From 0b225f16af4ed885916bc3b497c54661e857ae6e Mon Sep 17 00:00:00 2001
From: Paul Flynn <pflynn@virtru.com>
Date: Thu, 5 Sep 2024 14:14:09 -0400
Subject: [PATCH 1/4] Add ECPublicKeyFetcher for NanoTDF key handling

Introduced ECPublicKeyFetcher interface and its implementations to handle EC public key fetching. Updated SDK and nanotdf test cases to utilize the new interface, ensuring better abstraction and testability. Added validation for KID length and tag size in encryption methods.
---
 lib/ocrypto/aes_gcm.go |   4 ++
 sdk/nanotdf.go         |  17 +++--
 sdk/nanotdf_test.go    | 152 ++++++++++++++++++++++++++++++++++-------
 sdk/sdk.go             |  13 ++++
 4 files changed, 158 insertions(+), 28 deletions(-)

diff --git a/lib/ocrypto/aes_gcm.go b/lib/ocrypto/aes_gcm.go
index 77aaf647e..7e789b017 100644
--- a/lib/ocrypto/aes_gcm.go
+++ b/lib/ocrypto/aes_gcm.go
@@ -61,11 +61,15 @@ func (aesGcm AesGcm) EncryptWithIV(iv, data []byte) ([]byte, error) {
 }
 
 // EncryptWithIVAndTagSize encrypts data with symmetric key.
+// Tag sizes between 12 and 16 bytes are allowed.
 // NOTE: This method expects gcm standard nonce size(12) of iv.
 func (aesGcm AesGcm) EncryptWithIVAndTagSize(iv, data []byte, authTagSize int) ([]byte, error) {
 	if len(iv) != GcmStandardNonceSize {
 		return nil, errors.New("invalid nonce size, expects GcmStandardNonceSize")
 	}
+	if authTagSize < 12 || authTagSize > 16 {
+		return nil, errors.New("invalid auth tag size, expects 12 or 16")
+	}
 
 	gcm, err := cipher.NewGCMWithTagSize(aesGcm.block, authTagSize)
 	if err != nil {
diff --git a/sdk/nanotdf.go b/sdk/nanotdf.go
index e87f00296..edadfa02b 100644
--- a/sdk/nanotdf.go
+++ b/sdk/nanotdf.go
@@ -195,6 +195,7 @@ type policyInfo struct {
 type CipherMode int
 
 const (
+	// cipherModeAes256gcm64Bit unsupported due to tag size less than 12
 	cipherModeAes256gcm64Bit  CipherMode = 0
 	cipherModeAes256gcm96Bit  CipherMode = 1
 	cipherModeAes256gcm104Bit CipherMode = 2
@@ -319,6 +320,7 @@ func getECCKeyLength(curve ocrypto.ECCMode) (uint8, error) {
 
 // auth tag size in bytes for different ciphers
 const (
+	// kCipher64AuthTagSize	unsupported due to tag size less than 12
 	kCipher64AuthTagSize  = 8
 	kCipher96AuthTagSize  = 12
 	kCipher104AuthTagSize = 13
@@ -431,14 +433,14 @@ func writeNanoTDFHeader(writer io.Writer, config NanoTDFConfig) ([]byte, uint32,
 	encoded := ocrypto.Base64Encode(symmetricKey)
 	slog.Debug("writeNanoTDFHeader", slog.String("symmetricKey", string(encoded)))
 
-	aesGcm, err := ocrypto.NewAESGcm(symmetricKey)
+	tagSize, err := SizeOfAuthTagForCipher(config.sigCfg.cipher)
 	if err != nil {
-		return nil, 0, fmt.Errorf("ocrypto.NewAESGcm failed:%w", err)
+		return nil, 0, fmt.Errorf("SizeOfAuthTagForCipher failed:%w", err)
 	}
 
-	tagSize, err := SizeOfAuthTagForCipher(config.sigCfg.cipher)
+	aesGcm, err := ocrypto.NewAESGcm(symmetricKey)
 	if err != nil {
-		return nil, 0, fmt.Errorf("SizeOfAuthTagForCipher failed:%w", err)
+		return nil, 0, fmt.Errorf("ocrypto.NewAESGcm failed:%w", err)
 	}
 
 	const (
@@ -687,7 +689,7 @@ func (s SDK) CreateNanoTDF(writer io.Writer, reader io.Reader, config NanoTDFCon
 	if kasURL == "https://" || kasURL == "http://" {
 		return 0, errors.New("config.kasUrl is empty")
 	}
-	kasPublicKey, kid, err := getECPublicKeyKid(kasURL, s.dialOptions...)
+	kasPublicKey, kid, err := s.ecPublicKeyFetcher.GetECPublicKeyKid(kasURL, s.dialOptions...)
 	if err != nil {
 		return 0, fmt.Errorf("getECPublicKey failed:%w", err)
 	}
@@ -698,6 +700,11 @@ func (s SDK) CreateNanoTDF(writer io.Writer, reader io.Reader, config NanoTDFCon
 
 	// update KAS URL with kid if set
 	if kid != "" && !s.nanoFeatures.noKID {
+		// check length
+		identifierLen := len(kid)
+		if identifierLen > 32 {
+			return 0, fmt.Errorf("invalid KID: unsupported identifier length: %d", identifierLen)
+		}
 		err = config.kasURL.setURLWithIdentifier(kasURL, kid)
 		if err != nil {
 			return 0, fmt.Errorf("getECPublicKey setURLWithIdentifier failed:%w", err)
diff --git a/sdk/nanotdf_test.go b/sdk/nanotdf_test.go
index 844e480d4..e63bc7e64 100644
--- a/sdk/nanotdf_test.go
+++ b/sdk/nanotdf_test.go
@@ -266,37 +266,114 @@ func TestGetECPublicKeyKid(t *testing.T) {
 	}
 }
 
+// MockECPublicKeyFetcher is a mock implementation for testing purposes.
+type MockECPublicKeyFetcher struct {
+	MockPublicKey string
+	MockKID       string
+	MockError     error
+}
+
+func (m MockECPublicKeyFetcher) GetECPublicKeyKid(kasURL string, opts ...grpc.DialOption) (string, string, error) {
+	return m.MockPublicKey, m.MockKID, m.MockError
+}
+
 func TestCreateNanoTDF(t *testing.T) {
+	const InvalidMockPublicKey = "-----BEGIN PUBLIC KEY-----\n" +
+		"GARBAGE\n" +
+		"-----END PUBLIC KEY-----\n\n"
+	const ValidMockPublicKey = "-----BEGIN PUBLIC KEY-----\n" +
+		"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMLUYYICsSIDQJ+XnrAsM3x3jdNf2\n" +
+		"wJhIy/958wUXewDgZ6No/ndUr3G36wDpZHtuYaBXsZoC4jIBxb4+9hALSw==\n" +
+		"-----END PUBLIC KEY-----\n\n"
+	const invalidKID = "012345678901234567890123456789012"
+	keyPairP256, _ := ocrypto.NewECKeyPair(ocrypto.ECCModeSecp256r1)
+	keyPairP384, _ := ocrypto.NewECKeyPair(ocrypto.ECCModeSecp384r1)
+	keyPairP521, _ := ocrypto.NewECKeyPair(ocrypto.ECCModeSecp521r1)
 	tests := []struct {
-		name          string
-		writer        io.Writer
-		reader        io.Reader
-		config        NanoTDFConfig
-		expectedError error
+		name             string
+		writer           io.Writer
+		reader           io.Reader
+		config           NanoTDFConfig
+		publicKeyFetcher MockECPublicKeyFetcher
+		expectedError    error
 	}{
 		{
-			name:          "Nil writer",
-			writer:        nil,
-			reader:        bytes.NewReader([]byte("test data")),
-			config:        NanoTDFConfig{},
-			expectedError: errors.New("writer is nil"),
+			name:             "Nil writer",
+			writer:           nil,
+			reader:           bytes.NewReader([]byte("test data")),
+			config:           NanoTDFConfig{},
+			publicKeyFetcher: MockECPublicKeyFetcher{},
+			expectedError:    errors.New("writer is nil"),
+		},
+		{
+			name:             "Nil reader",
+			writer:           new(bytes.Buffer),
+			reader:           nil,
+			config:           NanoTDFConfig{},
+			publicKeyFetcher: MockECPublicKeyFetcher{},
+			expectedError:    errors.New("reader is nil"),
+		},
+		{
+			name:             "Empty NanoTDFConfig",
+			writer:           new(bytes.Buffer),
+			reader:           bytes.NewReader([]byte("test data")),
+			config:           NanoTDFConfig{},
+			publicKeyFetcher: MockECPublicKeyFetcher{},
+			expectedError:    errors.New("config.kasUrl is empty"),
 		},
 		{
-			name:          "Nil reader",
-			writer:        new(bytes.Buffer),
-			reader:        nil,
-			config:        NanoTDFConfig{},
-			expectedError: errors.New("reader is nil"),
+			name:   "Invalid Public Key",
+			writer: new(bytes.Buffer),
+			reader: bytes.NewReader([]byte("test data")),
+			config: NanoTDFConfig{
+				kasURL: ResourceLocator{
+					protocol:   1,
+					body:       "kas.com",
+					identifier: "e0",
+				},
+			},
+			publicKeyFetcher: MockECPublicKeyFetcher{
+				MockPublicKey: InvalidMockPublicKey,
+			},
+			expectedError: errors.New("ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key"),
+		},
+		{
+			name:   "Invalid Tag size P256",
+			writer: new(bytes.Buffer),
+			reader: bytes.NewReader([]byte("test data")),
+			config: NanoTDFConfig{
+				kasURL: ResourceLocator{
+					protocol:   1,
+					body:       "kas.com",
+					identifier: "e0",
+				},
+				cipher:  cipherModeAes256gcm64Bit,
+				keyPair: keyPairP256,
+			},
+			publicKeyFetcher: MockECPublicKeyFetcher{
+				MockPublicKey: ValidMockPublicKey,
+			},
+			expectedError: errors.New("writeNanoTDFHeader failed:AesGcm.EncryptWithIVAndTagSize failed:invalid auth tag size, expects 12 or 16"),
 		},
 		{
-			name:          "Empty NanoTDFConfig",
-			writer:        new(bytes.Buffer),
-			reader:        bytes.NewReader([]byte("test data")),
-			config:        NanoTDFConfig{},
-			expectedError: errors.New("config.kasUrl is empty"),
+			name:   "Invalid Curve match P256-P384",
+			writer: new(bytes.Buffer),
+			reader: bytes.NewReader([]byte("test data")),
+			config: NanoTDFConfig{
+				kasURL: ResourceLocator{
+					protocol:   1,
+					body:       "kas.com",
+					identifier: "e0",
+				},
+				keyPair: keyPairP384,
+			},
+			publicKeyFetcher: MockECPublicKeyFetcher{
+				MockPublicKey: ValidMockPublicKey,
+			},
+			expectedError: errors.New("writeNanoTDFHeader failed:ocrypto.ComputeECDHKeyFromEC failed:there was a problem deriving a shared ECDH key: crypto/ecdh: private key and public key curves do not match"),
 		},
 		{
-			name:   "KAS Identifier NanoTDFConfig",
+			name:   "Invalid Curve match P256-P521",
 			writer: new(bytes.Buffer),
 			reader: bytes.NewReader([]byte("test data")),
 			config: NanoTDFConfig{
@@ -305,14 +382,43 @@ func TestCreateNanoTDF(t *testing.T) {
 					body:       "kas.com",
 					identifier: "e0",
 				},
+				keyPair: keyPairP521,
+			},
+			publicKeyFetcher: MockECPublicKeyFetcher{
+				MockPublicKey: ValidMockPublicKey,
 			},
-			expectedError: errors.New("getECPublicKey failed:error connecting to grpc service at https://kas.com: grpc: no transport security set (use grpc.WithTransportCredentials(insecure.NewCredentials()) explicitly or set credentials)"),
+			expectedError: errors.New("writeNanoTDFHeader failed:ocrypto.ComputeECDHKeyFromEC failed:there was a problem deriving a shared ECDH key: crypto/ecdh: private key and public key curves do not match"),
+		},
+		{
+			name:   "Invalid KID size",
+			writer: new(bytes.Buffer),
+			reader: bytes.NewReader([]byte("test data")),
+			config: NanoTDFConfig{
+				kasURL: ResourceLocator{
+					protocol:   1,
+					body:       "kas.com",
+					identifier: invalidKID,
+				},
+				sigCfg: signatureConfig{
+					hasSignature:  false,
+					signatureMode: 0,
+					cipher:        cipherModeAes256gcm96Bit,
+				},
+				keyPair: keyPairP256,
+			},
+			publicKeyFetcher: MockECPublicKeyFetcher{
+				MockPublicKey: ValidMockPublicKey,
+				MockKID:       invalidKID,
+			},
+			expectedError: errors.New("invalid KID: unsupported identifier length: 33"),
 		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			var s SDK
+			s := SDK{
+				ecPublicKeyFetcher: tt.publicKeyFetcher,
+			}
 			_, err := s.CreateNanoTDF(tt.writer, tt.reader, tt.config)
 			if err != nil {
 				if tt.expectedError == nil {
diff --git a/sdk/sdk.go b/sdk/sdk.go
index d0bc6373f..7f96d6bd3 100644
--- a/sdk/sdk.go
+++ b/sdk/sdk.go
@@ -51,11 +51,17 @@ func (c Error) Error() string {
 	return string(c)
 }
 
+// ECPublicKeyFetcher is an interface that defines the method to fetch the EC Public Key and KID.
+type ECPublicKeyFetcher interface {
+	GetECPublicKeyKid(kasURL string, opts ...grpc.DialOption) (string, string, error)
+}
+
 type SDK struct {
 	config
 	*kasKeyCache
 	conn                    *grpc.ClientConn
 	dialOptions             []grpc.DialOption
+	ecPublicKeyFetcher      ECPublicKeyFetcher
 	tokenSource             auth.AccessTokenSource
 	Namespaces              namespaces.NamespaceServiceClient
 	Attributes              attributes.AttributesServiceClient
@@ -184,6 +190,13 @@ func New(platformEndpoint string, opts ...Option) (*SDK, error) {
 	}, nil
 }
 
+// RealECPublicKeyFetcher is the real implementation for fetching the EC Public Key Kid.
+type RealECPublicKeyFetcher struct{}
+
+func (r RealECPublicKeyFetcher) GetECPublicKeyKid(kasURL string, opts ...grpc.DialOption) (string, string, error) {
+	return getECPublicKeyKid(kasURL, opts...)
+}
+
 func SanitizePlatformEndpoint(e string) (string, error) {
 	// check if there's a scheme, if not, add https
 	if !regexp.MustCompile(`^https?://`).MatchString(e) {

From 2e695a3f565da5dec7958bb274311a60e615f098 Mon Sep 17 00:00:00 2001
From: Paul Flynn <pflynn@virtru.com>
Date: Thu, 5 Sep 2024 14:28:00 -0400
Subject: [PATCH 2/4] Rename struct and add KID max length check.

Renamed `RealECPublicKeyFetcher` to `EcPublicKeyFetcher` for consistency. Introduced a constant for the maximum KID length and added a check for KID length in the `createNanoTDF` function.
---
 sdk/nanotdf.go      |  7 ++++++-
 sdk/nanotdf_test.go | 18 +++++++++---------
 sdk/sdk.go          |  6 +++---
 3 files changed, 18 insertions(+), 13 deletions(-)

diff --git a/sdk/nanotdf.go b/sdk/nanotdf.go
index edadfa02b..9b2ec78af 100644
--- a/sdk/nanotdf.go
+++ b/sdk/nanotdf.go
@@ -39,6 +39,7 @@ const (
 	kNanoTDFIvSize                = 3
 	kNanoTDFGMACLength            = 8
 	kNanoTDFMagicStringAndVersion = "L1L"
+	kNanoTDFKIDMaxLength          = 32
 )
 
 /******************************** Header**************************
@@ -689,6 +690,10 @@ func (s SDK) CreateNanoTDF(writer io.Writer, reader io.Reader, config NanoTDFCon
 	if kasURL == "https://" || kasURL == "http://" {
 		return 0, errors.New("config.kasUrl is empty")
 	}
+	if s.ecPublicKeyFetcher == nil {
+		// refactored for testability, if not set then use wrapper around getECPublicKeyKid
+		s.ecPublicKeyFetcher = EcPublicKeyFetcher{}
+	}
 	kasPublicKey, kid, err := s.ecPublicKeyFetcher.GetECPublicKeyKid(kasURL, s.dialOptions...)
 	if err != nil {
 		return 0, fmt.Errorf("getECPublicKey failed:%w", err)
@@ -702,7 +707,7 @@ func (s SDK) CreateNanoTDF(writer io.Writer, reader io.Reader, config NanoTDFCon
 	if kid != "" && !s.nanoFeatures.noKID {
 		// check length
 		identifierLen := len(kid)
-		if identifierLen > 32 {
+		if identifierLen > kNanoTDFKIDMaxLength {
 			return 0, fmt.Errorf("invalid KID: unsupported identifier length: %d", identifierLen)
 		}
 		err = config.kasURL.setURLWithIdentifier(kasURL, kid)
diff --git a/sdk/nanotdf_test.go b/sdk/nanotdf_test.go
index e63bc7e64..c01e7a984 100644
--- a/sdk/nanotdf_test.go
+++ b/sdk/nanotdf_test.go
@@ -273,19 +273,19 @@ type MockECPublicKeyFetcher struct {
 	MockError     error
 }
 
-func (m MockECPublicKeyFetcher) GetECPublicKeyKid(kasURL string, opts ...grpc.DialOption) (string, string, error) {
+func (m MockECPublicKeyFetcher) GetECPublicKeyKid(_ string, _ ...grpc.DialOption) (string, string, error) {
 	return m.MockPublicKey, m.MockKID, m.MockError
 }
 
 func TestCreateNanoTDF(t *testing.T) {
-	const InvalidMockPublicKey = "-----BEGIN PUBLIC KEY-----\n" +
+	invalidMockPublicKey := "-----BEGIN PUBLIC KEY-----\n" +
 		"GARBAGE\n" +
 		"-----END PUBLIC KEY-----\n\n"
-	const ValidMockPublicKey = "-----BEGIN PUBLIC KEY-----\n" +
+	validMockPublicKey := "-----BEGIN PUBLIC KEY-----\n" +
 		"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMLUYYICsSIDQJ+XnrAsM3x3jdNf2\n" +
 		"wJhIy/958wUXewDgZ6No/ndUr3G36wDpZHtuYaBXsZoC4jIBxb4+9hALSw==\n" +
 		"-----END PUBLIC KEY-----\n\n"
-	const invalidKID = "012345678901234567890123456789012"
+	invalidKID := "012345678901234567890123456789012"
 	keyPairP256, _ := ocrypto.NewECKeyPair(ocrypto.ECCModeSecp256r1)
 	keyPairP384, _ := ocrypto.NewECKeyPair(ocrypto.ECCModeSecp384r1)
 	keyPairP521, _ := ocrypto.NewECKeyPair(ocrypto.ECCModeSecp521r1)
@@ -333,7 +333,7 @@ func TestCreateNanoTDF(t *testing.T) {
 				},
 			},
 			publicKeyFetcher: MockECPublicKeyFetcher{
-				MockPublicKey: InvalidMockPublicKey,
+				MockPublicKey: invalidMockPublicKey,
 			},
 			expectedError: errors.New("ocrypto.ECPubKeyFromPem failed: failed to parse PEM formatted public key"),
 		},
@@ -351,7 +351,7 @@ func TestCreateNanoTDF(t *testing.T) {
 				keyPair: keyPairP256,
 			},
 			publicKeyFetcher: MockECPublicKeyFetcher{
-				MockPublicKey: ValidMockPublicKey,
+				MockPublicKey: validMockPublicKey,
 			},
 			expectedError: errors.New("writeNanoTDFHeader failed:AesGcm.EncryptWithIVAndTagSize failed:invalid auth tag size, expects 12 or 16"),
 		},
@@ -368,7 +368,7 @@ func TestCreateNanoTDF(t *testing.T) {
 				keyPair: keyPairP384,
 			},
 			publicKeyFetcher: MockECPublicKeyFetcher{
-				MockPublicKey: ValidMockPublicKey,
+				MockPublicKey: validMockPublicKey,
 			},
 			expectedError: errors.New("writeNanoTDFHeader failed:ocrypto.ComputeECDHKeyFromEC failed:there was a problem deriving a shared ECDH key: crypto/ecdh: private key and public key curves do not match"),
 		},
@@ -385,7 +385,7 @@ func TestCreateNanoTDF(t *testing.T) {
 				keyPair: keyPairP521,
 			},
 			publicKeyFetcher: MockECPublicKeyFetcher{
-				MockPublicKey: ValidMockPublicKey,
+				MockPublicKey: validMockPublicKey,
 			},
 			expectedError: errors.New("writeNanoTDFHeader failed:ocrypto.ComputeECDHKeyFromEC failed:there was a problem deriving a shared ECDH key: crypto/ecdh: private key and public key curves do not match"),
 		},
@@ -407,7 +407,7 @@ func TestCreateNanoTDF(t *testing.T) {
 				keyPair: keyPairP256,
 			},
 			publicKeyFetcher: MockECPublicKeyFetcher{
-				MockPublicKey: ValidMockPublicKey,
+				MockPublicKey: validMockPublicKey,
 				MockKID:       invalidKID,
 			},
 			expectedError: errors.New("invalid KID: unsupported identifier length: 33"),
diff --git a/sdk/sdk.go b/sdk/sdk.go
index 7f96d6bd3..5b83c8440 100644
--- a/sdk/sdk.go
+++ b/sdk/sdk.go
@@ -190,10 +190,10 @@ func New(platformEndpoint string, opts ...Option) (*SDK, error) {
 	}, nil
 }
 
-// RealECPublicKeyFetcher is the real implementation for fetching the EC Public Key Kid.
-type RealECPublicKeyFetcher struct{}
+// EcPublicKeyFetcher is the real implementation for fetching the EC Public Key Kid.
+type EcPublicKeyFetcher struct{}
 
-func (r RealECPublicKeyFetcher) GetECPublicKeyKid(kasURL string, opts ...grpc.DialOption) (string, string, error) {
+func (r EcPublicKeyFetcher) GetECPublicKeyKid(kasURL string, opts ...grpc.DialOption) (string, string, error) {
 	return getECPublicKeyKid(kasURL, opts...)
 }
 

From e18c602d13e6f227c62912e8d5f6d591f45e52ab Mon Sep 17 00:00:00 2001
From: Paul Flynn <43211074+pflynn-virtru@users.noreply.github.com>
Date: Thu, 5 Sep 2024 16:10:37 -0400
Subject: [PATCH 3/4] Update lib/ocrypto/aes_gcm.go

---
 examples/oidc-hydra/README.md                 |  60 ++++
 examples/oidc-hydra/db.sqlite                 | Bin 0 -> 397312 bytes
 examples/oidc-hydra/docker-compose.yaml       |  51 ++++
 examples/oidc-hydra/hydra.yaml                |  41 +++
 examples/samplejs.txt.ntdf                    | Bin 0 -> 194 bytes
 lib/ocrypto/aes_gcm.go                        |   2 +-
 mockpublickey.pem                             |   4 +
 opentdf-bkp.yaml                              |  65 ++++
 opentdf-idp.yaml                              |  88 ++++++
 policies/entitlements/conditions.rego         |  31 ++
 policies/entitlements/idp-client.json         | 121 ++++++++
 policies/entitlements/in-kas-simplified.json  |  88 ++++++
 policies/entitlements/in-kas.json             | 280 ++++++++++++++++++
 policies/entitlements/in-keycloak.json        |  35 +++
 policies/entitlements/in-simplified.json      |  60 ++++
 policies/entitlements/in.json                 | 222 ++++++++++++++
 .../entitlements/input-condition-test.json    |  12 +
 policies/entitlements/input-jwt.json          |  85 ++++++
 policies/entitlements/input-simple.json       | 134 +++++++++
 19 files changed, 1378 insertions(+), 1 deletion(-)
 create mode 100644 examples/oidc-hydra/README.md
 create mode 100644 examples/oidc-hydra/db.sqlite
 create mode 100644 examples/oidc-hydra/docker-compose.yaml
 create mode 100644 examples/oidc-hydra/hydra.yaml
 create mode 100644 examples/samplejs.txt.ntdf
 create mode 100644 mockpublickey.pem
 create mode 100644 opentdf-bkp.yaml
 create mode 100644 opentdf-idp.yaml
 create mode 100644 policies/entitlements/conditions.rego
 create mode 100644 policies/entitlements/idp-client.json
 create mode 100644 policies/entitlements/in-kas-simplified.json
 create mode 100644 policies/entitlements/in-kas.json
 create mode 100644 policies/entitlements/in-keycloak.json
 create mode 100644 policies/entitlements/in-simplified.json
 create mode 100644 policies/entitlements/in.json
 create mode 100644 policies/entitlements/input-condition-test.json
 create mode 100644 policies/entitlements/input-jwt.json
 create mode 100644 policies/entitlements/input-simple.json

diff --git a/examples/oidc-hydra/README.md b/examples/oidc-hydra/README.md
new file mode 100644
index 000000000..a1a640063
--- /dev/null
+++ b/examples/oidc-hydra/README.md
@@ -0,0 +1,60 @@
+# OpenTDF Platform Ory Hydra example
+
+## Overview
+
+This example shows how to integrate with [Ory Hydra](https://www.ory.sh/hydra/), a hardened and certified OAuth 2.0 and OpenID Connect provider.
+
+The highlight of this example is to show th webhook integration.
+
+## Setup
+
+### Install Ory Hydra
+
+```shell
+brew install ory/tap/hydra
+```
+
+### Start both public and administrative HTTP/2 APIs.
+Also, create a sqllite db
+
+```shell
+export DSN="sqlite://./db.sqlite?_fk=true"
+hydra migrate sql $DSN --yes
+hydra serve all --dev --config ./hydra.yaml
+```
+
+### Create clients
+
+client `opentdf`
+
+```shell
+hydra create oauth2-client \
+    --skip-tls-verify \
+    --endpoint http://127.0.0.1:4445/ \
+    --format json \
+    --grant-type client_credentials \
+    --name opentdf \
+    --secret secret
+```
+
+client `opentdf-sdk`
+
+```shell
+hydra create oauth2-client \
+    --skip-tls-verify \
+    --endpoint http://127.0.0.1:4445/ \
+    --format json \
+    --grant-type client_credentials \
+    --audience "http://localhost:8080" \
+    --name opentdf-sdk4 \
+    --secret secret
+```
+
+- Update `opentdf.yaml` with UUID client ids returned from hydra
+- Update `sdk.WithClientCredentials` and `sdk.WithTokenEndpoint` in `examples/cmd`
+
+### Start OpenTDF server
+
+```shell
+../../opentdf start
+```
diff --git a/examples/oidc-hydra/db.sqlite b/examples/oidc-hydra/db.sqlite
new file mode 100644
index 0000000000000000000000000000000000000000..85296c122b79a23ac3e49b0d9e5858ee8cd5ae5b
GIT binary patch
literal 397312
zcmeFa3A`&=UGJNH_B><<5D6enZ(3T;0jj&^p@D|X^PI{gP}G=IhN`5hGB(p@P(TG#
za6p`JLPb<WMR5SHf+BLg>hq&Mr{{EiK8JhN&%Nq%c&jq(lf8Fp_t6LMdD}{#{FBso
zjlZ?lf2~#Ny;3TqRZBiobfd>xXPD<no~<p<%g)X`9?w64Cl8*h$6tUqJF5@ib!+Xt
z)7yXYJj6X~*Y~HMUEgopVY0rz_5G#qAAEn{`)%;w?`)lKojXPS4{}{T-t$jOTOL)D
z<cT@xg4W>pp{371bFHal@SF}Vv{3tUOV%t^<SkX#I8!!F`xUu|KquY9eLr>o*12z<
z?jlBe+~G`B;yU(Io?cu$3Kb)Pa^#H7CJJoiERhXIYG)U8J<3@wdl#JD28q4!45W7F
z4UZn|`|rPh>rE+(7rOFA+>1Ad%Ph))U^;R)iKE*`XW#+Sv0v;*B~T2-1I61YLEJgZ
z=E`STHl2RqJQT=i5$48FBiXQ3vO^}a<wz`2Ttr%>brz0918ll{1}{^UrxI`RcA#>k
zR$c@Kb`^dRN;G8Nk|hp|nQ|f%DU}16yd88E>LS$;TP#MhW$q%>B7VPfk?^Wi`C=jy
zDAvzXk^0e{*8aX9dvNP~cdfa^t_oV81C6ChlZBFtO9#&Fbt%r>)>>RXyA7J^t6sae
z?|<;Yt?zj0T2n3fdLH{58f+12*=Bbe<DzEQ-`voe%aUq*Pre>+b>*fOS*T;mplPgC
z_^Yos#5ZI~HDuA^hK6chjko%IL;R+}gT}F@ec3VgjXlbc&AzUg@{LK{kiRMF{Tq~9
z)Zm8r`dE{VRXv?vZ;0R5yQ(;~)pLpruHO*f(#^+-d~^I||M@rP-_@J?;}+nC@{77=
z@uGD@<KI*H7yXx$Cw<TxP20b$KUThCe(jpCS$Z&#gryt6N!W9RqRPgmYTZy1FfH6%
z3p@A6iN7h!^@`jS-;f7G*}Qom-W1=`JF>>fn$!oAs5PH8xt?sb^o!{Nl;o}_y0gJ+
zKks=9H@zx~F0^geV5&_`)tVgNZLU>jl@tQsl+@6a4OLV0c_LuuxESy2iQQXL=5SFQ
z+u5v@<MP{!q`<s+eOg*okneW&F({3w8z!e4YE#v&xBU%my*7_s&VK#Vs@JZ~a0_|)
zp#-Kh(YX?KDmUc5HVd!kclrIr%xho1Hf9{==V2c#0v7Z8<<!<c{hLx&4B#ll7O!b?
zm$RMDaNg6`({-rx#hPN(c$<=1Eeh?P3p|MQIEx;I@0#**Nuq->w=9t3WVo?0t`$t+
z#m?hZadW%gOH$XWc<*%tZh&8{?k+37_UUoz_}FWf&S8_Ex#l4*hM|LVIJ$HG)SZ3*
zefMphKQ>>0X|grejgGl`-MzH%dSG?=firul{D3Mwun_Xf*m~gZ(0Jf13>NctU%lx4
zc7s1~w~KEGadhY5-93NkKBs-jsu&!ydbbDmYX|n8?cBG$@6SP7=MOKoG-6Bc@mx;@
z3#9qBWw{^++n26luVl?D0d|%ZUTizAQtoPWdr^Be(An+vP<PJvZ|(adphS0WF42a<
zY;RgxU(N2KOdx?9i*x7Px3%wwKuHSow!WIs)z7yswf$9kQOnh2c6J-5?{1QOe*zjK
zbN(=}>GKDH-8(-4_VoNoz<SSb0h>I3#x8i-^8Ev_o*dYhzt{IhU)xvk(Z2hAd#8VK
z`fH~jJ$>KlTTlC^)ze2$A3Qzr{*CvyydU?z-}?^l$omR!*!u$SQ%?T=<o8cLdGf)N
zcb~laL_A5JASX{h{+HuFIsT>N4<CQS@f(iS<NPso{Osf1qd!0T)uSIj`qrbj9O*}u
zqn8{#_vrZWuMdCo@MDMHb@=wf;o-{<Lx;~leDcBH9sJ(GCl0>v;9Uog9S8@B1Ngwd
z|Ihn>y#ML_AKHJ<{`r1uKetcr-?zWB_kZpE%HEIdeaqgL?rD4M-i!CXaPMgMzwiFW
z?oaQ2=k8bRTDxDo8{ECK`=p)!x%0a_KezLNov+@R?eIJCoriaxw*61rf3*FJ+aKEg
z`t8?k%iF1KWZQr1pKkr(tzWqH{kPtI>#<w>t=KK-*5_^g{nqbo{oK~~Zhhs}c<U8g
zAzQ4qhyVO(+r$A1qu?I`&mZ#_oc5o8{$@h?&!4)PkpA<}+e`@m`BOF%+<*S$%>?tG
zKWQ^T{a~DKEH&akKiy1V|G9S~!5IJf$z}pHINnTv21lC-(BN=00U8`^CP0Jz%>-z$
zx0wJ9b~h8C!Oms^G}zuqP@uuB%>-z$wV417JevvWf8Az4_+Psj;QrTa2AKcVn*r*7
zY%@Uov&{hZPd5UD@lQ4b+CSb5DF0|PApOJ5fbd(J0q!?91I%x12B?3q86f`tW&r#3
zjR0o++Garedz%5}?`{U9zq1(-{`O{o`_;_=^S3qw)Zg3;5Wlh+z<zlF5Cla@gdi6#
z4p_f*2@uSR_{9}~k;TQiLj-O@*bHbtzZp>eS8WEQpW6%w|0_2G-2aNr0Q0|mGeG@c
zycr<=#%2Kf>l*=Z4z<mI_E$Fp%3s+GNI$z75dQLJfcs0E0p>4m2B^QV86f`rW&rzh
z8v*bP+0B6VXEp=MpWX~ee`+%z{K?G#_a`<3%pczjP=9PQK>X3o0QN^V0^k|Kn*r?)
zZ3dJ-xEYZCz-B=BU$z<G{+DhBnE%nu0QJ9QGeG<=-V9*>i|&HO$_HDx0RJOb0lEat
zRj^z!`RNM)<A{B6l@xUqtdb(Hf>lz)62J^fBh;E(!q)+@2CxNy5d<L-Y?(7CgCD&M
zU<Ae&m9PP_1TceO2!moP<cC*)Mi_*|U}RN~hgX0=DHI_nY*mkku7XuPpt}HpDFk0-
z;(y^B0N1+Ab*`6Psux@Z%L4nKe+9rxU+uqh70`<){@YgpwFJ+*3YHUs|BJ2yVj1JX
zt6*7d|8uW`l~!MP6|A&+;3`;Y^_&%0CV{N-IJ*i~dE9>$tnzsFRj|tAzN=uR?z66d
z3w6KXDp;xe%&TCf?lZ1}mAX&A3Rdd+uYy(07rPSBOO`cWz4{lMk~OfZ`C?D9239p+
zY)JrEhFo<#|6)h723G1WHY96cmB(T~vIbUpEVd&6EH7NN;9@tj23C12HY00bmB(T)
zvIbUpEVd$RVAX<)oyc8q(SnPO$QoF+;9?)L239S&*oLfuRSPb5A!}gOf{RVa8d$a9
zVh^$gRyAL2LDs;k=8GN38d%kQu>nB{pzh)l0(P*EoIlOJ4Y1|=Lwh^>Oy3{+zR~w4
zU&mMUF}^e3{^?(y{%@y0ar$kiZ#x~F)=pn~`bDQ+@85d=ckj=5zuWsx@7ViFZ^ZjT
z@8_NT!^!_~^7AL(fATdauQ`!UQYYxiGfq6m|MmDY$3J}h-s3kOw~q_Q^zr@2dq;n9
z^lL{SJ$m2KTaWrj)uTs`9y~fZ{F}qyI{f(I`w!o7I68dAVfgR`hfg{9`-9&<_~gL{
z58i$7>I3m0d4L=|eg9wf|78D{_CLJ;4f}7{SNHS#)c&*gclZ8$?^pMJeD7QL-m<6f
zRrX%8_uReX-M`-b&E1dfe%J2XcZa(#-wo|PfA`5df4B2{JD=G3zMXgNJhmh3BzE8(
z|Mov`|MB*xw|{8+J=?F}R<_gI==RfZ{qwCqy7j4BKXB`7ZoT@Ja4UZ6p<7Sg`iHIG
z-}=PX2e!UyYqIsqt*|ZD`U8yFTbs83p09Brl;_<Jg!H`2fe@arb|ARts~iaC`AP?Z
zdfw?k5YIat2<&<LW`Z%EuW%r==gS=k<@quPLVDijKnTxU9SH7uivz(tU+O?m&zCq5
z#Penc0(;)HnV^j4jShtNyupD`o^uC6dR`A4{?_$gg%YoG0QhSi0QMROfWF!RAdfi!
zc(xfJ%+vwU69+(z9RN9U0L0J%;FbfxOb37(4geWA0Jy&yz>MwyXw3moJqJK`9RSgB
z0C?L0V5$Q^TMhteIsjN%f@}MK`7*e>o|Z1amHofy0BFGhP`m>mU*!M@&H>=BbO6{Z
z902-q2Y`IB1ArTw0m{@J09|tcRMi2H6$e1D4gfDZ0IcKy(4qrC3Jw6yZw3gHa{zSK
z0Z<tSK&Bl4k#Ycd(g9!z2Y|*M01|TmaC9?(nTP|R!w!H7IRG-~0EmDCz+dJ7u$MXj
z^ic<Zyu<;(FJ1$SRpoMl`l4%Kxj=p78dxq+nY-Zf{-3@EmPt|9z%nUv1+MP@iA!K@
z|Bo-hwf#S~1}^RY(G|G5|3@ysmHj__0j})-AHD{b^>}CvT-yIb3jkL6%Z<Wn|Np{k
zV7b3}!Bw!@-#q^sSnhA`Tm#Gf&FyPoxxabdHL%>@e9<+qEcS!fz_R;1_ZnEX`4?UT
zORXNb0Lvs+yT|8T1Iqws*T6E5`>%mz9?!l8mg?Sj6|B^K)-|wH_Y1CprMl0&2A1kR
z;~H41`}AvIwR^k<mNkFcHL$Gt=U)TMnm_ddEJLn3-sfEd%RHWP4J>0m`5IW}@uUl|
zys&CP-!-tz<MbL>=Ha~tmPwvm1IrdXz6w??cytXcTk!B2ShnE7HLz^K{cB*^f_vA%
zvITdqfo08iu7PFEx32+EbFfuimKFt$0(cGkF;@hkGDm=Z=J*31-#_~Pr|++Qf8qO6
za2McreZT4ZHQ#^seaiQ9zK{7n>iZGj5Bfgf`!3)6!2N-*^L@4N?Y_5y`vkA^&3r>&
zAKWice7x`FzACtHknzQRA>X6m{sHcL*!O(jgWx{G7x<p$d$RAux9_`k`cJ2ScltNr
zzQX@``bVd~clul4{=zSx{^IE;PCpLrGyLf3hfcrm^!?y|!#ACN{pq_--vRDBy!rI?
zr;nYE!2O5rY4cP#eFeA=Q98|@CQifPe#9fE#3_9G0&rjAIj7G$^`AcF)O&hxy6ydE
z@85&_6o2LYGw&aJe;?eh_;v4p@qXI-NpRodC%qr>{*d>B;Qqz8d%xNH9`C!seT*;j
zeu?+>-kI0(YTlMt@V?wz@#eir@c%YE>ZQFXxWn;9-ZSqry-)R?dJnv}PX6)af1Lcc
zlRrE8qm$n~`HhobIr;R-Cr&<g^5Z8T2LA`d`%m6?@?LNs<eevPJ9*Q|YfmO8#!2@?
zIeFDd<D`6&J&B(LPhNaNp1>#1KY8xSvrnFW@|2U4lRa>^<R6az_V_Q4|Md6|j(_|3
z*N=bs_*2I}d;C+!A36RIXdL(9D&Q*MD&Q*MD&Q*MD&Q*cA5wwc?SosM&&=&F&F!b>
z_7~^&Q*-+ZbNlmi`^mZe#N7Ve-2Uv`{-?S9nYsP=+<t6se|m0zYHojWZhvBKKRUNR
zKDR$Mw;!3?AD!DDncE+p+Yis}56$g|=Jp5Y_6O$n`{(w9bNhXB`+>Rr-nsprx&7|B
zegE8k*W7;R+<wR0e*4^h+uXiyZohSIzh!Q}d2YXHZohGE-#fS8Ft_iS+pnM7ubbPi
zo!hUO+jr0HyXN+*=k}}S_ABT1opbw+xqbWGe#P8=`P_cl+`esY-#WK%ncFX&+b@~h
zH_z>x=Jt(q`-Zs%{{t#$)7S58A8ftOHm|kKYi#ps+dO8QnQf-Fnb>A*n~`mXwy|tu
z+QzWWz&3r`=(f>p)3Z(2HXYlvZKK+zWt*mL6x+zQk!&N{Mz9TUn^)O}v&}1Q^9tL%
z+%{iqn}%)bwyD{sYMY8}Slg6sQ?gCbHU-<{ZIiQ2);1a2q-~S3P0}_A+r(`XvrW`C
z5!-}q6S7UvHUZnb%r-Bz&7-z?iEUnNn-|&U5!*1fp>0FihO`Y~8{9USZBW}Fwt;Q)
zux%c)4P=`a+U5nedA@D#*ygrvo@bjcvdx3Gd9H1~&^8a)<~g=Gv(5dsdA4otv(2+?
z^98nfrfr^Ko2T2xZ=0vt=JRdyRNH)>ZJuJAC)?&pw(;5K)HYt*oY>~rHb=HOw9SES
z_HDCgn_b)N*k;={x3;$r4!yvWZux$|1OB-WR{>W6R{>W6R{>W6R{>W6R{>W6R{>W6
zR{>Xne<uoLw{}<z6GVkj6pV)i3P&JZMqr4B2^^BaUub|Y`3aH~6cqgF5d;8Cox$`Y
zDE0{WGo|a7?C<}#e81rV|J;YGfUAJ3fUAJ3fUAJ3fUAJ3fUAJ3fUAJ3fUCg&VhTKO
zn?1ajy99Q%kSr7Fv{Xt-W_v{6Dvn}_!UW6W#rDt$Hz%o>p2G@yAr~7OJgp=HvQ$gW
zuxMzEb&0V857Us@D?pKS65+<}G#NK5#Y!-$$t4Z#hX))wRD@JMDMWi_DKhND%Icul
zuTuz_QAZ7PkkSg13|p&VVJTvTG-H-4HmqqgIqlJUxmG62aV)`8aA}f~LaA&b(dChX
z*$*^ZA($hKUV{}vF-$}VwasVxc~%X>LadU^jXEaTDh=a>Al+}rV%0`E&nDCOSS{pn
z(hAV=elJ|Nj3JXYC8*SmDqR9I`qgT_5otu24yEf|V_He&hl#{^9H=&G;eNegmW&=P
zCX`A7jgQk%AdG3)pwr+2IGyRjfo6N4Mw%#Y#^89B8Dtyspp=k0CAu(3buFzB5|mod
zjCGYFUQ0Ey9YaVDt2E9CNT=6<r!jFfq-G6Lw5G*^(4Ru$tkUH4K~(PdN(@;F4>Fl5
zQXWKONG=<}27Mz@>lFhuVkW?CAbwI+Mcm4!##Cnzi>iZI7VT=h5EYWMZa&r-5qV^s
zA2i8gp-^u!=rk;~g&y6c;K4A6YpqGEqUQuDqQOE5ty?X4P^nK5Na=;Mp;*l5hQJBP
zP%v2!5*jJgQUV`rrOD)=JJgB=MlouUoZ1Uw7?cYKQW1Hq1{(v6PfvSEXch=UrqO~F
zt3Ha?@lrj}q}5nB(g-rWSY{NV;%cVIU{xU!l(S}S($~0&8VbnO?z9;+leu0!n^D_^
zv_;mavJip0NUJ?f=;1g{3l!Rm#iLzZosLu0OixbDO4)Q%jZM&;GLS~o7SSHGU_3Hx
z467o6k3s@l<#I6*uC-@Uk|~#mnT}$Kq%bnVCA?P7KqIVUaZ+^{tY-62aTH2VsL%lI
z*I~SfG%NX9ZjvP8sL(YPx(G!^HKNf(s$>sigyL`-QRAg)DNu}ua4e^{bB5Fx(7Gtq
zD&2&pcY>pKBW>grh0SGpK^#sa16T=n>bQ<{`$|n7xB5^GFJ{!-U>FX;0~Yl3X1ZpM
zH8b9+q;h3gOYzxYg=g3aIvgWXyxvNdU?eRjLR@jirs}asep*AVPIw@Xv?QiZqV-I>
z!Q}L8nxczDi`A{Rk?oTcf*5DBBt2}m_)4nXPbTVQBQ#2L1uHRB6U7c$Cex;vqYaCW
z%R@CscB^$G)u=|oBMBaB{mMWO4fI^I6UKwlfnh1RW&=(t#a=Srh$)FOmyyg&y;04Z
zNFp{-%f(V7W1>ud3eM853!_3#?J~1^C#$sZX;@FyTZ+!3wQjmmOt+FDxfqL3dDIMy
z$ud$J<OM7hiVnjPlNcxlXOT!(gz##<&1rhef)yF7rty(tR?Gk<i=<9eAkrvCx>`)3
zuqKHGCh@Vz;ids0<sur^>sh^{C4@XEY+Ra|HMS#U>xr%zz{{PukQRp3iJBQAYHCD7
zj2MQ8y^csmXM-+U?{Gu{AI}nz`gDNwMFX2OawRIQh_rxUNiM8Q3E(6Om?S3QaEXx1
zq!DV9J=~n8=!k)eRU|?rDuG;-!UHN_FZASOTMt1M2p!T=r`jYE<@N*&3$ES?8)lDd
z%7b`uz!R#9>2<hK(9wxjiZxr3+2j)8NTy{(Qr0Nm>gFb;&Tv3sL|{bs2122Wqd|?Q
z$4X;3jKW})AZR0umC~X(ZU>^_OgEYlaHX2j3zaH271+9Eg<xbhNsnU;6HI0Tvq6H!
zbV#d-L>a600*Z<^lVpE}C{ztf<WfqOj!w#*alMewO>)g}h*qFFDNm|RmL;ZExRqoK
zs#Iw!crjekg>>44>0v;_)1^ohcv7+w9N}teIz>mlVS9`RCgnOFLrbmV$jp^P$%NEQ
zj}?@ZSUx?FBFVgASzNViVrm=-)x;P?^$MwwMOtQE;gj+(SkJecRMIpfC}L8Ds@h5S
z8zUtM{QjuM6*?${WeR;bp%%0$Z3(o>A)S1I%%<YKaW7RhQ&|cfbgJ=8e3T<(RTrp4
zAVr1HbfaCB@G%r>#h6xGmCb2LDp$wTW(tajOO1e>5m2d{5tNj|*2c8ZFW2L&5j8s)
zr<4^I8e~(7stJJzBygs#6YwNh$@EcEjR-}!fz1YuTA|m)m9o_83)6`fV_=;jgj74$
zOtNhlAL2X{;#sR;!d#;ijmo3ORFca?a1@OUVgaK!l6%cOhiiE{Ux@}g2{E0VX2$}Q
zjRYFw^d#6yqGXs(C+Px*l#p2{T<cDCBPqrctlk?^Mp%c7h4LiUF0`9flCE~!aLeq8
ziE$rKb2(l$XVGRllxPK@mQ@(WwRCTmY0GeO2n7Y;lY5dTOa^FeI+D={pKj4@q+T4;
zaz+9_h#<wrtQa6-Xnlxhqk3mjXtmpH83uDe5rs2_PKO)KB8nL+1k>;|V+5uOTT#Z;
zY%po%gmEfkYDr3s8PRbwY-tRhQu2W~8);;UrkL!9q*}6>Xjc=&B+`T8wUpM$Hibc>
z!gpqo2C4*t9f>Pp+3B=76r1UkSej66Fj`w0SbFsF5G_enD$XS|byBHxLsq=fA%upd
zg<}$(8B|*)Yc!A?6`J7VP$iMos{Di-<)(prQ<?;IrL9Y`85w9pR)oxAaF-uJHM-s?
z$GI{>h4RhPpvz*j{!kqxBIDS&p~skE&QK(4$c$!nt2i;p3R}*1`{ky}>sd4&&cSjP
zi3Vw^7{>DPep9cFhm~+BY^8@x4`L>28rC$vH7(Y8dJt;2*p}MKGz$SK6_<pxhGv+d
zk*+jpn$>uC&`gEImf9*p&4h}mxsWDsZM<WF1sfG22;EF`^+B{7V^Kyff+++pbc#Yu
zs70-ms6#M|bwc4%v?5k(kj`OBUZNN&Xk<!7YGRln4s8cRWGAT33=W613{lilnQAm*
zq~TF3TIqC0M0mzkGD87w!yFn=QV8DHCY5SV3Gk%^kHjZ~B*(!@JxbK_y2S^XWI8LD
zsYb9I#iZ^iMB*_vuGL4t^%TP>6Gd7D&PdhJVkJN)jaHx&S9)Ep*MfU^xSgvqp=qMf
z;jBcfl*PwXHdYnLL9f^-SBTKKWU={d5LSo9R8<({%jt*|>y$ICxY%g()KJ9esA3F@
zXm6s;pkO!8cSxp*vGq=@Uoj}8Gwn=9l3<czZ&H>DbS+hlmT6gv=Lf(w^q4NicS0RB
zJFRoLNE)fgs38a1Mm@}t;hZ>#x5BfjoSz9|SFXom95wE<T%}zmdQ_CG>BB;$F>b_F
z6d`M%d_h>tO9L&gl=^Zj(3hrKnl)#t9vDwjbOFK2e0?D0scEhSGvc7n)-(DPbWn&h
z8-|2Mf{}b6+RlKVNs5NUfnv83YY@4(T+dl#XjU$@Q)MkR4b_t@9vzjLoT;MG7M9fl
zoH+s`Tj>oOu_8`LBJhc0)RIxEfi?xTH|nxbcsdD(CR5N=bTk)Ydu&b2h<v4xOm|ES
z@Ais3Ef=yzLnaHMX%C{HSt^!-fTzVYwAaZ*a^+||nSxcYhMw^_+NsF202X$JoS(!-
zVNEH)T~^K5hc?C_AP&)KO9{5uRk0RU%CHcosg1xa$i>3bic!XEVyNATlv$-w92YxK
zt2BuUGgTcn@l>Q1$Z{qYGaAv^tQ<#JqR@+*jX@(94aY_>7gW?tTTHcrcs;G?VWWo6
z+Oa`7R2@vmRzph#Xl63Z#?zIm(9c9HmJfotI5Mr)$BA*Rnk`t2Y!!=oJCZ^5NU+LR
z5lM-TK=VT-g{?C2ZbipH@yEH)L>HQ5%|JpqFoIh|EIG^ftuR{FR4d&aj~b1Pf!AQ!
z=oU*%sKeK*CCZX&h*9lzClr~V$PyXgP&pBVD22hXyqFs?({?<a309LaJeOdH;AgOs
ztw2wnRYf$M#CWY#(GrwgYcL5^n2Mo6avTh&!E{_6V)+thR2s7$g*S%{w49g7SbsRf
zVN;GaBZ!=75QQ37YGvZGUJhaj2#Tkf5nDh|jzF+T94w9pWkww%F&*u4Y{f(;8N8BC
z7HQNFLL-<~F_GY4)QoCk5(<%(I6mZfl8FggRPMq#s@ZQr)26H%QlQ+Kq>6pP$~NL-
zE>2GKa*Qk#*}gtW1sYwp4px%+KqT3RIH;Xb$?7OmqYIf{2CNSYI63K#41z`C=rr0?
zv{E)M;K4E?PLeq+BeB_J9g|ZKS?-qWX$+CaD4a}i86H-%N~&BE(lLD!pP=~`M2%Ao
zNvqeRP*muID|oM|Nd<u#tDJ=konUPek2Xemf~BPrk18?&8w!Nx#(^@~tVwW*7)%R_
z+3(eR<!al+$CUuiS9D~m2&_5_=7dBi)ffaz-AaUq5FuJjXCuv*fJ41-2*$y8^JfVD
z2yFj*2<(PYngLfIfni#b6_SuCNFrns!og^Oz(J-wL||YgfGQNO5YlJuZiM~)|1BTw
z0Vn={BY3<2SxeYW$W_2qz*WFiz*WFiz*WFiz*WFiz*WFiz*XQ0pn$Z?u<X|S7qTB}
zkFAGzQ3OB74$XfP5<>+=5=jKY2!e)i38Nqy{Hh2fQ@p^)A}XQMJ^dg2w}f4aWe*pb
zfM0jkROumATI4|s3Zh^z4Z*ww^1vk#Vn_i4w+nEZQAkVzKTC2i-~ZeD|MbDTJ>cBG
z{|wIgbI<?(H=O?uZkrUYpVW@i?)m?id;UL+y669I_#FepJ^%me?}ftd`TtiBsKwm#
z|F24dy6692l>~9m|Gz2;?4JJ*evA3a@Bg{y|6lxK!0LQ+_x%5hpT|R%XQ;d9|6fS5
z{HZwDJ^%mWR|(<&_0IpdkNdv`ekJk{{Q3Xd@Bi7CVc6dPd!F<JxFO?K!BxOjz*WFi
zz*WFiz*WFiz*WFiz*WFiz*WFiz)=Br|L-V`3tR<U1zZJO1zZJO1zZJO1zZJO1zZJO
z1zZK5FbXXG{{Lkj-^+a8`h=;JTM<_QR{>W6R{>W6R{>W6R{>W6R{>W6R{>Xn&$0rq
z+GUx{*1i0t{pPa*9`7)~Td&+@smwhc<-hTqfGg=^kKp7(Bno3RvN&wed-Ocd;m*gl
zeA?+Boff?x^}g-kzZ^Wa|M8uV-Tlw=hs*yy%i8^al$<xZ{X4I#Z+TQrk|*Y%t6DP0
z4=sKEnVYM|>EJ>O<-qR&n3gPY;6w*bka<HkIMp<V;03+6a16+-|NlBO<lZu)z0t$0
zzh2*Z%fl8gbme=Cb#I}lP%#oHN6yNDU^;SkZ*h)pADw}RD%p1as050kc%XP2Bk!E$
zi-}C2SU*ce>MvY`n=5-M97+&(&a%1kSr!~$y9i|tg*N!*0Xx_#wN0T!a6ZO7sk3sV
zRz7;()}Q(BzklmX?^_e5J?<>(0p2|GQuQ9Vxc<Ph4(3`V9w%#X{^}y*rM;n)BiS%j
zUAqXL$d)6qNOAEw9Ek?lbomUvB0xu;O1#BiM6&C5@!_&oq9OBk_vPnuot>2vnMkP|
z$mH$ttMo%`u^7pgxx4UkBK^)q>hm|3^1IfE{SGI|eM1)Qj6wKIRkB<0B47K%(F@PO
zAtq-RePSM<7>Pzei9(UmnI>Cf-RPLNRq4)IE(_wOBcKz80;NzO9I>yk`LNwBi=bY`
zM5uh{&96DXweJsww!Um@t*Mv8xvMwzp~V^UU?`i`rA~YqL7Te6#zY=CTXb@<#do{1
z)|_{`Rg>G@{G#=)cX-hJs-nuqT-J?ou66mFJN<gkyCFTXtIC?iEkdutEe6rWFteNG
z;&IVF_La-MW2q%KG`gUFId?@vmQ-UA>c((m-sFbnyz5-;JWDrl(Sa1cYsw3S?9+Do
ziw^g%h-JvOC;8XrW%M}}oYt()JNV`9eM1SOxnd*{%i7-V?Dj<i%)9>`(0ea>{GwAX
z0-S+vzYKA$?=R}jW)lTAa&~*wlkObdIVaDz_WfL7>%2an&@T1zwxx1Hmlr!-)wDQy
z(pL@H1nvR!g^6>(7cNIbA{&m>F8ltQ610b>bE0Rr?`FTKWa-?q=Whn?X=1*d@8$XN
z5_|C*O0V1Z2LfAfLazIROCg<$`l1`W!KEZt&cIZg8gC5^;0#v7i^Q)^WOu87$uF;l
z*F`tK=ARc$zcxVEhvzE#B2XwE38l_%+hL#clC$S6{=^dozX1&%SImk%@6ICXnrA<|
zeNmxBOC8<uc(w)qxW0A%y6c_HdC_#Y%GWxaW28r%JD+2mD?R&KM|6z1-YM^NtNVWH
z{;hN0S{1=kfdgv+4ovbKn1~mB23$N`mU1~D*GI~gD0d43fUPVT;vhAk=&dJ3?!US7
z+et0^I(T~keyRI+>{ZR1U$fS=0k|lYyQ=yBXH^3l(-UGJzPT}%%ZYwRlvj<qcIjEZ
zhj;h<q5GWDSgnjWWc6<E{HZ(p{`>CRI)7~59ah&@ue+DM*y{4aXFZ@w4=kqdwQ+Ad
zf(P!dAs;xims<8R@zNULfngu4N9U`|4I#jU<lEl&=b)|ghv(zS6kBqS=Xz?>;4QHD
z<(7+J&Xl`~?G~;E*tz5YuF`AK?eTRr(0qclSK9MT?ws#~C1M1W=+4b0+EAG7P2>D(
zb{Ay=3EWs5pbeO-AyAUSyveR6boKMCOHFu{Uet0m>73oh>9twsY+Y%4VSdq!7jq4K
z$9w!&o}*je?K%G1<Ch-2>EN3V?%(_M)BE<c-LJp(-HZSJ6}$A)Pi+Nk2lb|ugM(VR
z&GlU+aA4OrU8`wy!&Yx?zjZ^XW!>!s?0n7U@f_avv)I=8i`KmRa{MjMZd`2><~{q`
ze6<MkoJ)Q4(h9;Mk-P5yQf6njmka56Zg(R3@n7vcdEZ|uZM}KXH7=(OZccy|yb3m1
zi%xCYo%<ewV3#`3a+|v<$i_rhOPclVfGy&xkKM-M8}~T&eUxQU7aP&L+f0zi#%=vP
z`HS>7wD^4K^BvOpllJ`&KfLv+@ml9v)<x;+<4bbb7koEV-sY>Sf~}ycahEo9iy~c=
z>2d13wlrHtT)nKX)GkKfV!d^@{mr}gF6QxW*i|ixx?26Oa<N}mL*Y_U7db8KXBx_S
zgvW`rcH8AjtW{1M8tT&K@KUtLt&`bN`<G&X4;wdIi#lEGsIJDj5W=~5i+*`2;^j_y
zbzA4KBG*+(<V0Pw<jL}W%PP&suPrz$)*i|0qim%sXhGm|3+ILN<9&apv~@n%;IZzG
zvNeamEgS8+^V%5v_y%XTF~WNK*ZtbYC}6?6xPQ0UNXX|$d;V$3X_0ej2(NjP^*UbO
z`)v+{zaesdaNs|Gfx7j^t?TOPf-*GcH>~XYz$<sPp2<b`x~TG6oU421HMBW7bSd<P
z&BD@uJ#G@*<CW-IdpvHEmu^d}dd}Tgiw1l3`To8i?1=8E#qLIS()DuVJ#Kj9jl%if
zzF$?h-u$}jPXBSEU+PYe8ydc0x_I2ktGQ%@+gy$74G!s|QCE)Rt{>kJ`g$AP<m@&~
zN;k|#pPSoNYkP||M{rT=)y;)->U<a6!U}D?g?0Hx?b<lFIt(udeAwB!T@H9T#cRXp
za^Op21}J=oJ>S{$tD$=u9+#84@{Q7E_!9Pf``?=G<uP_S-G{(khll>d-!9kAef$0w
zJ-Bs#xHdOj^hyr2>)jc2artCJZ@L!YZr@p;ySH<}eEt!C0AzTdV}`@Q)jao|XN}8Q
zFQVR<`y>9;gE#llWs=Lzv-tGr8@cnt`KIJc9=z^;H_vsKeD3BTPoPc7UB7*H_e(AN
z;^o`2hTM~T!t#qB8*g0MUhK*jUvz-)QSFVCHRbw-J^~*Ma5v*(*|?fjz-n=^BK|ks
z`aQbiwYT?+^Z!o3yJP#K`*0O-6>t@B6>t@B6>t@B6>t@B6>t@B6>t@B6?kGP;GX~Y
z#A;8sHm(A$0<HqC0<HqC0<HqC0<HqC0<HqC0<Hp^6ma+dn^bYHxeB-nxC*!mxC*!m
zxC*!mxC*!mxC*!mxC%V66ma+dPptNIYvU^5D&Q*MD&Q*MD&Q*MD&Q*MD&Q*MD&Q)x
zNrAP$|KEh&Ypw#W0<HqC0<HqC0<HqC0<HqC0<HqC0<HqC0#5)1-0%ON0FCHY!BxOj
zz*WFiz*WFiz*WFiz*WFiz*WFiz*XRJ6tKVl-`@I+=Qy(WHt@oNk7e*If@cam9|g~S
z@XRltkAT-_g6AQ4g5M+c*gsYET=4ut@H_+0`@u5|o&oTD8F;=FJXhRi?&EW+z+0K8
zJo!AsW>~M+`}P;JhhDFTB}5bzMH1#kMiMC;g%KDfNd{#IQW8moz%W!$5QP_M5=JSJ
z!5EQ1a7w0mnjj<$kr;;J5kjDNM!_Xs5h;lx1QM2D0g)*LmPnA0#Nd#^U>JnMJPiqi
zC_pI9AP5N~A_B`OjN%ZCLkN6^FpnU}BLw~sNf8u*zW|0GfkBaY5|vN_5>S$ca0Nvm
z8bL8g5<o#PKxGD>nIt<ikyb96&c>>pPDZdKb)=>cJ}b6^u|}gcWrj+sBEwleoK24>
zL>0@opc;;qsi2ub(L$`A)U#<CO*Trk2|Y?#NJSci3nhi2C?kf-2|7n31X}I{jBW~V
z28?o{rB&;*d@>i+#f~I3kw8T#>ceKRU#BWjriR3ly3(Fb(pjV#%al67JW+|~qGBJW
z*mf!eDMP85ZzW5pP#?wEY8e-^35jZRdKc8Po~ky`xFk)Hlq8kLv3w&?sq2-Vpzwo0
zsh6K138gy3hh3u9qWMe<n!rlYs2MXR3g?@NEQC>oR=men451ZB;bV@R#51Mvc#;kf
zT_6F*Y8+NFa_M-@Z0YG5Qyt;WXt1WplN#2bNkmO{dkUiz649X$5-fhu)4J$%LY3m}
z88;RJwO&2c)HEwx=?;ZR0cB>goF0^N15RhAWS6Q&QZ>BUh=^?>Dx}NdNq?M4lroi(
z%BKQdMq_5hCWi+(GabWNCP{=?a@?}2@?d}`^Ee*BDr%+#qnMHA`2-dgYb|4phEv?E
zSWdIGRyLrfb#aUg!zH>e!h_@to#3R(B7`-mOeV8TU6Eqrl8mJgH9Kiy)0S?9j6l6l
zLKVJ{i^Ta(u4|5EnoRIfvxMP=zN(0oN~Bn6D_t^J=~hPAuu*FaOOjE@@DZyo7fQWG
zS#D6>@US~;V<OXzVKb5waflj9omxAPO*3_kNi+RGD`b@6NVkd<Lr6(aDrE#6CB(*{
zk+I|yjw+oNE+(wnKyC53Zs8&xm#BnH2lYm{5U65Nx|Wfr)j^1DSUI^d%csR?InkSx
z)75a4Dksv7aFnkM@{+`>9W0U>4r6=_O{H6AzS$4!Id~j}v-%Jvv<RexCQ2mSOGHw6
zCK9galq5Tv=Icph2xkIjOoTHDNXiG0L8+|tSPUKXx)B*2B9TcQ9$T=Q;o3S}Zl<_y
zC}p)sGZPGoWVk^NI+I2+I1Xu0RiFdo1c#-QeThaonm!7*%F>KWbzX8WV^<IrLQyat
z5-1#ja2bIi8YXZ^W?&RW5P~EH<*oFSZQqqz_g$DQ%P2*|Jn%RQDZ&zhksyvFixQ4w
z7=tT3kHRE_3kYZ{iJ)kP<{6UWB}%aKgE0anc!VcNg<)VpMo1Br6&@x~iV_eo&;*>2
zU>SoL7(pSNVi1TyDFKpcMFAfqkUvO&-FLy{BLw*n#b7jj@2)G^6}3SuiRAGL1VyZ_
zUI>J9)k!Eau9HR3vvMUAhPo`<;FTPcpTx{iIV4LXSV|KJRUk5>Xrx-K2CQBwSPP>w
zts4k*XDXxD#x*S`R`^aHqRGM}O-ve1R;=h6re*5Iq*{&W88%*tkK-*WH5|h<)es`X
za;V=Ev#}Q3i^TO#k2fZf+K3Gd*t(et)P-zEA&Pp1R5MyMKZsQtxyZCeC-aRS2@An8
zOcgWTa#d<ghhZs~tmLA(XseV!8$m`Y1!@_Ro=mdAU~C5WjqcRKCi0|24%CU+ZxRHf
zRYQoG4A6C+j|5GHGrI;)hv;w=8ioTEka2LxLWEjpVf!c7qf@wAO?IIKk}=1)mRG}3
zV%+6Nb+i@kOYMllj%vUOcSoi^XwqyV&2kdT_VgG(tQVqKfNpDbOKk?ykzsbw8Bb?s
zDqaic%0tVFn%QEr6V60*Mwe-P+z9lcL5XV2#-orTjGEEWq@qXUQLJxaby6p#UZNgI
zmUD5nfbf$*p+{Q1X&HE6a-b7@K5Vgxpo}SUqS#hL!TwaL3w(l&jfuQW@!>=<FyI(P
ziEEtHL<@93&uhWBB8A2c7@p0nOo-DsL=GyMUX2!GeJzJKGR17Wpw;+X+JfL#rWl#b
za)o@l-=PA9S+SRCMM)A4PLha`hSOGmTr?t7I!BHI3<M|R-CQWE6{lP+KxyQpolkND
zVj!nwC==?#A*NR-E6u)4GZvK+%E~Bb$yEj|Td6ixMv|zO>=1)UC{E@=4XTi7ccS3;
zb^DD%Kmg5{uXjYIsi;E*X>qW@<I=QH8mXOfZw98#WC|iMs56k8S)xVZl^kCWD%qS|
zYV;!LxD47LV1#?4jHC;_SS^y`gT`#E;VE)Z=$BJ!ctBw#Z8$9uU`de*%UsyZD<)b_
z;nb8NENn1IB&KZ(O;*A5T^QvkDWUX>0ce;-piHG-5C=gtU&_*yFp;%V579eHK1TEH
zc7%YX1X&1<(9pP2io=yo<g@6yo^;K1@q{8FGz=D4BqGtGBBBb6qqL+5yevqlOoP=G
z1{PajZ6#0`&%mNYk|>Rm0wz&1PY4(+!U~4qvIx8<Se#)bLenBf(V{HE6pr%<aBw^c
z0Y*T$B%zQX&=N$zV3^4QhF}VO&2?eaLj(!q{|eV-sF7Y7xRrd0o(@OsjLA~fP?a5;
zm?dL*gB61PbRmJEiabIy)}%+7NU<Nz_PN?{B$0BB)#FgS)JgWzwP+)c&(s7=*OQ?v
znhUCCJ<?7ks>+P0^pqafCEHNgg8GRprAlTmJ%F3pQgy~+$qCU4w&iLp)-Q)@lSW)g
zCy@3q1s0!G&>>1443mhVkTkMU1C^Q?;LnF+D=s#`x+AEvrDVGvuaBnI5Xu+wc_Y*e
zhlD<smz!7;oto3SB%7*|YIQSeJ{M~iSte8L7TbYnHkm6;II5vV;_*72$4cFS#?ORO
zH`~Cg(@w^SCs{I^%&@GPpR&a?TFD9}V>IiJQ|VYMHtV+)ekv67cnoet6EJGg^_&<f
zQkGz4`~6}FYv5G8+eJ|#CP$LfD9LjXh8D<HFofkyu>R3uH3+7KN~JAN!5TdW;XQ**
z4961_&qr}2G;M=%RxkJR#dtQ45k|+TN5`r$wn|8TkPc2~`E0#!5KTjg&)7;m!_8{V
z3<-4@C>V$_a-%BNB!VrnkjYl#;ixXfbuvT|BM2-=$UrtjBv`FLGJ#-}Zm~(Zo~}l#
zRDH~)Xt=~rr@25wZ;T6SPpHMiQ=yp5X<9<8Vib=LN<+wE!@1bBHk=NKXq~L~BLP{O
zh5{m(OmcXZXhzroKE%@&6`Qho(J&jS3OWHEaTJ<}v)&YGqwRPUE|>~C9kPKiHZ6@p
zOpwTzdXplg7!#yXnx?p{Da0ZaUNeKTA$8-}$dF+}<Ra<nP|@qNTulw3Xj)gWep$-4
zWx>!Sro#@1AX+tyY_+0G(Jts2<6Z`q7y@c$5>?VfXYEd?R#z)}C^s-uNtM>*DqW8=
zNJ5l{@G#EDstr!)&4^IFK+zLAZ`2W3E%Ru!St7DAK2FRc6Qq>Y;V@U`;6xcN^{3Os
zzz8L|_&_Yx>vdh}5Vc0Tm6@a>VK}22B8(PF*(f*cb>Sim=J8@}&>rU6F+}8ZS~)ik
z1Y=WN2*X(Sv*)_p@Bcri8*(>sR{>W6R{>W6R{>W6R{>W6R{>W6R{>W6SAl;Q3b_0K
ze;3W*7Q$7)RlrriRlrriRlrriRlrriRlrriRlrr?bE<%Q{@>?RUN>=90apQ60apQ6
z0apQ60apQ60apQ60apQ6fqxeYxZnT(yJ!Zt5Uv8Q0<HqC0<HqC0<HqC0<HqC0<HqC
z0<Hp|Qw8k(|M~XQJ-+|y`;700eed<X(bx7Be6;U=-`?q8oc`MBM^E2(`qtC_Y4!Bc
z(+5vayno~UE$_#@@AtmLJMzB58}`1y`;?QvKl%NWPo8}6<lQH)J`qonC&<aukN@TP
zPmX`-_`}EFaQud2^*Db_9Y6bc=jhLle);G}j^2CphNIR|_6R?E=8@;{PYyqQ_@TqE
zJACb-beKGZ51)4Mj|YEn@bd>BJb2f^?BG=g(SsKrJZ1my_J4Q(XZOEn|DF4z{g>|t
z_iyi??)~lFZ|!|-?>qOte9zdc?LE5p+`XgS|F-+<yFan}zTLO%YP;p#M|RJ4_jdk#
z=T~+<vhz(lZ`x_^<afxOXYJhD{?qNxY=3zBJ=?F}R<_gID3HK?xC&e-@QiKZmVJB<
zI2VjTz-c=OJbxgb&)g+2j?f6U05IbDr6s{&2Br}h2Pc#*<9ynIz@A^cAT-P%;3ODu
z6r%k=JfFHCBsfF}LFo(f3m1eyz~O0Y<mWF4IR57n`Q!ybL3ld@+t~ShVvQ`WEv@J0
zmIUMhYGemq5XAGd4g~i6rxgLUA=l!-o}alO#8R_)atQ4C_+|n#o{u>Y+Vj&6g!259
z10g*>=|Bk2PdE_V^HB$ad4Al1pq?LdAc*H94g~i6=mo)08UZKbEu@BF&yQRXbfv$|
zD8}={4utl6*nv=<A95h1=R*#J@cf_y!973VKrqkuI}p_KK?j0(zR!Wco)2s$B;)yB
z2SR(k$AM6u?{*-h=lu?Z@O+m8!9CyUKrqjDI1tqH?G6O-e47J-J@4C02*&fR4utl6
zivyuN-|Rq0&o?;`!t;#|1oynxfnc6*a3HAXJq`r%e7ysKJzuw(;Ed;M9SH6D8V5po
z-t9n0&$}E5;rVI@f_uKofnc7mbRekboel)?yu*ROp0{r%7~}a02SR(k+<{P@FLNNI
z=WPyz@VwQ5;GVZQ5X|$X4g~dli334AZ+0NC=S`al%6Q)BKxoe!90=t(cOaza^-td>
zw!kU?{9E_EDDgT6fWOuOV6Sli=&Kz7@|XjFXPW`SOdS9{aRAiV0gxjHKnxuKZaDzV
zbO5N~0FZ$Lfcu*P%;*k))*JxUa{y%50T3MrfVUk0raAz$<p7YT1Avt!0E;@*K2mbE
zJb>lPfS51TY${y<7+GALcVTe4w*#OB2SD)-fP9q$AUFqrztRC<uW$h9%N+pn#SQ>&
zYz8P(cK~$F0Z>&3Kvo<8!8!oE>;SNm13-%o04X>CIKLSnOwIw&S@-+@i!Gn~##O*o
zz*WFiz*WFiz*WFiz*WFiz*WFiz*XQ0tAM-zf5JAcTQOGwR{>W6R{>W6R{>W6R{>W6
zR{>W6R{>Xn3kBT$|AiFp8&?5W0apQ60apQ60apQ60apQ60apQ60at-1tOC2BW?tV<
z+x6pp|F`dd`2M@^&%s#$f8hHa-*5PS6`Tq13%;LS;3upEZpA)F3cU4j`^o1SHp6<o
z-miE$d+7CgSWy&doZ@*NV_<>iWeKK8SRfSvml07R1qw%TL?n2Erw~b|a6;rMnHOc8
zkSL0v6cXkM3KeKr0l`F6BpD3+J-dj};BWK^RDl^>;bBa{AO?{!2$xX-qG_3dFp<X;
zhNKmNfbGBQhhQ8+;4_4N1ScQC;D-o?W-#gnF#HG%%P4}0Fs(oghEfntQ8Yxu5)bj<
zud7H3QA7n3X)G9<isAYss^r*lq|na`WvUeGNU>SXMEO2l*0?_3EV5Z%9(ABvQKd*E
z-XVj9&`2sN{Sl^C21uzhVJG86ZaT(dGQm!>L<-ewe2yiH#lBdAXd~R7)aVfmE3>95
z4~ZyCpxHvPk_nCAA<G3!&8o)}eSKDj4ZfSRroCacgw_(1Y=Y57Jr&jDRD4JcATvs5
z><aZ0W)T`RnPfIs6SFYS&5UL|ILHvwW-KzBBoQ=OX%q3uq*gR_Zk7v(S*Z}HS5uMT
zY{(7GmQ^u(vu-pH7JC+w3Mnx@#iPTN#_DD$Yj%shZb@#ziXQ1A(k$5zB-))xfftBa
zx>BDEC$W~4FEk+BAk_XOKkgR$sa_K=$9m+zG|~w~N~TBIs1a-qjJ}EX0}7exMEmB<
zL^&~5nnkRLHpMGaGKOIzx=$IT+RZncgJLh379b7l6Fg!BI3W}YXQmJuOoxi0ej+sL
zk277ZE>6awT7;sd5TjBfK@M}lYR$l;VG&njRJuGZb?`!4F0nN@Iu5Z`zgA1O62%db
zFSm!OYTD=u!>XpUOgT%0R4B@I8tOEd92g@w9_+S~`AV2UQiV#2?1vS!5-SQ3tu@go
zE|BY}6%rd(g2|!EPTI{5Lq&6%5EMF8Q_-qoLC5e>yu?nhs$wFumf0zmn9-<GOU!~*
zx>Yg^dRz(O=~!dTVTs{H@Ab#C{5VKdh*VQ#tS*ux_-Q`ZpPG~4xYn%48hK)fHb-)<
zFp1NxSgLAfXI4$GjVvgZ9CT?(MjN$YFI&{$76NNJO6JleBoxy^%P3AXEKV9)Ge(uG
zW1$!o<d~&}Gh;APMW|Uy&$zlJn-iQ2bcS4$9`i!XOg9p}aeyU)fp$e|w$kbl3eE}$
z7#+bGF;gjy<l93Mn{|a+MGmmWm^2t>6c`mN^<cQs9Ot<)Odw&L&Z1SUC(gptbhG}F
zdl`#@s1S;R@euGH2pIDS48|*gLox&YbQheZK$3#;*27!Zd=U<+gMx9-(*ll2A|eQg
z$b+%X2sDc0Brh^DMT#;7QUQKQ;3-j{8Bropn4)ppf61h*fFnReSx|tFQ6!3|8AefH
znm{QA!x>a0NDQMP5=RufTqq>a3JMW8!pMZ6D8P+f^F=WH5X0aIiQT&|LLn`#htyFX
z#)ce`8_hDkrbMR0jb1XMrun!MDl#U*wh}EYi_j6ss`7}`9|THDw50V(G2ici))7TH
zLDe$FdVN4+<(#IGGq^j>M5b0-FXZq>uR*dp(xVh2Sv2Hnmh8tzQe&EHWzb=!&0?*z
zn8>8rY<8&h2P9joMl!}M$`s3LH``b0)<_!)MR7Q3B(iXeog%t|nz>5495>2rIL0vP
z5iD0#BG*YvRx3N4qLUa^%Ci$lsb=Z|o*xytT+19KbVTPlm9wTstpe8zB2~@D;~k6X
zSbAd|HNsGM)X_S~IEjrSWVQvmKbNJ#@ysBR%a_@NX$3_C)d@1x6$)4>VepA=RqtXY
zj7%Y=7#HIx44;jH+O!Q7l!n=vb&`x+<C1N?ijQ+$BU;I4ETlP!_NGh%HAcfME49<p
zUIC}-kv=xb6^LHEohK|bDnVL+A&6c+mKk-eaRVB(n$u8DZP3wtkq#>anjw;AKR*Zz
z1MwtR?irO@HabcNtZWLC`_LFqWG5=qqHs145s6VR(ARMy&}ABJE>Tj)g8=~rt$b1<
z^4U<S8;FcX5HrRq>;wt6$W&hm&ZJZf>LdevZ&FVL5)*40%eL7rnTwfJJdoGmuu?S3
zMn*3XGhCY`TXoQLYiMecZwcWDK}1GrVoFZ3Seg#zyFtDi&lYLJ<SlAijimBC-DxnY
z%1?uNw4BO^;(A1#l~l6T76bK)9Ft;gV=R{9(YQ!T4OY*Ktvp_<4`cndD5C?mf#;)O
zew!6kBs6T7C?0CIkf9L`P(-^stVhOZJ63I0DJUCivIHUJ3?j$W;vqT4@ibOR;FVrD
zS5MS(CB{GrWIBt=<5D@BAPl+K@8H!yK8BOyQd(uE1`a3HexEO=0;-v>=&5o=F#34A
zErkk`D#`ap!YC=JCAwUz_IRS#ptFc3^@qJclFesDQNTZozG&;3FOpzUQbZJHXmDr{
z0~5dj!3a&s3c-*hSlS?h1k(}%iwsyn2`Ir(ynrzRhLae9V+vR?G2kjs(HMrnGL7&A
zDu6YXEC8njRvtVKD>5wL0wf}o2myD7Kr~885Jk`ejG?kXG4d5(gg-*S51|Z!P{_Ue
zqH<>3PBluZrpe8;p%Y~e50#5}AQ)-&3c0>9DC+t!P#+9IVGCJFiwVWnv@#p^$ST=G
zs?^YE(2a1Y7ndz4m>(CRcy$=mEwZn5!bv_3Mm|(1iA1L@@mMjZn4Mw1T2;j!IqcU9
zTCy4!D1i?$L{cr*X7I3+h**IsQK)m_VXYHQz*b1Y<5Ozbvj$QU5Uo4XikVDNlO|)u
zNJ2do&)~&WJpm7TL83Kn@ByT&Fu`dYsRz@lQYz$yXn`LQnV8fzEv$#si)of0RIQXK
zw8wdo>{_62$9ufa6b6-KNHX9A!s!impfqE6S(tX}^^8<5j&j`!)s+guurSj`@TiAc
zaG}<RvW<!)^@toUmNM!zZO93co+hUPmIE_yqEk&Zlw6jIma}XpSW^RuPzx<J1G8=|
z73%7lL_I4=d~j4X>$23T@>U)z@L;hpDkcmv71ql_aS{XmAP}Rqcmw9CB4c5AxCN^S
zl<zPZK_Lu1oy;-0S+<k!$Q-VBEeVZ<YOtaf>Tssm(Tla7(Mt{WiquJH6D^d|@~I}J
z&T{>6GmH&mcxM=rGdz_UH|&XC$n#QoPzj|XM5@5&Byx%ux@~1t*Ex~Gf>ACt6LM<4
z6H0U9AYLZpxh~lklNLR$w?<@gTp!O87RwdG*%8_<aJ5kv4QY{JMKi#H3-7^`%pfRg
zqTU`cx-^xD3EC*Y`4A*`&|IKSW|L7Y)re{den|C$!$^#P+mQf2%TEiVP;-I}vw^hP
zhZ=}dA2TUA*9m8$&3v@kR-t$p>>oHr3WA<CwfOXiKu3CXI)Z4k-nW8~))OWXEgMM}
zXygB3?@gd2%hK|&%Brl~DwkfSCuXLnr?Y#yr>mHG)o;6RDQKG5_kE9^CU|S?`yRuH
zlQRd6Mur)q1zW~iFd$?Zq=T@Ijj=6c2{00t55_(c$Ow+HwH&-03<zNh<Nw8r$c)H*
zkrl;cmrBFUuFfU?d;k02@Ba6{|GoFU|4-!+oopq$iL8)edK0QSa8B7CnBTA>l%+rs
zeks)gy`1FCdqQDdkR7Zum}wOxz1{5xv-M<b<g4cs5mXxa#73RY3=_#v)+<t^4oWy>
zGO=VN*N~KUO)bLwUDzVnxqa(f@a?@f;9KD}_?G_!e9OHI-?BzXyUa`Q?WGssTlxgP
zr4Hd+VjsQ*ci`JM-!bn0?{5!po&0AfjgwCv|I+bSkKITA@6nGPm5yFH{KdmBAHI9<
zckcbjJ>}lVAadWIIQZuM-`@YL``-pJ`hI@z3wy%u|GE2vyM^87c7A5(+jr=@|NQP>
zfS7v++dl;i@fSt_BY+XGM8LltP8)%h%wrh(ltPb?@Q7v}vK-Bktm$rSvaP#s#fg7}
z#D|<n!|BoHoZhnHgdR~091S6wqBrOCsZ~zYDaAcv=|`mSP@qY~Jwfl@wBSUuk7)iO
zC5ni70#0vOaH7aZH2n~<v`CAa_wJJxoJjEzNk0@=IDO+b=k&T2C+-m~Jfs9f@=q{!
zuUT`VsE4qRrk_NnQ!7r)Bbt4PND&SKHt*f5)|@EV-ZM0}IBMKP$3J1s2@n@)iWQy!
zr&q3Uf_W!CV%UcaB3W^M{JDutAGhL!9<ky>BP1z1-!N>#>E$(?$cG#QJ0D?l#6M=i
zi4`9q7W7Hv+4+IWCNh0=l@lBj8*Cmi%tPp$$UFh3k63YH9+BchQDABE2{_p-IMLiA
zL_g#}B=HFl|FAVDI0R>S5yaXY@s}((QOqM2EFElLp9Jv_dAI#bE5ZzM-~{%GVTC8q
zffubLq6{72;PwDLLEm2RZ3iz)L;~L2Lpa)d5|N&_X2kFhA&lFT==XD0j9|{es>veZ
z2~5+81xO?^Zb4WU=E)PN(y<jM+E}2BD0NSwlt)&aNMrdWd7k8+z{nk5;UpMFjzz{&
z_e4s0&zcjMOBzmSxF;}|2UeVfN0jgo7zz9naN1wPiFqg*E7TKAl|3s?;5u;+DVF5P
zCvXXNtvJC{5kQ~dFzX3if*os4Ed7vXVDO$mGw)h)g3CSh5Y7pyCoxUi7M!l$8E&$y
z+_C0#>BN5%PPcvFK<}SB(B?hnmGinyIL-F|cYfj4z5nW7>)vYzzj*MS2mJoO*#Ex$
z@ZKNn{n(ze_tNgq?oM_;z4I$OU){0a{jIw{bT@l<fBPr58{4nm`Gu1oKhaKX$3J)c
zxntt!SC78u$a(lXhd+FnKfGt@_TvvR0vLf07J=|~I=#gsi4%E6C1_YY309G1LRKl6
z&=^IBO9KVzw7Q9PxPPPE-nvn4pSn?QZ{8@kH*S>MCvTM7>o>~nwHxJjdZXN4y-{wT
zxKVDe+$gt?-zc}2Z<O1|X51)J;%JpdgiLb+!Rj>JKT<S9s4~lIaAhfJBD;x2`sj^v
z`^b%Qv)w4S58o)amu{5Xhi;VHi#N*cg&XDe{Ec#Z?nb$t+$gu>8Mm8y-s<Q^xgFjp
zw|h6r?chea?cXT3y&L7Wd!yWTZj{^I8|AirqulP?D7V`o@bLF<YM##a|NEU=C;#x|
zM<MrL{^aeGyT||d_{WaFbo~A?bG#3``oDSf?;J@-{L#_juOI%z;a3l}!*4u%{@y=>
z6N5hunf>0q_tL>{9Q^HrfA64i;5_)~{{OZA({Osw`CvCWm^(%QBY+XW2w(&-0vLgR
zix7CQeJj1S$w|lkjZ40@ami0@T=LD0OTMvj$xm)v^7V~NzP546(~V2Mx^c-*Y+Uk{
zjZ1!f<B~6LT=HWZm;C6)B|oxpN!!LHKfH0tmo_f>p^ZzvxN*rBHZJ-6#wDNIxa7&k
zC66~Qd9-oK!;MSc+qmSx#wGVRF1fdH$=!`h?rdE0?#3mzH!gW+<C3@U!z#1C$trUj
zmd>q{FB=Q!`zK%C`_|px*d6cQ-T6~HuipKUyW;lGY$xyh+MUMj|L69XZhvU&`?nt6
z`pJ{8oV<MeSB}xqe{&Q){GSgi_x|O*FW!6Z;Ljg?!&6>`yLZzYUUlBob?EC)zsc90
zev_w9zsXmhev_Yg`c1y_^qc(n({J+Sr{Cnq%qBOvW89?7CU*0qPru2JJpCqZPru0z
zKm8_OdiqU%=;=54;?r;Pg{R--^H0CY=bnC(Cr`i0W3$Ok?wvL%vx$v8diqTsKK&-|
zJ^dyRo_>@2Pru2%r{Co6({FO;={I@z={LFk^qai%ben|D^JmQ#H`%RjQf3nq`>JvO
zf9tuYymQCRVFWM&7y*m`MgSv#5x@vw1TX>^0gM1f03+~J5y1QZrwTW23?qOMzzARj
zFaj6>i~vReBY+XW2w(&-0{=!3FrWYbUZd@AJNe!%=MleswA0!D#(UxkI=p-5hj0Jm
z?O)papN{VwSN2+mzi_a7$9{XT^&cNJ_P_t&7w^8i`_9py-`hX_?@zw(-e27Lhughd
zqg%gn`(*bA9@`ad`z*Yr@eD-^4ALP938gbUrRf^{R7u2060bt4H^{`K@sP?yka>mC
zDEJQ|0<#PUIZ=2)Qz0(5s%soaYqZYO3}kcCMV*0vlnyzXl()=Qbdu6EK|w4hsyxT4
zkdsN#B$kFmZj2^qvO+T|CCDN}aty2RqE15gH<_apffk@OSrR#jng*FyWF+Y-E6AEE
z@uETt5YLDd_)pDRp(TxnEGv=(`Bvb69TGu7iWbNgB~g?h2ns|X)>szutZ<U9OB@OL
z<RqR{d0A6Loq{w|q9igDB)DUE64FCKry(tsqKQyafZ(p&o3mCVh+m3SkQrJM5Hz8Y
zNEdjDfiOyfCKySu1Xfig5fGzQg_e!HRiXrGsSrzYs!CIe$RJt~AcqVkQj$pOP=VA~
ziGu7pBK5|s6_8I;6eH)14B1pDN=GU~0ta3|8lxNWN;SwtBZw-)@hnfn5KxT9D>UTg
zlb{~O^Aw4Y2tX?`2~nO%RfTkYD#z<I%kaGV$yqDBC`*t#i=%WF##m$_u@ujV5~HcQ
zpmT!8AzBqANkbZ~Xc~e5Q96XVWd((zWKz)t=(Z$LoX#Q0c|()X14h+pNF2y85XM%Q
zU!S!C0}3dEBorjNVOS^#Bg3hj1Q1g)ElRq=t2*Q%RCHB<pOUCU5;2KUffwWpG&1ps
z601WxF`Z)|d>*I}P3r>5YN9Gjr2d-O7lAgaFanGNt<WmRDwGC8%TNqyWC8;Ys;p};
zb{sE4vO~}%Q7}{vy37d(#y}QHiUesu`&Er)VC*0VnFJWfNF&u#vo9h*Ps$9f!jQ6@
zuIj7;LQ^yZHkK7uXBbh?S&}yLi%A>>5~?H(eV}O`ic`jTFf!sv7=4yQpfoT^Kopop
zGIWO5U!AqWK=+})0?<i~;~^c9PO_j;41*|vq$mg#&V%{@f-DR?Bym(pN@XCfy+Da9
zqd{^+0dSF2MiUto#!*)_C?=>PF9Phm@QGO~8YmZZlae`*0)b}A6b-TeMOo8epg9GR
zMsi4fme5Fsb|nytW_bnDX@MqiMg~cd(?lLY0!d0yA>_C!2sGFYMPd=BO0UdXK{6!?
zx?<#q1O<bvZIDhyh4IxOhocBXNOCgG>M{uc=``XYQzWE9g5+#4!5}CZ50jQ=Ku{zq
zNP)RYYha3CbSWJSia=@n$7iib8jX-_K&sL(lPQU&0aeH=2N+05=U4^=gs~MklGjz0
zhg44t*gU{Pfozm8ado6X0y&E0jcE(|jv!N$%0RwKl2IkZzC3FMqWen5&=}SNqI4@P
zB&VTe&>s;du8~L%(m+Xu;4Dli0cMi~LDgtgqB$LMU%~@pq5w7r%%Ds{J}6#;(F8su
zf;3Vrt5e*^X01R5DxQQ{O@cZZGZs?aQ98^xiG&#m9e~k<9Dp#31Y=?{FwzEyfFZ3x
zlt~7(6DAI%qS8nPj5SOM9t;7b$&+Nzd>E^b&RStao?^jr8PWMw!-~PALz==vmMcn!
zDF__FQh+_yI8}j(MMK(78IpsN5J3)x3i9o#3QQx&2`YiUaS-2~1EWpz8m+MaJ^hhc
zD=;@eAc^BRMh2B;5M=G7WEd*2ZZKKEE@-^UD`2ibX2?q_gSyEa%aNiCSxIS9;UMiN
z000Y(#sC`~v=vbzNm2>}`4>3btQ8q@CUG#C4U5fCFlTj0wWWi-(G{>yjDP@N8XD1!
z4uS%~ss?#TArYynh)^613gjLIqp4A<N`d|2pofesLuh}Rg9^-tXRYYEN=lFv!AR!?
zeUgy^V)BftA&v%NKubWEKqWO;904!Lh{&q~OcQ_>)+-iF3aGBAu{>BzFt?BeOh<qK
z3t^Q(uNd^wtQCc$C6-quRs~FW2G(E}R$zwbpiPL+r@<-*s-?h+q(Z&`3T%b|SQ_gd
z1(CxMG$g?!6j&Vw0oDL$ofRPc7_29VG;I5aX031(%yVNt%K`&d7Sst;i{c;w8Zrh<
zfB`a03d8U){xBs3MWi*I*EQ%M1=_7b`^EwQSr%zXeMTW!1Y0NSpn)_jX3C4RR*(YI
z5Kw|Nj;aD_Wx>AEFj*j>8R!&5Cx=Bt)<N48&}teC3j>oJdZ7uhvciH#fnLHAfn->l
zpvl=f!GjWlM#wPpDe{F`D-75xng{y?H0TMbQVf_Su;GddDhxxfOA-xzXJyDK3#Jxq
ziU5|22Oj|vK*Iciae<trFzmW$WRwILpsx}vJ3K7Cvi|(66|f@UqQJaGV8#Un62*Z{
zrUg}p=`O3Zfd!};%qm#Zcm|er$WjT&(Hu-iNS_OHoK#3~i&%gNYQwyPIU^_x4>&3?
z-JdhZg(G3Hfdv&jFvDF!Iv7rv-2zQ%pi302UYZ1h1b~PtERJ9tRLF)28p8=H5;Tbe
zj|toa8d7PhK%pS}CQL!Fd^{j8Qz!GjfVi+U=qv-vgajz4ydY69Ye>*wFsm@fMFkWU
zG)gpZS77c*ny&MZ4-XOn)36rlV9R-tH~ul;|3Laq<3knZlE5FEt$<p}0!%FsMgdiX
zybTBv2D2(Ff-6Wdtg(#F##o0=fYpcD0ZD{OL&I4xEDQ(ZZ)i8Kkl-lt8kjyX<*EvP
zj7VzK(X15)l6_K~2HqqXGf*kPuy-=#1BDL2D$GHUU06s!dYH7j$iv3~A=qSCav(pk
z(OH2r+yp}zX>fok2u?18QB)ubzYGW;&RT($O@;O~9YVbGU`ZuV3<`LG{RT~jnJ-G<
z#2`>5=qD@-FgwA)pkSdFWti`*gcMQ&R|>$PMUeu<19J)H4VG9~qjc%stQA-`VNr$@
zf}o?I0${9R;nHLhrZLBWGYpOu0wpw@Fi5!!76EW40c7Yq5I|r_B1s0^L@-8@jwoFR
zNTCT8Fw((vAIw^T38jE_WRS=}&SzN87ztK9_yvJ8!*MDjLskqJYmt^f^T2Cm45wUH
z!Br4J<zaC$+<ujXHBtq8$bv#@vuOu{LS#{Of7Xg&wqW_-S#Y{IaDu=IhGd&G><YkL
z(G(CAoFedSVBP0MQdA(%GlC?sv<TUz6$MO)0Lugz3<POlIf;Qn6c`S}7gja!{q((A
zE0D*<P;x<5k+BScMuQ#GVOoI?0I-Adfcb+2vXGn>ykuC>!3=|Q0IM@B2heM9oWK}R
z&}+lNfehE+@go2TTwD?+EVnyrMOMMd7X^+LHP{k?MFH;v+$wMop=lNx)G3C7@gZ5T
z0e~0`EDiG=pn>HCGSKoQC=CoY1YU)HK=@}Cwme3*Y-mAYMRI4>3NkzgiG$?@yi#xi
zz<SBBvceh*YYO;Npv5p>U?&6v59SRPN$~k$iDP)kjSDHW!I&~E33?}i#|oP@39=D@
z3D8+%>p^quU2|M0h6k@v0`CDf6Tn&LARQ&7)dfoiB66^W0Vf=^i3A@X79p76pjo7B
zB)<gnFM_q!1xbe)D1eu%gM*?W1oH@TO~Ak)X?xbn2c2X5&a9OWGJ7!WpNq3b_z!wx
zF^m5P@&9*!cKg-+@X3!K-n;kOF>!Z)=c{{vaQMT!pFYv{e(c1yW8eQ5+l?dVp0fXa
zu<!q^JHK$4Kj4qPXXjTAzVrBVcYkPiayPs8((%t3Sp>F!^6+<#e)X{@0Js1~03&eo
z2+U%Q!l8jmLIQFEc48c4`;|ySL_9+nE|Sc{;S!|Q+T`^hGyXpX2XC+li;!QP7YXp3
z;5YCq2{@QAwo-5$1?O5D<X|`B|4SU4pn$O_U=IVi3E;$v5MkvZC<Poq!;^-M^CsNP
z`2RZWM!^M92w=(+;Bw0ZtYQiT7uR4VqA3wvpG~;U<Ns5#0{#xfCI?pz@+NQ+A*cdL
zz(#}wcLr8g75taSXPY<U|7)<hft?0O1ZxGs!Wkos2a*Wzs$tcFQ#%es+<==I{~xv)
z01t43jP@X#L_#OwEQ^4VhOGzq2H*{D!p)5T54$2`111xYcv^y<QY<0JltRF|E(kCV
z;BsvgkKK&_564-seG_OxfrB3cPFhq#g1s}LfuF;{DFv*}8*!V*|L5S83AT^~(kYM)
z{0KtOSb;G1T{O7pu&Xe(G2m7)66hpL5iA^@5O9{k60r9II_#6coipSALkA(LwvGr5
zjy+&5XrR3u46zEw7c8g2zDwF@E|~HEAt5gu$?6ILJ269hkqTldEFr^b7o3=iu<P7N
zL(KU9aGb4y7fiua0_+XfoiMyF$jU7$G8`Ae>A*(Z%=rIs0;It49OU|dei3lktPvud
zs}TxtH?|_+xQm<MX2$=AQz;7eMxbxA93r9)dTanLg4+$d6>yc|9A<-2FysHjDF7VX
zX&eFPk}zJd8z*FmX9?KbfU7Riumyr+(Z`Re8UG*hOu~+yrwQ0ifqj!yP!1N%o#8B!
ztOEB2+D5b9jQ<bX1jlJQO$gw%!dwtJLK0z)!5I(?s^KYX%qFs#@&9RXd*NIX5s>)`
zWYa`ro`RHcx^J9aunO8tHZ%S|oF2fv0Ax#mIbmq8pb>B=0on^2FBk<lIo&L8f*JoG
z_MbWphmtT)VJN^~rwI{`ZwT0F!#)!BaGJQ0hM4jHVfO$hnNS^0%3(}Zn0{~!rV*5J
ztjk04c}Cl4OwIWJDhCHM&>KRB42vKetP8M0$OP;nVK)Wy1M=E$G74t=e+jNW;QX2)
z;9Q*siv$8fLRiRv1N$ZT15Rc)8wE4|Kb&uY>cb)hXD0}H3b@IzX(3?4jYLg`V}4k>
zHqc%({=W{V@y3M@0Vj~KW>GY(({Nn?iw<lOX}F$&!>CQTneqR19?o6iV1&?Mnw!=V
zw%;NFn{+t3BVil9**rDl|HCDZqQJp20X+iQ;5dtbeJ^M)9ACgr9f2*_Xw5R?|HJWv
z!oj%;0k<76v*1V*#uVHK1&)Jdz*B{@fK7U8#{U;oa2#M04r8i;Y@()s_9{A|z?^4c
z2xz!Z+=QDM{~xYTU<0j-u%3behK)H%z`?ytz{vz0sLOEj0jD1ujHwy_U*e4ueprq<
zQPV*-MIempI0BprIQxM9!r{&)+|2m@3Zg+hkw(zaHOQ7C!U{-JJOLMx6r7}j!J;<O
z5HtS2uE8}BoTd<P`v9XLfF8s3DhcxxR0ob{;2dJ3RmP0}5BkZ00>cUj$ERSCC=Hw~
zRU=?y&cb1m1kS@o+|2m@U@YO_0&FjwYXLWfV_;p-!5f4_Rk%`9L^z4x1UEDOKU^HZ
zp*eUpa18)91Wv#S<Jg)&2oAgr&yI%EnhnO(jQ?*O-ojxN%m4}u30$|p6cxaIVBkIl
zj?mx;A1-P(;AY1Ehm%OSd4{>b!3mDxvA|pqpyS4Eod#IyGWcB^a5LlovvA1(w?r~w
zbPPs80iTryw+pV)L2<z!=fN&*!0pJ`f#CQ5Z+;(!IbsAb0vG{|07d{KfDyn5U<5D%
z7y*m`M&KDj0KfnL3=IYr1tWkFzzARjFaj6>i~vReBY+XW2w(&-0v`|pc>n(a0gKsU
z1TX>^0gM1f03(1AzzARjFaj6>i~vU98A1T>|DU13z@lITFaj6>i~vReBY+XW2w(&-
z0vG{|07l>gLIA)2{{aDu*<u7R0vG{|07d{KfDyn5U<5D%7y*m`M&KDj0N?*VLxX`u
z!3bakFaj6>i~vReBY+XW2w(&-0vG{|zz2i?zW@J#fW>Sv0vG{|07d{KfDyn5U<5D%
z7y*m`MgSx53?YE;|DU13z@lITFaj6>i~vReBY+XW2w(&-0vG{|07l>gLICgoKOkT+
zTZ{lk03(1AzzARjFaj6>i~vReBY+XW2s}dw;OGCJp~1kSU<5D%7y*m`MgSv#5x@vw
z1TX>^0gM1f-~&Pc-~WF=z+$!-0gM1f03(1AzzARjFaj6>i~vReBY+Wjh7iE}|7U10
zuqYS-i~vReBY+XW2w(&-0vG{|07d{KfD!nB5Wvs>e?Y)uwip4707d{KfDyn5U<5D%
z7y*m`MgSv#5qO3W!1w>p&|qLuFaj6>i~vReBY+XW2w(&-0vG{|07d{K@Btx!_x~Rd
zu$V1I03(1AzzARjFaj6>i~vReBY+XW2w()BAq0&5|Lx=7zIFWDC!c$U#KNLr1TX>^
z0gM1f03(1AzzARjFaj6>i~vU9YewMg?oL`vhqq)!N4m~Pgv_%P!D<vq2qa<&O(bcW
zq7cW)dU>LDrH9o~|DmKPTCYd+TQ#l8(6X*797Qk)2?VP$JRwjFLukAti<&~Kw93#V
z%@QO_P~<7aJ|c~O4|$5C1ra`dM3T49?(C%bba;PrF<Nb{Sy3NWR8tB;)+wDK1%i}R
zkb+eeLgZwIU<FnXb&gRfhPosL^N8ghax}>Zlqm(i|NolR2{XV5U<5D%7y*m`MgSv#
z5x@vw1TX>^0gS*ikAM;X@Al#8t>fq58~(xwU<5D%7y*m`MgSv#5x@vw1pY`P@B<&e
zeITaOdw-`9PVfEUFGDxE<K%<UPOCliYZX$I)QIeCMEb=fA+fHOGWL3MBfelC4rQv)
zsIy(!Aw}JYsI^B$hbPwy2|}siZ`XWkvfrSl)h1I_%ki+M$19yoAW)5tr%HhF<QTG4
zM+0Y|6i`d`Ld;k8#HB!O)QeQ?{sbLz2!&~q91NJDolBO5MxL8Yg060<HO)p)K4%}s
zorRznDHYR!lzkizh^b_{!jPR}(W^^?fv-Q*w3;)X2-GT4v*Yu!Bp0(wNNoBgzsnx2
z*PY&pQj7Q9a=hMcDqX>sw~wP0j&`$b$eR$@P*WQxivevEE=(qw%)r|mj9h(RH_I_a
zqU++CHKOKhmj_{4imTlOne3I720LnYhf0}sxoeU?(4Xe{s2291j8>Z#8jZNe;m8(*
zZpRrM6hbAXg-B0{5B9Ro$v9ecJENJ9JslW!n+{O)-5+>)>wsS!??1$?^CrXXYluan
zS#!A*q7(=-QTrexs$IX55OYealC2QAv=C1YveOF3Rda=k-IepWwXu}*@@k8!jRx(8
zE*0DSG|bf{@7V6_4_mAlYA0N3XOs=pqwRRp)173q#Uw>~!crs|(@S(sbPdaXPhRPH
zqRoCv(gz;YYp0V<HtG(JCV4qD>J;Kxu2&~px})Uxxg}RF$AxN{dVJJRw5cIijt=ZG
z!Or#g;4qtS(sVK#NXFD26{ZLMs2C)&WZlbY&PD+Smh^^vy5=2EdQ>c@r@UM~nwjLI
z{bV|!<q@MOUdNz2Ejk3v->+0ku40NILt0YlX4<Z*yUR=mOr8=7t(3DK&F9f5)$%f|
zk|ODDXCMveda+JW$p~L4(5|wpIppBZzn-tU3yq}gkqec8Pj;1xS%nva)k%)a$&-|)
zM8?}nv@Yu~-m%&9|0jR_*2zDDZ}<x%fDyn5U<5D%7y*m`MgSv#5x@vw1TX>^foB1M
z`*+e?f~x5p(s)8e8V3*iQ#>Kkf<z#Ol|)+SSskgj-@23D7dS;knoh$JnyeA5M8f+4
z3X<S;0Ri4@AQeeqc;o*6d$*joPX5`+KREfDC;#Ee7f-4u@e|?X)svm$|Ks?7JpRe!
z|LFM3$L-_n@i!m8d3<>ETSvcq^tX@x%F$PkhDYxoxsE=4^upoq9sb(k&mR7@!#{iY
z?T5-?;E+1}$h|+f_fPNrclZ9&d*65O3->DbV)yuapSXAT;D0~(#e@Ii;QJ5$#6jyI
zbMVf=8wdCH|L^@@+W)EjAKw4U{$T&J`_BDu*nfWSU+w+s-p}m)=-!{%``n(q=ieju
zY`g#8?*F#?^SeL3`ycF{?Ur|=yWH+8yW2azvGYId{KU>*+WFE>b0@v?O*^05Ik@|q
zcmL7dzjgO7-~H~p{k!kob=-Y$_qpxg-To)rKfV1U+kbj{x-D({w%^|V@SWek^S|Et
z`*;4voj-TyJML(Af_JDpw%fmd``2&(-0i=9`_JC~+->Q$_cn3+#jW4l`qizU-uh3r
zzGrK+^*(^L`ei%&@Ex=VFIvDqikyATez1b=>?LaoZ#(;tHHEXCy=YBAwzC(kDXi`6
zd20$|JA2NWLfg(xtSOZ3?AV$@+RlzFDU4`4JG7<%2KTHffWd(^1u)pRrT_+e))c^C
z*O~$t>{wF(gS*xgz+l^&0vOz}q|kuDZEFf(uw_jF3~pIdINNtv6OiqXSrb^>=dB5h
z?c1#hwC!`&1j;tGCXlv?C4mxcV{3w78(9;0+t8Z8*#_1GWb0cKSX<AUz}ULh1lrcI
zCQ!DvHG#CXED5A&Yg!WoTf>^b+v?T?&Q`M~AY0X%z}hO-1jbgjCeXH$HG#6})&$a~
znFNZWX%60sGff<Px2Y=xBrYg6WkDb*^TU}z1T!I969k)NP2g?cW=-I1MQZ}GeXBKr
zwY_gmU~HeYCeXI`tO=B@U`-%xc}oHqhnzJ*uw|_Yye(r*;B0AY0<xv739Kz?O<-&Z
zYXWVHTN5Z-%$h*jqLu`(3=wOBU<+Flcw5Mtz}bS<1Y`?X6Ih$yn!wn6)&$z-wI)zD
zk2Qg`xh)A`8C=!`!RE9k@HU4vfwS4I3CQ*>)&$n}t~G(NeX})zw!LFbplsh{O(1RG
zctJ2dAI3BRwnvu<^qe4GCd@r1n{ZAbS<3iu!HU03Sg_(Q6Bew{oIrwGOz}%*iCre3
zB?4m-NQ$C3c#n5s$4DD}K_DrTy&zC?0x7~vwj#|eNH%go5Gax27?N7_<Lw0j(L7Bd
z9$pZhec2vfCM^0vTo5Rdr`Sa!w$IE6U|Q#`&hP?ewohLs%muc6!zBVax7D@>mkGjL
zs{5A-{G9OCWx{+xuzl(>0nKZ?d6_U5+xEs~!UC&LUM4KCdi^qCfz@jZ!kh)QXyf!U
zVbR8`mkEnDK5?0_XycX3gax`EzeG4k_vOok1-c)*Ojw}%(aVGdx*xerSfFdWOjz{X
z+?9Zq%zM1}X)`w^ON2$w%{|EyVbODQO9F&>$%W$C%pJ)RVS%o>Az30U+A#McON2!m
z=5_=K^AFBP(A<qI5f*Kjn~^2Lq78E|vP4+4VQxj12#XOkcOn;r^AR*RB1?qD2%7tl
zCBk9^&27jMVKIW{E@X+Y7(sIrvP4*npt%QGA}o4tZb6m^i=LZ1kR`&R=jH~4LV&LM
z(VSrH|8G6Fx}n8?VFWM&7y*m`MgSv#5x@vw1TX>^0gM1f03-1Ag#eEK_w_ZNxHlL9
zi~vReBY+XW2w(&-0vG{|07d{KfDy1l0Pp{;P{E&J1TX>^0gM1f03(1AzzARjFaj6>
zi~vU9>k9$n`Tsk&KYQz5f9IdW5B!A@xG@C2ynpBUvv4|`J~}%3?$4(8kB)Ao6-5zP
zUXmn6BxOO;RFdaNnbT!Rzp3aPWa6Y*3W8K1iKkSJXOSZDnxtqfQh6TnI!8)~r)7cE
zp_oD|oXEf%ISM22EQ@HJ6j@y&8J!_SN`p+88Z8ropos*dNQ^FWf-WO?iRmIUrvM2t
zA2H-ZBnl$Kf0`sAGp9yVj6w=JAu=>iuskn7UQkscAdoA`@szIUj3O`&2<7U^k3D)c
zJ#xp}F*(I2y*1T4&Gl%hEu@;owp2=_Ba$|(5xGQ#=O|x|bHtrPHL16UOeNEylC^Pq
zJn}~;BgU(t^dy3UbSo!C(_A9aR+5C!bydeXVMvntv{cas$dg8NB%a8GokMbvF4}v|
ze%|MAx27qwE7ha@Nn?;r(mDS);uo94Mul!_LEnJy5Iv6&HagVy_Yy>>BnBeUoDw0W
z;<Q`xIXYo9DS6$~ae$%&nJV&)$GJqWRh&lcN<@v@^Vy)=F&z{Ky>dU(YfS4NyGv>G
zsi0H$N<oPp1e@tr&l%~}6ODROE0cQ5U8mG(pl$b8YvZ^iBX1~^9}mXfvKosQ2)2tV
z?Qv{WPqc%L5}WcixK6Jd@>6OcG>mw<j#8)F?$K?#&V_59c5m9Fi;6cnb@$!P37b&^
zUWOS8ZNAG@>akL(lV~_XGSOt(NTRy-qU?0K!V`jagq#Uy+wUB<N8x%iuZ%~|oSPR^
zr&!^KvgRr}vbip!4iap|%ZE~vWQ~niwPZR+dPdH4zn#kk%KpR<#ZuKlFdORD<w3UD
zN{guoa#jdWu~w)|9Dz=ENctT0av+v*iBvG2336?hPG`Ic+1)IUn|#q8tyMA{Gsrjs
zgGzc_E!9LG;?K$sxyG0DW>$%}7<TAOrpHWH?@`loua-!P!(k@ppE|NaIoa(Bql^P$
z1Q$j{#y=Rh8tu_EHgcd03YHYHU#Fr-n#7{*NpI{J<w|*PA%+HYX{bfxW1mp=2D81$
zw4ZC`hJC^t=+q&I3|+`M8j(bkEK_8&MRU;*N63kgT<#{uO~%J{n<X!w%8ulON7lUk
zrYk&xnF`T*lc8xb-`9F$mb2Fe#gZ_RWN$B2@Ha;GG;-Lh8MRanRR)A(8mC}(IHqV?
z;ftJ99dOLFF6T0uJ>4B~T~Qp`hlxzy;VP6yvEqnCl#3N2be3r-Q`aO^%D=P8T-+qu
z@R#>*U$I3jbccp{F9|YBsR|{_lp?|07G;5ESx!<!jpr1NhsZ8qhh&LYWI<F^2<poV
ztYN=2PSYuYQZ!iy8>6edB#5G}lLEZrD>AG|D~Mwlf#6t5H}VV9ge*Wf9>h|jhGbm_
zGj_!mk>o>BWZ})>&214)G<_{+Wf&uwK@mlV({Q7tav@it5pY*Rl23Og#2%F{`^!v(
z65K>TD^Y5@V^8XyWV6jFv33nc2htn+`CK@W&vyhS6>T=TDOn$d-IIQ`6_2uoMuAJW
zs0Od2K%%QnB3#=yR11@68Nwcit7)bjQvBgiIuaS^?GBgDW!>TK)FUQRm3pMD=ljFv
zKu#!wals!U%jpT#(&-+=o=*9?skF;0ilHH?Wh*FJ3#t8bWH6z}UOpL1j|n{+&dY3U
zm?%cey`jHFwWMOD*q?NB88RPN_-xGQtM$cNzf~A{x-P;stTk)YD8LNeT%-)@UySfB
zU%2Cs#!_j2ukTR0bPI9Lx*TVc{;uS&XIph9$#6j`=`DJTJi|_hj^?CF#Pve2HmwCj
zEmsUwTUmA#t#>_{Sh!D>#-7GR^wZtpAd*(Ap-Cgo@_Bcg8As!&;j6|_pZ2Ik(=H;^
zh<U@qdVf?PI_1*D8LboqPb?w0bVP?ypx2Id>;t<mP)s$tnOwv(4B7jUAfvU35$lhP
zD`J^v({{Ilh7EhW#UguMEL4mBWM$OpAi~j)1ymG^IFog|dpIP-5tB)eDMy(Lwspr;
z4SI=Mz%Dh$dB5F1?oYgtYP!xvy*=J%k2Oh`p6I2z;Z__?+2%A*&V%OW=-@b3mR)Xy
z+`|x>aN`IQ5*)F*L#q2C38CAQ`urs84#p&*RuC%{Y2t{{sbI|MYq=}aWQ8kN6?;CT
zc~x(<J5rK9k5A#$Lb?@G$}u*VA9&kUMWZ|E0vq$d`ZkSMDCeM><Rzk1rUqS)ok!LB
zAnzX0Rd2SG<%x*1ltxI6c2QK!`J9@!2*Il|em2u^Mf3h#G%0pzL`|k1ZInz!{HUuX
z+BG(7k9k>clnhnGNtY!9m3CW71?`nyEYk|6GIF=gR;#KrKF)GddngYBY9%S8a@mH2
z8U-OjHP!Z@VGpEZ5k-;N8?;4RS8S0=Dypu~q$t2Uz9Nah0FjiyYdR7+4qO{bR!Kpn
zNJRt>N~VzrnZ_AWW>}6vETe<RB*Lc>FE9*6Y62x8S_U6Wlffu~=OMAAu8}e;6AHyE
z1ei055NKW{cqGUqLu)cGYL{#g`v{Q_X%SI8wYe=yg-6w3Az5iQwNj|tLa8F_OeI*m
z!(DE~qwQ`d(P|Cs`OW}@jYrg`S5A~CndzXxWw{2G<p<q@P;faLKCMqUVxt7%%MKi^
zKG%jw@d3#PGoOej6;!LL5|fDPz1kp_%~q5KH)!YM%|O;C^Rna+QJ|8@P02yc@9x_t
zD4s962DzHYPxhTE>znX{M!%y5fYPiFn~88Z(NxDHy&E7J6*kN!f_XpLX*f`MQjqLa
zT^Ah_AC-56Dta;=lOboo5QV*Jwby4FR6Y?(OPy>#sL0h(OyTN%&~0BsYKd`3J>XQk
zq@OCb3h9ns^0Fy;Qp@MVYAP{|)-!xvjmv}hv^gY)4Z2Upb8RA0$f#-qMOh^ou1rE*
z&94ZPz(i)Eu=4tA*<eABMtDyulCC*&khQ>BrjsT6w4Mt(>#eXqACXnbG0gVznp(?B
z{TLIMz*!h3{9P{SYNh1F*bDZ+?iHH80x9tcvCpusGFhRBSWOJeI_kDUfv6arMryH|
zR%BcCzDj$YIa060^JF+tYbA1xZX-BoWz?F#Ic_?G%~-I+SEkYSsN`Y>UbZ%HYGH{F
zj|#>@FUKU+)yX)6ZWN45QI(sp@p@Gs=37ODXB?hla4JVDv6?efR64#C=Zn_4wi4(I
zqkMVD1xESN)Zb4R6RyaRuEvYGVV!n1-HuGN3l10CAjjd3Luo3l>QHQ{6BUi=LY#~_
z39Uv)?RhQ|@G!xG2Qn}W__kx<_9C+CwoB94BtCSO#>^mM5B1tafztCMF{njruCS*R
z^OUL;!smkhLs3*6plOr76dEFW*z!z<gwV^k`wpVnkjL(3#2tzY-BcdY$yTzP$O;*z
zH=&vX=alV%`3);VSqc>4mr^az%Sq0>CluBN*}*!4nN~s4+ueRJTTjMDzIr|pL8XyT
zY}Dz@Fp&&py&^^GpoCK<6H7*N4M}O&)FRB^8?#0D{{P0dyO<G103(1AzzARjFaj6>
zi~vReBY+XW2w()BSp@L@|Ct>cEEq-rBY+XW2w(&-0vG{|07d{KfDyn5U<7Uq0lfde
zF(@%3i~vReBY+XW2w(&-0vG{|07d{KfDyn5JhKSk{r@vNG*~c<07d{KfDyn5U<5D%
z7y*m`MgSv#5x@xC7y@|ze`8Q$Mi>E%07d{KfDyn5U<5D%7y*m`MgSv#5qM@1SnU5(
z_HgVo2dD7Ws;Ej)X*K)WxNrP@@s)DtQs;j~qN&qJIutT1)mx=Xv)I#my-KTDtf=S3
zPBZp|(`QfIXUPYrvkIpPx5u4uN1X2DX?db{rD97O^viV7_^vhk6-DYBOy<l^?^o0Z
zr_so%%N=s3+^0$Ra=TrvGthc{O)W}&V4zmCrlQRnUlkSv1qL2_I+Qwn>#b#(E6qy3
zBGoI?84pwLlt1iF8i*Kwnw^|M)9Xuple<~&;=4bRa(mqg^Mea$X0=Rgx>`eP$XfTJ
z&gtoDtxI4oDirnBd8KPBXx;8b$$2wZP%yhLDd#Mg<$>SVR51InG(zWSSzu+bG%Jjx
z9>k2-megTwr=gb$FzpTGs;2Zog$z~DD*)I+gJ^^vm>P6>BrUad*0C$yxzK{oeSWS7
zQe$H<E^0&F+2BIcJ&?4hl%;xIYnHTg<zI+>uJ|VOiweD3r9Bhz{M(hmJ#S5y>OF0>
z`cUhd=$u!7OnXYNtDl#h{bEsJ)}>Ncg2@j<p|sko+P;kD#oS+%zdQq1mB}c7-l4@5
zT!69A^$P))!C0wEuHvw$c`-{a*IX@MmYQn)TzQT5mKFG-QwzziYVZpGxe+|?n8iq4
zotD-xUKr0}zg5$k7g$^_f8N?#=Q_NoEI}0aUT>MfV=B)^+!IZ>{ocrF(49ZMuhhYa
z8WZp{r%l83UNP5Z0mClOOI#Rdr#<PkyWI1+;q<wk!PEP*CXC*g=JTCXiWW|z35$<K
z%a4~oyuaW<pV}j?CEf=AONQ2;JY85~qwslqSBuV+=kdkOk-V;)VOOuCU$TnV6$J&H
zt-#lnF)Y^-{k(?{V8Oh=_Z%|@V|IG_gqX1yvn!a*X4AQ{8PjQDEmu~-CC$7t{}vU_
zm$6L>&z8(h3eMKLrGn?Ou9+AJ5AxUlAai(-|Lq^-tEOk+eVX3t(xhK&a~3Y+^3wU(
z!jE+k78dRCPJ*SccAemh3Kezk*j-n6A;-Dnx>R_{4$gjkaPYv$|F^yOo41brhhIJT
zyYLJC!U$jlFaj6>i~vReBk=Wxz!ziNT>8y3|MTK2UdT&(boBh*(ep>oGq#sL`uwfE
zci#;k?LBY&Qw-1O{A(}0$0Laoc||2?o+k-bk!3<wDVfk1MTbOe3ess64osVURVR9C
zjeVmn*Hp;%*egpk;@+sdLnD$TKU05)q2F*g;^nS;kQ?R3{!YwW^^qE{mfoPNmG0Yh
z-Cpwt1v@kG);b>5U*SUGMtYhhd%DwINGQE@DO(lZd;h)H=O=YaSDPJ{!y)nO#-}Y+
zd;R^EuGcF~t!N$yp3eU~H3Y1v@4f%I&%gKnyn0Uq2K}Ne^(smt38FSzO|3nU>lMXl
zq}=bfAHDr{y`@O?a;w*WB#;96`upd(;;2&!JwoUaDVRy(mI;(ect|rM5@~{DA-S&6
zw$~vIlEWm|bE`E;@W+Q*i<O*A71^m!(IW&?@oX~P@72?Na+BPiU-aF%W=N@bgX@Nr
zA|;MiX++30ClIVoLsC47W(ZYgc@6UDNt(zm4Jm!ykapeCaZQNjB9O|r@2<;<A=mK4
z-=Jj0H_7*7WH1@+#nWxK;OBaNsx@>e6^FznLyZoDNblP@zVy_F^t?-27tUXn#*#dx
z#7880MA4VV5(qHDK%gEP3746Rp;U`vLsZjw&ZDIZ;ao7<>>x+G6!9UV=k}-DZF|3z
zEswnQq<^EK<ZpB7Pp+Gt&#xcKP4dK^_gk%9H<D#(((=pB@u$5hcdZwm)Lo%QyYz-n
z_3>=0lODy$Nw7L`Nz-XA+7p3kWE84qnzW=l`NYT`FVE)9)0mtWvk(S|f5g&PXCV+6
zlkkwCC|<l6xf<K(^r?Wm!{$_1J~fV@T(Qv_CY^x+Mfn)Xn`(8Xk*_-p2^)<ZyTzqn
zUO#ec?W#tz9FmblAcm)45<=Q;NRkUP5mHhzf-2I2s?SI6x=~Z>O^<t|<-E>9c9LLy
zEk|e2w!e`nx7|$-865X0U${CP`&h2Y4%`(=k{b0oJK+P>@pK}4l3x4Mntzu@jS(Kv
zmu=^4)C>au5J3)ffw~yBNRaI3i(x(M&oeb~06DIsJ+Hl_4T@frOHKKLr&WyT{+u3k
zZ!&DNRqna-bq@c65x@vw1TX>^0gM1f03(1AzzARjFaj6>jKJ3+0*mMWzYe>GyMz(I
z2w(&-0vG{|07d{KfDyn5U<5D%7y*pH9D&9D|LE@={kuo6A0!S=_P?<AYkT?KAKcyA
zDc=75+wHAi-U=A+<{SUFDos@z7tPo9tD{<xI{$U=i?;Nx?bTPezVq{aNv><>g!5lM
z=1jQl@CJX%?g+V0UqAo+^#k)2(cW^{0C=fv@qV)T-uFtlf!gLp;Rz=rCV}ym+U#rj
z_1*IqY02|9Ma{Q`YuZGW`qHA#rMKc&M1hCrASeLDA2>Twc5UIex6VF21Ig^(JhXxF
zOkQyws{r1tg@5BK^cUyw_#-ZNZZ$H3MRg-0!W9;$_b=LbaQ33SYm0+C%o=%?U)Hmf
z=!M5fbeX{#nU;$^I6IJbZ9$Ogt#wi@UO%=J>G{Wrv|M|gJc}|9{&?}*c5QFJz4cv<
zC6!$ovMT^Tx1z#V$mfb&YD)b<cj@K%YjpWy$j;SmQQ8b0u%d3u0Wap|mtSB%*W+{5
zcBT^$Y$H`XFExK3egVRHqt^57y4Sy#!*ZOz`EBsK8ad#)8MOKa*G!(}m)6g_WC{*(
zA{xb&$$1^`#j8_G6|Uhu4?b}L$r>Yc4(=k3fu!^+!=>Q{4l8!%{5|wV<cfZGFc0Xk
zG@y&{C94t|aTAQMMb$-{3)q&To@`cec|OiKU-a@kR>jp}pHB<D-WoxS0E?&>7TR#|
z;Oy1nt}PGK-FbDo8?1~#Gqd;^ix+{f%zC3#di|_l%jC-BUzL2(-h;E#Z{4+}K|=o;
z3C(x*7v(MGOU>m=NBr@$8;1Uh1)qs|mD3s_R|`Hkqu<}PNg$%MM#Ke(%Oh(kXmT?_
z*YR5;u2t~|XWO6MwRu74SJw!A5$R=hEi|A?JZ8X`>aLM#UIG;Gz3Uaw#Cl;TEY@a2
zp7>+rv0}1Du**eZMJ%jc5oc;Mf0B5OXtBqLwo-eIOy^}D*z-HaWVkgOvtFlO>BB1o
zm;AmZOR(_&mOhI7kUKY9RR5lMbx}3?v$AR$9~{hkVETnu$)<N`;&!g#bHio)uv{%q
zV+nuQp2!<9P0WSk!q8q`o>tA~<&Z9Kz4!h~z^H{KSdze61hd(>+*hLStdZNSWU&y<
zn_G0&!YN)j5`%7iSvL6HvV+UwT@6OGW&txRo$Je`b}ss~BHq=-#AI+ewAYFcaWP!d
z<uGI`(YY=U*BXDv9EOd8eVwngku+?QqV?>qjem9P>}1J~8CxINt`uP(QiQ#Nsk89m
z{#=zU7J^GvE@mPSPVWP=&zu6c2UKRq=6?11323mw8?W<?*IYf$9b7{x7tYcZZMfu3
zwri^@yfRa+n2>g@sA}!51`+CJG0j$eyyXB_Mj)w!2cSMbz`VJ2c6Uj2&gag>0&RY@
zyIyxz>Rf2f(k$YWJGS7P*Q?E(%UpBJzfO$(|Mv0E-8!)y|J;do^5gSk0sI3afDyn5
zU<5D%7y*m`MgSv#5x@vw1TX^6CIaE@bb4!(7%iK;6~8^>wn=!9O}O2eaoZ$9#U|Wt
zhoGnXn?z06gq!jH|L)$uymj(lo;*1I<43=D<lO%<{P}@>o&2d?+naB0{lwAI;jnoW
zVIHEHzjG@`!t+N3Ow#M~pwE|{09ZZ7S^Ra)X{pJr*pwQp_jZe_v!5%+L5oYgl`~K?
zdd^Cvr9ZBz4?%k>aFWz74!V`zQk9iouc<$~{www;ZEbDsYY%?ATCZ)~y<N-Vn)WXr
zqOZuk_~V-Ttx<C|8N#B@^3QAPw_6aPXkwtZT;bC1*VON~AT`0Ym4Vka_2>F?J&SAV
z!+~_`u>xFEA1>YcaP54};BO@VJo=M1Zi6=VAdAKdf~yCdmyg=#q4<GCztx4~%tgiq
zt8QJ>6FAPkz88i_kEw6f<VsJjsef^AvVJ07*ZwS8e^G0yZFoFt_Lx+;*wFgr)^gg5
z3rl3ALAi|N;!b}dO3O@w(W{i2m1e0Z)k{mAS+JsJ8CBM?g0vgmN>gvaJw>Sr&nKPF
z_hn|Av0B`=8pdWxj@4h!SwWJH^&NyH8LbgWqqMrcVyjz$tT9)|{+hA6d;-5J!~CyR
zt-X9KZ<_DR2mh9gRs^|n8?f}?g=Ov8hbt@=<33+O7Eg|?&bd`yE4Lbp`s=SZOwNNg
zJnyoS<YJYnDcK+98cpwl*?~*gW>c#d4HE{>1zs_MmVG{#d7<l8tQObs#ykLfq(0^;
znx$+TZ3s=b5NPevdM?=6$=OHEOLuDNYG&!luj1UiTU@#u592MK1G9M2WA?1xO6`ja
zo23S><k|QVclMFlz4=#OUUH3=YOGw08?AV(oTQ}+3s1=~0ADYUqnY|`;d`79t)bhC
zd197cJSeqP>zdN|`Lg-b4hz_p%-kw$>mE!ye?|jbg1OyUEDksPe3?1E5YTeo%=wR5
z#xaJ2l?c98wc)07-M}+$^w~={^n8|c{T=XpVw+C{Sv-DcTqj?#G)Cz)PwSoSpMA)D
zK<mL(6F6&SvFu-dSlJ*t=7L%nz{_>l2sP(!rVu)N_3XtPcudRw7^%#MKo*OPY1`L`
zce&^TSTbH%yJXDzykhiMthGV@mdD7pQhSY1=VeUP>}St^txs#cYwZ8;Z2jw7_xd~k
zIsCw1e}oYDvbgj7SvVa|Lloq%d{cV==;&5jRy7id0>_G)%8`u7Qo6<onnFWhT!G~T
zU8f+9s3MRoLX3=9np9|+A$e9)DVkOgPm;V&DkMbIm3R>XBeR;U@GOf+g;Q9OM6|+5
zET<4i)*;#_qBID(t7?QUNUW+$5-IcOJcKZW!4w`L?hz6mvMfo8oEesOlasV)$ywnQ
zr^{8PVpXaqrqo`JZ+I2QDAMMVZn6~^1f2HfFgM8xOt`KJQC{(T$QUgY9b99eC8dTl
zSC8feCppOs$*wo<=%ib!T4pN&M<S3UJAx8TaZOKi;^|OAtuUx2@{>`57$@}tS=U@s
zDw-T1Uo;$cvcw=Gs&2jK*Tg)Nu2;H3TxKIos3=DjyC*WOkYinlPRhAzHW~EArBt=U
z(M&?HM`*s8)C0xQNSpMlo^jkYZn4=0K}cay4fO<GOO%tWgYNMoU#KsOg_6T1)vA-Y
z?vgs0d~a0r_lu!XGcxKnvaHL))E#cd)%8ytn&1is9a`P*D<q<wa(^nZQ5WU*l^d1p
zv=mFZsGgpqgoYIAbmEPw&?tHxSzlh$$8qH9iDgHE7>=?jrZX%D$h5*_xL&!%IPxWw
zLQ%&!JuVl<m29Zh3?;Jph8I=Cv>r*Tj<nw$E%Mdwkatw%crjj1=_B8`>Mk}@Q;Cy_
zyjScs3yDZ>O7U!iad*bkc7%z#BaO5!<)eJ7Lw1J4a*Rn;627skHYx|3PE{obb~2M;
z(#c83*Hxrp*rnH#-f>spl7MTZnsYW1K8|bkGcMAp$45zuixwx5o*dy(tkfaWn!g^T
z#)88W&UdDsiXL)@^^n>vR_Q$BbY;=N)0?)ujSwle3XZBLQWeUrf|8$9hnlCCceJA2
zTrgZGOA~)4>$b=9qduxn)JC$Ck_SUFI~_Dfo<fGpjk0W}5SsKd{Ma!FkRnZ{lG?Q1
z@n@z^ZV(Ly1#hSoY&DZ5DcI7hCDy46<EBrGI~B1VL=k$3#_nEg*l{zuC+taiI^8^(
z86{eACQrC{M?sF1qgv5ZjE-HS*uWRkwOlzw_DPr1&*a23>bsdnm8CmVDwP`tx|)}B
zB~nfjw5-R7zF^8PNkc~>lg+Tm;q>{#{$jFCx~hJ6HKRL1`Fz4B3*kYwH1?ERaTiRG
zk)p*T_7>%7Icw#PUEvE%E>jM5J>sC~3MB*04#iLUREzXG{k?ZKnY){uTYp)+d&PDk
zO_nr?Q+Y`i8JZMTmX&pe(`B$S8mCGc1JS-IkyALH6iJokNQ%*rt}r|e_KDOOuw*Q$
zDxyToh*ua10S}eaSwRFt$FcA`m^}#Tu1hl5E`?(VS<*RzqIp4LpdQI{S8NwcL-=zr
zlho$6YZ4Njb&tDV$R$SH5b@z)+2bnn66tA%n0DLSsrTtnHV(6ZE!7HI%`qfgQO_XR
zOca}hKT?Ql!4W8byN1#^mM<g-u86Wid@>#>LH|I~QqAdfq^B6hquU8BkuHk0{&*T8
z$Ns@2M-r`JsKh0iVLxow+o~_+Zw|(iqY`i-NiC#2_Hxk27aP@_ouPx7P_!Norztfs
zsJBu+dg^eGJOp7cjp!!R$?H<KjtZz8=nwleT_0%KYCI}*$3m*!tq7Cxfbysv+DDbT
z{zyb?SGBfQD2JQ8J38tpl$~`~3wEOE5?Q%t4|KSGKnSCnpB5@X-S4Y#lW}Q~$VB69
zcA)mzXwBty`m@z!zU^*k)f|_p(6qmp(yGG=^kh5~*m7~|kMglnq7<rEf~1)0imaea
zCgWkJU3SWyWVD*=MH_)CUvTRqHAhynWsMi=wBqy0Wj+xZDhaPE)c1QQs2FS1bfSS0
z5f-uSX1k6W&S1e;C`Dqu`ZN#=HKrY+7mqWspl8x3qbgAtIa+k0>kS6Gc3PO$S`InT
zn?#d|lD*)wJDXB$pcOg2&w1QTrW8{7w0G1>mZwoFHR<!^GDy+M$I5gf#COx`pi&A4
z`-mP;twE|Mx3zS5GMUyweH7rGS$BgjHr=k=v`nCu#`dROH9-W@ntkA9@~Mu?8~5-%
zcc+^edh|LUtCdlcXKHjtml7j5(sA1PXgHIr)+sIP)(QW_Pr9q4L21%Sdiox!$MzD<
zLLiVRE7?HPS8&jFd(WM0ifT=lsX~D7Dbaql-f^PDBs(eS4Yf%5%3Z!Ra7A0iF&%Yv
z{JB=QMF?Dhk{fM_(kVSXYS%I`u9qK|>#mI7r#WHm5U1rnLwjqSM8zq##za{}lmgRm
zpr4@Iqdd&TMj{jHcKfw)JlhPhbtj4Z?!KJKhv`vYN}{$m(C=q*?lSAAbW&2Ik~S%c
z*>N#jl%@@#QtgPMBQ-6%?3G@4SSI4(@gybdJTVqMk=!sh>gm;BGZjGYo3mZ}+vm3H
zyFY9CT^z;m5c^yb1kg9bUg;dgD~b%k&t-6@I8D$6T|z2LQZmV^JTLMp%aF3Hl7g-w
zQI`~Op>$3p1sbus%JCXPnjla}R5bws1w1k%XNATp48f`bN5HJo2!s@9heQ%h3zuvc
z2@(Gv(uks1W^>!cF-Wd?ij3eF1bJGvhy0U4gGVAe2+QNP9*#D}vW{q2uc~BN=BK)^
zTb{U;VL=nLmJ8H`bOoZRNVLICm^Pp2=c%k1s<c84cf?yA`rKnQNjpcuIP3A|o$U&E
zAKj`87SxE?cSo{yoh#=Qa!}{Jt)4P%p>Z%Y98Y+i^~8OYDvT@bd^svKYKcnL)2GV*
zbjLRtw@4*5jrWo|UnYIyQlVC_Wl@ElijtS3v-W@{ghfxf?^lDZ$#|UUH^Qz^ZCvpO
z3t^&FpN{&Sp@S5Ij5A7gB8t14Wv9Mqow7^QiLa5PTj6Y9_t2d(Sq?>8a;+pv?SWs7
zsq`>7jks&}w3|vf^>L^a3Pe)9GBL4-qPnhDb-zSP#4wo4CByYVWg6!j8snbOS;|}X
zWE+CrAN7jW6lqTk?fkfuPNjRTX^XD#QzGFPBaLZSu2i{-w;GLfid4Fo$~wW!CTpI0
zI+l!&#eAfoI+R$tGN}2+sO~NFGNW9=@9YS{QZbMfTP;UjEvE$~kn+^J&We-GwgOyZ
zn(hcfsF=tjJKga6nV?Wi`v!x4Q>VQ|l6D1~M2*cRvy+l{h$I0F60I~PCFdLYiX%1V
zX_0kUJbg(j(HfG)bVYYk9VHry$6`??TPwwUQipCpvK0!2U1B9n_IkCL(rKiXdfo5H
zxd?wjYL7!wOdJ*LGF{EPI+gfHM@l9X2(+u2dVwGD6-OZM^`$eTsiQPObv+pC^+I&E
zBJ%l3u%j}y1T!9r!9cg3BoioLZ-k|6bQsBGJ(F0E@QFm;kwu+)wW17MMYjVvn0V1i
zwB%eT>Mki=)#0o}WDoDi6l4!e5se}hu2nphaaIn5QPCGdWEh2_{(-aJD+b`5flew3
zmZ=;nR7!F-8%&4l(W>Gdsv)M~WGB8c(F?i-zLNB~lY@3YGI3RXc{bLr)=Dn5)Qb4M
zvM)Y~$$q!5%eI{n|BczAqrI1I9p1Tr>qI^N2lw_4sQtgNe|xXKUD&&SFu3zy-?@MA
zqg%hZ_0Fxocq<71{lT@H<Gq(|2W;BA>s~^bM-7;tV|6thZlub^exqHa){^d@eeCQr
z@D@9>b@tBHQ>uBg>&2y+#aX>s;#2F7UMyK$IenQY(OG)C-aLTWd+E+AyS5@o_ug9R
z&d+R?QroY-@Mv;>{jow?a#}0vdFjubt{%0Wo_zzn@Cq`!*UP+=%>LpvmHEh-;=cBH
zaW64hFX>Xj1+H5^ZN^eSS7mJ1lxt%t81z@xOJ`C2ieyHa<yZ<J)!7SYZ$4up!P{bI
zA31x&4Dw(xJ!U;!K8(LIltzh<KL)DH4Ay|PT+AHAFY#xunHO5GT)ogTT3$IKH9q*r
zT$GgnA#<%W=udi~we}s*i;IbiHx{3PSPOqNF1O5H;)n?_eT})~a);ay6ldk#*MHMD
zTCmK&Xe)}alJA@mJF`XKe)jstcMZl|UA&;WG<`n`HuQ9@4Q*9a<+>0#2Hm#aR#{ZP
zVyTQWm(03pLtkBMLuYK4ZQB(aYLxi!W8}KbV2xzU#Y`ItmrkEpd+B7#wus|mDcFY|
zC)jfBby6+Lm?GKFUfEa?W)jZdH=Qej@sSt0^~tr}nrY9u_j09M2KnXn-MU))O1F$6
zS0BG{oPFF}t(dE;l_B)XYGr(|h}UGbS{Zb_T3x+-Up!NQAH`5BS`*Z8vnMJRu;E8B
z`bNwM(-0Z+dUf%HM=@SFdwJ~&GkY@Yn$4m?e_Y73)#_JFi^0Njh56Xp6=o*YvgN;G
z@r)9WjeEAVhcXzfk!-mg6UC#W-@SEk=kvD?KE40z`|s}k;NGp>(20EK^CurUo?N@z
z$3%<(M&N5h;7h?XV%LVy)>kZICCyLBR{W0nXK&5@A1l{mUIcp|*!xI_Qm2130u4SR
z4}y|spT@_*mxI^NkJy)84@(baamc=0aJ~z+ojusKMd8R=ym}nGV87U<UU8r1eAjOo
ztvFoqpU$OQv@;j&^z8oQPSfW;<LrHmHPXHMSm`b^Su5ajK~qNe*;_ldJhSdzW@Uky
zW3jqtH$QyyOTM#D?b;Y->nr@#EwWk0g4ZXmS*y%Sc&Wlm6<(@NpXxgc;J1EZ?M8Wa
zhPJxXU76Sh{cFBqJA3);ZP*ke%bVTB?eO|zz<G&Jt~Z>PJg%6{d8sSsf!?!+JGS@G
zMn-ed(yG;*fBKAHVIS@O-mT}hinn&-JAdx(?`{?Ee);ap+uYF~9R2;H=;06F`+NJp
zw4d1f*}b<n-{|cA-qsPU)^Bfp@wKa~_3TB7#-QG>6gva0JGrtR8U_682i2<n!ReJz
zHHyK<r}J0=r;7;1TDRNkp4yX6xD@ZhE0XhH2ea30XMfCUou2ERSzu9p7AAF8d+|wE
zYiJEw>zdVOB;)c1ewlsp;5(CN47}Kq-};kVSJzDN&3ndcnpJq>PS&KZ1}{<fdH~DH
zY+GCE)7Px5Ybz}l+ogA=7B6QR?@L{I$<-9dfbu-Z?MiId`JLq)!N-(RT8kHmSI<4?
z?=YLZAf9Tmr_J7p9ZFsB2D|qyS~N<{`*2OEr5K?XFVb!r8+7TN_$RNtbcJVa*iUD#
zLKmeb^mdNk;=Sd?3v1`E%zEshq}xPi9$EIjIW9}jc9?*e9-mos<xRIast{y$2Ao;$
zYGB@#V6^i>R_CnJ8MkX2<+skh<LVq=t9!)@M6b;IwUzkw#$auoOATEy4{Ix)-oFs>
zLG29f*uEpb(GswhW0Br$GW%+0><zTGx&*D23Y~r8jNY{+VfD3N9l*tUc8v=#FY*oR
z2gjPpm7$myvp6(o&nS4S5+p3Hm+;(9FXqq{y_)lX@OVKjd99cCy!g@_gh~J4?2R*W
z*OmpjEfNYWKv~}7t`qr<4Mcw2ssA~;%MF^-djGp_!4!T{|Lg2SXWs(*T?mK0tT#qL
zYUulUNbC!<d(k;4vxw@m{L<+4RWIP587620(4L3N{><q`GY`&o&)x-p7UX(+Nn4hg
zUld-E>Cgh@_0`tObHV)qfA-CPxLC}7@Ug<P=tzI-)g@=aR5a6yn7_N{GOrx}nj|xq
zlCd!UrRUDxF_|e}JG0sPzu~uqJ8@;vp3j);BQ7m9verkKGrB(X(k6`728vj!y!`80
ziDnnH*G5uWW^+w6oAW3wj|uFwU^kZtG$(nMKl`R#+k0<seZk_P$(i2_k;{jb)}XgY
zy3)It3G=5jjAAZ}8L>nzT5<tz_i{oigBJw0H+>tJtSbj+@b~;3cEhK>_-p2%U;Mdn
zuMMmEjgPge%ST^Vx;8h3i)0haHfY|vg>k;j=1R}bt?JAkEf;?<ITLqn?}8ax-uoE#
zWRWevFq7bdnbR2vdvmlOlQCdk?Lri&dXY82wCL2C@T9o|#4mpSjGtv~`;vdjN&xe7
z0R<~#0|gcv3Fz2D8D~G&PXALQzrm(Op}#9dt$pa(9t-kuJe>q@^DsRZdjXJe)4jyy
za6>DW<jSV&a+IUR#$X1Cky_xqUE>ea+jsih&fw{N1Gv}TIem+qe-XydOWzi>w;mik
zFy8+c4q~@X{^`ljpZtxJfB)o<ov0^)6Y}K4$N&2He>whdkN?{7pE;f$f7`L=_%p{Z
z9Q~`Ke{%G9kNzs;3LGAN_Q-K`|LFMew-0~$@TU&{^5J(K{{QT~%d+I?vL@7RZPqlq
z&Vd17#hn5gx;LOg_e;TP2!#}(`z;hwNE4Z^5t1Tw3q|OHF(@+zy?F=*JOu+Df$jkV
zo}vdl0=_bHWo1^a%w4Cg80@xMRhBDOxb*9nOY-04{`u#_U!DHypZwK7{Hs5F^Z$PH
z|9ta*e)GS7^H0BNzHz_#;hXQi`TKwP7k~J_|L}kO;eY$X|MG_l4*2`e?;7}B1HWtF
zcMbfmf!{Uoy9R#Oz`qh2`1VKR?@|BYrIH-Qa1J<JNbJ44iGBN{{!xOG7>f}f{7{f+
z?<EA#a<CXml2F<H@&gj}Z3+7AkIJirMLD1zqR{sTf_>yy360Vi&=&n9kzOSfhJP;E
zze<P~expzK*}Y1jLjK*P-c9XgZsJdp_uqZ^_uC(Z_Yyb;oDux|q=W6-5;!0Jg9Ofo
z{$wAJY+fbQ2c5ke4g<;m_@)HqzWwokcw54L`{O@(Tf%(%<KMh3p}+m{zkgdoef#5o
z_qK%m_QxOImJr|m$h|GWzx|PYTLQXf-j;w4=vN5=990+wL@w`tzWtGUmEf=Xe~~bt
z9rA4nXoq-P0@}gfmVkD!w<Vw*^lb@f=f8bh0^0fhZ3$=xd0PV7`ETBqfOh`tHzhRa
z;J<oX0y_BP+Y->hKYm*RI`~I#OF#$z<=Ya_!GH0#1a$BZ-<E(5{`0pbpo9PHZ3*b$
zKYdd|feyZVTLL=xPu`Y*4*uh}C7^@<=xqt;;6Hp@0y_8)-j;w4{{6Qlpo4$!Z3*b$
z-+fyGI{5ZY3CX=II<<5>4&~{Zg>8R)&~n&cQchep&nPH@r4&be#j?2O_&$~uMvDXQ
z@Zhf1P2r+7C4k9g+3;LTnVVbx@P$#e7$$v`3$S@0g#`3KrY)*Z<Lp1J#1Ix<zx&>D
z3J%PvSDEqd8thHYC`0HHDnDmSs~RVZQ{xABTf<9llLutHwOcoFXhB-G>_sru`%ImZ
z^5`B|PGM~;)9JgG=&5ktxdB;sM`^im=bgRh?`|~~0*)%IL}b$?+24o6TRBk}PHkbh
z==8X`)#l=~`Sq|h_r6ygN^Efm?a35N?(#bg<&}fTF6Uf$Sl7X3bp6^jw1?`CM;YFO
zJ)Lb;J#ce-qqa=iInPqa`i&_TZ6C<iayvTZUh9i<;^_Cx^-{qacgnsSD@zC)zx2;-
zr90P|m$q)e^ah@(xMh*ciIWlkv^lVs^AnlHlQEum!v)J*E8@6h+|iBH?KaC*Y}=<N
ztu%Wm=+4-8LnTe|y>sC6SsGtxG_KV3^pMoE_*jAy)}007P+W$*JW;lbwZ|rt*r3OD
z*M?m3mWdo|xw^~7PeU)kPV6SLZyGRRg#DDL`O@<@EhHY*ei)BioF5}OeJq42V<nZr
zU2&mS`QA-8y-7|beP2eq&n|eoR|Z`_C@w{c?XkyXB|+)((%yte$6qh>#*8l~OXlWw
zmr?Qkp|alX%Fag>sZaF1RyBK(5AJfB*j2PHp2?EK!Ij73Sh&9E;c8W`r}Q-D7b=^C
z?)g}nLuV<IU}X_m;)l)jbbark9TA>9-Ji#?)$G*Ze6**X>tknoo;+V=q^y<dQ3jV`
zt_j~0nn#X4Eab_tK*}1{B_BHS>4?tVbMK5aZmfkc*h4#urr>pJ-lm1+T3VLmrH6Pt
zW8HUSc~G#2G!jXpI`%L;I;IE{Gt#m{q;BP%d4C);>U<4m!H@RqVRT%fq9VDY*;{6g
z4<lI!&XS$o)znC%%B~|BT*YPb=Q{7{lEs)<!8{{*o@vYS@vX?ANueWR1q^|-T66mV
zjfg@%B}e%{<bs=R$i7;N;b2X%kDzoExSDlUd&aYd*x4Ss97W_SO;6>}MRC`!bF2i}
ziGye)TJ4Qnf%`gl2BIdcXo?wGyM$vGN(+dvAE!AyUt7O%<wL>STzSg1y>i<i?6_a6
z?0Gp-_iM+LRGF_@aG+~{0`8g9L0wdWOG6U5D0X-hA)VP~3zO#Yc~TeUqL#w7bJ#dS
z=W2+}wsZM{UiX|a7nbIZ+U;Os_cp__d!?qwIvutBa;q|%*#bS1=BN)RANqvb`Gw2y
z*NvZ>R{{9?FpDjlsJ^)OEj7-YYm!D69z~47ShAqhBKI2HqwB8as%D@rEk+Fs4H0io
zI>u@$@ZL_XDjA2HgNud<NX71Q)tq+v7CX<!L)v+CQ)xS7%#@p<6b&Uerm#+Kxyfd3
zew^cS+U9~}CuvXBu|`VL4rm4|{z{Mc&0t=F*nZ~h&;?O+CMJc?t5%{G@<I8$xE<oW
zQfO?ticTc+3`eABO-9yY?e-fxreis$kV!O{$_VYcKZ|QLof<=&jQi6dV~h}<815eg
zGj8t6YR|;OZfKlZvifT5u*Svt$EXfjN$>2cKg^+rvi9jn7{V=)tYrwg;c$?;8!pAe
zWIpgL*<tRyL}+N8Z$+wU*+?(D=^=7$Q!#4on}L7L82OR5NeO2b%+{^zPj0uMhx*F4
zlEaVqwi%y8xAltnFcz9~B)39~Kjcfu^&3`s!d;U*FgFhNq$*2nP6upKHNXgop8`TB
zv^{y{4NcFnW>3bpL=3Fta0RjYnA>vR^*K*8!U7#;;$p<CP@W{K<dKR7XQz*25N}3Y
zlJb!`ub0U+(?zn8WKD=;M&E7BoZ)u9oMq%R$Wq!-1%u{RNLpNtR(#ww&C$&A0Epxy
z{5U<@;%G|j=%C0gsL-tJ=EQD;g;@levtjNipSgo+-cy#pU;~!ob#tXI4Dfc<$?R=6
z1@Hvr`D_QrBskhk#5_|scDoxg*4=qc99DJ9=Yt)Xk=N`^%4sRWYWuC)EqID^PLm6*
z*j(>8L7%HlM?5@CZccf+87QqimG#3+!`9)q{!x26<K}>tdjqJC$n4=V{qdr*W3XnX
z?*;aW32#}iHl39)Dsy6kkvnbd=e0X5k~ZI%bA}Q}MyfmId7n8+66IxtyENSBQ7H_^
zxKk`0sGGJu+KHVXwAJNOaAc&>T$kz<A%^}5JvO<%@_TYco!!Xrt9P}`>w4lxr{CY|
zD>N2Zgag(!ljXKYAGxf^1DSpIaYVA{X!eD+sKYfYp8e`?E1g$wey}mX{cuFLxb;9q
zdeyu@y6kdXq3sqa*WGly($tWWIAU8@p^XpQP~b1-ZZji;cZ#+{!;(ANdTz1w%yd^V
z#IMuop2-@u8drqQ^gUaZ2R~MigKp5NIzJwJuW`(g>W&+@XRF-<!=)xIo(O6Wl^!Ds
zt>=E2#Ms!gK0|CcgG|YK9T`zP<1}$+=R%VlEna0qJ7#)V9q4=)or1x4N>SQ6X=6Nq
z+0{4;wM;jo7$9*g`Dm+O!VD*DeRE0Z;-*ywv$Y0#N@K6TqV<#qdqb9+dZI7l_S#4;
zkuF+YPFFLIY9<vByIBsRq%0NcGj@XzOld?nQKWl2Q0z&UdOfXnb@Ds}B8HdY&iAkO
z31@C-=og9^)7uhVJ^p&S47|)Mja+$;8`bZp+Z+O)*Q3y#Bt-aG=HyV6imaa%wAgL%
z)6_gu;uf+7m6Qe>kkpFwY;g=ZssWxu(=_*&qd1%s6x&`1WITn7NX@rkO;i=<nApL$
zE6~~rIhjjW*~tV_E?IRuXJX4Gt!577F`DuNcQ)IZ^@c-l>XRgp$aL4`^2YcEk2vL~
zlaFh9SiGzmm8H3Q`4Kx|bXdfSykZVqV2_2hedRRS78Cq@VBuM~TYy)Ul67~yoMIgH
zl(F(>`grwrn`^fl$V9e_jq^BA>Oyr9uUGMv?y`y{ZJ-$S{EH|^hsUW|GqmV2F}<vp
z6FwJLi#6*BSFwaXRFPE5s9N*!rkC9Qwpp<8#oKZ(xUI83rKJ_Fm*p_~aK7r9j>t{{
z3r{X2;fjgBTK569n<9;fFgN)^T1hylX}6Q=`{_-?=#@&X7&%)pD>Rq7VJ;@0Rp%iY
zjV4X3XK)<cSf<!#V3EbO@Xe4UQwH&)i3iW!>Q$l(9bMG3oNKn@9tF3Yz^TivaF57(
z4r$cUv81Ap$k6#y%Sl&Kv(*QNjl$EDb<cNEp^=(8Jq5;YI{B%0V+|%h`c-?}*w^Q+
zk?Yjg`7&yPBpi<uU)Ry*Jg6&9ViBv~1PwQ160sN{ltrJ$;!9M^U3by~gwyBHQ(bOb
z8Hr*fMbGT^S#Y(SyJqG7k(o}RQ5(dWT9Exs4m(WXZw9uVNxAjWQz9Oc_;g}nG1NK<
zHM9-rh1e@~@d#wxG9RvbM1w^mv>WHn7B#M9b28VRw^-U!($zD0)b4vuw6|M!*M}K)
z%+8zP!U({WiK%QoqVPteI*V65cu(F2v{o%yB7}6rCL%r#S`!^lXElhcFcPZGjU6|}
zvfJIY<At)Lbryu!9@+C1+1}zTImN+I6jP_~L&7JLCtj%~(=4&g-+OPp#K+sJ+U^<w
zudB{j<KiG)EA;h&C9J{=5BR~gQXzF}u6mYM(rt`%=#o>@9^`|L@ECgn5^D2U_d!Z2
zQ{UppEt#n)|IF{ivpNoVQfPs%K86r$bD8r>o$SRCsr$JsHre7AH@paToibIs;(_$q
zB|AQrwyoDBiqV!K6y=eHPFi2i_r0hM2H|Z_&+?gVVu5t1IKpo^P-H8!v)Efr#|f6Y
z_47>$S*kClL@4a%GsS8pY>wp}1<vsxTZUsrSH6OsBg&(zCsT){l;DqLgAaTBq*VB`
z7EzqY^Yz>+Jl054kE>05=c&V9&K<@&HGz69jfY}wmqUY!sN{=!xHsldo`Xl$VANSo
zDkbMPVi!u(Q970Cx(tkbHiA_<SXo2XTSL2}2NL*M2QfCX_(_c}cS&^Yc)eJ+r(oiA
z66@p<nyn@B-+aolN&bKmKalkIKpRZ37=pszC`+dtl>^Ig{KC&k#%PLgDHS7V%+d)^
ztH&(C{I;QDXp!-PDR9J{=!nKvJbd>VW;K3{mzUOFX*`x~1K8~QJG=!DF?>p3bP(Nl
z!@Nf$d<u$*KB2AnIrQmMEW>MKp!cm8%BCF4_*$-?^fCGjdhs6m@D2j<9?Sn3VC2Ie
zpCcze;>_Re_5L`o5Tj4`{(P^G5R1=uh@ex<>rP+Y;eFA;>!$C2e}@0~3B(bnABX&W
z`(F};yw~&lDSdK<K5FX?UA+wXeg_B<M9?7YGmOm_&H>Icg+V{yxByo5+U4zM^#E^O
zNx*oG`TSOUt6!Y|M?}j%`k(&i4-IJI+pku}PkY0@?=J2uyzEop>wA^H0+c@XqIs{$
z*B#!~czmY(Unu6|(LU)v^}0Ktk;<a{w6o!#IbM1niq8)BQLmp&@ZBlBvcP;op7UYH
zPqq2e&Gfo`{L+)|1K-U19e%$3#}j&e1YghQmk-CM%6MlrUJ+0qngRZN&!3)>pYQp(
z+M%UbcKvwszD)De8~CS_dL93lckpN9|GX>S8&~R=kLAzR@_vS&w2OJy>F<NiUuGzt
z+}FQ8)5TBs@axVW>S{k3;OjeocuwKrfxd#TCO5j41$6C<o9}qj)WnVPv9;013;4cL
z<h%Dz>9_z`vwgxJ!^a^29`?x%`Qc&ttWxB2pynTcxh%Zj;A=!YABOz^NqcwmzUb+_
znf{yaAiegT>AdkZ_vY81e)*4I$H2ea7{Y6L*N2PnxqbdlKK!H~*!bh|Ubg;x(|0%N
zpWpob9rLyAUhMbR<Ug~%U)vOJ^mn%NYumh7$WP=S&+w11F#n|Ak2)iM*V%X9{VjDy
z{;soM=<G!$?^oFm58g*G_h+l^CwJz%Jzh6{`Tc6fKQ5QQX5)8D^RL<P-J1HzhJWtC
zpnku||LR|4`uB_cmw%CeX?kA0-1lDbClCD>ZO%uh_HVQCpLG#lE!v-V65jL)zc!cG
z9iVjNy#x8RjbG>S(Lw%X<4^41yN@66|9|iA{$GFR8{zN&Q~34!&tI?x{>1(3AN$I@
z_VdH2B+a446~z%nLSk`2#5k412daPuR&+)r5PB*KhQni&hJJo1K@((}WCS$ILP-d_
zqj^T*8438hEPiS87iT%0q8W6dL2;VRVg}>lg5waH%L|0$QWmmp1%Xg8mM{>kN*F-X
z0U8iuTL|{PpC9`J#(oc-09l6l^?haP=ZbY9x-sW|XY<dS=z4hu)pF0Jvd^2!bm9|q
z+H1-9>boHx;O_nUG+5?&W%;aMFME>lsNLmxoRN0o_D4HEKbx(6#>cyL#-!_<=j8SA
zT#2;rv0lw1*6EvQB)OyYQ0zc*>K>2@p~aif%p^i{ZmAEBvQMQj*5yk(a=LOqkcX)c
zoM+*)v9(FJd3dF)hm{OW7)pB-f!O&9t+i@Y!kj6dyhSl{Gm0GCz>b1+#cs7p1#1@$
z)=s~;0Hi^2c79Czz0Q%cx)jp=S?(TN4Hb;Jizfd`<iwP7DW0R%HcBj4gB<>D!R3Oi
zHiW2e`N3so>NZt~Uz5yr51A0ZS9htQ&uP~4X?DFF6_RGWn6842#%|Pp?}hHO7OpI^
zoLIY`4}9(UgRB>R+*TgnSB-I86JbP{0+0<JS=G*HhFW~gpA~jK3OqX<@acZ_@YqhJ
z>*KiM$lfjFwPHIW(mJx9clU}-rk!K(S!m51<OXv}tC?rRXSX_9u;W4q=t8jVZGX@4
z!*1^Y-3*2mgwpfHG1l^6g6`aOuK7DAxU(Dcx+C%+EsLvk+NDnm$7gR-$TDNlZ8G$s
z<RT)@-}z3yGU^a>k3BQpFxOZePTZ8J)b?e8?D@PKcKh@0p+wJ?2uWrb4kbZua#BW5
z*NdA%kDV;w538#f;ep=Ym;O$T3gl>@eTl46xf;60@rpsD_vY+#{jdpLNtRRfd9zP_
zYx$W?XIQvRS66yYhnwa|egOIYwet{SJ`3TX-CJ6hw^F;K9|8iCCpngk*)yMQZsXJ}
z43E1B(h(>X`1l@XG4eqy?s0(Hbk9O~TuU6)*W1{#24Rt1mOJUz+=NZuK@Z8nZMuAT
z42C0=wsbz6p9X(82zz(o1;;1`XCKxbyJsIx9d>|zX&cqcrcG(s(Ij4sgQ>=m68VJB
z<;h%Dn@tIgZ>r7T{APV<{>1%*U)V01Ojrh`8R+5%?fXzXO*m*Bg%>yqZL#t+hK`^(
z4oG2~fmWj^ml8NbL5LjZ(imE2p?S(C)C(+_B1xK#3D^kZz@jA>G#rHnrbSBOc?_U4
z1V_O-kp-6_ERHb<ofZHirP(yWppD?qZ5Q!92Ymq<_Sf64=&0|W#)`<~h&0E5BJiu^
zA$w2c4_v1^>;7zSxn|kNuGGck4cYdtAffosF~TB5T*fuV&9LR;#nJe#qpxZ{0`iCQ
zoCx)<RF5k}Dk;cO<R^XdN=$UnyL^zz+v<l5dcfBzdBPQZHj=ccOs4gR3vt%USZ-Ix
zPQ?}5qvw&U%)+47^<Jk6!)nG&v2K=mAI1KD)(`EJ^P}I3ysq0_^k9;-q7`G_U!r<E
ziD7p|Z(cU|c{ieicY}6t8jfkbEi!uH95?e59==CZB!UVEu~Tex!f2YMCwV<hBqIx1
z#nr{uA`vgoEnBzUa!gFf7uMy4j<-3ck$XDwG7XW~yO7g%?3B%x6-$J4q^&em7=OEa
zurM*FSjgMjpoC5%qC+b{j{D+;<%*)`p=<_g1MD7i;x9)Hy;<lXMw>zGFc(^jQMSy{
zSC8G*sNP_=ZD5^u5tAAZOnCJBF*(|}vgwac6ytmdz*X~9@rxMkFWZ!Y+|Hgh_u*N&
z7|uOf3-+?-#;U*9?#ZfYvpaa)$TVu1-<+MyCsHBC4D$p)OwM=F^G0m##Vv46iDCLe
z;b35+Ab*#hOWEHYWGV2H+i~`<n1Rn1r?9wu>s)SI{oI}kiCOI{alI=TfEiC%<JT-S
znVq23Y>)sHL`yW49v)c0?jrxPL%7*naVo2QIn%<ROu9G^6n3QsXBb2$6*#owlz!N!
zGWYOqkZ(tb9RRux=q0R=l{q?<r_wvk@CqedJ6gD1pPQUA;(Dv81G(6@ONDurch(7Z
z<VCF1Gwm#E(DaeZJ^LJ%m~K+^frZwVG8$fn(?V#E?ji*ElCOFi3F4R*r<yrx>f^Y*
zoU+AJay%StEET$_%cB$G2#2w9o924j)$IAiiA`|fwx+8z!O@GDvFU?(5RlS0GcPlO
zM6-`iY~Cz;JHw_;6Zl}b`kiFo%lbF8UH{rIY!`vk84ZEX1Q3mBL1YC9ZIlZ(CFm5x
zXc9Uqqa<Ydp#5mUfP0k@<cm{=lR29*40vc6+-Yo#fro~%XiQRB%%&7Lb8L!1>NBN_
z9K|{C*kB>fP=sV-8i^VBgk=o$1cdH!DE9L{$_%tp{vIPyXny+ZZ5QI0yXfgJd}OgS
zA@(jE9Jja0I?T`f7RDNVTj=4E-Oc$ZU>be7QtZs`lR9D$z@cOw^%U|0`^+A-a03s9
zs9Wh!v%}!1#L=^pEE5fYs*K`+kqr70qT@@8)u0))OJ7<Bhw=B^Pb}!Pr^prSN2CZ1
zNRvuuf@$&i3!&bY2ZGgJ<BPi)>mR2Cp1ewPp>eBJubU)5EV=4)zMcnsHIU*yH8!hE
ziF6HYoT^8K+wV{`V&wRcN0(@ikT-Ha(%M~(Z`Q-pp2SuK7-Z60(}s?ri<@_qrZR3e
zo3@n3F;vPI=d3=UX$ZSxcYtyQb!&6FU0mmoiPd5wrbqfrJ^ET_MnRxZa@|*>)a<ZM
z!8Z{{ZKS1miXmwP%~7&T)!0_e{wW~N`2Y+ux65;U#^p`O)9^NqPr4EY>{&M!bcNH-
z8vwXgHF}9{8Iaq;fm#YQsn{LUdTnH_gR}G-Z3+oH<Kt(Uaz!0Hw&IP^Q<cT>t+3mj
z)hpWFZc>g~l$=3dK<M?!m!l+^6FVM&nJmX2&e_E#Qw78U<`L?+XTUc#iAZry8{zoC
z$)LTQh)T20N3Efs&}c7d7<{^T1@c@{<RVVGd1Jsiaj!jTsq&aiC3G|{w$_o&_G%D$
z$m94-&yr1;=W`!>_d?g3D{%?#Z94Wx^;lVZ><;FTynz=rat?bnxIJPY8qy`zedz#<
z6LE8bTTa%^W?Z;c>&dld>u4&Ll;o`z&fz5oJm$5=gSxU7BV{q)QMwH|yC-SIqqD)s
z8@R@8U!mx@j;h~emxr*Iqrp4lmJ)i;mR~})Dq?7^il$Md#=CTmwba75S_W`Yr?@<;
zK7|(@Xv?_eQy=h`+Zf-@upDozoN13*3;k{Dc^1lzZseqs?iss|hMGO<g(_H6`50a1
z(hO^*4P#>lRx;mQJQ~ku+4mTw2n$oi;zXCP&gM6>T`#Y@?*p^1tYa@(uV1DZ-*5A!
ze?LuTeN4K%4Af4|r@7EC?f>!nFAmhT*D_tA$54LU_NyPhIMCQa>igG@0*CnGKp*mC
zzj~}M4g^V|_HQ$#FAnsQGJ?KZ_pd7E6XBN!de7DJo?zz_GPO_k{p{nXsn?H}|6@+_
zU1k`@8e8Bu{0JZTGiUt8xd9OSSD)a^B)>Y)pP9sGC;7#JK44v5#`;w=`{F?Ff_o7p
ze7m-6UXu3XCA#I~rTq-2@zbPU6S+9`M}YABJmvj9m;XAs_8r9~(9oQlvN=cb_59N~
zpMH8B6GOi|CLl+^oi5sUqe0I8BWckWM*THozT!(>c#l4v&zC-b9P=yZ{*GZ0=9jj^
zJ!*&YTsB|5KwrEtKWA_G(xhI$|9qei_@SSZy1Z`urQfd))n~|pS0KdC03BZ%<Ky?A
z&*&o#3KDTc4m_w?6u*Vi`MCQ}A3jB8{PLdL9vwiCxzWe1Ue<s|m;L{Jh++WK2g%2#
z$*<9iJ$*nA^RF2BH`VdcV7-5G-Wu~Y694j4mB1eMlU~02?)7@T`|cM{<3|8W*WSn1
zDgGM%v0pRQBu?wU#o51Y6MuI4Z;bi1v;VcH5B4mE+adl`b6@-XXHNeESnMs!`88Ab
z(RzHv$_@FsypO|s(Br50op)w09v{Q!hU(*(IQz$6J{j-tsn3Ub89YBPUpf7cV}50x
zFUtfNxApx*-?fu^Pe=FJ!9GHVzT@RR+^X*(pReGppUlb^#(GUX{RBaJH|u|?v0i!B
z-e0tj6Z_g&AABt^R`2|W7`kfzOP^zT>%f&P$FGm@(?$8(ynZ&;7qs;2#`=T>`m5*m
zI@;If)y4Pw)DGEiagIM5>kC)!bynYf_5S*N=l7@iHKl#+9N!x23%C5c$^C7|`h5J4
zx9Oi9>jkCq%CPv8R=)h{70dT-i!ZMmKWD`I@__FpZ!_k7_ilC{R>%*j;-AojA3T*$
z_~?E@`TgOKf5Dm2->3d14ZQIG{ht5-l6L;GzW)>VSHFxy7X^yZc@81ug2gC;Wi#dl
z5|D5yNs$<xC25=!bezWwT0m}$OEWshv$#lrhbCuP7K5sj9Pk4K0lBu9WIhG;Y6PB=
z1eO#W4f*|)<_H$ySQg^Y7?f8g6u}{o`G-_!OlN>T_%w&cL50f?81X&IKxU8n^>OGp
z(2<jg%rz7=8%_ub@U2U?xFs8OaC;UZQ)^JxteQpu0W<TO@tp16$Cev8MqW;{nJT@r
zPTu_lwSm+|OIsc#FX-9b^*E&w_QuvOk;goO_(@N5DQq)cjK{8#kP2~4_w3znt|mc1
z^@@tu-UtTLg<@WwwG#1E8Ylk}UbfLmf^uG07e#`}*|HM!T~dmWB8k|YileJNG@@Ca
zH`i0$4dS!jU$D?~@~tx77w4Xmx9xdv=DNFK*7&sA!a2Mu6~FTuZyJVZ7!gxNC*H!8
zvv=Coqg)aE>K2J2HdFREVJaO&<U`cg0U#Nf>9JLl@|9`;zXVxECk)%IO}MH?bUGm_
zc@>ylpW9XA-1JT0qr}j<m-1?J70)b96!BPL4)vBVCT1aLU=GN9!yvU;;!as-PV>Q1
zv$Hu#?d;r|@M!_A<mhFU+&&eVA|cSLUN4t2L{%<0m`lf))p)xtym}rCyqVK#3XR<n
zKp3vJ>`U1!b`QVW;EQ@>1}h&`{O-%O5>-jr_&RQiOd;n%-Vod<D_yeiR5T-eb(T8Y
z?Ro2d9WM_w;pReDX>$;cGP!!U-R6)8DaLE9Cq>dh@q5gej_zzeRw>){>8(kk{bRBB
z2WFx;T?+v=U=mq<PK1US&Yq>HX1<7VwmbEGd=|*eKU=r+N*fM#Xm)3J2@6qw&QSh)
zthiVUxWFJNDb~2c!it+*LuoEk=~ZWE-lHeQ^12>l8&jP!O-?CptAs+GYr_^&Ylsf_
zh3Q^ueb+V1p2cD_kO&dC=x~4n{i{#=i)dIpOP@zN1!k6X+mwq8h!7Gtf!*Xh#f0Kx
zsO2u#KAg`KPK)La()?S?D|Z61o?U*3CkNZ2`B*`1=_!i0%eu!AY=H3j13QM2>|C~%
zHXb^{yP;QtSo?|Xf~OmAC0UXmN>Y`~W3U8AdbUF0dkU$V>2DT?{uB4jFKkx^#ww@L
zynuu|Q^ZM}VDKM6jA$-PX^Kp_IAt;lB`B1_NHV9`Eaei6L0JyW5>3Wb3Pp2q%&-j3
z0T<bey+Uy`McJ5(vm$0Q97h2TfN*He0Cp*VskBQABn3DCi4g_P5I@H*aX*mM_Y{ev
zB=PHQ*Y#P~62K{zoj#qiOqI_M-k7hQJQG9j7@N3(q|nAe2y(c@qOi@?-Z`*Kk&C<X
zFg@1`${cwIV+BGjY=<f@MQ~1RBx-MpIA)1RbtqJ#SW*K;mJcso8SkRr9&>yiqVv%}
zZxj;x@{w~Q&4qjwn|3kJ>>;U#4)rmbPZA=PtS45OxTg7DO$64o?^@2C`QugN)g6Q5
zNj(vFDyVOe+YqCg_2h)m=&K>qck)!^Lol_TZ)K`}*`z>%Kpu%LJ#SdHx=&9#mss(c
zSBRiCI({~$Az1?B!YLU50pcy0mc3XE3wFtGzDMf7b^?B>(BO(g>nG}(r;CM2_?4q9
zc*VVGS87+R$KBq>H|Cb3(<d=;czzoE!@->#6ORwIca;+lCmKn?UDtaUj^voKqF~v|
zqW48Xt862ca|$Kz#1*N-<RmnzdX*9{l;+!!*BA9b+CqDFxCg^m-L%6P#pRHZm}G7X
zHQ_VBBKE594r*gR+Adk8=UhcoCJv(4-7TTxjAQM{f)22o6GMhJ5L?9Uw3+r(TYK$2
z-u2s~P`Mls^c)b(+&&kqT2cnrqn%z}PS0yha+_kaO3LH1RZ4Rd2V30)BmpELh-Qd2
z(;t#M()5lZBkk?_7#=&T9fbaPrM6|J*i6yd1jZe7LAV&AV^}`NS7cT0#&FU~CdQ0>
zMz~^N7w@DLr?>+`7`Epyz{Iqybae=N(_B=-o+w#4XBmdsd!XHb3RV0}+6F24S?<RX
zgp&QsW^&_acQ>1LgFNzGx!A~QIWbP9*nLv*P+*)+EOzmBSJCPzyxm^dy$6UM)bFG=
z1M-xu@@No!)9~j@V&-SM?B{*Lge7;i3O5LF3b;tZeY?>0d84;mp-1nx7T1csxhwl=
z@=xdIf+y<ZyfqJ_QF=S!@|1^?(v$hXZgwbE*<~&wZ2Hu#b<X;OLf6<CuY%vucKzWO
zwu_|b980K}p%|8?GA=`DlE?ux35-kxma<e#P>|X$NQxy`z&N2Slb|V<fS(2eaIRv2
zHxV2~axoPb6jl^C3*?AkwhFWWWMz>RfG#LF1Ssz?@VjCZiQzd#0Oy%;SOP~P@=yIP
z_6LglfgryJ&;UjMEpV4|sLuTPN-KQ8T^18{v71HgmxF(8<*g5<rPTMz!P^T@w8)W@
z?kTRZIZ$PyP6~CUH7FG!HA%g&#;^!`gl^gRpfDqSTGvt89b>52=j!9IUG(#k5>KFe
zare50Bw4;0aK)ksSg#F#-?Zh0Y|{JoB3}-qTzH$6+xQj3bA__iePfG}8lPV>*$OPU
z!<2nlY@f79RyoS;=Zl4vx6IKK+;sUFFcZK{(-sji?mg#P3ndrWvF+hE*L}L_rGvz`
z(>$?rx?fulNd#a6${@G<kf!K1d9`&pa5+!-Xch@*r%0NIHQp8K$Qff(2UV;Mt^kxJ
zdqlc&Q3H;k=tXHzPqzMOQSli{qvMA;wl*jpF8le+CYF953_~#oymq)<>_%B_`g4}K
zyDd_e?Y&3NK0O>$Gc?!yhD06G*SKD<opB!<F<b&UJCLN}6$={V)#g#6A=Of%s?9~b
z^-1*!ZhOdj$g{US)2kpyc+=zr%JY@QlQ&%~i5%Yh7@sC_7oi7KcY*^}YPoUW?!$$^
z#mD(EJ+T`Bi?1duy+7YC{pr4!;u$YwFX@j=Irm{nrP@}(o_AhOu#M*F1>Ci_mOoMt
zusx&7HN&9zxPGJct<w7!W+V@rQ)xxgQ@jyp08XH+B+=X~RF3sXg(y@<iDQofLAU2X
zIBXR_$0)&+(l1;%z<5(9x?vucX}1%$-WsOTeBY6&T_zX}+)WqB;DD<nWFGv{H{2)D
z+xfUd5B%xjUC>?_H#jMkz@S!4b0#Ah^~`l2zZU8}M?IcE0N!vAo*Z^em=gDm$4u(d
zHa$03HkjI?0LaQ<(@;Ov!>(nQ$xMyGRW4z-AF|d`rLG{|^S-QURE}cH?J#E_W&P>Y
zE9|6;Pq{MbedW}azh^^FiLkRyRV>FM_gmC0rA0=3))hXy&X8)=#Xu+55U1jP02euV
z{C3!-_wWDz>^=VfpZ#UM@BTj9pK0Jv?7#W45UIz%{_DSfEdZctl*-Wp)*zHhDUzmu
zLV^I`7$9A9mS!*t-uGcup<)j3uizjTD3fJ09+M29`zbb$X%=TGlEGnd%0L2CyRd8#
z0QzTenoh7H25>ES;s}~C;6wxIF9Lys1Yrq4wc&u4Pr1)Pv=9KGejthONm%*t_dYa+
z#xxGwA_-I!01g+&5EjD;BuhvpCqSBW<fGgAJHfqVr3+XvfHeZgAa;taG|IJDZ-UXj
zJgV&Ma(79>H=FyTvP}OD+$ugjBayPVipvyxyx}f(XA2LlQBcnk?|AqeCpHL%4L-((
zK%ei&;Z~pYWLn5G{}k;<?i>1^V|=CCj*hA-G1>WzsaH`6uiOYH&|QyjRt-lE`x#!#
zfp0E`m_!%|Zi}S@cAmtknVbz&Pwa;?KpMG2yB=lCgtvG?D1)ow$Suy{rO1ZpVIy_^
zY(MSVdEkI!hZ+UIVV-%q+AzQZlUCatT+gOZ8SH^y#SAM--Pzbwm~xNUv8Y&d)^fHt
z5ha~Q&<_`KhpT^M@eU&bA!$%#L6+GE=9+X-O_KDFYUtqngrnCb)i;xFVEtfkXs3xD
zIt$c#Lw^&|zSYEI)^#^ln&ZQAaT`B5gj2u)2WFjb*ypAVW)*lcA8KUJy8!qjZ4bTM
z`ve&C<lC_q?c4zB&fWaXybZajm#_tHo)*qZUQ~HUuJ<#nQ>0&<X6KZdyV30znj3<^
z7#=OfY<9p@IWe?@U8M6l^6un8IUyWU)wFGR=iBLgyVY`wpo&!n9*WQsPVw2g>>Ef2
zTrRk$7CvzIn0oDpfU8h>jzhJi<E0QgEqV`}O}v-wyi<G5XA<rG#Pje0UVv;MEV{%@
z+^+MG8n>(R2qw(Iu8&8B<wiLh0~Qm_cqngV11u%`VlwEdskgWBUZq74-PP%$xXK7G
zpikEE#62+2@jP})kHsZiwS77~H^G(&_jpO;bko<Fh@SMyY4)ig6Sup(T!}_dndC0C
zd4t#1uvb`S=ITv85ko-Ida|sdzlD`qtb7t&WIN5+>Wp57a8lG9AIrfT4^m01sBj;9
zf|+-2dtpx1sImnOWidKg2#HxO{cLd~ytCa?;W!C;QSJdNQJs-=*GR|Wk?P39JdP$5
zS0t#iOT&cnyN;c&S@1W%=Gjfs0${F0j3f*RzG{x42n(QmB<D~tCKv@~r1%r}Z~VfC
zjwuL0f<IdT9e5GP37}dTz{G+Bj3(4eXcBA&gfSV6WJnG|mT5`=1!4|}T8sq}NfM7a
zykOw%pJQJBCkpVf!Bd7W!5@dO3xLWJupyG?D9nq?G6Y<04grUp&Eb#*UVP?5zcXC~
z3Z{zz2mROEE-62@4|sa66Ot9Tj*tvx4l*d#kg9nNHeM#p=7P*hJO{f?dt|p0kF>Nz
zCzo|-#r;HU4R^PJhlQ%E+pTFhLpquE&bzH}vK2>ZJ!^Tutz}l0weK{S@aL<-UB<;E
zYj5)QV7c<cId0Zy%dN|Ttb{w-l06CJ+O~td59tct&PQ5NrmiMuMc?T|V1%3sp_06f
z1d8^mkqIo`T7X)qY4)9fA?}$xUmY3n+Nis~g?A{vx;uju-Z}q%Z^=Eb3iWou_Pyhi
zH{e+FfK62aF4gJW8(bf*5ieh20eM7rZZZgZI*{|$a4fnrx56yN0&tJYnBB7T3Izt4
zI7ikYS41I|gBinE1?n3T%pPW-r%RjdybXIN$?#4R(8Jxj9fc;BAFMuZ#&9Hk+QZ3q
zP|Z6wwobDRcK!tu_E^EPqP>rEFFB!lDB1kD$OtVSQ|)2^R5q=RyOqJAH~?J=N5Q{O
z-Rkq4g<!c(Zs)+YE&h7kl*sBEGg53Rpu_Ywe!|DGt9RyLj<oDG1skpGkxgv*E{i)?
z&YJDMZ#Q;AS_hs+9>nv4--}CpHyJe+TOfLym~d<DRO7JSG*xw+fdPaT``7|3yJX$q
zr4X1oyX}L7mu!h=cRL!Us)>(^uWVb=sucpU!my(ecRC!si(ZH08~|r!F`MD&+@d6_
z_$To1Bl=Ts4$bW-%4t^$t-g~D?qCVqvz5sc6k8Di)&+Vu;i+pKRj#!+IPb)b%K^-r
ziTHF`niJ9(isF;#W9w$&(--%8ZT1^BI}E&Q4CQ9tB%9U)qRe&>tu-v>n%?n_KC_(y
zw3(MDLZT)D-v4lo{adzchB?B0;?m8xs*<EpGD-;iY(|Mtj9qjQP9og(z*E>~JtrHF
z7s}sbGT|ZVKSmnZNl)_Dw0L-^Gl`1g`DTox8FP_*x;%#z$L@G@Le(^sb2M&$L)-P&
zzqDN`_)9E9ao{%rWS_z?j>6KE%%G|ZfcylR5I7LmavWHpEF<t7UhfI0cEV$*L`<lR
zpg~qZnE;cbSdlUi2L&TaXW&%P5UvE1$EInH;|Ku`8$xCnfk5_#hChKR5n3-odIf@;
zKh-XQ?ZSV+neTBLqqq;YE5|Y5k7Wx4JTw>sEG5|GEJk7qDhn7mYC)ur0ar}{>!(t2
z@ah8egCn)H#I7q0K3U~br2-3BOnYkOwao)F@gQr;;kap8WU$)%Ru6YvWdU!p-dzSa
zZ8sygSxlGORngp>Lc%B~TZmby-d)g>yulpZEzA98bJ^Kwj9=*cRlfl)TWHDRa#^rb
zBwVWz*d5ylo%RP?vrRVSgZm=3!V^C>1^7zw1eH8c7e-u-xIGOR58fjho#f%pb0(<)
znJW*q09th)i+UEDT<eO`<Os~?5rrx5+%#Pyrg=o}6L^u$Lv$Bi8O42*;)CXXqiQkg
z1m7S`LOpJiS`4lzcj9{o@!K=3rRe^CK0D||-}9Bz8yguc{^n_LXSdor@(x~A;Rz`{
zvnLmXbwotI1V%fydJ4gN@8B6#xTB1$g4Ms5c4wPiy8%VjQ=}(hXYU#2N=wipBZZ(C
z#5b)KIfut_TL4FJJ~w?9hwS4vc)D;{j|y`pPC>?-<GgbgAo>HUZF1d0MJ3`r!&Zq2
zdOs)6__k^^khpikP8SfYhw4X}^7wk`1I0m}@yMPo7fviM!I8H!O@$bPF!B)lr*@Mv
z>FG>G{niFn^gYBDMdnx`9MtJb)66iW+#Q_#7z{3%ov@aE@ame`!QGd}nm%FvC~t*(
z4t?t$uHjp}p2P<Lu3TvOawjAnCj}bc+D;$3R(`s!&#qKCQ!eh}kY11BkwkdAF`G7;
zANL*e>~%-HE9lXr#O4OIkY=c?K%VIcTtHE@)JE#@ISkvhhY(5FJcToBa|*S8O2XOo
z$MJj&;z2YVdUW7H3s#ud(Y3Kol|^_qQQ-Bqm@ScwvSG%==9K1iGN#_4N7kUGL&T<W
zZ?BsIS(s1<wGQZdn{y)C9V{9WI_NX*q29%vp!T)iGjj#8a^muIxX`#!)jhq75?Aui
z6}U;UVw87w5!N2O3ORd*#_{QhyXl=~<n9zSt(58YZ-@VX|Nj5a|IRnNzyH7f-GBbG
z_sQS?{0q~-pSXYL7c0?AEf`epQyEmrqL4$QQX0xvi7cmRoZuk54CVe5i{*d<01p@k
zU!BPyFc3q~AjvZ*OCu;)n{sfoq3Dc>Q;aDn0)-Iu3p)TrvEvvA;|cHV&}%0~;H^GK
zVvNENpa_ToGeBh-2l=v3S0bGL0la8};h@0z*L%@+y2!L(LB;eAC<)}eY<PKl$+F$;
zHc;mvWAMYO>K>M)ciUBJsaUP&IB--Yu;arL{X@kK+rikmZXo+~V6OOshw7cR*h0aT
z*6v*yJUpK7a2M#M5iZ^v`$50t_uz4jRrK<lPn`=S+9Ve&bmULUV7CX{arTNUv*G!H
z&ey3GPITC;5JJ3k{a6LX=!GVCylfC9ZfPE6H48K7lc98F=F3q8#I&n*xn@qdw!0B$
zZFH8GZq<A_-90=CjW2RypxbLr@Uv2dVgy<9we1>PGLUI6Q+FXncKp3+xr?Q2=Q}z>
zaTvQGm&*yfakSu#A{V?Q8VCZBIX}Avx}$;<MtIe8yK+Xs9YRTTuk1N2_OjM)#X|Ig
ztbGV`;oMNKSu2UccEEgm1LD?>r|T03X{qUS3RFassD4^?sKP(#`-E4prH7Upmq&bp
zOlRiiTAM*2{Rm}y`#Uv{&%5f(ZCG|<S)ZzXb7I)(I?^L_bJ%;*Nk3=1h|`elN%-5Q
zA2*6j65T$n=j)M<Pm|^tTMA$Y@|vwSW%66I%1ZM*ZJxOZ>)r_h`6cxHV3QJ3OHR@(
zRd0`Yz0;MQ=c32wNmZ`aQ1MVQJX=XcTrUpoYEV#m_T7=vxOj<iAku{>dwmO)-7sXg
zeZn=E78CVG%hFWJ9id6xL!Zf#J!lV<yI!`BE)h97V3`~r_{a$z;=b0&UCun+As)IT
zkG$_x{bpD;<>GUq+`IX<LpLYU9@y=54N}`Dh)8zoY`<ufo#RI6Q`I$ovN~=B)y7cA
zc~r%g%#XNw-R|%6*|ks%Ydeo3HWVX6+ygkuM@WdZgRw_2F)}Ayyaw@^Deh^2n)r>_
zxyS~twN*1nX6_{@%G_l${?e2rKRt~J1<qmVA#T${EXSEV-z2tv5alj=@`@>@22&G@
zhz1ai6HQJ*<)F_=o*tnXo4t3xr5F8g|H5{q?*froOlAxewh~PCLJ5!)4CKoa4(M@T
zyk&URXCd>Cl92XdUOeU$i=ov4yrV-EEf6RGk1(V)xeT0euxU^!%g`~MLw!FNL+^>K
z0CwOQNr7PiUPUq-5CCAsAf5pD0(i;KIqq}Yg#lkL`#npN9}xh*CIT{CcYZh>>J)k*
z;8n>};8+}lUT4T<-j_^{b+y?7!!<A5&QRWbU-6^s>vb>RUGhHMc-mD&d}}n^Ks^%A
zZw}MeP3c`d?E_x3YFFAG#;Z7SC9U5=$%?j?0=dAVi3xLV9K)C@1$Uw#NEQ|t<)u>*
zH}Y<p&K8zL^*yS0F|%g-GZj0|+DCG3Dm!+EfeE|XMsZ9=4nJiAV}^+nGvb*yS$DHP
z(3L_#?Qb_eT381rUqOOQwH1LDM9D%#XtuH*tlLteDwI`{d(K@qyPVzDy0v|<_Otc5
z7T;0Ftd4@4N{8ok%OBK(@;IIBmEY`p4H{%zE!QbqV7eGMOJwK<crS@HR4H9zo%ZIA
z<n!KNX<%JG3&-9RPYZfI0xJhtHBO5AL{#W~IP1!Om(&|`pE8dpHaUu)D*GX|Fb*E-
z9P`e8Qn{2^8uftR5ZhkO=!l9Nrd})=isZM-69P@clqWzDvP{!<-?~GZ(D8Xa#5Qq1
za}e{~6*q8ASr57t%}y=RhkWu*GB-WOjkar?IPP;VL~C{7pG}@?;!q;fwW7eCZvan*
z;g-GI4Ibk-WqITHeW^d6<1rMFd+u%>w=g^DCZ_Urvn)GoSAmh@^i6qT`mu)W`nk;z
zL0if@f&lQ%L?6m2JS_M=pf<zRM5v^14*SD4J~g71cG|-k639Y5@f~g<n&{)!bvzRb
zaveoZS(#ib=g?Fa0M|(sb$j5>S?P3<7`)y`uIFrI4k@+72Ua;^m7n=>NFb4~p=M%B
zEPk1eQbr-rv_+%LtbW8Ov3Z>33CI<u3-mD{A;J4#!=mAZHp$d`TVu_-LpP(<oU{^Y
z+x8|MpQPX2QwS5@6DyV_gQYrdBb@csmQHefL-j<IA%ffNBMXD4<gmY-b{W67h3oS=
zW;gP@2?miU=t3@9@XdiQNGVV*Ny>iT-+6maxGz0Irr$0C!2DY;woCpj@d8Q6gn)!d
z!UB}2pn<1{W-%Hp4pk7qU_vDjb<7BYV2GRsq5w7p9819f8xFLwBMUMEtCm6ll)@RD
zC{n2X=W^fzDe^Rd=89nEfNUuPoB)Cs97HcO2&l42oC5;@05lnb%ZZ;OFTr-<`1b_K
ze&8<oHI~bp4=GWeRlA#@X=7fTGm|QeU25V|ft1M!-vzP`eFHZ6y-~Z-x+dnN5ZIDj
zuK4W<pv=qD+W|;Ofre2$HW3QPtbRIepkvl;RH3_vp&nKnW9Y5bSc;ZLerP*3vbk-f
zym>S+ZksiMLXN#O4_y-M;FVSNshLJ+2!_viEuQYe8YCibO?UTs!Itf0@k)4AM{nI$
zlQ;6#_PlZYB(thi^%Wkmf)4UphYUxB+*0Rgimw$hpK{Tpk7TABmwMLg!=N$DiLlR7
z<O>3Q?*l)25GZd6nh^mW2$J+(;OO{3wfUAn;>)?VvaI&%?G{-Kw$n^t`Y|i>0v5)*
z-49i(&-r#G4dmJO8@Zik)O#MO@hI;T3tos-pVtJFU>I#9S+?KVr<6NW*@J;-M(c=A
zT5i(=u4xe$wfBQQA{l)q%G2a+F#g253g9jT`G}`pNt|zko|ZyaxvS;RZDu^K`g7q<
z3L8IMK~1G+{#<T{r8aLeImLP8Z+Z?OM(g7VWJV{uzG!?%Z}z8Wmo+<oh!YlwIb;vQ
zFtJ9}NJY&K4<_Qc$Drp=Rb#*`g^s4gb%;C$rf_Uplf7p?8<J;3K4Wuh)h0$F!Tq`R
z3wS>_9aHZ&JB}bI9L+&;Khw`_Mv_3(2VHZoTMmd0LZWoNwM?v9yPva~z>y|V?@CGM
ztv|<3jjv~LgB{p&x8eJGnIHWlk@kadnyjORb6XbLmk^JVc&ZT}l)~-+A@liYs01Fc
zlx38ge2)s`ct57<OF^s?J%#c~MbcKOWvQhO_nIvpI5FLzWy($6)Gub;e0FSRL1brJ
zOD?$n_mjSngRLs*VD*PHkO>hGIp5%1KzmykVlZKOm$XOWOwc66xw+eoR<kWm(xK3W
zY+}gX|Hs~&152-`=Y2y;Bt=prC0o`)Ez~ZTt1!a8OqBuvjUA2d#@0Xw>cZaG8bD)5
z>OeJt9XNO3$PS!4aOS{~6DN)wICt*Ak>A6`T<(<WW7X)RS)Qpo_trhPzk_pn`Qu%l
z=l7s8{Qjia>`S*0-Z=M9?3L1!IEqZHaZLG^$6Kr1nAo9VhWqL}mB<eEb^E!UT))u&
z|0Qej|2;qMPr1MQg9@79U_A!Xe~|2xFj0o4{;Mud7+B`R>YmH#7|L9b;=?^CO$g}!
z^OyqVJ_DsN#YA})=ODF(ufg;H#=$hkf`pbxaA<fk(BGyw2mCk^?obH02B3nDQWk;l
z$RRKv02OT#ad8HTIe)VIr^ufW#E)U`#}R+1q5YQo&<qV&`!Zz*HF9OxkhUAt7=0Hi
zJsxdz-n~@1o>y&r7$G^H`^V$;=r&9PIYPp_7xak$eI~LPO9t%QQW=#>_7Qf*Gq_va
z)8N^ruLqzI*&7W4MqYsf7~x~iNW0qEKx|c}rdrvQFkEcQ<X}Ug@8)A+vvgt~;wRH`
zg^_caZW72mJWvfj>Q=@1m9C?KxGR=l-mV(mEVMfM=rudrZ<*z_lLl#wK5BV)o$Gf1
z$27pU!cUpqlkcH@=lOJF>>$8OODh%SiE}{TLJd&t<FK{+=+@zSEPBpw2|Im=5nxo8
zkF75oegLH>H1e*4J@k~Kt;1c_O7kZPY>$sC9?+>xLF!qEaI$SvjCs5B9Q_{IhUx90
zHfbxZ#X`(L+Y6O)PR+75bMNc6XRY2N_^XHA57x=2AuCQ`*4Nj!?yiD2zKQzjGWd1C
zP2lLfA+!=$jZ$f}(p-No`ks8k<X(<esYSaljT+E@M5|Vgv}!L{mDac%lpEtRb<hId
z@v)l)s<N(F?m%Q5U;T|y%qYFdabZrmYP4|WykFOMz=>p7M4ca)d6qZzErWEgyuRN$
z)e495d59*yu29SlX=NELx^)3Qo;L(qzQlHw;1+5!4*IoDx;JzqFXQB=y_}EC$CBn*
zZX#O7taq2B=<qQp#zqCIa`LAL;e~HnF65?V*Qa9@_;}=3T$3O5)4EOA@mxv{cbKFm
zc>0n>?39O*ynENn(QFiCK0u)6^0@d`8GA_m2}e<b1@@f{lD#Qfi=yZEu&POE+A#BI
zwh_kEDbZ5+EiPsSzmaM*RVbZK*;G&uZW}PJ^^!I&`PG+T*zP4S-prViIbWjaV!(5K
z9y=#ujTjWV9I{BLNuKz+dng4`i}nsT@{W@U|G2zjk-gabKBrFto9g>(0s*AApISSp
z=HY2Ui^^(IY1005GtWP_`_NChzw?8$D+QeqOe|>{C~;8^GXI1H(-8%QGpO_lm_afb
zlQO`|!k~*!fc6J)o|q<Kycwe~HwQ`<tg}!CKBiO#$^bft!k7ZADT*a9_@ur7e-Ow9
zNjq#rfp;n4fT6`vECPR)BS;V^q1m62E>Xl!Q0~VtwghPEw@)qw=%`!Uu*!@aCXgH!
z7M!0~X%CC}$!sFEHE8;Y5(jx?EWt0qgIA@tCDE4kC>XSPTCEvNfQxumkDrq>Eb8lp
zUW(7^yxfQVK&FD+P_(QG8yPMnB+BUtZrxTSm~Dk-S-lyudY><5%+|G_B5AS86r&24
zn|NnkhJ1yWMC@&On4y8v(F<XMMa3nsp=GL@th*+zNMmXq2Z3FY)B6PYk6nE$8WPnv
z@s=q)s7Fe@Bd%=)ZX9N=*>y=0Q-AT)>0@P*e@?-dbcGZ)fy<a9`G^E=d8(%)V#2a>
zYQHM>+K0%U(H9xNA0WK9^K%IUo@oHl`YZ>qvu`ho#NSRhCO*SkY85ZV>*MxTd>*QU
zYPUTRL???c#SlvL_{^@)Jb=y~a(ZDHNnBnZ-=Z2Z%L5tlF3m8L??~@fno@Y8^FnD&
z9y1W7R8?b75LPPWw~$YW84f!%3XG#(#*&xusA}D2iPzcfN(=CMDJ`&ON7dYXwY!Fm
z!XC2uE@ptdN{*ASXw;)LOn$BdGAz;cI3L*OAa_RgUs4X0pzXA;^|8rR`Z;h&R~+s)
zbJ3f8Qb>SuQi`1jmutZ&dLX<XkPe4kyPgqD(~Pu7_+;kb5n*rPBK0ofpgc^ltsA%A
zA+jvo;P-$#MSl;X$ZB-$Ha(Z{#cJq1!xDY|Xa~`i^0jzV-Sk)vTbD9;CMCNe(xF7J
zzDDxbMu3}V5Wn-Gr{m<oiwOYH#D>KJqZx2}L3~Jky!psDCjux6&%UYhr&bAZI85f^
zGn2Kq5^GqWKA%8^P-4rnI;YFkVc28r+NS1Bb-kHN-d~o6CpHio={}EFE++LpT?M<l
zGHG#Lcm-5Kj|OZ5FOUMD%MEtbV531)UQ&m)3QCtmed&cFYZuRFV>R=*T!=BO)Tcf|
ztTFv&{fuJ5qnaV0a(FO?dAf2skN5S@@$CBBKRCPMIEMoU8gdH8j2Ib#t`crf(8cFT
z1UalMcqB<2j;{Qx7|Q_F7jYasK99k|1P=#&5(UQ$2BSf+U*Hi%Lp4UkF%AYx8vX!?
z2S5kFP!xi4G}K*y0Y+FBDlh`0zGeqxLjBpg3$`v4{$m=-u0PuUe@opJDSTv};f@7a
zx4}|hrk80dS4QRhHSNqIB0-Rc6tfPHT2!I<>_MGSy2tzgEl<*IbY(&m&}@0%m;&FW
z^EJNH3&0}B<N0Bc839j;WHPtA2UGp4)--~j2}(fLC(gz{uY-V~Sog|iDwa_b3u&T(
z-w?^+Z6|m~=12f|$4;VcoEz;^EU<`ZHv&B)*}6)AIjsxiz(Y&AnS&=t=(8Fbx$A+M
zInGW1Mo}CBs+qnMB*Ju;=w0j&U5r<*>m<Xc($|(P(fMKrLL_T}eHv0mx+lZpK-Ce2
z4V{+{9aneqm96=y;f7baQ(rPI*2O+FXrX-m`s^xw>#du64qCEn)HIYAQXoXK?V~|p
zo>C2=yRXS>1ClzQs;F-QMS?ZR&2`Skl?R{TWQjt{%-)repgo6dThJFyzG0uHKC2U>
z9b`+75;B+$2nz;#=Du5N>!N%@8CE0U&+^h<ZYUPC(Ps#fa~n<&=b35t9lebCd=)l}
z-XP3ymy=)|0u2H79m1Tn`a!?5)K<0}#6EYIUN%Tn_4zockO$RL+6x?puxuctiq$!p
zB>BCs-Wo*a-CHQQGv*Q?i;N%*x~5Q8o*bA<zCM~`@8oB3^QXX-Q1P6+TQcESx}<2M
zJq1M&X&0B_=<o#8)dN$t!DnHSFG}Mspyu6wLzx)X5IId6(+b+hSITw%98Xs~=g9+!
zE+E*wX-Xmm!z}^NV-q<?P+W0z*mWJI7i@SjqaD4Npm@FOr%THUwX*m#oxiU#UA0Ll
zdMRlHS@7x+!Z@?5r_3OZ%o?ok?yhDR#HNK29z$+)oobMHT;Rnmx&)rGG6h<M`D<(d
z9jpMHc2IT5Y}Sj9$@fT!h<R?f7ItCtRJkt2CpYy|7y8`Usw+#Xnu579P`$6TA!gl_
zcH!N>#wQP23@8wb)$6$@_(TpI1I-m#3<LjjJG*|-|Nna$>c3?F>8IS^|G|AI%0LVj
zgX|x~vJ9|i!6XK4I}83-SbKq>j3g2u{YNk$0E=y!0<u3Paxkrd!!`z1DVyaK1XP1$
zmw^#AaA_e2AO>13$jne81?>Q=!4iz1V(9v5NUOxN4B>FF)Fv?8{(=jDz3q=TXxKl-
zsGm?E|L1-Tf&q;DLme6eo;VI9dk7AyHK@a5_--)7MlvGFVT7JgIV6pLKAhnXAJ#Ea
z=g=>4Tbdk;KYFtjZmkhQDfu~Uw^{uK7JC_0fz0<s;@4njnn?(5r}a77!gc`e03_Yg
z8cujTJXdn>?$ms_Y`J2Z$N@GcqX@4<)q1A4lsAdSPP?S41&j_~QU@X8&+XwIkt_CE
zdMn<L^?b*nkvHu*t%ce3EsIcBOb#p%M(j*2orn9wzicFLxNX`O*yGyhV88w>Ou2Y@
z>0j}u1SS1klsWsgv9@nPh#aCPo_U{;x;xW`NWr5W)-E?40&>^VT%`+wzFSIBjdh_+
zYF0c>wO&sLGJy?snZb^gUv%0HVW2z9$7Ymk^yJ(Cs`4s=l;}$$Ki;y10zX%I7#fdj
zjujOw-yG8@5>%Ca_FjOE)UK9{ii5>n-U~lDMfGK7%_1vIQakmH7cH9_oGP!XMq<TJ
zaffNG6|s-9VEf#~wo3Qh8HINPLylzc$9no&lYApGlh(@qM7lI1wQ%RH3hIn;*p0bX
zwAvn@rgiSK_9jk`{UHWLEYD7_y)3uTcW|Q8S4fPlTnOULEOm*JHwI$>2f*dC&s|=A
z>Tzu@!U)-VaxmSNu9=3{mlRfa6K*aaMebHjKz%kfttbSU<tJb;HEuqHajQdyH^aC5
zszBAqJK9w$#{-e{r__KMTw-as(<@w6-+Vg^FUmztZ$jc?jpjT;pp1K$ZMD`DSh=3$
z2`0)<^|3&oF>_-8PsuBS*Kw9)Wl1clO@=d8^_u;>U-F_uasGp~r#olo`0eD}GnXSG
zYjDE#kwh;$Q=EZc?k8G0_2nMfP|{#neFj*6DBIb+o3TKu(tD@L3q4?beJ%FMIs#Sj
zx}wx$TTX7*?BKyW+EVMKVQ^!-e3ISrQbl6VFndv8$%>pf^@!fL>uh_c7#u@$7SCRh
zpk3Fa<Gq2c`;tFv|E3r#j1$_x^(cdZ(ZRp@rqAv->HmNC2WJ<^lp@gU=Q*s0pcqcT
z;tv*Ah6bGy2UP4Y6Mi0Lu=9e77i0k7VFIfVuuE_nifjUYG7j=dA}~G0D2+u>WdqBE
z1Lr{uwKtgq73IrU%cL=a{r<Vb<uU00!KT20Tndy+5F_v>^#A|w*@ga?CTJjd|3Ux%
zEx&&um~0VEW3vr=wQ_1#vqG|!;4f9LW`s14QaRh3zvBMo)^CJ+5lg3BFXoM<C0$WD
z2j{M-z8!CE!Xk{-Sn<)2&!*RFha0%H4ykzS#U}&XU_5+$)|>IP-e7gyKsD+2XV9>e
z%D_U`2`yq~Q4fFW?b`hKoJh}ufk>By3MjCgyy>cweJdUuR|++8aPUMpg|NZ@gtt<3
z^u-a7WI;boH+VPlt@(M$`?D}zee;b%0elqa$2M!m6b;xCLaT5?;&}lkN;CxvL%KX_
zh1X<oprr`V%+eG_O4FF~KuPwQaaG_7XKM{7>rc3)0Q8=PPj=^kEy6al09735{06+>
zW5-pu3OA}LIhFbFKF+4Y8|2-eOGf#GckI6K)MwmJT8ymBt2nX;@|2l&sZ{?NrWEi>
z2rT?$@a|&lccmidP)7GC9D2xIshF2UAgI8BgEs84KE@jg6tgGs{A?V{8N3h8HA<8W
z7sa)6ux)^cp2E%n96qJDD)T%o$F20KTkkoqPZc>U>&B&REcE@AU5iC9&O)Kj2$Z0f
zk7DL{iFN*RBQ+7C5+b09Wb>!l@H;nL?{Go}v4PxXQn2q$?!!RqGmB^P<qgY3Fg>V*
z_N_TL&Tis0|2dC+>f_?8J3EMODjxlnfWnq6ZKs#&UC|D0zj8ypmRY)$&=W^S8XO)o
ziCzDS!l{PedFo4fc&Qb%KTo3&juVo+q^l8v@h^9()^b+Zoyrig(ZegQPCR&m-Cm9k
zLNL!~@DC1dGb?8&MxH|BR;4}>J@6h0)C=#lMo~Vbhl~4%2cQaAq%=Krhr%#jguA{x
z+`a>)NMg2nLAxG-xhmpvAT2f`T1ZJtaPPSWJ8fE+yOe`SfS4AitJ~z>G-|2{aQ3?h
zHsV_ITD~?a-rh{gRdQ5>REkAvgfmDY<T7E$gyr5<A!RiGb3D8L-Ve?$91bstOJX2q
zgh*)yMEWe2V<3qHYY`2_R-R@tNCHrn&7i0vB7iS}DU-}&9QOM$j6K2jgmdt3D2R|~
z;)~kEfm0JGC^Xb&D7<y)jH5xcL}M9j|8X!d#Sudyz)S(#L4*Ua>5sWfzkha-+)pU-
z$FRTw^U}A^E}edVnRFJy?ltkp&~j{kMdh+Mxo)zJAZ6~+tmMbno=3HjUmP~zdLk@B
z>;gRevV}l;O*yI08tr{9S9?nMyoJw`HIXT$pS>B5iEn{4Wv)xD@jSh}+v_b(F5<02
zx!XB9dyMOh<ugn=$MKgulij&zsqTJ{sQ2?hU&Vna$KD%Y*IZLOk4{BkWRXysapPL>
z<TY(kPsPOYeToIC(_pU?ntgz=(nFFv)7Zm7r2VT6@4^usr?c|5ePxo+Iew(64(yef
zAM;>hc;p2J0>NFB^ptelRDD$Q-s<oZ<)7_MK0@K5liV)w+2AZ6ojH)9Vbeny&%jN<
zq^qygxYlD#k)iE4Pmzt`A9^*y6YVUGEq^pupyuM}h>C(uI?)$JvCUx#-T{YOEStlh
z5GB%;cn7|hOL}rr9%SznBn@~_tLuAw-aacVtzBF3%@lv5@^QI+Wlc=We15$YYr<|e
z=+T{Z(>L(p8xK<z#|O%7o!%^!qh*e;!v`ZIk+|Qjg7G3(pJ4&k?H^|uB;}E^2EyKF
zl08w|)3|eYaBnezpAxW=zKZIgG#^xl<S_jXFREv;=<TM_m~wNiFX)r%K;?StY)eHo
zjJ^xuIeQZ8B9H4+QN~Uy+-JusZ?znrccYiX>{V?;?$}+taAH<`g!2XafH>^_0hgM%
zKhR5PWldbC^anmFZT{FI9<iSE-j{)YNc!vYAm$I9H(+m4<t(@a0(CXGCwN;chQ>ZZ
zvJ{{Q3Rv9F`Q{^lf7FjjIlu~YLz>rOOv8HzDFHHJW|N+I@ZW}ccxqNNdYcXx<c(=Z
z>@8Gmy2$xezj(6AZCm15W$N)EWS_8{w^)qBXsA@<>A7rl-ZR}(2GAA#{j7y8$qPdr
z0r#QJDRTH_w=^nVIev_f>{1WYO9TTTVV>X6{-`F-e%|7xAvZ3*`sZ!@IrsnDm;e9Y
z{?hiBtl|Aj{Nw&K`A2{1p209bf;tF_UC715h!o90!i9p-6-L20K|tjSqF(|qSjm_0
zkRx;G$RPylOF%|JEsAjfmw}xa3-^()&K^v&G_>w%1`lIX4(=E<P_R-o;XsQ<AsLjz
zpw!Pe1il$4_2C8t-8-Fg;KTo;T|L}0=%1j(PcZbyFmk7fKV-&yOT8;=QXD)m?)02@
z*!vu4J=c+NJ+SdDtplYxDsmhM87?}gvArGQ&O9*$-pks4t|Ez8Vs>b16fC0RfDau=
z9&s;<89=fi*6eQYXVmpRXE4tYx1e4sC7y;0<~hO8Gr0fh0hYquaqe{Kd=l&Y?EV5x
z*4x_O+Iw|H^7i})f+<(0K$ukVq8jYpDO;#f!O4Fob3j6X5zF(S^#r$MRwFAk+wTu8
zR7ci<P0YzWWS{mtm*y=f_IQ5?5=lM#Cv(?GssIka{5G+Pwv#Z5Y!k63?V-Pi5C2Ys
z7?D8rHv_M$RRn!iH)pvH@@ZZoH}kKD{b?T8VWoQlJE`NKds|`o#)D31O=|<C#H#vz
zYSA2Q<Hm4jFRCnbAx*vfD@vU&LBfpXx;&?5`*a9w%olG!PuFEoOuGZC#p$H*0ZgP>
zQMN(}$J|sjll7*s^m1*)4a60?(V;xxlTggy?TUHiuh4)=KgRm78|>N>RPBTWgN$Gi
zT5D)*gG&v@*atf4(Bx!bTE1Q_cCZK?w5yJy(x2Vl5|f<`>k6;)6<B#Mvpp!`rY{G1
z9Boi7P!84~{ieH+(&Yp^ojihm7dQw(&@HT`EKqZu_)qTQAkt8x_w!;yRuD0i8NAg2
z?8A`HC(<y;S&i)20>p|F;r*<y{Op493;G;6#DF&xD(?n*@^{c_%}JFo4L${s!uNT0
zE4*%3qdKj39?}GR`hHi=kEotXo%VFmmEXip&ae6ayW3m2<nC+Eu#$aPk6@3kmk!J!
z7psCQeQkE>)+KyHAp-2bMyY<c*_C?Rr|}B+<(XVmmnMUCFn0>Z^~80e^Ybd_WrMlb
zvwxmHga2Yo!WSMz)87VZq*C`53;BH%qfD)Puqos3w~Ft}YfW3{H9W6Rc7}Y#tDzt#
ze101Q-&dD{hd{4>a~?K=?Bhfp&>TjEvDnse`=)yLHBJ3b{`J3Zx+H2|fU5rqc;V5X
z`NeN?^(X)E2d5lhv0@V9MPnKynBWeAX(0~$0}u*jaCf8=3Mf|@(D@jafWRRLzxvY9
zl1#!;px@`fm=r}&_`>cBs$dL;mm~%?FI3P`0yk4SjW`UY;p9vZiU!aCxR+8S#vqp`
zhEtJ*^*@yWmE_N!awz^|4t8to9}-Ew<&=y03-bo^9@ZjiO%s7|(6a{?n}D1?$0GO2
zv#lVZRL<1%N8LO~+e9DA=NZ+rZP`@NoRNv!W~zzibGttqL}8;|I?K5)o~4?n=2UIv
z5!0$GL!L_W!x#^C!p@9@_9Xl4c~nmazbgpsa$~*FhgGwpp~Ph}kaK#9Un76veWp+z
z4&|6Vr26eCc6ye&0bYt)7n?@~guWomDYoY&=NeGHBDGL53axuD!EI3By1bJbkIp^<
zY?k|qDA@^2-EhF&pVQGTSI*Ge)bd9V&8kz;5*|!2X-eGhrZuw-4LCZqi0lQ;GzO%T
ziF%s^@N|cAvw*Z<-u1IaYRPe`d)S_7B3Vk+=9f#*9tUd>#m?V}bJ$4L9D~F|HzegL
z71hi31l)Vf7x66!@SH6Ldeiq@6ljj~oH?jCQ^Ko}0+;Wn5w2UETvp`)9Gmd+R16tZ
z0h#+mHC;<j8jx_-jI|-1G!b*<Q$MRyzfL2y0@CW(SG78cR*TwzT{t6v*MRle-6@)*
zA5=x<ha5dY&>_KN)ANHn_+kq~7CvijyVa*<P6jRHbL)xO=2fh~NS|Nr_byCf@M<qI
zR|IcBRjJjrBN^gpCs+|_n_UFjLLW-=SbQ!+=v6LP$Xb=u-cdQ~0@F{yB-DO0OyB7b
zNSrG2R62QJxn<SY2h0Z@Gu%07ic6h~T{!0uF|I683wVm;<!J1p3S<HANnxRqp0%KQ
zzl+6&yDU<bo68T4;n3}QaRD-83A^om$UwfF6Qu+T*cR=|;8}$gm)_@oAgq2rL5kM&
zKJisPRnHgGbPZ2ykI(bW6LNgkUz@w{MrH$$ReJHv7+bd<l+c28xlx=kAp-VD>!`Zd
z=o>-;&t*Lh>PBiqYhbYeWZ0|29<<*ZfqrgUli6veQ@c)AVeM?yPmkQk_XBN=oSv=<
zks0Y)KeiR<Z0KLaDaZYTKXuCe)^GjDqhc&#^8}O;EcfNCCoyRG0e=D-fSiMMJv93`
zbo*b~r8y3aKyWqT8OCK_<4gi$pi9R=>l6du1gK3+j)O#i#eu$*gW(Cxn!p1fGk}?3
z2<%xB<O_cK<>E&X7!xFM2ChsFVw?ZODF=I(-{=294M}o;j#`d7YNow7!R<PM9FDon
zujH`zq+tPAmcFOQGkkex>;ag+)v7M(edXd5?1?Lsp%S*%?`>Zq^-k1B$|m*|cIPn;
zfxk|j->3UTZHi=FeC>_Qxh`v8cTDl(arEj{cX#1fai|#+rs1VORgv{n?{;C!fe`~U
zhXR^TGl`o!=!Yaxc>H!?03m*0ru5`76ML|uHCkZ?Z#E?wJvz{4XD!5AlVsa$^oMw+
zH8Z$7ay6eu2yWU!T~4)DDzUb^)YmBgko;EVReZr-k`z7+?{zEdbTU&w^zb%dFo%d4
zm@pcYd86VJq<4O<<=g5Ql|hPV&+j?Jy)kN^_B>237|gru9#=}c3ryCW?+fo9xkr8@
zxdRHFTk`Na{I&-64r#)m(ZHvNQ-M&X?W&n2>lW7U3-bg5;~buDy3P@mQ%kl!iZf&_
zUrr#qZ`}2Y@zqVh%kf-Z9!RFa)bp{S0%_@WWEx-^Q?tgT%f5rDoOH2_ehseZ%d;R^
zm}c!wkdb$Dpu`#1gqNx$FHrboy#R|5FOv`SzK~##T|cMdwoZtMzczZNj+VU#%FE<d
z6O#Ir;k|VSD_S6^xKM_2ZuXlg8#yd}1i>1s^9M)e(a$5DO3sAuCX{kM7x@Vt*xEC6
z*t9DiK4j<{ZluAs$cLsGl99-ti^!LaK{p`qX)k3%?+_45SvLXuaJuEv*$D^VrrC0b
z<I(S@qvrb>`jgCfgcOC*5i)s*4Wpri^xWp_I1j*0_8O>!&(Su58ee~v4lN(6^A_g3
zkDfRTN-A{PBYO01CoFFy4urxN;#lC0>w`QXs#(6|z+-g;cM_Nm71?<?BOmn|%5Eir
zo@Jkb#&Lp#N#uo!S3JEC5lDHgUKRqvsDl$4Rz3Et5C7@kJbME_8bHW7YI{#P#(}8|
zIUUA2NQbsg_~o%lVqVPJexuMud9VNGn@+iJsnGsl|8M>1H-Gn6$zQVm5;xTUpZL*#
zn*5VLbtm}h>d6Ge^bkx9+AkLTU~ovYAoYTV9QF@bjKl67Al9(QN|PJ}uK?obK%x(1
zF&MdnvkPD^6g-B6xd54iN}qu3Jph?=$gc)B7>twiDB-?LW-$WoJ#_U6SZ!D+co7=K
z0LdRSNu2(%|NalUdip0g3zJ|NC;U0;-2<EXEGj#$O7nei!D&M$mXBY~?Nc0>5$g^b
z`2Zk*H7Ti&dFNBRm{J#RNgCbE<ZtaPSOya$k-VMoFDt?uxdQQxFFbWM#@zt?YUd^w
zntoxUJT`I@H(L^^u&bKS4xqiLQFyV*=F1*x4Kg!GP|cP#O5p6vKW6n)Ct}Bajwx_e
z4}l#r2QE+7R<qgW?of#o=w_!YlEEn2+D<BsDj}2$xxy0aex{i*Apol{BUgE0gJ?W%
z@pzOU5b={_>*Lw!Y$-akxvKAFUy;(6F3Yy_sg;lYV_SZbv{Yz~foj>{rc(Rau{FRL
zS)YkH>TIF<szQw=d-o#jq<o>@ia07q=t6mLOA$C9yi&!NH{wd+YC|AIKlg&vFiID?
z^Z*m^2!ALROTzC7DrO<eACq_HAdNnj7IFTh9)SXSNhZZie(705zi30abXOI2TzCzH
zvFdd?Ner>CuUUwm3l8n%HQ6gOR_%WE_(_?=(c&NSM8d6LXer1VPS__c1ME6U9ls#^
z2c75DO~)UPCP{{uAXGY<?N7{Gg{6AD?wd<C)g=rrC&&aC%iF!&_nUs<rpEv#vNB!}
ziVa%Xq5{q4wU_Ww##WvLynEWrz*UPxA)2G!3&905-*US79t;+4D^$4W2P<tBxper;
zkKPRRQDBw5!}IgdvwKNW#;avRgpN+&p(XF>nuuxw_s|`HJEx77c`pLFniy6cS+&Bo
z%K0Z7fZU^puI<S*nfMYP)5M_N3G|poL8Hg2@T}7ei9xsC>r(ag+yMvAy}=l}u|m*V
zdrcI*b648*fCh{%eqBwja`ipiN{e>|!vXB^fv%8Y&hJJqu62cr1uAXP>9QnD2tbIu
zKIc|5ZRHhEZAkSLyyp`rNWp1Sa+ut_IS1%l<P{KBnYlwZcplI1N0X;jPWq1JD{nu)
zB>fXnN&PRTtN+J8IOP}?|2nc@Q5A!(6)IIYh_bKX5R5<>XuRPBOXD00Q&@%pWHbg)
zKO~0496`Z8A86Pt8FMIx!f6P@&lI2|X#xc==w_j`1Ab`=4+rZki-T<=O21fD!0H2a
zKaxROHXw513>c+<vfhQ+CH)f&`!Pm?@rnNSUA>J3^@^1a--4g>7QT|)UhF<~YI-nU
zasXr#^5w>7;NBD7a%X|Z^%QY0Rsuxwp#&_R#2l@<!i-Y|i_#2Y>_P6@2}#(s5Cfs^
zwBLB^I@s?mll60;h{|0)6b!j3FtE9OE|-Zxh(z2_aC#f-CJv@=T{@!aCdI(2w`IbN
zA^}S2P%@mX>u?00*ir=uw+0q=u_add*(<|q(+q6xAwrrK2{4$HDmnUva)bA@W01zk
z!PXw|MvY)mCG1+H{2X9OA*rPSUHc>S0fri_1uT~A^<EXjz6WJqveF4Zo1qG1K|-$j
z$89ihK{a7%U(CLgEWzZsiY{be>Opw>!=Xj0B=fX$OnS=KT9ggg>`sh&A+7Q(*g1rd
z8m|v_|43>}UZ;aH#}ss+K6y=vd!Sv{nJd%jlWq6d`$R`hD38qP-Rf#-Rnf-pA{1^f
zy0qDv1*ff5+8|P)N9#n9w^s6Ib=R+tXT+Z!zOJKvF&y+>h%fof1;Be1a7i~Mv$FfV
zrj`nk3MW)DMZP<@Hk`LmmGL(WmF|umE7RF_Rx(;v$d*WC)gdmZei}hmck@abneqd?
zxQTgJndiNx&U9cJ+ihwgcA!5~nRtKH82i-anf}DojLoz_$%<@EH^la`+P`!FytmHg
z?QHHwcs~O%whYWG*R3Fk1~t);gSeJURzl)3|4qCN07#5Rg9q?@dQJLb?Yv<x2ht`2
z52pP_ajot-0D;Ux&h{P?L~UV@d+H2(18mef#X*fUoAwR~<NVjgp<o#zAb9eb`({$I
z0MQqP<pBx|YUp+HFvb{PUVW@<#fz5=nKQu%91N0%bsi86@Ix*p*++R2_S(&-@))77
zxama~(E{Q?fxCzEG9j};4`7Xzq*5_U<?T!`p)$iFVJz!Sh}wM^Rg3X=v0Skl4AdIj
zdE($Bp3lItnVQm1zNy~*nPbYI`NeOkjDMQ^-VaVWfcJq^=nLJ)MZi4<2tNsj5|H>A
z5E+4$h#)vX`lC1`E5R-W=plgq!l8!4q0J|0EQKnNh$(>mgL@w&nFLHg88`}|Rga;V
z0~8=Il)&rHAyodgp@Bb+uo(%KO6d6UFQOmDf@a_k-IRZ{p~1-?Q(tO>Kcp#t%j^;f
zWzjRYm1ggLoNh8dn5fRX5DS3=fc|4qS|kjDIn+M4gSn^k>tV2(kHswI1vy%OGk{oM
z7BpaGox)Qj=t;e|>p)`t)e`iBg*Wcns^A0+8u5{U&0iB?zH8paN@S<oP;3kgGUsEs
zMhd#X%4d|5=4)$p&ZcDBtPNd&GMLxwxM_H^U+Clfk|T|d$d`4pcP;JG^JcVmskq>6
zn*>wqUl4Zyah*J{e@_CyUi|Q*9Qsb6&M@dA48Q~St*3W|qr9a?1?~B0F7*(1El3)Z
zo&cw(aaQg%r+4Q;f=yH>!%#5g&ssppGS^p5d4LZ9J}}dsOnN&ZcF4!)R;}P8jBo>f
zxUe+hx{r^#VJG=-a`{-pnrZd;AhLkDmmxo8k|e<Sm(a6o7c$MPfXhd<*?l6)9PkE|
zvR25wFJQgj#Iv95Qg{keFx|x<)ml2pp(k&ML*4~yy4RmVzK+rvmPg=g*?<CKcP#J}
z15CRav#;Fq(H6OYk`BPLV#n5~gk{o?rC@zNl}1yqGl)^RhL2RElNAJ8@m;!02CRvO
zH^eL4RhQXF?hfkP{neIX4vgq!HP_mt?)hC=>;XcAR0m}Ioh`x=#d?D=3R8N8A0>1L
z^Tm<-uu9=CebivyUE;;*_I!e#YBYwR%J2@0%Bk(#o-f`hc=$A<JJI)#z<~?oEQ3lv
zRe<Mvjnr2%faC8T_Ll{ZA3<Y?lKQ@Fpn|2#@on{w?Am28ZdJ}I-d$x^GO}|RF_R8p
zl+N+((hh3ob6n*)LtRdiwGVsu@)Pj{vV&D7i29IQt}>|X6`r1s{DeZJI#gT`PBp^o
z$00c$8=08?PO<$?Tuq-e2yK<h>Mlo*xJY#{k=#bvNNy4tAuUmNZBS1WxIK&D<m?T^
zcf^%wybu@?L9|n;e(imj;(-AVY`cJ>e;+}$^Wy9Agpb}|z$y2O{{QDWIQVJu&wp^w
zh(M-Fr7R3~0Y*h}Umkq$<1=vh#~`m~zrffmnZn-cOJEOGZ%k5247V2+!e7AQn}X>B
zs$@KYdqxaG>4<}tp9KI6Fs>*FmcbYx-T~SQnE4Ry2mL=CA#4g+e1MffAv6YsV*F1{
zf}!~*zeuncSYU}i<nMjUJ;SQs@BU)km+F*aVa2*c^0_1c6YG>U^-;pP6sPK5Wx7K|
z+R|K>kJs?S;_p}R(DVnufeEd1nkXr8fG;bYVjUO#5D)?c%>n4CML;HJ4t<t^+x_6l
ziH@c2k<HMgZebr_t=~7kr%OQ#+SzKlU(j=4U)=0`J3787J;OOG_;M?5M&T7Basz=T
zr{5B23O{M{X=A^k%vukLl|Y6Qq!qCqGHdwD0Y~A1DP*zU0z;P6ocjt2&{=)#=B~nC
zm(12rt34vx7QE!NJAfL%<B2Ge0b^X~-G8;9fgM}*Qzj#qOV-CHm}0^o5h@qtdNmNG
z+qZy;6hq&iS271dBQI%>fZ_PF&-nm+Wj?3^ypqnnTC_@B9@kglxUO8^Y~||lgAgPt
zvCKkO!$=V809lO&#Iq4QsnEJ2X18>B`73b++wD1@rl>-0m!}EdB~Vd41uJ25!$bY%
zo)Z-!Uq$2o0xq4HVZf6U;<k8`;mu6^OUuwf8NJCnzuTcLU8|`GAAA%NFtGH<Z9w0e
zQ48coOf{21!DsKZc7VY`Jl(Pel|`6pLbO*ox;3U?@GfRKRh+k%!umQds_|%R;k*GF
zLJHmTu8gQ@8<YHWyxD)dLToA@qR}oj<mTNkg?rN?a?H2a+|Vvi6f~vCjh%5a@f<1S
zLj;O}=&u=mzbE092icqa?Cv$rzN2V4OV!OAPWDk0AkddUGqr?cbT3oedg1DzXL8<q
zkqz?TL&6*_<`8%VuEY*DT&gRs;hlt*Cvy_W&XZ}Wt`Dj3%DZ+|mcV+9a)`<wM-w7k
z%I+;8++gEt#iML*?F)v%s$d=TnYup?z7fGWNE>Cu+SZtl5a{Ah<7F5*QnNIW=Rsy*
zifY+)(R)=B(k!HfkD=#>hCw6@>b{9-xJzbmHfAEU^)6Mj@F9b=$AuS~H?HKHo!_Wd
zlYasCjGrd|><6b@4op2LY9Smnjv-PH%K>4H!U@K(;Jt?}Gs9#+;A1%eTZ1YVPeH&$
zWDI~ra0r@D!05^VpARIiP$9=Cq<^4LIfIWCl(RVSNthH^R(V2$DJUY*7-B})7~vpZ
z3xNe2MP+cB(%@|RQ<X7>e$lRAD!}2~xA*^@c&s{X$&&~1x$kX;sCzI)arc(IkQhJm
zK&YbY_ZKj$oMoJ>Y(wO(PAZ!gWG#hn{;0=zeE5JLSsJ6bJ+}|-`P`ZbNDjOeYw`Qw
z-P(g{jFf*y5?+IKl=v8hwL<Zo8L%0~o|84gN8h}#O<tz$(P#TzSJR~3K^jdQ3<A#Z
zXUu+@%%I<H5=}z^c%);kCGm0ED8=`u8W9}jdUo0?$WnN&tqS4<<gDkdS_k4PiuVLq
zST761L@=xH1b7OF`I^5c5!A5&b7~@fGr?*4f+6ibZQAv6X~BC!xBjqc=3*tI4?_HP
zSzcMJWUq~vyW0$p3}I~_Y+l=LlomFw>k3gBExOqn6Ax9Y&O{ys&A7$)7df@U*XUYq
zKK2Y<v!1rRl}fD{So?)nia~mMC`4)K>vt4DLtwU>BXl1oc-m(9tUklB@Ok<U*<~VA
zPle_6OWPUWaF4gJM~oOvD!)rZ!A0UzsXiLUJa^`j5hso8-iJ2#N6y>>geObnEkuha
z%p#5(-F0}vNOetE0hClH>`vTV+P-j-FJWZYCL7>93w*r^-j&MyySq}-87Ehrjh%it
zf%eIDm{B0$7#W|>Q_T_;fGP6&BVe|VYW>3XEhUnQZg8cjh0ox*i%?g?APiJP9q*!O
zeK!fctj^MXiRR{cSvoBoueCQ=)r8Xy74kDRYEOTA6r^@>q?0yL;!NM3_3}JJL@DV3
zmoa|XA4JG5jhCWk=z<`Gs#YGkRnA!qG5#3`Hq_bJ-K{>)wb7AOxqmhYi;s6FZ_W|F
z?&GP%O+M=7S7+<Dlf0$n{5VgK>JD@0ytCS~Qf^C+tyFx>%G;WQXK+T;MdsamOp4V7
zU$!Ah%NDe(6P6)DLJ^^UO@#TtP5~Ziw~BcZh|U4McXmXWf~-5wlqef(kJbW?fdugJ
zCgEu*aMIM5zs+a#Gh6+i`NePR|NrR^PC15)BNhUWF)$o4Aj1UD5m=KV0`y9dr~=A<
z3Qr+$Gy_S0l4W0drLTZLl1)JQkAA`Y7|8Vljxr6lNLU0x1@|TMhlD=@cq0t(mT@Kq
zqX0OPU|9q-CG^YH&v8fw;Y~0-O~0&9fBKX|zrg;$BSitk^zEk{aAOV`S}o~vxeE+$
zKj$0(A~*0WLb}UwvDnk6zr$$bxfg8K!yHmgocxSgNe}TddD`3*PpNzMy<VJ^=%mx;
z6stXX%6`L7G6cA3n{VnvtN_>4@A*o9M5{@wy740Xbib30@Nv%|lSfGJ`RdRY3oM}}
z<x9ej-P@Br%ZD0lyCXVEt9TLYDwLdr3}tDYz@dbVH{m9Ti8rwPduO&JSp=GX>V6IJ
zxfy*lr!4sj%n|Ih=P@Ns(jJ9q=nO25{%(@U{S5g<oUD}Avv!u~07f$z7aY1PxbS`=
zo@&%siGcLI-d0>--%=YIu$A7h>Nx2az(|?P?Kq2j+O~YWw6QSrZJI2Idfr^_(&R+R
zFC8_za)Z5RejK%z=kC(lM_?f|X%Hc>jyT{#g7!7XEiE%BtH|)Z`)KdW3svabDsp3D
zza~%&;_$>q@Ch-24gb^xhj$j^tVwsUe|Rpk$>eK3&=GAChleL>SDOylah}{XZeUu|
zyqZ^i$d91c#w4M26t&*d=L&(MF>9HpWy=Xf82#tIsDY!Rg~ym~Dl{qd$ZPmXi%(WQ
z(z#%@Ue`qi>e`P<5*CCxqOueu0g)RBO}IvKEannxhm5m445`UTgz|OWJk60($O^rV
z+fMl}Xdi;*I6d9li&XVdDu%0&?PrFXQefj%g|WWJ#0+}<?yy>2<jLC{ic1abM0$S{
z`AFjRD5oc(?@9N;fgZ>{h4afrLEShMd5i1-7j#HobT(?^C-<(|DkLDTIu>pYP(cv;
zv`PE1p7l#XcEZ)m4JvrlRacVbM=MCysy(IMr8lDGftuzuBnAn0;tfG2`A$6Y`yj(N
zm!sECQ>WWKdf$7P?vT6rvH=0xrPUB?C|BQNeXcLMAo2>lN8+>QpWn9$_r#eA&nzM5
z9tQEXSsM_aAhYCt)$X{X@>--Ev7r40)N;S^8~@pl{^l?LyC41f|M2UlzxKcWwSW6-
z|L3o5zxFG?`d|I(@BPYu|0~>I{h$A;^H=_lztaBl|NYDV?w9}8Fa0;a^y44>kH7O@
z{?6b3?f>q#so(mae(Unr|M$OM{^tMnoB#Q5{*B-Gui+bg@BjVM|Kk19x3sR`@|bVA
zCH&LRuXx_~z2ran{+Im6-~W=o_x&&VkG}sU|Kaz)<UjcSm;C$R|B}D^2bcU7p3%2F
z=39<}zxVww`FFqnCI8O%zvSQk{+IkuzW*iv*7v{UfBgL~`5%4%Oa9I8f62e`{V(}D
z-~W=o{i7fK%Kzs5(zj&BeamCM<&6EUKlm-b<=cJBW4`5*fBpMk@;AT#C4b}lU-H+#
z|0Vz0_rK(?eg8}T>i56ouYCVY{?+e)$-nabFZs*ESAY5I-*T9J%VWOf!21p8+5h&h
z{@#y%=fC)!-~H|X_P5DD?*D(--~Z8!;Cr|EzqsBno`GLH1HX6%e(?-^_h;Y_?t$Mj
zKmC@+e9H~#KmGof{8!)qlK=AiU-Dmk|4aV!Ke*(#)GFWdm~VOe{Gw<4GXd^DuP62w
zJ>!3%C-xUT<A0zh_7^?lf1oG!``<|Z+4sNX|4(+kztI2xJZtKoCjaUOnz4)_Fq|bQ
zpy~qxmS6w@lfgeh(FM#ZNVJCJ7s#|`A^^OAS)a&&=L&EamLzCMcKQAADjf2yGMdIS
zJO?UFOam4mC*Us(2(JuC%RovC;Z;b?FdRYx+!_IRECXPe^eZR}j0f-s|412&|2~1A
z0T|4W!IcJ4fZwhetAaI5E=uJx5Iq!NPY#i`T2PF9BRdQ*Q9N$bdM-Ff7ralwo`7>E
zkL$gYKeBN9ytESz;m+^sI`ZCjY~0l%<OwJRKI?{YyfTa=Y);?g=lOK2+Rh$MxCHd`
zm|uAY=+iF`<mx!`dZ45uUtD3-k{M&olM`WDDT5OToZ%>YFO27;-TCaLn8MWBN5b8u
zMtj&RgylXbT3c)c!i{j}VI^&ymKBxz4YyxH7bLg9o`r~`&!?8aFZs3(fHe`)sYttw
zw*|LQ9PZ(Y&d%D7FaW7ksn^rz%HLhkAKiwV2HGfvKy%hUsorT^)x{a<b6>h=31sn=
zb(*Gbcz<}SkW4TaT;!O^f_~Z=CD8;r2l^nc7Z2c*K}r`x((DRUl}ln##nU=GO_$DL
z4aB_j{pk|-oi6HEdl%fRa_(rdNs7XA<<fD}e%mEruF&l)N!_$v>L`WiUHeY(=QAGL
zMh%hDyMo>X4RJwYY3cUsyk=+f5eq@<+zkJ1S3r$eiNe0jKp6^|&S5wT@O=RT$bneT
z_kG~BiVv^sm6R|`dwQ|Y2$09<VXr)D9g)T-y%N=_Jmx5@?EP~I@&n+0<dDQKuzh{r
zd>uWGXW7qW>K5!3R|=<PTpX1D3Ttvh+6SnEDNI?`*;)70mkDlz_DZTKc4~m#Sh?t@
zZhA(!cnc@UOnLI$=NxCQf34F^>g^mbm?m<P2c#~I_)<-R8yulA^JsICmR-xhkhkIk
zi~98wliE=inrx4O>^nnlaC!`@Lp|c>+8KU#D79H~XCyPO{?m#lO6aCwbI&=1&0t)?
z1V`(+iSn5v?$V}9uX`b>(h#&k70!yM9$><vSh`(3R+c_PJ6`8r+$=#kFP$720PIVO
zv(sg54!=gSUX^rziO<gsbZRs@W)8PKx|F9d;IN~62eG%1wjM+v!F(0hV>26_`ZkL7
z&lJJ_%rAaRkM+~!U;glv%TWx_Q~=uti7G=w95qcOSw!Mk4rdx1LJ1Dczc0f-WQ_t6
zg@Zi51dVAdVQ~=1k}*L2fQ$u%Qc(5hDapoJ8Zq1#1OODTK(wZTdV)eEcuc|HNbpP{
zTo%y?mgK-V0ZJf5n*5nlj`|5k{Fve>9Q$)PWBc3I<n-AaC6R-a%Zqa@j<5whYRrKN
z+qL1vdfB71xNpDp2EU3=E1_Pi)j;=@jHSW4T{OfK>9cFx6~%2HK!x(?yUn(>nNx;j
zRl)s3KyY439E5~ycdmfs$KrOJQlAFb=^N0UiPM~(Xp}3LQ|I!CT3yIc*58od%zHAN
zC4(LK1;$I9;ZTOn_?RFuuTR7s597_N#iM<(3zoUv6{v&Tq(ZcDro8Y0ex8%hDp~2b
zr<s2_@l8r2>BWr23@nTfU=d$AY5+0h?tCJuy;|AL`rLt8Lx+Z~+(xnjkg*U|I@Mh;
z=X#?}8}2*+QOX|fVCd4OxHmA>=$Gx1)5CoN?&ag!-gV8{G8MwGJ4N72qn;4tI-kyu
z+lRgrCtLhr$SzhL3n1qZAfc2G_6iDpnWEv0$dZs7c~1~jF?lJ^%0vro|0em^MY4lF
zKxhaT_0V@vc_FZ!+$E?Ie22UmsTtpN*~I08vF!E4F#zMZJbmi~xY+k;-%;r!)*(5~
z+12~(`W|j4jXLO>-!(n>?2mn3&)V%tC*FfSyDM^`(<_&qMS+}kJeB~DFPgWsRE$G!
z%lj*+^hQRqbEZ5nY`kZ89!a0$1>4kCx$<ydki;>5fgS9_rb#~u(|eO$`c-thX+ccN
z=#!`IIwhZx8}YYpbI}<<As8zv%S>)F?&{iSKvnL!`s?S$KGLZsvyEDs1tL79$8qKg
zD-G!Wxw^v5*G|)LZXP^glfXoy4~z%Yl`^L{#agCTC=kGI9xXWM?q;iN*`hpIWtuB`
zj+)2*nenG9dr8mtb!H@=EjWjWD<X~D;g7zdw*iRo4Y<5a+fSc8;QfxW3<>kva&{K!
zeL|UVPFfOV9dd38+Tz=Z_No{NvFAvP*?DCQhCYrj8U5zdx_%Kp4=F)5et*-7iZPpt
zO(weIko(d_J3Du#9|A=CFF+al)8t?L;FQB7uo{7nGlDo|_<s)Ce4sdSNg81QTVf$w
zfXPS*K?1CD4vr`kh5V5(`V$ml+*gW8!bKb;^f6EdqJRj1qK^aC4p2=|l%*iPFNaJ3
z@QEe}9Ci#){Rr?oK`t`_#6QR#!!a&F|M-;qeg8j+{{&@!%)(1b|2e#z_~p&jd>3$0
z|9S(|?+GqtN(Q%3Tk^%3D+%4Ko>u9jH_|@sw19ZtRZfI1(1`O5b9*m@=pjiIpQ%<e
zH);^v*ZWi8EyPHkv_T($I~hp#+jix#fL%Tdp)>=Z!Z~3Un})Jhp=1K<ysXh2Ho0Bf
z!^!cI-t;#G?*_ODzS%?UY34og^?7FEWkCkRN)?Ds8pm8fNg6RoL@rV8=<(@;^2=i+
zi`#>gbVzs+&JYOXM>h!JX-cUc*Z8vB=%-IPRczv%+&j!>6<n@RgKBo1I@1sHB%&Pm
z=w9og2p4XXAhjtBmdq)!lg6AT^}M%?mKXJxad&)kr+FB2@6^EuQ0F;mdlQUeDb)I`
zt05hw0TP5P@!HXdJ5HQeg!UW1(Dl_w*lRx0>W9LYxiqi#qEl!^qMc211F<jg6mAeH
zOmH5W3hf226Pg#`nAm*3d2jej`{H=i{Fcjm6ZZ^RM<e8^kf&V;UU#yFlvn31pRaQW
z)sF?FeN@aR+5LoquTI(%slHx_v4jAHrz8gM0h)h3vyaVEp2yYvTwERwUa%|S3*_KQ
zDY&83aoRQrU9`+MmeW$dgR``fu~5fb0X>KoGGhJXi4f7#hd`{<ZZBPqU(d^Yu5_o$
z2SE<s_80%?VrS&&eFkz?S&J=bu+w2Aqv6*F9+%mZpHeD631IA}SEYoT(lI<`zvPGW
z@#5STHPd5MLmX@r^%=)c*dZ>06J*o8U!=z8WMPBMK%S)zL=hu=fLKQezyZSA5xXGf
zziJrCnW<V8&?u=kZoIlFDV0b5xTJx#R;q&lue`>r8c5iCR)-LN?4Imfb?`__^UJf>
zZ^v5|$>e!x!jp7-a$ha}$v;eSQZ_RAphwk{=BX6Ns%)t0=HKlnz-7hu|7q{sdRw{5
zFub#mIR|Jtl{4kg8>5*uGizq3P~~Id#Ia+?P8{D@bMz_kA&%|XcU<xh5T#UG2%-KL
zL_t+mA;f>-S<V%r67<4BLaz2jwUh0c?_1wGz02!)`#ry~s5r&T_-b(x&*aU#of+Ls
zI~idv&RJ+=j#8SRmG=eah~$4q_50jq+von}f3ud`-uURrn;YpTFaEIGd%3fb-m{<Y
zy&P@5yW<{MyDy&o@#){6|84Wr{b&1~&B5+pw_iO=KAmiQw0*Pndi#?X@4foP-Upjo
z`yU^?zw_bC&z_H;%%1$?>A|bt|HnNwPmMQLy)*vl!&6qgGW|*P{FkR2tDYHt{4BX4
zHdf6N_|Y<!Ro~@(`&p9KU-ezOA1-5AHGT016g{!5n11&ChgeojANt<%DXVs&`0k7M
zRNr4Q1^zqBSXND8{`Skyh-K9to8MZ-vT8THx0X*?wQtooA8O3CbrTATg7Ya9s0Q*>
z8DZ=Ae#QV$al+!(KT1Kw>KCk_h<(eKK1*p>*|_rgaTu^zwpfPadLl8klE?|djzokK
z8j5dhz25ls24pTam7bK+@G({~tiXY(4Yv(h6jT@M@(A`2Cfw+&0;SZ)bikLU)LdV)
zaY6|sgh7nEq7a4w9~0wQfIz1~+%|xx$ggj1(fX@)`u^H7V{sg6*b=IU0g!p9AiSn+
zgpnl$FM|^+eywa1a7cq1#-(%14js%ANG(c=2~ZJz*^Nw_+sBB_fzH)sGGOAp$2P>U
zzPk0ASOO_L(+=?nASbqgI*s#VWZ05tx+d3?Jv1IWV6PH_5!WG>Ipk99h*-_hf+2_-
zVK^oTGiVRof5t%;r!v?OmZt7WzqyP>>bN~9R|g*gs=)F=V2P%KcZ@C7V0feeHOFJt
z0AV9h#ht(vQEbN%0qV-#oad{{)E4vzXlc6TyO7r080Rzr7$<mR`4oH}XjJ5N-X*Y=
zLz*VIKP_lDiiexmhVT`WA;67IU@u{SS|^IgfzkuKLZ>bP^jbdqJ07{D^x7056`^Qs
zy7rZaO2)N9DE*0_5s4N;qJZumMnOmkV>B6i?ARp9(-pcG(z}au2@S)hP@#XQN&&nF
zgZJ2VH9sN^#Oi6p21dh=zr1~;Mi?tbJj2BjPYXcmaUgI85>6OHi}ypJa)F_|p<dXx
z4G=*ASH+ReaFC+NJsdBQ&NwhINfG~=en+2i0>dVcfo7XudT1AnKdBdqvj)(40Ch2R
z4M6pd&?9O|hus-@G!hAML(s&S+TqBmDn??l;2_7L<$?SV0sWYt=!#dzNrlI;g_OR2
zu=C-QKM@PBi$PIrqLzCeSqN>%(__qzs9@ms^l>+!P^l<a<vpP9c~KnOI;9su2XZ+F
zu^lexsy_x>GC=t1FGG|^$KGGY0#roD2+wkPnSfH%G5*j2jf5clXlH|S5)m%j7zfZ0
z_CCGCaDeDh;TXe$DWUyUb=!f4gb8n7qdLJc!6b3DNZ)&C{g}n2#J5llW|WkpeER$#
z@(BP2pfW%P=g-^IX=6kvlme+7N&)}7<dk3?sUWGU7zIZ|x&WZUpct48RAhK}?*m#N
zf0K~sN3jdB83#a*!qE9F_PSIuJ>T^}NL!Q=aVjeSL?#zjCAbxz{%(3mrXE-Vk|SJz
zQR<U%PYp0y!3R3_c9yYVp2DPTQOLGK31BjaIdtS}bYp2C(*h~5C_)7^FepVn-G*s^
zqoHZ>176tkG|d3{!eHbnXI0=+pn7=#P0P@|y?hECD!>E5uv{Zn%|;i%Rhs{?Kq*QY
z8otmB+S(N!l?MUKP;#*!A|AVxJeWg9V*%0HLR+D7DadHq?RZfr_Tkp@DQeha`mjx)
z2@(V&K&{w<nk|%RRuu4}AQ|!30?TN-nj07Z93{4vSia)0#Sr2!O)y|srYWUo@Jk^1
zX+K>LBgotF=0ocXFy5T)`JttzAu5`2ET&t*`X=oZ55u1fB8zx<<<MXl#(*2ITIL+0
z#=eWeKqqQtb7NW|T98G8z(r_uSov!IV>Q2o0K;5InlAhY5^UlD0crweoJVs|ggvgI
z(>|KX7(m8oSV4a$H6a}k^9YTip|O1-i33Azj3XEiO}6?nFkS8CG8Ri2PoOo~9uhr^
z07fsLnUy(~IR#f8s+j(QMo+^tyfI0_@3Ck|TkuI5?iGya8g++GWpRw@fuv*zfZISt
z2x-1}XcyhE@h<bQy8sNtC&v<`YCxmVBLYo=Lj!?MHEHlNn1txyRF>xZq2@6ByNuQx
z?!@#!2gYU$9w>tTLpOpP1OeE4e(=7U#hA-Y<r8EuqAD{XW^;}jsJDpY0+tb`F!jKq
zOqt~(<}F%1@)%l}U8(+<Im3cW<NzRI$Pj^KWYCn8hsqiw@3UnraEPREId*WU<B*O3
zbe(dh=fN#DCDTrX;1?-sry{yhSTM2Z|D4%!xU0r`>^ya7BCKW{Kp~_aIg!qy<~4}P
zPuWCATR`1IhI<X;Hj0*M!6Y}1jdd}n!@Le7Ee>xw=O#prK|50bC&09YG%W0qi4qf0
z0);oCYmq}g1Gr?k%o>zFHgM|u|8Hy#o*ew<z})}yetZAv-f#Eh?q7DhyU%xix8rVq
zvVF7tYU}mZyPKc#YwQ2k8CYjvoq=@*))`o5V4Z<4nt|oYY2{kR!&6pFq<nk%l;}}T
z7gl~!@(|0TXtFC;<(9Fme9s(m>a+6I`7)Hp+0HzU^!GTM*~gJ&A4m3o93ks*1ja{_
z{#FcJe>fy{QMZ-i3w$_6(nDgv4+M>mJvM5N5ql<Daey3vh~gSbP{P|opc~`jCS4ot
z0*yx~WezbfK&|o(Bx8gq#5N8qqIZ^kf8~dy>ihp2J8$9t_eH1j_3y7Uu+G3b1M3W|
zGqBFUIs@wrtTXWcl!0Fb@BG{M|5v@}$LciH4AaHiM973`d0N7?Y$Kt*+Q9Wr&ocO0
z$G_g?bbc<3pP5of?F)SWKa;I#_epslcMA3M<Li9Wy|hZ)nKR2tFP}U!uFI9VNa=C*
zs8(p!Dy_qCaF`5(>TOrAR1Twl7~Qw-@7<0}afUm|oYZUS8QxCaUam8U&JHj0we!ow
zFqKSaq-dm4hL>`WoykqBb~2mdtFkB#+>=}D!Y_o$<Yl7OA5~Ag?c-E8lN^QBL1n@>
zoQC(ow3u>Fb91Yc(5$nIyGizPWOUM2{@P89>_VfX*T<=wtXG>gw5$5Klyy7zvs%kB
z%Z;JcuAdeMxlS=v&yA-2UK=Yx4UY|bgq_>;x^OujwClmBG;L3kXTq9W^JFe@+3tC_
ziH3DM?Pbf8NKUS6jchZ0eU?9-7dl6MSC;B-v*DCW#?a1J&hHOX1?y^-tZ_%BYn>h9
zt(<7~8t1veaN=PrcsI|U74EQyDJ|Tp-aK@sr>)LiF;f!5MLwM^S?zQX>Zvf7o+VnP
zWdF$VWd<khv0Y0aaW%DCA9UP9YkqMupUs1M_lR@o(Wp7`ZjT#=KbmT_^F*%O&)ij7
z#q>=OO;f{KR82WiuXjZobaTfu?eyl#=r+b!+?kqramhE=Tc$SW%EWECoxHpC<S<d`
zmFi8Wk{i{kdL|WALa&zA&uNjgaebP)sLEQpY3jGhblYzn4u+k|uos+8s@0ZR72QsG
zk<V!3V0?FMPwpnx{KP2_aCs2o{`kzxI^wc&$>oocFyoS&bSB+lvR0`^MNt}_Sk3%V
z^=gu<U1$7gp_fJ5O!w=fp?jR;`$gqsY7(6|N2lH9#mTHV4jSfoI;qS4*<EWf?wyBO
zeQ=T|SGZ^<X5&ICt`*BQ+U9gtyw!89VLp8qjmB5qqiXZEKQk+*g~DyQqc0|R)xhZY
zWV<5L`AOW$x>!ic*62K*-D~xzpXr31Qg-4^Q^%ElF*Thm%%l0qO~MHdD=85sgvd5i
zlN=t=QMqK^T-(j_qTO-vzwUR;oAy*Lu7uYvHWpFGK^e%8N+;#gtd@_>lj*55KWe1g
d`Ep|19NiZ>V}D@{Z{4GL@Akf%{U6+N`X>h{jkN#(

literal 0
HcmV?d00001

diff --git a/examples/oidc-hydra/docker-compose.yaml b/examples/oidc-hydra/docker-compose.yaml
new file mode 100644
index 000000000..1b3c7adc2
--- /dev/null
+++ b/examples/oidc-hydra/docker-compose.yaml
@@ -0,0 +1,51 @@
+# copied from https://github.com/ory/hydra/blob/master/quickstart.yml
+###########################################################################
+#######             FOR DEMONSTRATION PURPOSES ONLY                 #######
+###########################################################################
+#                                                                         #
+# If you have not yet read the tutorial, do so now:                       #
+#  https://www.ory.sh/docs/hydra/5min-tutorial                            #
+#                                                                         #
+# This set up is only for demonstration purposes. The login               #
+# endpoint can only be used if you follow the steps in the tutorial.      #
+#                                                                         #
+###########################################################################
+version: "3.7"
+services:
+  hydra:
+    image: oryd/hydra:v2.2.0
+    ports:
+      - "4444:4444" # Public port
+      - "4445:4445" # Admin port
+      - "5555:5555" # Port for hydra token user
+    command: serve -c /etc/config/hydra/hydra.yml all --dev
+    volumes:
+      - ./hydra.yaml:/etc/config/hydra/hydra.yaml
+    environment:
+      - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
+    restart: unless-stopped
+    depends_on:
+      - hydra-migrate
+    networks:
+      - intranet
+  hydra-migrate:
+    image: oryd/hydra:v2.2.0
+    environment:
+      - DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
+    command: migrate -c /etc/config/hydra/hydra.yml sql -e --yes
+    volumes:
+      - ./hydra.yaml:/etc/config/hydra/hydra.yaml
+    restart: on-failure
+    networks:
+      - intranet
+  consent:
+    environment:
+      - HYDRA_ADMIN_URL=http://hydra:4445
+    image: oryd/hydra-login-consent-node:v2.2.0
+    ports:
+      - "3000:3000"
+    restart: unless-stopped
+    networks:
+      - intranet
+networks:
+  intranet:
diff --git a/examples/oidc-hydra/hydra.yaml b/examples/oidc-hydra/hydra.yaml
new file mode 100644
index 000000000..00cc65085
--- /dev/null
+++ b/examples/oidc-hydra/hydra.yaml
@@ -0,0 +1,41 @@
+serve:
+  cookies:
+    same_site_mode: Lax
+
+urls:
+  self:
+    issuer: http://127.0.0.1:4444
+  consent: http://127.0.0.1:3000/consent
+  login: http://127.0.0.1:3000/login
+  logout: http://127.0.0.1:3000/logout
+
+secrets:
+  system:
+    - youReallyNeedToChangeThis
+
+oidc:
+  subject_identifiers:
+    supported_types:
+      - pairwise
+      - public
+    pairwise:
+      salt: youReallyNeedToChangeThis
+
+strategies:
+  ## access_token ##
+  #
+  # Defines access token type. jwt is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens
+  #
+  # Default value: opaque
+  #
+  # One of:
+  # - opaque
+  # - jwt
+  #
+  # Set this value using environment variables on
+  # - Linux/macOS:
+  #    $ export STRATEGIES_ACCESS_TOKEN=<value>
+  # - Windows Command Line (CMD):
+  #    > set STRATEGIES_ACCESS_TOKEN=<value>
+  #
+  access_token: jwt
diff --git a/examples/samplejs.txt.ntdf b/examples/samplejs.txt.ntdf
new file mode 100644
index 0000000000000000000000000000000000000000..d9e19de9fb5da6708c476402fa56dcd88d631baa
GIT binary patch
literal 194
zcmV;z06qUqF-!mwY;R*>Y-n$DbUHXNI5013VRHZh0sv$&FiU2UYOK+oIE@0`S^<B>
zZ6Q|d>6F=nhLeMbQauc3)naZ@p4^XQooS%vjc6qg<7WGNJ4(}Xn;-hW41zoRK5DUq
z`lp0UgeRp>kmVF$CvMM?<IfmB5{j?bS$H%Ez#@uCIc<xP$kez4U`x(bang%G&<)>i
wn;MtQ%lcmh(aFJMkh~tZ{}hX$000&M00Anm?6tCxt|~S>%Kha=VcRO0J+dfR6#xJL

literal 0
HcmV?d00001

diff --git a/lib/ocrypto/aes_gcm.go b/lib/ocrypto/aes_gcm.go
index 7e789b017..74296dc32 100644
--- a/lib/ocrypto/aes_gcm.go
+++ b/lib/ocrypto/aes_gcm.go
@@ -68,7 +68,7 @@ func (aesGcm AesGcm) EncryptWithIVAndTagSize(iv, data []byte, authTagSize int) (
 		return nil, errors.New("invalid nonce size, expects GcmStandardNonceSize")
 	}
 	if authTagSize < 12 || authTagSize > 16 {
-		return nil, errors.New("invalid auth tag size, expects 12 or 16")
+		return nil, errors.New("invalid auth tag size, must be 12 to 16")
 	}
 
 	gcm, err := cipher.NewGCMWithTagSize(aesGcm.block, authTagSize)
diff --git a/mockpublickey.pem b/mockpublickey.pem
new file mode 100644
index 000000000..2de221471
--- /dev/null
+++ b/mockpublickey.pem
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEMLUYYICsSIDQJ+XnrAsM3x3jdNf2
+wJhIy/958wUXewDgZ6No/ndUr3G36wDpZHtuYaBXsZoC4jIBxb4+9hALSw==
+-----END PUBLIC KEY-----
diff --git a/opentdf-bkp.yaml b/opentdf-bkp.yaml
new file mode 100644
index 000000000..680df22cd
--- /dev/null
+++ b/opentdf-bkp.yaml
@@ -0,0 +1,65 @@
+logger:
+  level: debug
+  type: text
+  output: stdout
+# DB and Server confgurations are defaulted for local development
+# db:
+#   host: localhost
+#   port: 5432
+#   user: postgres
+#   password: changeme
+services:
+  kas:
+    enabled: true
+  policy:
+    enabled: true
+  entitlements:
+    providers:
+      # - type: keycloak
+      #   name: gcp
+      #   keycloak:
+      #     host: "https://keycloak.example.com/auth"
+      #     realm: "test"
+      #     clientId: "test"
+      #     clientSecret:
+      #       fromEnv: "KEYCLOAK_CLIENT_SECRET"
+
+      - type: ldap
+        name: ad-1
+        ldap:
+          baseDN: "dc=dev,dc=example,dc=com"
+          host: ""
+          port: 389
+          bindUsername: ""
+          bindPassword:
+            fromEnv: "LDAP_BIND_PASSWORD"
+          attributeFilters:
+            exclude:
+              - "objectSid"
+              - "objectGUID"
+              - "msExchMailboxGuid"
+              - "msExchMailboxSecurityDescriptor"
+server:
+  auth:
+    enabled: false
+    audience: "http://localhost:8080"
+    issuer: http://localhost:8888/auth/realms/opentdf
+    clients:
+      - "opentdf"
+  grpc:
+    port: 8080
+    reflectionEnabled: true # Default is false
+  hsm:
+    enabled: true
+    # As configured by hsm-init-temporary-keys.sh
+    pin: "12345"
+    slotlabel: "dev-token"
+    keys:
+      rsa:
+        label: development-rsa-kas
+      ec:
+        label: development-ec-kas
+  http:
+    port: 8080
+opa:
+  embedded: true # Only for local development
diff --git a/opentdf-idp.yaml b/opentdf-idp.yaml
new file mode 100644
index 000000000..0c8839a1a
--- /dev/null
+++ b/opentdf-idp.yaml
@@ -0,0 +1,88 @@
+logger:
+  level: debug
+  type: text
+  output: stdout
+# DB and Server configurations are defaulted for local development
+# db:
+#   host: localhost
+#   port: 5432
+#   user: postgres
+#   password: changeme
+services:
+  kas:
+    enabled: true
+    issuer: http://127.0.0.1:4444
+  policy:
+    enabled: true
+  authorization:
+    enabled: true
+    url: http://localhost:8888
+    client: "tdf-entity-resolution"
+    secret: "secret"
+    realm: "opentdf"
+    legacy: true
+server:
+  auth:
+    enabled: true
+    audience: "http://localhost:8080"
+    issuer: http://127.0.0.1:4444
+    clients:
+      - "e2465b5a-5371-4fe3-8f21-8b7938d928df"
+      - "e213c08f-9327-4778-80da-a590671fcf3c"
+      - "75a697cd-2770-4cbb-bd1b-e3cf9b3c5f2d"
+    policy:
+      ## Default policy for all requests
+      default: #"role:readonly"
+      ## Dot notation is used to access nested claims (i.e. realm_access.roles)
+      claim: # realm_access.roles
+      ## Maps the external role to the opentdf role
+      ## Note: left side is used in the policy, right side is the external role
+      map:
+      #  readonly: opentdf-readonly
+      #  admin: opentdf-admin
+      #  org-admin: opentdf-org-admin
+
+      ## Custom policy (see examples https://github.com/casbin/casbin/tree/master/examples)
+      csv: #|
+      #  p, role:org-admin, policy:attributes, *, *, allow
+      #  p, role:org-admin, policy:subject-mappings, *, *, allow
+      #  p, role:org-admin, policy:resource-mappings, *, *, allow
+      #  p, role:org-admin, policy:kas-registry, *, *, allow
+      ## Custom model (see https://casbin.org/docs/syntax-for-models/)
+      model: #|
+      #  [request_definition]
+      #  r = sub, res, act, obj
+      #
+      #  [policy_definition]
+      #  p = sub, res, act, obj, eft
+      #
+      #  [role_definition]
+      #  g = _, _
+      #
+      #  [policy_effect]
+      #  e = some(where (p.eft == allow)) && !some(where (p.eft == deny))
+      #
+      #  [matchers]
+      #  m = g(r.sub, p.sub) && globOrRegexMatch(r.res, p.res) && globOrRegexMatch(r.act, p.act) && globOrRegexMatch(r.obj, p.obj)
+
+  grpc:
+    reflectionEnabled: true # Default is false
+  cryptoProvider:
+    hsm:
+      enabled: false
+      pin: 12345
+    standard:
+      rsa:
+        123:
+          privateKeyPath: ../kas-private.pem
+          publicKeyPath: ../kas-cert.pem
+        456:
+          privateKeyPath: ../kas-private.pem
+          publicKeyPath: ../kas-cert.pem
+      ec:
+        123:
+          privateKeyPath: kas-ec-private.pem
+          publicKeyPath: kas-ec-cert.pem
+  port: 8080
+opa:
+  embedded: true # Only for local development
diff --git a/policies/entitlements/conditions.rego b/policies/entitlements/conditions.rego
new file mode 100644
index 000000000..dc812389a
--- /dev/null
+++ b/policies/entitlements/conditions.rego
@@ -0,0 +1,31 @@
+package opentdf.conditions
+
+import rego.v1
+
+# condition_group
+condition_group_evaluate(payload, boolean_operator, conditions) if {
+	# AND
+	boolean_operator == 1
+	some condition in conditions
+	condition_evaluate(payload[condition.subject_external_field], condition.operator, condition.subject_external_values)
+} else if {
+	# OR
+	boolean_operator == 2
+	payload[key]
+	some condition in conditions
+	condition_evaluate(payload[condition.subject_external_field], condition.operator, condition.subject_external_values)
+}
+
+# condition
+condition_evaluate(property_values, operator, values) if {
+	# IN
+	operator == 1
+	some property_value in property_values
+	property_value in values
+} else if {
+	# NOT IN
+	operator == 2
+	some property_value in property_values
+	not property_value in values
+}
+
diff --git a/policies/entitlements/idp-client.json b/policies/entitlements/idp-client.json
new file mode 100644
index 000000000..19e42dc91
--- /dev/null
+++ b/policies/entitlements/idp-client.json
@@ -0,0 +1,121 @@
+{
+  "entity_representations": [
+    {
+      "additional_props": [
+        {
+          "roles": [
+            "uma_protection",
+            "vice_president"
+          ]
+        },
+        {
+          "access": {
+            "configure": false,
+            "manage": false,
+            "view": true
+          },
+          "adminUrl": "",
+          "attributes": {
+            "backchannel.logout.revoke.offline.tokens": "false",
+            "backchannel.logout.session.required": "true",
+            "client.secret.creation.time": "1710873216",
+            "display.on.consent.screen": "false",
+            "oauth2.device.authorization.grant.enabled": "false",
+            "oidc.ciba.grant.enabled": "false"
+          },
+          "authenticationFlowBindingOverrides": {},
+          "authorizationServicesEnabled": true,
+          "baseUrl": "",
+          "bearerOnly": false,
+          "clientAuthenticatorType": "client-secret",
+          "clientId": "opentdf",
+          "consentRequired": false,
+          "defaultClientScopes": [
+            "web-origins",
+            "acr",
+            "profile",
+            "roles",
+            "email"
+          ],
+          "description": "",
+          "directAccessGrantsEnabled": true,
+          "enabled": true,
+          "frontchannelLogout": true,
+          "fullScopeAllowed": true,
+          "id": "485d5e66-23f7-47f6-9d37-3dbf20e493fb",
+          "implicitFlowEnabled": true,
+          "name": "",
+          "nodeReRegistrationTimeout": -1,
+          "notBefore": 0,
+          "optionalClientScopes": [
+            "address",
+            "phone",
+            "offline_access",
+            "microprofile-jwt"
+          ],
+          "protocol": "openid-connect",
+          "protocolMappers": [
+            {
+              "config": {
+                "access.token.claim": "true",
+                "claim.name": "client_id",
+                "id.token.claim": "true",
+                "introspection.token.claim": "true",
+                "jsonType.label": "String",
+                "user.session.note": "client_id"
+              },
+              "consentRequired": false,
+              "id": "296dc3bc-664b-49ce-9868-9a0152fc61e5",
+              "name": "Client ID",
+              "protocol": "openid-connect",
+              "protocolMapper": "oidc-usersessionmodel-note-mapper"
+            },
+            {
+              "config": {
+                "access.token.claim": "true",
+                "claim.name": "clientHost",
+                "id.token.claim": "true",
+                "introspection.token.claim": "true",
+                "jsonType.label": "String",
+                "user.session.note": "clientHost"
+              },
+              "consentRequired": false,
+              "id": "16e0a65d-fcab-4110-86b1-dacc7e149456",
+              "name": "Client Host",
+              "protocol": "openid-connect",
+              "protocolMapper": "oidc-usersessionmodel-note-mapper"
+            },
+            {
+              "config": {
+                "access.token.claim": "true",
+                "claim.name": "clientAddress",
+                "id.token.claim": "true",
+                "introspection.token.claim": "true",
+                "jsonType.label": "String",
+                "user.session.note": "clientAddress"
+              },
+              "consentRequired": false,
+              "id": "73d566d3-1ed4-4a69-ae1d-9310f8c815bb",
+              "name": "Client IP Address",
+              "protocol": "openid-connect",
+              "protocolMapper": "oidc-usersessionmodel-note-mapper"
+            }
+          ],
+          "publicClient": false,
+          "redirectUris": [
+            "/*"
+          ],
+          "rootUrl": "",
+          "secret": "7iocVo2WBLIzPSaZtHZwCLL630L2V7lE",
+          "serviceAccountsEnabled": true,
+          "standardFlowEnabled": true,
+          "surrogateAuthRequired": false,
+          "webOrigins": [
+            "/*"
+          ]
+        }
+      ],
+      "original_id": "1234"
+    }
+  ]
+}
diff --git a/policies/entitlements/in-kas-simplified.json b/policies/entitlements/in-kas-simplified.json
new file mode 100644
index 000000000..8ccdb69d1
--- /dev/null
+++ b/policies/entitlements/in-kas-simplified.json
@@ -0,0 +1,88 @@
+{
+  "attribute_mappings": {
+    "https://example.com/attr/attr1/value/value1": {
+      "attribute": {
+        "id": "6a261d68-0899-4e17-bb2f-124abba7c09c",
+        "namespace": {
+          "id": "8f1d8839-2851-4bf4-8bf4-5243dbfe517d",
+          "name": "example.com"
+        },
+        "name": "attr1",
+        "rule": 2,
+        "values": [
+          {
+            "id": "74babca6-016f-4f3e-a99b-4e46ea8d0fd8",
+            "value": "value1",
+            "fqn": "https://example.com/attr/attr1/value/value1",
+            "active": {
+              "value": true
+            }
+          },
+          {
+            "id": "2fe8dea1-3555-498c-afe9-99724f35f3d3",
+            "value": "value2",
+            "active": {
+              "value": true
+            }
+          }
+        ],
+        "active": {
+          "value": true
+        },
+        "metadata": {}
+      },
+      "value": {
+        "id": "74babca6-016f-4f3e-a99b-4e46ea8d0fd8",
+        "value": "value1",
+        "fqn": "https://example.com/attr/attr1/value/value1",
+        "active": {
+          "value": true
+        },
+        "subject_mappings": [
+          {
+            "id": "3c623ede-df88-4906-8a78-ebdfacadcd57",
+            "subject_condition_set": {
+              "id": "3c623ede-df88-4906-8a78-ebdfacadcd57",
+              "subject_sets": [
+                {
+                  "condition_groups": [
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "jwt.resource_access.${jwt.client_id}.roles",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "writer"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 2
+                    }
+                  ]
+                }
+              ]
+            },
+            "actions": [
+              {
+                "Value": {
+                  "Standard": 1
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  },
+  "entity": {
+    "id": "",
+    "jwt": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqOW1hTVRaUDdBMG9qSVFYNkJiOTRIdVlYeW5fdC1RR0VJQjJ1akpheDI4In0.eyJleHAiOjE3MTExMTQ4NDAsImlhdCI6MTcxMTExNDU0MCwianRpIjoiMTA5ZjhkZDctNjczYy00NDI2LThhY2EtOTFkMjVlZjU1NGE3IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4ODg4L2F1dGgvcmVhbG1zL3RkZiIsInN1YiI6IjQ4ZGU2MzRkLWMyZjAtNDhiZS04NjYxLTM4NTQ3ODMyNDAzNiIsInR5cCI6IkJlYXJlciIsImF6cCI6Im9wZW50ZGYiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIi8qIl0sInJlc291cmNlX2FjY2VzcyI6eyJvcGVudGRmIjp7InJvbGVzIjpbIndyaXRlciJdfX0sInNjb3BlIjoicHJvZmlsZSBlbWFpbCBncm91cHMiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudEhvc3QiOiIxOTIuMTY4LjY1LjEiLCJncm91cHMiOlsiL2VuZ2luZWVyaW5nIiwiL3Byb2plY3R4Il0sInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1vcGVudGRmIiwiY2xpZW50QWRkcmVzcyI6IjE5Mi4xNjguNjUuMSIsImNsaWVudF9pZCI6Im9wZW50ZGYifQ.FxbPmw92rgIJus6kbqQO5TcFMtut0Y69pBKPqhLXYF5jqHYeo83p5J4CxZ2iUS04tdnw6bpKF-PC6V_M-O_NCEAlBeCLWbsU8ccWM4847tRIML1xRGQELedqUv8KsgDroYQwLpG6J5mf7I5oCEQ4RZR6Njq30BIK0XbvrTkdV3YB4e9l56WIK2j_W5_v4p2L4PzflCsqLkF4d8t8Ggjc3yXV8j_HL1HVDwPIzShNdaZJduT1Bw_j6K9dZqxhTCJEOmie0seZenKySif4ruc5kDdXj-ePpRJYLq_yD_ViVgZWLldjvGwuaqNhKVugctkO14C4OgsHBjUeMHoO6luOTg"
+  },
+  "idp": {
+    "client": "tdf-entity-resolution-service",
+    "legacy": true,
+    "realm": "tdf",
+    "secret": "5Byk7Hh6l0E1hJDZfF8CQbG9vqh2FeIe",
+    "url": "http://localhost:8888"
+  }
+}
diff --git a/policies/entitlements/in-kas.json b/policies/entitlements/in-kas.json
new file mode 100644
index 000000000..8e9114b00
--- /dev/null
+++ b/policies/entitlements/in-kas.json
@@ -0,0 +1,280 @@
+{
+  "attribute_mappings": {
+    "https://example.com/attr/attr1/value/value1": {
+      "attribute": {
+        "id": "6a261d68-0899-4e17-bb2f-124abba7c09c",
+        "namespace": {
+          "id": "8f1d8839-2851-4bf4-8bf4-5243dbfe517d",
+          "name": "example.com"
+        },
+        "name": "attr1",
+        "rule": 2,
+        "values": [
+          {
+            "id": "74babca6-016f-4f3e-a99b-4e46ea8d0fd8",
+            "value": "value1",
+            "fqn": "https://example.com/attr/attr1/value/value1",
+            "active": {
+              "value": true
+            }
+          },
+          {
+            "id": "2fe8dea1-3555-498c-afe9-99724f35f3d3",
+            "value": "value2",
+            "active": {
+              "value": true
+            }
+          }
+        ],
+        "active": {
+          "value": true
+        },
+        "metadata": {}
+      },
+      "value": {
+        "id": "74babca6-016f-4f3e-a99b-4e46ea8d0fd8",
+        "value": "value1",
+        "fqn": "https://example.com/attr/attr1/value/value1",
+        "active": {
+          "value": true
+        },
+        "subject_mappings": [
+          {
+            "id": "9d06c757-06b9-4713-8fbd-5ef007b1afe2",
+            "subject_condition_set": {
+              "id": "eaf866c0-327f-4826-846a-5041c3c22f06",
+              "subject_sets": [
+                {
+                  "condition_groups": [
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "fave_sport",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "futbol",
+                            "soccer"
+                          ]
+                        },
+                        {
+                          "subject_external_field": "fave_dessert",
+                          "operator": 2,
+                          "subject_external_values": [
+                            "ice_cream"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 2
+                    },
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "department",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "engineering"
+                          ]
+                        },
+                        {
+                          "subject_external_field": "role",
+                          "operator": 2,
+                          "subject_external_values": [
+                            "manager",
+                            "director",
+                            "vice_president"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 1
+                    }
+                  ]
+                }
+              ]
+            },
+            "actions": [
+              {
+                "Value": {
+                  "Standard": 2
+                }
+              },
+              {
+                "Value": {
+                  "Custom": "custom_action_1"
+                }
+              }
+            ]
+          },
+          {
+            "id": "3c623ede-df88-4906-8a78-ebdfacadcd57",
+            "subject_condition_set": {
+              "id": "3c623ede-df88-4906-8a78-ebdfacadcd57",
+              "subject_sets": [
+                {
+                  "condition_groups": [
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "some_field",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "some_value"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 2
+                    }
+                  ]
+                }
+              ]
+            },
+            "actions": [
+              {
+                "Value": {
+                  "Standard": 1
+                }
+              }
+            ]
+          },
+          {
+            "id": "812fab35-9aa4-4e73-bf22-c96638d58ea4",
+            "subject_condition_set": {
+              "id": "b3903282-06f9-41a4-924a-7b8eb43dffe0",
+              "subject_sets": [
+                {
+                  "condition_groups": [
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "superhero_name",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "thor",
+                            "captain_america"
+                          ]
+                        },
+                        {
+                          "subject_external_field": "superhero_group",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "avengers"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 1
+                    }
+                  ]
+                }
+              ]
+            },
+            "actions": [
+              {
+                "Value": {
+                  "Standard": 1
+                }
+              }
+            ]
+          }
+        ]
+      }
+    },
+    "https://example.com/attr/attr1/value/value2": {
+      "attribute": {
+        "id": "6a261d68-0899-4e17-bb2f-124abba7c09c",
+        "namespace": {
+          "id": "8f1d8839-2851-4bf4-8bf4-5243dbfe517d",
+          "name": "example.com"
+        },
+        "name": "attr1",
+        "rule": 2,
+        "values": [
+          {
+            "id": "74babca6-016f-4f3e-a99b-4e46ea8d0fd8",
+            "value": "value1",
+            "active": {
+              "value": true
+            }
+          },
+          {
+            "id": "2fe8dea1-3555-498c-afe9-99724f35f3d3",
+            "value": "value2",
+            "fqn": "https://example.com/attr/attr1/value/value2",
+            "active": {
+              "value": true
+            }
+          }
+        ],
+        "active": {
+          "value": true
+        },
+        "metadata": {}
+      },
+      "value": {
+        "id": "2fe8dea1-3555-498c-afe9-99724f35f3d3",
+        "value": "value2",
+        "fqn": "https://example.com/attr/attr1/value/value2",
+        "active": {
+          "value": true
+        },
+        "subject_mappings": [
+          {
+            "id": "e6a3f940-e24f-4383-8763-718a1a304948",
+            "subject_condition_set": {
+              "id": "798aacd2-abaf-4623-975e-3bb8ca43e318",
+              "subject_sets": [
+                {
+                  "condition_groups": [
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "department",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "marketing",
+                            "sales"
+                          ]
+                        },
+                        {
+                          "subject_external_field": "role",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "senior_vice_president",
+                            "vice_president",
+                            "director"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 1
+                    }
+                  ]
+                }
+              ]
+            },
+            "actions": [
+              {
+                "Value": {
+                  "Standard": 2
+                }
+              },
+              {
+                "Value": {
+                  "Standard": 1
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  },
+  "entity": {
+    "id": "0",
+    "jwt": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJqOW1hTVRaUDdBMG9qSVFYNkJiOTRIdVlYeW5fdC1RR0VJQjJ1akpheDI4In0.eyJleHAiOjE3MTExMTQ4NDAsImlhdCI6MTcxMTExNDU0MCwianRpIjoiMTA5ZjhkZDctNjczYy00NDI2LThhY2EtOTFkMjVlZjU1NGE3IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4ODg4L2F1dGgvcmVhbG1zL3RkZiIsInN1YiI6IjQ4ZGU2MzRkLWMyZjAtNDhiZS04NjYxLTM4NTQ3ODMyNDAzNiIsInR5cCI6IkJlYXJlciIsImF6cCI6Im9wZW50ZGYiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIi8qIl0sInJlc291cmNlX2FjY2VzcyI6eyJvcGVudGRmIjp7InJvbGVzIjpbIndyaXRlciJdfX0sInNjb3BlIjoicHJvZmlsZSBlbWFpbCBncm91cHMiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsImNsaWVudEhvc3QiOiIxOTIuMTY4LjY1LjEiLCJncm91cHMiOlsiL2VuZ2luZWVyaW5nIiwiL3Byb2plY3R4Il0sInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1vcGVudGRmIiwiY2xpZW50QWRkcmVzcyI6IjE5Mi4xNjguNjUuMSIsImNsaWVudF9pZCI6Im9wZW50ZGYifQ.FxbPmw92rgIJus6kbqQO5TcFMtut0Y69pBKPqhLXYF5jqHYeo83p5J4CxZ2iUS04tdnw6bpKF-PC6V_M-O_NCEAlBeCLWbsU8ccWM4847tRIML1xRGQELedqUv8KsgDroYQwLpG6J5mf7I5oCEQ4RZR6Njq30BIK0XbvrTkdV3YB4e9l56WIK2j_W5_v4p2L4PzflCsqLkF4d8t8Ggjc3yXV8j_HL1HVDwPIzShNdaZJduT1Bw_j6K9dZqxhTCJEOmie0seZenKySif4ruc5kDdXj-ePpRJYLq_yD_ViVgZWLldjvGwuaqNhKVugctkO14C4OgsHBjUeMHoO6luOTg"
+  },
+  "idp": {
+    "client": "tdf-entity-resolution-service",
+    "legacy": true,
+    "realm": "tdf",
+    "secret": "5Byk7Hh6l0E1hJDZfF8CQbG9vqh2FeIe",
+    "url": "http://localhost:8888"
+  }
+}
diff --git a/policies/entitlements/in-keycloak.json b/policies/entitlements/in-keycloak.json
new file mode 100644
index 000000000..c4473d5cb
--- /dev/null
+++ b/policies/entitlements/in-keycloak.json
@@ -0,0 +1,35 @@
+
+
+
+[additional_props:{fields:{key:\"access\" value:{struct_value:{fields:{key:\"impersonate\" value:{bool_value:false}} fields:{key:\"manage\" value:{bool_value:false}} fields:{key:\"manageGroupMembership\" value:{bool_value:false}} fields:{key:\"mapRoles\" value:{bool_value:false}} fields:{key:\"view\" value:{bool_value:true}}}}} fields:{key:\"attributes\" value:{struct_value:{fields:{key:\"fave_sport\" value:{list_value:{values:{string_value:\"futbol\"}}}} fields:{key:\"superhero_name\" value:{list_value:{values:{string_value:\"thor\"}}}}}}} fields:{key:\"createdTimestamp\" value:{number_value:1.710339863913e+12}} fields:{key:\"disableableCredentialTypes\" value:{list_value:{}}} fields:{key:\"email\" value:{string_value:\"a@a.af\"}} fields:{key:\"emailVerified\" value:{bool_value:true}} fields:{key:\"enabled\" value:{bool_value:true}} fields:{key:\"firstName\" value:{string_value:\"A\"}} fields:{key:\"id\" value:{string_value:\"e3d95832-b539-43b6-b6ac-b9c781e46735\"}} fields:{key:\"lastName\" value:{string_value:\"F\"}} fields:{key:\"requiredActions\" value:{list_value:{}}} fields:{key:\"totp\" value:{bool_value:false}} fields:{key:\"username\" value:{string_value:\"a@a.af\"}}} original_id:\"e1\"]
+
+
+map[entityRepresentations:[
+  map[additionalProps:[
+    map[
+      access:map[
+        impersonate:false
+        manage:false
+        manageGroupMembership:false
+        mapRoles:false
+        view:true
+      ]
+      attributes:map[
+        fave_sport:[futbol]
+        superhero_name:[thor]
+      ]
+      createdTimestamp:1710339863913
+      disableableCredentialTypes:[]
+      email:a@a.af emailVerified:true
+      enabled:true
+      firstName:A
+      id:e3d95832-b539-43b6-b6ac-b9c781e46735
+      lastName:F
+      requiredActions:[]
+      totp:false
+      username:a@a.af
+    ]
+  ] originalId:e1
+  ]
+]
+]
diff --git a/policies/entitlements/in-simplified.json b/policies/entitlements/in-simplified.json
new file mode 100644
index 000000000..aa8573509
--- /dev/null
+++ b/policies/entitlements/in-simplified.json
@@ -0,0 +1,60 @@
+{
+  "entity": {
+    "claims": [
+      "marketing",
+      "CoolTool",
+      "futbol"
+    ],
+    "id": "0"
+  },
+  "subject_mappings": [
+    {
+      "id": "1748761a-bd8c-4b23-8560-16ba7a181f19",
+      "attribute_value": {
+        "id": "c2140825-0969-44c9-8dd6-5d7e0a856b9c",
+        "value": "blue",
+        "active": {
+          "value": true
+        }
+      },
+      "subject_condition_set": {
+        "id": "10d03422-7eae-43b9-ac3b-d10400171858",
+        "subject_sets": [
+          {
+            "condition_groups": [
+              {
+                "conditions": [
+                  {
+                    "subject_external_field": "team_name",
+                    "operator": 1,
+                    "subject_external_values": [
+                      "CoolTool",
+                      "RadService",
+                      "ShinyThing"
+                    ]
+                  },
+                  {
+                    "subject_external_field": "org_name",
+                    "operator": 1,
+                    "subject_external_values": [
+                      "marketing"
+                    ]
+                  }
+                ],
+                "boolean_operator": 1
+              }
+            ]
+          }
+        ]
+      },
+      "actions": [
+        {
+          "Value": {
+            "Standard": 1
+          }
+        }
+      ],
+      "metadata": {}
+    }
+      ]
+}
diff --git a/policies/entitlements/in.json b/policies/entitlements/in.json
new file mode 100644
index 000000000..a29e897f0
--- /dev/null
+++ b/policies/entitlements/in.json
@@ -0,0 +1,222 @@
+{
+  "attribute_mappings": {
+    "https://example.com/attr/attr1/value/value1": {
+      "attribute": {
+        "id": "6a261d68-0899-4e17-bb2f-124abba7c09c",
+        "namespace": {
+          "id": "8f1d8839-2851-4bf4-8bf4-5243dbfe517d",
+          "name": "example.com"
+        },
+        "name": "attr1",
+        "rule": 2,
+        "values": [
+          {
+            "id": "74babca6-016f-4f3e-a99b-4e46ea8d0fd8",
+            "value": "value1",
+            "fqn": "https://example.com/attr/attr1/value/value1",
+            "active": {
+              "value": true
+            }
+          },
+          {
+            "id": "2fe8dea1-3555-498c-afe9-99724f35f3d3",
+            "value": "value2",
+            "members": [
+              "0fd363db-27b1-4210-b77b-8c82fe044d41",
+              "532e5957-28f7-466d-91e2-493e9431cd83"
+            ],
+            "active": {
+              "value": true
+            }
+          }
+        ],
+        "active": {
+          "value": true
+        },
+        "metadata": {}
+      },
+      "value": {
+        "id": "74babca6-016f-4f3e-a99b-4e46ea8d0fd8",
+        "value": "value1",
+        "fqn": "https://example.com/attr/attr1/value/value1",
+        "active": {
+          "value": true
+        },
+        "subject_mappings": [
+          {
+            "id": "9d06c757-06b9-4713-8fbd-5ef007b1afe2",
+            "subject_condition_set": {
+              "id": "eaf866c0-327f-4826-846a-5041c3c22f06",
+              "subject_sets": [
+                {
+                  "condition_groups": [
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "group",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "mygroup"
+                          ]
+                        },
+                        {
+                          "subject_external_field": "role",
+                          "operator": 2,
+                          "subject_external_values": [
+                            "myrole"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 2
+                    },
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "department",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "engineering"
+                          ]
+                        },
+                        {
+                          "subject_external_field": "role",
+                          "operator": 2,
+                          "subject_external_values": [
+                            "manager",
+                            "director",
+                            "vice_president"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 1
+                    }
+                  ]
+                }
+              ]
+            },
+            "actions": [
+              {
+                "Value": {
+                  "Standard": 2
+                }
+              },
+              {
+                "Value": {
+                  "Custom": "custom_action_1"
+                }
+              }
+            ]
+          },
+          {
+            "id": "3c623ede-df88-4906-8a78-ebdfacadcd57",
+            "subject_condition_set": {
+              "id": "3c623ede-df88-4906-8a78-ebdfacadcd57",
+              "subject_sets": [
+                {
+                  "condition_groups": [
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "some_field",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "some_value"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 2
+                    }
+                  ]
+                }
+              ]
+            },
+            "actions": [
+              {
+                "Value": {
+                  "Standard": 1
+                }
+              }
+            ]
+          },
+          {
+            "id": "812fab35-9aa4-4e73-bf22-c96638d58ea4",
+            "subject_condition_set": {
+              "id": "b3903282-06f9-41a4-924a-7b8eb43dffe0",
+              "subject_sets": [
+                {
+                  "condition_groups": [
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "superhero_name",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "thor",
+                            "captain_america"
+                          ]
+                        },
+                        {
+                          "subject_external_field": "superhero_group",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "avengers"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 1
+                    }
+                  ]
+                }
+              ]
+            },
+            "actions": [
+              {
+                "Value": {
+                  "Standard": 1
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  },
+  "entity": {
+    "id": "0"
+  },
+  "entityRepresentations": [
+    {
+      "additionalProps": [
+        {
+          "access": {
+            "impersonate": false,
+            "manage": false,
+            "manageGroupMembership": false,
+            "mapRoles": false,
+            "view": true
+          },
+          "attributes": {
+            "fave_sport": [
+              "futbol"
+            ],
+            "superhero_name": [
+              "thor"
+            ]
+          },
+          "createdTimestamp": 1710339863913,
+          "disableableCredentialTypes": [],
+          "email": "a@a.af",
+          "emailVerified": true,
+          "enabled": true,
+          "firstName": "A",
+          "id": "e3d95832-b539-43b6-b6ac-b9c781e46735",
+          "lastName": "F",
+          "requiredActions": [],
+          "totp": false,
+          "username": "a@a.af"
+        }
+      ],
+      "originalId": "e1"
+    }
+  ]
+}
diff --git a/policies/entitlements/input-condition-test.json b/policies/entitlements/input-condition-test.json
new file mode 100644
index 000000000..70dae18b0
--- /dev/null
+++ b/policies/entitlements/input-condition-test.json
@@ -0,0 +1,12 @@
+{
+  "payload": {
+    "groups": ["groupA"]
+  },
+  "condition": {
+    "subject_external_field": "groups",
+    "operator": 1,
+    "subject_external_values": [
+      "groupA"
+    ]
+  }
+}
diff --git a/policies/entitlements/input-jwt.json b/policies/entitlements/input-jwt.json
new file mode 100644
index 000000000..07d24f305
--- /dev/null
+++ b/policies/entitlements/input-jwt.json
@@ -0,0 +1,85 @@
+{
+  "attribute_mappings": {
+    "https://brightonhealthclinic.org/attr/healthrecordtype/value/basicpatientinfo": {
+      "attribute": {
+        "id": "46fd500e-6839-4cc0-8b29-75665bf98e3a",
+        "namespace": {
+          "id": "f1f12166-8b22-47d6-829a-66e68b533eb2",
+          "name": "brightonhealthclinic.org"
+        },
+        "name": "healthrecordtype",
+        "rule": 2,
+        "values": [
+          {
+            "id": "356b7dd3-6abb-453c-8354-6915705fabcb",
+            "value": "basicpatientinfo",
+            "fqn": "https://brightonhealthclinic.org/attr/healthrecordtype/value/basicpatientinfo",
+            "active": {
+              "value": true
+            }
+          }
+        ],
+        "active": {
+          "value": true
+        },
+        "metadata": {}
+      },
+      "value": {
+        "id": "356b7dd3-6abb-453c-8354-6915705fabcb",
+        "value": "basicpatientinfo",
+        "fqn": "https://brightonhealthclinic.org/attr/healthrecordtype/value/basicpatientinfo",
+        "active": {
+          "value": true
+        },
+        "subject_mappings": [
+          {
+            "id": "5fb9f643-b7ea-4d53-8b23-f2b61a7ca38a",
+            "subject_condition_set": {
+              "id": "eb688795-fa0a-4014-8f4e-0f770c7bdab6",
+              "subject_sets": [
+                {
+                  "condition_groups": [
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "groups",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "/medical"
+                          ]
+                        },
+                        {
+                          "subject_external_field": "roles",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "nurse",
+                            "doctor"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 1
+                    }
+                  ]
+                }
+              ],
+              "metadata": {}
+            },
+            "actions": [
+              {
+                "Value": {
+                  "Standard": 1
+                }
+              }
+            ],
+            "metadata": {}
+          }
+        ]
+      }
+    }
+  },
+  "entity": {
+    "jwt": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI3bEN5Vlo4Zm9jaTBOSk1JclZGZ01jZFc1cGlRQVUwVV9KZ1BNZ2V1RFI0In0.eyJleHAiOjE3MTE1MTI2MjEsImlhdCI6MTcxMTQ3NjYyMSwiYXV0aF90aW1lIjoxNzExNDc2NjIxLCJqdGkiOiI2YzJlMjk0Mi1iNmE4LTQ2MTYtOTYwZi0xN2I2NzA3MDFiMzgiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0Ojg4ODgvYXV0aC9yZWFsbXMvYnJpZ2h0b25oZWFsdGhjbGluaWMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNWJkOTllODgtMDkyMS00MzVjLTkxOTktYjZmZTZmYjU3MGY4IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWNjb3VudC1jb25zb2xlIiwibm9uY2UiOiJlYTMwMjk1OC1jMzgyLTQ0NGItYjNlNy0zODFhMjAzODE4YTciLCJzZXNzaW9uX3N0YXRlIjoiODQ0NjMxMjgtYjg0NS00ZDM1LTljM2MtNmJhNjFiZWEwZTYyIiwiYWNyIjoiMSIsInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiXX19LCJzY29wZSI6Im9wZW5pZCBlbWFpbCBwcm9maWxlIiwic2lkIjoiODQ0NjMxMjgtYjg0NS00ZDM1LTljM2MtNmJhNjFiZWEwZTYyIiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJyb2xlcyI6Im51cnNlIiwibmFtZSI6Ik9saXZpYSBHcmVlbiIsImdyb3VwcyI6WyIvbWVkaWNhbCJdLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJvZ3JlZW4iLCJnaXZlbl9uYW1lIjoiT2xpdmlhIiwiZmFtaWx5X25hbWUiOiJHcmVlbiIsImVtYWlsIjoib2dyZWVuQGJyaWdodG9uaGVhbHRoY2xpbmljLm9yZyJ9.2MWhwiCdUChYPCvP-Q08Z1RvwO2a0Q3axR0agWAA-KToirV7bRdcMGJUDxEYzxCKmZYTcR3nNjeTF-WzK1ZsiasimsOVeqoCv8Q2YbA19KqxusaTrRtHcSLCVM8BWYGMBbrEzgn06MDYXjHVhAjAYytl20dImRjUPukFhG6XI8LIoX8sCRwb4gKb0fweIUaX6lj3TCvRw9NakIyN1Jotd3CBBZMFJ7fid1_HX8rWJ7HWZNdvILLMxv3euLO2IFFnnCaq6_etMCNeSzEqg3jei5gwOIcbPzERt2fpmrTX4OhFbUOJvI3MU-4uMJ68muKNCW0nlMEjUbYfCcjbSRUDjA",
+    "id": ""
+  },
+  "idp": null
+}
diff --git a/policies/entitlements/input-simple.json b/policies/entitlements/input-simple.json
new file mode 100644
index 000000000..78687e047
--- /dev/null
+++ b/policies/entitlements/input-simple.json
@@ -0,0 +1,134 @@
+{
+  "attribute_mappings": {
+    "https://example.com/attr/attr1/value/value1": {
+      "attribute": {
+        "id": "6a261d68-0899-4e17-bb2f-124abba7c09c",
+        "namespace": {
+          "id": "8f1d8839-2851-4bf4-8bf4-5243dbfe517d",
+          "name": "example.com"
+        },
+        "name": "attr1",
+        "rule": 2,
+        "values": [
+          {
+            "id": "74babca6-016f-4f3e-a99b-4e46ea8d0fd8",
+            "value": "value1",
+            "fqn": "https://example.com/attr/attr1/value/value1",
+            "active": {
+              "value": true
+            }
+          },
+          {
+            "id": "2fe8dea1-3555-498c-afe9-99724f35f3d3",
+            "value": "value2",
+            "members": [
+              "0fd363db-27b1-4210-b77b-8c82fe044d41",
+              "532e5957-28f7-466d-91e2-493e9431cd83"
+            ],
+            "active": {
+              "value": true
+            }
+          }
+        ],
+        "active": {
+          "value": true
+        },
+        "metadata": {}
+      },
+      "value": {
+        "id": "74babca6-016f-4f3e-a99b-4e46ea8d0fd8",
+        "value": "value1",
+        "fqn": "https://example.com/attr/attr1/value/value1",
+        "active": {
+          "value": true
+        },
+        "subject_mappings": [
+          {
+            "id": "9d06c757-06b9-4713-8fbd-5ef007b1afe2",
+            "subject_condition_set": {
+              "id": "eaf866c0-327f-4826-846a-5041c3c22f06",
+              "subject_sets": [
+                {
+                  "condition_groups": [
+                    {
+                      "conditions": [
+                        {
+                          "subject_external_field": "fave_sport",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "futbol"
+                          ]
+                        },
+                        {
+                          "subject_external_field": "fave_dessert",
+                          "operator": 1,
+                          "subject_external_values": [
+                            "ice_cream"
+                          ]
+                        }
+                      ],
+                      "boolean_operator": 2
+                    }
+                  ]
+                }
+              ]
+            },
+            "actions": [
+              {
+                "Value": {
+                  "Standard": 2
+                }
+              },
+              {
+                "Value": {
+                  "Custom": "custom_action_1"
+                }
+              }
+            ]
+          }
+        ]
+      }
+    }
+  },
+  "entity": {
+    "id": "0"
+  },
+  "entityRepresentations": [
+    {
+      "additionalProps": [
+        {
+          "access": {
+            "impersonate": false,
+            "manage": false,
+            "manageGroupMembership": false,
+            "mapRoles": false,
+            "view": true
+          },
+          "attributes": {
+            "fave_sport": [
+              "futbol"
+            ],
+            "fave_dessert": [
+              "ice_cream"
+            ],
+            "superhero_name": [
+              "thor"
+            ]
+          },
+          "createdTimestamp": 1710339863913,
+          "disableableCredentialTypes": [],
+          "email": "a@a.af",
+          "emailVerified": true,
+          "enabled": true,
+          "firstName": "A",
+          "id": "e3d95832-b539-43b6-b6ac-b9c781e46735",
+          "lastName": "F",
+          "requiredActions": [],
+          "totp": false,
+          "username": "a@a.af"
+        }
+      ],
+      "originalId": "e1"
+    }
+  ]
+}

From 975c75a04221809e5281d86c6c91c43a818981c4 Mon Sep 17 00:00:00 2001
From: Paul Flynn <pflynn@virtru.com>
Date: Thu, 5 Sep 2024 16:26:01 -0400
Subject: [PATCH 4/4] Update expected error message for AES-GCM tag size

Adjusted the error message in nanotdf_test.go to specify valid tag sizes from 12 to 16 instead of 12 or 16, ensuring consistency with encryption standards.
---
 sdk/nanotdf_test.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/nanotdf_test.go b/sdk/nanotdf_test.go
index c01e7a984..faebd3838 100644
--- a/sdk/nanotdf_test.go
+++ b/sdk/nanotdf_test.go
@@ -353,7 +353,7 @@ func TestCreateNanoTDF(t *testing.T) {
 			publicKeyFetcher: MockECPublicKeyFetcher{
 				MockPublicKey: validMockPublicKey,
 			},
-			expectedError: errors.New("writeNanoTDFHeader failed:AesGcm.EncryptWithIVAndTagSize failed:invalid auth tag size, expects 12 or 16"),
+			expectedError: errors.New("writeNanoTDFHeader failed:AesGcm.EncryptWithIVAndTagSize failed:invalid auth tag size, must be 12 to 16"),
 		},
 		{
 			name:   "Invalid Curve match P256-P384",