{O5h%zQ z=W?^r+vGXR(sxLvOL8;KPQ(>%V?o@=OJ)bR9VEHdYZVQ%Wn=f55M5JW5uR;t5(NBeu>JW%8}+s%rkL-9NpUt{Ld zKUWGaz9*x7u^7p9*ZT8I$n!iO$Eg~d^||);jLTW?A0-Ovgrd6TdVwWcMWsK)E)K_( z0^VrkzkutW{rrxt*eEbX;yvekoUN2PQ8Y&*>Y*N9^3Lj8s*IzOxe^{K!-cB4W7S79L=K_Fm7+Azgc(n-5JMq=*XnijT*k8Pa8!Boho-=owXUtb-|0rt zO`a#15yU6;ZV3ei0CrFu&$#EpC6rU{d>B6zJR4bbQ=t8dBDF_E1y>+W?i1Z*cW6>_ ze<9+l^7&^i_IY?F%Vkbv_OQ|Bgxg-7dtPS{v4FHV8iuI?V(fjW^u!-EEK9K?>TQXq zLwrZc1LX-7W#W9y;8^if>$YBDxmVo82rWZtnO=>2xyQeD7d$r>H1iJt4ANx%4rkp| zMN*2m-7!E>?x#~Vutb&z4>$Jcy>9gkzO(qqM&Z>A;;0sG%QRK(Fw?YomXN@yktyP~ zEt$?^p>0m5XhSxama+4RhQv!260QJh41JF9u?hsH)=}QTng&>A^y2HX&MqgCcA1f3 zgG=_GQ54I^jGCDy&#_u_s*h?!`&K)v-4EOCn3H8k^~>y!=m<&k8`3e0K8gK7vwCtJ zsc+M#uqqbcEC}7B={HLA7s7_BIWE2q^PTfKz->Fp%u#Q6ph~-LTL|6>XUOijS;4cxaov`1uxx)EW$b*6Qaf8pHZ7bWYBR zJrwW08O0kY*f#X9$~OLHuri@wC)SE-nJys`BwuP9!m%y!r%Cu_B&;M2f4{=g-E1UiOuMd#D0{ z*Rnj9_5u)8%!~kigcgn=os*Y~(-p>rlSglR_GDyz+cjB=`mQ#ZSb=R)({fVT-CI8U zm9)1G3ZlnA_SJf4kWCa6qYxDeRrdwg6msM<#>@(U6bRv zn4s{nn1xjEAXck5)X0G{`+)OjtFLKJhyGb2<A_)W(o$1&3g?_I5Bu^-U``3kDZ1>qs1bw9rC!9xahn+fhv zMDX5~8~PodEGPx2VC*FqSminbOeG{r0TP}=Q!Ko5WIw!a7}w|l*EF1c9&ypu&+=&V z`cMWDUT1cO<;K**n+GfoxAOUpo)=0iAb=9Qj%?&j;WEX$5WSd)hLp_4vRAgifilU% zlxOgsmXZR%&sTkRe=y5pf+Rtw<>VPYElPRFyo-wha{+I_v6+g>CV6= z_fJsCgUoOL1Izl?H<_jj8j&4`DV>}X!sPHcHrpsFBH`ldv!wr5}9 zS*|p(K(-gpVdU>qLu&wa7C=7X+#jXK&{?+1W;J;OFa;*h;O~1?Mcpej<0JTsU|2_Z zdtCLU9PRNsc@fWpYb7E3A~)|p)*=<=d&W3gL4nCg{`E_^=`%bI+0^&>8pTo^81F@v zl-@4BCiP{V@FJp)rICmMF=~GPYwy?5gy~4rGdnHsuTYKf!)<^yb8w4_UTY!wp0#Aj z{N_?|v`|qD3HhBmzq%h^b?u);WY*DKCu0POFYqnkZaCO9TtMmz(}&0fYPH8>VrN>W z2^pVbJwzVfGabG^C(~cvu<`vCFJYeLFL|$+v0;JHvm%r%jQV^g+MUAeH-_xIGv+`~ z&TNGC8)$w`sqB?0yM-=@)ku zSCm_6K~YHe*N)!3-(e?Brwb|}hl&xEN5tClL&?jVa)P)atAm-L0HP`{Jy&;GKdnJJxdq^d|*JV%fttowx$XfE+Pzv-ys|5$7P3l9Gl}HlU1Z zzll^cOwjmzpT*(StPqw6NW)RMmL2A@y%Z{g3copv+#fG$kN`mUrm$=AOdpw(SW&KH z2d>k9)MGsrTC1*T$yKRrL9&I6%#t^8+G`Y*&3B0!)8pdbL$Cv35)jn3kq88p_-}Bm7;!~y zw*UB8!JHt>&p)%VM&U1^fh7E$GXs`j%akwRg0+W-3ipVy)U9Ts8aDWH0Kwf32eOi3 zVUfgsKSR86*jEtjQuN>wj89vBS66!FfJNOWCvwxm!va$*9Y=o>9Hk;{ZpQ`$E4i+B zFl#Ab?H9Qr^DPCSHr?=U(I-S46y^F!y)md=w6{az!@5NQl;`#jMxq$4DE#FwlGvit zA2}Xvd%kT*sy{jXCNzpL>v0;JQwi*`R>i9Z8>YiwRkhA5N}^Zi2c_?sK#wY*8XSJt zub!VNP&=;jS4uLS2< z>*XO;fSy`D%_eIF0jxj(A#Pthd+GTt{{T`sUWHs z2zdO#x5tBnZ>utRKEJb2jsn1*!=UCae{LeU_%uWgPcO(GFj4qY`Y9S&p~ApNow>6(>-6_U7w{h zpGJ{CX9F7+%;5Bb_Gt#80RGjlTX<@>@Z5*!h&ds|Y>=!^kaw}ydNSt1u<%J0`k-O62-RX3Ug8^T2ck1A@MRK*%NcJo?OAkjR6!hGj>@ZKh3Z5W{G7r zV!@ywt}Nen3xeKQ0Q4zs2L=lTtvmvj<4C;V@~6)qILSy0S!?}$4eLM^)*w_JMDZ!)26)3WE#;lK9$sz`7o-chA#>5?OfJ~%!hHfPlJY? z0?83KU@}1f@>#2|p%^zKK>!*}*5VoI!b$J(iL?8kCyA%~BYn|1O}SVGN^w?VGiBG} zDX@{eBNF;k94g#({jXKjWFmkRx$RR&ReBGS5P5R1-JD;&;Uv3wcmB*Xu^|2Pu*4PR zy9cM(c3;cGsl~iNq6@ZklKX{2M#(kAjNS}_xF(Ws0+mt%X)$--vtsIT3ns5o1cl0_ z{uL=|v=5M=({bGP)I*8*MbVR25WmJT)1Wff)VPbI-(r;@o|+$4?eMXq*Bt4*_KC8( z#d^A>G!LV*%i2&j-C04qdfq+qMjP0`%jjKlPU|NvV2x2BO8Utt7&Ifj{m-T&*1`H)@;klNa80Vq4n=K1`jme z5YBU^5yoCj2QYXCln!5o)AMIc$)y8nqxb~J3g4aQR} zLTi*3x}%?_Ywbes*-uT9>Yr?uRp$9$U8d}?8=3n!VWqyTu3S42KJ!`slY9esVQHiS zT?F?m)_~%>#BTL?qMv=i`C1|SHJjw2x5CdL{gXIPEFiKJwbIG2zVhMoc*BVW1{1Ix zsdE=Pm-@;S|EK-p7t`)HtK5ZfmK;e?0d{{*JLbE6pVDCX`MrM5Y_U817q}Zrt;B=c z36r3{B@Ht!`E$bglis;>XZgPlA`4(-t`q4vy0%+!RG{EmUR4u_cOtZWB;rfWj<;fb=!Z5&|dqApM$aHK&1WUMf8bGK-+`3zjXCo;b8r~ap)yVxN z?IToxWC3$mWc-p1DafLN9O$0Z8n)<=X|JE@E7*m45%vtKf4J^W)iXHn zfw%{oM5&?11&w$x#@m64iOdU^XFvKv$V|deQXAeXWgzV7OcROybX^ZbVKV3Xwmp9c4u2-RO5?Lce7yBrP?L61@90iqAj7TApL+ly>fW>21-n6+a@e60+N zm@)ho@xjHGE3Wl&jz4jLexv+L-DwR$4X?v>4bfwyi^fqg@jM)hf}`own z@ADuVD18DJsqlTt;3zyQVVMsUcByYn+r|BUEntk7=?)uo-8Zls$-6%5bD+xSI4j!E zE;JJk1++aFu&A;mSC$wdmsQEl)|i{zQeV2no^28X@d1PQx|um0npg<6sPG z4_e1IfoU}WJV9LspKS(|K2raRK(r{XdBe>k=0fw4ODNfs#m`*negekDPvE6L+3aX; zb}3aX+Ama`(9OHa*`E~$hIMoT_Jo$qtk?koJc=Vgfrv5A8X7|>1PK>E18RKoOV$y? zy?Z~mzXgFKAZx6RthGy3iZ^}x2t9&~i`p@b$W~(Cg#j`P>S+`f$?(B>P*@+FWAX_j7u;ppF5s!k3XW()AtTTa4F{465vvtl z$q+GZiMC#jSIpq`cPU*m2ovnZCRqbmL(fzlAi9+Vb_y-vZ3pbncTp>s%W~r>@j?Vgc2KHAeW`Y|x{c zj(52a5A%fpRh$aQ_3305BxfSdKk&E9Mt(1r^IF0w~Uz0nOIB$5p^@pVngjl4Dr8@|^~Yh#K2v3mix z2FNK`@JOf{!%UPrb$5L3tfr|O8Ak})gCXfxJUUee>BNzF(Pz}{0F{dAcFN(sjbDTez7$b_>Z|H9D za=kC7Y&LB|@6#QWOQyRDU2Y;<=H-B_y=#k(Pie*ApG8I&Xp($6_6^VMi>1-6ZCGK- z=Au)p@CPjlZrAnCEwwebr3vTnInI{za6eH4N|=sUUjts}w$ugux=gOsoK#E-5G z?j@&G%+=Siw%WJOr1M&p`Y(mV3y}6!f0?|QZnH*P=onRUY*0|N3(ScuJ55`h7GDi* zg?m)l{WGj1q2&w!oC>GZ$UqSHC7b9|*>%;v%i2Pf>Ys#@s*Ka|qe=Xl4-#eG>%LDt zJCMYh_;zNp@Nu-L5gD8I?VK3?c@wo9(Qta%2xt}=J`uA@8rn%5gN+|N1aY#G+SgUr zfPo@J3VM)6Z@Kr?YlXaL66x3zBV)Ts9KRe53W8Pj-6pW9)K^zourV{IUWrO=gozJ^u-t%U_xK-@h0RG??(=GQ%G(v2H0}XgNNwt`msJgq>}LQn(8OW{f96 z+awQhBaEwW1L^pl3{ISZJEaxo;rD5>dZaTpXCq@n=eF8fJ?I;M!8O@Z`|j$`u#hX- zFy}HX_6sy&86M9f?lEoZW{@fb<;YNcOyLL$YXZ&_ZNt1mAAC+TT`l zTVXJ!ZK#-e-Bw)bWe9VHm-!OAg%MXo28lqc@lxdt)}F!cQ{S$cUOcb@RW1(?lc4lU z^DihIIsi<}(e2{QiyZM7hdr^hr03`7-}L*8?v2?WiEX38@AJ#ao7D9eTSA4n)exnQ zyxwJIQW8{gBK5SG9?j*?p%=`Q6c5x|vn>cw<<)KpH@)mu^*ya=<1DDJt?8FDEt!~= z5%M=ZU~;&{AkfM$$|I-im1!P@9FI)#+8asB;ac(GLug5GsW0WLcdM%EeL4G4`B9`t zl~>|=mNeui5kQ&}E)@!p7}~qQ+pJ))L!xW6fa$+3vkX%ZcuH7bFhtPT4h06>!e9=? zk=Q=O`e(ZFQXOmzeCnva@A`E`pdVGNFjPGxj17*H){z^E&Vx^ua>s2a;ro-s2H=KG z2}5tKNG`r+mb(ELX#FyFc+BsZ_p0*H!`J?^q>E2@rY7&K-mqrwE$Y$+awUVNdSd?z zW5?|bHN;qBJJGtn8Mw{#$+h7b7TQ3NXXFdhfvHKKpE!PKnz9Y1z*ZLaeC1d#pzKXi-<=rpnlxW%L*9YH+?4x5aS@P?13^NKS%C0e-pC*-l{*2 zE{;rEv-wU=(Lq9RQKS!<>$y+FB)JlJ6)18XM98s0yyPW z0Ug|l8oi|KcJ0sQ!5?|Dky&exa6A|{21eDbd!xv?=k4#4=^OGkn1j{63C!=n=TS1x z>AL>(M3Rvv=_bN@5dFhPyf@5iR=K_}00UTT+N$URt^}JwNX;L&AHe~%6ZoYM-n%MK z6lHv@HSqFmu-PzEwv%}xO5lj==QB8Ri|E5~t%A0H$?UBZO8l`E@n(H$w{Y4gkMuw^H(BWyx{#f2K5z_G~dOBIEYuzkxNbuHfJ2 zsVp?%GVVX8r>j++|E4JRQDH-Rn#2UM_5f(bu9xH^((t>glAGONh@i%Lr1OwJ>t-%= zr{zFRVRIN%Q|erbsNITLk0o3_2jtCE6EB-!-H38en<$2jp9yM%ghG(U#zv>+8C!JL z6T~-*)RMU_fT&`Tc{M7((fzyv&;uzw@1zLz9Ms}4;l>9P0_G^mL5(D@f1gZ|-{N4W=-e-H(;ZGXl&fH-I)4qO@(2)ekBg&;DxZ^m=<7$r zUx6dDNG2SZL#C=9g_Ugs5tKx5g1$$Juj?a7Q1l9qW?MWrEk1zu_&D2iy`wx(X_Qhq zsov|@fH4q|#5&Z#GHw^xUm1v+o~66U!tbI~N^&KTH}U8{zgDF%av9`rxVk*kX!G&J z@FdNxP;g%cYPV36VbiZk;7?*ovVL~8c)*ueU)JcdhVq@<)-F~*%))eD=?cYXr~3|E z`S|-vYW0yFr8;Hf!xemNadW);?!QeVw1Jb%Kzpql=88KOos$gyOWXYKB;5%fYmcT3>t*25?ytSk4 zz~>t8A`UzZ&`nHO!PzhmA<{)C(Gv;L9o2tDFY}|m z&$ZJiDk>@{D`U?!$dWoVf4^tsu@K^^s(6P-8RcxnW2WV5DVTkSne9IFj0`x{79Tlo z-1@C9aQ=?upMQ^Jgv@-l`|NvAmqGwV&Icx9L{0T1Qpwqw$9AG38dbU6k%-XJpouDT z`8&o<+AwSoS5<>x-iwxohJkJw(*81%wF=zLr6iZ*@jRdgD&t9rh@H)`!^CbO^PvN$+$3Jy2N>?7W$!k`k7)i_3v0>lN2XqFW3gvoC?~Y_b87 zpZ(GKjUYX!ovcr%>r|7q=M^X+K^XYGU~nr2__EACzr4Tce(NuSy9`r5j}Tq5t^hqE zX5R``NE=v*<(c~sLdLs~JE8p&0qhUUQD!Cj2DqxB>PyfsO_T6%<1x&Wf%zPL(QN?E zuyPaTm#t(b9`|8Hltaw4{DOsQb^w1+t*wJP{aQ1HLcn2LaBf}w2~5Fv2%sfXe)^{Q z=h)iBO)~j^VNsbFkPrH+o;|n7sU%Vh6pxd<5A+aE-8ji$OoeI;LSjay8UUjR4MHp# zWF?y>@F@ieH1TzWi@;RSbiBbpnXzJcYM4mOBpvNW2b^O9_(vxZ89B_vf#v0QNZzxz zPZwxp5cT{D7A9~=0SKQH_1GWH2d9aL1=@yFn>Uu@K>eaKI-h(K{)n3n=tOfV4e6L0q7_l&!J)A#+SnwkoY=IpmP4TI23g>?|L-qr$c75GxGd|d6hn) zT>&=nxzbePjzLZTC)c5HZU`!gHz1Zi1BiC>0BPc0@8{3`&TY8bO2hrJcDp5WgihOd z&QU`I0|*w^<*LsmdbG3~zNpDV*LSn;EU-CSliF3x7m!)oOS7%sRUUh0Ob*W7_t3** zl$Dg6KQR~VtR^ri?~W>S3H7oFFW!Lw{;#Pa2j}Oc7p%t5dM1AO0vZK9Z4<`8pPBu7 z?=E(Vy;R|-tdq{i&AK<_W!TxGo|@OiKo02JBweqkfrMa@Xj)MWxXdCOUAO_^$^BX= zehT2kEwb|o71vh_wf>WJsjYT>bgXYU2k!YI>-Zbv{%@l+lqhao%u|bH#D`wyLl8Cw zELd5RIxZnG@!K|oQ5;^A34PPp*ce@{RyL0jXDYm0P@#h+5Q#Kum~rS2Jy7Osg!-QS z>;Y@2W{pbA3@^z9$gXPn&1OkdS)aRXKGgiVq%oi5PnPTZQ~w-n8yozA$&R%@7*M3) z0q+0iMbHK4(6`Dad53GVE(#fC{0T&{Zd98l!39W;4+C*D$L0hJ7Un?y3(RzAVr86G zYgXWLusr9bGut6y(q&x=;2`9D<~StnI`AAG|CuV^XS%FZNtt<{&C6 zs)c{K@eV&fiU0YYyq;UO+tZAO^r{{ECsc+MRY`m1nME&+zVF;N*;659x~^6<1N(U* zjTjUEYQ%a2_9;t9%eOd@PYe(KHY0%VWfMxrV_=K<#Ynrt?zTPo-XL|)vjx^zM&tJj zegD-3U_rWOLLdu*v5xhgL7ox^S8E+!`k1KPQ!-oaH*qWuwh*fo5OWrkg~c>tUc>-Z z>g2ulBL)Cnc1%(A@KIl}M!xn&X_a~34R6*pk+=Y8J)iYwH25}rD9&4o-iw!)H<=uk z<_V@x4>Ha}%%>G6HhWZ)ildy@aAU)~r>$lKYOqp)BK59+mft*HyGeZD9u;Lgzs-0$ z0M)_=M(fGfFi}o&>o29rw%g7-jcdXk3{3=%P!mwkbewX6pxg9s9p}Ug3JdRR<_ap% z5<`HEt@G{Uu3catS^~fN06(RSAUBZ)?Of(S>xj(7CK;#R$PQL6`u5XJb|%4R>z~p0 z9Sd>77teuO+NDI~x0-JC*8A8&=W7Im8%z`kN^GUhyN~R;-wDk55J|tl34HQJq4X4x zu9A#Va38f**dOLS`Fd2bvJfs5*J}wQGVd=eE_;A7z&BB88XL*kq+ss?njvf?A)r^z zOluteF^Sc@R)5OnF1q4I@*LOI$*_OkW}%NqqJ*j6N#VXZ7?srnhIBBWGFyDw(_^04 z0qDTz8XK*Z7CwarP&jBc)KCyBo`t|3c>QnULyD4a_{)|)`i~bNVJdC3yU_c1r(v&` zf=(lg{;86259o)y@J-`tKYs@o05KWiG9<+E)SK@S4SGoxt41^Ej5|EJ8s&jLd?Djrp!uc0UQ?UeF|1?ylwf zmxiVReSNz6uCAg2gx*1M=JjZyGRyKMk>^-K4)X}DW|(+}be<;Yv{Y`2=#=Xb{&qYQ zy2OED3FZem<>FC_1G6GOT7rN=7i=Cg0h~2Z+IcAAAgZI0F!>|n(g5kJ3EG;iw}szw zTjmpQcmtRbYv8srknH(<30O%YK&CAlKLnEqcM7y!O})R>*d)R=R#wbVW(aaKFhN#l zw`IhF3DFFCwlP|``2b9R?;>4>Wy?t|OEe3$H|R_1OK3)0eu5!nO?`M(2HnE%i=PN5 z4DiW(V~)L!Aak<4gKDNm7RlvuFwx=?F)C?Y?k&;=D!}80y2QK=CF>n#=o@kDMbbJ7 z6ce@i`gL@TN%*;nRMPYO)>`)m*eBb3n`%i#aUK6rhQF^VN_$ z_HhA$0b1Rv2zFAaT6k1ql4NZyGD-as%fKHHy=%+&0CEM7^HK&RqYGqYl{=vE zj&AdU_8ELdI!LCx|A*AZB4^Jwjps69e<;@PwBuu4rd1Tc{pt41I zm9}sYG$@Q?qR33?i|nL;1)v1KeGxDQys2N#B?R(pzY!aa(9dM3-gwL;AVB6&PqA-G z$jvnM9VNBb1`OhrJWI>Udg|u&X*e+>W>l~i$WbwqkuAZ=n7shE33bx22)`;U`>4FB zAfNoA*}n*6y&djoJwy-yCTrSC=YYH_%bQfq{A}MRP7++!LMB0=L9@Zo7Kw-p$c7d~zLmk`(tp=I zWYPFAiZE`K9o3rJoTzlnT+=+(67ICLuqfdN4qb$fc@#+4jJxkKXo{UN_eBy0L$?`+ zYZpTTw0Z^=u(QB8|3~kN)LW|w*Xg*Fz?cXTm;6WHxBwdnFn7h;E(^G>tA7dTSL`YQ zyRXJF!}Rr33NdDoQ$s3?O8Zg<1{wR3n{@ytW1(1Ep1hH8JWyI~6^|BZ10|t(8t)zf z)QWoPL;>eFAPepRh>GEyIL8tgM({bWyuiH5m1XBk8JQNGK`KLTDLTM-ag{>rA$_eL zw>Fz@Cvm5N&POQ-%iOswx}4bLEk#8Kt%;LNMy{phMkNSo!HdeT8=_CUV78KaN~f(v zc99W!0$zvKzyZd2{{c&l{YRIq@!FIQtRkH0?!gVJxCBi?R-3i7DX%>&d-PNaJ1e8- zr!)ASE1XX^h1HzJff_I*!Qgc>pd(Ajg?5mqpyHK`oik|Rz|vUtXjHEn?!ne!3I!j* z=0+-WwI)4Mpe=AFU~^0|8Q+JiCgk#sesq(22Gd5fZ+Sy0Nx-$ zhwCaR#Xy@IUijLJZ|uu=xInerP|xMca5|jzfrW#-LE+Ea##?UXC$EHV&91?4?^Zga zUIG#$N-AuT(t#R`@mfJCLlVy^83|M&38YL%{9ts9N>!l24F?{FspL6*iISCH9=oPP z%b8G`Mwa(ZX}ADW;{5>~ zg(8;?ERJ+N%CGRar?{R~p5JRH4D2SQ?C77G0=3{57`fo6$H3m^kK*J65@PZdH+Pt7YvwP~VS~qQTMwlpnCw(l>D@s-JLFD*^+!r=JlF&8-I#iZ z3oO--R_TRNL{vmDqXXyyBS1u0Sppz>qyb?rf2O~ zySC%EKc#VB1FuQZ&GrGn-3GckoLh;7Y(H7eRC9^G>_$i5AobdvzprB#2Z-QH+Cac7 z7lQD`)!ReKIE@r!7~`CvpTKx;BlWUZxnmmLH!Vd6UG&viTZbX=!WV#3G|6>G(GJV2 zhm;zsojYHEVdCdZ$|*0MR|eFa`fBh22I&GrhbQoleB3TXvdE;{YQ9UHF1i`H7D~v& ztQRZ-eJvV^yvCdY^M%;Lb`BZPoB3m)=e_>ECx2S=K{colwsxA5E#MfG7m>$eP+@o{ zgm!_KhAe<#!swtGCu}vQU68J%GuZnn+)$C#0cCt(2zcSnbxTuyKde<;rM0IY?s+YQkbN>;j!Xa1 zdQ1&suSh8oq4z*?6B#kjL74rps0;%x@PKA6+J3B}`$Lx<$DH1)MSk^*O`F?B?;OOZ zfmuWT`)x2xM)iy`d@ahyiAKO7i;bGI)*VPZ``tkuRDG1_;iOH#Twp%rC`{=Mm6jvhl`CLgkxf^m(H(!k!1DV%xyj(xAUxC&E289c_Z;QNe_y0v--KJ@=iBLP5O-Pr>F?H|v)CuVs zTbq+lo{`8JGqEYuj}e2Q_Y4O4KmI>deFapNTNkY$3K&RAh;%E0(nw3gp^+|??o>(+ zDo9G_p*uuCLK;*+1VI`J0g;eaQu?h=z5jb}+;fN5JBV}kxA)p>%{Av-AHtTS^qb=5 zFkNHKIAr5Z;rHS;M{ILztc7gkC_&Tx-Z`j@oqZ&kkRAITP(QU>v&2Du-%GJ_`6Z!1 zTRZSzw4O)Jk4>rA)`ujmDV(63pqZYiEhAygWctZ7ThCr$BX06kJkl+MG>Al&GD8$>Mghx?{ ziI53v@1Zo6u63%#(}t7*1-eZ9m&T3yqO=NmL1DV81Ij<%&(4!!@yz6XEdYinYU0ET z5lHTbQCynIlb(jo3OPV}mRrBELp5mnx-lkw=Cc=Q6PLdSwV^1 zS#y|H&?$qMXPc-%PfyR2KPNQR$7ClXeI)Y^F5-yL`36GiwWvzzU}Ap41!5-CtKgzR zP|#sZv;cS97!I^l@@Q77=570So-fBpyo4g5TEj*1I}-v%+TR?82;p${p92lM5mP5*#?OHw^Rm zEMpgF*wbU;r<+&;O9gJ&ReSKLyC;0fp_L@U&C4YUcflB;Y1-i$0 z5QK9L_Fp6kWJ+Z}zdq&GF20`OQ>-(}`PJoh55K%K&%1^1#lK#}GdR4gW#{9nvQltH z(Fzrwq=~s`_P0M>^l^aZ{^B}h;o93G=gByp0rGAfjPVi=|N4b73^T7lXNMiVaV@GB zOqwo?U%m*gFL=}LCUJ=3AO|5rBY`#c^nB@QKJ6@(oW6*1aD`Cn`mv&2hxQrwv@z+HQICN(05KWoAE$ zL8+eU6j@^_UlhcuD_~_39DqYD0}+n0uX1aUp(fWzG%xq|(hI@wpMd?RRi+@)eCPvo zF{h1L1;j{>Km@BUhX{h{F($rg(#1-lje`ePzo#Qv^-@2jyI-l?ce{OEpb z!^e7ExOa)poBycKU9OKjSdL%os`h9cG>+==gj}j~x#^YAe2GCFivt1WE$N|L;*%Vq z$R_rv$CrQwF#as5D^j8Z=l3_h2W}1AAvp2Z^`3wz>ds?vq(31Yh#q`Z4~+);QU0TS zJz6tj%2I2-N#wH5F83Rr2s^v&HxkQYtzoIT)c)ZhvY#Ft*woV%gi;ick9@II&y|O2 zaMd7YCeQaJr;!4egN=LEb)yzj<^IYXmN@B3J|M_MEA;^xT4fqKw;!PO7<|jT^Gg%| zA3-1J{KfnsB;7II>Es!SQ59SCdA?{i0bOv)T{-Hlv&@_8kea;%LiyFLs&Wti*a-bM z4yos=zd0dRW<4Sak9I<4EH0$Ix_k!U=jI}UMFc*}Bq;zkEyA9y1PsxQu^}2KOL-ca z6&)Wxn&I4u{p{a$I|40MA>H5&HW8+Ib}vM1hoHy6)g?QgG)$_Y`0Lrmg}fod5k<1a z;642Td2M5-H`W7Zp`FPd>HocfBttHW0f_{sbQ^3g?NEQJoCv6#`Dits!(sU9Fb{+m zLN-)P{)xH!u?dcIEHIJ)qlPQxxp6;zGomkPY+_qeYkhl zzJ@~cay^}oCc>FIz5x zpj+aC3A4G>?C$l`WGN4WEFk$3cb6;~rqy3N9G*JJwA;*QchFZE9z6>%*zWbukRc70~ZM|r&L?)At!DQHd zjPc(&2h77IeNMAu3sV)Aeht>_DXA41Qo_Z>@MBLbaegm#Te)$H-4fWMJ&s+cO?&;=q}B)?`v34U0M9BS+C=>XR{>}D#5*G;@3FJ zcE;B&z_7GgWjM~Epk3Iosp-|tC@TU+F298gBUb8dTDvV;EuXJXUDi9t6@okZr!f9K zsZ%Ej=#=uHWW@8K{4W8J2@mV2BA`jdoX%PEr`5?_+Y=R~4{oT5i3U&CCQIDLMj!}% zwCz@@uwL8{DJ%i@3|~mu{#eHTGV$yq5)TX{>Q-n_A&R^2iNvI)ruI@^LAaQ8VAzOg zLyk{Rhlu?NlKwAdEO-mX-&my8uwQyW-1EvWXkZd2l+K*ArjnGRQGzrqh}j@^kAdZ5 zB(4mq41f5Ap5YkHtbP66{0_F?dh8B1PYg5kRhxzfcji#Byaqgq6`A<=H%>N8OG^i4 zQ7r@G2|=eh@6pH3>{)!)r1i~cUf5b-K0Y9(KKhC)J3fYchV$LKaY`%Kv1)rvM8cbc zj+d%US@Lj1#y)=n$o=%9F;|ox^;@FETju8+>K5~+Z_L;c2dQI2>5H^ez}zyI;w#oy z7OZ9bADTnqT)juZflaL_&Q-%rE#qWWAc7&Vd)VhoV?1G_9Vk>KxFy+06+gb}H&eLH zYke~r8alEuVk00`!IOsEkWT8bX$U8_#ySjdldRCvhmo@iokI{g$VqJ0|1v1oUg}!V zjgwNp-c9n_!qRIwGSO7oH+|iScDGwBWp&RnyYQ%$ur?+Z=kif9Zuq#*U8pw5=O$BM z0U6PU^IQ#)Ty?`3?)+w4Dt@~kniE?dsuat2>_J7dA7pIu?&TY+(~eC^WW-em$~*n} zs&FG-0=+zT^ zp=&o$D~B|?i=WdpAqo?p?GY;p3;QnN^2K>nERR=-sPbZfLN;3=8EV9&n4GDK)S&Rv ztp^>1;6y4#=CjM}ph)DtO0OZl5H2vOrewwUq9ND#fFynEAP(2aQ7XH73TWi|_`dqW zud4-o)gP{!@xsEc>igY`7k{hkjgI?4?I-q8cpultaSpd3_raB2YBo+Ijk1QJ=h2%( zttg>uzWcGqlfC`zjk$AI#3?9_w&V3nbJHlr8?36sqLO6$`p0nzP5M$McgzlxqP$I> z-6PV^#r!gGY|ORsP~d$@>2FkF8TQ&^(2*2Zn9&F9n!JZ(k`c5B4XUqZzqu)(Y{~Ot zPo|Y_B~cUC7K-xNxbs!LzPZ1l^o~=l8|CR)fug+E*t*ay9m* z;Hi!WPx@m%USYnMJsq@d7t9XAFO6QG#z7#-`fuuy?=9&j0a zajT#em92X(??sltHzlrnXNpR!NVT?~U<8~u!QJUSP!H2s&svj)tLJ4(3onhFXL4AY zI`+P;;7F9#WFu-l@|?pV86|p4cHZlnq$y<2-nTqRhSov>?wo;)#5nYa?e#GAn#pH9 zri=ndUqA0}_D|tL&f8U7n5)_*a3ynbIe&uUCc|>qV{j}?Q?1!0`*_VGT>SQn{qPxX zOD3ti$&!X{eKG`_VQYV5-xtXi-HLHtTca+#=+Z9QRUw(CSL^Yw;>T#*ua+z*)q=c-Dr?{re-#&59~`2s{3BU-mS025mN@=Df%1YPgV!V`%SeT#Ys9 z$0xxPq~)q45nekhdUSK6Mt@?E zhZ|G$id@W>&-&Ii2QS<9Y`;^x2^O5zWBQdvNgXK1OEU}(iV3QoF)U41M0FOAMLy*f z9aNa#ofw>A9D9DoESr3(TiRiNvn`Qf{Tg=iOkPs``;(MUpOlem1R7Z9rzkihCBjGu z-^zA&Jkt;mYJa1$tI(o>{jF)Xa*&cr$qK+4RPclkU^VgzH|&J+Nk;Q~kCp=AD5ty> zdJ2rP?4s4%*8NPb6f660BmZ_)9NbPIz-T1{KNIkC2B zpZOX8LTkp10=`2NgK}Yu^%6FhyZ~=(MZj}WIfZRdQLL2&W*cu2NhN3GlX>rw*DjW% zWeIdz*f@9~p`W0@xyEBz)KwEBQ-i-p&Fpso-JeecPy(OGA zRN|KQ^8wvK6D7a}_~1aTUgy23?Xwvtwtme;D^x7r_UP+@mq}%T(XT3i1D3+DhbA7( z=ABGsLc$^oO{%Ngq47PDXcD|nfRt(w0F_lp#pyZlmp&2o8ecX+7<+sb_Z>*w1Ran> z#XS4=ty|95mviR4ZzLNQpv%}pxuLKbWwUkt#8Zk>tAy-Ic7Esx7%jf?=kL%Z)mPr$S{NtnHA&Dz};>Bg+5RBQk?`=$kI)7jw$3#GkT33xe+rDw@K68Jm zMr>$Y$NnRjbg_YXO>s;%3!y?|7$5)(GHBBJWrqK_03j%#gM+a;EhwgS{C0;pjW!2N zNb@Y->(VN$P%Vq?lhlQMm{Zz{bCaN)9OenZOeW(|YIZda*=%?$|K_-vF-k(D8!~<+ zn`XP}hHviic|Xdry+@${VfE^UYLiIk4kD@Kru$8SN!Q68O1o}UcqogZ&B=PnjkxL& zAkEIpm_MqI2vcrIEq=54^Pwt~3VfmaQ+2X?Xdcz24Ocbk&Kmsssn{S-#IM zuk!!;KS4DEuXiB&;SqUU?p4KW=?l%nZ!Wd>+|Lv38i;jur9+V@?ZbIv8hpr6lUF@R z)MoOoQFuF+9ZSSEAm zl*3W*#!E_n_dBV=efh3@_6Wj<`<%y669YAmjCrd;rEME{2Wx>KF1mXQPVULv{P~Zu+T&c?-*YFuSl^~Ry$nHnpr^dyf zMAZDOQh?}VLWYG1WyQPfH=-10#ILoX9Pec{1=j3j-Bv4c<>4Fao+#O83E0njG1<9H zam4F=dGZjP?#>pKmW~qSQmbWn{Yw6F{a*Os&D}TgN$F?&7KnZfsCB5B;aOx&->*guJAh5Uo!{~OiR{8Uw`Yf z(A~t&^&5+GM7ESEDUn4Kss9T6USdM9X8@GLOGOVB+Yc5Haol}LQAcD<$&Yn^l*ojy zV*6dz;Srcg7RhcV-n>7ETjK;`q!Y-WAe&AT?%-E)Qnac5_d@2n0&W@ymMX6Wa0}&-M$x~Pg~DhzMb;K*%$i7>JVb| zOEb{;*+sWw4<8c}0rQf!;_A`zoI<{2fmdhWbjdgmkaDUp`2S|kfH?U+Y?x2Wa;F@j!*t3{F&QWNzy2MSA+I)QUOcP7pVp}&L zPvmU3GjapE_+-`9x!9Jn=|10H7m4dH;cJS4%N+F%n1GqdXG4B4K1mnb)?YawX4{_0 z5)j`SQ9N>XT%1jgWHtAxY_!Gx25vraj!jwa;DdOaMZ*_mk4PDIMlCm~3~k;-7@ry* zc`cAu!d2eOW*BOe9a$u9LL^Y-W=r%Vhca_8aiB-36-B8Ja6~W*s$nNSzVsyO=X`0o zLN>oiGK%Vo!jk>sx-HK|zAEpxSI&38Ds4|l{z3C&fhn?PanNhQ%Xt8+`Q5pimJZai ziuu<%cX?ISh{9X8!>eiW_u|mT6K*p!6t#=3n)sht!QJlH_aQh#{KUF-ZiV~3?TDqN zs6RjzSEBQbfgiLSK5$P0yM64j1p|4N5Hth|CMR+5*co-z=6Z~uo7(a_et zm{NH;6K}$sMXKpy9Lef|+EJLX<1Kfla6U0}m4cbP(E?pmWIYt~vD3DsA6}9QRJrzs zzD}-TKS>q!=5K#-b$Qb~qdY!WAd}}y2g)yHYd7SLyozH~xy9qlhezl$`$G6k4qzVS zyQR}rW_FN?ZZ^o`%T%f274fkhu;Qc@Sbhv~`sDMZCt6P3-SH503H1J3#<4|i(rU?P zq$MO)o@|U-KRHu|#`ZW4@>O8nQA zl{Mra@AMCH@@p{RVJbD%d{St^aL%>Cs*j;rFNT$zp>GxFc|1tdTUDj2_7v0OaWXwi zfuwjDt?e5HhQcm|u+=chk$Dr4U*J6QBJdO}Ld;K4yHX=&*i zOKklr#TNa_48|x7u~1>2*QKk%q~MDR0;bo@KdsLw2k#H&sTjy!=rq%^Nq#j7b?}46 z!lk9e*9-#NA(&wX{3?cGzH+rx9n{BRO#G|0r+m?UVII^^FMai)WT%(L3qaX=52OXeW6LDo%XYmYL-vN!k&bwOUf$Se$VUc28cO`Du3o&}`HX{`E;qVS zIFErR%bfcx97z-owHNytIM-?UxlVMMpvchld|{GSqx|&FWC+qF-l@legrpr(WJKw~l;1s}dQ9 zBHVMMip$mR84-1#i`HS)x&*!RbBnjdtJGhC-Fmf`RYdVfP~+!dQRjh|d;&+?#vSf| zy)GirJP4ijPIv45>$a?guO?l(I6Y|HlpC(sUCzMSS)Yo?Lt)PTSgN%n{z-!sO#1Qj zXSqj@YIalb%92X(+2W@b5bLTJGa#2w?W%#(E(-Lk^8jis|@aso*#F8-12P@|m%(BPs1axNJgA|S%;F5=` za}ReomGV2VtL~*uzQ1tw%za1W#_gP|sUx3`?9C^wc)UNYG!F}8ubYqx_?j=I{)AQr zNv~ilDNa^)Ha%;0F%fm1Q;15W#3|z6(Cehg-yicA@&U&j} zuop~&mD5Bh;R>lx`UoFj?U~qQCXfmu6ZAB$B%;KzY2ZgG+1R2EY%YiJyJ)7#f!*!Pn)}w{8w={{>dea|eO1?+nGU4JK;d$i zBU=V@^ZvE_t#<>1s*h{UtDnY~?8sn*pFiL((4&9t7k?q=Y`v(%*gDl-1wW&VkCLkD z2dE54hd1g4CLf)KR%X`g6WK<)?3%(8p6)c*Of+ zCBfH!50#)?%jBK9`c^ChcT-MHHha+v26@{C!?oI75?@Hjq}5*Ua63}=6~%L@G3wa| z)9QbdI3TnyP6_lF*$O&ch&<2;+?$F{3M z+=by5gH5yQmztF1<<$-c_pke1zUlbx8GeW#!~Vzf27FG+1my!X&kBwWMNg>@=kGK7 zRU4*rB!)~E?9*4hdVY!4Vdz!Zi0euJxoAY^kI2KR`}5~A$P#7H+UpBr(E`I@N$pZ~ ztp7c)#H6I>e#zbX>b!cV*CJXPC)%E#sv($Hz29}A1Nt;Jve?4&j6jYz2 z{wTw>}m`v!ts95W z_TRXnJ65%IrxoA6HA;F@SL{MD!?RvZO>jCnEhl}(ekg$v? zTSYsQ7K;fbR*$-#o~?RWwJY0okS?8~*lkQiJd~WXq`wRWrK0YT_euYxqrEeU^T0-# zG+)-#Fjf#aa2*!rJHiJgAOQzATDq#L!7)aHE7PZ7JtBxGxJ^&dz%Z`#+t=IgqXqxi zKz^ZvU}SWSfQp?UmaMi=EJrapm%mEWmz&&K^_q_&#|(fBanCJuq|dCrZ^*r>ok&Ov zn}k@qFr2VoY+~H2W|-!(MQAX`i=rr18|lI?I=)RHL-@)NWMPd%+ls> zM93jeA2vhZ^^LM?ml~0b4_^CtkCdp(v|R_{(bjw1*Dqx+-Kh>Ea#r2{5)v}V$YC|W zU6oa2KAYEg`of*Og-@CA$1Dd3Y?8cxKQ_~}4$k4X zLGR`z7)%^{FX<1gMdw(AoTDV@h)dtsr)T z#`!xyUUG(p)M?&pLJ^-9x?%)fPNLmAEoY$}siQ(c{%r*iuxmnB4ZQX1IH<>pYYS23 z)w2aCqLH*Zd+FIc>EPnN=`mjCT5;WD!$XaM{?*iYhifha$wsS#~$hB z=Z*`v8KoN7DIBQ=e{qwZ(7MF%+M}+aB!Q7dN!~`ne4T%!D!!mb{x}AkFl8LH>Cp69y`(3ANs|Nay^r*S}5RDB?jo+!V%3PVfN22w@Vn$>%}AlvVP^&CR72=`==0S5)yuACSP~$nNO#x(S_IvhXc;YzVg*u5P?;i*Z{o~v%{^n#DbcKs zQghG#M1~WVGKa6i9e$;aJIQ`rvBiIF7wE9a@j+R}PU*(r^x8AM1>{9>mht&%UY!R$ zy{F*;<|9tC=P)X@VBjUQGx7wNNewah4QB#RKDPw?8M`b z$l4ixfJf8YZk|37{6q}=wj^&quyuSC+5)swWP$;>X1zDK;baV-iumVk*aAm(N+U1z zo&xRfi(y<&dT3Cgy-VjRlm~IN7b&Wc>~XItK^7dz<~YP_2)vdLqJlG783+YS+p6#Yn7gT@ZWCG!IPhTkH{^cXsEjv zcweD~6@F2qsvSuxj7cPlbTMUBNih}mDqTf41y6y+2sn|F0X|>QgtY=A3{1}?flBAG{NLI^gx| z*FP8Y(;05xu76+%dVwU_A95oBw-au8Zak2dkud{h!&*vU^-i(Gdv1o##JM)?bVEO3uv8R21L)P?M8uJ8u8x zYanmu+@yBL?2Ah(S z(rTjSrb@b4N&fAFNVF=EsWn~t*bQMNY#L@d>`~wxpAkAhcR$4Q0c`3wTuE`Ky+`4+ zeL_4b_IBmpJO>vQ-G)cyYsb~XVlcKxImsz0>xAkHsJYK)9<1-Um@`e^#fEqB9wqSg z88CSZ>_7Pj-ZHzI-8eaCP+i0t8O_`#PqF2h%|HzrV}3c*D=}ifE+g zQ8KeB+;ltq?VPZ3=FFK)@QGD?K=XIf0`d-9pnvWR0*eV?eXXU1>?pLXB3o!RNC*r6 zH?=<~8O(sv3nPI1KkunLKcR=fUid)H*mrxVRSJ&AJ>+OK2<;eleg6Cb8h}xek*1}# zNzIqepMQ_|tpl06=E3u)M-eSBNC^qzCk7Nca0$Yh0*6WhD3ZK9mSdTQlAbAb@B1o6A2!{8*R$A^nt$9n-We z@;OI5!j7ZSmUwRKlUE_@`$k`q_I7ng53!qr_x26sMGonqB=F6Gao+%n7}y4|M}RN-n4@a4Lz!kgohDL|C_@7`wHAcV%6C|S)2ihNFmw_>&+lo?zs1M(g0Y{hcB87R1-Y3O@xdR>V+KU!N*F58LUa z_5m?Bi9f()Gr(J!p?_#GM!K&N0?+){6IhBeS%ld49=a&yknUk`+{Xr=k-!JF3VQ-b z{=W$U(mJh?ZGfclU7nXjBy~@VEVdUu;`xohFh-`NT=*z~ckZ0a zI5n>_b`K$(H_HO&3-~x^{oyjd2b&pT{GY!67OSokIq|?;xecNt+6VoG3)ja4G@>CyaYHjO~EYg>%fS83yL;JjrAXw;X=$H ziM&M#dsI*ibXF2_Z?`dMw6R%CuD^1bo}2%FDF)p%Y!lwSc$lfNcXqG98;W}=*m{Ur z8m$pR^&-Z@!PXd9dR4#n4pN`fX0?Xd3iv7e7(*icqxL;2yO1(9`y*f3okwe@}=|?UoEAj z*=<>K1?;}``o{FXHX(|PRS6#a)X^a!E&a@-Bs>&!fq2)kL0%|4YqkM4H|JjlxKI;wJJx zIcPq44?UAOc~O31HGH+L`6?*wphz01KNPx+PoX#s##s{J9z^52rG96%p8|PfiE$F3 z!}tkFB8R&mk{0}XwHV+qi8jJh&%52a{Vw1<%&xyAB_$R6)S_6s*dkGotFH(lJ{tS{ zlHs)<8)V;tR=`~Xb;QMrh?;sO_96iTgo1{%@+}c~$oxi_1i6_FBxWRxo2IuQJa=%S z+N5pWQ7`{X0D(o4KocPe$}e!u%K$~-Z;+VxHu-uZcWa;;8wUrx0c=nV&Q%t8|C*7R zU06VztO9>aGx{T=hE3OQ>#WM*^!NA27UUW@)V4+3ZOi?){Qn+;C!W0M0Z4kX04<(( z4oORV(E{ZJGQk`&ujFqc9jC_#o^yCP3;AWE>iV?aGXwtpU_=l z}_)#F7+Rsk& z*O{g-W5XDytFz}J5kj`_sZQ}4=64b{#^rw@a|$`c?YZ-OPW@V)(#W8kvo!7tiUu3AxUr@8JS!YHAsu`d|Wz3@=h9kkM;Mcj40dl+B(A z&aEjVQ(`tZ!nsRi2E(VqA;4c_?MHm9I@9mpzi&UrciMY@S_qJ1jG?}%c#kx zw!hh=`SI_SiqEkfa^FF zD#TN#u$#5&bXy>`)V-3@oGL~Am!DW?!gHn-&%NZMHDr}O&!m=&elYa0it|YpWimgf z(Y72xX58m-SYA?pHT!s}?86ClXU!^iQ1&RN3RlfOrV~$~N(FDesObJ1QCUU4B^mp0 z!n5EK>-2;2LUWCAV?$qBRmoXX@zj^swr6*?-XiI|*9$&N2CO@H9o@#0=zov&-?2v5 z;|G<|bA?Mc7&dxUxh%aNTp+sO6?}M}taR!g2)my&C zcjo@Rd$C@Al9G~&%}}W7Z@*QpBKq2xP)VDJ0|oSkkbe2SGx6ZhJvbPfa6Vdvi|fjk ztV5@zT$bpZD~Eb2@hImupGgQ*jklDLPeA+epw9gPsK{~{q-tY}=L56xj zukU-59L+Dz4~u`w<41{T>75SoiTCf{i;D2%|G6nnz*a7nIFtRkmwe?s9J!*L0L7Rs zEd^9}PtOe^8fof104(AL2jIGsC1Q~#CHqwYhINV$^1}Q;$R9UV%&%oL)^T$+U51)S zUCW2iU+WoxbrE6qs;%B>wfz#q+Ww+T3{S>vqGd4&3C{uPoNDHeD@M#^vBVJ<>(BhL zUB67QHzJBtQm8M`h28AUXZ>qf%nIUH*qW2d&!#*=sg)<$KUGfn=oBv7TXh zh2``0n}QeI9gUtAP<<8Up|zyPx`6Nb0+(cncT!bMX_D_OLO=Y z6`B66su=c^y+TV{*geDXtXEA~H+DGKuD?6{?Duv{{i|W+?1YoTTf{6vLkX#LQ(KOA zpY~RMrlm2E?e`zWD}2PvQT4d*zN-rZF$}E|@VxrJJ0ItQKOkmzR0iXO?fyNk9ek^{ zZcT;4$did7s-fa1HRtB0QT`QX?*nz~JxW|&-@bxRA%k3OHBj8Bml}&^D=)pyCKKSI z_EH_8uoMmm)RAiQ@@po{Xj!}<`NBC4E+HL!7ZH34c?p%r)I1hp{+F#o{#-*6N*OgZ z6dJpV1huArle98biE9o$hYv^`R&}S2=~%sT%;(Kcevw{S8aJj~z3A@>3SO91{a8-0 z+@D&51<^nuBVnLL@>EWtaArQ>>1I@%bBjIucS?MdESLAV>P=%)?2Dv=qIKOVVNrk5 zEs;N_zgx>AmjK1f@Jz{KMRvk}FDz7x#ze|?rT5Zes&KmhrMqkI8{brOelt>23)(ZW zg9SGdeT_>zI+de967i``0XsqhK(m{GV}h>#!~M{a5KMvE>9}zfm#zuck*zyzMPC(L zQ8LpLCpV;KsIoPd$tP~HhDW300dw~hjYQ+)T{oz{@b>N7n(r@eD^FiE`m+O1SR+$Y zOQaVn?MC}g$h*j(w24HY$7x`92pLbiENCRrmdT{Xg7uLm%Fho#I?u3J80CB}g=XAB zrL_ZPe41(62wO%*CZr%KHuf24vb{zqd;ZLs$C90fkoFFQ;5Z6o_x~-rO3V069xF~y zLxTty_MTrIKS?G2EQ@_C1^*xXbo^?gKQ$A`Iwbo={K!lv2DjOujfev9X8NkC(}BQH zk?1}Am%8QH={_6y5ZY}XTQ1Tgsq-U$G-WGT<3E<9pEPMYvo2!o6H=EFb_}8T=hU2W zO%t}gB2ho0?3nNvx2MsoqipSNKGUOz7wj0KSdzBeQ75D@4Y?cTBkvwE47vprby6@|6!Vn)@wyQ#7}W)=>o|g;xB0oN0$g2us{)jCJ;BTT3@k>APlMC z*QOyXad1aKH{;;7T)_c1oCwIHIA54{ZELvF*S<> z{xKL7b{Y#EbLXs6Cg2rgC7Kx2#G%}@U7%vg1a0lo-5Op84mhf)s;h48>G%y`5B3P) zo+Hm-!@ot2h(CT0&E)Z5TY_ip0`jcb^wDR0V@Vu~Zn~T}r8`5wfVH{2)JQmHAEM58WZs%a<7# z7_gx%eg_tyabu;BcbAxj-Yov}1~~IFPvFshRPx7}P&S2x9_iN*eiQFH?S4~fy91B1ZlpB!9vz#Y@`#`Z!ymL_1H3c@h$6B3%*@OpNfUqnek9N>Rq^+|tud56_(+UQS?KHQ zTT6c8@n?Oua736L=E+IT+VZk%B9lu(KQ4yq)tn4_eA&@qn8|+HSFd?=>jMm|K@o++ zJfv7ZjMBa%cmS$Hw-~6=0hD*^3MyiVa4uihMT4lH0nAH)`OyxXn8^6}Ji`R2BKdjQ z+BIh^h8M$YelJ|9lkPnH6jPvk#L~)FLwlf8EjJ(+8s4IK1q&Gpj5axC*yN3e%tFB> zpho!kUwN=fkZ=OW6GnJq7CxuTX=%mE&3|V?K9(szb{et3RioVj9=~_rAG*D(_GNVo z#$4gI1Jl&gP@U=96an5Zvi~DHQPjIS`$m~KzMzbRjqM9saT-7=bK7;GR)eCh?drpc zZ?Q(UPhmNPXMVPc=V$zwd8}p4A3c-DIQ`{~GIA05N21??GgT*`RKYNtkisr${%>_H zf|8&SVd`H1P;z@~FeL)HE|eu(Oj^4UkO8rQxMAF&8?p@Ef(`|V4?FpPfX4fjDCLuLg5SkGk@*d|BL_e zIEOM5hhTDqnCdV>feOkDX=t4Nf&!7_`ML5a^c%dO$UVR?8AU~noXxuVHl`Hp&;(`mpVCG_oK(cw_`Fr`-jtJ<3kRq zG=PT`d^WLW4(b!U;31#%w<$pQb@L)NSHn+iM3Fw_6mR_Z`N6uMJN}%+BPaCnZ(WBS zfTnTQd~urn`gND{(Eya|hL*Th&d(zQkTUN)p8?0hXw@3V#0= zclx9<4GH8sWO^R_tLDrH)6%tz?;@U(y#?xw74@no$Rh=4%B!_|$bh7Lf8>5yk(98= zck$Cq(Ira7V>J~AaS3|PS`%(>FA^|gr8AqVPF(L03neM`V&K|Ff3v;7X>!TkyF^M? zdGRw>8|uCK03CFc;f|y72jfvmm8$x0fmaN9TKoQI^p1RUvUWqElC#DyJL1kHwwr}lueW(v zF9q!FJ(^GBhpOe^*6dO$lc~;x^5|2|sj0vp9H}WOZ+FUGhK{S1boodR{g8DYaH`|A zQb1cTHn7OI5FovjZ*VPZXSqRhG*(zNI5-%|DmwlcY0J||;3MPW0C><=8EbS~B$m2! zCyv}0dT{5}7!3L07H=l*WpuE3u<(7?cVXg5hI=+gP%)vT^8lxt_23l#7ohhaQ3g-Z zajgb@V|$lnn<@3Q{ze5*u8=1J+04aAiBX(cNyOh!G4@a8x6BmF#OKT;^INhQ^b`ra0k6~8whmrTg%`H?V9%gbOTmdL zKNz>&Cv4(EnD0DCDifW$5cq*e7#q{j`23WdGlOYYwJQ4Gx&L0>Cal~rldb^_zT{O@ z?lSOItpdH|E!>9l%St&X$P-Zuft=KskZHOe4(tBfWS{E?q+cIK?u|>~5AYd1JG+8j z)nP3_m&l|)XTYV-QsCc!@i(xOC6r770_f~|1q}-ZK|x(1zQ%iPA-P#X3V$ZkANs=? z+*F%k_Ia}{DD~v&1tS-A^_z9ouY&LD+^zj|gHhn34C?-4#g?=hJ;TKC&E{|!Z^50cm&02A@D^VccJPF7e&Zpl3Z{TEr4o({w6%(_cr^W(w6!bKRk zkFU_sya)=yn`=g9rky@}0i8qpkA4}6R+KRIQdmX(0oQ)AV%N2GZ}b&>V{vv}@dft4 zV)Bf>h@8Zmno*z1Zz@KDTVh3S;6o*-OI4|eo?+p-KwKt82MTNO%24k=k8n$+ok9vc z+sJex$^XBYigN)@a^69I|F7oCt9VCe7_Kv_&*$HT19DdcqI;D)&KE1coj{aVjoh&Wu0*{-2@kn7eNwk0!)?LXP zJ@a`C?6=910%}h^AtWPy!4Y*cvD}F(@Y2c?`vVm^F=2|v+e5o&QnsRSL=;;LW-Oq= zbYnL6yIl`+&a63oa{*zdwoA|^=sbVL3RZEqb^b@#o23W9=4N+{BZbO}gz z2}qZ;fOL0vhagIbhwkn}HzM8LCEeX{_j!H8?{Dt?^Ug2~!wj7L*`Kx7T6?W$Jx|g3 z6)0H=Z8|$_jiJDjCsZQdFmUIM(*4I3E=0b zsPud>6Q9+U6)G6^JP?L4icG|&R%`;IGz?obwr^S1z;z3oD8nN=pN5P~XweR!J{0qm zQNWczezkN}=;Oy<`fhPGd(1>+oDv|v6od!w>I{O+AXy^}pMkWF!Dh%XkAe`GDsL7g zdHg!`bxHj?13vY;Ch~OBT6Wwv%2JCmb|h@UG}#79JQcB#_R#SY!RVl8v8!tzF!$Nu zPXW~c-OaBvce#?jd$BQEFH;S47?pno5~ol;!wvBvE*Yy(6P9J74pibFE!T7^KQdjH z&v@>m(=?3{tK8h&0O-gv8TPd9U07V~QwU}td0$k6thV-HZ~P;L{C5qBnyh-pscHe zfdGgkgFv4&R^mnMv0ZQ>K9jB=DQ`$IbymTDt$~d_%mNOJ8FrvatomsN3k<+c05&$^ zE-(_H2YMqg1Pds1V#_JXFVbCgX;{`B1Yj;Y&)Scx*1LFIZcxB_i{PRuFRa(S4inMP z`l-@Q=|wM250HDX)?3qFr6=RzRqtoX5Ye|yR{4+>}q~mQ0r03@X#C-=QGLy=1!POct1b3EU)i{izm9)vZt#?l-N^ zfievEKi8f~+Onq!|65R^B z!K56czJI|~%?W`dd0bL~HbGIkucTs{Fabjz21L=A|VBpmcdtr*dE^lTC=QjqLGr!ItlZA?xPdi{4 z8sD`wytXChlAW51ixb{$el4OiNqF%0m@9cEZoIN-o-k$XEyTkZ>z$Xfg0P_eEy3@{ zo(nOXev!h+kT2Q3s{d9oZ!X87PfL6$iEoRq&|sdZDfe_b8nuX`)fDQ(2SAYq;$3^j z3$^JEnxT!rop6XH(0?fdq>j@BoQnvyt;?U555gt>#xz=@v28 z0Kkjn=&A-_okeEGp!YAJ25Mxc=E50dYw1xr z33A*T)33_Os&A0Rkhm`;2a78Q^QM7m0vEXf6KNQj`}(l+s4^C#`q?)E^UdN-+SX@< zZ+jtB`ewpb&mN4{5=Lk`GgJGC)|f>+fCmA&w`s~UNn;0~m!cH9$uB`;<$H(`Xeerv z<0%Z4E-x)bjo1bEMBPUQ{1N&Y53+VP^U0we71W@w7GIM9hD?6=XV zt?@{@jbX5HQE*-4-X$9GU@f*vOi{S8`Ge(Y{LZ$LKVXO|8v=_Q6gY4zwKapcU@*sDU`%yK-x?<-3h-+g`W2f~igq-m0d@nWF~??&a= z#^;|~-W{vFji~g$8x&3N;oD+k($;?%B~L(yy+55uWU(4htRu8pyj-|~tv%_+30+J& zi-c4|`di><9(?sX z=)!@b?5qzTMtT)JEvB%D5w-|uTi4oLOr{KbT#LssaOPZTQ04X(A<=B+@wl>yAJtVu zOA#(w^yVuJi0w4rBXK!HlbYQEGLS{^NmYxR+gQry^In?4hBohQg_?FFt^fqYH2b#8XR}qYHbw(2dM}C(k5PYNMe~-ZrgF}k zup)h;W@MeE8o>W`1bZ{3O*6kVDLcl9{Hv)~uwEri?6ABDp1^m|N1M^Ce0p1FhyV4= zE&S_bXY8cw#U>YHvBSf$Uil|fnbZ~O8(O?Q zBF(^2LkH5b{iFr>QKN+Hu4nUZ_c&FIH}|>m`QdN*K?=OF&UxqlA^Nb|HZvM6SP}IS zbI|52L-^g?6^FEb)_YdgbOE+73pbh;--HNs`=4Ur2U4IK=WaU>|I;)C0#`PwK?!pl z2>5UY6bLghw#_i`)eMP6Ay*}?CDHkV;JEOl@|ko&sduJFUN!?Ab*+3$-CxxsE#-=2 z5H;&HM8b@RaO+LVPsLB|z9VRmFQ8i64kh*k=>N(Pjy68xY6FEOWaB77xW_uWJi}QF} zbMgK3uRDG{K2xO3^{(zxIs{@-{rb9}5{z0;D>SNM5M5uJa8*D1eVasq^JqV?fpzi_ z;djy5DmA#%!F{xo-SN3kCKD@Dp)ub`XrYgDpr@>fu>tOCinTx9x#Kj6#E;c0u`!*4 zgI@hd5Zx+iMe@1{vwJm)=BtmhH^`8mNjDKJtsdW}DOp%|$!p*pPLGh6JbHVnD$>OL z)fTx#N3JT%fYFji7<# z53%lER~Ljd`WY>oHBnE)?^>Rw)yb)Hmg}5DazwXC&<`O?!+%?sxB`-AbGb^FzEa& zO$eA6!s|qmX>Y*uB(0wzp9ty3^e!`ZyZ<9Fx;@~?lcXq{zmfg4J}|~|09_< zKl$f#bCr(?vme(FkI;RHx+;GJmdwfqp+hQ`TT%y0Y{=p}>avB+aJG&~UsAqzrn2^| z?+bc_JkAj^3lEe`d-)sT-!*vfp2z)LK=&GkEscc}^(8n=_u(%@{J(jAq{AVYPR4)s zF)z4@s^D!U3;bKPZC{icD(GE{k9jDAhgYN|Y;h93!lc;1A{s=gy7;B zU@|W>j&8f|;=b%g@0@gsgTl_Q3dHc?Q^M=R!$Vll?&HUgPWTd_!$$}>et>LT(a4Pd z6&Jko-OR7wk?5exGyd;LG=s41-X1sT>d_u&t+M_U`JCQ6eTF4$_5h<|65}ntrq0pC zlvCwwYc?Ln^1AFPz@QEY5LZ$Xnf7hBjNE9GaWE*fBe`o*2Z-p{eVtoZFQa=21>k~X zfNso*#kz9#_ey-&2$ar9d3a`*Z~X%TmZnULL_U7pfM0RjKRQ>o5`=l2eQ|h~hUK0L zMz9QXv2`@$b6)TJ##smJdqw5 zlHS4A;(0p6prX6i+#eRY>YMc3(VzEs^BHO4D!jX|FW@5u7S=i+e`~f}*EH z%U6xqSsnKo7smxMG7^RoDtM>1b8wE$M&)Th24@JX6bIn716Nu9kS~H`sY%#v-}W9( zEvzTQfA8snqsBc;-dNCV{}9b@qxFE7x8b>I|BisXH1+F8HnNIlnv}?>j|3IpBIJtx zNOc`ueWuvRoGbG43oY;lxJVt50+27Ki>=ELE869Fc>_UIl(NwlA0dnv%BUx)xeLt? zG_8b2^GK46-(XtBfYWT)X&o$mwm3j#{(SX;6H94za23UTyAqaaT>LmDqS4has3iy2 z;sXG;J|@wjDyjL;bBr6@kMtuzN&j#c(QD6z@OsGelELP7%Io?F`B9`zZ!KBHxDkSw zI)gB`=@>1TAQ;nkvFT_5fg~f#%=VaHSVZx84f^2DLnk-)KTZv=IH(Q8efi=8 zw8lVBw|(WLGqmc3W!<1Y7l^*kNl^a$kY})>R5QPE-+R~xCAg)ag!JtSN4o$md8qiT zF7i@O9m0r*?ZcKW=$kPrt})=toML^iEf-80aRr7tQ0y>BNVT~#ne z)m7&=GRpkjTr7^3Gii3~mdNh(?oj>9`d48~rqTWsx!QJv55-DEQ`o0@F~G*+9@kOjOiyT?kAuQIeX@+uNCIXM|13*~s7)V*HF_b(L{lYz7_pxLH5rBv_2T_JzGy6BxgLQ*m1Z z&{`s|_$Ax$V-Q8QfCQbu(DhO99Buv}3aj>IEg?nY@{?&)JTT)4_T~2%V-WBazWhUB zu1HbQF$$;4W#da;_=R-a;?^TwU3nK8UhHpr%SNJd%`)cH& zt%^S?@t3!)!jG(BFIE*KLZanB;3hg`CQ1#mHdjqxU-Uqb%&h;j4c=R+f}qR2EZ_=s z$&CJIT)+xuQeqOmqJNpx(fEUS=bZ;X#^H4Hw0QLd2(1noh)eA~6+IpNBk3ohfH{nw zRFi;`aHHjiv=*tA&eccaWfonNQ$gt|xU9OMFk_$mUj!X}yuo<0yjEQg9$vhGwS#Jv zDd*F&v}@s@5V*xRsHS_*V|WgTfYT40|{vQ&i6TO*Zcg!t=u zho$el_RsS$u<%z0gxf?AJ0#~m1?*SYL8F{BqKz3s~mSDqY81eP$2#IK&o@ z1Y43QdBFk%9p(VWHZnc-p%7Q3>~TYz7EBFiOL(7F0vdO@sMwI!q%o1@#4W6c4ESnZ zOW96}#&_Rc@iUbaF!wX7sQCM&UwFkQXs0;X60=;}2+PlrUm(Z|*)kF}F28f88l?Kq za*&L`CV{Itf%-Mj<~^8?xDAz3XVcm1tIu{8k&5TF!K0fh=U+ojI4F8}=MTim*$qad z_eu$`rKRdns{=jgh6NKU&&cu(o(j2_8it{HoFZ*p@wAb-$4_)~A%r#X>SM2+_6xti z9u2Z&9pegJ$|s~)Ft;vayub>N$oE}H)?M*xnAr3r>*$B0e+jR;!T%mAn$30d0r`bT zyYuzyMZf9@^vc)g;h9Et(X}ZEJ1M?II=n%tZJhel zI!`2;1i4(;shk_rSCGk)NAnPfL<+G`f4%*y2TJ)?f?@bwZ^|sXR&AKxhZFY24@pZs zJN(wto!Os7^So`$@ylCwu_ByMzQuWQ70RgY#qn6CXzV~_OD1KR8Il^F3pZ^o8FU%r z6UpWEj7FJGK4wk43t!3tx%SDPEMo6Y^YO*xaea-X%{XU3VFDGPser>S;udBv73^Y*J0zp$QfK4SRu5Hatv z@rEjSN6n;`rIEf^xs*ZT9~#b$450KunBG1qp8rm)-IxCw8Sb_I120i%}Maanp~8+#wxzjgP)|i)_&a{ z?B>Lj_#`Sj_kFs#%t>V*%5wwfe)h?}_UIA|p5oRC$C@rl;KJp`?S4>%3y0Y;JFR*( zVXVoSpibH?|Ah&^83FML!e?uol)whT?VLU9d2=?MF)qvJ4PB+BPoE_9gf!QErDErC z)QeN_SBelQh-8a7)^YHma0vK+3pnukdwOIYh5cVET63&QCTxfiU+nxZDd;a z4PGtmZYhj;xSW{=nV+(!Zq1k&VDWCLpLw7yRMzEv9zJlcHKjb;0^O)Z#)dn$$k~Q) zJ4za^W(=;r(_Zn8*6M!xXbx_cR|wF6X$-~Aa;LovXMK~ZrlC&XmhC`>ByN^D<^9kh+4u&G4i2xSyPUW-=L`1RnR9su zGQ2nZyMqWu*!}0;HyFb!F5|0?R(9wZN2+D!EZ8(>GuM=!@RA%L880;Jm#uNN-w5$1&!h2oXd`L=x zo_@!l9$S0drjf%NUe6Y#EO`x)W-s;)B&#FIa@#ys#$yfg${WwBlGBI^TxzN7=BB3a zXo)08L7)FntQ`UYcu;B>Wwrd4R-F?Q$Zix@ck$V+?t!jm3!o$km54SI!kyK!Q93VeRZ!{kC1_l~ z6DQBvDlzPlO(NUh`6hqU+I9GP`n$&UcVtTb4Uf|hg(*i=rSzjXU3}OGlrfZ*GGRyN zE4q0OuuWD5RlQ6XhG>gFm_3Pxp3W{xE54{lKzgKno7k}E3-0Q=^VUI)o*^l=!{5NI zh5PV{Vc!xy99f}^Ix{Zr$EAg(-0WZNfJpf!BUVcuJ;;ayCYBe^@f090N~%djgCHP> z7rR?5B3+)d?=$E2s_L&<$~)6?LyTQHY8D_==!{xtNc;MIFn?7iv_|;Oo#G zJy)tKnflb_n-@v9H{lSEKfi0KV>@EVzdw(rX`+DG_YIQBzan<4_iLnlg#;cef*axc zFuRD?c$UIMlmKQml@vBxSy>rOz;oIAAz>5fiJ_hB0eq#xrTJW)>P0oRg#*xa?&m&w z0z9h65_mps%)jb$e(~yg++o|tbhnfk9wfo& z_IWXXi#x%g_=k}PNA2WVV@ZyL&Ddt?nUIfkc7J9$v?pUl)(Rv$Lpze?@9Z$Gel z`i6dZvcl{IJ$-FZf2_xDDP4hgeB+yiq1=t^+n&R2KPhMuQv9T6fy&V6q+7(jHnREY zGXBGfu@h&DBiWA$S8Y02kxE4ZpZboxlhF~tW$MkW#*cmg=+Xhob1-E`m}*|ow;?d5 zMmS^LP7uO)3A%@RfXY~+5u|IA`t+*E=C!8+Kc7C_Ifag=w9EvYAB{r;49O=T&2H3}$?L3Oqd>$8XN${FGVW+;3fn4*Usj$UD~!o5D|?{Pn}kKCui`;CvCZ^n-|F1 zMxt4$-K#d+x}3T5KsSLp_v&C~Io5}Z`hG>nSLP)K6i0xP(Jr%qQkvsiA&`>K7#e5L zstW>S{9qWfTf$I7vj&BwBK_ z+&3YQtSwgSLz+~t3ivRzDl>e?CKLY21pmqhxnZ3&L-wl?+LD8kZ+0IsQAU=2;%esnJU-(0+)JA9}n$a=h$xSZHE2pI--W*e26?epA%bjgZcd83DgW zeK03MKnEc{AtiTL`#us&OEbhcFf`;Joc;}_1P@~ZRr4GMB3g64K_hwTEA~7kwXJT+ zy6)o)@xNND9L^}sR2#eO)wRlHqawo=4iEHQWi|YkW@r&aZrvmFf5UqIxwe!6gt&19 z0h2c$(939kHGl{f_|m5Pb(ds+aMvw8;lZIbADsI5T1I`@XZzE&Zv6KRr%s*ynEf9Y za++15H_2Gpmesk_MtG0UwuZ;N1xY`2txan6_QDAIZtx4LpA)=@$WIaTvUw0i-N_v> zfmYa(5h}jhIKd7`lm6K{*bn?L+4)2G>M;Is_1e^NPnYM)wzjS7DCgEI5ih0SQ85O{ z2s6@Gbbq~2-yd06ty&(7JKE#>K4@^80<7kx#^~8FDk0x+AoX7 zN5?I)Qb}2~-I-4Xv}|9WYm&CpR6&1r*FMDe`B3Ch z44vxge|9`V%l+nnCV$qZ9HCE&;KfpX=Zz$?*kL#9U2jPo^qH7zCQ&r*eadHsNOIU8 zzr$#lhzg{5C`|mC8_BkzuMOHOI9Mq6R=lx;dOUTvAkXR*+kL~={YyVKd8<;DWfUU{ z!n@2VoDCyA-k93G<1P(gvKj8Li0=L$=p7u$*+s0Ldpl+}`r1=%4eUjG&<|f&Tsy97 zLAe0pc<0~sMuq8yCB%NxxgnMCBgOclb@%e&@?L~+E8ZRc)RM(Phw=^I2_u$x8f)sL zWE+&*Tx~BN2valjUapg6(0{D9Svf|f*`QbksKO`a2#MG7bOgkn4lldM6`oUMEwgjZE6-Y>FRP6c+sA>@56h_AQCaL@!vmTJXKlV2rLo_jA4yV>h9Ny zuOQST+z2wUUt*%>c@``ppigRyu8BwlL|Q`@2OGlsOmF8Wu2A!f&=wyT{euNyL^66a zU{7>P-?noO-yKV5J&Qy4f9(yZ_GC()#}nlfW)tIpLF^1nAyF}BjxC+Dx!J+RHq@%p zqv*cxP0gPkmKbgl=HEI%hu^R>S|NkOoR2IP7(t=ea{S3@XTzeZREv8kbOGbwZA4X0 zNC_bQtuHMxIZkvzk~cG>rQLcW!N*En3ee@S;cwU!J5o1HjdJkI(8#4P0MvDbMgk;> zF3_1c2O^9mP6xUx_izg6PP(S*oXZY=6XFwx7SLf#PggiBi&UGrubc<^0vYIY2W(%t?OFDu2K)v5(+x@VM8X^n5 zC?jw6oVI^t$uQ;P{M40<_jE64VtdBz-M4BubM>(n!*N!jTml^hR-6|&{;adw!gfaK zJZI;wGzfEvZwT}nrQs}`+Vpv?8^hXv@G8YcFT57V`_pQO;l^R3iwP;MIKRBz04T_5 zHO`RHdP(@*cNSzAJa&5`WJZyUM>q7x{fZP&7|Ts@cJoXi-NxF7})uJGtH#-#!bJv5nu9F zL(k}fYiHrRp`2UoyDy=Ro-~0$YkQ(bVYjdE-8Xe?qM_TZSR?eb^!NHmUcNi^P*vu- zjIYlpBw-w#3uq$dBN)Qj;Qx=Ke+F`rOmD`M@0b`L0HCMKx03p8ww%(~k6r+*iE*h? zxdMWKbDsn4)IIoKA7Tg}2k~#+7M#!*q|X;JIDo0Ly*{ULz$L~HFUViyq=-}Cyuzhx zUu}R2XRpjX)ZkSdFZ+Tc=T_Q}PpRi?lCg-GIaUTWXD*a+bY3+ClB>x|r;RNKJ<4W~ z8)+C@jqH#NMpxPsk74CCA6-@S8~V6ZR`Ij`*>}kfiJxBcbG}jU ztkMxlkh;0}d_}QM*k6aa--#ugkIzk5uY~f?Hj*VKm>|Cxyy;QQzq?h>3a~~0pWXWG zRRY2yUbjLlD+UEXB>w!8o&7f{L>CF+*bgZtlbvL=`cz-~EHgWkxl9fV=PMkRTJc8y za?2B5GbiKw4%ZE>(K#G%nvl=GJAGuZQTQQfo(?rD3JNk2&Y->p@ZcQ95GPeY!#JAr zX&t8)b2dj*OD)9LCc+tv!$}s>vtnvUS;v;2w+5oc&V0=$2uPE9u7Z*SpDOGTQgzWm z76F5J8BG+E{1ORMo+;rrVAIViDqvFYm6UWgRvg7N8eh8$F5tnEX(ZOSL5#p zCf6#bSda8w@aDuDj4J1&SMqd3r#(~dGArd|HL{OAYs87ThxQ-T>P;@%z;BIN3O7=` zB0aiAkzUTJOJ`QD@*ln2@14{kdvXS#3s1};8mK`^z*!_(Xj^=6cXw z6E*gEq$U!>;3Q^&5w2AwPkQ6+3MWAHJ;K~rzcmJ~8&+~pbWJB4RT@;^BlF?Jy0Z@` zF+rKKZpfUh#|_UfTD&o1T@+2dH_QVkY$F>h1r`cDKmAza;PJ}5Auv$9?ZB;KSf%Jm z;%WWsDExWvd$~XeLg8%dXr@xPk>p0UdypfG&2Uhl9S>5X$F6bywKaKR)ygA4<@X5N zR9V<<*6Ah1tL33M$%%Shw(wggtQ(i()+n~jb*4^U*aWQh(+GTQwiR1GAl6$O2?5+d z%3ETnFWx)>6c5UsBs?*!Y=EKNq)qB%fn*W^`X&pHgdQU$_gPLsWKM(EAYoscMQVmD z^+SRjxfGY}NwtVKn+l{fqxNbcZEA@wrWP?!LRTUgkYbkfL&zxEXXdQx@aHb?rfbpm zvvaRMEnDIx47l!z)FiX`Luo^3P9OQukor8T*;JDYsi$pgh=Cs9epKRD@x~V6H-3af z$@**~g^xmufN81mUDgGb5Glw>F?Ld{3;mzC*V$Q||FLSg+ zLYhHd`}+7OjoVyc01~m+J@~)Bp}WAf^bWjO`y{)s>QtEGb!0+)9KvR;c8_?MstT7j;@8yAc#+k)Q27b6BdEBFzO{3XVI_^Up3(g`R zyE#mAi@P@}`kZ&+t~EBp+=VSC4i4kfKQ%2&93BK4)bq^7?7De}Z?w)}S`r2_nNOA1 zt?AY9-nN{?(kIR-@4A>(2SEDx$9j5urZ3(&9rZ}9nV%ufAMQS(Pv9+NkhZOtm>oXT zqRKF^Oemi|bbV z$y#E#jP}(zV4E0MX!M9Fx@Z!uXH6F;B5xx%>Y0jwI(aUB7~W>AS!u%?>p7!AbuZ|g z?DL!J=Q)di=VZ}GQ&NXQbmL{EVL9m*cXtiOAg%4&^HU^@;p) z6>51rVk@)Z?Mj4HCBsRn)>PNC0+@CbLF$!HW0=s-9rmX3J!(X%IbCYOoR4Lp&a(24z&T4l!1wl-tYe%FyHKP!@{cU8t78wOh2 zBY^9IXP@8frgo=}MrR`=TCI^v1VD+0!sjd19Ld?G^(FPG#VNumd6~q)Xp6#)sMJWR zJ`L1(@|~gMPLC!s3Fq!Q4jckH|GmGyc`rRex4==M4>;}a?3Ame-x;ytmpmbw*IsS4 zEv^J)^}Wt+;T3KrB3sG@j~&jA&-lE745&b7XXh9;grWXeJ{Xm42cOWoNwm?6d4{{j zwc!hOrM!mQm-(-kV$xE*_AjrX^BMO2Bf|ui`=&&mFSuHzjwYTSX-pg++qoYPirqTs z)t;^v`knFK6piJ-&p#iF-4M31&5>ZvF|o~YL!ru1cyzE<6wMV< zaPp;q`Q%(hsy&8TBxeDp*Ivj##?-P%r!`<>NRk0+fK9V#KpP;&WHS-HZp_}=D{(?U z7JPioaD9Ni>QpGCvO8aNJaesL=`zK~k(0lA?EHSUU)G{ zA&C+SOy4_@X-sY>x~T0st`ef)d=hH{ee4!r4yCSKMbW2smwKA$A|1hPWx3!!bpOvY zh$RUg=aclg}zCtePozjjIgi82-a9@^1>7gLmS)=!wTnL+b_ zJF^n?Q2-?K229BmXvfoPH)v?q*d2`d(|K5UYz&v1o=%e3&!a3^wUPJ}bx{rrUpMN#4`Q7^ zBw+RCY<}Da@o~A;qTsZ6ocf?A*P3~b^xFP-g{}Y8ty7?fDwO+LkD2rjqas%XHibZc z9r{&!%e`eVYN5onR5o9x6Tw@xbl+U7kz)xu0U*z1hUx-7 z7t9v5UpS%;E^p5+)&th3pX}4@EAXM0hU#zt^T)`tAz+WyVKKaLTX!8>|l4P z7!%0;bKm=cu-)atQ!dgffb7+)lC1^ap==~(Yj0hBpMxAG+KZ4vT)jba*c2#{DSIt! z85HK?v0Eh<^%@6)DEJH64af^<6`?w=yl!;bn60fOblolqqT;=2`N(q(71|`cSYubw zU=@Gb7rI>N7es*aB<$aeMfM8<5}V|ZiKNSBTvqvd2dU=4F?L1V#rBn9o@GHp&0fQm znZnnEN7b9Td5VB=n)l_jv0OGH9Ks`Hpo*djW@Ux|M>Zx#0;iOkX+L>c`ep&?YmWwj zGfUZ44wdyYx-By8$Jl?SNXsBrF*P(HW;r%%)5}6I%tvm&oPtl>RLz6lXiuM9^z@r6 zd?k3)+0h{jCc_G3k5WVFONGQoU>k--1tTtu`+Nk536w#(sU=f?SAyMhp`O#J_qzDg zhIuk)((!0~jzSep^9w9KvER`H_G*dwL27mnF3tRm@Wy5R^7(k4nT_gnl*jdebuS*f z$}wb$Yjs8~E!cLvNr^rRgxKe+gzTN7Ka6lFlBd zFFuvwNo#N5ByGQtc{n5`dnTpj)cEtbs7(`DKq-Uy51;esF)*p*G*UV`DRa(>L1x#) zlG*$_t(!fG$#1EkA~IQ6VTF4Ppobe^)^!YUF}LurEW-|;!EY>P))l7t z@mTl9WTqqWz#!+ePS)kMni|Zl`p%v7E%_;O+mo zH{I*9D`ac0xwd7u10A1&J>`#R$Rds*Hv&46KYvx>42vTEI3#Z)6EOY`|1h7Z2J;C7B+E(oMf!2wc9TzICoRUbxsUx_ls9t#zukZXR3w!+ zvHCf({ZHY0-XD09wi(5@YlAUW8@b4+`;`ad7 zfoUiFgosr`Obvg~*)hSeR@IYhMSb*Lj&Z$y>`wVTOUbpj{P(<#o(BDx9_rOZ_MJZ$ z$-3m#;VR_pCLBs{bO5J(y5I@oe}41F7jUp?3o>J?XWZI*sppI8I8oP)YE_F8p=#lG zoX1n$Mc~E1#kCt%Qpo`-On5vlcIlG84KB^=Vr2wS#KTks{gjM*swhr=T)*4kzVe4) zQx;>5eOF3bS{hkJYaZscQ`@ow z0Nn)zwY&Pu%{<=NGPesG6nyr9wbQ?BCmtRUWu^21FmsZCXgGcj7^~cZDJD55ePG3B zF^kIFH6lrHS1GP}qQ-YXleylvN;MOW&LYPt_@5;t7sLD+CpG8UdcMcgs~qFA%nFEo z7aEnC)g3(Dl}Fr;NtvVo7zm3&M(;`L?3|lNx&|3d4&XJw<8sK?%;YCPB1T7q2b77! zfGQJ=a#I$KW@crX0*aI|2Cbf?$O(EPw?G5^v#)9*2G^u(bviKt%C|*xE;lQ02N+-d z8A$|z)dH6FJB*+{CYb~QLs}nxEeq!I`Nh(fX zl4;{qHqyUuZcG<7plnqQ za=uUEb^q7^RKm8cANfHBYidS5@qa{gLuLadT6enl#r%(PMQ>47dbv(zB`SmEZ+0X7 zZP_kQiAIcfZq%UHu2-X?BL8KUNI!zW3kai4XBf`b%BmrJf8s?wTKG%ysJMcoeEIXM zvv2vD(~kc3Ge(3xGp}oaE;0|`*tW=C20oru`*0Zo(CFyvQ1;~9$}c+xM6Y>(U)EWHbSBJyR38<|PrFI8su~Q3Yl0&C z>;B1YFz|XFO0D}NWOQ?VLR&=~+hjVIKJVKxLGG;_+Rk+StOryM;}3IVBIU1oPWE`C zn{n0;@X@+;flno^!f=u>AJW zfc=j!BM}Z>e5a}@d9=h()Ura<=Z}qOS*mfWHH}j@T|FJN0yLP{IdfL6C=$}rV<0h; zse10F0W3CkL&L)-gJMLJ4!ap$%Ce_C#`08GJT@W};n_2JpX|7Aip_5* z|8qFN8R7yHKgB*yy9F!^^=^myZ4^JQN>rS_8zl9N%~RhGxvd?gHu!d4OL` z9&r82M^h`YIBZWmOQcf}0-pLYxV!-BL{-ot7zg!i^lcKKDeY=%)@bK7RH_t3*(($Y z!^!8lhX#)cW@?!!X9to0*m5K+9O4;T0WlFbw>qtEXDMrIYv6389l}Lpi3;-bX{SeV zJ|XrdaH*`e5v@LwZs|4B5HJxXwt;^&;|BWp`MA+QQ-#6C|D4@MP@Zaq*GWU-?V)u9 zSHxReSQI9j97I)Qn3d_f558Aa zQ~M5LI`*dw1!j08;rGPfZ*PKR-bO7)ewDAgA*@bSpol(pBiB#h##qGGclzV~>B0&c z4&xOAJw4bEOZK_ql`yF)XR#rI*9<>(e#hD-74NEZC*ybFA6siNqrMjS8Fpi8ik(01F#GCWR>PL1>$53qNiHUxKI9b%{1FX2$E}ro6BWFV{#t5rl2<)g-O{U< zRw_O>s4uAh3nD=zV3VJzz036Z%enB2KP|SeGRD!Jb@|8@AqyF#r^Sk^Y55qa4qN6iLGy}15*E|D1Z7L6PXnx=5m5Es|X-q75r0?s9m}Nh@ zTB6z2$(y_E8ryXTPe84m7H9&!fxNjp6J)J+_=?%Bc;@+K`;TbyZ(LbW@}gm@$Mnzi zULIgs*~Pcz9HFghqo8S+LugZ~=4J5}D^@YAs&-kHp0!tc7)=$uuEI)DX2WtZpJ#u? z%2RNo6<6`Tf8IL$3+D38X1ju(VU_cKrLoDxU1Nxh#A)9A%(mXtZPL+5>U`yx$BV|z z92}t`>?GN#A`heg?n?g|$bu#??pnD4_4m!Ir-NEopDYJluT4YMA9BnCJYv-0S)UH4~dpT3- zh*%Z7`8@U9`y*W?UaTD}Z>3CnoCxWGQ%h`uD6yc4j5uyG6gDa`Y0aKYp07~vBdR&e zlQsF+UKEX0ckFvPFtn&EcoTO@o`?_xWO;G)#NGR4|8(DnT-#$CqJ5$G^;Zu06se z<=TUh*|zNPvxKJk6y$9b8qsp{kLMMk%`3TzcbMkir^R|LW(xe|v2S(*|7Y<5VDXGt z?(3~Pfeo+CqX!O;%bsgi#!GpIOnNaZE@mEZS)ErkXw?WrpmKBvVq4F@1iyT~^J`G? z`C8jQSOB`Iiz9Z{`d6M#n%laQ7_dhO_9|-5ESq_c#t!1ZZk!Z$EF>fE>dl#J^lklz zP@83m9NR6Iu?B@(%Sf%7tfKiFr>SN?2y|*LFTcucbdzav&to`dt{{B|LCM@E4Z0U_ zXQ#BKPT+CYiu%WCM-T!Y^jV13<^FLBL&L69n-Y8I zUH1*OidD8*PrX>(0yD~1DFxZp6jq7pJ93HlwnYmD(Qn z8A_fkX|6rczwjlnSWWC2SiQi_8SQQNl_yI0*UKOgFGSp1%;ZyRGg2QJr9Jp`mr?cW z*1xs)m?0W+sZyCH;@b2)%<3r8^ESDRi^X9}q0xXmgMdBPCOFGZ&hgAVMD1s?A4Fj* z*ClUy234VOGp>vKIMk*qO5vnWFT`57a{uG@`8%4uo_E}LfM{u)=!6tq38$diI`UA1UE)E- z>V-2*Ud$9wt!9#H%p#!q_4Vu4z@he8worFXt{Sh_jjJEu42uZC>}AR8Gwg=f!;z2z zGRVBjsOY!^_Exq_Y)JzVkd^~iD6>~hn#hT`FR@_eA?p&*pmCh{bI!(rUrY#?xq|Fi z$vo73Wqx$Kh7NAD{ZE&DPR3ug5fMXVUXKXrD_nxOo7BJSs8(gbmZ%=udOL_`^?+>V z*iX-5+I9V8Z?szKCMW=sxM>^DStvy`rU-rIi^Nt>xX1#c3D;vQ6~V#0r@2Dq6OGxQ~i+>S9|o2TFgiEij=Lr!*FX%1=Ho4tqi6r z`Fby-7FRdCY<*G9l2Tl7`)HNjxBdQ&2VP!$z?BgQAT^p*=f zm*D!gI6fn_j2GRVD-Asy^GK<)VczNx)hC!+aC8^%>{Y7idOqf%QN6)N#05NCFM=CS zdvtj%CNP29DiSG$HFHG`4UH5sViI2I*qfY$%zjPHZMN)(covyiZt1i0v!re0Sh)=J zB;qLj-&050e4Tx3dT(##QUA#m(DPufR%0^Xylc{~Aqqm+qZPVK!>fu+wo6ffcr~|SfHJPysq2Z*50THyc|25$CVjUiKmeNr@b!^hq`^= zmMB6zMN*bLq9Unm*~KGe-^VV5?8{_dCMkL-+K^qcWSdF$J%qxHWh`Orn!#8bgBgSO z9?z2R@q2&A`_KF5w?8^^XzuxZuKT+0`?}8iy3TWh`$m4dr~A9>IRscwr)-U}Hk_p9 z&FH`=y<=uN^83SwOCUv+N_&!+z5fEqyE=}zDup8rTf5R}KIfg+7A92Acu*OXfSg=E zrW#5BiA>4+T-^*fm5pAycC{3t-Lj*knDr&~#?si;BrmidEauX`S?p775Qd$DyDo3k z&fZw}-sPQn#SY2!)w|_=Z{?-Vl1M+qGTxPAVlpT5*>4Lv@=sFY8tb*X_>e~KIk-Vy z7Y?292(mIevw!GNSfmc8X_k$}vqgKMUr%*Cxg?wP`gDaC6etfY4B*#Go50Og0Z8JU z0ZX;8#o&%i@XDv{H*Z6uy~KMO=@#Sub(zUhu)%a2ji1F9x$18fARlW)BNV%~QHo_= z+}lk%;xfpAlqIR{9@W{DfMe2|ydC}Hs%jGnyQ71m zd52qj#uFOun5j!~(55OvZ;o#oR4(-%eh=>+$~E#4k1xQqk$Ed~)OWYu(*pD=k_Lq6 z&ri*XOUInK`f3UbSTiO47ES9ZKRXLdijzmLg9%l%{C?=ydHok&Y31K-W?1OuImI9? zDEQzu)3lb#P<)=3_{^6}4yj+S_)NmO-zIDlCJbTd`c0+mPYx%H8?;^#cl07tsxPo! z!p$~?5FH%Td$#f};IS!ieWHu;`u8o^eTqHIu)M(d=SXWJyy$UXo)XOokI3b!EGK}= zrBR>N6MqFG(VY-xKPW3G^aY2%Ix}Y*N+H{i)cM^R-*lCB%g3(-Xh<$d^yM2?lU?_u zT=WXFhy=YSDcIpYIqY#gOBH9=R8@7|`Sfq2zPJI&fpX$}ds~-zfa&Ol<2=036+5u- zRVKd%x0BIfq=Y8(PUY^kGX?)T6X=9MGX2)3p&mLYndlRDYVMl8cg|UQ2ln>-2m{o+ z=FnD%kxH%TO)i1{G%#fufM1NKyX)tT5Wm4YqNzIxvc%n(4wDZ>^x_kG6P;0ow~%LQ zR>-Kqs8(Q{M%bWP-gQD$iiN*}Yny+&1i3&%*ihJ74CeQT!bn1IQn3!~s)U8zaDmH> zyZJ=hmtNxi>YO_Q50x*{0c;s&>_3$&v*$h%Xo);C+c!CZ$Z#2#uok~o z!GsH#%Y!$&bpSx;3{KNk7(M1m%Jy-m1!9tGG3R8pM|&La;QA0RIxvydcqW0Tm~Uxx zr?z2tJ>$&Pt+4njkUOeZJl-FX6fsp|GOkLBZ!nX?vgn1VaJh0re_+Q>!iKDd`VEGp z^4iC12#?zu>J9Cq1`W|cd81|!k6q^i4G7+CN9liYmEHPc9B9MdTR`efBzV9_+(_E} zjiL&^{xxBvOC(VOAUjS<4|-svxY9Ttmaz=my167)59wshx!>6eR{{ngYX-t3Cw|R?=69s;K$zRM(LM`H!2YZ*G19f&*zE>dnJ1Ab9e`uI?WE+UU zl-c&Z=?_?X^?Zm(U=!yippZ4j2Gdu9g+$-(4S_g1=2F`Y#vY)x1I4(6tN8wxcYjyU zRIe}fWy-OvUVjknKA-2~6CWx(wB+)Z)wB{LZ_28;{xoQP(YbuM5!UEY@A`Iw_5O#~ z<(S5jauqx0`VpduFTBsxJDT8}qX5=$2fI4z&pO41J=^^B5OQGX>T(L$rwWLngm){R zn@UB{AYu>8kj?w@c{yKPa-8oCeAQ@4jA4fE>r5&j#`Xu*Irz|4K=utx!1yh}FE}MW z9!;epX&XxIU@=9}Gt(WE0!Div$_;|EV-CYXbz{tuOW*19?QuVnnm2h2ghPA4=fNro#-4W-_7{HFO%-2 zaS|cUo+I#%z=V4Wt106TqddO3*AeX4K zr_xo;qu_Jd+*t(3gsgbm)hmM~vTIM-B8@jU9;Gj`79_!>m4t?|S*LA(}M{wB}A!wGFp#t$b z5}10QS&Ah*&kG&Gwm4c|ZIJ_OlpZGU4yfL;fO&L}y|28UJHJ|q_nl3#F<#l-)zI>T z5pzphDp6CR`kGbk(JX%g=2@UH>Fv^zI_{5nqNk!5c|UsM3NEBbFf*3p98_< zBUt8gGqPV{KKZ(R`7{$HOO&wnTPSIq&bRUY(*;R)PnLVuS(TIM#Qu$*ouJLo4l@_`(bW_CyPlvqQXtuKqTYHnw}N?rG?MG8}I*cd*^c^&ODBv*U2kW}a9} z$t^-&bm7=gf#-HI?1LTZQvCSO0$ElfCF`>t2MX+5|K{;k0H9}{vi+^#p}2X3w(8O) z48_?#*}yL-44Vs0(vi_|w%agrkln3P!z2n8r5agJP@JC)IavlBla6ys%RL!FT9=xcI=wcb01FDo)C= z4n8TDW3NVlsm4Ftb7fl~hZINnQMaFqbdN%HL`?0=GGXmBu?KkL1z5 z3rc|q6NKrTIQ!-|aoJJ>5(>fT+&=8psbUY#WGf9VXKqzdJnc5iUV{ggw~%!o4vmi4 zTv7|k&E@-)UBboKLHx<20K+r2mS|@DvU-UKIMyS}Sq7t;Ot*S)moOorgJL5!gpWf5 zrZ&E5VTEPYU;X~{UJJ_F@hvdU{Svkntrrm5k{-1FOeBWGV>wk$nadegx7cKO zVI^M4P`s0aC-aCw2IL%w8fj?xPcaP2h?+!bi;L-YV<>`>RsfJ%bABR~s?odt+GeYN zP$H;eM%l`svQ&3z3~Y9Z!AWx1f)FBFY?)9Y+R-r}kks%be|He)?iLpNugxDmECgBp z+t?^&CFVAjkIo+yl%NDTD@<+t(7+aitX14SGF@V2XZeU%X-0V9l7(7}N!`m8^ThN4 zi-n9aAe+vt3-JJ~U^>3F@-yWP+pK)O)34JruARCcYR!~MEo@^u60Y3sOt1MY9-0cZ z21~}qkac0H8>X-FXj6GLVA?x$XtEJ&HLHlo4NSl})vp+q9xJa~p1FdNZ`cu8dJ8L_ z-rKBL&ypSHvC;Q8sWqtnsmST1wA+vKrQP?*zoUoGY9QZ#7NzP9UZgKd5iDa^LbeMY zC14GiDZD=6V$mF1=LZ>7(k$;Z8pK=d7Cx>D(7q2#6Bdf^O;f5joD;A;H-!!7<1=g< z=c^ms46r;Y3dwmffGeljp8(qv7nfy32f+j=feDaLNLoTK$k#gODvp+SprML;lt9?tCOI1jYFZ@5f`M81JBY5LtHFU$&}@{2jCSAYW2z6#EA*kh!S?UGYiTY z)g%h&-52w<9WO`{;m_OTF81sjG~;&~=;Oc~NpXzApV{bnD-IX-X+0c@b^L&5B20C7 zQT_cT?QS|+L*=8HQB}1UQ3s*k{|)1|6S{)$@S^~xD}T8pn>mHCsUXpj%9|N0=FXCr zI5Ix8;^GXezx1ia&RoLCuj56m@ts}BfgHJt`Rw;|g&K$RyIp_#ALgZvQq}4B(YGdO ztsYx`SN!x8wmB3p`Ln%}Fr4&|Fk|hH_ZsxZa{+Zyk0j1BmPUDoAobH5!Vxpy?Yn|w z`1Fy~l7LufUu~@q0nbw5`JyDE?{TCeWyk=Pv2-o9&BH;z|}d<_DKZm7j(p5BFmRadn0x&0>c{OYd@L3bT)PK45YVwUu?_ zI`S)@x&_WYfsZfXQ;wL1%lQxLxFs8WWEW-b6?)X4`b~UyH7X-|ko&J5x_WhAb)06Q%KMBA)I$x8lm`RR%O5>st&7d-!V_Ji^lJ0C1JN zw`{dg-oVn%I-kozY8kpagezy*UrB$@*Ch2`F}$S-=Y{S+Wq&A-QF_Qtp@>`_4O1&n zJzo6H3L&OTI_0H^**G@V^C53~R^g81lw;dUMxkXnyjAhKR;W#yMnCjIC%HdLiAd__ z-#?le7~ag*o&fbqp=Jrs3@;40?%H>tkl$RFLmD2CzVwZxdn;EKZ{>}ue>}gll9ZBb zrJs`LG{7DC31Pt6vVNX(CO`qM<^!~OZpyzx)lHzm6>IL4dPnb8%LU)_Lpz4bF%~wTTYL8x z0qvoTZue^&nsWYc(&3o(_?+xnA1%!{wG_tIjv!j- zPIx4vRIM_G7<+ydB+wk<+<(O5iZB|9CdUYHgW(fO2QUf#QXgICrg59HMdj!Uhs8=b zvdE?)8C5W-g&T0e5xG*{rRR*{nTV8mK2SFp`%np2VOlHlZc;eKi_ooL;XIa`R$!9< zY~pAWKTq$`I~k<ph+N(sj74c(hEngYtd+IWUQC$$l3O!!Fp=`X-kIr#*S&4|NY@sGxVR+t ztA55N5rm&|Is6Ca?iE-RUZ=Onhpxgqe4{WJjCnU$YLu(NYmms zJW)G`FZYa0eKj`!=~0ZR>~K{Qy1}i7D4Y%rVH~dzLm9WFt66W07K8^*cWnMJ$LADq zia^%XHhy@99^z;_fK>|Wfb)k|bGiGdGA)YXGMnoDW!{!3cwOqL(KuDN`0>Xa?+(6_ zp6s&elBAw?Lz?h26R;J{CFH^kI-|!u)mZ(kP`iuPHXpFsjlXua4Qk27XLImAJ!WV4 z=mb9AX8x19;Y}t!MBt>toN=74)-%siFXwP;8V31A3JWC|mqwQxDZZPl%;NOSo?dd; zBu7h&Y#g|VJVJGyqE`q$8f|B9W4LihMB?vyf`2{oxyjmxFq{-`?R4#B(E~WBa^}T- zhvRDqqdEWm+2`r2`!-cB0a#6)gW}H)ddGqdqwQ6#l5P;+EQ7@6#u! zJ6EPDZA1E~7LM{0Zu;dQ{z)w~q|Th_7U9r~hvKwMUta7F7RChTOyK)^O2UEj6O6;K z|2VwhaULX`n%J_5)?DTb*WlX!5}HF3)W=%Wl$(%ue)22ap`mR6g^*+{d%p?zT-gy( zv?>btDF<I_`9I2rvmqE_3s|GskchSY`KJAC z68>0u{X6Hs2MySEqWMAnE^}Gtik%|!a)=S*^NE?_xtr}ds#F_=e>?`@b<=9DgLM?I zz-esO7e|Br3$RrFNM9ww|2=E{SHurIg%?b@jKtqD+_^3AjBFu>K?f`T!c_qB%*}q# z8vlCOIktH4OZ{p$_U8xZ_}BjhpFI5Qr-T3c?!*3em`~~ zTse0aM5PZIHFb^xNzp+5T=6ap&>05G$M*Cuu!TSnHaad&?0Qv^-n&OYA;{z&O>#;~ zA!u3aSods`1vCxgr%@$ZtHVWRrLRh9y4d$4w_+OHh2zWzV^KJWMZZ}EBgDJAy83|v z*3Sl@#eOlW<)zp?i9`0F7Px+c<9-C_Z|6K_a`ME9bO(N zJW`n15W4Ns^oYJ`AvTN}!Ht43Kkb~*Klhh+?~nW&HF;sEtv@nW4b2nMO)ml!xt5?i z63KKFbctF9b1bMzPK0h+S%0TO6^)c1VxVE542Vk2w2b%mevyYsh>9X>q7ztvC7wC} zdzaMJbWwl!yFxI05|lh1X}=~MY*u#vC5H>pQt3ZN<5~UV6rlVN6~;}&=RgTA9(15o zV7~*72-jF3Fdw@>N>V?p_4ew`L@Ph8DMus3`BrcXs!yAmaYON+k@rmx0TrhlD^d~%ly%j|Qjw)rkGRbaido8#ZCqoyLQMwyS%^%qQoq^2rU;^5 zC5n_)RbTv|Xqyv$Z@r6f%d=))2=rp;*|*0M8zb0OY~j}>JsG6lmEmtyaoGjbsMCbM z0DdE!{Cydh_k!;n^S|y0iY4N}GFDVkvnXwi;k0-+2Ka86=ESj|uAyoJ>1(@cir|n_@`1?p171R1B)hGi)zau`s zy#hLEU-_2jGPa$O_TYYbCd<1A(2kf_uB7M%e0loYZ)uML4Oc@q$MW(G^J1hFbv__PoN%;ZdcMm3tDi;9mAv^kX-3|UzQ(N0NxZLKCW6{kw)nmDx>+5hR zxs_+PiJ)!Rq%mwq!gE|cZsw%Nt$WU=!CI$fo20PQjPLn9UngB!uM=VM)#Ax=?Y-)pJT->50dw^#j$b%9CIk!_VF-ivp~C_qSH3 z%u5}$|G+=}(bRoohPfUnR`Ijk07Pkm&_Y|F`(>Z>3iOyOGcyJ-Ny{ib2`g#w4m-AU z`Sh<66`JtRzy^m2FKW_P|yc4oaDic$_Zb9S_9ugzoKZnpAx| zWggD28aYQHbW@v6BV=C$3IqeLp(2ZkVX8&%pSUPY9kC&vd4O~&MEvggfBYAG-QUF$ zS;2{-7A8RR(IDx%!|&$mcTQvKTI+zGlWfrX{hr)yAWQ55Ufnj-R=+1YPXN^ItkJ3g zj3J}hKj85+7<++>@!w?uULRb-9hQD}n^ov^p>bh?M?G=y=`))XM1EZ2N4wXjjGwp)e06w56 zmcJXHow;TG*|6#x=@P~DWEa73tI+9>|7i!i;1tdt`8^6@0W`6iy1cz=`-s{z8e$KW z3iZ)>x)7j2`pBS#+I;0Tsr(#lSB_zRqgsCWlHVaQUt$URANZk*~ zwzx^A8;9l5rHt2+r6y@9;uwiWy{onvwa8&Cph&Ew)jsJnSP1Es^{_;I^ovXplK15i z*b)~Gi)-kr+^R2iy37Ddcv?cke9A%7<@>f+p29?%u;HNDsNpVBr+l*mIORwUPGOEH zX?TkBCJ;ur50*3;*uY_zm)*_2y_{)~^eq$>0~H1a)tMDHVxU?%A_dn@l&j=_m*gdZa~&;(yp7zS>K z9HF~i)ftS5TDQ?PzOGASwGhB})XAiu29?-u1f6%+E6b9XV#FH0*7o&VK3S-HG%ySU z;^_pdYO~b^Lwg4m8z*;1CBjO-g=c-vBS>YW2mQQEDlMpS^vcMv#JQmaux4#SlM;;q zon2jTNDeI^Sa92UgrbaHov6j72N%I&V#sRAGVN-bRb0;qhBxAP+J2#$%IDsK&7i5D z*$^-&41#(50Q7>dJ`W&waF$kEgZrdoT!g(LEB`bi|0f_jN`k+-#&_Z<%b9z`si4+8 zf@*GcjtAI5G_5TI=mVrx`!NrBM)M< zcic8kda-ab9SO`ehc#=X$1%-TtI^uHqEOH>y=F&#EA5%iaYEM9Tl!FrOnO&0;D=4D z>*;;`N@(uEvJ?E2Z)B2Ch(rpbD3aqnX#6gxH6UybtmBy_(jdvnxTfTWR7gS1c*1g> z@Ic^?e0(?R#>}&jo#bm)+a(hnhWg&rQl*zSlsJkeQW0I(T$bss;(jCa)dNNW3mh}_ zxcH$Dq+0vfJ(jalvvL`h!As?25ZOBHN{GD_Pm!5;yVKP;1_Gjr1}78*1&!nCrYK1G zU#Iq74_3YWPAj9NmSx>`FuXOTn)ns7y;4T#Mw0JnYPG`^%alqHY4PjVe~uY=jHHN6 zbVW4+!2;(Xjd($>w&8ygf8)Z~XX8NWMzVx{nX^($0e(#FqDu}$B^ zIzKSI@UBv+;l)dOMgdO38|z)jM-b=atG$n(po%9;<&c{S3Q#oHQ`rbLf+j7rsJ0Nv z9YOCI=g;}MX4$pPPf;4prINfNqiRa1({p<2(y(#~^I)l+E)@=OOTa`W!6=5>k3%mi`sCQQOp61?4@{W`;YDE5>0Pt-3FyduU4Y z&jX!R35O1LNw@DkH9ygm-#WRND_#n&#FQA$ zb%8Ayj$y`WkdzYe9I;s8wnuv_o$)CseXESI`Q-#R8wBQo|3Efj0gSZ!0P-Gs`DCQW zM8nuI4ehP_DyMNw#S|84ZLj$t!F*82z?GcbI0R~o`Qmy%M%8+WzkmruNIDG>;sV#3 z19542AZRwN%u5kTfKk@eT`v-t${yja=uSB{wSTOt5bxHLvdGRrIv?G>Tg<=nD_!`f zzFo@s?4Kg`mWYZ6kuQYGyvM_ELAB|xzXfhr6NEXT_-d$lCFwc0%=L+ZB>EO@+!Bm_ zdlXQqj2lZ&HE0O+h}Z{UbG3I*a9nIb8z@6?k{}*iiXSQr?OyV^(mUX=S6xeC0vG|MxYZf>P8%rPRe zcn&q$Cw~?#AB^S-I3=IK&fyUhRQ&=kt|(A_vFV1A+NZF#0}*d#6H*SFxp8p3d@5SwJ>YW0x}?64CkW|$wzs1_YFT;e=jZS1$fk6q&3_&hXgzMJKUyG(IyIQSCh5yi88j zhFSz=BQVTZ(xr_!OUI}Gq_*eST*2Gx*JKINg#ccS;zFU8l4>StO=BcjU)g$oz(pE|FUVtpa1KA8(j%vfXmn2{&9|A6mdz z9#BOzL+G^Ao>s3!sFL8Zousyol1B%Agnc z)m(T^PaX_CT|I0k2Gy(y^fLuIOz!%+mpQ#>zy2oa(*O0CbVR*XC~*L2@Wfqd*qXlU zuMGpsLisBlsD^h`M(Og~i}ib7?AD!1p%?f?4RB5`ggWl1T1YpD{f27P$ToXq$QRc? ziL_nu@mQ%Zk32hB2J4XSul>h-6KnjI&J&jA!;UK;EEATLjDINpRK!m4Muo@NNYE+A88V?DEt8sC+(=r|@ojiEMcFqgT+GiGbbVRjU51lN$A*+e9ryjD7DOL}gtp_nx^$i=r`^1)xHyhic=_#^~WW!Bwj~(6qq{M8yF|zHmQ4 zVkR5bfiU1zI?Lr#7#bAAnC z-E6=lWoF~|y$fmtDK^hh=L?mvkpavHraUgdD`50Dlt?0eHT68*x~(aU!3SKIjq19S zDI;0!Ihu(JxhWofpTiGRyBRF{@8Nz2ndCS15)*|XQg#k8uuDFMu>C0EmFS2 zIWMTt2LH!EfuN>BfhB|Y`SxF5@Vksw6vKgTb>Zb^ZMov(?FvZ@Nff z`@ks-?yH-TcU?xx5c{}=1t{Zqsm`lEP+;tC?!46@>oxhXEshUC4aq83qycOa62S@0 zj=55Ed&m;{9FV}PR+(w3`hn)D( z0QPA>SyT+DJQ6a8Gtw6T65x<-FXO*#sX*uwuOSXvyzj^ah)*&|!miXVUYFsH{ZNo* zN4;Iv1t4429_35#fg4-pY%1;`$k*hJ6kQOS)YQ=Uq=Evd#+63{kDcb6(Ya<&scyIg zv|+97Y>T)T!>xS4_XN0nLAmH%%|uXRXa+3b8yXh9*xNF9;ITmyb!j%dE*oG2rr{HS zu&L7=Ldb7(4yN&S^m;x0|SGf z3zFfvfy1%lsqRDYw55fdbJUD5e4096>1Y4LjqzZ2C~0Uu)Fmb-CuidYcspJ3N%7S4 zc+(hg;?Ue$a~}eLs4HMACN*@4t0Fg3ZF5QD*RJ(e9{;OQf~}l7Lw@rY_sa(ULd?Q5 zsn|uDgrA(2w)Ox(gpWOW21p44ZS$(l`!L6?OYGF}B7ie$2?qGwjj$p>c#w=HHX=8> zQa%qAnZ1@y*B3oqko>V6fK(++sIGmJhMbtB%$__+E!+BMsXV;{eEF^A;Hpjsv7iGa zCLMKO^FFNp1R{a`x=K5<*C-O<_W|325kPs8XwZ+7!4}H8l6`s~5I(m6mbco@iR=H2 fMjf~A7)43oRbCwju63FQ{JEp1^9Nkz?xX($SdgJI literal 0 HcmV?d00001 diff --git a/docs/manual/_static/pictures/rtps_message_structure.png b/docs/manual/_static/pictures/rtps_message_structure.png new file mode 100644 index 0000000000000000000000000000000000000000..fb402a49d72902cea3a0f094ccf84f184390171e GIT binary patch literal 14897 zcmeIZWl&sS+vW>RC%6+_g9nG;je8)$0|W~YEV$FSH|`b)9^7361a|^~;O+!%+-K+i z%scOMPSu<yf%_ilD@dOe@(N7ZpvgyQ?5*1 zlX!JeQ?_x$s$_6UFXmLqi}_p^3Gm$2C=N9awWs7|tZDop-I>S^eCeFw)0bu*HwLGj zjGZ;E<;63xohRX)$L+69$4VH45xpRy_Rk~J1MGsZ@HFm3t&}xm7u2Ds{K+S+v>{bh zZ`^H<1a#ej5{1qiuvgnX&gKeE z7WToAa29m?+b*uJBO;OLL_E0oi%81`q9K_crL) zW}K!YA)`|aHT`kw>ja#xP|UsHfiZ`7%4sj+{U}j34M!vm_Mi%MKB7MIk(A*+)!pB8 z!gvhQhBxeQvFNtQ#Wmjw8cPOodgMBZH}N={P|&S%f!RqTV$~ffp{6^yvpGB!yB_o* zE@YLKk7I(fe8qxdM{OMN+caGZ4))NP4@kCe~P&_ zF<6kZ$D9QhR_*nOt?f|w`8$~4Zc^ncbdw~4<+EKtThsLNWAjK(`j`cnZI~im_!QwI zM(_ca;hw9(th_!w+R@itpgf9smFKjGcq($)O)s$r=R9#%$^7<^%w7u3a@|E@#r4NU z>I=kq66;Ii<4`QV)em8n0nueM`?u9NZxR$5+s~*HddgdewP8lSDF!#o?K%kgeiGjrDUv{W>Td5TSXK z%6o}A{h~BpE~yw)>g$0;>!Gy9EyL?UNQXFshcld-XQ_Movu7tC#$)3>#~O1VF?Vf$ zRhr7Z>$<0)(k|}@UQF?u(C{Da7wh%jcnTVLSItLnoB(kg;yzi)68q8A&Ofh#s?30h zXR!iy&3MGNZ89b_4%{fWEt-boC?+*FKmy4^L_WIMXUc=Libpd8F2Gbs@=K| zl*9a^{hNq9%^D6_)t$-les94gN?Wr&pG7iLZ%Z_{%HsQBttok)J>s^}AA%DZF7(qe%h;P`E8>IThqeoUNP__vt#r8 zQ?nA2{u*oe{ll}T>yz4HAC4z>x`W9)_}f3%!zE%HA-c9rtlMi3a-4tqblg9!(Yo)3 z31W6|u(9`c!Lkw`4X2pi^>{bY z)cl0b!G0ihhqWCY8gYF%vtsL}iz9t&=?So=PD7u4(-D16A`yI#H_xo&U`?|fw{R8(d8+%v zZnLdP4egpb>E`Tgaiuh_W(hS(72LSB*$yk;K#fhEaHgyDR-a$g9cRTmTu)c%vGHF6 zdi=w*PsbdYVad^2WTmGmJIQMi^@j3?8hvWNY0RWh3A4VXFwYWDg)eREaE}B>~5CiY>s||P$D?;-lg0#cc@6E2y?%4J+eA&3azv* zRg3+O=kZ37p6eIhA+AHOA_^D3aO2!+v-QWibtUHOd#iJ|Mwhca8 zljD07gJ>=iALWKRI89dVeu}gmo8G(@K67`wQzXW5OHvelzv8?-u}B$GKAha(QJpVD zN_SESjfdE_KbUzno_hAU#dLSlAdwB`?J-ogDX{Dl@`UK?x=A!Uunbr3Iczz~+BVLz zjt!33s^UmevQ3YVE;e{%b=XCTtIDveIbNDv1{KaH!>-lVy>}W{hn8nrf*{hW zhcjVcL){q-FZN$4fZ)qv*BNkqz2$E<9(sD&GQqt9K6DE6p12%aBT~z;HkcoDF9vv$ zaPwe_>5UB|kh0MVI7=B0+D6mjD$iDa1LxRkuY$fq8&?PDrW9G2uVi`m_zD~ONV zxE+}d0{;?v+!oF8c<2{cy(i_+ZL_t*-Jb@1Iu%>iK7Xf`jkrM$-p|Uk&`=H*(JyWU z-5yG=I(g{{a!y1|X@aW9%u^>*!P)ey+hVt9lAjN?QVeZ{iS)~~ z_9(I@^e9P3(_i`p`33#_BvGdkGb|MU;!n8WH5Se(z2uN?W7Hj zYuxYw|9Wpz?6frJDqB$=ySU^z)LOKfa;pH1t}lA31v63^h=?KJciZIRMZTO2S5Gb` z(6ad!Vjz}mQGIgkerKAX&`AOwDnWCg^G4r(=e6bw$MF?*J@|0gX+*V6!%Ke)oCE{ZKiQb$_DM`{&IwKr^{TQW z@sPn>qsnl7?)_T=WUI6)sq>s0O?maGbh}$c->RZ3L6+SBedVPLGxl^~;2tshlqBaO)ilNcD`R69NUIxm2=sufRuXfez-N5trwZ;y)blp-H> z;yxknX#R^eKdL}N=NELj)#EMnZX)FOx&cTgxJ1AEzg*O^11ljveXOPzDN!kV=gD%k z7AtCXH!kkf{S`rrrH?fqFtRKdZMfEf?-&IGn4&}6Emtn=caK<6a1(9d$5AL68Y#vr zb9NuKZ&&14XRuqTL=D&Nae*-z)aZs zt}F>JfyG;ea-PQwlP+5kln7&QO;U*Sy9Cc?K}M#g4DEc?8Jb)zX{f5$DV`h}gMU3}-N4OFbF{-K64D@K5HTauTD)iZ6iKKT(Q1=p$?AR#@MCVi~uO zhOoMDl6yaU=x3{{(Sbw(({=*74Q5KncXp$EeS6FJxn%|I8a$iP zd*#QTGKp%Vyo_agVBq}NO9r{Op zKZQ059M7e!^o_l>;iNy`{c8cVjw>L4GMa zyF@U$wU%+q)zXJ8r((e|9hKBu{kgX*1YK9}V6OSb2Cat>N|z-B^MCN*jSpg4S#+2l ztOA~1tT@!+m1B*stp4%Bp>1#j9EU8w|1scEOTYaA##*??VF}qQfcjvuCS!R9EYFqn;nWN(}7ee^uxo9v@5E zXMV-r`%CdXZMCwSh6XX&x0mB;(!!#TcM+Jiq|oG-(aKre4LRT0D2PsvQ@?9}PH|^8 z=YI(krqYh23A{6&-{jgQn5rJVJq#G>qLf5w|kahsp! zg3Bbk<)CEwHW7q*lltz;>3uC9G=A!Pzs`Z##LERm7hVpb6S7;v^S!MXUAk z%sBVNbsKI7oUD;cj%zA%I}m&s_KKE8`NNwq64j1&k&}S{Q+J<-Bllq}9PF6@5&Ns6rJ#xY&Dw4+>v0_KbmxEmn;0q&s@ z9Nls*LhagCmn8Q?A}F^|yg3Ijy7UZ?G6k0G*A@hN0OZ}qoAY!&;HhDq{qI%cbM!dEohZKjXy2QZ2hL38Hq zayl@9R{pp3N&Ug!Loaz~+e*EalZF%#wpvT!87+I6uvD1=qAa*Mv>>~Ub8CWT9Ma>s z-kg8@GDqucT@dbY0w!4_UmA2^IPJIWd&T(pm~rpb-?EBKx@MHWrz(e4$G?$FW;5MU zvrpY3sG1yv7ZyV>nip`^tYkkmI=J$xHB(U^yM;#BFYT z_3xq;cEYr*JSpKAGRrtg{8C9TRgMHTNJ{hFYt0OhxlEvsNp7dV;lYz;rL1kq(GjN6 zHEiqmT3QtejyN1vmypB@r#a&poU@{?V3O8Yj!j(8D1B&aFhn}!ZPuB}@@T9%!MY%( zgV!xb-|IyROOHkwsGGFHJE)=-E8{1U!SpP+XlM=lsgskNe2>FcjZCxFugO!lWv`M6 zvvR!xOVRRayBYb9Mlm$24)BxIOq=+k32pB=hVsIikIT_C;!uGQlh(*dXWAs?#)e^A z#|2qcO4|h&YXQ`zWQ47?507OT;KjeK2L1k!1V1Zak*U}kpI7L#0b2hr=;$XmWTIPx zN)k-?iBRX~k8xy6sO-!o$chmW6ZJe4RXl1i^4cD$MFwF8<6t#*9`c4#Vb82=&bp_n zhbbr|h?@H~PF#)z7UCc^-Oo%^f<%q%>?Tk?(Xc%oJymTX_@fFxRcqP-7hJnzCa7!@ zE0yaJ%^gZ|5YX2}w>k#i-`_u78q1oXT?{hR-zyY)5fj_Lffg~%BVVk@fG!!K1OGV8uh_k|SBmX!Xy z<0O-#kyE{rS&+I zgaM<<=1FP>uH9JvJfpkSM7)x?RakRiBj22|n}_4OzX58>Ck-{dAbRD|ZYn~^g8fKx zI1{$6#i?F73SHKyjEutbqqg}5-KLi0{z*((C32Bjnnn{KXS}!d{Z;Pvu_tMx%Hg3< z`{YDljp~X_0BqNGR(yVDn8NX+R#EHaYgRqHu|K{Bk^N8SFGU|t>@az-1%I1ctt1WI zn{4ng7r65hX%VL4{7fIt?7!$pW6lt^+`sq=wQxz=du{9E@T}ojxhppv$$CfyxQEkv z68?9TmiV#B?`+>u4w=yR25Udu4r{l6&Y(keP>q;*z#dIW#;^H^b+{7zUAS?5jWIKB zEG~s@eFq&X=)NEPLjIjlBoX0g!sahEJyiqwEipqM)@kN3{Na*0ryX@ltUZTuv>JzD ziII*U4R6);hc~dThPaL|QL#v#u^mF0%u$BIdxA5*_`Hh`y4GpySq_cuNj**YrW4E> zV>$EC68G`LLWfG9P0NA9Ciei%PvRaMl(KtgPZngYk?ai%7a;?k>CVqKl zY!=~!LVa03xJ5wE1W!x>S;1R#Qsk?{#AJ#`M8rvJsZ1zJb(z=2Gw0(uvfyV#bUC3Z zygb+r28s@XXW7rlWq@BY!Z}GxzkTUBQPtuNm0Uj8V0S8;I}`9ZPzi*j^}V=bgo~nI zLC9T5pl0Ml-NA4iH`O3cSL>x9)P#aHH@ER0muxG%Bho#SGSC?r!806B8nz`HOO^_+ zMwux=pY_*4a?%dnQ#_Tvtu+OZ*NHHFk+Y{p-7V9|@73CwVDh)XB^1JOY6H8GUHKRL zT%7xPC{bq>|M|A6(L^T`T*n{|RiXS4!__y#j5rhs|GD?m?865@6Ek6#_Y-gYNkrI^ zfbKe5@UWEwQ7RGk+a&VT<&7U4kkmqTUy^?Vnt4d-4_Du{5dGhQgec~f6s5LCoeNkp}*pKK9YW=5XSqm*~P_ar(Fi{6~*N*jTomI~M~+HiY!z&g3}7WXxt`_3&^@VZ*;U-cJ+!dDKO_)(6|5 zb>=evdxbe=!1AdxkB|IiFD5=r`&j}&`WSJqKmSo3Y3hnZJZ-Q^Mw4wxfyu)S?>?)3 zARF3>VAOvxQvVhRkQow9zRb3yTMOIGqZzBXaGWr^S#wE`I4U!xCXlFJR}m>I>o;tW zaWQ-;n(jQBd#ym#rz8PR3`LO~{PNElvl=8H6dWYqXrI?*ZTP3SU^IYk^(AQC)mlQ~ z*_$`Rv56o2kPB|}e7_zlzA!x#c|+;AzK~!Qs{{T-@L_dlC$J8Z7txY99S`Jj9(~WV z3;H5$ai90d5!+uNT-0L5q`)qhdVw793A|{$?SKD0^t4n)J4N;O7}rc5WGk61a7PXA z+1LX#4M6r{3iDQR0^aKE&YQRBM}0B^^3;CZ0nsy&A)y{bT-pP)l5)r!bsTL+lqKY4 zYb{!xR3J@p08hrx$o>xrEOVSwd+?bK{cmy}ExsRD&)K_#0CufrDQbXM zO?BIEnx0cV$+eOWb^%#!G_Aek4!3rQn3bEj%@$&(@CCke6j?}im4PdNG9rM14`@{k z62rfKrJK5V%<%R{uwcg~AeRnhCev@S{Oo4Vg#f(!|H?g%pG#vj@+abNs_LRXMPlyq zUh}n*4I=<2xx^JnKYs?~LC>#eFP}+{PM184Ao*!sGDw53X& zDx2C#4DHW@QJC}M#m;MJXpr~hW7uve7%X?8l^`|@(2^o*l{8<_P4JGI*}jykv0n`&%L9LNxxzKToyMkF9A z%wd-xa|k8XXTVl%*81&s!n;k~u*0j@cY;QZh>TP8YFP5<#-`|y7cWO+6@$kvXqtnD)K*PKo|V)XacO3^H-L&NT}TPuOM?!R{ZcsE zyaGR-pa;-oqkk55eHL&BVt044@r7G7e(wv3LqKH$A~88O@TZrcs8E(vRpX$>B5eKO z5(mm0;RstfXk_R>C!h<`|4ElRJE(@)4;5F^Wlh1VsrQ{~x~N&vxJBPn$1-UVV;EK! znuSODB#C=|6}0;oVebaqu1Zt?gsvp~dfZgiLOQ+|sUjc`%JStD3civMS9$H_)oZTD z{;&}NmPf$Ma^RYIpWCty8VXla)zyD4wJAR(qo036`{(ctrGcOr=mr@lf%BOJjR-TE z0S(gFz8f+;SQ7`Te33&@QX;(5U?>|rm05L=W z^Vl`7j1IqksREWS71XWJtVbCVzi~3S5G_i3-O4q z+&HLplGKOSDV!l#FnVV{DS>8L%092_0`I~6aH*D9fI@hH3b8Bvn`i70eebTs^b5{Jz6a<0^b~r6We~cq|Dshm22oxd(;t1W zRYmX5Gex31+YKQtN*CUfHy#uZ6&^}&$5^ER&PWYnbo>5%I93c~&|X3-q)BPetcycI z5c$)>r7=?N-$2LO%8DD0f$tV77<}D`w)&r-!)gKYZ-|O3@Wl|gaWjA+!lB$>_#+53k~(N(lH!d20n{+^LudMZeXEV$(~hh4obIXj z@zpivZ@he@s3lT7#N*gHklnQ3L5kq|WN)aH4tbstAk?7Ku^-nNKq*IkF(Aj;`-HbU zE2DYzE&)d4iT?8bI}VAMtftgf1naRRuIQ6JGv3{~1;Kv@bKokW&5Vm8}>s zJ{a^Y)f{Hm9mJW^vF}rOM$6|84GbkDs~O8qRoY=gYCe)=8lGoQi8^GukERMW%x&R?(xxsZ zJ9CYTf_7-Bg*X#LU%mT+*9oy4 zW;Z~M=hV zMpEgo%{9}0v*PrH_di+{-raVT9o>GWNHKil7qiqfSYyoN7iwIM4|$vcbU-8 ztsW=E6&cA&0ZUZcWJWSRTbtKsu_?Ues&)!$@Y81O#d!-<)8Ucsv|G(66hb&LsJ;O0 zs|Xx-A9-9WsTMe2$}J6E#dUd!Y`Emm0|K-|N-yY-=#%VxA^}efY=^_Du9D^$7lrv? z-c3nJ8Bc}fe~5Lo?MzHMRF9}O$b5a;A97K{S~nfdgw^=4>uO+g#IU8_p6zhb7kSQ4 zS;9HV4FVoFh~}pi{*!oMg$js15Sfr3MZf;OklQAlYaI(uuF!rrz#Y#ow&jgus=vOo zeH0tIF=QIySXq$2aol#JkvICGS?QP8htd`HPSyj5e<9WrbIq;8_i&Y@94s`FsOc1& z$$e_Jf}dEx;&GUbPrejXKvwM4GCdJQqKuOb5x@czi3V;qM8n9022cz`fhK-ndGQyB zLsBpJ2wx%sse!=r|A)H7B=k3Y!skX~8(^);4$Q)ygh!G;qs!I>i5P=aOt@)97yWE; zJ9&|W1z5FW;^fp?NUZqCxLCQ+a%gBmF)*b+S;TgW{|)C_pl9?in3yWW_j6$bkc zm=TGmM*EMpJ%S*=k9lcI>yXSMJ3s~o&s%c<`PIbY-_qjY)p%xpj>5mDrFA=(6mqn6 zdP9jGd6B_ss~w=94FKYE>5n^WJSgzuP8*Y{jxYNkD2*ujVrjd7;~XxYzAZ`p4I8`yT6h7cw0N3VH_cN7kjuLT zhgUb+dBnq7<-JjjixsbqN@ffsy{-&OhFMt3`ADnJn{S8(J=&z!i{FF>FQ#=yOEK@_ z8-$=DS+6|(EQkEIDV5kcIU@eaBI~k)25mbZF>&9{=l{vF79aE`Jfdo|7<%0uU``f2 zr-ry?gwB>($_peV%|%Ruof%pSKImGFaP5{Kp<#K*3ogP9g3y8EOa3JfWLZ5yEV3Ej z@MqX7^cM~t{!%A>!dY*`o?LG5Ag#{ylHFbOYi*A^z3%tQ9P7WZpMG8>)IhgvRB7Sc^fa*P!ewl1eC@>iR0{gA?<=w^(k=Dn%M>^IP!Om?A7nYb8 zhUpF)n{j+ds)QE*mtYRpi#l_n<)$s_?Uj#r1;w^or!d~FRJS{DtE`M7P&*|Fr~x?` znHOXw(9!r1a#Zubq~kKXr?Y%dGi);N(qT)N`umb2(IK7Ple`(D2AvSSmCZjX>!{Pv z+^wehAyJNHAT1rrq-@u6fYagWyml53k)Goadq8j-^#PZzXuo39*_;bYg({`Kra-66 z3~r7QTdLBqd_@Qqr0q{Ke?5e$Hq^b%H4b_Uyu)w(1U_$1ICt0WDQ&E_XH3>~i&2ZG z*$nVt(^E2uN-Z1fXipN@cg1d?8l$|XU?yhIISiKr~Kf)*GV4^1O34+ z3o;ti!v0`O!mF%_V1-VC#Ub%@ie4_FFJ!m(oR%S)GIHQ2b^6fhC%h9n&`s})*>*A1 z2wSWwL7Sx^lcfeyXRJTbh~G`DL%IMZ%M6Ym-_FUUqi{1=`mvn|yw5g+3}0DLyRX+! z`J{{x@lFUp3)mSFD<{TE#NyD``)B>j9Q|Jx`hF}d46FBn&gc+JQK!=WRGB?cwz*ce zdJ=~FBul@~kSWVxIW_CuAK}0ff|Q`jv8mXCL3I=`)5w( zYp_D+Ah_pnHXt4?F)^8jxgG&q=|b*Fzy*LDzeHpy9Vh?ykRzcremc(Y4COo$Q~Yfd z$35!xB^JwPcp*!eRANV}Mf=RaYK@Fv#H+b_5Er8&=H6a10BGB*LAReG4$lD@r^%Zb z3@qg2ik;eVu*hFP)%RFJ(?0{iUNIBAJ^}%fp2eS;{-%-w$>Pvcoy|{FQb5&G^O5$}K#zC(V+m0Swzg*?~rRY`FuTB3UYv+N-=igytYSSuzWrIDd z{}e6N4+3A>pIq-XKkf`7`OS>8#B$zKUSB^e`ONyyi9*C}-U^OU>ceh-C>LSv0tM(D zYZ>RlcPL?$-&%eE*#+H4G5`3sEQg$-(A!ii4P>Vhh>CeYlj*{7Nxvq4>N6nOI$*SS zoI%qLfuOn<`}Qm~!x8K)HwZ!xT$3Ka#Qp%%F$3M~39DLPN_dyGM5#4P77j~kux9cd z^6v7vLr>9ttdF3C)QG|;Q#0ufN7o*yct;JiL;1Pvaj={gg!Ua#xvqgZSH{l2)a5t6 zfYXV7s^=17gm2SD@CSik^l%)T(^m>1zJs{u#LlHl3Y-Z4RK&-qoQh_RPm`ZE?_Vbs{v{~%vB~GpN=$tHZ=?06Lz>FIDsItyFkuoz%vxmI z6}cBZ@)s!6B?$$y^iuLAeg;n0bCe~S}@m?PAX>+f9h3kQqxJW7A1h4s|I%a~qQYH&Y16)2{(v zl4AWHfq;MeN8L;s^zLr~?->sZ4dMf^NSx0Uj)a20N&;&eni=3JyrmU~?p7*)!9^7a z1}b<2BV|G0b2&fwPs1#3T0DC+|4Z7KNrG%{bb~%fXDYIyO};up6&~JCGQ>bTY8;%v zTR&pzDl(i&xdeiRU`X3orCdK21@2E81Vjnd6YR+KmAdI~tt3 zZ|O^v7^beS>$}z6${|WbM)Hp=#X6ru{P=!jWL4IKOCsCr!Wc-5mUC&&b-IK@ng4XVU>r;e0HNgqV>_ z5swlGOq#lP+55)q+-m%J?JG!F5?gpsV#h|>p3>*lB8&obsQ)-AqQ#GzZJ1=JS-CdK zS$+=bjHSSOK~j@eyTWiE_q*%TH`H57q-M)!1kv;v$wN<%?dhktEXvf>*%$5{kEWO& z7rWuYW(EtNzpuBM8~Tt5^Oyf<;*ug8TdKce>QhdSqE{aOvCep7POITUiQb&(*Zezl zs+%g;=ckF^kB?fqUpZpZ)ZDXfaKg04RHyBA$V=a|S~peo_GV_JuM~(|$H~Eqorq^E zwP+PW;iD8!UIuRo1O zpkSlNouKE8=r)nFq_Bw_sWSiezI+=fFM4yY`&Dr`nU0$MF*_T<>uJNls{^VW!Gm(s zmdLZ`elypsCL+_D@9r`9neK8gIvma9AG4-K|NlHii0Gp)bwL7I4w9+75CWkn)Roo) z-kP;81L@l@xDzhlN?z;m>w5zW{5urIg;MaIsuwg?n3v~{w&XsjiLiI;i3&UzPJT?Vk$W3cY*yWc9HdjO} zhv?QgTuB0IG(;==f4~N!8j^wfcGg{Ic~r8>KL$+087)vk?H9lPA*ufx{0?Uqo2t(s z?tv;rIP1MB?_mZ+}p-++#kf!34gr{{F5c)$-7t7_Ho?0tdO z-4zWFHDU@7ef0t|lH&dDfI8!12lf|4)TSUHs^T4#C4v{TfYzh;0ET=gJ)pKzKAPv# ztv&*+t79oMaS%HYrklXREcA$1fSIq!mx>z+&mI+VsGELPhZ(g=3}`*v#gfGODFTt5 z{m0lFh0X^6VgE0=L_evm>hq2m?FuSaF|Rf+Ugf^nR!rP>GXN(SLiNi4y0PjAijIXf zw-Y{zz$yQmpAiL)J@J)yD@V}yy*Q{G&prq;Wc8+6?1GGVdEwMt@pyJE6k|VE&~-@4 zsRtP4b&8x3ly7XC!hbCSsg&)9e|0GOpS*uR{QlHZudD^38*tWFrSAWU#SzhPI!J_V zhw31rTCm6P5JgjWE?|dbn77w|N;3Os-*%avnusjN2N+TOXfGl0+-|wL7RtoYrbi9r z!}Bq?B83*2FaGQGrHw=W!v<>Kuo`6A|HY20WX5^4TAebD)(n6o&5+A{p9qDpj-Z@^ z-xfO6mWZ~br?K0!%-Ey2wIIBodX!J1O{D1NZHR%r#?}AWSYRj#YIBxf$|4#X~ML?+`6z{_(@wytf@kO@xV@YbOH|>|-S)y1-6K@;_{` zi5i5f-6F$W-Y5E(jTQAMH=ei~S`k(3d3EKm31CS~qgVOrjRUP06`vy33~Il-ky;e< z!3{v_Vjq-})~UbH*^5@(@w3;ID1W7q77$Gjn=o0eEEmdP{Fgla0Dlgcu@EHjY_Rk` zX!@D#iLK>?jVqdxZC2m(c<7ZCi+8Zo+F*TlK~yJcQ}*@iVcF5v4`Ph}r+hc`*pX9l z{NQJ3o*tMvG8gmHPetkIs08Z z8qg$nsHs+^u^#Sh`^X|_#29?Y_j^4=*V9#=6ZGHYOrW7px~)6BfZG|tcO{w+xuL<2 z#tvB$Q!{iA8dWdjP6-%kkx(`>7sAz~%(ZiEeA5;!N;<>Jmj1CoC%D~TnCTp@+@MD@j9 zSC0-$kw5%NE_5(Gwwf3e)6k@U|DuEqro7)TPwau**7i{Lsw)9V0j6+^cxI?Cb{UKQ zIPtHNSvbW;^t~h(dP1ViJU7m(i87;H=Pz`O`8a+<#np0E&!=Uqj;Jn(!MH4`bX<%Q zMfpix6{v61eWdVTZ==%_xT0l6qC)fvEMuA4EcKv7ncK%6rgEn>G`SNmvZF}S<8A~ zrE8dLYi9=XK#}v!h11&E)1jgGli_Mr%r}aW%5BbyvS(UzB-z~f%Y6{-5=W!r@~O5r zz^m&)_wfWXD940#A7t#`=}s;1qvEyO*LgoH~cd;I@TVtss zA+Y7fUK!M!zZ0kBLFg9gQ#S|xkk}s_p)>1cj1*$&wbLt7T{BIW?F)j9KZWig*~xq= z-0oOul7XVUmg9D%VZK9p0?0PDnw${yn4$#jW>G(IDJT5++`1yAeh@|_??hG(1^pj5Ma?s4WQv21Y;_oG`DE0Xe)uczjh)VSA`erAEyJc2U(jP{!efy_3sr=XrL*l0 zP?kVu#&p?oe~kgAZ&8ox)+^p9-Yn2#1J>q(2Vs@Ev0anadEo{ul5NNv)P#u;WJoxUz< z$`|H5dKHA+JHNn}%n1C+2#BZEx0_{4CtDeJr78rvI4vM=H?kP|L!V40IidC#@AkEFRL-KskXo_9K@%dg6*3in?DQT(d#h$Cu#eB zd5nD_tVf@D@8TM%Fu)YuB#4+-td?e}_nOdnzjGmWc9X1=JSo!*9!uu_+KI?#Y#s*R z=e894rYO$=c8j#vxFdl9WmLcGK&6y+-;K8OhwjPtkoDp4dcSYYkWJa0#DcX?N4Veg z1YU_S;^8miSJQ~#0=wNJ+K3at&dTEV6MKu3PQZSy1hdNrbSO_)5-E=?PiN>sF)5Y5$%(VT^DhvcyxAh_lZv=B zb6XnJZkt;QBya8Xy(!oe^K+~$IL>1zqI*(vCRd_eE{EyiDhxWh=8~?1f_i1lGR@Tl zrhUd5Q;9jbEf_BfB8tk`Va>~%*6d|5V7)h;{lnP)j~O_dGb9p^KXx~%0>&P5b_u8- m$wHc9Gfz%k57YOb5F?ZiGZRa9|85RNP>^{iT_O1~;J*M0DrDUN literal 0 HcmV?d00001 diff --git a/docs/manual/security.rst b/docs/manual/security.rst new file mode 100644 index 0000000..b8ae578 --- /dev/null +++ b/docs/manual/security.rst @@ -0,0 +1,646 @@ +.. _`DDS Security`: + +############ +DDS Security +############ + +CycloneDDS is (will be) compliant with The Object Management Group (OMG) DDS Security specification. + +This specification defines the Security Model and Service Plugin Interface (SPI) architecture for +compliant DDS implementations. The DDS Security Model is enforced by the invocation of these SPIs +by the DDS implementation. + +.. image:: ./_static/pictures/dds_security_overview.png + :width: 1000 + +The three plugins that comprise the DDS Security Model in CycloneDDS are: + + +**Authentication Service Plugin** + +Provides the means to verify the identity of the application and/or user that invokes operations +on DDS. Includes facilities to perform mutual authentication between participants and establish +a shared secret. + +**AccessControl Service Plugin** + +Provides the means to enforce policy decisions on what DDS related operations an authenticated +user can perform. For example, which domains it can join, which Topics it can publish or +subscribe to, etc. + +**Cryptographic Service Plugin** + +Implements (or interfaces with libraries that implement) all cryptographic operations including +encryption, decryption, hashing, digital signatures, etc. This includes the means to derive keys +from a shared secret. + +---- + +CycloneDDS provides built-in implementations of these plugins. Authentication uses PKI +(Public Key Infrastructure) with a pre-configured shared Certificate Authority, RSA is used for +authentication and Diffie-Hellman is used for key exchange. AccessControl use Permissions document +signed by shared Certificate Authority. Cryptography uses AES-GCM (AES using Galois Counter Mode) +for encryption and AES-GMAC for message authentication. + +The plugins are accessed by the DDSI2 service when DDS Security is enabled by supplying the +security configuration within the XML configuration or Participant QoS. + +Security plugins are dynamically loaded where the locations are defined in CycloneDDS +configuration or Participant QoS settings. + + +******************************************************* +Brief information about PKI (public key infrastructure) +******************************************************* + +The comprehensive system required to provide public-key encryption and digital signature services +is known as a public-key infrastructure (PKI). The purpose of a PKI is to manage keys and +certificates. By managing keys and certificates through a PKI, an organization establishes and +maintains a trustworthy networking environment. + +Public Key Cryptography: Each user has a key pair, generated during the initial certificate +deployment process, that is comprised of a public key, which is shared, and a private key, which +is not shared. Data is encrypted with the user’s public key and decrypted with their private key. +Digital signatures, used for non-repudiation, authentication and data integrity, are also generated +using public key cryptography. + +**Identity Certificate** + +This is an electronic document used to prove the ownership of a public key. The certificate +includes information about the key, information about the identity of its owner (called the +subject), and the digital signature of an entity that has verified the certificate's contents +(called the issuer). If the signature is valid, and the software examining the certificate +trusts the issuer, then it can use that key to communicate securely with the certificate's +subject. + +**Certificate Authority** + +This issues user certificates and acts as the chief agent of trust. When issuing a certificate +to a user, the CA signs the certificate with its private key in order to validate it. During +electronic transactions the CA also confirms that certificates are still valid. Certificates +may be revoked for various reasons. For example, a user may leave the organization or they may +forget their secret passphrase, the certificate may expire or become corrupt. This process is +usually accomplished through the use of a Certificate Revocation List (CRL) which is a list of +the certificates that have been revoked. Only the certificates that have been revoked appear on +this list. + +**Subject of Identity Certificate** + +This is the identity to be secured. It contains information such as common name (CN), +organization (OU), state (ST) and country (C). + +**Subject Name** + +This is aka distinguished name and is the string representation of certificate subject. + +ie: emailAddress=alice\@adlink.ist,CN=Alice,OU=IST,O=ADLink,ST=OV,C=NL + + +************************* +PKI Usage in DDS Security +************************* + +.. image:: ./_static/pictures/pki_overview.png + :width: 1000 + +Alice and Bob are the DDS participants who have their private and public keys. Identitity +Certificate Authority (ID CA) has its own self-signed certificate (IdentityCA in the diagram). +ID CA gets Alice's subject information and public key and generates an IdentityCertificate for her. +Alice's certificate includes her public key and certificate of ID CA; so that her certificate can +be verified if it is really issued by ID CA. + +Access Control is configured with governance and permissions files. +Governance file defines the security behavior of domains and topics. +Permissions file contains the permissions of the domain participant, topics, readers and writers, +binds them to identity certificate by subject name (distinguished name). + +Governance files and Permissions files are signed by Permission CA. Signed documents also +contains Permissions CA certificate; so that they can be verified if they are really issued +by Permissions CA. + +Authenticated participants handshakes with each other and generates a shared key by Diffie-Hellman +key exchange. This shared key is used for encrypting/decrypting data with AES. + +During the handshake Alice checks Bob's certificate and Bob's Permissions file if they are really +issued by the ID CA certificate and Permissions CA Certificate that **she** has. Also Bob checks +Alice's certificate and Alice's Permissions file if they are really issued by the ID CA certificate +and Permissions CA that **he** has. +Permissions file can contain permissions for several identities; so subject name of identity +certificate exist in permissions file to establish a binding between identity and its permissions. + + +************* +Configuration +************* + +.. image:: ./_static/pictures/dds_security_configuration_overview.png + :width: 1000 + + +The configuration of DDS Security is split up into two parts. + +- `Plugins Configuration`_ +- `Access Control Configuration`_ + +This section explains the configuration in details. However, you can see a concrete example on +security section of Example Readme file. + +.. _`Plugins Configuration`: + + +Plugins Configuration +********************* + +TODO: Update to reflect the configuration through QoS policies. + +| CyclonDDS gets the plugin configuration from DDS2I configuration elements or the Participant QoS + Policies as stated in the DDS Security specification. + +| This behavior allows applications to use DDS Security without update. Only supplying a new + configuration with DDS Security enabled is enough to switch from a non-secure to a secure + deployment. However, the same DDS Security configuration is forced upon all the participants + within the federation. + +| The configuration options are bundled in the ``DDSSecurity`` configuration section in DDS2I. + +| Every DDS Security plugin has its own configuration sub-section. + + +.. _`Authentication Properties`: + +========================= +Authentication Properties +========================= + +| To authenticate CycloneDDS, it has to be configured with IdentityCertificate + (DDSSecurity/Authentication/IdentityCertificate - see Configuration Guide - DDS Security). + This IdentityCertificate is used to authenticate all participants of that particular + CycloneDDS domain. + +| Associated with the IdentityCertificate is the corresponding PrivateKey + (DDSSecurity/Authentication/PrivateKey). + The PrivateKey may either be a 2048-bit RSA or a 256-bit Elliptic Curve Key with + a prime256v1 curve. + +| IdentityCA (DDSSecurity/Authentication/IdentityCA) is the certificate of Identity Certificate + Authority (CA) which is the issuer of the IdentityCertificate. The public key of the + IdentityCA shall either be a 2048-bit RSA key or a 256-bit Elliptic Curve Key for the prime256v1 + curve. The identity_ca can be a self-signed certificate. + +| Currently the IdentityCertificate, IdentityCA and PrivateKey should be a X509 document in pem + format. + It may either be specified directly in the configuration file or the configuration file should + contain a reference to a corresponding file. + +| Optionally the PrivateKey could be protected by a password (DDSSecurity/Authentication/Password). + +| Furthermore the CycloneDDS configuration allows to configure a directory containing additional + IdentityCA's + which are used to verify the identity certificates that are received by remote instances + (DDSSecurity/Authentication/TrustedCADirectory). This option allows to use more than one identity + CA throughout the system. TrustedCADirectory is an extension to DDS Security specification; so it + can not be used when communicating with other vendors. + + +.. _`Access Control Properties`: + +========================= +Access Control Properties +========================= + +Governance Document (DDSSecurity/AccessControl/Governance), +Permissions Document (DDSSecurity/AccessControl/Permissions) and +Permissions CA Certificate (DDSSecurity/AccessControl/PermissionsCA) are required for access +control plugin. See DDS Security section of Configuration Guide for property descriptions. They +can be provided by data itself (with CDATA) or path to file on disk. + + +.. _`Cryptography Properties`: + +======================= +Cryptography Properties +======================= + +Cryptography plugin has no property + + +.. _`Access Control Configuration`: + +Access Control Configuration +**************************** + +| Access Control configuration consists of Governance document and Permissions document. + Both governance and permissions files must be signed by the Permissions CA in S/MIME format. + Participants use their own permissions CA to validate remote permissions. So, all permissions CA + Certificates must be same for all participants. + +| The signed document should use S/MIME version 3.2 format as defined in IETF RFC 5761 using + SignedData Content Type (section 2.4.2 of IETF RFC 5761) formatted as multipart/signed (section + 3.4.3 of IETF RFC 5761). This corresponds to the mime-type application/pkcs7-signature. + Additionally the signer certificate should be be included within the signature. + + +=================== +Governance Document +=================== + +Governance document defines the security behavior of domains and topics. It is an XML document and +its format is specified in OMG DDS Security Version 1.1 Section 9.4.1.2.3 + +The attributes that specified in Governance document must match with the remote one for +establishing communication. + + +Protection Kinds +================ + +The domain governance document provides a means for the application to configure the kinds of +cryptographic transformation applied to the complete RTPS Message, certain RTPS SubMessages, and +the SerializedPayload RTPS submessage element that appears within the Data. + +.. image:: ./_static/pictures/rtps_message_structure.png + :width: 300 + +The configuration allows specification of five protection levels: NONE, SIGN, ENCRYPT, +SIGN_WITH_ORIGIN_AUTHENTICATION and ENCRYPT_WITH_ORIGIN_AUTHENTICATION. + +**NONE** + indicates no cryptographic transformation is applied. + +**SIGN** + indicates the cryptographic transformation shall be purely a message authentication code (MAC), + that is, no encryption is performed. + +**ENCRYPT** + indicates the cryptographic transformation shall be an encryption followed by a message + authentication code (MAC) computed on the ciphertext, also known as Encrypt-then-MAC. + +**SIGN_WITH_ORIGIN_AUTHENTICATION** + indicates the cryptographic transformation shall be purely a set of message authentication codes + (MAC), that is, no encryption is performed. This cryptographic transformation shall create a + first “common authenticationcode” similar to the case where Protection Kind is SIGN. In addition + the cryptographic transformation shall create additional authentication codes, each produced with + a different secret key. The additional MACs prove to the receiver that the sender originated the + message, preventing other receivers from impersonating the sender. + +**ENCRYPT_WITH_ORIGIN_AUTHENTICATION** + indicates the cryptographic transformation shall be an encryption followed by a message + authentication code (MAC) computed on the ciphertext, followed by additional authentication + codes, Each of the additional authentication codes shall use a different secret key. The + encryption and first (common) authentication code is similar to ones produced when the Protection + Kind is ENCRYPT. The additional authentication codes are similar to the ones produced when the + Protection Kind is SIGN_WITH_ORIGIN_AUTHENTICATION. + + +Participant attributes +====================== + +**Allow Unauthenticated Participants** + This is used for allowing communication with non-secure participants. If this option is enabled, + secure participant can communicate with non-secure participant by only non-protected topics. + +**Enable Join Access Control** + If this option is enabled, remote participant permissions are checked if its subject name is + allowed to create a topic anyhow. + +**Discovery Protection Kind** + Protection attribute for discovery communication when it is enabled for topic. Please see the + DDS Security specification document for available options. + +**Liveliness Protection Kind** + Protection attribute for liveliness communication when it is enabled for topic. Please see the + DDS Security specification document for available options. + +**RTPS Protection Kind** + Protection attribute for all messages on the wire. Please see the DDS Security specification + document for available options. If encryption is selected for RTPS, there is no need to encrypt + submessages (metadata_protection_kind) and payloads (data_protection_kind) which are defined in + topic settings. + + +Topic Attributes +================ + +**Enable Discovery protection:** + If enabled, discovery is protected according to Discovery Protection Kind attribute of + corresponding participant. + +**Enable Liveliness protection:** + If enabled, liveliness is protected according to Liveliness Protection Kind attribute of + corresponding participant. + +**Enable Read Access Control:** + If enabled, the permissions document is checked if the participant is allowed to create + a datareader for the related topic. + +**Enable Write Access Control:** + If enabled, the permissions document is checked if the participant is allowed to create + a datawriter for the related topic. + +**Metadata protection Kind:** + Protection attribute for submessages. + +**Data protection Kind:** + Protection attribute for data payload. + +There are different settings for different domain ranges. The domain rules are evaluated in the +same order as they appear in the document. A rule only applies to a particular DomainParticipant +if the domain Section matches the DDS domain_id to +which the DomainParticipant belongs. If multiple rules match, the first rule that matches is the +only one that applies. + +The topic access rules are evaluated in the same order as they appear within the + Section. If multiple rules match the first rule that matches is the only one +that applies. + +fnmatch pattern matching can be used for topic expressions including the following patterns + +.. _`fnmatch pattern matching`: + ++----------+----------------------------------+ +|Pattern |Meaning | ++==========+==================================+ +| \* | matches everything | ++----------+----------------------------------+ +| \? | matches any single character | ++----------+----------------------------------+ +| [seq] | matches any character in seq | ++----------+----------------------------------+ +| [!seq] | matches any character not in seq | ++----------+----------------------------------+ + + +==================== +Permissions Document +==================== + +The permissions document is an XML document containing the permissions of the domain participant +and binding them to the subject name of the DomainParticipant as defined in the identity +certificate. Its format is specified in OMG DDS Security Version 1.1 Section 9.4.1.3. + + +Validity period +=============== + +It is checked before creating participant; expired permissions document results with DDSI shutdown. +Validity period is also checked during handshake with remote participant; expired remote +permissions document prevents communications to be established. + + +Subject Name +============ + +The subject name must match with Identity Certificate subject. It is checked during create +participant and during handshake with remote participant. Use the following openssl command to get +subject name from identity certificate: + +``openssl x509 -noout -subject -nameopt RFC2253 -in `` + + +Rules +===== + +DomainParticipant permissions are defined by set of rules. + +The rules are applied in the same order that appear in the document. If the criteria for the rule +matches the domain_id join and/or publish or subscribe operation that is being attempted, then the +allow or deny decision is applied. If the criteria for a rule does not match the operation being +attempted, the evaluation shall proceed to the next rule. If all rules have been examined without +a match, then the decision specified by the “default” rule is applied. The default rule, if +present, must appear after all allow and deny rules. If the default rule is not present, the +implied default decision is DENY. The matching criteria for each rule specify the domain_id, +topics (published and subscribed), the partitions (published and subscribed), and the data-tags +associated with the DataWriter and DataReader. + +For the grant to match there shall be a match of the topics, partitions, and data-tags criteria. +This is interpreted as an AND of each of the criteria. For a specific criterion to match +(e.g., ) it is enough that one of the topic expressions listed matches (i.e., an OR of +the expressions with the section). + +`fnmatch pattern matching`_ can be used for topic expressions and partition expressions. + + +Interactions with DDS Security +****************************** + +DDS Security provides the responses through CycloneDDS error and info log. Users can get +messages for: + +- Configuration errors such as plugin library files, certificate files, governance and permissions + files that can not be found on filesystem. +- Permission errors such as denied permission for creating writer of a topic. +- Attribute mismatch errors such as mismatches of security attributes between participants, topics, + readers and writers. +- Integrity errors such as Permissions file-Permissions CA and Identity Cert-Identity CA integrity. + +Local subscription, publication and topic permission errors are written to error log. +Remote participation, subscription and publication permission errors are written to info log as +warning message. + + +Data Communication And Handshake Process +******************************************* + +Authentication handshake between participants starts after participant discovery. +If a reader and a writer created during that period, their match will be delayed until after the +handshake succeeds. +This means, during the handshake process, volatile data will be lost, just like there is no reader. + +After publication match, the encryption / decryption keys are exchanged between reader and writer. +Best-effort data that are sent during this exchange will be lost, however reliable data will be +resent. + + +DDS Secure Discovery +****************************** + +Just like normal operation, DDSI will discover local and remote participants, topics, readers and +writers. +However, when DDS Security is enabled, it is more complex and will take a longer time (especially +due to the handshaking that has to happen). + +With every new node in the system, the discovery takes exponentially longer. This can become a +problem if the system contains a number of slow platforms or is large. + +The Security discovery performance can be increased quite a bit by using the DDSI +Internal/SquashParticipants configuration. + + +Proprietary builtin endpoints +****************************** + +| The DDS standard contains some builtin endpoints. A few are added by the DDS Security + specification. The behaviour of all these builtin endpoints are specified (and thus are be + handled by the plugins that implement the DDS Security specification), meaning that they + don't have to be present in the Governance or Permissions documents and the users don't + have to be bothered with them. +| +| A few of these builtin endpoints slave according to the within + the Governance document. In short, related submessages are protected according to the value + of . This protects meta information that is send during the + discovery phase. + + +******************* +DataTag Permissions +******************* + +| Data Tags provide an extra (optional) level of identification. This can mean f.i. that + a certain reader is not allowed to read data from writer A but it is allowed to read from + writer B (all the same topic). +| +| This optional feature is not yet supported. + + +*************************** +External Plugin Development +*************************** + +DDS Security consists of three plugins (authentication, cryptography and access control). +CycloneDDS comes with built-in security plugins that comply with OMG DDS Security specification. +The plugins are loaded in the run-time. However, you can also implement your own custom plugin by +implementing the given API according to OMG DDS Security specification. +You can implement all of the plugins or just one of them. + +| The followings are the key points for implementing you own plugin: + + +Interface +********* + +Implement all plugin specific functions with exactly same prototype. Plugin specific function +interfaces are in dds_security_api_access_control.h, dds_security_api_authentication.h and +dds_security_api_cryptography.h header files accordingly. + + +Init and Finalize +***************** + +| A plugin should have an init and a finalize functions. plugin_init and plugin_finalize + interfaces are given in dds_security_api.h header file and function should be same as in + configuration file. +| Init function is called once, just after the plugin is loaded. Finalize function is + called once, just before the plugin is unloaded. + + +Inter Plugin Communication +************************** + +| There is a shared object (*DDS_Security_SharedSecretHandle*) within authentication and + cryptography plugins. If you want to implement only one of them and use the builtin for the + other one, you have to get or provide the shared object properly. +| *DDS_Security_SharedSecretHandle* is the integer representation of + *DDS_Security_SharedSecretHandleImpl* struct object. Cryptography plugin gets the + *DDS_Security_SharedSecretHandle* from authentication plugin and casts to + *DDS_Security_SharedSecretHandleImpl* struct. Then all needed information can be retieved + through *DDS_Security_SharedSecretHandleImpl* struct: + +:: + + typedef struct DDS_Security_SharedSecretHandleImpl { + DDS_Security_octet* shared_secret; + DDS_Security_long shared_secret_size; + DDS_Security_octet challenge1[DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE]; + DDS_Security_octet challenge2[DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE]; + + } DDS_Security_SharedSecretHandleImpl; + + +Error Codes +*********** + +| Most of the plugin functions have parameter for reporting exception. The following exception + codes should be used in the reported exception data according to the situation. + dds_security_api_err.h header file contains the code and message constants. + ++-------+----------------------------------------------------------------+ +| Code | Message | ++=======+================================================================+ +| 0 | (OK) | ++-------+----------------------------------------------------------------+ +| 100 | Can not generate random data | ++-------+----------------------------------------------------------------+ +| 110 | Identity empty | ++-------+----------------------------------------------------------------+ +| 111 | Participant Crypto Handle empty | ++-------+----------------------------------------------------------------+ +| 112 | Permission Handle empty | ++-------+----------------------------------------------------------------+ +| 113 | Invalid Crypto Handle | ++-------+----------------------------------------------------------------+ +| 114 | Invalid argument | ++-------+----------------------------------------------------------------+ +| 115 | Invalid Crypto token | ++-------+----------------------------------------------------------------+ +| 116 | Invalid parameter | ++-------+----------------------------------------------------------------+ +| 117 | File could not be found, opened or is empty, path: %s | ++-------+----------------------------------------------------------------+ +| 118 | Unknown or unexpected transformation kind | ++-------+----------------------------------------------------------------+ +| 119 | Message cannot be authenticated, incorrect signature | ++-------+----------------------------------------------------------------+ +| 120 | Can not open trusted CA directory | ++-------+----------------------------------------------------------------+ +| 121 | Identity CA is not trusted | ++-------+----------------------------------------------------------------+ +| 122 | Certificate start date is in the future | ++-------+----------------------------------------------------------------+ +| 123 | Certificate expired | ++-------+----------------------------------------------------------------+ +| 125 | Certificate authentication algorithm unknown | ++-------+----------------------------------------------------------------+ +| 126 | Failed to allocate internal structure | ++-------+----------------------------------------------------------------+ +| 127 | Failed to parse PKCS7 SMIME document | ++-------+----------------------------------------------------------------+ +| 128 | Property is missing: (%s) | ++-------+----------------------------------------------------------------+ +| 129 | Permissions document is invalid | ++-------+----------------------------------------------------------------+ +| 130 | Governance document is invalid | ++-------+----------------------------------------------------------------+ +| 131 | Operation is not permitted in this state | ++-------+----------------------------------------------------------------+ +| 132 | Remote permissions document is not available | ++-------+----------------------------------------------------------------+ +| 133 | Certificate is invalid | ++-------+----------------------------------------------------------------+ +| 134 | Certificate type is not supported | ++-------+----------------------------------------------------------------+ +| 135 | Governance property is required | ++-------+----------------------------------------------------------------+ +| 136 | Permissions CA property is required | ++-------+----------------------------------------------------------------+ +| 137 | Can not parse governance file | ++-------+----------------------------------------------------------------+ +| 138 | Can not parse permissions file | ++-------+----------------------------------------------------------------+ +| 139 | Could not find permissions for topic | ++-------+----------------------------------------------------------------+ +| 140 | Could not find domain %d in permissions | ++-------+----------------------------------------------------------------+ +| 141 | Could not find domain %d in governance | ++-------+----------------------------------------------------------------+ +| 142 | Could not find %s topic attributes for domain(%d) in governance| ++-------+----------------------------------------------------------------+ +| 143 | PluginClass in remote token is incompatible | ++-------+----------------------------------------------------------------+ +| 144 | MajorVersion in remote token is incompatible | ++-------+----------------------------------------------------------------+ +| 145 | Access denied by access control | ++-------+----------------------------------------------------------------+ +| 146 | Subject name is invalid | ++-------+----------------------------------------------------------------+ +| 147 | Permissions validity period expired for %s | ++-------+----------------------------------------------------------------+ +| 148 | Permissions validity period has not started yet for %s | ++-------+----------------------------------------------------------------+ +| 149 | Could not find valid grant in permissions | ++-------+----------------------------------------------------------------+ +| 150 | Permissions of subject (%s) outside validity date: %s - %s | ++-------+----------------------------------------------------------------+ +| 151 | Unsupported URI type: %s | ++-------+----------------------------------------------------------------+ + +.. EoF