From f15ed91326eef3839406644c486fa9270287d417 Mon Sep 17 00:00:00 2001 From: Stanimir Ivanov Date: Mon, 2 Sep 2024 18:52:45 +0300 Subject: [PATCH] Migrate more documentation --- .../administration/authentication/_index.md | 17 ++ .../authentication/basic-authentication.md | 45 ++++ .../authentication/token-authentication.md | 246 ++++++++++++++++++ .../authentication/user-access-rules.md | 138 ++++++++++ .../{ => authentication}/user-management.md | 4 +- .../docs/administration/offerings/_index.md | 17 ++ .../administration/offerings/service-tiers.md | 107 ++++++++ .../offerings/tier-composition.jpg | Bin 0 -> 101885 bytes .../administration/troubleshooting/_index.md | 17 ++ .../troubleshooting/undo-tier-deletion.md | 131 ++++++++++ content/docs/getting-started/connect-dbaas.md | 2 +- 11 files changed, 721 insertions(+), 3 deletions(-) create mode 100644 content/docs/administration/authentication/_index.md create mode 100644 content/docs/administration/authentication/basic-authentication.md create mode 100644 content/docs/administration/authentication/token-authentication.md create mode 100644 content/docs/administration/authentication/user-access-rules.md rename content/docs/administration/{ => authentication}/user-management.md (99%) create mode 100644 content/docs/administration/offerings/_index.md create mode 100644 content/docs/administration/offerings/service-tiers.md create mode 100644 content/docs/administration/offerings/tier-composition.jpg create mode 100644 content/docs/administration/troubleshooting/_index.md create mode 100644 content/docs/administration/troubleshooting/undo-tier-deletion.md diff --git a/content/docs/administration/authentication/_index.md b/content/docs/administration/authentication/_index.md new file mode 100644 index 0000000..b3f4e25 --- /dev/null +++ b/content/docs/administration/authentication/_index.md @@ -0,0 +1,17 @@ +--- +title: "Authentication" +description: "" +summary: "" +date: 2024-08-14T13:50:47+03:00 +lastmod: 2024-08-14T13:50:47+03:00 +draft: false +weight: 210 +toc: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + noindex: false # false (default) or true +--- diff --git a/content/docs/administration/authentication/basic-authentication.md b/content/docs/administration/authentication/basic-authentication.md new file mode 100644 index 0000000..c5cea91 --- /dev/null +++ b/content/docs/administration/authentication/basic-authentication.md @@ -0,0 +1,45 @@ +--- +title: "Basic Authentication" +description: "" +summary: "" +date: 2024-08-14T13:52:09+03:00 +lastmod: 2024-08-14T13:52:09+03:00 +draft: false +weight: 210 +toc: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + noindex: false # false (default) or true +--- + +The Control Plane REST API supports authentication with a username/password combination ([HTTP basic authentication](https://tools.ietf.org/html/rfc7617)). +This allows a user to use a fixed username/password combination which will never expire unless the password has changed. + +This is the simplest authentication mechanism, but has some security implications if the credentials are exposed to an attacker. To reduce security exposure, consider [Token Authentication]({{< ref "token-authentication.md" >}}) instead. + +## Examples + +The user name is supplied in the format `/` along with the password. + +{{< tabs "login" >}} +{{< tab "nuodb-cp" >}} + +```sh +nuodb-cp httpclient -u acme/dbuser -p "$PASS" ... +``` + +{{< /tab >}} +{{< tab "curl" >}} + +```sh +curl -u "acme/dbuser:$PASS" ... +``` + +{{< /tab >}} +{{< /tabs >}} + +### Bypassing Authentication on local requests + +If the REST server property `com.nuodb.controlplane.server.bypassLocalAuthentication` is set to `true`, then authentication and access control can be bypassed by issuing requests from a client on the same host as the REST server. diff --git a/content/docs/administration/authentication/token-authentication.md b/content/docs/administration/authentication/token-authentication.md new file mode 100644 index 0000000..e5b89d3 --- /dev/null +++ b/content/docs/administration/authentication/token-authentication.md @@ -0,0 +1,246 @@ +--- +title: "Token Authentication" +description: "" +summary: "" +date: 2024-08-14T13:52:09+03:00 +lastmod: 2024-08-14T13:52:09+03:00 +draft: false +weight: 215 +toc: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + noindex: false # false (default) or true +--- + +Token authentication enhances security by allowing access restrictions and an expiration to be specified when generating the token credentials. +If the token is exposed to an attacker, they would only have limited access to the resources and the token would become invalid after it expires. + +The token is secured by a secret key [configured](#securing--encrypting-the-token) on the REST server. + +A token can be created by authenticating with a valid `username/password` combination (Basic Authentication) or by authenticating with an existing token against the `/login` resource. +To minimize security risks, the request body should contain appropriate permissions and expiration times. +The server would respond with a `token` which can be used for subsequent calls to the REST services. + +For basic authentication requests, the requested permissions cannot exceed the authenticated user. +When logging in via a token, the expiration time and permissions cannot exceed the token used for authentication. + +## Token creation (authentication) + +A token is created and returned by sending a `POST /login` request and providing user credentials (i.e. username/password). + +Here is a simplified example of creating authentication token: + +```text +POST /login +Authorization: Basic YnN... +{...} + +HTTP/1.1 200 OK +{"token":"eyJ6a..."} +``` + +## Using the Token to access resources + +The value of the `token` attribute returned from the `/login` resource is passed into the `Authorization` header using the `Bearer` authorization scheme. + +For example: + +```text +GET /users/acme/orgadmin +Authorization: Bearer eyJ6a.... + +HTTP/1.1 OK +{"organization":"acme","name"......} +``` + +## Token Expiration + +The token expiration can be set with the `expiresIn` or `expiresAtTime` parameter. +If both are specified, `expiresAtTime` takes precedence. +If none are specified, it will set to the default of 2 hours. + +- `expiresIn` needs to be a number followed by either "s", "m" or "h" or a combination of them. It will create a token which will expire in the specified number of seconds, minutes or hours from now +- `expiresAtTime` specifies the time when the token should expire. It must be in ISO-8601 format, i.e. `YYYY-MM-DDTHH:MM:SSZ` + +{{< callout context="tip" title="Tip" icon="outline/brand-hipchat" >}} +The expiration timestamp should be chosen carefully. +If it is set too far into the future, an exposure of the token to an attacker could give them access to the resource for an extended period of time. +If the expiration is set too small, it would require the user to provide their credentials more often. +{{< /callout >}} + +For example, supply `expiresIn` to limit the token expiration: + +```text +POST /login +Authorization: Basic YWN..... +{"expiresIn":"3h"} + +HTTP/1.1 200 OK +{"token":"eyJ6a...."} +``` + +For example, use default token expiration settings: + +```text +POST /login +Authorization: Basic YWN..... +{"expiresAtTime":"2025-05-22T16:00:00Z"} + +HTTP/1.1 200 OK +{"token":"eyJ6a...."} +``` + +## Authorization (Access Rules) + +The user's access rules are controlled by [Access Rule Entries]({{< ref "user-access-rules.md" >}}). + +- if `limitAllow` rules are specified in the request, it will replace the existing "allow" rules for the user. If the user requests more permission than they (or the token during re-issue) has, the request will be rejected. +- if a `extraDeny` rule is specified, it will further restrict the user's permissions (it will be added to the user's deny rules, not replaced) +- The response fill return the resulting access levels for the user (a combination of the current user's (or token's) access rules with the requested ones) + +For example: + +```text +POST /login +Authorization: Basic YWN..... +{"limitAllow":["all:acme","read:corp"],"extraDeny":["delete:acme"]} + +HTTP/1.1 200 OK +{"token":"eyJ6a....", "accessRule":{"allow":["all:acme","raed:corp"], "deny":["delete:corp","delete:acme"]}} +``` + +## Re-Issuing a token + +Re-issuing a token with an existing token is permitted, but for security reasons restricted: + +- a re-issue of the token cannot exceed the existing expiration time +- specified access rules cannot exceed the existing access rules for the current token + +There are several scenarios where re-issuing a token is useful: + +- a token with a long expiration (stored in a very secure place like a security vault) can be created which can be used to re-issue a short lived token which could be shared with a temporary job. +- a token with higher permissions (access rules) can be re-issued with less access. For example a background process might need only read permissions. + +For example: + +```text +POST /login +Authorization: Bearer eyJ6..... +{"limitAllow":["all:acme","read:corp"],"extraDeny":["delete:acme"]} + +HTTP/1.1 200 OK +{"token":"abc...."} +``` + +## Token payload + +Once a user performs a login (via POST /login), the response will have a "token" attribute containing a [JWT token](https://datatracker.ietf.org/doc/html/rfc7519). For security reasons this token is encrypted. + +## Create and read a token + +If the `acme/orgadmin` user doesn't exist yet, [create]({{< ref "user-management.md" >}}#creating-users) it. + +{{< tabs "token" >}} +{{< tab "nuodb-cp" >}} + +```sh +nuodb-cp httpclient POST login --user acme/orgadmin --password secret \ + -d '{"extraDeny": ["write:*", "delete:*"]}' --jsonpath token --unquote +``` + +```json +{"token":"eyJ6aXAiOi...","accessRule": {"allow": ["all:acme"], "deny":"extraDeny":["write:*", "delete:*"]},"expiresAtTime":"2024-02-20T17:41:00Z"} +``` + +The returned token can be used by subsequent `nuodb-cp` commands by either setting the `NUODB_CP_TOKEN` environment variable or passing it to the `--token` argument. + +{{< /tab >}} +{{< tab "curl" >}} + +Set the environment variable `NUODB_CP_URL_BASE` to the REST service location, e.g. `http://server:8080` + +```sh +curl -X POST -H "Content-Type: application/json" $NUODB_CP_URL_BASE/login -u acme/orgadmin:passw0rd \ + -d '{"limitAllow":["all:acme"]}' +``` + +```json +{"token":"eyJ6aXAiOi...","accessRule": {"allow": ["all:acme"], "deny":"extraDeny":[]},"expiresAtTime":"2024-02-20T17:41:00Z"} +``` + +Authenticate the user with the token: + +```sh +curl $NUODB_CP_URL_BASE/users/acme -H "Authorization: Bearer eyJ6aXAiOi...." +``` + +```json +{"items":["orgadmin"]} +``` + +{{< /tab >}} +{{< /tabs >}} + +### Re-Issuing tokens with reduced permissions + +Especially for short running batch processes, it is often useful, to give a short lived token with minimal permissions to reduce a security exposure. +For example a parent process having a token with a long lived expiration date, can request a short lived token from the server and pass it to a child process to minimize security exposure. + +{{< tabs "login" >}} +{{< tab "nuodb-cp" >}} + +```sh +export NUODB_CP_TOKEN="$(nuodb-cp httpclient POST login \ + --token "eyJ6aXAi0i..." \ + -d '{"limitAllow": ["read:acme"]}' --jsonpath token --unquote)" +nuodb-cp database list acme +``` + +{{< /tab >}} +{{< tab "curl" >}} + +```sh +curl -X POST -H "Content-Type: application/json" $NUODB_CP_URL_BASE/login -H "Authorization: Bearer eyJ6aXAiOi..." \ + -d '{"limitAllow":["read:acme"]}' +``` + +```json +{"token":"abc..."} +``` + +{{< /tab >}} +{{< /tabs >}} + +## Appendix + +### Securing / Encrypting the token + +The token is secured by either a secret key or a cryptographically secure (and strong) password. +A Kubernetes secret will store this information and helm charts will create this key automatically if it doesn't exist. +Changing the key or password will invalidate all active tokens. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: nuodb-cp-runtime-config + namespace: nuodb +type: Opaque +data: + secretPassword: ..... +``` + +- secretKey - binary key. If not set, the `secretPassword` needs to be specified. +- secretPassword - password to convert into a key. Ignored if secretKey is specified. Please ensure it has sufficient strength. +- secretKeyAlgorithm - algorithm of the secret key. Defaults to `HmacSHA256` if it is not set. +- secretPasswordToKeyAlgorithm - algorithm to convert a password into a key. Defaults to `PBKDF2WithHmacSHA256` if it is not set. +- secretPasswordToKeyIterations - key generation iterations if `secretPassword` is set. Defaults to `65536` if set to a non-positive value. +- secretPasswordToKeyLength - key length if `secretPassword` is set. Defaults to `256` if set to a non-positive value. + +#### Create a secret password key in Kubernetes + +```sh +kubectl create secret generic nuodb-cp-runtime-config --from-literal secretPassword=changeIt +``` diff --git a/content/docs/administration/authentication/user-access-rules.md b/content/docs/administration/authentication/user-access-rules.md new file mode 100644 index 0000000..aee2d6c --- /dev/null +++ b/content/docs/administration/authentication/user-access-rules.md @@ -0,0 +1,138 @@ +--- +title: "User Access Control Rules" +description: "" +summary: "" +date: 2024-08-14T13:52:09+03:00 +lastmod: 2024-08-14T13:52:09+03:00 +draft: false +weight: 205 +toc: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + noindex: false # false (default) or true +--- + + +Access Rule Entries define what permissions a user has to one or multiple resources. +These permissions are defined during a [user create/update]({{< ref "user-management.md" >}}#creating-users) operation or optionally when creating an [authentication token]({{< ref "token-authentication.md" >}}) for a user. + +An access rule entry has the format `:[:]`. + +### Verb + +A _verb_ is one of the following and is associated with one or more HTTP methods. + +| verb | HTTP methods | +| -------- | ------------------------------- | +| `read` | `GET` | +| `write` | `PUT`, `PATCH` | +| `delete` | `DELETE` | +| `all` | `GET`, `PUT`, `PATCH`, `DELETE` | + +### Resource specifier + +A _resource specifier_ takes one of two forms: + +- If a resource specifier starts with `/`, then it is interpreted as an absolute resource path. + The first component of the path must be a resource type, such as `/projects`, `/databases/`, `/users`, and `/healthz`. +- Otherwise, it is interpreted as a _scope_, which has the format `//`, `/`, or ``. + A scope binds to a specific object in the hierarchy of DBaaS objects (_organizations_, _projects_, _databases_) and expands to the set of resource paths associated with that object. + For example, the scope `acme` expands to the resource paths `/projects/acme/*`, `/databases/acme/*`, and `/users/acme/*`, while `acme/messaging` expands to `/projects/acme/messaging/*` and `/databases/acme/messaging/*`. + +### SLA + +An optional third component of the access rule entry limits access to only projects that have matching SLA values and databases within those projects. +For example, `write:acme:dev` would grant write access to all projects within the `acme` organization with SLA `dev` and all of their databases. + +Only `allow` entries accept an SLA value. + +### Example: Full access + +To grant full access to all resources, the wildcard resource can be specified. + +```json +{ + "allow": "all:*" +} +``` + +{{< callout context="note" title="Note" icon="outline/info-circle" >}} +Either (or both) of the `allow` and `deny` fields in the access rule can be omitted or supplied with a string value, which expands to a single element array. +{{< /callout >}} + +### Example: Read and write access at different levels + +To grant read access at the organization level and write access at the project level, the following can be specified. + +```json +{ + "allow": ["read:acme", "write:acme/messaging"] +} +``` + +The rule above allows projects, databases, and users to be listed for the organization `acme` and allows the specific project `acme/messaging` to be written, as well as any database within `acme/messaging`. + +### Example: Access to specific resource paths + +Access can be granted to specific resource paths as follows: + +```json +{ + "allow": ["all:acme/messaging/demo", "all:/users/acme/dbuser"] +} +``` + +In the example above, the resource `/users/acme/dbuser` is specified to grant full access to that specific user. +This would allow a user to change its own password without having access to all resources at the organization level. + +### Example: Denying access to resource paths + +Access to specific resource paths can also be explicitly denied using the `deny` field. + +```json +{ + "allow": "all:acme", + "deny": "all:/users/*" +} +``` + +In the example above, full access is granted for all resources in the `acme` organization, except users. +Note that this is equivalent to the following access rule, assuming that the set of root resources expanded by an organization scope is `/projects`, `/databases`, and `/users`: + +```json +{ + "allow": ["all:/projects/acme/*", "all:/databases/acme/*"] +} +``` + +Although the two access rules are equivalent for the current version of the Control Plane REST API, they would behave differently if changes are made to the API. +The former would grant access to any organization-scoped resources that are added to the API, while the latter would not. +It is up to the administrator to decide which approach is best. + +### Example: Access to multiple organizations + +Even though each user belongs to a specific organization, it is possible to grant users access to multiple organizations, as shown below: + +```json +{ + "allow": ["all:acme", "read:notacme"] +} +``` + +{{< callout context="note" title="Note" icon="outline/info-circle" >}} +Adding access outside of a user's organization requires specifying the query parameter `allowCrossOrganizationAccess=true`, which is accepted by both `PUT` and `PATCH` requests on the user resource. +{{< /callout >}} + +### Example: Access constrained by SLA + +To grant access to only the projects and databases within a scope that have a particular SLA value, an SLA constraint can be specified: + +```json +{ + "allow": ["all:acme:dev", "read:acme:qa", "write:acme/messaging"] +} +``` + +In the example above, full access is granted to all projects and databases in `acme` that have SLA `dev`, read access is granted to projects and databases in `acme` that have SLA `qa`, and write access is granted to the specific project `acme/messaging`. diff --git a/content/docs/administration/user-management.md b/content/docs/administration/authentication/user-management.md similarity index 99% rename from content/docs/administration/user-management.md rename to content/docs/administration/authentication/user-management.md index e9fa38c..cdd042e 100644 --- a/content/docs/administration/user-management.md +++ b/content/docs/administration/authentication/user-management.md @@ -1,11 +1,11 @@ --- -title: "User Management and Access Control" +title: "User Management" description: "" summary: "" date: 2024-08-14T13:52:09+03:00 lastmod: 2024-08-14T13:52:09+03:00 draft: false -weight: 210 +weight: 200 toc: true seo: title: "" # custom title (optional) diff --git a/content/docs/administration/offerings/_index.md b/content/docs/administration/offerings/_index.md new file mode 100644 index 0000000..c1e15e8 --- /dev/null +++ b/content/docs/administration/offerings/_index.md @@ -0,0 +1,17 @@ +--- +title: "Offerings" +description: "" +summary: "" +date: 2024-08-14T13:50:47+03:00 +lastmod: 2024-08-14T13:50:47+03:00 +draft: false +weight: 300 +toc: true +sidebar: + collapsed: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + noindex: false # false (default) or true +--- diff --git a/content/docs/administration/offerings/service-tiers.md b/content/docs/administration/offerings/service-tiers.md new file mode 100644 index 0000000..1d506f7 --- /dev/null +++ b/content/docs/administration/offerings/service-tiers.md @@ -0,0 +1,107 @@ +--- +title: "Service Tiers" +description: "" +summary: "" +date: 2024-08-14T13:52:09+03:00 +lastmod: 2024-08-14T13:52:09+03:00 +draft: false +weight: 210 +toc: true +seo: + title: "" # custom title (optional) + description: "" # custom description (recommended) + canonical: "" # custom canonical URL (optional) + noindex: false # false (default) or true +--- + +The NuoDB DBaaS databases are deployed using the production-ready [NuoDB Helm Charts](https://github.com/nuodb/nuodb-helm-charts) which allows fine-tuning for all aspects of database configuration. +Parameterizing the product using Helm values provides a lot of flexibility but requires in-depth knowledge of the Helm chart and the target deployment environment. +This is why with NuoDB DBaaS only a subset of configurable parameters are exposed in a controlled way. +All other parameters are defaulted by using high-level pre-configured database specifications called _service tiers_. + +## Database Configuration + +The NuoDB service tier is a composition of one or more Helm features. +Each feature can be referenced by multiple service tiers and contains raw Helm values that enable the feature in the Helm charts. +Both tiers and features are stored as Kubernetes [custom resources](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) and managed through the Kubernetes API server using standard deployment tools. + +{{< callout context="note" title="Note" icon="outline/info-circle" >}} +DBaaS users themselves don’t have access to the definitions of the Helm features as they serve as an abstraction to Helm configuration. +The DBaaS administration team can define new or modify existing features and service tiers. +{{< /callout >}} + +## Example: Composition + +To illustrate the above, let’s have a closer look at some examples. +The sample _n1.small_ service tier references four Helm features defining different database configuration aspects. + +```yaml +apiVersion: cp.nuodb.com/v1beta1 +kind: ServiceTier +metadata: + name: n1.small + annotations: + description: |- + A general-purpose NuoDB service resilient to failures with 1 vCPU, 2G memory, \ + 20G storage and SSD disks. The database will be started with 2 Storage Managers \ + and 3 Transaction Engines. +spec: + features: + - name: small-resources + - name: small-disk + - name: io1-disk + - name: n1-replicas +``` + +The sample _n1-replicas_ feature configures the initial replicas for admin processes (AP), Transaction Engines (TE) and Storage Managers (SM) for NuoDB database. + +```yaml +apiVersion: cp.nuodb.com/v1beta1 +kind: HelmFeature +metadata: + name: n1-replicas +spec: + values: + admin: + replicas: 3 + database: + sm: + hotCopy: + enablePod: false + noHotCopy: + replicas: 2 + te: + replicas: 3 +``` + +The below diagram shows how several Helm features (in green) are re-used and composed into different service tiers (in blue). + +{{< picture src="tier-composition.jpg" alt="Service tier and Helm features composition" >}} + +The feature composition is controlled by the NuoDB product version or NuoDB Helm Charts version. +In the diagram above the _thp-affinity_ feature is configured as optional by declaring `chartCompatibility` and `productCompatibility` properties which use semantic version constraints. + +## Usage + +Once a service tier is created, any database instance can reference it as shown below. + +```yaml +apiVersion: cp.nuodb.com/v1beta1 +kind: Database +metadata: + name: acme-messaging-demo +spec: + version: "6.0" + type: + tierRef: + name: n1.small + sla: qa + dbName: demo + domainRef: + name: acme-messaging + passwordRef: + kind: Secret + name: acme-messaging-demo-credentials +``` + +Having such flexibility for managing a discrete number of supported and exposed database configurations, empowers the DBaaS deployment, operations, and product management teams to support different deployment environments, roll out hot-fixes and enforce the desired DBaaS pricing model. diff --git a/content/docs/administration/offerings/tier-composition.jpg b/content/docs/administration/offerings/tier-composition.jpg new file mode 100644 index 0000000000000000000000000000000000000000..9d355c0b05771d513e4c20335ebe1317632fe376 GIT binary patch literal 101885 zcmeFY2~-o^)+QW9L_kDl0VT>HAOfNwgGf{aL_|adlqoNwA|ga(mXM&#V*~^ggeaqm z5SeEpvrHnhgdqfE5D6pw1_uYHn+pBN?fB(H!uhoI71(lP^-shbC?7g48 zi}Rf`3EO+o*wh%dZ95FM4f=s`Mq!4q?c098exJAhe(m7;edgY=gKNi5?wvdTJa~9_ z?d0L**|~EU|1Ms>-!JH|-TZvJfB*CQCV%_rc5W^%Za$u!Jbw=PpE_|q!-RHitKzEQ z+9nIzF0_qHXd9;)28ZP2{!=_i*uTBDZRgs-y^{wLgC81DwigngiwhE(8wNppU6*^V_dUJ5eSH1=p9F`5hJ{B&MkOS^NJ>t5 z`6@LtD?2AQ@7?+hi0tvF zyF|~$zb$Iul{;~jCU)y_FQ2%)CPjh%TeUwm`}Y)k_Ww$=|5WV1^diA_b8Ukbk4p%K zfU#MbQ7gzugfQBMF45vk=Em^-3csxP=myJqdY|QOJ<~h8k5Ub{6P|oA6#ksOtD{Tu z)!ra?v?=>-t=1%AuXYoeZ{By}DBbr(0$gC;iGS3X1M{(a|N5hKyi8Sm@Ufoc1fi%| zdD=2nn!YbEZwlV>u2#-PQLzc!7Aj?gTrzv-VBB{BOA1r*Y;&xduRp-jrePa<1oA>_ z#c~2u$1e2s94#&_8Sf%v{AV6Jy53mn(>>buzJLTM57fvr(6ZeX{}P@ zvxQ#+!I7gufiRdCY>zU65{JF*$bl8NH6;YvHHh!vz~(=!JyGKN`sX_qTUyvK4h%5- zj-{vm^~(Pr16Saq%qi_y%wDjWC<-dEbcT^;!=-{;3lb#bto;|L?vM5#{X(%np0JB& zhYfvq^dj0x0r%-S} z-5kg&a5LC-GFgu$A=GqW#qiNl$7_*y9#1xvCY^fm)Ukrr3Gx@w@KY9Tf&8C8v7~BB zX^PSM9%w}h3XT{5Zl*Qy#=cFuGbbxBmqapw$uF-w|NMN{A25SF4lGQU9gmnF1f@AJ zil7q*)_U(>TyvXR9wCE#@9B9B@NMY5pg!PIh_O)^z zvU<>`wcYFme_6%@V~IJK#-+W2`NZD~|36sX%~6nFg?RxSBy-g&(DFYMi^tQ~W0#vz zQBv4&l)g!>;|JlB(8~PSLJZC#Oe`-1nyikD07EnZjny!nT^geRGWS99WhO zfa1VHPKR?~l3D-a8sRlY9^2sj(Le+oU=X*Vy_v_{Qhmdh>t)YQj>1LBeyOd}ztY<6 zWyjmHbtNpE661XkJ{>laKD>^BG%UzRWu6CYK0`OhC}8@KCH>}3lgn|z4W!craWyW| zuCs0-;YFB3ZIH3MQ!;nMVwE)Rs5h#^6@RF z8U;gGpcx0Y+mk7a?agOtb6|}!O&nNE@4vV<+%cg8?VBZ*Y&p%Q$wG)F3n09wq?aQm zq^pMB_OEkb5;yJ%-Dq+5RQNbVcCA6F1rYTlEe~3xntw3nDhN!Y1yAiJi-8jN5W*g4 z=?}mYbCg-slDVLLkcscDuT>fs-^5p4Ha>eWMyTP<9@M{BxqrEuCYeF{)Bg(xKl*Qb zhw%H(Gl<)Sk%`V(8oB8dN>GPc;&*u|P{xP@^Ipu3OrdFMI>G?Tr1}~z6nS9Td!I=B z8}yl=`^S!f3*)(+mF?hK!sVSOKCR-L}8Zyc|0PEV^j=jTSEeHlhQa2tXV4IQ{UPwTFI*Q=d9d| z(BsFS6dkfjY&j?Vy2`n7T0-&meZP$Ks#xhzORgeIx z(#5L^PQlZd7PjfrhznN93LIF_n-4CNHs@X^cMYeS zIj3=8p<1+HFw!E7NHc=qqS=xI<8!0%u!Zpg*vTj|2NqG75QSb{YU@^;gUsTe-pc|- zhZ_aA6bv9g(jZ3Uz=RwWL_K?I_PF}$5`k;TU5NP?fEx$4!BiD*u`$Fl4(v1eJ7csJ zQ8a;{5~T9hy5*Am`ft*3;Ud<9rN}*%FUBWENEi6bjwFQ|IECJnEPlBvGOPYQ0OYHf zB!=JxL2a}veVHZdh>Al9)Wdr-iUq`MQIyqcTiySTiIg{5vtG^6V4;jj}d5dNFr+W9iASgY% zV)x*IDO~Lbu*^h*!}Yw-oYpvETA%PVc9ZvrOsWn?a$u#Z>ndW^6UBPv#UD2x#$Oc3 z8@ZtNwf-Tu0Q`ne^#jZxX~W>_UpC}lZH3Ua3>gyA7qDS!pk-(*qfs+b-Z!|b1{?V+6m-|k&Ui&S-BTp%+`ZBpv`wH=A(BYKMkJw5 zPznEI%LDou-q1u)=JBO%R9D5tRoXJcW@t%sAL~v4rK;AHCwgt9%uJG+9>1)vsf8^g zeNVRMPwv2_J-k|p@EvR|%`SbAV_Em=-!oiOBO85Y(dxfz=cY#cSC^Vn9loOe0xu>k zWkLvi?IKzWl3oQ1%2r=gn#23-?_2ULLdyd#_Z!W%Ka<>};}Tql8b{iCGf77GUB3a- zO}pi3HZ1}k-?&AT^ZH;8wWdk0yIA-RwcLoM}i?}a&09Zy`?YHp_B5#Ai8NQ#>Pkc)6t=dW98Q8ot_)n5l-i(zv}$-U%u); z{MM!F>hj|91O|h0C`?rSXmO>L5tl-wK8#0~z(3%jg&@sI_)1hf!8TG9w+_4();s}J za)H%%_uX4t#U&gHtAwAJI=pLAn$$y84V+@1L+!zIPwcS}@7_@$Fc;~uEKnGJN49*( zqLkaECfD{>q+K)-)_BVq5{~~w!*ZIso#AGqaA&*)`7iqJt&zd%a z2ZOuV8DFauL$sFpur7|~1=t58q&9g|y`$OfjO? z!o`S_pC;4+>A(U&yoqsmx)4w9Zu(>rE z5v|);fAKjNEP#il(X$94wK0JP1tq%z1i=#~f4zh}41Ob)Z%_}=et~>7icQG9CLiXp zJO=yG`)lcKQL3di1qOy6zPHR~r^dV;=yJZvH(K!VLGdd&;m0v<*BB2VP#N$1Tp{azMF})0Qo(6eF3;#I-VO&=Wp(uRz2;Z z8F=~Jd;MdsT}CZy4=;A_Pc()JNI!a(6J${Q@5(k8y$l>Z8SKw=SiqJDHZ70LU8f(Y z51p#4MSNT+cRcb5cU7dwVdEsp@Kbe72~NJO5nTxjGUQ|G{jbf6{xhTgGb{S<=3B=5 z^A;;;RKdHr2J0gx-y(`tdgtE=>RF69Q}(=K_Uy2Aa}<5$A7{bqm%4G;%7AWoqAOJ~s=i9s4le%Ya-igWB(W@CR^7-*&l~Mu(2DFqW zxagv4*n8E%u=ly$bMu&keR(UW(smAPF8g@U!#%LufAoGKs^lxn<^o1^RI~b&37|@k zEy$$bDa*HaCB=TkI1nN}4uonSQ&#Lu;Tj1CDG&?XvoDkk%!KJNV^@Iz*A}foQps21W)S ztyGvlzPtJpL6kXsgf06N3! zwzAmJ+vChqocp$)-H}@vU=W{D=06^j#QTV62wES$1Rq-u!!}y5qanF)VM}XxDyk?j zZ!yE`jy_rCiGP}Bdd;vwW(`S+YZd{=HbAL9MF%*=Jjpr?#eeM#B;Z02@k82x-=O?B z0L$RO7^kZZXC5%mFxAsbe5iekUyrffx-i?I2u?zdjR!S;rsjp#>)k6x>wT+rQjGAz z^PAHuE(IbVJ(Bl%e18S?VzhNqs7$Qr^N}-78&;y*=xvQyK)!-?gh>t=#?y%4IFxqP zOu0npJ5+!|NEN09(*ktBPXDaMtAJ0?Ob)ENOcYML&YF1l@VnE*`+|9Y&&RPNj9San8jKecod z)KqMC(swkkQ|xONqck){x$ zlRM7?Wpp8Z&$lM=cW)J0gX-@F76*XfYPl?7S-X=b(0D7L5k3I`7yICz7xJ=9d~X1i=14`UGW z2gpw5C6)~h*9JiqS!@lp8)$2i5y$SaH=n}7NI@;?Q^ya%@afaP7Emw>m>I{lc-zq<)h;N!V$77Q z&7Qg@FB^L0^4Rd(-ZR{g0sg~bNk@d~Bc?6(ApJ~QQuU?6UcD#Pm9b+7oU$?$uYQaX zymD6SNfc}b;er%*t3D0pGYx=ctJGC1+DA+C%mrWhS6U9@=Q`a_6meiTHH~C=aaVh@ z!(|?dEqG61rGLompeu$L=#$W~lyQ&K2;1janfQ062g*L97;-O2y6$cP(^Df z0B#x=i4|03Nu#C&_W&}(XTyz)Dr&>Fl#ObS>y2MlqZZ7l0jHc-T18_pp_W%DlBZ1{ zMUSzjXdA4(sMf9U&w`O~9?TKU5JsYAK;L!J4aqkT!8vB<&nHLqtV*>{uGS6oj$SNr z9J}cLT*I~3cvc6Mf-1*07$GK;Q<2nFrktM{!y|m!yyw|^54Xce&s)FQHY4rh&9_Pd zbo<-wA}+VTO=?m~2`)_^eTXT_#JTX_(3Nw8!_ilvooawq1X89^p>g&4X_uiW0Qrox z+~h)wk-FgOt$ONeKemKq={qMVdmg6>emK|V89!9H9E7BqpkgOPX-A3Mu&y{j$t4OM zNGmZ1oZbNDTHHf5i5L z5hpW%I*5jZ(giUZCU6d=m-YHHl7$^?db_FIp{k8LV%gKLw&nr<~liRmb2a_`Do z%`<`4VXt2XYV=eiv2?f@PHJtk|3vd`ww$8s&8mkbmpdvC9I&somLLt*b`1M0j6S{{ zQSwH4B{+Ud)kt)DUz^jrcZ;HyMpqi6l-_LryMrIj!!m^&$!MGFt;!$Ismn>P>G9Ub`{?wVoq+$b4G{|SmuNF92YROg;@wW;@i%ri z+uoy%9_mz<`#8DfEWuaDvwUAY*%VsTx94&gJJx~{9vy9dFQs(-ygfHp5bOZ=LwJdG z`a64;9zq0dbg$RVQNIo=wD4YObBcM6FhU&#D{TvE4_Iuau1Ud^GNbETxi*@ z0w)+Hz~(d|dIACDd7^Ut$ddyY?!>dDy=`fCj@stb=j_R>5K!BnJ=6>SXx`RFrrPsB zq0eN@ggSnbfCD917uY$hQ@(*y%iK+rbh)cEas&00Y4oKE)3-@Wcg*~ERCs>*!+bQ? z>IaRiWd%<})#J}R+&Mmht ztNa-45AZImp-3!lHxL5{CIr|yP>k?^O$3G1gH9rLb6`c-PiR6}V8*-!`|X@RwZ!M- zrnK|{bW>k_4D@y007UWbSfvqL$s~LWu~Z_q7JI@~Mg!pWrZruq)z!ZgJ|8x}@9zGleMjaJsiQulc1%9U*w%VGAGMIkbyKl4b;alOMXbr`11F@gg=Ijsl zpBYmtODiY+mu4@#ZZ%%pbD}c6*=Azx3eRUeWLgo`5H-Blq5vpiB=w=*)Bwuw(I+eW zYfsTy1r8ascnifi28;FcRFAbnUf3b$uI>?7>v#%F7(3k-j@G5wT%*CM&8doU822jPs^ z6gvcWt;tl~^)wv6|5Y~^+ei^-ZBp8odpr zceTn3pbnzh#S!67dPZBW6Nh>W!`@OHP@Q8W?=5BC!-%MpyL-Q+%SV|QZsg}@2FU^n z^mB-4yr8PS)uY^W#MP*q56Y;@X{t`|&djProW2+-nuMA@7pLQ7^vF^0Ia-JPZrSSs z(Ki=u)GK}E`h0%=_g!yaa9~8O?B^Kq9qfy+Jf;$Y5&pSAu7%K*ak#3UzT@kY8svnz zKmPM2*cxoxXR-OgIe1YID^@rk z*#t`GsFvKb0{J~}pDvy~_)K>PmxD_Kc^|RaA_OA_JXP6FS`I(zy;JV(3A=1OQ|nxZ zw(}-2Ep$2pOT5A(M1qKSj*fVP^{d16|h1-$lUaVbGTJ8(n(YiK!ge zH+`sP#fyDT9Ey{I?39E6j{mk(Be7K?>$EQeY9`8DhcKc1PfWlz4P*bX*iuJsy50Yc z8jQ3=aT zw`YlKf(X`j zzD#r`TI!b^&*4$-O*PApHe1okYS!H;`ytOv;^Nf+g{uO@^XWbIP-nPGpxJwYd_x$1)5=(q*m)C=1U~g4a^JH8&TQ2yQW16D_ z(+S%yQ*;2=jM^EzW^lM)i7PK`U%`}JfM1fF5nn`f(3^)at~Ys>MldKJf{EHh08Ee% z!4zhl7@noIMS+N)c=w9OiEX(z9grVA_VAUET4cj`o}GAZECBiHfAoqs^sU8C=@RN> z#4amQQnmIUaent+wLgEy@P}E0sLXnAXpM_7pW$mr#LD2G8~ZOoiR*v!>6!o6EC1hE zv72su_Cs}yYoTtKG6{g)0^mO;29%w#tnM?mTcf4rEwjz39V$jFW7VnGsk0vm!A^g`mqo8>3?=~9kI@rz@& zV>iSM-mpLJ_v(1Rz%AARxiY&Oc`T8+wiV?j<-Q2H3YPhU7SU}`DEvETP;4YJ4{yQ2 zv`K;qL5CfO{n2Y6#(|A!L$v%Fnfu9Um{=30A0bLG;01dojsXR^pNq%mpK!NyC+Kv% zY7`Quu*YXSsi{kDt%%7?#L8`=Fk;aj%N9^M()TD!S+x%vKkH((Kq*F>-}mT?)h%Ue zi4RX<4g+~DGP3lFh-IkNjCz0Ca$sF0rLw-h=6P*mN88aZi>u~WGNS#_hKJUW#Ufe{2Unwo5)rEP&{t7j|YI;@^^NgwTc zx(gkfr{ghFcr`61t6D4HxQtifs+wy4LTc~g`aA?_atAYO5PTTOMeRp>X3m3hG+ZOq z`N}8y&O(xPq(AE3CEt{{l3lyT`9n=~){NJ*y8Ob=4Am+V$bNRssSnC+c;ncIj-kt_dgSS!p?*+-WBX44O11ECw@L5#Cl9jH`|_kpyl>n zTGh8Gs!ezO?ip>F#eExumJjSR&}g|th@B!_v!~rjkpoG?MF|~dqSL*E6$Fxo6mi6h z47`;LNXQ*^kiHs=|4_pm*)S5dL|(yO3H8JlAz818jY#HUTR|}GO<_V6@jC&$M5d^- z6IFRQF!OI$cyj;jnsAh6B0(~7C&GC&U9ka_?JMKJ#Qdh4<4*y06e#fU%BvsLI+k5X zi*B|=ZTeP8Ho5P%3R?Ms_2>bV^CBdu8M`1!kN+yM^$EmI8{=}ism%AzitAGqVN#{j z-M3TH%vSHsWgL!C==32irm+%Ft5`x|KnY_&tNPy8G_jeZ}%gqqOwBWE`>o+Sl?m9s{TDP z>wca0Idr~NG1HQ|;KP0ro18Eb7zq`lc-K{p0t4^ljF`V)@Qt?{wQKGhv$r^SK2r3~ ztCzGlFjK`KZZt&V2q2-BZVe7B`x186ua^i6K1RSfFjuHwO{tJTgSV1wBB3ZK1vw(+ zJ{;n$RCd4)l<xZlEDg+iEV)jzenzMLc3b+jc zo@bigylJSsL+H856IL4}`Y76;?vYRTy~xHN)lz=*%`5%L0pqQ~{h`&hNq9FMxSza} z&)i#ILK1cokEqySiSkeo(WT2FP*g=3#2oth^<2xO8S^G8EAHT#!{XOwZI3*=Y!!0x z^6WK7DAMIVLl=xg+c3?Vrqm;mf>?^^um?*q&mf1gOueyO-*kAW3xhr*pB{H+8EMnB zPs~iup5YViHf$7t?&+#E{5qi$a%T}GDwrlNN=0rzAhKlWVX*MI=Kn(w!g7p@)n`1qn&?!%awEAZNL z`6qdFu0G*HCcsPbsB%ms#84F{za@a3h>~TNf`vR}Lax6m-3W`J!hsM@8bvC6p6mMB z+}5>=aEJ|2jc$Zd=_#m(faeTQ=KXeoxKIC%Kv;INj1-Z6Uh4We?Xu?=4*A=BDYvq( zZ!y|!1G_yu?H`AH5Qs5TYQ0*#Nu60md^~=X2?{;DSo|VS=iE}y2b;hjY;BjNbO>&H z>h*zsy2NMPlpqei4MDMYb9-mX=Z6J_)7+iCwq3~v1FJs>G=Cb2iG6k2$bUAPc@`Y2 zAWO>9tcxI8afK-uVuy4y)rUGn_}wn0+=+Pcu8t|yHv2jk-u`vTXHIMS$Yb{c%~j+a z;mg*XBcFy3l*{-a<5JO!0W)6s62%GnFgp&~!@21vYn>Uf0FJ&&$qW7HjT+ftKsOCd zd*AcUU%T3Zb@*hp`p6&O+j>?#tdhV#@;`a5y1daML1uXh?MC;6HmqQ+%albd8A`z@ zNVgR~dICxSYEd;s<@;L}rsVBNq>3*HRqXM38vkubYYHr!*(zjLh+QliN>67WsP--+ zip(ETnH}e1q(OT>Yyok=iMFQ((ynV@T6Vr=h~d8K#_;OL zEK82Q9)1fBki`(L>LK9X{xbYX8sj=7J5+mLa5M*_ArtS;2xgqZs*X}+yh+9FtD)vW zE^|F++7KI&>J523E**nRDl9x7e58o zg`uk~2(v>6v%6=0Hr@)p!sKh4+uyn)!`L^5`t{!RyQ4O?{)8q6jG_0N1fM6Hh&FQr zAA^L<+9pOW@SbUkR-}cce+0Y8#d$2%0^7N(E2uRjaQVR+yl8aOgM4qba4^~8^^pf$ z2!khFHi)~Z2o6jJdYDBw5n@GAi{p@|C~4+@Z^q~60*dfEctZP1w32D`;e$ZS>j$mI zT^X5qBb_6wKT%fL>J1hTRgS8wMa-%oyI~aH4yRzgBUelo5sTS=CpfUHfokRTTwpIW zQCL^}ZbyJPiNk$dA63=1sp?x7+4&=3Xn|KsJMP99PYkOj<)L(ZQkWsv4Pv`zA;WT@p%^aZw4P^L${$hsPWf0D z2glJWo4D> zA!Kswj_vW86xG6tjcmxh?(FG`Qp&793Lg8f+REQGJ*WgU5c%t6(dYWL3fvlG1O~Ls zEcUo|V++S_+NGFD-`Vl%w%pP?*lQ;IqQN1w8W2gtUn}j!DEMh#=~Y`^n}XO`mHah}-#z zQ1U{S%j#}XZ@amlx*XJg^y%K3=UKhi6Bm!5#92xJZW1AI&p?Bo5{xPxS8rzY+52I( z77i4Vn?nt2T`HxA!7Z86$L+0*Z*pPH9nl}(jEOIO9T#V!6gCRy=iU{NVQ38?lz#16 zbuUI5(6$^}S}ff}6;jtm?tT`rZ})TgB|FLef3As`h(de18ZqH$;S)Nb-mi8JQu8!F0@Li)MB>K zn%cH3S`aW-#9prpq*H;`?TR-XihG3(ZYvJ#$2Ai1w(JgeXgi|h?laz>67Y?V;cvGe zrx0aQ;Y8p-WZ{JNo|z>zQ-xmbt~AH@DqC{H?=qvdxVCm|Hi3L(4oqp|HzYj7vrpaZ zHDQSnLCa+*YM>ytd`dEdPRlWLIj}_Nc^jxTgA6eX{b;fI^}n&_e;*0I*v zht246U<-s}-}>q@{(7yb8C%oS3!31X5i186B84BX28xor^q@gWA)NN>5njTLyHXV z$_O)${_`CQhP}gbv)2}Ma{5ZsZ5#&V`n=4KPpvH6I)8HLQ)z-Ompu0s(@BxG9C7EF z6m8YAqkfks_=#e!$tjjcoJB?!(Ij4>U)>^ z_2yf@=pa8Y`Q1S#mSfiI!)+F^6{L)+0!NlJ{rYf*Vu^T$LQP7uwyIizhuliD_EF@C zH)lVoBuo3X>J-+V_WKqclNA73WAiP31YSOicPh3&ZL2lE$}}c;ODr+twa{<_uB`-7INd zJNHnGUS7jI%krU{H2p$_OvnRmQxGe-`)0PQ`x}Q}p6#wuCKa7$MNW>tFY_rp_Hy&g zM~mISa+?fa@YOP!Z%moPVO3{~geDu@rGYz7Q3du+lP~22PaZyCS)5l{81-_?^FvO1 z;0D=xB3*Ui)tU~d*Gc!!(YF{B-Si)y9m|o>y^Johx$^L`se(?YQJx9{@>F-#L$Jlj zW_-|uFwprC(`_J>2#Vh=`(R$^%76-a@!R@Rc zH>5O5zwBa709d9mIuNj=j1qYveCVCR3I6mgbewH68CI-_91G&78pAaBwmCgJ1AG0* zF;bnnLB|@h(`vbBT$IZ-1i%2f^JD>o?Q2Ls|E>H}MTPl8v8mW=E=g5E3S$Xo0(B}k zoN285)RV40wl#$0@&{|5?7g2~3^{;49zroyd1qABlMzexnqF4=dU-+FA;~BBjaFI+$po6Jq4b^`A_#}Uzq$-dFw#ckDG@MT ztbHYf$KBkV3MTfJTwInfxnL+9x9E_*!v8w?@P~bi`p(k*BR-DE8Gu^1bET&Of~d-s%cjK$>jS+=19zu5iV|e>Hg;$8S6O`jpWFZpVq01 z@I7U7MZ}o8*eO?$eTAa?#bX(i&-%i=v$gpr*GzsaC0$JP*y}@f`-xQmUS7BU4ERs4 zdOa|CS{AI=Dt`}KqA;;Hfy>$B;RQK^)`VYBa*KQ5K3h{qGbZe|roAduNHI^cR%+mL zh_pX4^Wru=f#->R@uIqujz}@ZI#aQwPl|853M!vkIY7{uALJ6(hI+Dkw zy(Pg1wQ+THNO7S|Yz4tWg@Xl9-l-Oam_{Sk?{Q$8UN+wY?U;0C&jS1-2lg2GXuaj1 z6MRA{^vLLc8*Z(**Z_s=?NEyB3P4;t-!D+o5ENPl&X(d9)u}|lw0@MKUexjy2Xec;}%VQQG=G%ypek*SNeua1ql_khGBqH|DqS4`1Y!OLOw z0UTKDFb6hRfSqZ#|J`~Cpb;!3tTeU}1-ZBW-_5(b;&RvoHZ)V%MgA zcUt+cz3R3_|H;h|5(@Gmf&;)3KCYq_k&Na{c2ZyAyL4l`@H@ z2>i3Z>*d;>E_%GH#VPW2=+Se94`J|oL=)fS1- zZkhZdkP@Y~Xswg?^rpj*^7f>dqlMc;UEDv|E6WESQhcTWWpJa*WwyXKUu?%NY0OGW4us#QUoSM>Ky{Xp(I1YxuaH zwmH%F%Woktj6XzW>KMIwut3Z_N3r8|Es$3N0Vq)2(anyr zh^&W?qmKbfiT5Pn5~}*A3xCOo0+EmMZS8LqtxTw%x%g8xw)e&2$j1D5@9{r1e|`{Pov6YpJ@?Wl@B=e)cNcXTW0ytB^j_o?%|Az87lpfA)*k9J z)I2VlDtQHBXrE=voaK2YfccC*2}n}}M=F{s5ZwA)s-5?$6{!_(3sWl+mJ@Vx`n^U% z?hvC;VScfGd6W|2;bzd^k>FfwOmG(->ZeJ$!hsd`W9NGvnT2Rk zcAO@hL~KHc{OHq1WT9&r7s}0v3KGKm-OfT3RXX;^_ z8i|w_%Meo&iY?Y3-++%gI+Ce4^{%WM^)%w+~31SxUv=Kaweo7rM!j=#z zZktjmkWo?|V(&c|XPD|Qmu_Nz%DAMYS1rfTk?%rKb| z+9(47xX}_Buj#{7!%0;etNwMth-&ZG21>L=;d9jv-Q!j6Dc}v9U)7PWoM5W^Qj6J1 zsPG&LEjy+O>@W#NtSk2Ynj%YKn;@Ae<@(Sh$OnMusb=6AA}tBqD6%mOogZ!f zy1nqFI2J-06syZ)DME2c2Vw*|r}?>bfRKj>N&CulVNk2##WA0xaf{&49?A#>OS7Wy+Ytq4OE(KSuBYdoQmVZI2NPW^1{*xt-(S=1s<5F zRRR3`5ZdTnZajr8yRfx%rS+8EDW7B$zMPk#S4RoLAT1 z9en;Kf#=|M*X)UgeV09YZBDqYJ5Q%9;%P?^-{)FR%IsjLqBU~v8|(+}Rli_B789;m zJap8T8r&ppAe_m5+s?*lsJqdkam;YP}l{Ib^qT zyj5i%NZApVK=1>GhS=VTKm{!D|!b3Ek#xx7b5qs<{`K#lO#wEl=Ipb}66H$9_ z+w<%^!)$u4ix&XD!nx2+bo@p38%^>^)8`>u>$gn(pA!m$UjC&vwf&mi=jJ;)^=-{- z?+{+f-_g(3_@R7oGcK2?y$&aFO@Af$zrU|n(MpzZuy@nD(eE9(q;KlA9C#-Te)m;O zNar5O@Z=HXOM15j6kwA~7@@S>e3wE$)HFVNk)TPH^or(B!wQY%kGlTaaF;s;Ubr4) ztr2>48*HzDcWq-#&PUBPho1cRZJVdj7n3eY{kZC`Am!`0_WFqmNo};S+;xF?2~a%kEJ8$EESCxWU zN7*U$htNn`I+?nSdEJb*vNTMQ38}u5jp3^q#E`8x`u=orkbE5oo_0q% zRF{^Roia;zxthFi!Tnpp^Q;S9)>=oKl_ouO_77OKU46a(y5=Hdygpgi(^0pB{?hbY zPVnX9uJ78*;8Bm6!ZGzj$q9pQfw*DBhzbSy6x@Tp2AEA^Ly5(?Nda#r&_~RDR;Q0j zS-K^@w~$sb9=;toZ0tNEu5WKrX63BAiV7j~V1)gqjoHalKr}6oWsz%0>ui<^WoMtf zJ0s^e(d6DdG`Un|A>ArcdDB+`QD8+mP!Q zwK6fmb8zVbLx+DLJq!2p_2c_-N%U|=WZ%(J3o$6u6=At>6GBtX5PKH(x@q51mH(23 z7GIKnAU&Y=8iE zdF6QtZK9<}R5&r8*M&jF6=U%UF6RXsKz|*^6ABAefBKCeb z_9n3R=gnIhFY>QGjBzi3JXz6xhn*~6|6K5$lcgOPw5#E zn(njP*`dTAqh9J;bI_x=ssSSsZHSZw41E&CoH)hOCZ`@C{ywf-OrI-S+d(2Ijw~VE;SK2-EQYhrRcXYU*3pMzJ8$ zL`0-YR6rDjD1s;;QIRf0K)Mi>CL%;sdPo$dHvs_!AwN1uiFB!vE+8VkNeM`kmQcci z6z}w$v-jQGz5h7hy?2cJePf)zU_{KCYppro`Ml5jyw4;X!nWm6Auy^Of*BaMwE5>J zk>ZSTY}A@6_BfC*?}IaI0hiVz1o?sSG~gRZfUst}N=~YGqw7GqBz(~0ald56Un~bL zoPO)6R9~)VXb`!F=`tHi)1D1c&utVKsaRD|?b#$xZK25cPbl_zVWpQC_H>&zJO2^A zd-I%EOtq)A#y`C%m59`Kd1f~IH7WOj@P%}A-hxt$)tIG0tkvynGd8CW2bvlwAG~sm zX4XqQOq|S2K?F_zz?b5ehVy>f@DI|>NP3*e;3~h(xZ383*>p7QwVnSZu4hfW;zJfD zeXB>0mW&1DX(nID9`oLCb}e^NaaWrNJbxR%E1^G9UJ2VH?;NL>sP;AAtXf9%cAO;p z$MV+&Km4*Od#E=V?}+z9YJ{dIgzg8z_Ch?9vJtaEq^N_=YYWlAnHF5Tsg&~)=Nbn5D(Su_IliCB7oWj#~5;1YDG%agx#RYw78yGo;#)2 z{K#^jUP4E10J++3gvbqpPDd@5z?-U(VP-_(47_DY5B`P)?0S*8eTnzp2(DKdGNR8u ze4RCFEaDHD>Kd(}=28feimSoc<50%>1FQu3^|)X^j3zhOp?p0X?j(ve{d_CM^O#wi zl!uN~p*bC{q-wj0@`bO{c?t_!-^mDfH{T@}m>LmPvXM#JYgzd731YRaJ8C$dCktttU1LW+~?ghpygvr0s)x3~z z7o(>7fl-NgpnqQfL(duPsfQIkbUvk*4{e!EMQWxI@VHsaAC2){(E_Un>_oiWViW85 z8N~pbqW4Dag$H0yA??&eTfJc~nw0%M&<=ar>o+K^{9?ftnmjH+?-9LM;`K!$d4_Yj z8>Q#IabrEZMf7wq0m$<)i{Br+CaXD2ODk;=ur}I#w<}6!b@H5H`<+hi>YgEViPZC@&0Np&X3!)VSSsx_VAs!C@CH;n)*Vy9Coq*N;VnMXFFk7$Vg>tIXapRMpr%Z(I<;7pJEz^9&!i(a4ku0RiTjF~^ z0ex9{KJv^eg2d%&7@YdDVa?=q+O(uD@9?$dveOr{oqS&v*A#Af(4LSGOU^V_D9I2~ zA*(cj#MeDURiC0hxl9a}t1)z%%FD14NxffO8nWwgc#qOMZSi~FZqJ3dn!E=a@IxI` z9L1XvTQ@qXQ>fL{PuWFji@H?_L(`6F24jk`bN46kaEB|GzRJv5^HGNw*{YYOdDy*Z zn$X)HKgU_gBlBYX)y$S+^oNBGq2Q}!sWR}-+7rhdSF2SATI(mEQ`yTQWKL3Zb^|T| zCXjUF+s5{|6{lABnL_SLZ(*(d>kUi%$-}{ILQ;Zl9p>*uoD+q8;45`ZeN3kl1KBQAt=t&nxQbnk$3$;L? zNlZSe*|Ii)>R#-ZZWia!_M}$)z+2c_r*^o9p>CE8r?l(2AcKzL#h>|))$q$oq zCj0D2_HcWBh3#X6FL))&;pDB7_4_n4sxUM|0_f*MeB579Ym1ExBwvxDkTR_YC1*nR z@Qq~;OjWQP!u|NRhrB$mpp5IsSdl(IA+m}NMXCWcA~jvG)q0rRx$gBI$9jEBO|aLl zw5%?a>059~(n})VSTuaeGwR&)`iJ!X?FgDGbNm-e8GNallo!Pcpk}!2Q|F|>k1oL9KQ1Qp zL7X#K#->4ICwB}LXRRiie{reI6mg^(1JJv9g0PzUo`p=)r}iRln7kc8)qDQ9Jf zuG;$#AM!oMR`%o<%PyQVS{Ok;Jbj%JUUwL(orFv#$1Y4adW@Vc4Q9O8SGf^qV;1-7 zv-$1onkLWg3cnM5M@Ioxq2AyZi>p4YX{ReZU+vb4dj;-B6X)R2cQIJ3fO}}Ck!Z(Z{O9w*K^_T*rR|JeVIQ$-yHYd{<-QL zK>>L-O1mg9qq7%2;UeJvra=?)#mB%iie-Kb?&4 zrUehMq1bvvnHgB@A#Jql^lQ*2CC{iF$$3BiktGz`rCZ^>k)%D-mxM8tu(Gq4cqL?> z5~LVKPM{``S6dOIjh|p#r92}_pxsPWb_&V4I06ePz?hMO&zP$Ch8Ziodf&`t)!&)H z8p5_~KijM#Md=e^RGj*XkyvK!X$eVDL}*7An~F7ez7vO!cp{wck7%lgkRH8}Z`-=^ zb;XCvm#3i%l14QrK+&)k#E4Z>#rWAlj5uk`01+5ZzVC5l02Gvd=x`z*-!ZpHpgg)x+_T1);}o%qjomOVd+kZe{h4)8d88H050ENdOKQbdhTDunKe zXn!5KX!J~%{b-_OG*3z5PHcnCVe;H_RhcX=SpANwvPX2f6M1OC(yw?*#reK1Z}Xu8 z?K$uN^5NK4VsZik{N!5_fp+G%-nD0w@F6eD=kD=EIHPnX@MGnU7MRqke1?Ch4zB`M zsLlGf!oXIxg86piXG-;8JxpU;e1s;`jlFuSMvJs8002IboE^M$Xw{(qOlB#u?A5Ch z^%IAmUOYCL$6Mc}=n;BhU#zJEE}#Z@x9;)64mMyp$YX)gnL|zD#l25EuKVxjqvZ;- zyubX6(1!nK0)1y06^$TUz_%~^uF?da{$gS5%3HjsbQ|Q&0nGdK#^%=v9L@0UZCJZj zd#RxYHV3B&-rC=L^^cB+(Ddjoz^1iR2~grtIfE!t8a{rCC{_3UAb z;|ddXi|Bs8vet`TPOI}ttCYTTRxy_PI&HOfDtV>XPq`HT9+^6!rPz6PS=nSx#B$(u zTz;bIV44g34uGR}2k}#)dG}))y_8ZLB3Wm%uAek4h(%d*>~Ki==;~)1H*3|RYV2X zc8$i}#w=>wDE?k$Wc1Y5ozXw|UwbE`;`iCq%zBTejwchK`>wmpTtUbB8n)e-)E$1)o{)a*d zPwy&p0!NRrR%ccNDm7ihFDwru5BU~C6S`1b9(3LS-=r+uo@h``&7#ES65}D42aWfl{81e3cp9e#`KyU(gHqVD^gz|A_v| zP{Wpfjk5K!jvo>*gJP#U?_EY{0%U}Cmud6S;Cf&YsT}+KS$d529*NNPLoUNG-I37h z3o@W7Mr|vSxby_cP*^AfA@5n;aa_GN(S?Uc9XLDL+XZP<4)~hjvl1{stBv)gGwbKo^9Dq>sGEfZ^<)pz|-%WR{pG%?Y@vPxG;i_vod? zlk0U(Smao#+p;Kj(bH66v0L}`>#W%At+gAZ6glIJ@2A_c2ggwFV(C1@96}V16pot& z<5iaH9!6fRpZcO8LhxED8Dc^^Udsad_N$Hca-B!Hf_$G$$q^`9sVZd-gw zT4s6zvV}o12*$~zUo46pR{?+3hieoBOVR>l(+U&Yg_b-()R#VF1fE|J4eZCCgDL%!9_%;nz zg`x-l-vb!OAZdnPdm8X%0wDdjE6~y!fHh&ykjGXkvTYjCyhV}Y{r;beFTK_ljkypI z@q9(YjPZf^BWegYtW9=gX6#sFY721nvbf3Ay5rDr8nfG{6+G0hl!TzCzR5CL0|?TU z1sSTZULf}wtkL&iyxX2xyE7`hw}?)#VHlI+MH*eHw3dRV^Uu*9bl13$-q?byDPT{U z)x(bo)*m9rr+svF)*QUDhkKARws*}FE59`kKkm13rhxGNELIo_t9xKHfeb>^_tR`b zw_!}db>MLQi$&+vFP2X4Z(t|e1UB7xvI%nMMiA5aYY=EQfB*Lf5n?k=pzkD1z(5<^ zRNVpa2*Jc^lOzi;!aWf?$IJj|;sUUi6)+4LpK-G_^EkRs-97MUc={1W0rN2MV(K4U zmZgEBM#E5f?ZB8q5(+Y<3iD8(am6xk4zml-QzyJAI~@jl z!S|r5BFeQ)C-JE6C423eV5|6ZEu1gy?e>W19@3U1g4Rkq_=s&IV$TLK7{AJ|6>5E+)|2Z&Y(pk{wEF)bRk>OVQK@hWEdU~V>F`0|6unCy-g$0c`ww@M1 zekh`eYWi`scxOC2*{mZOzt6LQ@-eyflEgdSpQIvlABD*uWi~pSezdHzHN-8__$ks7 zeosKk2|44e#2((H@Hm}z{U^Grg>G>QS%rfoZfZq9UciT@iox~*^n?f=DUY(B!V6$7 z>p%1=UvKSE$8moz$_S(SsqAK7Hh!|__}umk)M7b=q3 zT!x0}WR6=(99ZBOvPj!DbNx%x?vP)L1NyCYI7TKNI}Gey3!mdA^^w|8>M{{RxZgx(dzfX;+ z&EGntP*TH1;XAP9>5>;<)RbeSlan3xi4dAHu2;N1cx!Y0B3aa|Ug5i`_-?$k4#Hl4 zp-n64?Gri2(=7!V6AHI_^&cb*Ozg%@zQY%_)RGgsuGNrBQxqur)6RO{?m)~CUS&{l zVpLz^5i-+4r+j2ZiX&oHcTtc_u*5Eno($0BIwPe9Mj520fRu!7iuiof#Y(H^XUj~E)XUAW7<>>a)p!-?%6~bjmh<1%`&3LDZ#h#=eqc}SyHje7JxT(f>f0t}J z#P1k-J=M=uF8)`yi{7b;z@>+|G z39|-FJMrIpRo35Ea#g|q$YY));nO!WlRhb;q0^qrgu(~Zs+CMioY>C}o!Xvd2^7~t z*pK0{Qdu{S=MVP{Tp&+Z1%EP1zx0^_9`-V3QPn~r_yY+qL9ja>BN z*%ifH%|za(EcX}~##Dz^e8-BCqn6rInXSydkRAm&nH}oh#pMhul^8klJk=|7#YOyP zuh^_}@O0wxy*o2g5$^=os@wK1F9%HF{ZYFSj;qhc&q0pUVa}tVCby%ttncWQGc@*~ zw+R^gWeuM{uW%#ZQX)y^IcrU3+mFGf3RF34`8Y0h!RBb6+R08g=QOWxP=$ejuwQA+ z$znTi{ZZ|1fw-{GOD4mw;%TKAO~wbreL|SckwH~{3fmNn8u)e!$(vPMV1=_A(V#|L zy%Wir^wdq}&H#TBT6d#>34`6s(xAe`?9Bj9YtnD8boz*TrS@} z{dT~uZe&?dMnT%+uW|Orw+LVAE&-0nsVhWz?gd?c8WEPTG*!T53LF7 zu91rJ=ho7{_qaNYuJd);Fj8@@xDiik26-mxrP_J=b>YB-yHDlPipqMH3&dmQoZjYMM~>l(lfzrz*fqAmarhe=-$gybClk#%hj|N6M+nnOhB zA-$uOqw%&CXLRtNz|#h}Z&Z)e8Bmu@f$Q`SC#LVm=xpp9 zQKBp*baAY#hbD=*2Zy9!k;MDSzMlXCnOu5=$U%pB;-<$g*SL5kx(sB{_L{EQeD0Jm zwAx?D)uWkLmU-oS3#A96078{2T^g8v@c@uB={FvYntx>A(K-6zE$Vb1#ytb0*{7ydlUNwy;_hO9;=VA(@QvJ! zlU^B-7x_<`p1p>BG^)G18mZWekpUnn7FtI_MN_a5#B^Xm4iwcwt>gIEjXkR6a@U1B zFiy2I>QXnyUh}^4-RTNR!48643g$I@iKQ+Dt9GT^Y9m&KbE#UPALX;855yleig}+k zvy{p+mh~>7`jVoTlzzR7)`|uA{f!mYo_;!5Iq^T2iOl$DOX}GQ;ULX+#ihNS$>oz;y%#dY&4BjMAB+qmw*4 z{2M&KzX!i`!)#q^75C!_uIca;VVj}#i)A;cM#v!GrwDxr=m{Fw44HjHkW>2r2@`Yy z+QSU++XIBEM|GqA_FrKX){A*e99U_evVXC(cXhPOZ1VimRSha;Z`#mSPjwNQropO^WkF)*8&aSGTiCdkMR8ix|+HeqxQ96kTPai@r)bEr;O z?Jt&B|8uARXS~z8(9=@UcLOhYdT<1%ONPv|tfKN!WNl(#;%Z}5V1=?r^?l0iviF_d zB2k-0dg970ehs^#hh~$=>r8e-5^A?|^n)GKSkmZe+lQG`olm^aX!Y-%o>7|&-NBPu z8wou0bL0`PCs!hZ$Lgl0kVMs>Jf)duD!XjrQ3-nNN|&l@OA*@St;R&UR9J3Ai%Iy; zcGX->dhUfJPp1oG2^#i(t67Z0hBiezpUjkKfX-}7q5~4P*dFBd3soEoGD(b3U{uq| zJOnm;`ER(5F;*5Idq4}q!~l=r0{*F271Y4(gBplCHf2hbs^(jIL&*~dI@sT^5uik0wa;Qm#TLBUB)6iW(#As z5bYCiR>6}*RssEZ{l(3m&Hb3_JgeZwyaRtt`pfU%>nGFOe*W}~`HZzpLE_5W^%~>G z4Jb(}g~MpZ(*W+P#3AfKH`$FmKzsjZXp);J^dX@q z6^+Q9!=*r3?GC4asJ09QtO2rsmf<+6N52mk@nXUc{1{*n5P)!m(;4Z%Se_$)vBcpM zo|^rXqF)*%WivP|Va&tI2~hXHj6nfcIBd3tT!{jrJ{V>H#RMi6{Ly~}xGI@VzJI-7 zkO~IC_*6X*!9bk-#UhLte3-W_^&j`Z1HBXl<41sTO&SBep5x3I|4zuixoTr_oiOfO zCU__$^;}#8Y_Z&g9!mpbZ)2lhI{@Yv9+(vUXRureWn2fr@?Wk>`Z~dlm^bSrX@B3G{{No=PYv}{^SI8HRDZaoA#?_Lh3yF{ z2ldalW6jps1xaSV!0am2$iF`V3(C)mC{FNqPHMZ07)PpNvcK~h8b_?nu(cVuY*gv^ z(Yt_0(IgWmoohr^miDrhUWJOEQI=CjjE@%yJ%x;_tQ0AB+YN#6+U_e7@uN zV?swGofq31AwPg1uR&B__TyuF#;E>;T#$|Kh45hNmDsKDhi5iM|$Uw@P3-K+D zYW+Mte)9C)(-?)RG(v4mdEH&qSzNu%s$>H7Y&F@k$h^j6iovE;%P+JxT33h+D`;{ElVmUBIov45xpwe1GqA{wJrNioRNp3@4}gr2qbbi+2Nd zXWUQUb?dlX`{@@e$5fIskL^1&c87`dQ~0BP4XQ;AE+WgbPf zE^0FI<2ofdiHUJ^@nQQzu=}$Wthxtq7B6FJ8kx8hmovZ92t_rgh|~^jEDpI$T{t&7 z^1|BL01cIko#mlQ?voVI>$%4elz%BU=E-7i%JMYdu^j%{$7 zfCyQ<87BZLJ9;>Nuk*6UOab@`*w###Xy5Mij-J3kGj74ZbivP7wx?;drtR;knu+ibiXw z>S>a`+|bx(yO?&JLfL4+cga~}&yL|ux+)7*{t13<560X>XCzEBwbpBqd!e_t9wht7 zT^4zQoUJ@sN5$G0qH=KL*$EchH^N^y5Ox5PJK#cQV{q)Sf#?_q{~OTL`X9LVkNEe0 zfa(7R5WEw<$4kZr3YyA8?Dul*%&Mw+b7J{+@F0|2%de@U=1+VC;thj$gXg)j={v)h z_t*AwMp_(RV*AB%RB;Bi50H5_hapGrHT8^z@_elk%~ulfz5#41Ts_Y|;U-W9n;R<$ zK%*{~ye~S_QsT%!_nAlPf~3P-EHZ-~WQ6gHSkDLV@Pdgw*Ldf zni=*OZm0vG-7G)l>>NedwhZwgV#&T7M0~Ym<3S%te4Z%bi?a8DfBw(T{eSkf{_lP! z^DjG7*`_20plQ~p08u-BLx8p)koxPHmN$aBom%!u1fxAWT`i+9mTE^E2Zhq2PQ*rU z)}WHL)IV=hy5Lq5Hv5nABLYFIPxe21{jnu^;i=YSHh}XVz&V)%Rgp#cQo(d7QuP?0 zL2=;Jaa+mS-hI&->b$Q$9&?d7@%+0m;kWT0>;uRXq9?l;IvZ8%Krurk69L|vCvqW3 zN5RI{%H(gQ%eXi*55bH42sA#LdMC1kk&Rwar8|O`h8G&OdH(0ufb(q(tLyL{1a)aw zIiuooA~wu87i^&7U>E(n<<;M;ul`ql?wRBHgGTvRZ86J6)X*GLpO1uM#QFgQu1_{g zAAE;xMXcS&gFI#_X&$$O_OBIt#u3V7cIXu)8TS=VSCp5BWPVI>qsnRiZ~@?kT}SOL$t+G8oB9a_w_scSCmqcbA_W zq`JK>n21wCe}Y=60ImCfr(dt6_zk?EDL__w#oe-w_ooInt4&j8x17YkXm3eh56Us+ z8mgBxxaEzftJ(f;3HfU^2tmdpnbLJeX?4opf%1=uD%-HuH+6_ZQ|mjScUi32#28lG+fBX38I0^`m)Q2=lJ5YYQ=-B7jv`p-O@ zqhZ8(Wdd{GFP1Mm6-?MUnhWlmXCod$W&s<6N{)p{Lk(FAN6)C)If>79$lw)U+iQ6RsmAipzI5gcxH`ruuRhX zY*wu~`o$%(+CtMUqGJFw^oT*U2K-?>8-9CKX&paaPpZ)48 zTQsUG01IYb{oxv?{0E4V+Ae>0&g}R>Br(yM)uSs$*i zm4YXmM0Th{weyMPTMxCoJTa|PmCh2qI(aL-$bzMTWMt|6w9u`tiEIDjk7uTHdtwRD z1t-zu1ZG?O3$WMBpW4&=d+UI<{+;9uREce;x}FgqPK->GU`uRdpdIUpUaa6k98`nYrx_w?Ib+|4siQ5TARcMioLVhA;y*w#pA<_n{LI7 zYOI?PXT45>EM3wQu+8D+6FZK*?|oi?MfOkjd7f~8wXij&?6+ZX)yFx&A#h>bGmhX~5_&&Rg^m7M7=ARLgj z(*&9*Snm4DE>GNhuwU@LttjfHY-Zxqksk!Q5YF1L+ZaOc{PYO`)Yjdmzab6pivRa% zQ=XU*Yrq}ouyhy?3sNe%gJh8$e77lor_W@BkP54c%G4+queO&Jg9m;vt+N-yabLm zKd2^GnsYbP&^0P$>dSb!M&rkK?vmaO$|&dZ7<6~_C{Q&WL`;@Xl&KM?gbHg||MGHf z+`03FYIU;6x$>H0l)Tv;q1yhNzNWB$6Q1jIri&sbk{NSr)&|Pc9A%<2k-45D`tTT2 zy&qBky{+Z6pQjL@l3?S2nrWWcI0~lz9^9-Sm=b?P^z=XX3)E>ttwA^ZI)y=ER=asJ z*h~PWHL;Bcy+VI(VSr`)W5+OSzh$`j-H}emc>y0TYp{d$tCcf@3Bz^q$vU9DR||8uwhuv`Cc|893QXu`O9 z`!b>^v}FLHXg45Vy;5t-8QFYQWJcaqQTd_<&NpLkSRIaehu(q<-L?;!SHvk#zIx1! zB{SQw3InR%z-Iw%MPcpj@+oKMZf**aJ#8X*&o|~=?DrpowXdfZ?}?x4^DHYvc#;!B z*B^rEAKWlK_jTd%$F@}`l-Bq_cdfgpuUHi5LHmGhz>om4ME_!W?faW5|A=HJ=g+7A zi+R}1ZrR6xSlacuak|0}-zw#()m_(ookUPwaGAbFbp#WL??)AjE@ zHJ?I^%>f2gymbn;eGq8X7WhIK(wd={92}0ZD975=Pop3y^l~zJh1R&^8IIj&Gu$?nY$U669WintMq=>s zZX~H-CN{RprO+1}hO~ ze;jpMQd{MjINL=+H!=(l611iBCkc~Xd{-&Xx;6c_5W#7RvtweP*At`O0%p_xb-6Mb z2QIn7YtpF?6{`LDZ&`O(e|#Y5Q#zU}qc|H)tx=5rA(Vx(ELY)OniJBHnA<<5Vm+eM zRyR;=Z9$o%D`zt~c2TSK;E>}{b-!ut4;9qf$mY{qHLdH^rUPn5GwQelz;ng-w*;M0 zggp%fHQ5{?Yklg}o!x3knC(DC&aRB~yA+_|a!SpHpCveY*YTG6HAnuRfFm5Hag5RRD4?N! zrS6W3vw*S%&iuv=e)~JpBu`qUhme*`ufBz(hi*-vTHi1<@#jI*b7@ zE1T5m%M?fsYFtKMOENIMkTz+x`tiHDeL~ly-vGz{iw_55=}#d6cQTP0HwcU*@az-% z`CVCFaitN;PU7Y%%U_=JiL2a-xw05aLrDa~)!OS~W>|V>!Fk4eO(nni zM8u8mT@nE%;h~3P+$@OXPxx{kx||fW56k)!PmVj8sJQRL`s7+bs!JViM72x2d4Zj;@wJ~~r$FVV_^b~rzPWX0qAX+lfygxsy z#L4E#ZV9~)c@lSRG|s5s8ELp9*1PC3xLLS0v=qcambIJVa@H||E4E70L*)MGjq zz8R{o+4&Qr!n4FnL*2&Q#|^K+pO4__l0^&YH~ka~kMV|G(+y#Mvs+Uw{`8k0BzIxX zlmAF9je|KLCP<+Y$gL`;+WI`QHugpjx?p5^?~(FI)z2>Fw+S6$ zpX+XLXC|s!88AK)Z992du!kUaPf9t>h&&raRyQYuJ-sR6o9hKVZ?Az}R-dKqhr;ZJ z5b`giBbxU4pl;RU5H^c-69v?hx5evo6*p%nrTDUJbX1(?_guOfEiXf@laNbMdWi!8 z4yaFY3gD|{h=sR|DoV{#stYJyS2|lSeA+xIW!ul`ygku&zx*A5~^RO`H5Ufb59v_S= z`T7C`_7UFA0#49ZT%&(?irbqmlXEr1b*kdv$CnLXOto~*@?pR2o091yI^sr*C%ak@ z!*?*kzfHcKc@ARKD4KB;1Nf0KuTpGaj zFai6)yJUe+5k@mLin(g|{IKdUU*w5}eKx$*5WX+&dk^J)eAbQ&d4eK=ra_uD=1FNk z0V_o3>4)2X+hl*JXzZzQM3eI)almS7R=YztSxDea#^iI<6O1spKmfL_Dys1#owoqv zYGp;-@5S^p)~5(G<2k-BZdKL3@fKG3oH*FFR!BM7B;k7f_QQuUC!jqv9JAd@f3{ZAyqj=#@UnnoYfX{ zu=f@-vb%Tn>+OWO*)zjZkpwxN(+W}T6a|tNpYo#wdHsxm+>8y}*|bpU8`plPP<374 zi8wPq;r1aOAlQG3odKLML1gHAi^UNHw^zBJ+6jJYc)mH8-&f=$3n5%)BaFGfpMoG| zzhH{|^iY$7f>ND~w_~t#hW)9}w_ou#ez<&z;CwvU(raL$JUL}NhhbJfZ;U^pqi^kd z8naHq!CGfsqF!O_>dgMJRDD?KaPU#^E?CH z30A7&V2hF@{9+L$6zzOf0&N+H&4&VO>2oOPG1!1X4y_?FHOCaCtum#H5DwrlSo~7; zbk}e;X(Cb)%zplj6qx5HIRm}Q`+!$Mpe$L5g5;2r144fxu@#V_P zHN{HZCT$9Sj>2`lu>MELrF0RhFC!joeS~4X26-JXbuL`|ex7*!pOkZ-a1=dmA{a)MAH^-;4ZtZ( zsJ(syKce)O2pZe}*tPY){QJM7o9i+NVEB`T__c>SY>YU>0o=lafgy0JU*C_`Uo4fk zHXQrn{y7Vu{e9HTKXlc!p&)r?ReD-Bd1A9~lj9Qw-i!;VoP*^>Ve{+HrBMI4)MrDX$gLMK`dM;W`!hwIK`RdEc zvB+QD|6HjuJmTkC`inQiz7cH9{q+E&G?F({%gPzirJQN4^2ql#<2Jg>V_{wA&q?LZ zCC*S4oHCasRyK>xx|e;+7W>vNmpzEVwoA8-ERVV@+cA{IKtSf^A%o-S5?&C=S*4(P z<~6QSoenCuX)}|n^wR|hXvS-cuDplIo&;POUBGAiVt=uOr8AF$xw^L#^g3N2douR` z{MOw45a#XIL2t!4uC)T0nlBGs0r81vN6rSYRt<@O$cQxjm#f81Pmt$-EAAOW6<`Fy zNTysA^pp))12Dr!K?^vy)GrnRjSqe^Tkv(xX+%5%fK2g7D2b*HoRPY*g1811N(WQ+ z?;N~W5>o;{BKE)!zpMiG?Z1=oVKgg@Hzbk+Hus8N=6Nq8Z?+}`+h^OLCettVd`(r( z)prmYCJs^`_NK6U3jhKI=tLzv0}#J!1#Om5OPAA$!E_5yEI=F71{v&YQSmk9Jn?yU z^6zau`ZOf2UK%l(T*m|1I_7&hQuWBd`z=M8T#(esUGqF#K}DZJpd z!~n1wY1RY^M^V9Idnkjz7Z=ySJMAKFL4ya+ffjMoO#ar`sy!8+@vW{N<>v>THV9yZ zLAtnlCEWbC-$C(N502u#2D+B;R0{?kXAed&ez>QO1tZ&ABkP<8rCGR(xSaQj^gc8c z@HoF|Un6g{zvlUOT;AL78*z?Z(bWr8)`M>;YT~NMow)Eh-S0)i#JQ+wvIaPIg9``y zb8W+PF#w$VqcIjA7^%IJ0!ynTKi}pAXOflvz2!|om;7+f3zMGJdNU_x9#y|P^qA#h zKF@AkJ)-XXPhzPbVX2>jy9q?J&U_l^M|KpOJTB)adrKsA&$OSHT+07aFCJ0nplQ@@ zQnWc3MRY|C(WZH#m{MRSi@DZZPRCq_Tv8Vv^kguL7q?<9S zFft_gNY_+U(?q}ohngt;`Zv05zExNDgcq1S@?+cQ8hLMjicvrwSex^*@9=i&6=evK zm8iXp$cdYf45hIJS7wk&62S)%!IUNm0kbZtz|}1ODO`#7N$YRoIiPK6-=4YlmxuB* zZrx0M8Ryw4%Qr&pVT|v1^v$$AHsEb`EW;KB+q5elP3;oYiZ(GMmL`=>FEM7*`bLH) zjAvlM_z#|;AaZfj;ZY>k!ip&zFXnpn;G{Kt$xt(lk^Hm>9Z`XQo$BcEIMr>CzZSIJ zv7;#^x1lXGS&JInL!j?R*PQpubE=q+-)eKGqR+^SH=hfCWv~C~!VFg>?5yI_1P{U$ zHC%Fq0{;{?O)1~f!LenB_oAxG$(vs&mWqt;k1Y$DTm;XnpO86pT(aNaE=&IM0oW*> zdJyua&^}=$dYKXn_Y-+ux_4Z5K(o(VM%29!tvF;=V>mjr^y>PWy!Ka0IIc_UNr~&X z#yfV~?-GW4evZm)Z_%Qx*c)qjEc4y?&mGj!4Rxay89FsYsU8`zBkAhpwEQND4elq8JZ}rwC>S~ zdYku!u;2LoG@JXx4!!Cj);Z@}i{panrjMX$#zv&w6kx~7C!-f`O z+W&Z}$^R~raj#bTVJ+s3gefgXSQL-}X8KqL2LwK zVc={jayGego>)AwG&%*=dfwDbMFWxj!I2RkMvU{am3bZ8(vHh(nYU80qLYW-U$*Ew zwCnQ#BN=Cl2uGE6MQyBdL3Lnuux`=jL}0`0s*yA5)VTn%Xi}Va#U%szpD1ts1=6F}4_f4q zxOF}97(SES#qnc1OMugi|3c-vclkXo(yxN#3QwQXsO-#Z?=c;s4-6n2x+3Cz5<;fF zsR=FatR#_SZB~&3?#lw|l^=@(^&Dly72XHjWKqI29n9bh-2@d^9Qg)M817IV7i2qa zQ#s9zXpC2b52O`!pCN3FRyxL<7JUExL*$7=7e*}DFS<)#-A+LG(WQW;F$=CiAk7)a zgO!4g^h`909jCBUB!s(~*%bmpGOOPPbPXSm)ZUbMSFH`usr1{!sqkuaH2orjpeFJ_ zOqh|PMTh%|>-MHX2~$F4V~5a3&NyW`-J9K5pxka1&kfx_wRVJ8`u+R-yH_SnyX)^B z>wQgd-ys0YB!?i@M_GqT9Z`JCx26(9F}X_0hP5k&>C3_ofR3)BV5*M2mJwg4+BM~3 zc8!c|Kppl<9KA7sR`}8X6wWn{Wc?D~Q~LO@jF?x8?mPa^pZP;bJpKqF=CSdg%IIfU zUa$1qmE98#1?cp70VTNI@ZECz2=?$9^Seducy-iYTcFrN3;-P_s|^DPK)c_M5J9GF zQH$#;DSIs)L;f<0y_#TL?UDG1fG?_gGgOUTes27Z*QT3<9I>T7>T^d6FCaLWQeM1@ zdhpPWf(J&{bOUAn@^sgM53!hpBOS-;!tZF3FWB0Oc)!G?rd{MxooGcv&hu`hk9^S5%f7;o)S zgs3r-2O~xyw!%VplPl!C?E`$@> zU+sJ!9d#jr;{3@}*bdJxr)ZV)boFRQ>g}QBz*9f!_P(?>Ww$dveTX%rrlDZguOQt_yI8F2)%` z)6~7#sJ@ky@fY6ilzl1#z3%3R?(T)z1$SJ0b$Bc;%1Mw-<=IqSB%^?CMGk60l}tn_ zc8%a$@Ov;Q!r=flekg&|+BUuT>PQF@L6Y0V zD*|+@ZyQz!miwG}Ua>8n2QPi72$=N0#pbP_!ARBmqPbgJ(_``{#s)lrdm|Vz$Usfb z8CMQ#)C-eYKC*t3{Qcm>XPC_q%F6u$PA=UaudjyFdrqy|0PPIxWoVe}*f`D$1>*NH z&p?jA7pDa;un?8kMJjORTrIv|Wt#jTgeyw`eR^a`g=^YJKy>*cC2G`aitQQQgeJu7 zR69Z@MwCYA8Gpkd@>>g?283T5BePX%DkBZ$xv@*@WP2 z0k1ZmTfdPPP+S(7Dy*BaAa#-G1h25T#%t=4AbT=ve9PrBZyrU3$!?vA5$%_&xkM4C zPC~}%52)oSz6-zwQ$mSVcLf!l;Q2+_trJsCg71bVS_eIqanDsn-Y*&t4_}`7A#9K= z+fncOlI?BN1KpO)*8&&!JZhUInj)M*%Cs}rOg!jZ1*^x8R8tL+?2E!eALOBm=I9IW z1GOzLX?r#1v`l~aF&!QX4KmraC;&3VTY5Pv>{9@7iRw$QRam+5rt2^%Eu{EuIL?rGm=-(4)u(`;1 zqbghIRWdCQkkqPd76vEOcuR$0PauLa9?68-AL;JOa1R(ZaaV0(X50qX#B%eESwO-tx`(`=hN!h*CI4~|(LY6C$ zi}lToxX^Vg>_%L{T&?(tVF}K%tYdsL{#JW3vG2g_ubu=79|%se1ArggN;V0#AHsbS zLk!5(NiHxY2JZFB)m*jPd7)jweW2gWBF#zgG^cP``!x4{&aV~_jq1V3s^QLYs$+*{ zCUI<*Ue45XHTf9$k;U9Q=%;bUb+col_Tf?I<#RdYIf{%lpX@{^@jLxwD0W{~TqtUS z1Z3m(D|=OcHLQYUl{$pfw7zUae7E=Y?NFbzLJl`lgZkiwPpf&J)hVRRe%-Jbw`wGT z`Z(u{gRigs6mM^vc}3$<(SB%~*oAt56PWn)Vk#6PO*u|(`>Lv`pc3^#^qes>x}<~j z9Oj$TjE!XW63c@EYj%;trm2-Q1oPWCI2t!`uxU(TK4!jZGqbs~GuBD@*7?qdsc))Y zi00T`@pz3n*wF+NVV<@0iY2)do6-Lld+#09)Vi;YVnIZNC`geOq$(|n6p<1eARu6) zm#8!m0TB?8kVx-D`VxdFh=7zRMLLl#AR=8l2?){?Y9Ph?y7oDDoaI{g?7h!9-x%My zWB-vcoHz+{zU|kZ-}40G%b`IuD5)J1K>m&)Ej8C=`FZ3rKNv=D+C}FH#&C(-JW%^0 zsl07h%UOTbAX{yux7wOkwxM;w(13W1DIpEIx+R(bK}gHzVmg*ztZOF zC`x3sK1mjF#0wUpDPB(cL_lH=8@;rW2u@48w^VWB+w+Wl0twCLU^O2j-!LR?gkfqd zNmET#Iw7#v!4Ph1%A?uE3#xp(L_6M!2eF9AAjeoN=r`$E=zA+eQzmq*I)aE{p{#uv ztUC;nG@1Z%>PF_UuRdKW|8A%`Q})W!D;akj&b5hbUtBV4ls8&(B9~9D#K3KFg5wBA zcLsOFO3hIhr_4?Q#T7v5WcSP$~f$y*ycS_jcrh zLI3^wRV4vkQ%{f9jMgNv=L#p=T8uJG0Rq5SMjrvWhu^2p{N|XZ1Zk^Yh_j=~)lMQ_ z%XEZm&&LPI7S-tpp1SKe_+dlEh4xclX`mhCt)jx{{CnZZ(mU%0WBISPE$63Drr)`@ z9BG`rn-cUyyc1;ays!jimIT)#YtXcM)Y7jBJ>$0fu;<`ORdqkC1;r3=1hQ+ut6tSt zg73`17%|*)b{^^K&h9R18g)A3KC1hTqU>H3)h6Q4WB@zy7pV+Tmi<%WVcnP;c$(%- zKbX|0Lv)=DE0tAPCG;#nNo4=*{$IZ<4ALAQoZytIdhnE!iFlGBo*&hLWv{U%;)bLe zyoX;GP6`QcU9Zg;zW^FBhAymLo`9P;h*MK{GXI2My0-D$XboQ**8gDQW8Jjx;GYv? zZ-#NS!zB#Xhyrt^kcmYvf~U^>0M26%19Id|BS~q!|A@ac7j0$b_J$Sg=acSt!gJI( zg3ugG&(jqC&S0kG6AipK(UcOR770T;h7#}Vobpk#soY+aEXlC$Nps>?6+OjswR-4l z`-n1q0s%$WI}a89OuOt`P@c6PNGIbOQj~9CY7b^on5HHU>P#VS^$)scAHV5Woipp~ zOnFA=$uaSqDlV}xott|(nfk{Z>pc4}!W^S@`*&b%!V^O_QLBF`0C)U9h{645|K4_E z9GC;pudWy9p&J0(m|W>fSvFRzwY}J&-dXOoDvBqtbj+qGO?qMWkF9~!P2zg z`FGH9^iK$jM)X-~_uPLUk5#8i0Yl1cOHX!%Pi7<7Y3B*Jkqe)Yr^+e51zN#J`cm^ii?)KnYEk|+5h(+}C{57TfS(F} z)~$Z@wQm;ZB5lkkpbg;#?)|Yx9)2)|Ab@SD7x>m& zgm%Jl`WTn(Un+A!6O!NMP#$ViCtPgz202nM9G`K^OdWw3Dmk}69J(CC9vnG+WeXBq zNHTO%yF0vy)!wwZzX}OO7sHz&(Gy2n12wtl&c>DzHpzFtw8kzes-^Tyjh%^+mxwzY ztk?dLYBtRxT!tmWh8(9*Sn{40;k_huV~k(3{$x68MQ^~%h~uuQib;2yn@r2+PvMVF zd^K~eZ}z8Bg^-S#{*le#zA`ET@_i>Ia(xMMIq(OQQDwYySDE$5h=1XQ zW4oE1+Sn5+n&$UCS|-$(QpITAJ#`|^O#}G3xZUhBQ?FC(-K3Vhm^T>lb<)Ekq@4-nLY0G;;GA+%i-0quQ`aoK~*8l*cgH9J1 zIjZ$B9r!6A9e`~b{+yT1!=I6seOHB-m&fkZjhR+{9?Zf0YEP!`U|4B9l-8*+)2m-< z*hpzj!~L7_&0hK%Qs*lwlRE>XFXi!b9c4B{es~DUM!luzY{t{mH(=p-0YwNC(wKCq z3V16rl&j^{SFvtEpTeBNSOxgLIe44jR5SNt%U(KL zwuPX@ODxZ}#(0>MS;KTRkwV-?vz%s%Y7H)(0p0yk73r z+v4{4(BZ3jM-M{yT0ENl&|&aNEK~?r$Kj0Sqj|gZvivvK}5AjT-r_ zu*au6Qy|MEkyFRIVBh8Xm9A!3Kn6EhN;R!yBO6K_G_pp(Whybl=*VdEu9#ORnJoiv zUy8{Joeq@HYLpc{AO8@QOKBsAUFv2q(=L9|JkA(GLud%^LfWnF4cvaG9YnN9MQY=v zvz@_lO*e~|%!m=`aeG9MJC0xEGQZkzEj}&rebrp|-7OkMN{nEIJ#2LJ2A5^p(Ajs9 zh9~@CDHO%wDwJM8w(h#SN9#1#Zs$sAIUGuu#q(hdw*}N%0S|w^hG2 z+^142no$`vIQ^w2yE9r)Q_kWpUJ%Lb`+6RI$TN-P!VpOpU0CdP;(x3$&HGf<^1I39 z_X5Z_L4pn1#~K8of%vkC#RO8C89BixWeOET^y~-eC|!7QSx5c?cV+3?y7Og@Trn*z zWTW9?>Te1^t%%1pv!Uu6!~`kG7h z7y8c%!L|b?C!Sz=)E&t=`gCkz4R5ZQPyWq5La{Z>_-!hyOX@j+PtOjx#VSQ_7c`^H z>QR9>nlq4^I78btSe7nEgf@1X2pDjgo^|M zjChFTCrgDfG*AQZqiFky2spRr3a<~ss=u^Lh+;w29~A3zkt-}%c@ejS>}=Ah=IhC=5Tk&H^vB%c-cWKShxTL4e9Hd&kwcgZEBw$eB(c`jY>#YEF z84{*xC!;cZnbF%_O5aU%t~MwvtND73tu<6c=)>Zp40l2g1x+EE-9oTX zMRZuzYdpDGCk&}iWY?!^j>!^&3}W{SU+2qGD!r^6qW1NO7>9GWz-9?OvBqNx7pZxe zVm<|WWS~5qnz624Q5YeWFc;bdk=TA6VG@Kq+_h&op>} z4LfTXD~#8oq=wG$^m*;GZsyxu_W{;SN=erq)~GthzXP4ni@J_MO9sZAb$6m|K6U%)ax zmQh>~zv?^qiBe`)=|_3?NTG64{S+T+IKx9{JM`ZhdR%F+iae((=38NXx$;sDo zn2=`{a&%H59?ir`lNq{)iKtP{^l5E;92Sh!&&eK7fAh7&5$!BB2IRN0UT#V^p_I69 zFP&)D=+)t|4@p*&FAO#O{23c(_94aW*88uBQK`|@Q!zcLyyv!q)B|^)qumP3Ligy$PYDP zHc!moz5mXBkpbl_wELTRu6b`1BF*EpJ}lutOWJSok20CwDEJsNaXi^&okKgV(u&)W z*um0C_$i$~Tf$8BX^62RYrKVoLym$An*BeM3;H-x2)M9}Q zvIK(03tv5BAyWnF_zskfA553*gR{s3U@$^5ftIa< z8wRnizX7Kb&@GrhUgZhKuX29&Khv7Wy;Dftg=7N-;l`_Si_?MKg<0jj@%D}F zk>(i=(4}gw?TlbkTmr%QLP?&Iz4JX(Edjzddq$o3+BPyv+Otp4RKfkBOHSsaN4jdY zIJ>HmiQL~$H^IN)$?;73Q-kso4F!PmgJ95;??JZ5DTDuKoDKR-VHVT_Ke=`TM*wR7 zwU0BS0}_H>uXSFOp37q_K+I8La`3IHj5xZ{-apagT>Z5_xoCr=(~Y{kS=YXf0G!B2 znEtDuKeuAd>-{-Z;S$DB_cy$PrY0F_`|JMNdHnb2F@T*2bV0WbF$NKvW-egY21ri; z9f2kkoRTvI4FTMIZlNgEK6N>jmUM@0nmN&*e~D20mc&RoU~QwdCyzdwA`pM5vr_Nb z;iROG+#s=qSbc;p1KdLbXu61=rcwfo##23+_%OYLw*ktjt~VNND|_qhy0|-5&xpR% zQR=pK)r4k*HT6*vUM+9yLVVa*0pSz)vtP3&A;F6v6WhCKPx7i!zPf#9XX`@X@+R6O zdB)z!-gf?z|Gs_9kFcaJC;$eAQb3f>nr6gMu@2#`mo5`uo@T7oDduUJYgv8)?gAl0 zlL_6;4$>c7%2=8!hT@2M0$sm|6avNIPGB|!iW(xV)|O4h)r8rJ{vMm>NjXbe1oV*1 zHGtFbCPSmtRs0I)20@Hs^zZB*;{PwiN(W%L_E7|KkP`1IdKm{P*I6L|!_{IJ*7&}? z8QN5J@9eacwu!x1g}5;Lqm2J{16%3y{;c-#;T@n{csf|<+o$B6$4)zO=tek=1sD-2 z0+c4Xgr>Tr$1nFI!ClN16vR)b4sk%8 z>kUPQFcb4iJ>yu0OjHa^H+1yvNjovcdkUJ@ANb3xOV{8x8|cq!G^pk@wmt^ug6V~x zxgpnegG;Yh-i@~ibUclnzo>9>p;)_xgWbdSwn-h2CvoHMb{(u;X4Xn6qMp#RnSiP8 zSyJo)GL~y_*6+BRpCQYRtIUQ+iPB1fQbBK0e=y|$^y}ZV1}T3#*meGBA_qyl7DhHEG%k`` z1Z@|oy!E;hziG4!b9p!+u${#(H}G=6C7ggRZ--2DOFPOf`&XCYj~>L$yTlhOd~I-T zm$0^qELPLutBnJ}Wv0=R>8T~AdONRsm(wFH(5>*u$ENjZfPrnbu~`zn|K8*FdxOI| zUtegt5Z{P)%p|VqbnvskY@pT3#Q&!*!K?3g>}wFC&8FhSd+pM%`AaK}lL#vILr$6f z-%I;CqNbotxtfRDNTL(XoH_*6vWcaL_3#%lmj*MB9g3S~n>n-p#a`K~ho4r?RHpu2 z6E1X6e;l@aCohgHXX!!6SCf%xaBaJvoC^B~_k`pBlpBYrM7-@$N0)?#2}T+xo%|4c zez?hyG6So718o7r3QbE|?Vwq;eHdZFx0%4j^ znqn^vo>wIQ(W&Suv|_pWJ!20OHOPix6q>KC@Vp=A48{9sH2M}@yT}#Q((Bo8Xw27U zVW9KueQ&>CmH9r4XXXBqxzZv>n{pM#SL5rL0 zNaOa{+#;7Rk~}8@;mjLaZ^=BkTW(&~w{0O3FJd=-53pi++TmETwBHie_HFj%)O$ti69CxIdV0BS0t z0N;HL@dQpPuagC(maAl52FEPO^L_^#td{J^hztwIlf2;oBc!tvW6D7P{EGc}q5=W^ z9r(GE0O}G4N9W=`Kq;0JJm~MaK2cyFf{>ByiEbFDfY4LxViRbb!~X0dplgFD6h6q< z1M(2?e|^Qj#^S%YF1!Y5!gR2-oNxgQ$*?8>q^T`D6ML?At}30DV&W}U)pjuY=CqwF z-)(GCz)WV&9^w&!5W9&iM9jprvrfyEy>GHjS&z5oUpK%dB{9~vG$Yr5AL0ihnlQ9e zSKwKx7AWL`2&21P25pOXFRi+8-7I2x&+ePg?e(4?9DHHgY@B^o$=>i@r*i6=&LZD^ zEkPS$?(fwNPKwmmMc7g9RiKp9%P_#61EFvZp^GkOu@heh_G4h>S^VNG!9~N+p@vdM zsBp1e5f5E?)V&fSMS9ctlm6;8V1?Y0&Is%4|0jBnND~yvL0UR?3FNNqLnnSPUFO7q zl<;aAG;m^5rv^kIS@D>^e@ns-Cf^hae6tBjLyy@q;Pe{m0btz~*BgGu_x~$M9swXh z0jWP}w9lv2iL4WPAD4P6IG)I4t@Fb5g`Y$5|0YBDFNfxza_vsiR7ry$ggGmzZei+T zx1BUkO2v-4?fG(Q8j|h$Z+^r7JkiAOCjO_H|1W<2Ophep3q1{5SzDEdHZ=%>I{ zuO|?MP6Y4ZYr0fRRUAQmg%)FD(2lxZUcIwq;dtIFed2oy3)dASnhOe_81`ozkFrgF zF_pT#FquQ+Zmq|%s6(@9V&M3}-W~30fJ9mtKQ|e!Nu7yO+_9;eub{f5e@oTh8$P-3 z7T?~7-`SWu{mZW2v#@zqXs-Kuf!~w&QBSnKo5z8Vu^I>7iVUpJ*WZ}VEyDQ=rJ`f$ zp5HzCvQ=&j-$+U?d{gC28X3$Zg>2Ed*%+*JSW_4OJu;(TlSg?twAM{2apGg9+a2G8L}qKth6OW4xe zCv#{04(3M0b zKbY8RoN}CZ%lau-+LSbeL?Y#;4WMN+zw7TX1dr$l3J{jp-f59 zWYLG4!&b`#&@kO{RE4D#R!uPaleuNkw>;c4^yJ&e{-Fs}yHTf9>qO;&0R~@hR(W}O zxVXD$%Q@p~4NuN6J&;+TSQBhK>5)`euP4fssOWK=6uC2Ev=vwGpItq&GrH{x%ta4o z_DkkJPHebm8Txe(;2WW;F`9q&&t?8#I$HC9NF>hd-d9)6Zr+SqNa1jQfAT`heyQ2G zIF3`*XSh}BVHEkL*%tK3o=e>|UcynNDZ-VL<7JDf!PvW1RqifQakE|J`wyn=zub4o zN1j+^M3DeJ+iN7FpHPT0_->jz#pSgR#^ChlJFyJtxaGU2yGiY@blIk2KDK|IQW~Uj zg3WTAc9#AeexIFdDyI?4(^^1L-tT7Hhm;^zD^?_rcDRUYckA)qZx^@Uwl+>YxZ;7p z%*59hba8#gswm>Kfrrb;C46+~A<*_@Nwl@GZ4J4NJy!Hn0M#0ExI&jUwNQUejWVn7mRM0f$WqDPz z&FyY+Qe5WsMeE2|){i$zyg|DTi{_!Z6esj+upY;1$jWz8**V69Ai2jBWL`1tdLq+e ze4^1z3atVr$+l_yH@3}CaH))+2IU@S zAQ`F*3QXq`k&b}F=PM0t$YKp5oGzHSLXosG%0qSI%W|TYc)fs2B4h{9Bm;hy$4%^M zY`9qi3W!Zkyram0rSI2--cdaP-+G1)`oVNxeg6-ps#Y4B>buDe=+2zxe)fe5yAaVs z-XDZz=(#m8s>S@-mbV#VBy8x4r@`5Ff$)&%-n{MWn9w@{a#-?ZLc?O1<`B`i`98>&W8;F&8TE!;q=g z0JH->co^5b5^l=L#;$x)?0wKa=gQxRXT>ot zBLNXQlBL@)7C}BZXtVo^x)OnYQk5!~U{*Hz@^tGnnYRbW=W{jkA%8(Qh7c!zZCUxu zSlgD*5poZ)h<(_4vwBG~rAdU6c+I zOU1(zu}HrhB#izVsgXS_U-&S2Kv=5B_(kkdGXnD`*H61k4yiXw^F|jbG_LdG(;r+` z-G}!<+u`}0h1Ka;no1!haBjBNa&IV+criKgP4p>^HomsyhtA{e?q2T>C*D&V9>!Kv z^qYO(qr;kRyRXf9R$AF@mEy8iobQfTRo7y40PpWt_-)Mx;EXQ^iaZ(&5%j3k4<^F_ z&uic;aQh<(+6%~KdMtVxn064Is(b;3#0lod8osT6mP-2m&+rES<-LF5b#nLom3j)( zdi%e@zW~{#9(cNgb%5mA+X$d3`0>{H zt5OU$V6CNa{(zNX8KjL~DET|?1IU0ekdOkB&aKV3ZHW{*67x;$o5k@={7rc3?<_Mv znPz^*sc-Q1ZWJk&0F)-9YsYbknJl$g)LXObcD@hA$FOB!tC7>DbgL-*_D#EVh0mYQ z@0HHXQq$bUy#RgZNaGsZH19#Xc5yOV;bqP~LCrR@B-$XSQ*x@whzrL~>*BR8!QPL> zg*~0`Z#5`3gkEK<_y|{}NNo;ka?n#~5>yp*Ln+mWCOX0ALi47V&`U~|G;gx=ex+f> z7e6m zdGD!qsGm?V%98hDxQw4qi&0VwGTGfgaZn<)q~B)C|Ew3a0MFgv(Xh3l zZgZZWHgN^&wK^nGI3DA&=GFiY1xNS8 zT&28wC%L|}e!$@vz#7-{7c!1grs`45rS#k-R~+)%)NksieO=!8NY7rW2pBu>mw#qi z0y=Cmm$c99H%T-0QRNA&CM)U-em{!SN5HVR3^x>XnXD37Iw3r=5J$gdRbl|) z&P>l|rxyC4b?<>PHs7&xhoMkHqeCJC&QR z(>_R+Puhry*Q1Y(r`W63nQ|I)Y#U%EPYo}rfg2-`{;4k zN*|N*Y2@AeWw-b`RV0XZL%PW&EpR^kJ9G(}AWJrUSpb%Uf6iwrY`Dk{+rFk;M6cdl z9r_~OW30AtcXxMaa=3(D8 zE&rqBm;WI~XBmVR>(Gwq6F^iTKs`I^tSL_MCqfS0dz|!%>|~N`;>MiThJPec!nZmRMO^4`$;t!ztuW6k~~K4gQK%Kr*a&x!f29& zS+d%ZnD(g19W};&G6Bx!GdrnVMu78ETpLY$R-(JdL83C#Xz$z%CTZ${ao9WVdBj2Z zWFoo*^TBAiS{t+m?QQcTRLW-6L{b|XE^0&*{d`5oSUqOWeW+V>_53jWCf%7#>nY+< z&5$rWyQYs=u-(ZDJ2{kY1O1?vq<{Vbucapfo!t$kY4mOaul(g6B9g5@BFBujL(nJ zjW}+fr_LF$ezzi}m2gcFbN!+`oXyGPRj)hYS8kK}Im55GzqCJS;49UF-ZsG0yHUl) zL9U~_4Rram;*SDFCuKM@ei7q?0a*r#2iKmzF@Bz19gP=@EEO}1786Rq%wXOEz|*wa z@8(093}4ckgd9Ni+3?ci%Y>k2=);tfM(?WebU*eQ?SE$ix+e1Q@-UAwOC>jA6ND4- z@Y^8uDprr(NtpAp1qkorl_%<^Kq?%uS=Q$jb6Z`90B0Znp6ZpTa+vL?-12XVF`|6Y zA@zHl%#UzP_M=DG7?*tCDJLoOw!J9~U1bp?9ExZv*mzSFP zNw33?762?A=YED#zkmETwicmN=tDF)%4woo(6xKQQefcH@!(PbRh;770Nq79O@pyYM{hwIWryS-0a#U`qI+# zgB3=@omuZaa17N%6;yc$FLPSnXtRf3QCq^SIA_Lu~I9hq>zU zp{l;Vg7K71SHIWs)z11@#d!qD5Idr;ONqv^uGH z1fC@8dR=s}?oQw?5z~=Xu%6Mja(h}d_xG#A$vE8*_0y!rCJWh4!ph!zCOl6OM)Ju6 zZ7#02Y>yahnn%WTzLj1U$?(O0eY|p${t9k~+jX~2kt~Jr^w(*a;J-7#626XujL%Os zJ!BPs+N@4;Rh~ZjsC00z=w5BLpxb~)ibeW)TmmY_*VlJt+W*xVm0+0}Hnz|vy#lOa zikyXkxi+?HIQP{B6<*r0_hE#a zD0g+J<)Z`5p*`=G4tkV-gGQoBHzo@`8^UnsPYS`Sp z6F9z`ba^ddSCc@NEbI09a2Dy)O}8H;CMPLXTSI{q#^`z6mhl{2f2qjSW21=DDt8oP`y6>sLw7`GI69m z>V%(d>A|q8jZ)Eh+$m&l1}l#IxOMXhuqsEXYCfhmWIGbYqRXr{<$CCF$0E_ckz+|E zF-!Www|eoDOiPk=8I*jgEu+PoAJK{nw_sUvMi(HE2#SxaCw!lkj}4tyzaq>idFYsv zp29v~adCJ4q8ahG$L5KQ323oV1Q>$}{(FzGLY}$nMw~RwFYCEeWYa)boTs&(rLXHJ z(%6OWR)ykMU$sAmZ+|vZHNH{ZcuO`jdk|%h!pnKCZ)m)EuJqyg(?)5sQR-)#;j}c< zLPx(;d({< zk()kWL#aVd7!>jAyi8l&Y1$#s$f)Tv#1N#}kcduaM<2Z#HOPs%Fis%q?mAIZFBW`9 z)1~0zt-KaKt{tcwI80#lrY*1?EoMx18S!u5zo>45+>faAtK&s*w+d$ol~naf5xS5w%UlmHGraHy~YWZ0#_78^{YMRk7vFcLAOZNcL5)Ym|{}*Kc ziXB3bfykq_2H;nGR!F_H>Bm4M5^)KA33>)y4|2QTKu6~x_%aAfa-7c||8s zo`QnVbSMkH*=L*c?x9(0fSWAZ<8ZY>rH}toaQZ937CRgF=Yjh$G#*}}cVrzflJ)Q! zC*CJzzOr5`M>=j3VkC(?!}G&2)5^t*Vo%2}B^=Tbd2)WQLv7Zk4~2y^vUv;8AFKpG zSv}7zD#AFN=3JclMIfg+>@qGejmgGZ=(rYqZmsofP<*K~Y+$q8=2BKPG45e#>}WYu zKis~wQoEQkij?uC`k{JOk=o?YR}-WwZjt(OGv#|rh6NVnHVYI-jyJ$Nqm#4}VteEa zz&c-}UP1SqWPp^}q*n^yUqBen|Ds`pGrpPA0d>D$RX3jF)=ySO)cMKBEq(t<{`jZg zw!*Xm`iiK{NHQSD6S#XehsG5|v`KOCCkW|{Pu-}lEjeYOy;&@CWl~x1g+#3C2c^v< zJLGwi!!t7UgT-uP=RKm&{f#BjS;Ok&{zSbvBd$xILIQR@xubpl=sf$G{#UQCqCiGB zL0wt$s`Cg?N}NVXq8i~OQ^<(lTDel`?d>HHvaZO;=X z6VA+l29C0?U|I}m&O}%^y0pOu-;6l8f!>c8r&t>LuCqV1^saobCJ=g3S9EgY=&^TO zNrpF3*^Ey7yDmWY0q7^GER&{C9( zdnj(EJ@EVcH#$bN0S9!$z(aEbOj3hlTt!!|{q&=QITg4f0#b{=a$X6+bz68 z(1ACYGyht9zgUjet7Pi-BTa3P)>tpuUi{fm^N)UZayB2(OBqUFOBL5;6T5=3C9c`T zmU#0f#<8^7Ud5MqO}n{0MF;1(%#r%#_xC;DaG{4qz8VN;MS!$Of>Z|KD7C1b7 zF*V^N)^}^L$_e@wzKACvhG7QuJauN$41~j{sNU7YS5ek-c%pz*V>D|S@NId!!|hzO zC{lN6hyFt^SSG2Hm+;uD6-{6M$b_Ez5l+;JjuT#?c` zsY7Y5^6S1$TGel`N=M(z${>5T4^>Fw&Y9hxJhZ_ZB*;}s^2P7a-7aGACpaKmfufO18r5M6Jdq=o$W}8{?beM|9q$eYOP+TsL8Y-$EV%QiO>Jlsu)3 zL~TKxCgbbrjvoeBDda3PWT8iU@bDX_#}7;;6-*DRazFmXXEz&ko?o)G`N5=c@51Ab zG{a$EUj$iw>m0ote%Bu{Re)f{;V09foc9%V)h`b_Q;5XXFJEe z1Z~pv+B$iksYxu2J7IDnwoaJFHdrS*e~l(R_!7bH<7yT^*FAf#C+GxQnR~(p4!qzb|a z?_Z=QzV9GRa2aromfp*~G})xLc&CYD`=ZV57pM_zsV0s*01FKsyY!o$=!Ri?EwsT)*&r8kE zk;Y*al5Y;B>pcoltD6TAUz6d3oa<|O_Cq5K!EbUX1qu#e#Ey6nurYYY3E_otQHl<4 z08QsM(QgG}Wv%<-bqVvw7}2UBYQVz^HTACF@(w;T*-KUVwahXF3xSu1(Kz!r-RL#y zx2JF+fay%!WCzwf#vymH$;84XTCDLse_8%X6(f1Ftm*0e_t%a|FMe9y7J=x|bMTXI zz_S@n@F7o?bkj~#EqtzT&cKCyOvr>#;)Mn_^dYA$uC}eS;@2+E4zat1Hx9U}KYdj0 zNMUI6Aq|eanpN`KLWIrun`EVt?C%EHY$CAkVP)WW1*E1cKP%$_ z3TQHSSpPdX=tuJO|G$KWfF&E%i7(NKK;NzY!Nh50zL31590sU|*sYy2BnELJzM`e& zA#BVCp4Y@`bMI=~75;hDREw&Jsz(Upoh-Knu8_u7!qz=rjLtu@5g#n|%U!4Thv%NU zcrrS_a`ZA&#$n98b?DcOVc2052w_WCf;`z?a#W2AcbBQNbadW!@=z>4W?IyL?xHZZ z)@pEc7`ntwYF{Isr<7!&fNg?!f-a9?Y=c(MI%Lkx)M_EB0 z))FTEjgw#XxQ`t**k;I~cxXm_70$uM>aA>{xTrL%j#OP;nept)mgX|r2T~t8soG@D z*{)vbm>g`T>wk!+UF)qoLW!ShJh{A9qs0;OVDs>jOJUWdRPxDD!E%ZZ@YlZP>u=!Bf!=hv5tLqGNh9%4{cuZP`auWN4#~ z4e;SE!bWQoeCQ#9kI~D2de~_KqI5#tZWtS#d1`oGyWtGcxo4Fiujza3N(K7ahj}gM zgFKw<9(r5l#KG;1WVXPH8*I`>ToIdf-8Xt@c^)@&cx7IvnWU9vJTG<`Ge*Kysj0DReCaLr+r#kk2%_-0hM zXXn0=MvErIp+(*%l9rn*u}!NA5hQXrPVy1!18+yc!2%>NJs0j61r5s(s-xHg*XOZ+ zN^n`Huljk%H#EZpZGE)D{2eKt2d(0d6FpoNv=QH~&)Z6DF-Q6wR0j_AH#{MMj@}ct z>w_%T*SL!Ocm_3ZH3^=(qWE=$#o zG7kH+hwFkT{Y>X|7CWgIk?aGg{ohltq}rNegmhj5#z?YEEmsSENX14_KP@6d#@93N zOXK64oO$Bi&yzUbaW-R`&?G%;G!Wgu-)Bp=Y?|P`MH+i$Bh<&GQ-{wOZdOtqnlf9m zaq4cy{T4Fv@X+Mzez!E16St2UdTu+Cy_U*1=w@sAq#`a@%eU^vDfqZzVrI{`9u?E{sd}-!4tL_SP(tHCXDNwe~xsy=8){uz2xhZxXgbkPNflK#g2OA8CAK1pX*>#x!c{xnO0MlZJ8nl(#@>(f}xyI}%Kr zcjeqmt*5x*=m{6`JZJj{H`N(7SWhc$k@WY(6Kqeb1=uSBqI+rnq%dMvL&9DB5fm>a zs?mXNUZ9Q7G;-X0QZZ_~7UvyM=@C68Hh?#%lLW1X@5&pxq9!<8>V#0=hgW!Cc5_4M?_(n{KrUaQeJED1M zAmXK!b*roUbG1v+T!D}?MZ=Jgy^MVcuU~z8G??PWaM(ugwdXFL2U5kUUQQFqWQ=TO z-u=<|Zav-c1%vy8(zMk+yd!LwSDVZMsB;mM@aQEaYsXH;$6k3P%v-2=D|wIZbW3+= z%3YE7Umon2;_gR^(4!eLG;=Z}8YPr|cI7-dB}Dy{WH}_bY)snEuU7B)kow0g)2k-d z@iL-uYqQY@<9762sMjc*h~X%6;WPA?DDDX-{+s|Wb^(IfmpTbvXCch4XI|`DSKA!j zeSkopXo}ck@Ck2&9*-(?6PlfN1x!DN2KDDMB{hSjHAH<^LFbf#Wg`QYVi_xN(MkMN zqldrjWrw@d{>@mqXHm+0YtFmEuG`Qz%J2}1W|-X>Hjx|~_B-j9=3B7xpL_1fo0{t8 zQ_aQ}_Tq$=w&7aVWWgP+!Em?b8jZUHo18Z711DA6VmYTX6GlTm(4>=mW~UXbitlX! zrm+C#{|hrXR&LEk!_Y~`dWZx{4r%(Ol+~5jtM+|XuBd_ZtU$8tihbA7J-aJ#6d%kY zI5u^lgf1%W2NTV}QM&Ke(g|_8k;>uc-}v;3(vezcbUhP^*wL{r$IKdAhOihFfXupE zDIN^a1^`McIy7~iO^`gz!jNX^3^YSBXMqnri+FtM2b0-D$PQaJu#(3ZjwRhcWy~Ol z=@IDfQ$O`3(V#>gk@XkfH*oR?)91Q%=mN)ipa|%RC)vS2Z9bN1ffI=EcQCpjpw?Mg z1AQ8R7@-M$2eAVZ%pB;6S>PSt-D!bt4~_@XZ-0b;mrr3F4BO7=(gK{>zdRx4Pp=I% zYy81gc z0BSes{@>vPf%<0 z{Q3r(@4^^fTQC0qFu6s02w_V%sAp)7{f0q+tHUU)EdAVx+d0GY$K{WnYqO7dyU6lz z*PdGMjaQCG^P9(nV+FWFT5fD6O6CZYop80F7IoA0zuVIVa<~77gwJJK@h*_B)DQUg zkVYj^d3fT;y&bz4&47HZ0EyCIrjNQTrz)5fcHU&Xk@43>7vpRbm6mE8Vx}?@Pp|Xy6Gf{AGcRQaIK1dMghB@qyA@$ z)aeyA0iPn_AJlzi|EoPosCI1n=^@Z(=@hZDZS zLI0RT7)W2722~qW<29X~p$v2v@cN$MRw0y7LFf-AO$37lwgwkQ|8h5!v~m$AZyAt76bp~cFdng{Tk!FBhX_-Ps-4O z7{|g`KyU#PwgDZqu2$?XcZ1&g|2PM@ulK-6TAl`i-FOl=1Dw8x8iRf?&31rC`Swpv z88`>SZ`c1|TKfj(7i4u#lV|@h!`FV9LYYneNcg~~H3kYsV@5yyKRMyt-AENM+EzaC zQ;1+n`wyn8eJ?p6o2ZoRj-x3`@%Z zGH+AgFLzZ(+wRY8HWvXXb3RjDs)GND5c=y3cE_pLIqer5^MEn1ny`g8qW`ARMA@2x z(_Xhumeb=_4ufXlY24fVKPML}AK;JR8(|+;-4T1y&CpKh?Hls)BBcS#MfNvi6=7oU zJ{a#2$2MTCFiU$B--E?nzesFoC9(2VT(^|n5E-+`3>5EG z7zYk{!6+w;mQr3ePd!t&Ekd9h3Q3L;<~T(x>-Vdl2D%GO9?n2D5hY=9?Ly7QA548& zslr{G_vz`13pa~<8M}O>_uKNt@*!m$-ei5*CCuy#p&ed516FvTJx##u%W=&^(ND7k zpV^5s#1jy@gND)tW4>A%T*cP$st*!hv7q-Pw@c1vDiJS3ZHz3-49!z2Vkh3PxgFN)IXzJ1?v05z@&pU;h%Jo`=jB`rY3 z1dc8!BOD8~CelCxZ_4ve1RY*|rYh>xboHl;58;32>Og>5uXoktrGZjR17`1h-2sYk zmJ>uO+%b|krQdVAT=wA6{hj>Ln8fE$J^BG0jQ$qy;08erpm%S;gRA<#lvX{mtmV3P zqI%K$UFhnxSk=={(PtOq-US6&ef?^T3rRmyYoX~DwHmoS$bRR6k7wAjv$RYo4|DUURN{_u6N#=RWH^cmI(GK^$W^#y7@z z-(P#jZ`st8%2dBw=hJGBMv~MlWst zgMGs1;W&!LO zGc+a7>FL?b{l%G17jPE1FD2s^rrmv=Y`I@*N?sTQ&L01a!GVkf_Z5YY$N}IevwKOz zaDEYJHFdb8_#>nPEn<_`+d^6Xz?*Z4*el0(9WpMaOAe*|i0zCJq1 z(>Pfu2J(q27uBjyG_CUOns|E&_uaQ@Y$v~b-F^}TQ3R;aq5ryl%RfrQ|GnS)Pg2+= z!AlgF!H(-w-FKFrhJa~wXokKu$&B%ND;&5KJdH*T$g6*lW13gNBjJSPS-&foAQ9SRB35`F68Qpg z%AG28pgAqZUY~r%cL>SroT*w?UR>!avrHRYPxUj^le~TOQeOKPHP7by%YTw{5@CD@ z0iqI~Dg$dm^N*V@<=iQyYGPWvl+STEB=8-)?=$|a2YW^O(D@IFg1bI{phCZo7{**f z_Aa%lR7$1>VERsKbLyEdT>rI_UlQSad@r;s=|(DFutoGmizFZ0vvh5*_ug@Zc+fvV zK&wXQpu-qc*o=iMCvzvNIgARBqFW#c8zfA!Q$Z2&Kfm;U$0-OS^oBMtkrI2y5myNU zKt&#?{A9*gC@}6+fRyL&X4$<9>{KZfEfY^XKyOBEtk|nUNQR(USI4%p?}B>mJML>F z(?;Cr0z;bvq$|D*0R5~s$tZK=&7VbS&sYHjB_2mhk!y|HkhN!$^iyZb27 zo++9#J+g@EK#h)2I31x-nlROwWMuSBS)G*J^un3aAOeV_j3t6t{Bpw(<-rF~+j}U7)Qtdd^9~ruf*jVJnfd+t(Hl0Nr$#n!!WS#JI z8G6R$iLNVQT&%2w#YJ{t<$}8(Z#6Ie^h1x#{%m?G>Ve!?M{`X_^d=U^L#zx!iZ3cc zS_-u+9T+^m?OM4TtHou~%M6q71HO~3PP6%3E;DYgnQvl!$~Vvt zL*2_qyU&YUP2}x}r)idlJ(SWd)bkdWXs2ifbX9b`t4b3uOwns4k{BZiZ_fNotj^>{ zS0hbSYu%k??p5y`C*7og3lik(yH1b`Wyt#GH$6or=Fsj8D{y4CU}&0ErB!`0)_xB| z*+81WMq_*Q52+K``1uF#kMabetXD_P2&+L19!Km6D64b&RV;a=wa}+&rWI$1^=4@} zH7r{wgR#-bW<$&Je!h>(R$fs0!i3bLf}(_FKfMrTj|%G`pqkNGOwbuvK+OM@1OCFu5J;(g|<@Z!|8kah8q)(uK5Qg_jPN5!J5u@c3LS8f64(}$-bgZ*p-oN(WVw(>fvd7Nlnx7 ze=FPX$6@&Tj%baeNJOfkJJdWs$-Lpwi-U^|zc9@^C|6i0zh!Zjuhz_=SQ%%d+96qJ zU#3a-gSzVYtaM|a)>}%GZzIJIvK6x)IvZC+5J`AM0+8fyV3y~5Cks;(b5zXy9Y-)gyRkqxL z<_#x#evOa11|5n>w=q^ve_4Pu^DAI`cYOfa3*`AIAOkU``YOYSx-7axG?%&a)akPH zlQ-KhIP!lAYF~1&3XmVn8=sov=JtsnR**jdkCR43kp>v7H+Su5XGpHtz`8@^1TB9l zt+AhlHg#a4f>@;HoZpAmkz=*-BC%h`#6;3tpQD=4r2BH?_Km5cQ_tVg%%Z+j56WV! z5*Au0^7U`Fp1$`R2Sn9f^7)`H>j@uw*0C*QLDA&u?dGH;Sc|w)ghigF{Uf zGu&D9M6oA>a&`3!zF+$jTqO`Ap;WYL6$u~V&3<%pY+}62DnOyEVyief^{l$2q3XU6 z54D5)rk~$;G8-T7xxHqgu2-AnA2H`BmhQ+_7uzA--I1UvlHeyYXfUf}PD^)_b?tZn z9-Sh8Evuw9KqT_PIAB9B)&GsDC;^~Oeel;@6cmjE-hry@2t|l}G-Y(*nQ6y~G2%(` z7QV@?z1ETdR(j2H*OPg*V;~xBf9AuIwW+p@(9cP|9nAC6yTr~*Xi|0w78kKos)_&` zXNzL6DS(OH?j-QdQ9(Qnygh*Qu@t^x_m?>C2V zwT5~!txx-rgEaA2=b3%YN@x3xibeD`O;8t6BvFRdzwHhG7}#=1)d0?{fNj{K4`4|% zK;GM`KTQS2AWQA=ETgxSo`hs^NPtZaD#Qum%~c?~oo?w?v}@u!1=v&=^#psN`nD}V zg^K}#^$@~EQ=(oYLBDz{qGO>jU%M~EELY;pXwOeqYV{+LqGf7jM;jHl~DMf>?$sfcsY zSpEJ&adEXb7ApY={6K^)(JCtO39)bq^#im&_ce7OGK zW1$jJ(_K4D;kmTSbnk078m|2@UqNbF@=p+Gk-1!(9I0zf`HfK%gsi@}BYsk(?Q=i`WgD#Elq7@LKaj=hM1BVSj$xfXA=dgY^|TrQH7)7!rEi zks(7q3_Ur7Iw7Bc#VUTf zm#(={vo81FE%6`!7*FDc+iyO6k90~#Id7=zgU0vjxBt#{`t@)B`Dnl|>X+p>up5X{ zL5J{g20Tj~EqnjoPmPJN$%REg7j+OJ+s7XM#`I%Imwp-@HmIkHkf6!_Iy@JeA_?3@ zt*CHCo|Yb2gV-OI!>*5i*dwDv)(URxRu~&ip#`zF*fBg2(t(M*jNtu0!CvwRFlSI)M4Z|=o#t=>89p4gnkCXl!Q!zp7G^r=a(+Q zjV*DL{PyET)XpBvf3ai&`HF}Rk(vxiJUD=$k4)O{;12i8iHj`@B0_fI&f%bmRho#PLb_^Z}CXBn^3xgl%#bz$>*}GEBmCMDSZQ ze@jX+JT4u_gO8B}In1N$lmJ=If3i)SaD4Pk*$Tvc%Tse6M`z zsApEfwm5qiQ7w1(^(~#Whf>mCG;t>zY{0`UsD|!aNGIu@+-^iX>86wb<8uy&o zCuSkLt1GP$t6}=2>27yaSqN*}?H7;ClR(MKa+I1AFatYI&ACB!oenrL(h521hB#5f z9hY&fJ{|qxj*4A~aH4MdxpO~F{9PLFDv3rmN_e$HH+TJ>K$|g~9w(J=J$fZ>S(5mZ zxRT|P8e1c3^U~+uR^i|dx)ocz&?JXbY2ZaQdl9wh2X5+)t!=fr2fY8zZCJ_Lr){H> za_@}j9;GB{#e_HKI(sAfD%?$;0Yc#hqSj|7rd>~tm;!r(MRTq-4ngoP2K2r;oaw%J)p`sW4ndX(&@d%0tm4Uk;T<9G;S|jI$iDOJCI_XTRF-FCpyBYgVg5F?$on zXPgr4D-iefovAxjqO#TXLI(~OseGIyOo$E4bl5TY`KAGg!Xw;F|bJjfy?#-%T+GBRj%ev z$@2v)JN5x2#8TFMtkAvAh{y@*fiDU#iMnTfVSOyGZ$idOkB`6TctWRNY4iA%!4(uk zb0;OY#)Y9cFXGvJ4K~?Bk%x5I7Vq|2ds?OUSUKFBVD{k4#;HCOyA*87&3@j+81_inc(Qorr4FmV)CUZ2hHNU+Jm;+*SsQ!!n{JGCw8pSlg z2{ihwv#$KK;?QaSSNBg;w3`B&w*G#H5ATSY968n|nX(4oeY@>}r- z6?)ijMBO19wdP|4mM-8-yGuJh>ZDnUkA1K`#@uIOvOd%!ndqUD7HwUKRozLkatg754(*>x;K}An0PTv8)lqI)~?qrz)ruJlBOzv?rH4CHCPkSg8EJ4BYZ5+zQQlz zxh|fdJYC5-E%Tt}iK>CHQ=-}vLrwPN-NwxoNGYZm3z%}$XpXnpYV&t%&FWq4EJNo7;uTtVGJ9Rc{MEx+hJ(eg9c~EX%KN9ZkpT_%m5Gnyj!u8# zRWO@M-4GA&_J1XRh6Bv}7I>9myHUPWZa3 zS?4Rm-}PEKk>^2?NOz9c`6sj2QGBksucGKcfu7x< z@r3zl#3zCem+fbj0WLIQm7B^=%vp(*CK#z}H46uZUA_ch540MOs zYl=W^uvo(~xJ1+b^CH2XDwsH!J^OevQGK~rEaqhkn!S#XD4+`oPj2ORk9wR^wDR`& z2X|?;(o^Dyt;3kAV+R@ntSJHX1|%1b=2Qw+8kjEF;=b1$5VAiDy$BX!1nhIs0eq`z zcK4nsCFkUulHo)AhDYa~a9^2xqo>8A;}LAL*-*LSzvE(P)|TQXci?%;NZzZ#RfEop z*$|i60iRjtvF~E*963;#JDf26QNhZ9d#T|Uonlz_EzoR4HXvq8zOPT{zx0QgEZ=kQc z#exK)yCzVG%_cdaHv8dpeyR064ZUDVJ5xC*RPyEEO*Rb3lkEsnmdoDLtOY+owO!4& z!>=FvqQ-o!dS^XwdG@Y;d)aJK9Lit`nLoY!=1Pe+xVGLh*fx$$yU1h z2@r-rCze_RBj|vA+F=*hpkT*@x-<}|jQO-vhgz6LLDpa&8;W7uTXHS5-lD%VwgoW) zuwtLTw212Qzgom2vv``tLu5DPAa?rG2)~upikl>VlNI zuZ)vFz;Uv2qgcuU^|<3SESx_!#p|OltQ86wY#1P{^4xU0-(BG@aUyFeW}a8T|6pHA zx1Xwe?hnaVIkyet3nf403v@7eN!ovyZM#47HzrXZfUibZ;CJi?@}6$;G(l9ig$MsV zuKWKm$MaXV$bU8^#>9wm7+dr)65WCt(I1rhv+Sgy854)R08*h`kZh{f2yodsQ5OS3{?v&*;resKW_XdIu;dO4Ouq&+($7GylpT#9yxJ7y=zO99 z!eASqI3o)HLB5!>`d>DLdHiE;hyryXrRN6vCF|9=?j2E(3B(gtM!2 z-dp)z!ddK*Zc?LmhK9{)J-plAOSI`vBJDsSvVyPRp~dgA?@9;(jm98a3v-f+C7X2s zG>`iN;XtzttgYd6SW6A2x$w!VUY~2xg2knIf(X>SzqN2q>D`UJ=R|$peV&jS#k$CC z3sWGJd&+#jG37#&4Z`Q=a!_-0lPgF|rzD2^?+i-EA9=z5s^gk@J&eYMW$3Mv_c92u zohPLkaesi{nVzcuIcV$0SC}<=`=V|LilV&%qhD^ajJwX_0V&sQIbt*eTb`NG4cTE6 zA5=iIo2%r6KHw_4QHlbilz<0}BLYItRMwSib-u=p z>$RwEYVe)&fAqM~+RuS1tHvyyb7kpjZ#bGN42?o>Gh-Q?2Y@^nlaj6#ac|4ifnnc9 zm1`{{pNJJIyxNlK+BV+fSqoF6>-H>3ZG4qAPnNWO|z1v*?#H1#e7 z=#h5?_~t-2)p!+4Jo3nA9jwbn{IC3YcRhF(j5Hs>!+3TNMYxXoCC}~Nk)tzZ0r(ay zJ)khQwpMNc1sOAt!Z}A_Qk=^1I~YwHGCJBThh;FKTKS2q z^VvYVhh^NNO=Vy;P=7qUmXrz>Dc0xuS8)F80ab z5;DR5Z@!?IpPNn~2P;BF5b`MT{OD4=x1gUj?_^e*b_LFKF+tNr zYH2k`8=y!<$eKT+t2MXh0eXYozJLnGQtp&N=$BQl3#EW}$bk;9>WoX-L!c*VLR5nN zo*3Q6-+OZ5q&H zmuXzj3EJ(Yxzu=NC+uN`z6_k{=y*jE1?lA1qg*JSD0)D^z}i;$s+DEhACXBiB)Z`U z`6MXh(9^v!u7%$EA53T>BZTU7-a}=Yhl3@RRvPW_Z@Blp9yob4p!Sc-gU3Je)zYy5 zmV7s!s0|%ij0Fj^MPBdzN-X@Je*LG9>e&-HgOo%9#CR|Cpq~`knb;8WPRpaVaHagD z$_YoKD-*@`{<6NGdAZvDWT|kzYM6PzQB!QmuPS;$yxHLK528e~R#pxtWB%tqWc*No z{q8vFi~Ikz1>=AGHUHxN8V|@}m=k)eV+NY{7!m@eQz5PuEHP^xfsW{@czoHfC9NIy zK!ko9>umF+jCQ;ez4fHjdsGY&x3ucbzk(NtgeWj$cs6CmJ!x9&my zw7t?&_U(1xr}&NO15xy)@;^6mdY3#*kM3;@Sh&uRm^YY%Gkn zoy^z+%2rrq32cWIFlvDvv|hW6I(vqYz%D1MuN{Dt|7HXH!v>d^TNsEg;4(nXLdM4+ zbQVA(H_iYjpq?dY7XNsrfD`bKTckX(0;rKKs7kSG>?_N0jG$alEk62X%=?G|O;%Va zqYbk0sNv*)Fy{T?{Acbeodcb}JlHdQ`v8Ta4jhH|L9KG-H>Q;3L8E9;q_&_Q#_e4B z6>a;whw$%gm;UxOsu#=}kfS}{^%n-6MINvcp}HwfQtc?hAFtV;Hpuwe4O{5`wFFe? z_3@xj`Bz;6HF2S^^2^H$hMfkQ!yS`;cj@I!*n#-?<YZpFhLrER26#5LBTi9O0Y}(+j_P9o94M1ZiZbOBKR!%Mh=g^e8YkA}JU)2c zZeP&`pFoH|&mWYPKe`(vRY-x@=>iC=o5EY&)`%Gcs#Q@8cmHtvWLahDy8c(kImcVM z;#Y9_0up>(tQ+{hjoBQ)xEY%Spobzuw(~6L|52LBq-SYAgCCcp7*ee;S_Jo#2!GO0 zX!c&N>SD!&PU*vn1yMr8nB`H0h(CK+3*J6GG}algxRz&MEy^Fub^iWf()X_t7z3|= z*an;ZyQ}p0|F~KI$Ey4{mhgWmtFrk>3oIIYh;hMDu8<~9jmo5k;?A-uryA_sv9j*7 zF}NE2=JA6gkIVBC5^C&o)yf4`74E%yl|gZwgsBBZihpqU=j$W>wcQfAn0|k-Xr%{3XSH&;P^MLmNH%`h5z#3NZqD>HR;4 z4U%w6!*;P67CHt)uYwBLPsOSthX75WgmNsrNkP-oE~2@7Kir)A(R5Zy9hP&K00y(yU9mCuh5-aa>*{CX) zaT2$YqKrqF(8>@2voXhwkA`H4MCZlt7{TLVBon#qYyPXdJdc3{pE-Z&idu|fb+ebz zT$J;O>JIu1H761iO3;+NSE)S1a{+koRFq#R4qmBX3o(Q{ySlVWX1iC3`j$I~v}9c*z>jZOn}-1cG~ z?}k7n)A`7)GhYtw3w#;43Xg}EqE_Q}_#JIEQ6 z{{0t@DI%usAzDswwE5weeE^qvm|lcDhnz}3NzEbeA85sMU|d`kI6n9aUr$x?eb4SF z$sNR=Br+PU>B&}tk#5KGb<58eZ_?ksvX(Gg9q*b)8PA%l@Y#&Q-2LvqIqhRVB!j?P z$UQ+$>cM3|rHEh*KsKUbktpg(P?WZT;`>kWoR;uUxpP~Xb!gg;QFj<^KYTVo^AG$A zCI+xz4JgOB9W@BZGCvByabmvnG@Ql>p}hYV2Sg>MsOcma*Cwo-nqr4uuB6;t?xnxA zN!Pb+pbQ$#ltrzY47UtDP90da7)en$KkB1hh$8X%Y(N>97sykf2{{C(@$4o1M1QD~ zBj`ReZOF+z{&n=HH)lnR?v|!Y`qO8QnUo)(iV34G@m=f<#*;Kr941qWuPknMAfW?g z<7W2PPJVMsun|0w8>$=_TRw_x#ukUQq5>Oa$sH>ayE-(DfjTR)57D-#_Qy_aoDJ#w zj>4<+fkzW{i}bFJM97S`Bjmh8!ce)VAp=O{9OA8=KA!;!lgp>|GZM7tt& z+_IvfJ}yh@A2QR-=a4b_MX0^X{)|Ha>K5;z0@3Kh$M7Bb+dFCvAR{m6I_k>>I+f5HNW6pnD82=-gW2yAd@doD~@96?`XxC1O2d!>MhKA4hm5^Q?`vQ}M znl6Hrxko{n89m3p11kPQ@es`-H|D%In~#KO;is5%`Gi070c(Su&&oaK=hYFcF}w8=TE;` z_RgBWD5ERg9l|^uc%08y9riH|_=jI3e#=?t`&tCy{p z=-av4wu?IVjI(bPL?2~+;kQrd{GBYFreEykfA}15B<-E4j6>N&BA>$B+{0?#yqNsH z#p)&#oc*x=xo~&oEB3nBE6}jR=dKHHc@ef^HsBG^L;W;A!icqf-dJ`kb35P7qXzX& zpP@u-`VRdIJ@jN6#pRp9>lejVD$AF08RZ*%g0tH*12=aLG}0{3XbFUR*71lWET+wC zW6Y#>ghxJRMDFa}TK`wI#9)R|I4Oz;RgP>%Ng&&|uEs$?ivI@YC_HnS#^8EAy+bTtMV2_7n@6YBbGiprp-TC$`8`B z-iy4lR`{uwXB3UooqA(YmyUxkp-v#1@t;PTj1QwM^ zW~HW*%pAYfsS%a-ugw}fj^S0GkA@;*+Uf@4B4~cQUW`F3hbzs%dB#1W%QyYfK!J<0 zUZu*XaD0>9+O?A6SQbgWY*fmn(mi`ma9!U?qgaCnP6=Q-4w3Ymr#KtjBP&yrLpFGT z7BbkZr+=Yu^(Ugj;7Ls)bnLKM>|Bhdap({$f$7?-VqU(XN=dCAx%v8r73CU;ZKC}I zdsMfd?TxpRdUY7Z`{O=Evoo~=V+t&oi!R$|Hk2SiD3I+s8reZ$4;G^i*W5}?j+-44 z)waJ!eJ-2klas-HOf?6`WL;;oA9kVVs-bA?^eyX7m_3Smwxc->jnitLf{+(hAS7%D zQfSaSt=0^~>g&}mN5_abJA0kE_@b4IDA{+~12Q*jvqi>)LP&b6;{wyGfeTchY4)fX z$L!8W%9OsIY}2oldv})CUJGfAWgPz6!8FY+dR-)S9Ucn#Wyt5Jrr46B2qTdq#bjCZ z#eUpU$#|RRm$i2C=QevIb?K5TqJg_(KYFaBbq=kWrVnEYTbmQ4VnOw$mq~|On7y?- z(38;?$zt;ThWSqb{py?C<~;8HjXe~|KWQ8t9hXqYq4JLSqYukSy@3iJ>&}8Kb>yiD z$4g##RYiKvz0|c!@x=9gWOYvKgLlk7$}@g$1^vqN{S=xExO~cmUVEay#-{5fxr2`B zr^tz4Q*v%3pBL_QtE4R6*}8ovdk!txBjwomRcu zNu%54)j`g|G1jrF5i{e5?rRJlY>rlY7R1S%b>3G%JvF`lu_Y3j>UWZADLtK|6NL$k zOnvpHP%X`LeGKF0CHGWl`DL`98)jrNj+4=WEs`zY|tcF_7U)4L&aB?&s=76P&g*CE2uYs)`_ao3xtdXc@ zEl`0GHr?c=C?kyNW-zehI5OS=e zH#@gQ_HbQI=v!Ci%N$t`ugn^!%g1x6stOtFRb0Gx@GcAcepJ(SFj}#f8KFmpwCl1X z9s*5q@bk7}bx3&8&y8KjnL6VUm+LJeY8Tg0H` zoJt%R0`&9^cV4IAOQu7(iSl(Vgxi?UolO72l6TQBBE6nff1W9edxrkx69N@Lz{u!G ztZnZ}-xA#z(~4T}cQ{{Nui?{?WAw)gI)HmWw5gB zT2OzkS~P&rz2UmF)&@@aksqFyLLPkhamO$v_<+k^_nt@R*LhALKxTPh1gJ-vZeX3` zp1}^sHA6zMTi_sL zu6qX0>EU0LdH789iKLD64=|qRg}8-rgFU0yA&I-E)UJ4yk{1E$!UT-86AwX)B_*B zlYOD?ywv8c>kT!7vW0b4vTqBvKewGp*7=lXTi#ZBPSh?jku~^%&D8a64nieJSf+GR zwMe5Nq7v4w6cr%BZBXX8vFrEKbzgz03g=pT|5;)yef8B^t*!zr5TLc$D6oXEp+Gfx zs7{9LmoXsi5|f^yj58>!d~#{_m~|*&Mqa#~>8j|BkN0ZTWUmzLPtF-ASzF&6TJqK- zrZZdiqW9Y5u3;zjU6pR;CuXhkDcsYWHy_?0B^j!TFR2{Zcf3C#QtC5IdJxzLvamZBjpkVbfbebK2pPXZCZG>3abrui8d3XvGjEGVCtHe=FN}UE#LhF{ z7kuVV-k1>^`P(>i}`y1D{9f1vo*v{sP6vZ?<`%is7^rY%_fK ztSLJq?HvZVl?abezeI99jN{h-_xY-^H>Jb^7^r*X%r=|A!ZCt;iFTqw@B z3ymk6$jrJ^ZtA3Y20S&&08Xw-YlI6m&3{*!=0rV0goQvjTpqix1QO(q_i_!IhNg=g zR~ULb3#qA6eYNc3YBjiLuWO1`o|-ZariPw=+aaiZRa15H@}vT_+&UDTo=Ha|bqdQ6 z!rz$5)$niX-IWLHR9?|3T6pB_>4eZbfW=l%JtQkvt74iVRA zLHT0A2kUJJ|7pmWK7-YI_b}B>E(B7HZHF_{?oi!7yo0klK=@dO8cH);MwW{$N8iN~ z&v_bk-#VCeCNJ;s#8t^}cRfqB>!0{k!lk^=A~y1?KTckJS@Au8V;!s0QRD<$GeVw1 zjdp?e!-oLH9897+R0`E(+S}^Rt1Y+umQ-fhS=fksCEVe;9133^Kb03|-+lPT+1~tf zEBdJB5pYT>fz9XxLK>`}H8|r;z3L6~;vtusq7I)CE8Cx1wiLMg&86Fz{G}bkz-$ZW znxEM$Zxa)1CoC;3ZVN{qjMq|*?Rl1$cSwZ9)Pn$$3pO}|706)JQb?uXn@$upaux}r z0g@-^!zAqh8BDJQ!=3Pe61F&k-js48&cnMC_@&)Yv% zZzL%mk3uB;g(iX689QGBeN(Pw-!U! za+lFI32wIQP9!<17|#lL5wh@-;IRaf+_E)yInfz@@!D$e&%&PJ7m*#wY5tNXq1SAU z!rwdqnbn|FVo@4oNH{~vnw?;LbrM+)>B29YagPSeCfN=B#~skt0b`cpUjvK|bCOOr zP9U)%pL&nHDZ?RuY)(FgNt1=;W38KS-##jHKkh^S7+P5mU>JHd%HQA@c?HYIITLi4 z_9i$l0Tq{6P7`|Uc^kHLq{BT9QkK)4*2~>N8rSWU-3Wko!K(&v>gi_XzFMuLY{IIn zrSiq96Zh@vKg_g1n6RMYqe|E}nXx}ZGhYJLGC*~NQ4^d0T zd1`*WtDP@GUo6k6wd`0>j_*7i!}-zR6(KS7AT%^*a3jV{wVM0s*OW(&=T#qZ4IUBT z5uT?c=!N3Uv-xBR|i(MrPk?&|yJS_P(9>3dRTuQ$he!L!h1Bg^$9 zxf%8q)fq@6U`FIxv;v$pNF6P@hsVDsH;9sJeSNN1R;Bxgcvsg2mp8t8&KqGJsVZ7g zwO`|NFHd@ZQ*-nJTVA}oS`oV124l0@GgKJkAt+~dJ~uq)c81QYLAQZYc%7Thh|`yo z91}FR4D7uIQAQ(*q{}`QWk6k@0oq#BA({%2oz0iIPQfR`(U711#k^7OH>M}U?^`vzJ6m)5ifHH^^gfssiYk_fk4CZ~j*)Yg`-lNPM%2P-3B*H&bX@CJuH(ZP<|;Gp zW1sW-GCsw1^9JDUC(OQHSwI*BQgpH$dkQIWYZCRd6;Vc;{R{A&s8q?N=%s;sZo_Wy zb@G6j3hkcGl$IGJ>7vn(1I=ivXyr0XCUEttC6hC>g?H_V(3FpGb)t+G@gmOceNLRT z<~~#JSbhP#sKve*2~mxyo1q7>NkZqo36n5U-nwjUc}>Vvx6EsKcr(c4#KBpc6JonE z(Q($6u@-Nvyl%gY;T(}OEPGn+oxhY$L8`~U@t`P)WZ(7;4c7CHn29tZA#jlM$#2Ng1lrK$R+H(QKM z#g*(V!xG@s!`RO|34a*r0S9uyzw=bBXkek4gVWY*isk~pAhCNIAzr(#e5deZKz_%% zSR#z#{bICAHw975VL$ZxNx_f1FSADEcSjy;-?2G)`KJ~jtOMxm*pI*D;a=eW0{ZYS zDA0$u|9U59GI(G#?hZzD>GT#u&=E_GTyMyin~!7c!*i}ORmd}>vlW^ zGwj9=5K(d7<5gCb1Il~z@0j}Fion377wV9qi9F`PBqnbR8$23CGLv|H3tODi^ifOj zkS#UB<4X$T443@%rR(!0oA^;L3V~jZFv!pZr-_R?Fx_*R@G~OMbm<;KgsSK4K{2I~ zZi~h!D5cHerIiwI-r&qUdcS?C#NbA-m4f6;LyNcg>09IzZv-8iCbtaX5zBDW9Srjl z{0M3q4LhKGx}cpr*+K%b9O?5CMn^b$S-a zy@~3oYRAO)Pk1%@tWoD<)!+M^&V8rbfs3oZ>q4uQ*y4cW;FBarufTf~LFpYao}svZdLK9g#^mT}pkqLj(Z zQG~_iVe(LRkDCLiku^}JaWdNgQU*E)XddQI!xDeI`2C$;*=+U}SUY_P8PraM`o2pw z@>HC@!;V#uVG<#GJYKT<^!2x_wL(K=ER7S}0jqS6Vw_y`V2q;o)(H^Ul-y5%wS91T zikrOGvV8c#cI&fZ+yP$qS8w9Wti^hJ#BW~>Q132Vx9B5V3L8aNN%09>dsqWoh#+T! zX=8^`LLvVFD-;6N%)alnr23qdQW61SLQp9%>m@q-o~m?i55DQK%q`K$w0gYSXw)~L zR+DLDd`gClUdF#?d_|Y}fDu2mLp6g4u^h&?E$)#i&Jwasfq9N({+t$~^gc^5_?4Z|}o;s)DtdAr>0O*83!wRyy~+ zOs7F5IUTCXi|WD9BK@CKpGXhCOWH<9?(w8~3kH0?Etj4aH1FwC@}$m%IQ&BkOnee% zw4jTPmUn%~_zt1-RH*`LzAEWR`*WZ74o{G0YC;{X>SB~f59e(=1jicJhI+^7iUjGt zVGN>3+SuogWS#!q>ED<--1i_Zd@IN7|6a3#32hLkRu}x7c7Cb&I^)CvAA`01E8T4t zW1iQ!0!b|l)+VxZGn}pAtP?|&?3Uw0HfkG5Ra!)fgsBWLIu2hd%9qp?;@ZD>`Q131 zO@*fZI{O>wWttBav#UnkK}BHs5b#T-1-+~{DG_HhhQ(hhS;t-(x~IS=#=2kYf?$%! z56gx_1LmLb76}!YC*?St%hR!Wzb5_0_A4%uFVj5r?nVp3{ERg3M|om}gJw%3H5Fu| zR?&M(>M2zJt|lKnNoEo*zrlBHO#`SWs#hp6W@+0%#B&dCYh5RK}2@jNAJ z#$#c<@|WV`4P)GtC&+~XaYXZGT3qT*!;yK*iudCR4%=K9K4uXJaP znNMYf%QLQ+jKu*UF#6W=XymYMZ1SMTT1b7e66OBOgb)qQ9|5+ua{g*_U&i|swt7SB zPLoC`6D0S>LS155Xu0M^IYERrIiLq9h};lbkL24=;Pq2D@1&cNMGlS$JdOVrZw`>n zKzNBIh6oA9LV%+f9a^&xEW3idYVNDHEk+jEQe%i0V9xSLn=@8MZyuLSGw}J0J;$6+ zTxCX%!^&1$PC}Yf4+J)x4G0}*;t!cy4IwbvOOluMC$st{pf(}VX-Pz@2sRe{+Oz9z zC>G=>w#=ucp5qQ_^?Ab?dTg&c*^7$S3EMsMRaeZw*CwP$o>c78Ayw3V7M7;u$$YH1 z>dC+>w~gA8hDfD=-qkCF_6gX%$4*3#p9Va_Z|dJd-5lB@%}Z(=y>4Wdl$0f&NJ)?y?NfD~`WMjlk&f&LkYx6J_PTeQA=70Z_5!C`*bexp!^{UFR#n z*op;gBJ8U=25_+(>KiKmZI_SEMHu~5P`%JUBT~!jdoT4YBoJ{;E*256tKwVPY*;gi zZbpYGCWpH`{xNa!f|CT_uHxt5V_oHTr)K7C)s|QS_U>{c+aaZLfeoi<+~mp*IliTx zkydyF&K4iO5yMjU!|$bX`8hy*@F+1Tid6Y-IK7>XnYyu8RGy=ccktz zId+YRZxVu$LbgKd^t@f!z6?Log>-octIC|d$NGZ#wCzLYQ+r1d7r;{@AK?V%JL(>x z3bhcnTCm&}RMx95%EB{8P%Z0S{>~2@+pQy7i?`PW*Ehl@6jK$j<%_`Ta&ecsP{m@SV_dq4XqZEd{uOv~tV1JJMq z<Vh`6v+m|Z}XgZrg#TwnuLYwv|Ik2rX~q{`hR1}X9>USd7YK-wPawI zuM&fmk6hdIRIa6-yX!is=L_xP$mS7i)%2z2fGs1QxC`B~%GHS`dv$hiISZY;dS$_w z_=ywe5nC~`YD7mBvKxkRdR*F5=0p(p{GxYT`@>Xe*4!e_fZwsczfXZ{;}kszW%Jg` zmWn2KbfjM@t|Hra1ei6Yx+aI5Dv4#Oa^4LuoXBjxr57g=<@%MG`ToO7BtNQ&3ktcE zO|++`&9L(>RTwg^D2j!RH0xTqi*Q>R#L#CfNMC9xCAZk(q!Zb(PKa7iE;p$#E>Od6 z^wq)q3FyPpijX!<HZ)6Vmc`6D+_`OaQ( zN8b4QDHi)iUt4i?6@5b7ezR3GUtT|guUD-w?e=QB zVu2!`BDL7mg02!9YP3qUo(tyPx%<<@SLO6!o;hq#0~b}3v_P2$Q&!1F8iNQ`!jS{* z>tjpDwBLO#ooL!uaz;}jUSFIkudZTF%hl*cf$y~iAUvc>R<`Sg_4t5viL^$c)32$K zGv<9o3P%pTf2mRXYPR6WzKHO!Q>VKgOjipU#f>2c@H~(4I2Ei@J6OU*@T1}xl2#)+r-AAe!&yyV~imr8?`HgcA2zcd6H_ozbYM8{9GgCVakYhWlgDJ zjFIyTx60_}I4leb9+yoz3{l!`(t+?gb^2IflrX~smigbn& zq#TB?k9V?EB!2F&ZYNw#d%7}E>OKO@Me!8*8J!c}OFDU8o)jHgs^zP^uM%GV!>$8S z^PYWGIbY&8eA){yH^WO{D?GcmkfRjKz2AZyG&87X1WJ@wPP??-ko)6ti6Y}$X-J3n z^cm)uF6rl2uNJ{6qx26yX$rf12ywD(1nB}HyL`26_0SJJY61~*P%X~Ez?EoJX8XX( zLsl?Ul+>i_hI9gF~KByO*EsSPNdB>JDZ?*IrXU0!QP2 z<+J${l2^>YI7y*n)Y2IlU6uaF?96cI4lqHk#l>H1-*V$ip6 zp+Llk!kDriS%3nivS5}H+KW4Lo#E_rHB~lxA^IYfcUqYn`H26kz4MN0>f81`ii(1W z(u)vjq5=X+Q7I7-5fS*&rA9@hNtF^H5_&HR0@4zt1x1N;fk1$OD4;X}Nq~^hdqRnU zg#6z2ch0%*+;iU>_l`H-8{_?P|4PPyoxR7}Yt6aV{LcBA7z-L~zZm1kP+xA99bs~p zF4>sVQSHAFr+)}pN7)K$+GnShK$(qvywSXCijB8SENLpj1=EQbIFr7 zx0-bh37*xKRG7TRg%oFS<*>O#fHT96Axggi-^3fN0~Ao=_=)byrPt< z`i#pW$Ba@<@4e}X8eDhG%`GBGrFe%3Kl0|5#5uG1z$Ac)|AFaBH!a3_`B6}9cC1pA zhg~cyw$dY1x;qfn8+Q4dZ_@n?<%g~>s)RY&@Rwu%Xy6?8oSRQK4knt?)%ULj-rw@! zp8vSn`QXDvgMJtJ^R4zvl{xdXqt+&4X=&OGI4}@4T}1&0`eRJ(blNL=)l4${6wHpQ zHlH(H0q0(-vd10l@>QJ4SiATzgufXhgYNm_YIQ+fGYwAWVDhDRAdl;uUJ6Z5)N-zH z@Em3hn9+~ytfd%w(2i$Znluo(6_6WMaliT8WYjT{_vvwPidBCaf@9#!5EDX~X=_z) z8QLLCy5jQ2l2y;_q^HEN32A!oY-j;TwF(NDRin3O_y$W zQhnz98BPAV4s$Nj9{%ac-LQXlLZ-Y*fUp_M{s4TQ?fKJ%-U;&t(rm++qlsMF^s#|h zuxrn*SGb{*QntpzFXZKyKML&V4_Eu2P;HoedbCS)vl6B`wg0nHGV9tfQ=9VZbI_iC z^SxyEN+s!hp;HsrRqvp_}sOrg7^IxPr zXxcH5iD7^o;s#lhO*#>E!d3*<5kv}}=9NaP(FXzFb&@_p9d4Uaqr=I><4~um-tKU@ zy0O5JfED?d*ch+>MjW>oy{VwMBD*EvFcdh^zrC#vC7Gx0}gdwG8Uz?RkB0-0IeWxP~O~^g9U9uMNNj0UgDlLTygM$j>xC zcc)9#vYa=4IYR3BH;tt~r}fzPD7?R+^7FR7xsd3cO1q6-F?UoYmICfuL+8@Hz#ip) z_<0w;UQ?9auzz>QaC34}QK`S!ycbw*2q>sy6v>AXp$@l8@W$U9W?f)v4r`eKxdDgo zd2OKd7K$!JMy8)nT;EjL=>8_KPNe(+!3(t^C0Hs;*^r};a+yNY>0Gu@pN^V-uA5`l zqsvdPrbe7^d=+t&2g_w46EaGZtj9pqZdNJn)(QFW1bTw^x^a<#q?w3W~L)3v(%2vvS zFoNpX)cXesG0PUef{nqA6Fb-BXY4`aLM+Y^%2#l;jtIQnv^Jg3U75FD8FrKI?4$U@ zZ_hB0Yd7;_KhfLt^=Yegx&?@058BfPM-%DZzisexEBZv1H2rrm`@OfL1=vlf|$>Sx{q zvLB>b0C364e5 zb%Dv&H6~33MiJmWs1HwrQ!AMeh8av1GxU&>RyN58HByv zzsY-s%)Nh>_ktu20T>=<5(93f+Tk|Z{J3tC^B z1`p~j*ec-sK~-9VP#Il-UJnxj65yP47zPPC5&$1MJ$i>{wb_!@ANAQfdqiD9SN7+s z$s-%Z0+k0{A(H~pxCaFj69QA~J?l$ybeR@jgS&p8z6@KA7@n)JbsV>Cl$YPm^a`o} z<%+_Gk0WafQ?RGX>gX@(S{09gPMXrRb6F$DUF6<_Kh1~0f9%4;emXY-wtl(-(vY1@ zerEGo@K3hWg7#~!CNMT3VV*|;KI4y6*I=`(JftQ=Bt?2Gs zN~7|+G*-z3^qH2(v zJgjvtN1MiX4xr;}>D-(5dKc{0-Mj{07H>7)R$#MMU=!HsUM&WedKz7pp~*Z-0Y-&` zjtzSUHO2M212ZS5u%y4pL+FOOWl(dL&g5~;e`L2UM}WRxkk1i%G54y6Gv#e5|At#h z)|xlM4ib=^vfk#W6PQCroE2~=8$q9)UHkTJ!asn;izy9-ljDETd08-gldgiEOVO>tElH&Xw`+0|>VMhC3xi&5I=8 zPa$_KUl+|)RNrCMPi$5RuX%i7gcNFRnjcKR!yh|(nA`q-uS2T1fJmyx)hw5 z;i$)IHU^|8{b$F>5V|vj?g>5)M4$i%ssf1W$*W@!z?3<6)6nCrUb);_?h z*~mbuh5NIWhn|MN93DAxfZaI|A7f2=9BH9hK|PEX`^e|yK98C-01rM>=T&uVJ)#U1YY>$hdr4~@-= zAVk$JYu(*lb2l>G+62G-6s%l$0@S+{c6K;c+liov*|)0!Ll-OgXdwe&H}DClXc!OP zqI(aNsC6CxGX2OK(wYMPdVQ(%F_Dz5Ps-0TGYfHxS}Ql{!N7YKk0y__R-wZObq*lg zlhKLZ0r#}dt%Tx(3p3e}sN6YNGcCeYD~R%v&+DloPeWiyvCx;D?cp&<&%(gJAYG|G zcugFnb}SL2i6Vsefq5~Sq(T$TA$-2couZ7kTYK?oH5ZL`&p zab2;$7ojaiE2p5=yvY5>-LsL^a$V`ip++`I%+`t!a^Wd72|;*pP*uO(hFH7)UHNGH zcLT(dtW0BeOW^RBUaVDSGA!LB&y$WQ)eq@k#gWi>&kiilMO7jmOSXx}Sdkx(Jjx(i zP`*DOweEfFoFemBeF5qxDJLfxuN|LF47&rM>=Qt=#&EGbFMo> z3U-gu9a9HI_bxXe&JT*RMAqt0O5b!4c*ZbUoncEkJ?pUl3Z}*|23l0lea>gt0H^C; zNtnC%_Zjxf;UYt#J>yUM{9;l*Pi&l!k(r%UUij#cJihf*$pkyr2iw5=Z(^O0g+Sr( zU`6kLNQ?I)ZNvim4l6F7RO_aNM6ica+?Wo#Detk$S~2*MFF6~fyNuLNpBSw^S(_X9 z1K!~dK$Abtr=$(MbSH>?TNns|qXCR-{JJwenS@>w37k}zlqs#N;IG3Mzo=e%oz*xe z9oVjL)H}o6DA#k$Q9D4^Dl_``J8<0d06+^1*c#J#u)7i${opfAS{XeZ@BsYK7j=d* z(dLw?j8W?qH*@6|uLy!)cF&aeN96e8`JF7=~Kea2npwNI2w^c3U3H@efi zyt~`|;Ik7B&xjg5yTNO0h;RqW1^4>KY(&$Zn}$_6>hCXsldj3)!U0&}oHhteWdiV$ zkq|T1FiUX1Ld%L&s6IwBp`%D>PLDx|(8xumX;IzwW&71LQc}|uKKNkQ*U}tUL4cKM zx6r!EFoZ&Ak0~aF0B_9TFH?PcN~0x%+XxqGWNZK7O>M&ON#y%`5@`aH2$`!3cQtY7 z9R`l=V-{qs+kh->p;9#mKOVS5?fwo_Xj2>ky^bF)4!pC~50pIO3~Ehs8X1#A)f``G zm8om^5#zrKuMUZ<mQ0y-b#gei{(u$`ceB)5K{xcz? zYIegYJn6|3{TKI-dnydpIHd99NFK|OCn-fi`0IS4z(UN+)G)p1?~RoC2Cs72#?1Q# z24@~8)SqB4KWB1H1r4VY7@knmb|8fy{L&(jL9@o*#bT!q-2YK`PRq2|;XVG@N<|NY zzxKY7KwtHhC%1EN=h~lHz;c_vJXfa#-j^k;yG~N3oL^4+dsKD$Z{4vlHaxp_K|tEL zwAm~lHcH6V>DxgA`2g)I*oTu`v^PU=mkk~mFsa~`7@zW$Z1tua4s|UN^+&G6R1uz} zxxTCjK{HBH)}E-C<3rP#r)H*&QJ;|~pg>FdDfJ;$o|ANTo6)(N5!sJ9W<%@mU8-*x zx-{5C-6VwcbR!;KdA>fg;0R`Mx=?$DY2_nuPqFl4P;)Pc6NNsgR>=R;bRX&GQZIYH z4s}T$BzqzlVQ}M^-6WF5IZj>m5LKMdq@YNn`8@F$rE)s__Q&B`&o3X=R(-gu0*+p! zaB|&_Iu&tbHLhQrv)*n4x-)E0k1XwfjmoF{fjuw0dV~#w%8J0b@2F!jzoN2s>{{wQ z8wbGC1)%EguJn^IF{)_?JT?6M?@*(5otq1=&8rr(`e9A(_TNnz>xpQ#E~{# z|8~z{3t+Qn20NKdLs59zACI=mxHSbQ*BU#mm{pCDYBaLV@lvn)g0q)o3rN2X4!&_s z4cfTyhz+(6H0=G}k_rR_l-BgCqOFEpkc=DhyAp=v#=f5}$9FA+ zQ&L~^;?6LFSLXnqb9acT$1s5cXk8Kt3UAY4qnKpA!<8TSI*<5pd(QFbpMm_IH47VtyxWy`zftd|$xdEf_` zN(QGHKrUMFYBAOIIz5o8L4(o1&4gh&>B-&xbmvYiK9mEmG?T6AzOF@pejxW$D7Naj zJeT@jIeT>0YzmssI=Vu+(@jRZ_MT1txYVs! zjk!?iIlQ&^}IZaIrL zK40PJ!5SG;s)PaC$|&3LuW-?v&Q^6g9M}X3C21*=)*gaRtPKuzjBYMi>WVo|ylvJ` zv6C`A#g(qSmU;Ng^>HUT;KE1Yz3>A}MXFFYw$`*OUDU7`D*u@l>QXQzkTlR6>=NkZ zu5h!YyzNeEaQu@9YrzXK)kzek@n19=J)R!NnhPf^fy$KARJiDoc&d|;kiP8;;*$5DPb$}Ug}=5F@9)nzINBb zW>mws0fRT3!f!pZc*Z!%`UzMfa8vl0)7B&DnL9wT9Nm zq%3@G9YWrZE8u+1+1k)b^sB(4_%$7m^8vvwQV=gn9Doh?seo6t``%u+rfl+#7Hy!ios?`M2#%(d-;zA2 zJY@sEIPddYfsn;^Y$TX5K_eSF(kt1b!O7v`9y*HD&c27i4RJrl(K&91Am8kMjI z3`M}_H#dM90Atn_sGcKbs%(mb;$7@YBF4R)wi&DwzZBvXs4WY_B)@e3zH6F&zy%*8 zD5l(LQw-w=rd!d<)W!WbFdnjL%C-1-ozu{;cKneyrS9?VQ>PGNl0Lp4AL8f7`X77x z(cC%`f~vDj#-&JFt>!k4ShZ0W%1KCoM3d)}@NmC+M?MQBykgFqIqz?%Z;+?% zKx*2NJIuzb58nduuUaCLf2*B%A|O2$ud(`!?8EJm7atucMp!fP;%OVZb~e7+DnqR% z?X$a9TT1m8hj>Q2<2{uQSPkP2YfQ9%O{jE9Lb!phH;p{B*rYIQ>QxH8tS6YLusH+E zsFJDr?t6r70xFkxFZaH*iCNOG+7YiX#fGhwU)v7)kVxO%z$a>)e%WUSYG3bv_qOx; zR68do*B|(8bc$Ah)ny9qM_`?KPBK;K8WpgIbo5M%MkiLd2ors)Zb-U5>}GS^9}!h< zA{k(W4Bk*-h&}6%&OmStnt5uA1Ww;h)w@GaCU1ZomT6O$MgufP0=T$56)$x?LFMu1 z=|M}^J3pK-7{8k@dOeN5_~X0+c)F}rjLyeUf(cN3+5y_OCQuMeX)SyU_u}EF`!5^9 zzyU+$4H4Wd#O*c02qi%EGnqt(QllxM2nP_#va_x3FnCsQ^!tYcIxXEbk| zaCm3z*pZo$Y3^Z;t;OrCU?2)DbBn)OH&M>veXXMP6pd)CJ5NgZ#Rh6{CtScIG&s(g zGE#8x>w~Js%~ySo424yTA6Rp6jveJxPW`#_mok_NI;v$~=CMai#yptuOtwcRT$_(2 zEeyC054hI{35{8M28Mg{ix_EFeTmfF9pj4Xy2$zprYo2$g zx6l>e-Ymn9E2(i6YOLk(_6#g(4BqaTQs+ID8~B&}8Eapy(+s zs%yL)mG*(`bHpCHqNj1$&40@Ao3Hwlmlt*OZmqW$ex$cmv^pN``g#^gtR~tl46IsE z7T9mZdTf)!i5OgujvAExI<B))Jo69<)JgZvslF`-saG;7!nw0gZXJwJPa#=e^ywzzb2?h(_S2Y`DH=G0 zte0yiLYkWOCtGT(oQJ!MY|~kk=ItuNxkqM_KS>4U=S2A2wbnYUlueQ?M+$*WGFLb_ zeggWb0Di<&uE1AiHm52hBN$UMsbi$Rlac2?#9GdrPl8p<@0}~c)NE4F6Ud+TEaQe7 zKvNtzLu!mv7e34CAZ~g!3GF`x$mN19tI0FS-W@QMqOrdr&Ju+eq(cDez+(Dh^#7_Z zbR9m80MaGd{$wk+VHLh#e9dFHpOLu=slmp<)F;64AIb*GAnRXI{j!

CxG6fyI#p z7F#mwq*9uMCf&+cUAKIyoBV-IBK7dk@u27*A7(9XPerYR9gx>wAN<6FN0H(xs7RV0 z71gnS_@#$ve|+VcVVpAOn3%@R5=2B(x!lLAm8_)PE|ZH&j~^uA%s)Rs-9X_~$@`); z;KDW2yFUUP@66m9S#_yvt}P@r)gvxt=t)&s-?I2}U-ytijHLhr#IS|8tG4p61`%>O zWHm&xmuuz3G*QdHP76jHyR83B|n{6$S2>+6^8d>i&b z6@Hn_6e8O}6AgH*3rK_Yc4_7wfF~0^fd9m`K6iv4WwlPtLgs>Ag#^v z0^lp#t`Q@{g&pixg3$b1c8ZYdS-B_o#FLJRrx|#3(gDM9D0`48Mm`z{)lw-- zEb<+kTn^2gNbsAqIBXQkdx^&na-Vsg4k-ep;V%OLZ|y=J!7pvD>mMkCIbT_2n?5l$ zo9Tpb%rWKCFfShS;u!*(?-l{&jUmGasPK*lE~Jgf`eN9W2KA6&!(bZT;rK=L&pmlvKHW@auu9s~BpUwT zDjFzA0ekg)Dz8HKxR_z12MFoTwJ(PcwN{okvCMJh1mJ9}RYzOHC z)_`;yT}^+LneBW*+Z8mv?b;2u6Q>48J+Rt&CVgjYyW#_vGIG)grcrha`?(so=Nb@fYLP!QH8fzdN-0roO%*(Yc|aAw}wDlCprM@9Pt6r#YFe zfa9Nlfv6WFsVleX-|PK>Fhvc zUHlggoe+9jXwPetn`$cTm3GxuNLyG!7j1L44`G#NwHEl!^D9!Vt3X>q_N!~u{9M+L zqP?@tyJ~@RVaSL8o28sY@N^36K)O{{tr)vn#Z{G%(7qRI60r`v;El4qQ8@D|Ai;05 z13{j@nM>kD)gDdLb;x}9X{Ids<=Qtu3Ox85x!kND{sNB6{~g@Aeii#SkThkU2n3l1 zPWb$ti@mq-G6*?=?SoK{eL}T>naBRZL$3+!=>vFZFG~MD+dL5Vj`)jw{VzYYf-u9w z0kI39=_MF-_75!epKK1BX~T@1 z-FW5=@ADh~Cr=C}^ZA*E!s&c}5u)+(+sXg&Ch_WYS60N+zmvSjw2Et4bF2q|Yt2sz z8wM)d0QE~M+5Xu;18!xy!!{_x{tr%?Qx{)3;igOu{mG;Wz~67->`yBahmpUU943 zF*aPkDHCkj?l{>ledd>dz?Cui6tS2`L{C}z#AtdCHhpJ^&`E-pmQ=oSH&w<0Qu!O{i)Tcf|lMpH$fYr zJ&P}RmsMK%mYvAS;#U(XWwWv-N55QA%c9^&mFW~5E?RF`*1hxvv$q-bhp6l4Ye8(j z96oQ)HeF*9_!1EEeAj^HD_9IGrq`FhdZIO(7g2>05P-{i?(G1=&_~UvCiHmRczT?c zZYBIgDVflqw=8-40}o64i2=z$BXQ>oMvcVy7Ie=JQghwz${#MJ;fbPYt9>^jm-WMV zI!upz0|K|C%2bkAw@p)R6{O)yi%cU7^Ibd7`YC->IM*(<8N0H5>HV6??rM`5Uc+!5i zUbG&mmbGomp!CFw!v!9mW0y!G!CiSyF7NescybGMS!|49)HmI9q-5^bt>p{LWQxbU z5p-F3nQI!lUd{&8HBHwNIWWdlA)50?DmG4Gwo!*?w3YByS9JCRPz>U46#4b%l&wyZ zZQ8*+24^v*ruK)T>_=>Unwwl|ah}K@m%gMZTSm7ZI(_OM`P{p07vmkR6vnwy0RP^{dvM|qN(saQ)Y2TdQ4fwWTx&fJoZvvW3Vx^0>wDiT|J2ZC{nMEeP#V_&N z_4_<_GuVF*w^!Rrm+e9o18{lv-Os4#(>9{1Hv;k&cT3QlbN@M)9`ZMa{(=9-+5dNc zg8zT|69hwTaM!w1ma*+-7@}`SYOXFA(kOAn^tr$Yw7ik@0_P4FiNsGVa`SDAx5$$}jt(QY^c72?|5f9_BkEV>cCgx??)ngTR9~Otn z;Eh`xCv$E#HwT#MhZ-z#B!&~6cs|illxsXu*{4J1ufJ({mbiLL60)5Gm6%EZBSYCMzI8(G^yFD9}ja$X=Vf4weBtWA%?==-^r zz#h@VN_wCDZn~>LSsHB%$*V6sXVvl%DA(kBXQ1GW86Akaezs0aj*R7juHe*lR49lF z0b2fBd)cn6A98aU>LMHn-BsP$le%n4>z-X&jwEp#nm6@GDOISgN#OgN=~Sn6BO;KQ zWD;3|G-&d-bG$VqJAb=Grj~MU@>8z!aXbC{JbFdtfD*tuO-048GHprX{$m!yYDWb< z#TX)^w^6B0m#Q<4R{Z$4GLCFjy%##PnFMogIj9{6k@Zxm-udbG4nVw-z%8Q3;ab z@S07X5cu58`q_sH-w)I=w3mV*yqE{&tYN!v?_c0O1R>+$>gdQR{tHqU4@M3g_-Rr8kM8K~LS#@>z(&Fp*AFd`w|!LE z)hlW9%3Oq=5-p31@I)Cazx5)F1+FRWtyZw8QlghN!ER`tp^o-I#k^$GL%;Vw&nvn9 zUNeegpl*RE+{)_+&0Ys5NO0VCrV12dGpKh6(j$tIinI_h`aRye{!gnCIp!W$zE`sn z`l^VW_qkP+-bB07b0IF8tjYb%HR(_`SMya&p`K}zaVFj<<<+by>B_8x-oc|XCq4Fq zRR@Pg{xizt|BgO+FzG^Ep+qB92$B!PfO*Oex}82-^MQZzM0UxebVIo_%&MR-t{u}V zL#tZ7z~7mwL_QsvHYe>pP;6z!Jk8|o)ADle;}R_Eo8Qt>XVW(htY>9Sryqufkv8HK zVX~yK%iN{!3cS7grK=P+H6+>hiz&{c}YT zTFzu+H1iw~sN$kJT6U8lVl6H4NwaOImheRfxC^%sUoV9OrFF-;t%V+(Z{8cH8pJZS zXMDJcbZ}RbT5ECXa!`idvY>`vd>UEEyfTI74_ztDV_fGo)apn%9;QxjcyIcYl$;z> zM~P2UDp3&fBM2hPZ->v$#H0o7x{B#aIh|%7cKfG#^M9^A|F3+PN74(aJVx{f(jaC8GlS?|Z*&lQp+L%-4qu~W{%u?S z;wgveERAYufi@Xku}cSSXCEFI4DZJtuY<%P*nQ|m-cp|cJShBZ6}kCS_-xMBVQx_g zDo#}2M`UHLEq6iH=IP%smm#jnU|0KnkYf{-xXK`xW8~jW-F^IH+dkhyC;8nM6Wh6Z zYl}nQrpSWUa=C&I2ks5Qe5i7f9OF7#OvzE^wXdCdqp3b;t4hF(hh#ihoxeXU;lbLn zJmK7H9%V}U=l*B}IK^-po-}oOWYgEiWb}3J%U|XKiRRZ%hHykXUaJ0hyyRr)DF_F= z{Q-7XLu20;vVX{C?%M+MnIUWUHP0eBiRBA~0~a^{Z-1s0dhX&%OhODu#zbnq>ThEpUYJ7o!DqQcjx^w zY|}BW@?}`2{C3CbB)S~y*mnswp!Lkl3Mr zvR$Kn3=q6{`YQoQ+LRu|4c$wa)C`wfEEL#n&<_N%NP(6Bz$qar;F%GF7|-O}&PZYs ziqcn!8!Qk-Zy7QLbVWs$ytJ90c~R7H}W|uGA^r-@vhs?HTHadkq@Ue0~A; zjV`&Pv=I)Xm=4{M-||iZ*TAvBl{|0ZVZWa*Ji`oqDu# zUv8kb$<#Q9HNxdOnAh`CZ+Fw#=BqUnOCf}Gf%-5geob`Aa!<8_QO>GdmY>CrC$kL1 zAbZQ;!tgxcc&|?Y?d_NX%OpR=h(o4tJ2E8DwAO- zGqNn-^VTjfm{8SzEdxQ)=eNH3Kk=A44PcjTRMPy%C8CW|<$nSPlAb{fL=bfOPfj>C5*~$HQ_GzEU5<#H3 zYcr`=EZ(ciwzs0gTh?d2L^t^harIs1nynwq0w^RD5=63xb1$3USO8Hn=u^i6p6RIU z&&J(kIChJiQMi!Wy;D?!Mq-fdl op7JW6vOoG{8}} +Once a tier resource is force deleted (by manually removing its finalizers), all domains and databases that reference it will transition its `Ready` condition to False with reason `ValidationFailed`. +{{< /callout >}} + +After the tier resource is re-created, the databases will be reported ready almost instantly. +No database Pod restarts will be performed and the service won't be interrupted during this time. + +Export the selected service tier as YAML: + +```sh +kubectl get tier n0.small -o yaml | sed -e '/deletionTimestamp/d' -e '/deletionGracePeriodSeconds/d' > tier-backup.yaml +``` + +Re-create the service tier: + +```sh +kubectl patch tier n0.small -p '{"metadata":{"finalizers":null}}' --type=merge +kubectl create -f tier-backup.yaml +``` + +### Helm Feature + +To reverse the deletion of a helm feature, first list all helm features that are in a deleted state: + +```sh +kubectl get feature -o jsonpath='{.items[?(@.metadata.deletionTimestamp)].metadata.name}' +``` + +This will return an output similar to: + +```text +small-resources +... + +``` + +There is a level of indirection as the features are referenced in tiers. +A database reconciliation will be triggered only if the `cp.nuodb.com/features-hash` annotation value changes. +If a referenced feature is force removed (by manually removing it's finalizers), the hash calculation will fail, preventing event propagation to all databases. + +Example error for hash calculation: + +```json +{ + "level":"error", + "ts":"2023-03-06T08:43:44.846Z", + "msg":"unable to find referenced features", + "controller":"servicetier", + "controllerGroup":"cp.nuodb.com", + "controllerKind":"ServiceTier", + "ServiceTier":{ + "name":"n1.small", + "namespace":"nuodb-cp-system" + }, + "namespace":"nuodb-cp-system", + "name":"n1.small", + "reconcileID":"5d6350be-e9c9-450a-b5cc-67b92816378f", + "error":"HelmFeature.cp.nuodb.com \"small-resources\" not found", + "errorCauses":[{"error":"HelmFeature.cp.nuodb.com \"small-resources\" not found"}]} +``` + +Export the selected service tier as YAML: + +```sh +kubectl get feature small-resources -o yaml | sed -e '/deletionTimestamp/d' -e '/deletionGracePeriodSeconds/d' > feature-backup.yaml +``` + +Re-create the service tier: + +```sh +kubectl patch feature small-resources -p '{"metadata":{"finalizers":null}}' --type=merge +kubectl create -f feature-backup.yaml +``` diff --git a/content/docs/getting-started/connect-dbaas.md b/content/docs/getting-started/connect-dbaas.md index 4a71bde..bc08097 100644 --- a/content/docs/getting-started/connect-dbaas.md +++ b/content/docs/getting-started/connect-dbaas.md @@ -49,7 +49,7 @@ export NUODB_CP_PASSWORD="$(kubectl get secret dbaas-user-system-admin -n nuodb- {{< callout context="note" title="Note" icon="outline/info-circle" >}} The *system/admin* is the first cluster administrator user created during installation. It is recommended to create less privileged users after installation. -For more information, see [User Management and Access Control]({{< ref "../administration/user-management.md" >}}). +For more information, see [User Management and Access Control]({{< ref "../administration/authentication/user-management.md" >}}). {{< /callout >}} If the Nginx TLS certificate is not signed by a public CA, configure `nuodb-cp` to trust it.