From 60da54d665ed93db528635b360fb6b6cbe7d6dd3 Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Fri, 4 Oct 2024 09:02:34 +0000 Subject: [PATCH 01/11] Add files via upload --- .../src/main/resources/db/postgres/data.sql | 39 +++++++++++++++++++ .../src/main/resources/db/postgres/schema.sql | 30 ++++++++++++++ 2 files changed, 69 insertions(+) create mode 100644 src/spring-petclinic-customers-service/src/main/resources/db/postgres/data.sql create mode 100644 src/spring-petclinic-customers-service/src/main/resources/db/postgres/schema.sql diff --git a/src/spring-petclinic-customers-service/src/main/resources/db/postgres/data.sql b/src/spring-petclinic-customers-service/src/main/resources/db/postgres/data.sql new file mode 100644 index 0000000..aaeff61 --- /dev/null +++ b/src/spring-petclinic-customers-service/src/main/resources/db/postgres/data.sql @@ -0,0 +1,39 @@ + +INSERT INTO types (id, name) VALUES +(1, 'Dog'), +(2, 'Cat'), +(3, 'Bird'), +(4, 'Reptile'), +(5, 'Fish'), +(6, 'Rodent') +ON CONFLICT (id) DO NOTHING; + +INSERT INTO owners (id, first_name, last_name, address, city, telephone) VALUES +(1, 'George', 'Franklin', '110 W. Liberty St.', 'Madison', '6085551023'), +(2, 'Betty', 'Davis', '638 Cardinal Ave.', 'Sun Prairie', '6085551749'), +(3, 'Eduardo', 'Rodriquez', '2693 Commerce St.', 'McFarland', '6085558763'), +(4, 'Harold', 'Davis', '563 Friendly St.', 'Windsor', '6085553198'), +(5, 'Peter', 'McTavish', '2387 S. Fair Way', 'Madison', '6085552765'), +(6, 'Jean', 'Coleman', '105 N. Lake St.', 'Monona', '6085552654'), +(7, 'Jeff', 'Black', '1450 Oak Blvd.', 'Monona', '6085555387'), +(8, 'Maria', 'Escobito', '345 Maple St.', 'Madison', '6085557683'), +(9, 'David', 'Schroeder', '2749 Blackhawk Trail', 'Madison', '6085559435'), +(10, 'Carlos', 'Estaban', '2335 Independence La.', 'Waunakee', '6085555487') +ON CONFLICT (id) DO NOTHING; + +INSERT INTO pets (id, name, birth_date, type_id, owner_id) VALUES +(1, 'Leo', '2000-09-07', 1, 1), +(2, 'Basil', '2002-08-06', 6, 2), +(3, 'Rosy', '2001-04-17', 2, 3), +(4, 'Jewel', '2000-03-07', 2, 3), +(5, 'Iggy', '2000-11-30', 3, 4), +(6, 'George', '2000-01-20', 4, 5), +(7, 'Samantha', '1995-09-04', 1, 6), +(8, 'Max', '1995-09-04', 1, 6), +(9, 'Lucky', '1999-08-06', 5, 7), +(10, 'Mulligan', '1997-02-24', 2, 8), +(11, 'Freddy', '2000-03-09', 5, 9), +(12, 'Lucky', '2000-06-24', 2, 10), +(13, 'Sly', '2002-06-08', 1, 10) +ON CONFLICT (id) DO NOTHING; + diff --git a/src/spring-petclinic-customers-service/src/main/resources/db/postgres/schema.sql b/src/spring-petclinic-customers-service/src/main/resources/db/postgres/schema.sql new file mode 100644 index 0000000..6a8aab6 --- /dev/null +++ b/src/spring-petclinic-customers-service/src/main/resources/db/postgres/schema.sql @@ -0,0 +1,30 @@ + +CREATE TABLE IF NOT EXISTS types ( + id SERIAL PRIMARY KEY, + name VARCHAR(80) NOT NULL, + UNIQUE (name) +); + + +CREATE TABLE IF NOT EXISTS owners ( + id SERIAL PRIMARY KEY, + first_name VARCHAR(30) NOT NULL, + last_name VARCHAR(30) NOT NULL, + address VARCHAR(255) NOT NULL, + city VARCHAR(80) NOT NULL, + telephone VARCHAR(20) NOT NULL +); + + +CREATE TABLE IF NOT EXISTS pets ( + id SERIAL PRIMARY KEY, + name VARCHAR(30) NOT NULL, + birth_date DATE NOT NULL, + type_id INT NOT NULL, + owner_id INT NOT NULL, + FOREIGN KEY (owner_id) REFERENCES owners(id) ON DELETE CASCADE, + FOREIGN KEY (type_id) REFERENCES types(id) ON DELETE CASCADE +); + +CREATE INDEX idx_last_name ON owners(last_name); +CREATE INDEX idx_name ON pets(name); From fbdf2d8af35942e65eaede9d6ae88bea3b9bbf7a Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Fri, 4 Oct 2024 09:04:39 +0000 Subject: [PATCH 02/11] Add files via upload --- .../src/main/resources/db/postgres/data.sql | 23 +++++++++++++++++++ .../src/main/resources/db/postgres/schema.sql | 22 ++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 src/spring-petclinic-vets-service/src/main/resources/db/postgres/data.sql create mode 100644 src/spring-petclinic-vets-service/src/main/resources/db/postgres/schema.sql diff --git a/src/spring-petclinic-vets-service/src/main/resources/db/postgres/data.sql b/src/spring-petclinic-vets-service/src/main/resources/db/postgres/data.sql new file mode 100644 index 0000000..79a8a80 --- /dev/null +++ b/src/spring-petclinic-vets-service/src/main/resources/db/postgres/data.sql @@ -0,0 +1,23 @@ +INSERT INTO vets (id, first_name, last_name) VALUES +(1, 'James', 'Carter'), +(2, 'Helen', 'Leary'), +(3, 'Linda', 'Douglas'), +(4, 'Rafael', 'Ortega'), +(5, 'Henry', 'Stevens'), +(6, 'Sharon', 'Jenkins') +ON CONFLICT (id) DO NOTHING; + +INSERT INTO specialties (id, name) VALUES +(1, 'radiology'), +(2, 'surgery'), +(3, 'dentistry') +ON CONFLICT (id) DO NOTHING; + +INSERT INTO vet_specialties (vet_id, specialty_id) VALUES +(2, 1), +(3, 2), +(3, 3), +(4, 2), +(5, 1) +ON CONFLICT (vet_id, specialty_id) DO NOTHING; + diff --git a/src/spring-petclinic-vets-service/src/main/resources/db/postgres/schema.sql b/src/spring-petclinic-vets-service/src/main/resources/db/postgres/schema.sql new file mode 100644 index 0000000..b6c1d87 --- /dev/null +++ b/src/spring-petclinic-vets-service/src/main/resources/db/postgres/schema.sql @@ -0,0 +1,22 @@ + +CREATE TABLE IF NOT EXISTS vets ( + id SERIAL PRIMARY KEY, + first_name VARCHAR(30) NOT NULL, + last_name VARCHAR(30) NOT NULL +); + +CREATE INDEX idx_vets_last_name ON vets(last_name); + +CREATE TABLE IF NOT EXISTS specialties ( + id SERIAL PRIMARY KEY, + name VARCHAR(80) NOT NULL, + UNIQUE (name) +); + +CREATE TABLE IF NOT EXISTS vet_specialties ( + vet_id INT NOT NULL, + specialty_id INT NOT NULL, + PRIMARY KEY (vet_id, specialty_id), + FOREIGN KEY (vet_id) REFERENCES vets(id) ON DELETE CASCADE, + FOREIGN KEY (specialty_id) REFERENCES specialties(id) ON DELETE CASCADE +); From fd9951a8884af8821fbed2f7283172a66f317783 Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Fri, 4 Oct 2024 09:05:16 +0000 Subject: [PATCH 03/11] Add files via upload --- .../src/main/resources/db/postgres/data.sql | 9 +++++++++ .../src/main/resources/db/postgres/schema.sql | 10 ++++++++++ 2 files changed, 19 insertions(+) create mode 100644 src/spring-petclinic-visits-service/src/main/resources/db/postgres/data.sql create mode 100644 src/spring-petclinic-visits-service/src/main/resources/db/postgres/schema.sql diff --git a/src/spring-petclinic-visits-service/src/main/resources/db/postgres/data.sql b/src/spring-petclinic-visits-service/src/main/resources/db/postgres/data.sql new file mode 100644 index 0000000..4dbba34 --- /dev/null +++ b/src/spring-petclinic-visits-service/src/main/resources/db/postgres/data.sql @@ -0,0 +1,9 @@ + + +INSERT INTO visits (id, pet_id, visit_date, description) VALUES +(1, 7, '2010-03-04', 'rabies shot'), +(2, 8, '2011-03-04', 'rabies shot'), +(3, 8, '2009-06-04', 'neutered'), +(4, 7, '2008-09-04', 'spayed') +ON CONFLICT (id) DO NOTHING; + diff --git a/src/spring-petclinic-visits-service/src/main/resources/db/postgres/schema.sql b/src/spring-petclinic-visits-service/src/main/resources/db/postgres/schema.sql new file mode 100644 index 0000000..a36ec78 --- /dev/null +++ b/src/spring-petclinic-visits-service/src/main/resources/db/postgres/schema.sql @@ -0,0 +1,10 @@ + + + +CREATE TABLE IF NOT EXISTS visits ( + id SERIAL PRIMARY KEY, + pet_id INT NOT NULL, + visit_date DATE, + description VARCHAR(8192), + FOREIGN KEY (pet_id) REFERENCES pets(id) ON DELETE CASCADE +); From be6844c2a77dfaef1375058a7fc9c84c063efdaf Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Fri, 4 Oct 2024 14:37:31 +0530 Subject: [PATCH 04/11] Update pom.xml --- src/spring-petclinic-customers-service/pom.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/spring-petclinic-customers-service/pom.xml b/src/spring-petclinic-customers-service/pom.xml index f8f82f3..c5a2623 100644 --- a/src/spring-petclinic-customers-service/pom.xml +++ b/src/spring-petclinic-customers-service/pom.xml @@ -59,6 +59,10 @@ com.azure.spring spring-cloud-azure-starter-jdbc-mysql + + com.azure.spring + spring-cloud-azure-starter-jdbc-postgresql + org.hsqldb hsqldb From da6dc8a6c525161945a136174d1c42e6a042233b Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Fri, 4 Oct 2024 14:39:46 +0530 Subject: [PATCH 05/11] Update pom.xml --- src/spring-petclinic-vets-service/pom.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/spring-petclinic-vets-service/pom.xml b/src/spring-petclinic-vets-service/pom.xml index d31f9a2..ca2b39f 100644 --- a/src/spring-petclinic-vets-service/pom.xml +++ b/src/spring-petclinic-vets-service/pom.xml @@ -93,6 +93,10 @@ com.azure.spring spring-cloud-azure-starter-jdbc-mysql + + com.azure.spring + spring-cloud-azure-starter-jdbc-postgresql + io.micrometer micrometer-registry-prometheus From 04a679657cc77ed287b31d94c6f2249fc4c91bf0 Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Fri, 4 Oct 2024 14:40:30 +0530 Subject: [PATCH 06/11] Update pom.xml --- src/spring-petclinic-visits-service/pom.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/spring-petclinic-visits-service/pom.xml b/src/spring-petclinic-visits-service/pom.xml index 3c110b7..328b77e 100644 --- a/src/spring-petclinic-visits-service/pom.xml +++ b/src/spring-petclinic-visits-service/pom.xml @@ -78,6 +78,10 @@ com.azure.spring spring-cloud-azure-starter-jdbc-mysql + + com.azure.spring + spring-cloud-azure-starter-jdbc-postgresql + io.micrometer micrometer-registry-prometheus From f58f6161f2876e32f1e08c0f674e991a0fdf1eda Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Wed, 30 Oct 2024 11:18:44 +0000 Subject: [PATCH 07/11] updated postgres implementation --- docs/01_lab_plan/0103.md | 4 +- docs/01_lab_plan/0104.md | 2 +- docs/02_lab_migrate/0201.md | 2 +- docs/02_lab_migrate/0203.md | 4 +- .../0203_postgres_application.yaml | 80 ++++++++++++++ docs/02_lab_migrate/0203_postgresql.md | 101 ++++++++++++++++++ docs/02_lab_migrate/0204.md | 2 +- docs/02_lab_migrate/0205.md | 4 +- docs/02_lab_migrate/0206.md | 16 ++- docs/02_lab_migrate/0207.md | 4 +- docs/02_lab_migrate/02_openlab_setup_aca.md | 4 +- 11 files changed, 206 insertions(+), 17 deletions(-) create mode 100644 docs/02_lab_migrate/0203_postgres_application.yaml create mode 100644 docs/02_lab_migrate/0203_postgresql.md diff --git a/docs/01_lab_plan/0103.md b/docs/01_lab_plan/0103.md index 2ff8e4b..5ed75bc 100644 --- a/docs/01_lab_plan/0103.md +++ b/docs/01_lab_plan/0103.md @@ -11,9 +11,9 @@ Now that you identified the viable compute platforms, you need to decide which A The Azure platform offers several database-as-a-services options, including [Azure SQL Database](https://docs.microsoft.com/azure/azure-sql/database/sql-database-paas-overview?view=azuresql), [Azure Database for MySQL](https://docs.microsoft.com/azure/mysql/), [Azure Cosmos DB](https://docs.microsoft.com/azure/cosmos-db/introduction), and [Azure Database for PostgreSQL](https://docs.microsoft.com/azure/postgresql/). Your choice of the database technology should be based on the following requirements for the Spring Petclinic application: -* The target database service should simplify the migration path from the on-premises MySQL deployment. +* The target database service should simplify the migration path from the on-premises MySQL and PostgreSQL deployment. * The target database service must support automatic backups. * The target database service needs to support automatic patching. -Based on these requirements, you decided to use Azure Database for MySQL Flexible Server. +Based on these requirements, you will be having two options, either you can use PostgreSQL or MySQL based on your preference. diff --git a/docs/01_lab_plan/0104.md b/docs/01_lab_plan/0104.md index 41af7ab..4c69308 100644 --- a/docs/01_lab_plan/0104.md +++ b/docs/01_lab_plan/0104.md @@ -23,7 +23,7 @@ In case you chose to use Azure Spring Apps, you have the option to deploy Azure In case you chose AKS as the hosting platform, you will need at least one subnet in a virtual network to run the nodes of your AKS cluster. This subnet for now can be small, such as `/26`, which allows for a total of 64 IP addresses (although some of them are pre-allocated for the platform use). -The Azure Database for MySQL deployment will not require any virtual network connectivity for the first phase of the migration of the application. This will also change in one of the subsequent exercises, when you will implement additional security measures to protect the full application stack. +The Azure Database for MySQL or PostgreSQL deployment will not require any virtual network connectivity for the first phase of the migration of the application. This will also change in one of the subsequent exercises, when you will implement additional security measures to protect the full application stack. ## Are there any supporting services you would need for running the application? diff --git a/docs/02_lab_migrate/0201.md b/docs/02_lab_migrate/0201.md index eb59573..f8fbf82 100644 --- a/docs/02_lab_migrate/0201.md +++ b/docs/02_lab_migrate/0201.md @@ -53,7 +53,7 @@ As a first step you will need to create your Azure Container Apps (ACA) environm az provider register --namespace Microsoft.OperationalInsights ``` -1. Run the following commands to create a resource group that will contain all of your resources (replace the `` placeholder with the name of any Azure region in which you can create an ACA and an Azure Database for MySQL Flexible Server instance, see [this page](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=container-apps) for regional availability details of those services: +1. Run the following commands to create a resource group that will contain all of your resources (replace the `` placeholder with the name of any Azure region in which you can create an ACA and an Azure Database for MySQL or PostgreSQL Flexible Server instance, see [this page](https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=container-apps) for regional availability details of those services: ```bash UNIQUEID=$(openssl rand -hex 3) diff --git a/docs/02_lab_migrate/0203.md b/docs/02_lab_migrate/0203.md index 5c823b1..5602111 100644 --- a/docs/02_lab_migrate/0203.md +++ b/docs/02_lab_migrate/0203.md @@ -1,7 +1,7 @@ --- -title: '3. MySQL database' +title: '3.1 MySQL database' layout: default -nav_order: 3 +nav_order: 4 parent: 'Lab 2: Migrate to Azure Container Apps' --- diff --git a/docs/02_lab_migrate/0203_postgres_application.yaml b/docs/02_lab_migrate/0203_postgres_application.yaml new file mode 100644 index 0000000..baf3e20 --- /dev/null +++ b/docs/02_lab_migrate/0203_postgres_application.yaml @@ -0,0 +1,80 @@ +# COMMON APPLICATION PROPERTIES + +# embedded database init, supports PostgreSQL too trough the 'PostgreSQL' spring profile +spring: +datasource: + url: jdbc:postgresql://.database.azure.com:5432/petclinic?sslmode=require + username: myadmin + password: +sql: + init: + schema-locations: classpath*:db/postgres/schema.sql + data-locations: classpath*:db/postgres/data.sql + mode: ALWAYS +jms: + queue: + visits-requests: visits-requests + visits-confirmations: visits-confirmations + servicebus: + enabled: false # disable messaging support by default + namespace: ${SERVICEBUS_NAMESPACE} + pricing-tier: premium + passwordless-enabled: true + credential: + managed-identity-enabled: true + client-id: ${CLIENT_ID} +sleuth: + sampler: + probability: 1.0 +cloud: + config: + # Allow the microservices to override the remote properties with their own System properties or config file + allow-override: true + # Override configuration with any local property source + override-none: true +jpa: + open-in-view: false + hibernate: + ddl-auto: none + show-sql: true + +# Spring Boot 1.5 makes actuator secure by default +management.security.enabled: false +# Enable all Actuators and not only the two available by default /health and /info starting Spring Boot 2.0 +management.endpoints.web.exposure.include: "*" + +# Temporary hack required by the Spring Boot 2 / Spring Cloud Finchley branch +# Waiting issue https://github.com/spring-projects/spring-boot/issues/13042 +spring.cloud.refresh.refreshable: false + +# Logging +logging.level.org.springframework: INFO + +# enable health probes +management.health.livenessState.enabled: true +management.health.readinessState.enabled: true +management.endpoint.health.probes.enabled: true + +# Metrics +management: +endpoint: + metrics: + enabled: true + prometheus: + enabled: true +endpoints: + web: + exposure: + include: '*' +metrics: + export: + prometheus: + enabled: true +eureka: +client: + serviceUrl: + defaultZone: http://discovery-server:8761/eureka/ + enableSelfPreservation: true + registryFetchIntervalSeconds: 20 +instance: + preferIpAddress: true \ No newline at end of file diff --git a/docs/02_lab_migrate/0203_postgresql.md b/docs/02_lab_migrate/0203_postgresql.md new file mode 100644 index 0000000..c1f9349 --- /dev/null +++ b/docs/02_lab_migrate/0203_postgresql.md @@ -0,0 +1,101 @@ +--- +title: '3.2 PostgreSQL database [OPTIONAL]' +layout: default +nav_order: 3 +parent: 'Lab 2: Migrate to Azure Container Apps' +--- + +# Create an Azure PostgreSQL Database service + +You now have the compute service that will host your applications and the config server that will be used by your migrated application. Before you start deploying individual microservices as Azure Container Apps, you need to first create an Azure Database for PostgreSQL Flexible Server-hosted database for them. To accomplish this, you can use the following guidance: + +- [Quickstart: Create an Azure Database for PostgreSQL Flexible Server using Azure CLI](https://learn.microsoft.com/azure/PostgreSQL/flexible-server/quickstart-create-server-cli). + +You will also need to update the config for your applications to use the newly provisioned PostgreSQL Server. This will involve updating the application.yml config file in your private git config repo with the values provided in the PostgreSQL Server connection string. + +Your PostgreSQL database will also have a firewall enabled. This firewall will by default block all incoming calls. You will need to open this firewall in case you want to connect to it from your microservices running in the ACA environment. + +## Step by step guidance + +1. Run the following commands to create an instance of PostgreSQL Flexible server. Note that the name of the server must be globally unique, so adjust it accordingly in case the randomly generated name is already in use. Keep in mind that the name can contain only lowercase letters, numbers and hyphens. In addition, replace the `` placeholder with a complex password and record its value. + {: .note } + > Here we use PostgreSQL admin password for apps to connect to sql server, this is for demo/test/learn purpose, not recommand in production environment. Please refer to [Lab 04: Connect to Database securely using identity](https://azure-samples.github.io/java-microservices-aca-lab/docs/04_lab_secrets/04_openlab_secrets_aca.html) for the secured managed identity solution. + + ```bash + POSTGRES_SERVER_NAME=postgres-$APPNAME-$UNIQUEID + POSTGRES_ADMIN_USERNAME=sqladmin + POSTGRES_ADMIN_PASSWORD="" + DATABASE_NAME=petclinic + + az postgres flexible-server create \ + --admin-user myadmin \ + --admin-password "$POSTGRES_ADMIN_PASSWORD" \ + --name "$POSTGRES_SERVER_NAME" \ + --resource-group "$RESOURCE_GROUP" + ``` + + {: .note } + > During the creation you will be asked whether access for your IP address should be added and whether access for all IP's should be added. Answer `n` for no on both questions. + + {: .note } + > In case this statement fails with the message `ERROR: Unable to prompt for confirmation as no tty available`, add the `--yes` flag to the above statement. This will auto-install any missing resource providers. + + {: .note } + > Wait for the provisioning to complete. This might take about 3 minutes. + +1. Once the Azure Database for PostgreSQL Flexible Server instance gets created, it will output details about its settings. In the output, you will find the server connection string. Record its value since you will need it later in this exercise. + +1. Run the following commands to create a database in the Azure Database for PostgreSQL Flexible Server instance. + + ```bash + az postgres flexible-server db create \ + --server-name $POSTGRES_SERVER_NAME \ + --resource-group $RESOURCE_GROUP \ + -d $DATABASE_NAME + ``` + +1. You will also need to allow connections to the server from your ACA environment. For now, to accomplish this, you will create a server firewall rule to allow inbound traffic from all Azure Services. + + Check the status of your sql server + ![SQL Server Networking](../../images/sql-server-manage-firewall.png) + + Checking `Allow Azure services and resources to access this server` adds an IP based firewall rule with start and end IP address of `0.0.0.0`, See [Connections from inside Azure](https://learn.microsoft.com/en-us/azure/azure-sql/database/firewall-configure?view=azuresql#connections-from-inside-azure). + + This way your apps running in Azure Container Apps will be able to reach the PostgreSQL database. In one of the upcoming exercises, you will restrict this connectivity to limit it exclusively to the apps hosted by your ACA. + + ```bash + az postgres flexible-server firewall-rule create \ + --rule-name allAzureIPs \ + --name $POSTGRES_SERVER_NAME \ + --resource-group $RESOURCE_GROUP \ + --start-ip-address 0.0.0.0 --end-ip-address 0.0.0.0 + ``` + + Check the sql server firewall rules with command + ```bash + az postgres flexible-server firewall-rule list \ + --name $POSTGRES_SERVER_NAME \ + --resource-group $RESOURCE_GROUP \ + ``` + +1. From the Git Bash window, in the config repository you cloned locally, use your favorite text editor to open the _application.yml_ file. Replace the full contents of the _application.yml_ file with the contents of [this application.yml](0203_postgres_application.yaml) file. The updated _application.yml_ file includes the following changes: + + * It removes the default `0` value for the `server.port` on line 5. + * It changes the default `spring.sql.init` values to use `PostgreSQL` configuration on lines 15 to 19. + * It adds a `spring.datasource` property for your PostgreSQL database on lines 10 to 14. + * It adds extra `eureka` config on lines 61 to 66. + * It removes the `chaos-monkey` and `PostgreSQL` profiles. + +1. In the part you pasted, update the values of the target datasource endpoint on line 6, the corresponding admin user account on line 7, and its password on line 8 to match your configuration. Set these values by using the information in the Azure Database for PostgreSQL Flexible Server connection string you recorded earlier in this task. + +1. Save the changes and push the updates you made to the _application.yml_ file to your private GitHub repo by running the following commands from the Git Bash prompt: + + ```bash + git add . + git commit -m 'azure postgres info' + git push + ``` + + {: .note } + > At this point, the admin account user name and password are stored in clear text in the application.yml config file. In one of upcoming exercises, you will remediate this potential vulnerability by removing clear text credentials from your configuration. + \ No newline at end of file diff --git a/docs/02_lab_migrate/0204.md b/docs/02_lab_migrate/0204.md index e716108..ab0bdb6 100644 --- a/docs/02_lab_migrate/0204.md +++ b/docs/02_lab_migrate/0204.md @@ -1,7 +1,7 @@ --- title: '4. Java Components' layout: default -nav_order: 4 +nav_order: 5 parent: 'Lab 2: Migrate to Azure Container Apps' --- diff --git a/docs/02_lab_migrate/0205.md b/docs/02_lab_migrate/0205.md index 0faa26b..01d00b0 100644 --- a/docs/02_lab_migrate/0205.md +++ b/docs/02_lab_migrate/0205.md @@ -1,7 +1,7 @@ --- title: '5. Deploy to ACA' layout: default -nav_order: 5 +nav_order: 6 parent: 'Lab 2: Migrate to Azure Container Apps' --- @@ -66,7 +66,7 @@ Make sure the api-gateway and admin-server microservices have public IP addresse --runtime java ``` -1. Wait for the provisioning to finish, now you can create the other microservices, `customers`, `vets` and `visits`. These will be internal microservices, exposed by the `api-gateway`. Since these microservices connect to the MySQL database, you will also assign them the user assigned managed identity. +1. Wait for the provisioning to finish, now you can create the other microservices, `customers`, `vets` and `visits`. These will be internal microservices, exposed by the `api-gateway`. Since these microservices connect to the MySQL or PostgreSQL database, you will also assign them the user assigned managed identity. ```bash APP_NAME=customers-service diff --git a/docs/02_lab_migrate/0206.md b/docs/02_lab_migrate/0206.md index 9a745b9..6372e18 100644 --- a/docs/02_lab_migrate/0206.md +++ b/docs/02_lab_migrate/0206.md @@ -1,7 +1,7 @@ --- title: '6. Test' layout: default -nav_order: 6 +nav_order: 7 parent: 'Lab 2: Migrate to Azure Container Apps' --- @@ -48,15 +48,23 @@ You will need to look for the `properties.configuration.ingress.fqdn` property. You now have the Spring Petclinic application running properly on Azure Container Apps. -1. In case you are not seeing any data in your application, you can troubleshoot this issue by interactively connecting to your MySQL Flexible Server and querying your databases and tables. +1. In case you are not seeing any data in your application, you can troubleshoot this issue by interactively connecting to your MySQL or PostgreSQL Flexible Server and querying your databases and tables. ```bash - az mysql flexible-server connect -n $MYSQL_SERVER_NAME -u myadmin -p $MYSQL_ADMIN_PASSWORD --interactive + az mysql flexible-server connect -n $MySQL_SERVER_NAME -u myadmin -p $MySQL_ADMIN_PASSWORD --interactive show databases; use petclinic; show tables; select * from owners; ``` + ```bash + az postgres flexible-server connect -n $POSTGRES_SERVER_NAME -u myadmin -p $POSTGRES_ADMIN_PASSWORD --interactive + show databases; + use petclinic; + show tables; + select * from owners; + + {: .note } - > For the MySQL Flexible Server connection to work, you will need to have your local IP address added to the MySQL Flexible Server firewall. + > For the MySQL or PostgreSQL Flexible Server connection to work, you will need to have your local IP address added to the MySQL or PostgreSQL Flexible Server firewall. diff --git a/docs/02_lab_migrate/0207.md b/docs/02_lab_migrate/0207.md index c779c2e..012c24f 100644 --- a/docs/02_lab_migrate/0207.md +++ b/docs/02_lab_migrate/0207.md @@ -1,7 +1,7 @@ --- title: '7. Review' layout: default -nav_order: 7 +nav_order: 8 parent: 'Lab 2: Migrate to Azure Container Apps' --- @@ -11,7 +11,7 @@ In this lab, you migrated your existing Spring Petclinic microservices applicati - Create an Azure Container Apps environment - Set up a configuration repository -- Created an Azure MySQL Database service +- Created an Azure MySQL or PostgreSQL Database service - Created the config and discovery server as java components on ACA - Deployed the microservices of the Spring Petclinic app as Azure container apps - Tested the application through the publicly available endpoint diff --git a/docs/02_lab_migrate/02_openlab_setup_aca.md b/docs/02_lab_migrate/02_openlab_setup_aca.md index 10cf5b8..f081b8e 100644 --- a/docs/02_lab_migrate/02_openlab_setup_aca.md +++ b/docs/02_lab_migrate/02_openlab_setup_aca.md @@ -19,7 +19,7 @@ After you complete this lab, you will be able to: - Create an Azure Container Apps environment - Set up a configuration repository -- Create an Azure MySQL Database service +- Create an Azure MySQL or PostgreSQL Database service - Create the java components for your config and discovery server - Deploy the microservices of the Spring Petclinic app to ACA and bind them to java components - Test the application through the publicly available endpoint @@ -38,7 +38,7 @@ During the process you'll: - Create an Azure Container Apps environment - Set up a configuration repository -- Create an Azure MySQL Database service +- Create an Azure MySQL or PostgreSQL Database service - Create the java components for your config and discovery server - Deploy the microservices of the Spring Petclinic app to ACA and bind them to java components - Test the application through the publicly available endpoint From 381cd96cebc0981c9991348766f5cf0a7b5c09ea Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Wed, 30 Oct 2024 11:46:00 +0000 Subject: [PATCH 08/11] updated with postgres implementation --- docs/04_lab_secrets_postgres/0401_postgres.md | 74 ++++++++++ docs/04_lab_secrets_postgres/0402_postgres.md | 126 ++++++++++++++++++ docs/04_lab_secrets_postgres/0404_postgres.md | 18 +++ .../04_openlab_secrets_aca.md | 42 ++++++ docs/05_lab_openai/05_openlab_openai_aca.md | 2 +- .../06_openlab_automation.md | 2 +- docs/07_lab_security/0704.md | 71 ++++++++++ docs/07_lab_security/0706.md | 2 +- .../07_openlab_security_aca.md | 2 +- .../08_openlab_private_endpoints_aca.md | 2 +- .../09_openlab_messaging_aca.md | 2 +- .../10_reliable_java_aca.md | 2 +- docs/11_lab_scale/11_openlab_scale_aca.md | 2 +- images/postgres-enable.png | Bin 0 -> 141213 bytes 14 files changed, 339 insertions(+), 8 deletions(-) create mode 100644 docs/04_lab_secrets_postgres/0401_postgres.md create mode 100644 docs/04_lab_secrets_postgres/0402_postgres.md create mode 100644 docs/04_lab_secrets_postgres/0404_postgres.md create mode 100644 docs/04_lab_secrets_postgres/04_openlab_secrets_aca.md create mode 100644 images/postgres-enable.png diff --git a/docs/04_lab_secrets_postgres/0401_postgres.md b/docs/04_lab_secrets_postgres/0401_postgres.md new file mode 100644 index 0000000..9a1cee2 --- /dev/null +++ b/docs/04_lab_secrets_postgres/0401_postgres.md @@ -0,0 +1,74 @@ +--- +title: '1. Create db admin account' +layout: default +nav_order: 1 +parent: 'Lab 4: Connect to Database securely using identity [PostgreSQL]' +--- + +# Create a database administrator account + +You are already using a managed Identity to connect to the Azure Container Registry. You can use this same identity to also connect to the database. This will allow you to remove the username and password from the config repository. + +- [Configure passwordless database connections for Java apps](https://learn.microsoft.com/azure/developer/java/ee/how-to-configure-passwordless-datasource?toc=%2Fazure%2Fdeveloper%2Fintro%2Ftoc.json&bc=%2Fazure%2Fdeveloper%2Fintro%2Fbreadcrumb%2Ftoc.json&tabs=postgresql-passwordless-flexible-server) + +## Step by step guidance + +1. Before creating the administrator account, you need to enable Microsoft Entra Authentication from the portal. + +1. In the Azure Portal, navigate to your PostgreSQL server page. + +1. On your PostgreSQL page, select Authentication (1) from left menu under security, check PostgreSQL and Microsoft Entra authentication (2) option and save it using the Save (3) option from top menu. + + ![](/images/postgres-enable.png) + +1. You will need to allow the user assigned managed identity access to the database. To configure this, you will need to first make your current logged in user account database administrator. For this to work on a PostgreSQL database you first need an additional managed identity. + + ```bash + DB_ADMIN_USER_ASSIGNED_IDENTITY_NAME=uid-dbadmin-$APPNAME-$UNIQUEID + + ADMIN_IDENTITY_RESOURCE_ID=$(az identity create \ + --name $DB_ADMIN_USER_ASSIGNED_IDENTITY_NAME \ + --resource-group $RESOURCE_GROUP \ + --query id \ + --output tsv) + ``` + +1. This identity needs to be assigned to your PostgreSQL server. + + ```bash + az postgres flexible-server identity assign \ + --resource-group $RESOURCE_GROUP \ + --server-name $POSTGRES_SERVER_NAME \ + --identity $DB_ADMIN_USER_ASSIGNED_IDENTITY_NAME + + + az postgres flexible-server identity list \ + --resource-group $RESOURCE_GROUP \ + --server-name $POSTGRES_SERVER_NAME + ``` + +1. Get the current logged in user and object ID. This will give you the info of the user account you are currently logged in with in the Azure CLI. + + ```bash + CURRENT_USER=$(az account show --query user.name --output tsv) + echo $CURRENT_USER + CURRENT_USER_OBJECTID=$(az ad signed-in-user show --query id --output tsv) + echo $CURRENT_USER_OBJECTID + ``` + +1. Next you create a database administrator based on your current user account. + + ```bash + az postgres flexible-server ad-admin create \ + --resource-group $RESOURCE_GROUP \ + --server-name $POSTGRES_SERVER_NAME \ + --object-id $CURRENT_USER_OBJECTID \ + --display-name $CURRENT_USER \ + + DB_ID=$(az postgres flexible-server db show \ + --server-name $POSTGRES_SERVER_NAME \ + --resource-group $RESOURCE_GROUP \ + -d $DATABASE_NAME \ + --query id \ + -o tsv) + ``` \ No newline at end of file diff --git a/docs/04_lab_secrets_postgres/0402_postgres.md b/docs/04_lab_secrets_postgres/0402_postgres.md new file mode 100644 index 0000000..da6f040 --- /dev/null +++ b/docs/04_lab_secrets_postgres/0402_postgres.md @@ -0,0 +1,126 @@ +--- +title: '2. Create service connections' +layout: default +nav_order: 2 +parent: 'Lab 4: Connect to Database securely using identity [PostgreSQL]' +--- + +# Create service connections from the microservices to the database server + +The apps deployed as the Spring Petclinic microservices will now connect using a service connector to the PostgreSQL Flexible server. A service connector will set up the needed environment variables the service needs to make the connection. You can use the following guidance to create a service connector: + +- [Connect an Azure Database for PostgreSQL instance to your application in Azure Container Apps](https://learn.microsoft.com/azure/service-connector/quickstart-portal-container-apps?tabs=SMI). + +The following three apps of your application use the database hosted by the Azure Database for PostgreSQL Flexible Server instance, so they will need to be assigned a service connector: + +- `customers-service` +- `vets-service` +- `visits-service` + +Since each of these apps already has a user assigned managed identity assigned to them, you will make use of this same identity to get access to the database. + +## Step by step guidance + +1. For creating a service connector you will need to add the `serviceconnector-passwordless` extension: + + ```bash + az extension add --name serviceconnector-passwordless --upgrade + ``` + +1. You will also need your subscription ID for creating the service connections: + + ```bash + SUBID=$(az account show --query id -o tsv) + ``` + +1. You will also need resource ID of the apps: + + ```bash + CUSTOMERS_ID=$(az containerapp show \ + --resource-group $RESOURCE_GROUP \ + --name customers-service \ + --query id \ + -o tsv) + + VISITS_ID=$(az containerapp show \ + --resource-group $RESOURCE_GROUP \ + --name visits-service \ + --query id \ + -o tsv) + + VETS_ID=$(az containerapp show \ + --resource-group $RESOURCE_GROUP \ + --name vets-service \ + --query id \ + -o tsv) + ``` + +1. Create now the service connections for the `customers-service`. For this you also need the client ID of the identity you created earlier. + + ```bash + CLIENT_ID=$(az identity show --resource-group $RESOURCE_GROUP --name $ACA_IDENTITY --query 'clientId' --output tsv) + echo $CLIENT_ID + az containerapp connection create postgres-flexible \ + --connection postgres_conn \ + --source-id $CUSTOMERS_ID \ + --target-id $DB_ID \ + --client-type SpringBoot \ + --user-identity client-id=$CLIENT_ID subs-id=$SUBID \ + -c customers-service + ``` + +1. You can test the validity of this new connection with the `validate` command: + + ```bash + CUSTOMERS_CONN_ID=$(az containerapp connection list \ + --resource-group $RESOURCE_GROUP \ + --name customers-service \ + --query [].id -o tsv) + + az containerapp connection validate \ + --id $CUSTOMERS_CONN_ID + ``` + + The output of this command should show that the connection was made successful. + +1. In the same way create the service connections for the `vets-service` and `visits-service`: + + ```bash + az containerapp connection create postgres-flexible \ + --connection postgres_conn \ + --source-id $VETS_ID \ + --target-id $DB_ID \ + --client-type SpringBoot \ + --user-identity client-id=$CLIENT_ID subs-id=$SUBID \ + -c vets-service + + az containerapp connection create postgres-flexible \ + --connection postgres_conn \ + --source-id $VISITS_ID \ + --target-id $DB_ID \ + --client-type SpringBoot \ + --user-identity client-id=$CLIENT_ID subs-id=$SUBID \ + -c visits-service + ``` + +1. You can test the validity of this new connection with the `validate` command: + + ```bash + VETS_CONN_ID=$(az containerapp connection list \ + --resource-group $RESOURCE_GROUP \ + --name vets-service \ + --query [].id -o tsv) + + az containerapp connection validate \ + --id $VETS_CONN_ID + + VISITS_CONN_ID=$(az containerapp connection list \ + --resource-group $RESOURCE_GROUP \ + --name visits-service \ + --query [].id -o tsv) + + az containerapp connection validate \ + --id $VISITS_CONN_ID + ``` + +1. In the Azure Portal, navigate to your `customers-service` container app. In the `customers-service` app, select the `Service Connector` menu item. Notice in this screen you can see the details of your service connector. Notice that the service connector has all the config values set like `spring.datasource.url`, `spring.datasource.username`, but for instance no `spring.datasource.password`. These values get turned into environment variables at runtime for your app. Instead of `spring.datasource.password` it has a `spring.cloud.azure.credential.client-id`, which is the client ID of your managed identity. It also defines 2 additional variables `spring.datasource.azure.passwordless-enabled` and `spring.cloud.azure.credential.managed-identity-enabled` for enabling the passwordless connectivity. \ No newline at end of file diff --git a/docs/04_lab_secrets_postgres/0404_postgres.md b/docs/04_lab_secrets_postgres/0404_postgres.md new file mode 100644 index 0000000..08ff0f7 --- /dev/null +++ b/docs/04_lab_secrets_postgres/0404_postgres.md @@ -0,0 +1,18 @@ +--- +title: '3. Review' +layout: default +nav_order: 3 +parent: 'Lab 4: Connect to Database securely using identity [PostgreSQL]' +--- + +# Review + +In this lab, you secured the secrets of your Spring Petclinic microservices application in Azure. In this lab you have + +- Created a database administrator account +- Created service connections from the microservices to the database server +- Updated the applications to use passwordless connectivity + +The below image illustrates the end state you have build in this lab. + +![lab 4 overview](../../images/acalab4.png) diff --git a/docs/04_lab_secrets_postgres/04_openlab_secrets_aca.md b/docs/04_lab_secrets_postgres/04_openlab_secrets_aca.md new file mode 100644 index 0000000..4cedead --- /dev/null +++ b/docs/04_lab_secrets_postgres/04_openlab_secrets_aca.md @@ -0,0 +1,42 @@ +--- +title: 'Lab 4: Connect to Database securely using identity [PostgreSQL]' +layout: default +nav_order: 7 +has_children: true +--- + +# Lab 04: Connect to Database securely using identity + +# Student manual + +## Lab scenario + +Your team is now running a first version of the spring-petclinic microservice application in Azure. However you don't like the fact that your application secrets live directly in configuration code. You would like to have a better way to protect application secrets like your database connection string . In this lab you will better protect your application secrets. + +## Objectives + +After you complete this lab, you will be able to: + +- Create a database administrator account +- Create service connections from the microservices to the database server +- Update the applications to use passwordless connectivity + +The below image illustrates the end state you will be building in this lab. + +![lab 4 overview](../../images/acalab4.png) + +## Lab Duration + +- **Estimated Time**: 60 minutes + +## Instructions + +During this lab, you will: + + +- Create a database administrator account +- Create service connections from the microservices to the database server +- Update the applications to use passwordless connectivity + +{: .note } +> The instructions provided in this exercise assume that you successfully completed the previous exercise and are using the same lab environment, including your Git Bash session with the relevant environment variables already set. diff --git a/docs/05_lab_openai/05_openlab_openai_aca.md b/docs/05_lab_openai/05_openlab_openai_aca.md index a0b4934..e65af4d 100644 --- a/docs/05_lab_openai/05_openlab_openai_aca.md +++ b/docs/05_lab_openai/05_openlab_openai_aca.md @@ -1,7 +1,7 @@ --- title: 'Lab 5: Integrate with Azure OpenAI' layout: default -nav_order: 7 +nav_order: 8 has_children: true --- diff --git a/docs/06_lab_automation/06_openlab_automation.md b/docs/06_lab_automation/06_openlab_automation.md index 2e6cd61..d6f57c7 100644 --- a/docs/06_lab_automation/06_openlab_automation.md +++ b/docs/06_lab_automation/06_openlab_automation.md @@ -1,7 +1,7 @@ --- title: 'Lab 6: Deploy to Azure automatically' layout: default -nav_order: 8 +nav_order: 9 has_children: true --- diff --git a/docs/07_lab_security/0704.md b/docs/07_lab_security/0704.md index 8f3507f..200191a 100644 --- a/docs/07_lab_security/0704.md +++ b/docs/07_lab_security/0704.md @@ -225,6 +225,8 @@ For making use of internal networking and getting a private inbound IP address f -o tsv) ``` +### For MySQL Setup + 1. Recreate now the service connection for the `customers-service`. ```bash @@ -291,6 +293,75 @@ For making use of internal networking and getting a private inbound IP address f --id $VISITS_CONN_ID ``` +### For PostgreSQL Setup + +1. Recreate now the service connection for the `customers-service`. + + ```bash + az containerapp connection create Postgres-flexible \ + --connection Postgres_conn \ + --source-id $CUSTOMERS_ID \ + --target-id $DB_ID \ + --client-type SpringBoot \ + --user-identity client-id=$CLIENT_ID subs-id=$SUBID \ + -c customers-servicee + ``` + +1. You can test the validity of this new connection with the `validate` command: + + ```bash + CUSTOMERS_CONN_ID=$(az containerapp connection list \ + --resource-group $RESOURCE_GROUP \ + --name customers-service \ + --query [].id -o tsv) + + az containerapp connection validate \ + --id $CUSTOMERS_CONN_ID + ``` + + The output of this command should show that the connection was made successful. + +1. In the same way create the service connections for the `vets-service` and `visits-service`: + + ```bash + az containerapp connection create Postgres-flexible \ + --connection Postgres_conn \ + --source-id $VETS_ID \ + --target-id $DB_ID \ + --client-type SpringBoot \ + --user-identity client-id=$CLIENT_ID subs-id=$SUBID \ + -c vets-service + + az containerapp connection create Postgres-flexible \ + --connection Postgres_conn \ + --source-id $VISITS_ID \ + --target-id $DB_ID \ + --client-type SpringBoot \ + --user-identity client-id=$CLIENT_ID subs-id=$SUBID \ + -c visits-service + ``` + +1. You can test the validity of this new connection with the `validate` command: + + ```bash + VETS_CONN_ID=$(az containerapp connection list \ + --resource-group $RESOURCE_GROUP \ + --name vets-service \ + --query [].id -o tsv) + + az containerapp connection validate \ + --id $VETS_CONN_ID + + VISITS_CONN_ID=$(az containerapp connection list \ + --resource-group $RESOURCE_GROUP \ + --name visits-service \ + --query [].id -o tsv) + + az containerapp connection validate \ + --id $VISITS_CONN_ID + ``` + + #### Rebuild with azd automation 1. edit parameter file `infra/bicep/main.parameters.json`, add new parameter diff --git a/docs/07_lab_security/0706.md b/docs/07_lab_security/0706.md index 69bb787..7966327 100644 --- a/docs/07_lab_security/0706.md +++ b/docs/07_lab_security/0706.md @@ -56,4 +56,4 @@ You now have completed all steps required to test whether your application is ac 1. On your lab computer, start a web browser and, in the web browser window navigate to the URL that consists of the `https://` prefix followed by the custom DNS name you specified when updating the local hosts file. Your browser may display a warning notifying you that your connection is not private, but this is expected since you are relying on self-signed certificate. Acknowledge the warning but proceed to displaying the target web page. You should be able to see the PetClinic application start page again. {: .note } - > While the connection to the MySQL database should be working at this point, keep in mind that this connectivity is established via a its public endpoint, rather than the private one. You will remediate this in the next exercise of this lab. + > While the connection to the MySQL or PostgreSQL database should be working at this point, keep in mind that this connectivity is established via a its public endpoint, rather than the private one. You will remediate this in the next exercise of this lab. diff --git a/docs/07_lab_security/07_openlab_security_aca.md b/docs/07_lab_security/07_openlab_security_aca.md index 70ecc62..260e80f 100644 --- a/docs/07_lab_security/07_openlab_security_aca.md +++ b/docs/07_lab_security/07_openlab_security_aca.md @@ -1,7 +1,7 @@ --- title: 'Lab 7: Protect endpoints using Web Application Firewalls' layout: default -nav_order: 9 +nav_order: 10 has_children: true --- diff --git a/docs/08_lab_private/08_openlab_private_endpoints_aca.md b/docs/08_lab_private/08_openlab_private_endpoints_aca.md index 4afd2a4..eb2e990 100644 --- a/docs/08_lab_private/08_openlab_private_endpoints_aca.md +++ b/docs/08_lab_private/08_openlab_private_endpoints_aca.md @@ -1,7 +1,7 @@ --- title: 'Lab 8: Secure MySQL database and Key Vault using a Private Endpoint' layout: default -nav_order: 10 +nav_order: 11 has_children: true --- diff --git a/docs/09_lab_messaging/09_openlab_messaging_aca.md b/docs/09_lab_messaging/09_openlab_messaging_aca.md index 5c0ac36..2561c9a 100644 --- a/docs/09_lab_messaging/09_openlab_messaging_aca.md +++ b/docs/09_lab_messaging/09_openlab_messaging_aca.md @@ -1,7 +1,7 @@ --- title: 'Lab 9: Send messages between microservices' layout: default -nav_order: 11 +nav_order: 12 has_children: true --- diff --git a/docs/10_lab_reliable_application/10_reliable_java_aca.md b/docs/10_lab_reliable_application/10_reliable_java_aca.md index 58a9448..9af84ec 100644 --- a/docs/10_lab_reliable_application/10_reliable_java_aca.md +++ b/docs/10_lab_reliable_application/10_reliable_java_aca.md @@ -1,7 +1,7 @@ --- title: 'Lab 10: Build reliable Java application on ACA' layout: default -nav_order: 12 +nav_order: 13 has_children: true --- diff --git a/docs/11_lab_scale/11_openlab_scale_aca.md b/docs/11_lab_scale/11_openlab_scale_aca.md index ff32eab..f81fb4f 100644 --- a/docs/11_lab_scale/11_openlab_scale_aca.md +++ b/docs/11_lab_scale/11_openlab_scale_aca.md @@ -1,7 +1,7 @@ --- title: 'Lab 11: Set up autoscaling for microservices on ACA' layout: default -nav_order: 13 +nav_order: 14 has_children: true --- diff --git a/images/postgres-enable.png b/images/postgres-enable.png new file mode 100644 index 0000000000000000000000000000000000000000..b1777a3989a50cc3f6676b6785fdc8bf7f2b3372 GIT binary patch literal 141213 zcmYg&bzD^2`}H6yk}60@s+4qhsR&3*cXxM}g&^G_r6LU7J(P4KF@(d=Lw7gt=3ejj z_x_=NJTr67+54&Wto5Ap<*kAgE*2>k1Oma8e)C!x0=eA{f!tEOcNZKnxB6%U{=sy7 zqvZmD;I-ZSL5pX?BLfF9T&3kDFjlZI?h`(&zKjX`=a7V^>q|FRO9y92Zc*PGa0tg0 z9C~f$V&ZJ&=xXI)4yLQutAutZAf)Dn z#G?mylpYZKtG$@?5yv)rgvEk{$$vdPr#`B(iovTR89YCnhc8aK40>(Jr^G-lav)5v z?mhkV;NQQdnz?Rkk9TOK z>HhCyd(Rjeg8w@=pRjZc=Kn4fOqNdb|6c`HQ3Z*1?`e?%F zX0au5zDGCBA>ZIn-5ta&p<*3RgrUVIEaKPWc#|(Ofih-7*~)}*0{)d09{zn-7e6k! ztw(EcII#Y`R@D*O3cd1$#xZ>ce#gwDE}*-7n^%Eh2)_;t5MOU*xt}_XpUvSGhn7*(`(%mlBsV z7B;4SEGP1HKmU8_aWZh9PVp!EgJQwK{CF>V6ADSVE!iQ0X%T~B*Q(OiIApvZB*RG) zVPa{liGyMWs&kt}#oW@F^8}_S3N?2WCg*tQu8_m{>Hct_wXD4WUBh$LC1wtFeg^Y) zYqd#uf8>bPkHVZvoACz(F7K}{9kN}Pi?T4!zV0qW&baIvgB&US5ZCpwh7U2O-i;S~T+BqWfmJreE6?^L zI`!zgQqxo#-MV{(J``Bit}B^Fd};i!++MlO|AATTG(KaeOwpfEWJyy!N{&hA$HwtY zfYI?*+U+}c;+doqQc`*&#r%tfsrYvkT3W0PoO}r9s%QMox2KV}F@kh8q{}h_^ra*v z?_QqY|7O(Mqu`mS=j@D6#(VKua-rk$IP!JATk%%ZzuQ_uEnQ~QR%#+uY5J{POKvb|mb$V9T+{o3=PyZSP*$nrsx|Ok{cP4+$#RbX0R`Mhj+X zjAR_4=(woYQqmI_9%LCeb#IZXx;oMRQonk7wdGKmOpIwFYrEs=o>`sSy8f!4S{9du zLgol+xJVBp$i%?6G-+j}d^ArjUpv+m=CS?Ls8w>bNUyU zUnCeq1H1cLBF%W{N905qii*sN z#+9R0841$_-JWvpz0Nv{WdnD!-EFI@Nx_$lpYFD!wv&5`Zb476PUnK)1=@%5 z@dv2&^-c|g!h#+5%Zm%9EM$u=+myp`U%Sb;U7Q`U-1x3q+Hj}Z*Y>l}2xcbxv!9ox z7tvN(I*A4KdwY8|j!#J|wfj4%0tO~ZslSAV(h3P-8yGantRLUF+v+ge%FOkW%zCDv z@A;5ax|*Jx7zSEsr+y0p84oXx%Tz1lOK#@k7LgW`RH;`H#0`$g`7FH z`&Y}1cgp5ze68x)-k9VHBjY3GtNt*=!DZ3-DJTfT1IhDK`J8B8+sW`6jgynBW}!;x zUq1?7kC?Qb&u0^}Xx^+IsZ-POt@qQV>ya}juoz6Ai@d&U**TXS{`Rt!F(M(~LNj3~ zM#^=}h&S~jm@602&1HdZSe6tl9lChjC2@hji)M8e3MbEfFfS8N_fq{8HtU+Y>3m+r zm&_h%b^*l)M2XDIUg2Ehc6x-Z8=q>vZ_bowY$B>+V`7w%-~Zhuem*|jNZ})r{HF8I z=s`!(`GaoSgQlDhDG2({x10J4(YI*|+z)M!+|mj1O$jST^?~kF3)HB$Q=4m!&#xid%>672?8!lBQOsG zsNLeCsmqMtM-CDkyiO4Pzv38F^p3<_mR#Mprk397H~FKh7ii)(cSRpZM?FyV_WtU8 z0nP9?T<8#^SR<-9#~1RjuVz~R{hdGs+SoQxni*F%D5@h9N>m8ZtUGW~FVfY|tAnhM zT{Z(hn|*M8JW~u+FVt2jKHixV7rwrrfp+TqI^6|UnpiEJx1Fw!o-8-OXr7tLsI&Qjz^~98 zWD$tvRLvJozrCyT?WY0)T2?0WZP3R&Yeq2lk&%(dqP`_%bXs%n`xN{okyazAGq6Mh z|8Su#5>?xcz*-r50oD!!#{x?|VwOa~&+8xa9~x>1auzsC#%&^DDa86ouN)okiCye) zp`oGqULID84myesM;qgl^~JjuLL%h;h=YSTiN^*Hl)w4k3a?%XQ%g-RA9z!G znUWLG$uXC1l@B&H|Nh>pSCw+zxWANA%;_*q4!L{3F%hg?!PNA&qSz$~B_(Bn-Z_(~ zXd~X{^$}vQ{`$%n%He-7WDK<_m3WM2jzF)2v)Y}iux{> zb`~?@o*xRgre$IZ4cov0aop9_)ojQS64YyVVPr;jzN)*e36-wOlL@I!Q_OLw||;6 zmc=9KyKBrf=t8r_<~>fORV2#A#r5V*FotdShpw)B`u<*d$_Y2tNao!nw1?S!(>q1= zI?1IAN6RL%3hGf=^?y}MlB0uOGh}cqNbuU7>6|vJBvn^e@9_%=bU#g>n$mT4aiLhd zRlnE6&Fe6|@_Q?SLg!0_sLgo7kfkc6g@pxEr%WEq8ZL7K8iHyd>7K^qq~Qs`KITU;w-kN_)^o+zl{hC(j>kv9%r&!JM@O6`#Rq`Ki+-`9bq_BFTNs*?QR2xnf={y zu&Q!;JR@&vW;Pk`fUFAy>4aEJOe}#}t4NMmR#DNV2Jho9Lk)9YV&D60+6NEwH3DRv zonuC9x)gm0JB>@Dq8=2FvZTiK_xCHE9UULjb8&s_q@wE0Re`c6W9e73HEMqPWoWoD zfr+=dMBg1k=TmKmXc5}3NA05a5B9XEH}@89eY5U)-i9`w}IX{qGnV#i;;VE%+cg)Y%=PfW++ zDiSTP$LZKK2?c7-K>@E*RBAK-hqLE&V@gV@z?C*AFC{^2w1i9c* zP7M}laiw0__NDNpNQ8>cH=awfTaQx9)V3R|uch?UO?#Tq1zgp>2RR~ZAX`3Qw}(kR zsIq-{Sb6hoc-6JXCskXI{fV%EK=P+go=~wAi-A=0KNS{wSHi$(iFsQf!@UF0Z?P*V zjM1xDKTQbH@!O4%p!A00whnld{>OG>qw#6IPkgvg{WNbHTH5HOq&E%T5i>6Tv^(RR zmD=(jy>TB47}H#zp9hfiOP(FAhE_xQ?qL;bl*x~PQ)rqs-EbDP5r0HfR zk$c=`k@3^=1CDKgRpnB^i@VM^k5i>5)wXD~jDqksE#P?$NrG;5%13MYBhtVmbW69a zta9BC2U7+5Hztb-9zRB#kW3+@#64IqUY{(P)9}CYqEOF|C)R&%>9N$879WUM`l|S*_r-(<><t}2OTV+#psbL5ZYRaB+|fp@pP8uSnogH&Ky_1) zk>Lb@kw106hiT+wIYZvm!h*xR&(r&81HJj`(g)NpY=u;Q&`|Jf3?y@}3P^@~e>z+r z-&@WggIEszpdA!B{-I2NovJ9R)m7&v_8ha!9$Cjk%~Muho-BHKidB2$>*Q2ge|3hF z?(dCtiW#LSdisulJ|Z^i!C>_aYo{$Qmr=_CZB?byLI&{J(lSVOMh4aXa=^EGB>^(& z6&bB;%>+9}vsHYdQ|u`r0q1tRKlI-jeP~k37boDAM-%Y*A*l?*t|+66)8)Hk#Rjs7 zs?B(%pVpOFR8&;3GqH;jtnx{@*3aRdhj2bLombW!VZ;JnoFBl3n=bY7Sx(mnIuArp zAWn8#j|F^=aCmI)3Wi;r?ez}wI~r#6KJ0=x)bBDv6*K0q&ZQUv-cFR7kTGenn(Qw% zC4=M!bB8MUeK|OA9V_N_8!A|0N zbt+9RT$3Rkn@%fS{}=*VpPu5TqUCXeaddSMS>|7MRV!+0`0*%(yJ}sQ<2XaxTZT-e z9&?)B^KbOGMU;jI2jBaEeHqX)I2c)^2LpWyj4@K{rqcX)W;MmlZ8H`&Rj-S;F%t?m z&i08+f1M%JTUB`NjA$0Jnkf>Cs-Zta&Zq)|HBn9K@0um(0oZrRxVsi@RRD)Ko_e|L$I z1bVK?w9N7KBt8ecfXl-m&Xztcn0a~NeKBU_fQ7#PG#;$QZ@-`Orf*70!amrTOrcLt z`YG4XMT%R0I40DWA(j{x<_f^vXW*cEb*|LBNBGgv^bk;}oh&u-;mS}2q;k6&d7*l* zT{Z5{fNPyNqm;%*e@kxdD*MZzOsU8c*HvQSvz6DN_9gQ<@PfO*0Bt*mNe36mz}&VI z_ulR7I2Nd%tmU(H_4lI=#|@0m4m5U;kD+?7qjz?s#*L&r)`CchZP2Q;bsF6Lrco>^ zyxT?tmWKE4S5(k1_WJ?XAv!-N$HyZP4ox5ZFYVQ1v`E80-z56q-_dpJT%%*@sb%2m zb9LXp8_A^{abBJys&$(DFR?-!%4!wj2n(T%+?*ATxB8B1PClhncAXaeVbPHrm|0M5 zCuizEjbESrby=XfOX#*XT6s>5*8B;RU})9Vc4CLg$jAtXT=R?pMr#Gn!!6XVRLa)D zxO0aP){08zg07Bln^Oi{Fx0u0(z?3V>4r&CgTB~krcuOw1X*o+8bm8g_8h5mOHuBuxj`Q1_IH*CrA9#O3_t~^h|f_~K9@-cv*^j} zHK1MwmNNoEx=rWDbT*|tb(o3VHzqpv2b;PYj;Em)yNul2kAQOm$6WaR{bN>0?vK;6 zvw5mnMP(U$4i1ikwIR@D8hE>Izg$*G+dVv#$biz*3fw85>`N}Uc%z^&pKx`FiHXTj z`;oIullkY*tP-mQx-CjyzQ*as997021FxgMCdf3@9p-32Da}KZYkHl?Cp_K>-9^4n z4ASTh$G+iaYQDj(tq^rAM6q88=oLzgPdSA}kXDEyku;cV;nD5Kx_7XTbI|~Jyz97}=JAk(6fq-M;;Tg>~3(3Is8@vxUvlmf_N*fqw-gDvlT;v}$?Lr}7L5&y{ArGQa z7G@rvz(LXTHv15xVtqf$(VWt~i_zRzX5EwYkpRHbkpJmh-r5={F{0jB;_+A=jwfQ# zzU8>8jDx7U#Ga5Oy8w`=$2Cj8;fxWJ6Cq;xVy5vjZH%Sx;=V7$@9ba!)R4FMrd6II zB)qn_)6)r$-?xJH3-lA6_L|lprT5lTcO7l&Ow=73KuEbQyM9U!)>&3Z?_Df*--8xw zNiYotBZkv$3>4LJR=!{g{SJ>`tii(rXUO4EgrknPjA1jbl26P?b`q zB<@|@G6RPahncIB4^Zu_cCp%A{JyYNx1?W@w^57AO#tP)hRsxHTkRGCl z@$~$B1Z3&Ec;s(@Yj^h#&m7V=y|wTow<+*YNNNzw6?IyRpAksnGsm?Rr{9 zT4Q(U`kSrIwztw~XlZ`usUej6qjIp|qA`8)sL!xJWPI^L=J}UrT;|wG1xK;$a7G?V zQpG9wbWWZZRx}JIbkn-2RJlx)JoLT3^q`@qzf25%%P{gtTwJ_YByS$jJU`5O)oC?c zzq@Y=3hy-M7_X-aKknw6VRm`WR(~bi2$nrmy$z|dJ5M|~;0E197!;aV)-ldfJ!Q^^ zHE7EV)6Fd4UiZ-Z(w}m@)DpPwZbr&&3@&TA6!6g>J~x8b8&Hb* z%S{T?@bJJ_eI)#Eowi}>AoUv-m)tVE;`Ih8IS8`KFuRPzSLAs8yA8Hm$wKxw-L8`^JFpT|s!f>s`1B-u@Im z=QG#1kp)m$oE9is$H$$--{rpye@E)NJ(l+8yOHgw2LT{3v!y+`P*N(Ha7WQ4;nl}h zuB*d=MS6Af%gY)Jr8#QWw=Qn2j2BZ)r%%h^H`%Avop_!tJOF-J{T_ zvJm$fuyyddRFP<6EcDq6vn+?}D@$%tJSxFp12M4+U&iHYQ8T4YX--0W&%DdrRkf7G zDQt-d?dNsVkwGc+ZoXs-S&h6w7m8mGnCW7_BqiR^#xNVuSGd2c)Gn>599{G8!5TPnFRaBr= zo+on-qpY+;L{!;PjQ24(lno`9(Z?4p`gXq7`nCVzr{-K$Dt)tzj(Sbn2T|{UMOy*{lmcqxs!cJr6FkR*XUOw7RrXE@w*il6JR=)#5PBGCYV%(UvXo@cRRI z)-5^Kj%n(hA2(o|n+f2HO-gDG#9kKg*kX35=ZHO?K97o^5JGHfyYpb;;xaj58N7MJ zf^zDNNL!sK<+^DP01W_%AQu1)^lUGiSgUai!bTy?Z%IwiF)6pyI3Z zYq)*kOf6DUk6LkVbPRC1i3K(!Bz!o6$c5)m!P@QHqa`{!jX40pv3hXS|AFTyeKhaa zHPC772v1Rc$xX=gY@Q!*W0YH4l&&kkAHL(8PLkEsw1X`5d5OoEqD*;Hx(B*DdVA3W z3=F^>z0%jGly6O$-(3CDZTg~kB=azOM(C#Ltnnw2mwZM|Jpr>|vqMy7X+-LKdU?+w z%W&;US=PsjS_cu418G7Ft8-q|+xD3Hqyb;=9?{YAMaXJNaU{8FmKt)VlxX(nK*A9L zm}S3HtcXVQ+j#Rov>QJaJR_G+;T6whI0vxz%BdqVAk`q?GWibn5@?zfeJ{+?z1KLZ z?2#@Kp=0fx26RkJ1Y%7gIu9CiZb08-F7x=)dO^3fGT&Oe(Xo@=`%Wi2F9EG^11ooq zk1YVH$0RtaoGj?(ofR=HD=qz$mUhxUJk=&p0lEOVQFj~qc=@5%D&MKIQoSwnF(hJ@ z?x1L2&pvy)bS5%xtbU|GK|{o4N;!g5^=>dS%}pf^~~Hc;6&` zADf<*HaRZt(Z$6@%|gV>`rQuQM7Km{tv=AbM90TVfOXJfy0EPL{vO*p5UByH7Zw2w zn@oeGk)vbDp1+>j@W{v;z?j#*_0!d577&Xf*LCR^Gb+PpU1E76&! zJ0tgZcbuVay}ZD3YO+5z@*d|cX6-^9S~CH`veeWL zeLTnu2nam3<9yuRU234nBqSuOh2GoSi|yf|(;|}(XB<&*c6P4WZiG=tiZ7y8hgJ_D zHMLedhlehI>>HnoZ=q0$1`R(Z)EEh`uC97=%B!cn)5NYXGP@3wy9QWiFt8mQ94fRC zug30v{DnGG0SgCA8mczG4)_2I@C!B#xj?N#bxtm>5=|`il95%{MHC9{s5oUa{m%1a zW^zF97{2B^60){9HHq$yVI5emqSYY-nP@ZQ@?Q_=W zyDnWYzAD;!IW+&_ljchUg-nlVekNZ7rge}07}|_da7laEW`r?;DI`+t>d``nNKZ$2 zz+ML#SK3&2x6_3vSF#*D;W;2Xo5AMAcE2_^|J*CFap*1L<#omwF(BaK;Zfhv@FhgB zy#_>iU!Uun0m0C5<5K=n_^LAp$sVJyB-p7bBvPy4Ob1|cJu~XBEr4}M;G?yr)piUHYyhY8x5UVy*3>a0D`YA@{I-ivgFXbt`-Ss^;T#`S2dp zr(WL|*xNGy%>o>vmZzN8H(g=5u-0o7Hz{s7Dc^jpMaIH9o7nQ`YAgv(M8;5li&`uV zx}%EKs@nNWN=uR0m-0~doc8iC>uW(pH=Q=|&E*ls8s}^+z^t3oDW+R$xL;o$<3DsF ze@ATK8|buPDeWYyC+e)>351+2EaA|;<_>MWxMfQNr2b5O+*Gp_zU!P@+t0b z^VM^D1*Ia$=f4N_B?L~o`ev6> ze4^vxa^gVkPKjqqL~}&gp`Y%wwnJ{;zP+>E1dC(%&em`s3@C!7-{!6d0)V%^4B^EA z^beW$!E=(`8uNa}Y2SSwl$WHW;N|%-jetOHpPfb(@Se|rUr&)j%_3*4j(f(*l%zHFB(z_37y! zo8l6C8KtI+JpwLsIhPzR?}K|F@8dL&=CW}bwY&}z91rO$u*IW_ zq!AWQZO>rNHbF#i=Zw4~&IpJ;|2%!8FaxQqaEm?gM#E(M1X{urvl({h1Cl?L+q2Fc zsU7m-3wOi4<^mtvp4o8i?!wEtWdjwfxs#sGJM%VChEek(gA<`4jq)FAGxZ*bQrgp| z7c1u~%}GRQP~W;v(a(|$m&wX56YbJsCIZO4nWg&C#)~9i%!@n7e)*5ucALa-- z#6Y9!PvW3PLj+9kd)R#XFl2nAcum!A|B-L!2E5Yc!GdMwkxlr@VO7)oc=60TLMHWv zt*tHYu?+vSX!(>YnG1h6%5 z6F4|fHD0<4knvrac{J^1{iH$AssL@j)D10L-Y2V#f=9O1l6!CVqj>x{BXy>sX|haK zl@CRQHp@&vQ~DQzPJBYQ5U>5E9bi2~r3Gg)d$J5Ai`s#YMgP}BAm6hCVaj|kz5V*? zScoVzu<81W%IA3NuI(``o1(!+of^Eozdt;hnyRC~=ZTFLhnABWfhMb**rdU`=gpssANa7==&>P`SB$j%+Swt{V!;0sX=SBK3}R!VthZsIM(8F0z|;QOF=I zGW^g$UIZ+sj&Ybn<0GD4C7kJ6V72#Lb6$FZYEWKj3Mlk>_gmTo5E-njWIu4*c_BLHMjZOV3=Qvx* zCvWf%)yED*w#Dw)-Mu|Vr)0((ru{Ci=lmD?oxQyDeo`i3X?J$IwCy9^XS_U#!kL7b zn0ToJkjg-W_ML@ovvtm=d|zK9y->n@@d@n3XQKz!@3081<4r8RU5IvThiI1dtC$=J zCn%`wcCm|zp;D3hIHcT3TIJ>w@q=mSto>hkpbBZ;?kM1=6*lAV&3YRbb~`)&gzNWs z0AgZy%7qP|gk;f?Sxi7xHDBG%b2;r8h<4>n8KQo4_V(65drFy_B6oJNQxV4w7-80~ zxScuF1sGWYM?t|e#I`#m-etBMB zMtWWzJ|-7*eFtbm*uvpDpW$3fajN|{fNe>_B++{l0|I{;J`ru4^%=IUqFu5c!!cbO zP24#+xZyp4kz554emnd77KdwYqXmyOi`I*nMMXt%fVIKGKy(DQ8<)a5lDRB~ny&j% zTTt6CWfz>wHmPdlI!%U630g0I;B1W3mK#JCobdFe(w=X`nhij+1Os#{`VL9W;>A8} zWJVH|7`3tiS|Al9@@&=RDW7dWaAiPpcJ#6}HP?Gpy>=_q{_cA)WYL#;`m8gO3f)#L z1xTPhKq9Be?j+`MU2#0{76D>Tf$t0m0@&@Vcz`vR#&j_D280;(z0AHM2PGPJ7pP1| zbAo!2i6*c}6V7B!P_xa>+^r-Zczb#dH~1)uUbF7lzLetf zn0;0q^bXp#2H3=`^YI$l4q3_e%d4x>y$LLUU9a)szc%@2Hmj|YCg4lX@USKK$?0jlZfQ&o z#74qzR<4V4XFdA1zrdrQN#kF}@B4Iv6~~7fyl~C$+r9J*zHhkXIZUTObD5u-ub#UL z|Lo{;!Y{0Pl@sFY$)&x|pXeWDx2zFuS7JcF_KUYz2{G=E*o)}{3_YmExXsP)KYH%> z*8;EjU8Jx)pcm@LAx}pD)J%`FU-|Y(Z*H5Vnx(NVq)@z)iNsCw0v0bMLPY2m1BiMU zCqO(vuMg6j++C2`%-(_LsfB`O6raK`0Z>(X34BHW`eGeuk*3Z7BrHTB0 zf<3FHKsBB86E^@1Fc{o{+2(_8|MndLI(%7^*3UCHn8^?!?SQCi*g#ZEX$9eYlaAfN zC(aXf-?+!Xz<`GWjt9oLkSMRBqCy~;yNkaWOcRoo3%fky)GkZ_wAzGUvxpa`@~I&S zDX9zyLF$BI6 z#jui=ZK2ahy#``6WH79yo2m1}HZn9pD_+Ssus2Q5U~WJ3XijF=CUvsdO`ThM=>+Zt zgM^bInt~LPcGv;kun2&)Szl6&l%0fR`je+m-`~Y09sVi3Iup6Dz~-`NO5^YE4=9NK zt%+#rpf|FzD(T}zdMSV>1l>scd-U_S`D%dl?=&*C2Qv=2a7ORLwU3gSYJY%?kUS#K zP@v8P%+zVgJzQ#HVLj?7SGL?aD+eT+T%GZ&NG2~YuZ=&I=eCRx6MfBq5Ab z_JA7&x!jfy%xD2h`{W$scdZLCbn_oJIGF5X{@@SN@NDB)Q;Qg9&43-w>r}a0&9xG6VUQ*ND2SchMgc1Loe=U*6icj>jmpLCSUhe(6~=d7Z^ix6h9-XoU#6xRR4DokjMIOd=ez&>WX+cP{f}kh=MMjya4oviPTS4sI_J;k z!B>x6C}dvwVbb(2)9rJwA8t&ILZR^H~6xz#VFpL*-^oBuCAm^Q%|3HH~8J!OFTX@yA>02iZ6ZbPm)! zY((YoPt$SjtD_>Ra?^p+suzOXd}RPs4XtWh5VNLQobF}a(2FvY;`hUy1PP^r^Ccu` zdiFd5T`x3THDo&l17jtRMjpp2LoxGWpyEWLGg>nPWB4vr?*eweuvFSL5bs3n&s6N! zbX!ko>8qZJH*ERtb-#*U6R|Y<}`u&G&D``?Vk@LP>4J_AjJg%ZDDtZC)h5>2&nKAq7 zY&QgJzYhLgTq=S2G%PjMHpm1-YlZD3Dad%!J`PVw~&4|S{(wNeIWnwTpy#2EOnFc2FcF<7k_7XRqy!W$loWqzH2zAN8lw|~$%*g;jp zm4}%uGj>pS?qDX2B^`0vtb;P!bmP zf$X)U{dKEhmvA%N?t5Jd39qJtQ)#R6+}&s4e1xU*Mb~RE-oMUTL#n#ca(P;IAc?0Z zw|wrmb>YfRls2H8t@PwB*J5%(QgMit^sC?=^*>e#aG}GppSejAP+h^|fJ3?3M}O}@ zNiz$KYp64ou6nC)grJOH@e;{Siayk?EmM2{>48S#*&&&#$GyK_e)>9BRVD_f*^oOn zE{l55lU9W;Tvg($?eR2n1JM+jJtzOzwey?I_F#NwXGED9f(TU`1jC4o2zbQDSB^!DU5y0|?xs^M=Z1WHZwFZ7=M=CALCx!1mj z+$$d@7j;gu6RJXcKtj?bPQAHsiK;fJdEkQfE`maExZ1-2m84K?vN|sNSj=1)lu}g4 zg6b&4)t{3@y~$5b1UtJ&bBQzl-@VG0Dr|@LLjE**?mk1f+nOA74MCXos^WYwW@G^? zHd2QGV^5FQKHX+GJlD;yW=|ksPT1#Y^SenGFyUK(wA+Flba|KO@s5 zdI@1qx$;5Ep#qSA`jeKEF`czTkLN6u#BQ!#aZw=9&O$9OTO^i*1P2?=7NVz(_4f?S ztHv!T6toYmx)q!n;m*mo#NXcg5=@ZP4`!0=UD}=gDSS6c^X(UD&QQX=J`MMxN$)`V zgkN*iK}z{>oCb^MU}VP*Q9V?xI1{5-Km)Xgo|UJWLvKKdCgZdF835$D0<9607Z49N zg{ob~(>&sR;*`v!Wn`Yw(S62{64o@b8!J@Ns5Nj(TsXP0d%(%1#+3eO^7B_Vf$B0b z8yBbhfWo7lF4$mp-<-bFe0_CBrC#8=Ht|LKX(c2$B4Ww2&B=XZ>gBe61Cww%DH_j) zWS*KPjK}(St;#Z%17F6Fp(!H54yVE6IocK4yUpc^-roG-v;P9bX(6YCCb=5+`Ku`9 zJ3A$7kB@=mV&uFz1#_7a`9p?EK67(R+x0AkgrRDolR!^0wa+Uv=ong%!Yp{)H4D4z zGCPaLYd`&FM$|9PAd9X5#4zNrFrI3u{TlOpe}3{`u~D2KZaTUX-LnLHS=kb{b!+08No4 zBAcbQw$>KeNC;+4BJ_lS=YRJ*KLWa&&?t-b%zHmmGxH%Z2D3I=g#O}{@hy6VRLF}= z_;08N70i=bQPLR<&#%GrrS{GH(ZGm=*>O4&a)H)o_?ZPQJytEeoEjW5TQUJBv7%wY>_fdN=Z2oh)vA@(CGtjA!2rU9U8Xyr^bp}g-%`x z-xR=CJ~|G8n`>#v#1vG_6U=`J4sPxo586W3p_lkAy9-ur2NxIHeOdrh0VUdn+%|v0 zMk`bmG6V`o`#ny&jFeSWtVpNh?&9heD^+>S=!2WILgw*+Sq!{RBobMRTGE+-Ik1Vq zj@v+4dhCZ$_3-n<=!Yj~XN;LR`v^Pm+mlb8^9u`BzrUdYorAFx_bxiZ!xpNzEm{ME zxvX?O9abK({8Pbzd!?ho!ow5KWij}>R9vcRdrBcgzpC!Pv|B_)m_TEr)@hJ@%dGOl zwCPi(!Ns@55;<(Y8qduJg%bwm|!{7ZdeCx3#E3%+a7vLMNf)q;7%$=QsZ;HjDC7k@?xJZv1`-*qOP^pw)@SOuZO6==d)3 zcxI?lR%0MlMBLPrCONsv6A)~NYhw$}7iMEc2BDM2bYNeAgEL?MFWJxMDH}u+V)&(AI z{uu!~$9oN{ZL3mD7wkrQAmxiG8zurA#dNCdj6nJA>g`<^85A|!(s9AW!eMmjyF5RF z+O1dp{F&{zH!AIab!egQJxALSNijH@n7y}?6BNI0HBs`^4pBi1BziEPP9fy6vr;34 ziH&V?%GWF4x$?y0eq9Qf{#qN&ZEcq&9$H>Kb=`&5bDdM%LPr+>`Yf25pW>V)%F4K~ ziiivkz-miP?X-$il+@6gQw*?p^SpA{dU;9enNkDkYLR((W(!&yqTet_)ieqr@YS?Jt+ zdnmX4Xwp-U`%hU}BOEmRdVkW>e^<}fy6ShnWpfw*cLy&^i6899vVs&;y!QZm;gaz( zkE|Pzf+uG7i3gYl$#^YSxNDQXCiE-?U^OP{R9UV@(Fg&5>749cKN!eOP*!wnrR5zsIH7Hsel6HiZ9@qMml$Y$`WIRhjm0~3}$E<6Sj&d=DnzbKp z`1&_*?loQS3PFsjg(B$CN%nV08ufR1fC~e|FKmP7l`@0A1c%LTz4VBUi)-79@73Db zx`j#=m%`g^-odzsheszOk_M7y%d1x42h;!qfHJs{?PLOw(+a$tSP$lknqj&AF|rzG zRX;g7NiOUfC9SC7?A7qUT&V|#8T;{Q0n>z&^8S!splhRVBY5!O1%lU3YY&dU)F_~l zTfGO1pK@E)>j{nl|yf9KnB?& zK`DV1oR79a<6dhRc{ikY#YPwCG~tE9KVUqvjqf?~%*6;zSOHN+GATO1cmO{Yj<<7>Uh3vTf+XnlpA!0uTt76B3g^sX=kCCF^&gGGz@=<7EKBnY=wxerLJw+WG z#L3^rij;IUzew6;)+xm)@0J6+joog#3ng1KdMnj8`E}lk@3;Y1m-I~zCuvfhVlu|c z&wACF7cMKG@L;?LyAL3h>-kh(hs4{OnJ>))QU!k2I`6Ndc7S4S0Q?ci2=w&(0nt;4okW z%+MZTeZIP!0i1+Y4cQVwA=V+Lb7eG;;&Ovk)?`&SBksdINW?BL2ySjw>3+nmlEeLu zR8Bnui4}MzF*Oy5m&CHSkI(*CLAB>@JaO{Hs3|G$b1&6I{o+n*hO73Yqa*X9f=N8; znJ`I2Q5>M&KwO5^2hcbS2Bh5CW^EoBA^14-Zqio0aa@j$z`R^bdNfYmvheLvy_Qq4 z1W2@TO7Vdx6zcnsWl0iCl3X?xg2H`IB{of=y)W_FWo~u#i%gdBRFV_(r8fgWc@Tix z7l(Eu6DA@hGhc3IOF~DCxJh;oDh#9?fI%wk;dQ>m)PMWe`L8amwB4c?i{kb$6fcx2 zn;;fHdG`;_wBNbjQax9YlS#+WPiX?^CYa#oSTEG7I*esZ0{qum*lM4znR#F&FTTc7 zzkowbYK*VM^3_%6Ho(o2Q+zFR6J*5=zb=lKxm>&60%VWgoM5LDEJ|g^Cvs@LH;u9F zG&t*Xlb~zsbj=7p^d!WmwI4hlNfz^HEF+qXuc^K6-$z_wz0&_<7r)MdIBw7D) z7B+C)L>iz*=fJI@DjVGPq&K7M0ycEuSq0`R-%?H)^Vv=GRb)9|I%T?C21nZ0_dH&1 z9r=C!K2^Pqf2!@k#u$MW$V~RKHOTdoMv&o>i}eDdC$0z?$P|o8!;dnKD zzz1M)ry=|Ek(K)Tde8I1YORZQ;~S}m&z!t5$QgQ;$q|WHnraX+lM5m1uoWt~n$ z;7gs`+AYWHo%2(l%*`wJjo;A^kHcrbN8e`{KRO^#+=uTK>mEHOCGDwLhH~s5Ciif| zF&F55|M0@TJIxyfI$#F7I~W*THcQN4^2oaKYqz3;IcN=gR9`meD}wY!A!*s4#z$P) zb5th++QmB8E#;@jy~+N5XQkWCqO|5bf5OI7kFwPBm2%Zc!X^96%aMNm_B}2I+6^J78Dmy-qY|KO zMnxsPQ_sKgwzjsmx5fG*KsN>Ryq-Qj3(L#UROt9R03%Rghqq1d#rLSWxJK;bVp9Hu z1IijaLE&pi=VEy>4j(`U@wIDiX-y0H*p6C1O>Jvqd~#A8sa2atAg zX^HXp7hEJ?2U^r>ybD?rQ*$$Ap*~S9VlrY`ef@OglRiLjf#c9XMK6jQECjlT(b2aWeG~?g}RCDgAA_VM<#L znwlij`c>QI0H`Y~D?=QC9$8b>vU^K6xV9P9oA_A7xk4Ofs1wvbI38KnGcZ8MB-A@s z*%kR~yptH5Jj>oVhQ$iCv?SSj7xzmoiMXa^QrWb&wKXFI;4+{+DJx^^S0^Qr$Sr+% zZ39XY8d_C24glD>xw&8>Swn!5j7&ED>EL&Jr9ea>p>qC&=RN`#2d53p;B1M~(9zD% zZ5a`xzwq@Ht`$VsC{cg=>})5oK=`-#I&CssObY&eyTX*GH0RTzQNW-8hKW%}+nW?z zI?jP@#+ED*eK;CbfBiRaaygG4>8v=Twrt7y6_v9_;t5dgma%{hRPsCoK`FGfyJ@8$o!qT!xX<;|-K z{_nhV(*NVa!Tn6_n9liwAO6z3PuW&yM>dv3($&X&f-$>Ye4)Z)`7Y1FKs8NB!=d@_ z36$>q`+YRc%pWC1dZC9aN^j(t5#5#6->qjT;X89VU-^ntA%Cf(A6Sp79h+`mt}riX z-r)OqJ%mv6`jQyu^B&LAR)lpkMAf9@Tb>^5)%@RAOa$lAfZh94gQlfk*ivUrxVWfl z+bSxWBN_fm#9Fnzis|nb#>;`X1Ke{$FC`7vBxY_t8#jpm6KOsBLRAI&W7wLhlIrgc z(&F2Lp z>Kh~pwJzWSYU9wq+oyW#=5-EjZY_0&FX41udlW+E>pC|?5I9Yd(LYyOe`f~IlQH;M zz(3Y>)lz1yR(Z(w_nuL-|17OTi_M^F(^w1XRG=MrxQAN96aViN!P#}_;9N?gV}wjk z=%Ibfxt-x3ryG=btc;nudRs}!LJuRwN{Vzej$SxBmlSEfw>~>4%lL0k;BxNOk3cp_ z;$g(uvV_C{;jMo}111rsQiwuchQNjK!^pv)21cJP!ItF8>)Rrh6*^Y-UnaJE@ab82p)Pj=hCURZyz5|1d7|Yp{{q_Pj!b@ zouw5O>7UI%+PuzaILC|3lbPbbYET&_L&JZy@}z-L;zh`};QvS5TLxA6eo>$x0xBr- zLkT4mk&u#>RulK6~x8*IrxuYuejq3~!m!H}G&CJ<@)T$s3TtpgpR6Ecibj(d_#LRNo~- z(+&?sbl>8Nz7O+UIOmflUz~8+;5IOC*(i_e$?G59_g<&~80 zOG>cB`6y!&G0Y@>`V{d?dEH6`jLr^qfX_hK&l5f|5weih#v z^&pWB4SV;Eqf@+se3<3gM(m%D7gdoLrKa3biU=bJH~ze?zr1Lx&7}JJTUvDLt?&O1 zAv}sL&RoU0l!?M6Z|uyuuHLtnsYt)%$;{RaOKUndC8f1oclW!-uV0DRM|DVe_A+cm zUZ7rcrnFHZx<2G#4^QJWhUBX!NSS@eKj3-cgg#$ZqX`{hQOtPhv`6)1%$$q6l>7DP zY}cYPO3K?R61d+}FP4ql=37~cP0_2DhVYYA*gp8zlpO0bbax*?FLv9%liVSaTeu%R zh)sV$wA25KZ)1&EWcR228kX+u-vyGT<;Cn?B1}KU3xD*c>Ixw6ibu&TnW(5P*V0aU zn*kRnfiz@g<~tQCEux>>UWLQOm73Z?Cy!b;+<-xD-+Ft-o zI*G8M#Ljjr98c)ol=JmTu8K8NQB!HsvRT!UMC{K?Ql%nn{TWry&Bjj~5e>dE0C>RnI7qJXQ zoZ81Lf8eF%iw+YZw@r5caR{Zg=`!h?$OUcV821J9*b{qKMH| zBCB(v-pic$*@33~6-eySqBQNfGv5?qz1@v$&yY}Qz8$4mF7I244fZzO)@Va6SPvpBdEIQEtHWC^q8Re(E5Pq2p{3&#} z`VY<~L${6I1a?qk?LxcBaIOnVu$?M5FV3J`fR^3(>J(>0o~}qP`fxf(d9jTUVeMr!-HfWH!w@RH3O9R@CwP3Nx2_At}XMRr(@xHbV+&l znLC?gDjw-X=wPwV;EfbF{!ai1AMj095X=U8?Nq3G)}oRN@_=xJsbiDIU4 z%ThHo)5%=2pvLE;I3qKbPn4tc{)=iAhH3!%6+FDdL6cnNv&Gq&nJq^?;O>ad3AH)sYR{WrcUOa9unupfLzFIfQh$Pol3)56fA92Qh0;=#PIk}XwvT}6srY-ky zt_ilwVM=$NlZi3a;M?Y&hsunKG3*vXh2F-130XJ&ZW+XR2vAW~PuD)IqNDn5D2qJV zzt4gXszax7vk_83u(q%zdnHP{@^`Cg(iDX?posC)TgCrIe!gK)*sIkyA8>fd!_S?Y z>KnYsnSS1O8uW4+D4UEvd7W-nLe?&iF|CcHjUD5er2 z)bcajlP8A5Y{8?#eb)H~InR>d=MNteQFSpRw==J4ynOfS$GA{O5SEh*y*MjcAH8z@ zYO+eNeu2?A7E}~qnS@4!DV+FGS>J(+ahGTnuL@sPNO`x5OMUe_=O+J;($qGcz0Nu})MHU#ppa`fab!QU%s>~>PWtk=*N>s|+8I7=eKK8S?beQhod>jxQ z%{Rc?j`(arcoWd>sr@=eOE%;u^v;_2H-pIt$niUbpuzt=l=p@(vrX!jWqnxrnYGxlA7TVm|tlv7&&Tc&PC8a&adTZ+$bjm)5_QA91 z_;5j;YP2>VoatiOywq8jZQ+be)o1-bi6vvTVe#A4fBeSLq^&*m9_MikC%*Hfh>Q6xL?dP z)r&}1DscejN*Y!VrJ};31v|dKT4X{7XC&r$LZds{H_9YvXEfwVXB9};>vtnp$p1d(HqWA6f9@Yi9LzgL=T-!N5{V03llA$21*7+auI6X# zvVNh6$2eNaUy|*p&aXI?Izg5awX|fIRdwJTnXODNlj1CA$Fyv975F)vC!6+V$9ucd zPVRlXuhY~pJ?SW<>14}z9oA8KBl7e`ODvoU$O_uxd80r+HM@Vuu|fbIAZ2rtDNy~d z448R$F6y*KuD{Mw^WkJ14bJ27sYr8y1y1wTSg3SQ_#>MyZq3=Tf#nl%``WM19kH+f zw!SzgULSd8y|Zm{dZ>dup|A9~I1OKoh?mo)Y6!lcT=p-xlj83Mx2>}c$F46ln%z+R z{>w2-iLyE5NQAEM6L&r}m+4S-ivs;Q&UV?j`N}|AK)c3kO}RoUca0M^4MbD`&uvLB zTpXMSrOvESJAi@!C~+4i$60A;Xx{#sZ-yFQ{@d4pd=fXEd6_L%tzzmxsgDeKZJS95h(7z+5S;K}H1>S$IJwI?JI6C?J*)^Xo@mbS55 zv9D-(%HsIAK`bRT;LkcdyM39T>Q(FRW3vD+h10n5G5Q2m*_t#i&~3LRMZ0ckb^BH4 zbUjWW-o9*KM&^myh6+_xinK{$i%qc-flD8AYK-^x_1;+$B%hBM)R;CLkoAa{jJ=gv zMgXEVH8r(dPK(lILIz)-h;+p~>wa-GRd$nSsh{INVwzf6S;3!TEw+D*69Rs+)1Jt% z=et6+Rr|_3#ekSqWR2JM`uLllMo~4odn-PATT}Tx2b05r=O4MK{cGX zAd72yNBF}&>FFLVrS*HvGBPzbj{U$*O=knL7@CAPNg~(F$XdgsXI!Rzc5qr$3#!3~ z=UP)smlD^&)VC4*hmTy2Jq{wQEdGE9WaWGE&|wBF&i0*~AvST1*c{qsu0vHkWHf8~ z%kg$U{0h#|G#2EUKWS7vCU-AU zetIz9pr&uyt|KRyDNTqwZU4$YReEJI_0M;8s70@t(*ZEPX3~HoX3i*X#rFAAq#d=Xg2w;Us8MC?Bw3;R!6?(Ul+6&A0ZrA7qQ1 z{UrNcSD=zJ8Y`mE_8n^Vi8^(CVa5-sqHCS1QKputUh2mYLb`U%4egKzc)Y*}L#MG)nc6N&QE@<)-2KRXXLq+X<5P2bUdetdJCDQyh0bF^92j*XqHM1UbUa+j;vwdzR|0 zCrsl?o{iq=cd-pdmoCl>{sU$IHbt?K4Z4zslcWqV_76mEfTtWY8ld)tPDJgv!=xs) z+4?K5KBOz91|txfO!tRbUe@{&2MONrEH%Ep@J;xO%b}2zRQF)WgR0x? zi5mQnoBU9~NqR*TxZ8<+?<#TJs@Ct1NqmCL@ghtgX?~k)wXB#P=$4kQmD4h1khs4* zZ*6Ov8?~rfh6m-KYsfdLtfE8lPOadTiMR78^)kn5@?Mr>z!#8cZZLjF7HytoLM~Z$ z$AAz3%I(|DZioE0EH_%2FIvHX?A^C+2kaZ)p__sSa{P5>Hk*Y*@LaJUJ=|j`XOOq;5HDSrjX8A zh5Qu)Z@P37+T8RXjO4{@XsCVZc!$3zOLump|6deWpmzT|p~~^NSFOfh+s0xE|{U75Uo{+j8j&mVr$@!VS8uwqm*zSlQRms)nmbsO6 z?tXa$PGh*(f*B2T{7>{wZ5EMrA(NLzAY}EHJGBZf)h55rROOgLo}bFAlsn#+*}IT* zr{GKdo}qhskl6>#Heh*x$fNj!9k*x*H;PBs3(Q72zqsM!(>Z7@WV^^-trjk=L#<1c$t+B-`S5Alig=hx}eW!IB4zc0E(+q}sX zBnysj@kAfo?s?V8X3!xGlFJy7T(DZrl!311ZZEq^fgySTVLJ`<6?)dyz3>o?1jWyL zOdE^@vtn~10s?~8h4!jEJ z>pt|HP(IYdl#F42$dvUT6i4-T5?;;Z)V3O|+6>taiT&uGLT=u$(rUMidFUNVsw3!z z>2VJ}jKU+X8O%T=qnO5XhE0jFY&R#uyuDvQ>rHbbh4eId@qJfFAAslOCJD(rb8Kkd zdxr@UY4=JmVCX|*e&MAT9(CltibA$UGFF9#gmgqQ#u`nOKdkkel$>plM7QL@!Kifb z)#|En!2>bGyKkQ0!N<+;rsy(S89&uMD4@DCUYrb;eNWk#Ux>9(0Dc8tsmb+qFTM)} z;1uulf8r2Vn_z!6`4S9Az^n-!&;Z<-_fSFgr1N57$pr%$SWsYuA@Tb4t@BgO*6(5$ zGf6?zyE6egVv^&H^x1)0HSfO_#y12y5h6MplY#_ZLU+IycBA)IrYhD>l8PJ5-|ggx zZ$t$_a?!I}fi!wIU%$G)Go*vJ+bwdz$f-&Peq_*e4Y#7j)4-)Ivv{Hge$cB6j4o!+ z4<{EY4yn-r4IeEfHA64%C>0ISxoP>)j17Y(5(nA`>$av3bD*&fxp{$!Cp$5lrzKXRUaXh&V4`eG z;fd%+19Tc4!(ozZ&}pvWsCA1-t?M(&Wr}5EH-a;t3IECxE2K2#t zD77Ssuwi5Y;HQ>~lQ1<^t3Ec#TJD6eLW5e8+l0Hzr6~0Q{-(_<|0S88*_tqhYD_eE zU_X=>tTgNmGFT-4`Z6#+l__(E*(9I1FQ}O9bU?N4tj2a)9=g6+dsEJdJfXcO)Z=Ux zf%f|6YkwjQN1wJfT&P4smX3aCw`6(W3u|1|ctzj_g~02K32X{iZ;c8j?2jp8cYJHS zuWn+6JFOQM|Bz2*LVNBv@eK54)tm1ISEsArVIXG-P9K|%Ts(2y@)VRgMFn%<&}twa z)b%SJ(r@oV@`fMsQSyHDhbvvkig8^c=Un1Lkyv>{VYXv%<~Rx-{c^c=(Cv+GJ)V~+CYps8Og zKl6s;Z&sW9{#hVoj->pwjyHISxHuZoHII*cY5z6olsUtD{7!kh+L$>Jd5~XM*UX?P z=Uq*A?)Y~Y+4_qeWPFEX#LkBsHX~$F>P$q?@fb6lZ*aSUIonSvp6Qw@;)0>q`%+Ml zWo!+HygWwMd6EquQ?}TL{%Y-~=Z?Iw6hA#a#zO!{{FxW;rBB4$SC}i0jH^fN{sfEEq+p2`b6mUT z*^>F*)$9wscH9!9;RFSo8x@E5fB&W&Ds$jM8!fh&e}}yRCZ6*&;Uo(lZnf9B*xXJA zq2DE8x5K1qP_y&OkIhe96Wh!@cyXNfPS_SUEFT+h;44nPDIO|3%#xaEM%-X?cIW9l z$Z!rV>umcWE4@ALpvh*tM3%|`TMS}$_t+77a#2c#t*KaKP6sx5Nvwcd)=ad)ON=dm z54o1p<%#>pog;|ZlzrYZWg821?b=JJIhCdCVIunEGnw@1-8^)G;VvINnBRX@Eu^YE zKWOx{`AS0-p`_j)MS~!{ZOIR(Y`AVQQV;^BXH-*%+Cw>S#9c4SHjx2Fy_NSsYGRVz z|N0dwH=&E(i6?qMX?-Ig=Z)jksaM|1e zbNATw)~#C*AeJw9tm;0Gn>QL40@(%&zW)6ORJ4NP<;muC{^8*CdtZv^qVSaTwwL#t zU-;a*Kzx22Tce|%e$$xE(RE-ttWU-njQ6fU@6S}xsPE|@9&a>Ax4;Zy+nK*)-24K} zFg>QB)%%fRWlj!SdcWd|!NKt&1)I5Aw=?uunN5Q`DDyloPsP4poZ7{)yL)N=jeeaq zB%)SF)4}1#i=;v>LZ|nF?_DgkBSf!1`Wk2&iFps|JrQqay}#<} zH1M_VEo)*twpnoCJ6&tiHXE~Qya{{(UNv-tHHXt(9Ke~E-y$ST*g5?6V`9_kU^rE3 zl8+n@a6*F!g(RTUd#JT``}50Ce^H-8{@!|6)yE4dvp9#Fo!h~)JoPiW220iN z*unkpca^16nf-d{Zifr{59lIG5~-?_V8IS8eVK&SuNxXsY- zuCET3>xEt)0@7b+ln<`XPq_GnMMdE}MF=Q$=Nm958WOc;WF(cJZp5P70cu?3JDy{6 zJs75e{+3&4tgJofCOYvg?Oc-|dza@>D6}P_RZJqI;o^KU3@q3%lAVJ*bektGO{m5+ zmk9J5%5cwp*PE%$R2$`sk%_Iz$;Nw}Ya!P)BAB94fdw7F34Ronh$fcb~!1s0r zFO}SJN^7LJD!9@Od&=_3(M&++aFH3k%&mpW-HsPrSOS+U zr+h^&XEuV(-^F&f2t}TU$D`AO^<=QA12?32w7zT)a_~r$s6I4b9cV`mx}Dy*CpcL{ zqR>YX16mpMZijfdyx`V6c?>~j@VfvIUS0R78CwCNxbKS}Imsf9ar;(YYDynr?-Ct|A&SxI2 z6)vnrfBbHsLXBVjjLIV5c=aYcx`?H=cWC#X$8cGQ$;sKF_4FL% zTg^IuOVTOX`YnY%FDIuM934F^2Kk%n@SsaWnVqiVr7)xz0lGR`OXMHZ6{K1BAv*(C`XzN}L4+vnv0D8Ae` znAR%{2~w{4xGM0{m9(xAj}(l07cO1H!2#fn4tZa-IUeq1hxL)>gLUDrG7=ID07T$vACOZ(S?{AdJp;qr?r)gr zi>gJY>&#_vi()y=wlwpV8K4WYR&d00{1?Zc9BFPY25^4_Ad0R^HxWqsa0uIyp8I_^ z9V>YU>k|#gKm^wHj@>~O8JX&t`qYi*5LDgI?PjmK<@98Z)&t1&)^At6Nu&h+P+Ykd zlN!c-Kg7bQ+dGc_-OWaSlA+we6eI2Y;aj2pO`5%k>&<9@09`AQZ3B1j_EGw_;1Bc? zodsNJ*bNs6o-S1b~5ZiPk) z;4PYIsUSXcW3y-cCsg~0Ml)dT@Q%XOud-MF_y2|tfA(9{o}0D>hk*Jkc!~O?LSXv$ zdc=pqPk&!>({!j${PPOACJk}^-|Mww(T-u=yd5T|ajq6ic&ERprK8IM->5nY5dbEr zDq+3aT&}?!%|!Et&;B6BUQUvJ;p*V*b*~uTs1ri2LLpqC^{;x}*YUXn0A<$u5NUws zr)_xS&xydwH^Stn+I8fgdlGMIb8<9rR~##NBY%d8_Hu9CojXE-?TH_?x&|KmZ#n&V zA0gvXifc>|!n$Bx3V@v@mdm1H-nu(Y9+L3cPW$42=Y^E%3QOxt!dw&Yyw4!;(YW%` z4yk#0sg$+N?zWTL(E5Gvmp=cI5Q)Doi71euDT~LnHCN^sQm1oZGjNwiHE{NPABN*= zQVBsIq{YRrLB~JVTWCZE=)zPob?K+#^^MIEyNhfK;YKe3a7Q4Tv092QqbzcjnO-xy;8tXc5PGAdjEnwfsBF_Yarut5mku zg3HmFbCYmbOhjpk6$j;SA+a294Et)Y2ZOcc=Qrf+^|c*wO46Q3$Q93SJ02Y`3IlHC zx(DLixyPKb@nD>exhWaZb)9QWZNuzi91ge{4CiQJfF(5l@;=CX-^NfwohQk9zGZ%l z_s=cI59y`P_o;Rjpon&2S}^N;kklol_L_F;_q4rNqt63DMA9+S%yV(gVyLgf6X&{B za|%ho8}y`N1RHV3Me0e|4z>jSsfvvjwy8i@OoJx^vI?N0KJ{}UcUAPjlRMd*K zk8yi?gSJ}eb(RL!wSU>KcR)wt(UjNWkJoew#{HpSU0z9V^{jaytdTw)1FB5 z*3It6t(*Vd21L1YRLqEdWoLG1^xrmW#HRSS>(iHo=w6lmx@QsLUH{nsGg>NPei_G$c>$s9PAQc8^?jxp8tyrWn|dwPM5GwF@anMM_8Z z3MUM{imAnj%v*WZytm2~Oq1Yv5c1;Kyc=oC98knN?3n1;HPyby_W*D$6|gjD=EY@0 z`v7d$>`zJh&s&*al^l$ugWhBW$S5>;egW!2`ot84gUB{i)_nF%02CR1wa;{QZxObt zNZk}he%mX1@b?Ik74+|`D8BO(=CxUVO_R_j#I;;XZO+`6rfV?W!Qeg||J?p-toKyl z2i|1Rv9p+umBGLyGDkjg^Kz>zi-^eqj|w0HNm%DNQPREh+WMW*;;Ngey)Y2P3()=a z`Qe2m)Yqg{i&XLn#~db~qc8q^O?NJp@b~LMJX6$SS|Y4i8HM1~-<=&ua{a{_#^D!# z%TeODDV90n-6(sG3d0n=+qgoy;yh$DY}Ru+NOhW^XzpDXls|IU*J6yDckV!qI1@#% zLEm&Lgl+U*;$rjh-@eyZ4M&Sm&I_rMu{cP}TjI&$+f+1zZ(*m)(5#9a$n2z{qT2he z2d)3@%vB8AgX7>A=?MdBkaSR{N1kV6zHR)xE)m22jzvdVY*y5r1GO&b9nrVnGcg6R4$6Qs3qEz1ICYyJIe(l;ft+3vOkDD8GCEktZJH`OqceXfMxcU_M zlS?hW-rkmtWDe8Yj-nD73xbnB6-<0@RCpclE@FlAr)XBagMBSqc~nfSzjQV06z+PB ze*Q`4;f5O~P{7zQ;-_KEx^B#G2FX9za~U z3prUY7?q&PaSQ8zF?+aAqOb1q4K6xt^^Den?lkc;qgD}bp#o+E;Ftq_9@N#1M!7_y zpdFf;tt=PNYp|&?+wuGO__TdtA@fY&cfr4VceN@KD0ZvahMrQJL2I05@FEhHlHyz+ zu}g$a5xEP<1t`;8)T78q1yU9+Iy!ntZ8cUzt36+8yNVe>MC9ZirS3ix7Z z?~UO!J4hWJ%hBSGpjV=%OFKbiy?Pcnu`{S*xN>I43c>Uo>1(uyZbvSKlb{yjgud>O_Es==43Nsm%pJ1Kn@83dTRlXpYrFp>z_ux{Ct{$1*1+vf6 z27n!Gseqc80PaHN2~ux>LRX$DD?fpv*VbWiPR>owzCJg|Z4(|T`~=ghPvCn2gOl*I z@^4=dAYy(60fN4;di|Q+-`{_2D7Qj+7zN7j-W7p--a`}T+O^>lD}GehbB%E!$~D=; z0|W8=+0%;acj810m$nxz&yHV)1qU~E#M4BYi2`uX75KMwBNF{|H3-x+Chj1B6 z=0MoOYEtPylPuL(F6Q7<{D$vAIKR`oI-v+mWxngXq>R%RR#sL0W8L&NV`yl8&dm z=xkSP@zEyTPdT7oFA9|zr@d}`u;%X5L;{6#c?ztD7JsInoOG6{Ndf!u*mP*y=yMpg zTOB4*!2=MeqWRUdg(QJ*Guosp+b5`q;ZzH>$WOHC;HUl_9VvU|`k*02X1qHi6}*A=-5ATCZQ zxK#u_G!gI_i}cQKeYN89swm}P&H{aNlPHk6+8~qE6g=OSa)j%#WbZ}sOb~Lwv4R{W+kkkw;&DTGv-YEw zWlxn0%zF3@XH86)p_qPQ0nO<9lMbw))JuNlu>eFSW}nNb85fJyjK|VYE`hJrSt%nF z;b4=zlrRi6yCy#hcQxu*hQA>(PQtSHHie_x)MZK`Mm1ID@H;dr0T-4DLHi=*-c$8% zzI4&G(^D<<%<}+(+vTM{O>H+`G&hBSMJCxz872-pib3^3t|>LBhHAR2{65;wW_ep} zr)K%=jljj3e1hYQ5%{!HLzZJ-y_5rtZ3t9(fyq;@;PF|_y4wa5%B-I3l+1+&JSplJ zq0cUVh9YwhQ9hy<=bJVYE}LGxl?WJ5xH}j2;8KU%e*YnQZxpqZE223pV8wX+#1%F6 z!Mw`t3Y-3!_jpz}A!X{$$*M&+)LNNJzY{_KH%#9uksIs=GfN(G*+*_`FED0_Y1UR)ZH9 zxeOABd+qs_Z#G;LPrTumFN54s6Cqigc4$1GNwhVmmUPA)lO?_6cM=+=*|g%iQYNU$(glXgbxE`7aRB`x=NYAq zYPEjfh?7FJ6+i6ys+S#fD%7m3pQG#dM_LU9OI%_DbIcRvZQY3CT#| zYPDXJ`ZH5ghIGZuy6L6|bZI=m&RFJvSO7KK zI@G#6+TQGj2@6nuBt^LMpayZlMsS#?)5r@$edQH^qqXO+Fa@2SX%+D_#x718f=7Tgxo46p+6_w{$71zOL>_ zhKnst6J|A%?;^k&OFd$2#B96hHcWZ%@xzHW>AvYr&igezP}_iTc&b zW@Pjm*GxCnuG?dW7sK;!P4ju|_8;s?Ck-%M0)dx3Dr|h?%p^HLCN_C!BGQjc;M%x= z8Yd34D4>@V)g{hd+F*2wh>sVBOvGs|Hv|MB zXxW3cb^aIA;DFk=%%J+^6sm-3u2#~%*UMtzCI<%xSHqp?{KC>1v18%F%UKU|?%Bf}5n{a`Gai!jFms zVm^ddjapDh_5buoU*t4b18-tYM8O#J*grlYyFexFHSL z1O(bl3+=JBsEQEmTgS(kV6I7qvdO+_H^Sq-2|_acT3`R>a1Jj z&-XdKUVD$7o#E|b!Q|$e{nivZ1Py|$Dx~j!gC@nJrPIFm)trr#4mPFd*NbT^C!9Ws z+iunqY5p#EvN?uoSP8rVRd(?o9S6x$Z>mQ-T!?z8-`lNtz;kh(78R6XXof_p6p>90GG7`_dX6GRs$fR>A9#crGAUaTF=8|Ywkq1lyt6q!W(`|LuSK3q6tI@3U&ml8_ zvJ6hn=yNHOP<1yuO<=SxjytKq0d+$&yb978lb&aN}@E@J6o%2T5 z71%=Bo01Cpw64~gL~eL#!9sWy$pFJ&RvnkVisX*2BTe>K`e`73!vm4xybls8OLB`U z{*I~~fu|r1LxTv78QcC6=6iH*#S=;{pB#*41K~KyqFNfRA#zIz3EHu$mM`X2I$E;Zb}8wgrtQo>Li&JTLb9 z`YO=IoE9s9@Vto815M1s6eGC`XV%5|!JD2I_vhMFVnv zF{^Cj0bjY{ECz5^hKAjf0|87cFZWlPk$GtFR;VIV;2K_3o|04EpFa9g330tUd-CZW z4jyvtJHF2#V1_}R28hIeTm>`M+n8q~0R5@2u$e;U@j~-FPHMH*AAnSm!5G)l6MZ_OhE>TXjGzF;wYxSEmsx62`ZRxgTly zUOd-^8wf*;SZo$M79fGxjdIy(zIXs*9-(NDP|W<8@}>hJ=m+}_E9jJ<(D=b1!RgG~ zSws&04mSI%D1+YM`^7AVU7u22DIoQs2C?bFw}4-lfjs>qRs+XRb=n>)^xQM^5gmPlhRYE55J!_3ZL!LhV{1D~EP>|rght4LOLG{B3 zBVIt@aD*Kwk((D@%H_Zx1aubvqfX|sr-Fp?5~YgS83b~`iDyNk{L`Y4Ek5`rXMLbJuz>Q+qMei@90l@dP$Vy}lnr#E++bB@SMktY&Y` zMz=HPAyJ-t&z27!WcxY#v0G3&hsnYtyfJETws%78w;4&^Y^$k}@th zxGQlGfymU9d-^{u03xV${@N3RLe)!z+l1V2*vIAm5>d!&EoQ%x>pdUG`s5^TMmuc; zeEi7Ndjgy|96W6==l|%cM~_;U|Hfd{Nu5>vKh{tGcMV_s|IKh2lwnX(*67AiYh)jq zIz0b-A}#O0pyF|0V&Cn(;5C_|pzCQ&H}qYu6yEKVF6jNKem=RIFL%bXxZ#&D(LSF%|#cMWr%)e<##zY_qPQS~5Nvv>T3^~_?#4*W3ur} zk8$V^N{=U5vFROdX%`aPnvr%?7vZyu@$8yI%V7x2DTft4!+X5i(%zm7*j;U81i%-h z9UY?<($)I;R(ngbu(hVw=MgW#*&)y%QSVFceAJCzcjBDYmvgXXp=B7OnoAt z8U5V)A+LiPsn_AfaM|Y4kB^+5wN++foE6Wn-G6$eg36onLn6EEi;!=W&~%uH_;^YC z877_L&kuXlJ+I&Q;6HQD{+fL0zV}{bEaN1F36n}_7w%gpgv}Gb3Wtq0mrZkfgUR@4 zlU(b2HPwNW`NU&2UNVB?*9(=PogvoZhIUi%G~n)s!0dc_ne~yU~z5L5>*tIkH z$XRBdLw_vBR4O8pfb5(A4G^!^P|hKo=-ekRELk*L(4YwJb;pz8a;84 zceh_Dtb5rs7baBQ26JcZsmfEH?YS^%&3)2^j`(KKDx-h+Xk0^|jZ6J-{?db&pF3^xzo|gD9dJxc2mt4V2@(JG2ucu*fra~PAXy1?a=~$~395y^TgI!j>*bi# z#r3K^pE0PiBMv9-w)~KtZ3&NMGr*FPlHxmh>!3I4gVT(A_kd7;cb=mgMi$dCFi<^s zaQ;i@e-4#k6G0vkNi}N!GuZnT^@vYdSD`gHgh5@RX3SXj9etRx}Q3dT8jMXTStvAiZiH1ns>p za&kIG%h9g?4?Ic2-Qc{wC#!3>eF*|N77l z%Uy=-Xc7r$957#?1vOq%g9BM=W1!7WNI#E(;RS|wv%8&*sL^}CbUc9h6`;3j2bQFv z`dxPSH(`3{LscnS!v@1rr@4>>uq&GI@SuI}S1D3ve`qyT?T!+@!w9Q1NPreQ;ve#y z7+kw{Euv`8*#Ow5k1*a#3Tkg)^ZgKHfqKJv6f$YAQ9}j>%aJhMRkzl+5XKE;{ALvs z^C!j?=0hIsg839`{6k8cO=m?@cak5BaE}{503H{ZtlvxBv!Dqp$g6PJY#h$hW209> zibA_U7D?(&kNVsPe#2!3QRAGqAD!&E{RgA&$Uchy^RuYSlra*^8@CcREPO<6xFW$J zJ$j;ZXZ)88La zXrcr*Yoe`@4k5ueMXYz6fLw5lCPp6V;4oM51-opnJGMJ6b|Rk3%HkhRjD~D&@w6ON zxH#A>b)io)mDvcuT(XXi4t67L4>Fj{io#re?&qi(xi_@53ejP81g(mPKBPe`&NUN&!q9J! z;Vv<8ow`FI9hcYue1Wxf9_s2A8uzEb)KU0WR+|M|TORCRb}nD85>(2xa2fqqlOlN+ z()15h&2^0V4u?$Oxou@@`(3s0W|^Df+ji#k9OcZh@gg#$!q2hjd;k1BgkJv?e|#-WUBg%S6o$4%t0Oo!>^xaD&pT!^*ZIT%RL?Z zDo;cj9|!LIq(jAiI7FeFwoPE-QfH==%h_3#C zPm$-e`|=I%quZcwy`1yr`Pxer27PUvPFk^_V9X?2;rv4`TQOa$``a;$v7cUBYdb#_ z^i<89Zl*!#Pn4_F)sZ&7r4>r*?)o7c7W;V?VZJ`n4+#)HsoE!mhX%SQIDE>dNKEB6 zo{T)Kf+3jV5^XG~#}=lZ)@rpY?Gt=rap zG|mk5_S{-O8FU4VOBN*+1qJLNSMo|qdT=KBWqbl~uLWLhYIfE}em{=a z;WJpr-jWeL3-Q4*F)c7nWUa#tz%uH% z@$sP#Tw(LAEhh~ApkZMN0c{2lfY0^Hzv(e4=uI6ibrbT$;@ds@&a^}miG1w&?sGl$c9?S_opb4BeuTFv8)m(J5hCA`y7pu7M6|Da@#a3t_Gj!`ai&4ngB~A;s8p-_ zqiyP1&ba#YZ=?vn6{$L%m>1v8>ePLtzrUjJqd!V85N16Z4)0i}GSkrbfj@CqhRQB$ zBQ&4IlN?ry@`Ug<;Zw=;E6 z#$Tk!j-d+h=azy|lWB7G;B5-&IJB1;b$`1JE@?35HaObJgz#sOKQ}6$Pm@c21oRgS z=9Ev{M?A5LgA(Svm6p~sAH8%XJUvuYpb)r>hbIkF{^ZhfuUPRbo)^3)ub`k0yVu&; zIy+Mz4iBXLa?6;?BzSLHJQ5?kd$*Ma;rc!(sB@B948-V&u=x1)I)8#}UNJ%f05cxw^*1R#fND>jO-%9iYukQji#n)k4^?@fGz{RyyS1E(80milfDh-E#eC2nS3J5#sCHP6x-bi&Y2znVGnzHF8ZM*+5< zAMC|^V)~dnA2W0bpXPvOtMkr~RRfx5aehpZT^ub_kv6+mt=-wtYgh*WH;l$g=;Tv7 zs=K#$Xm$#W!oW&et^CXT*jV0|N$+4ls8^bNm3#|yll^z=mW1tI5a5iHJtxu}M*YpH zsi%d;_i^v+{RhfVIUaR|pO>d#*bP{NrlrxL0SfwNzi!!QJbGg6?|=2y?c0}%WX+W9 z6JDij@P|V)<=b54aNS_|A_#~}`%JjxXRP`9jCD278nG#GQ^Cju53h5ze5PpmBaL(e ze6U+Tv3@7=M*c7`cIrp-Q4wcbwTE2cagP`n?g-r|$DOY~Vf(AY?QI(3adVn5!d#g-eX~R7mI&h_JXXPA4zI zO%7Jl2Q^-8zx+hT8wnGOZ<09eCWU1W!U+vmy72;DCVBfxxuLNUtXe&#QXjx}1o8tu z{_G15#bJP*UCXwh)1020s{_aH7OIDnZing*qXD0}!pcjc>I0WuD7v7xMlmxNBSQx} zC&!_cV|#mh8VI1mQ5Z(v0XgM*5&z+sO)*2qW3(5XBdK|97T6)I!Emc&y~?&5 z#E-9l;{zdMOeX-Q>HN;hl#-G!Fy&D3n23U+b!&RFH%Y_-AZ(H;g&R?c}##}ki%rqke>v1a3NI0ejd+7@ZUr_)g2E%SAo z4_jCu41IM!_l3S@TmaP&KZU_}O9eXFj+c_Up=vLPCMD%u#+>;m;u)o^_s@A1jD8tgX*SkEpB0KgtgNgsw(ECI&9mX`!BrUNP9J7Sn?_{nfUlmv zK%}NN7o{m%O6|T+g17G&euu*(VwgydKfLi&Kw-lQkAH`@)T#8WNbCH1;UTm=<>-|KV*hw{by8WiaI~oJQCv;QIG@k3N&L9T;#Pi(_{&F z@WHs$UVb_&9L$|BkmryPkp3UE{qi_GKHP>9eWL^mdEh-zSV#vxqr!-r9s zb-LV;l)uc)6*wO-k+h`oPhj_QdbqCx+j+;~{D2aD{j81|zPoFJ7uea^7uT{Mq*nJ` zm+F|j+i29I%gwr^ud91*X=G$X`y!S9=<0(}+hQ~^w#n(~8$djMdcR8ZmUnsex2L4} zuWLRBbC`4WecE8VkX>mQ(I}l(F8%(ev}6>e-=2GmCX5-s4;b4}pI6SDG}K%4%&F>l zo!OQUGljo>6<4$FA*;ykF{MNJaqdeXt0SL>_p!|Ft6Vez2S~i8BmER#DeCB%B|Uc+ z_MkpCeAzXUvBaUyX0x3Gsn14F&+opcZ|lr?Ar0x-nFm%@X19ISJ2+Hr15{_GbKQa*gQQQKIMJHkcdwp& zZY;XErkI=neQ{RWaa(HaQH`19ckd=BzaRWh;2-i!PNv0t$S9Fh!pk1qRr1zVbqm#j z=2lthE7B`HZSUPFN{O{ug<NH z^x3u8puHM=`&qB)2|G>f7U$6XKDTnCH*mSvW!niyKB<~>PcA$XcI?_a2Rbx49i55N zGLWViAnfd#C1LRIM6y(g9#Rd~3(nWSlWoM|5G=qyg5oYC5e`DgCwzocdA1>Cddb>( zNVrc5TDo$UtiEvGTq8ev^y_yoTKj*)LH3wCSpD?*=2TWgf@Y~0GCnF=e&c@RB(WI9 zRU0PQbfMgwu@}+*l>HDnBJhvju`-y2eG(c3gYTZym<8uCFrdA*JWbr%6lZV8fKgoi z868k1$r=n!$+8~5NBkwaq5$?U5Wu?;g24;XQWQcoMb<*?ZwHu1{#3XjkRBm2;_&wN zV^MBYVjByive?gPBwlKYms4t;*r}YUyC0b(gcBrfHfgas1pk%(>mJ9soHw4Fa{7B$ z$a?IfKi-#Zu*&BwhC2X!^aKHV9yH&JIB-IEAAcp@v4!E9|9k*meoLIB?OyzCI*b#( z@31^2Wo^xymbNTz%dS!Mp}ARJkGJ)k$BFTlFwuT(X<2V7wE!oLH5rm=}9Q-=m;Jg8y>W_JZ@6CLh^5sw?w@KvlpX%X{g$06K%V)Yp1%hIX zNo5=gex>H5$vRr79G}VmH1%8Kf(TjMApYpP3Fkm#fzXKfz>6e#Pm_@$Oa7|B#L(X@ z!J{GV&QCUmJ>AV#s6SYjMmUa+l8d+RA~_^d#MHoF_eH+LC~-PwmX2KkpXJx4{HcVPq*F9PeAWYV z|E?b2cwdo~+Vd;P>=uc-d|KQsMrzSDo>NaV7{#}X_J*e!SEX|wqFZCRd$$ft>s0O+ zI)<4qxaF+T;eni*;Lsh#=*`0?E~w>=d`8Lm>Ep*|`zcu7p)1VOAW{J)xP_IK4pt43 z+>)kVNbCI=qc=g8`FY{W=*&z#rc;93cMhXF0n*yS%N?bswYtp()f~_EcI8je(NLH7 zcNj$K&2;AroK&?(J|gGrEC!kzAH0`|i$pe3j1IvL`&9zJKu&f9Pm)fy&tafh^2Yo=m@G_>)m-Fr10)r)+u_28u_o(>Ow_lkxY7#JGF3{LFdkl*C()*k7z zauK@V;8tf}FuTUv?yGYB`gOcShnL2FCV%w9#fLj#pN#kr2pS5j%~W4$B;pw{6n3<5 zVJj2E&}W@0WK=sajHHlx^ozriA>0uYE2HlvP92p1lYi@$5*cmJqJn~FiR$5raY&%fcROPjLstLc@@9z{zp#R=IuhBYpwooX#b*-_8bq65y- z_}{uSyrE({9I4l*rdd|jvZv^G?R(eqQ^s#NN9HO2ZOkQ*3hrgA(;vw!3L;h5-k7&< zroTRPf|lx-UZ~z@o{mbH(qrah%yuVvb6h*)S0)l?lUeUCJLsKIX?JKX>&(+GnHnoA zxVG!LDVf5z9ZKPUdjRrn2zUQxQh8opZC3S`s;}(?rxM@ra7nY_zQ4bJrFrutA3i=W z&nECC*ZOEe0=rPSH{5b~ECzV>goaZ8f;9JMVnXpxC+pRX``~MFhF!9NAj_GSfVoVd zVAp{_1c2O?TN^e2*8#WeJ#xx3G_=cx`6r@cJ!l~oc6Mh`Fd(ZVo=$Ki2e2BiQ@o>9(_{BqNrZUh5`CwO@{J`ZF+aPhS&0FN`<5hlo1} zBQ`N8nF|XARFX%1C8C(?f{jQ7bneQ_$H>yA9z<_i_t(cO7%1cy5|WhSCvQntVEs9@ zRGGVFzPi1*s0biD-h*`=Y3EdRpzK)=(cj?xL`0$GkE`H^@f=tOKd}s?FuBaEc7l)55Bu)G%`nU+>{?bwF(}j~m|a^V5HpC99tX?lx=5SW|m_KhRb`fv5om z>DBbMAXcCeHx(6+ANRP1!CzWtM1`Jb`db7~SV-DAp+DUBUBA2;`>yj(ABsL*lC;u9m-Ncg3XVEs`K4bMXPL!m6s@kg z1ZaK`Su#9jJRs{wcEg(H-@DDT7Ut%s*;AHH9^Xu`)FfvtQ9}#ew77vkZK+ za4817aI8lG>rs9I0f9pD>*oXB;?`Y}a&Adc$*Sc-Y{b$AdG}i3G&AYHK6V5y_LlN|0hN2ki9}rs$Ba_0tK-)s>@mJ0{&u)F(j?oTQ2;@SdvW-4xmG{M$q86rz*WIur&E0r zP?kl5=n6spiOw@XU{(u5Qs}WH7}r!+7mVb0v*R-0vGs$Lv#4x+wzL5l!~EhR+x_}) z-(L0i)2wrIwjVOQ7Pg{8SfPbTOdHL^9t#l-%Df zO43CE<48^lnlm@U<^SFVYT)CioLr}Yr+2Jw7&>;*Bn;aRmfkEBOh}xbeinVa_Bf>? zX}ret5f_DW0M0NIcA+_^h(A_1*vQz@n>UrE;}hONzM^a{Ie+SDmq`Aj-_ z2L=YxIwPcG5&b@W9jXHKt&9}6r&A@CnVGqRS<=)Wus<=82S!q^%iRdINuiC;Qzs`h zT>l+vvH$aR58AvnZ^#+b)^F$HvHtk+gLduSwh}t`Fso|-4B+|l^3A?c0gRk1MuN}$gT^Jt%I$bm`LZ7_ zK3CFUExbL1o-kKv9lQ*tlctp_0f>UeCAQkXtMJ?G_66hnq(hF)L+y z9{%o~c~{p~GJq99$7OcVzX1;R7f4XY`&iWY!aWi6aDeyj& zkCb6IStI*fzS3(=OlLA>eQQgl6=o*e^ScMN8^YqyL`!<5*7qhE#S<#FY02FIIp%+^ zf@_PYU(wYS3Iv0g(ZN9o%%{Wk1sFfQL#}`R{!U@L8DoLi z3pf-(**{O}qWSo%>;5nidtYpoNF;o$Cdu;WBV4xZfvgb&(fu-=owETWOI#^_5zLYClY zF!!Dkbs%~Q%gP>fC_d%lvTb=oCSdG$EGZ@}-l=Eh<^3Xi&j{@wXj?pqSiIm?`)3{Y z2VZVV`PM~>Yf4=c5*BXybe$A^Z9@C;f$jM!dg_Z>mtVD|RHE=xDX?ZGGyqWJqi`A? z@62XH)>xfCZY`u&8Gt$MP|2_WhC(C$ezGD54lL;IF9uyuA9xNgA^lBwBApa<@JB7m z^JK2yD9{We(}>8D2>1-3%9eDK`zr-1B+CDt?bD=wyo@d~=1RJ0q{kyid}hMb2}Wkh z$z8v2*#~aWV6ObHQWqCIk5`cME2V3|rlTcIR!uFeXK50vn(xL_ykrhCW7L@k3Bx0# zvAC-qxHca91>LtE9_j1#A(GLJrmnG}p`ks3aWOI7cYN6yYQE0h3cB&KxT%w0VPRbI z@X4Y_ipzWpZNGA(c9qnhf1PbRFqnE>In|thwB9q?@^|8DOmT$S3hl*hd$&3=JHD0I ziW}VrO{Oaw;@_$q*KrgdQ@dYP9Hq2P(;wHA!PrqbE^8Icprg+gR?lr^mcV$JoAes- zbbGUx%AT#2g8b@+9W=m;^qAtSY?%E)P-i8-~0F8$;oVKv66Mb)G3~R z3tu7}p6c@WX&k3GZC>Q`G%fiM;KR$8F9!=R1ze;$h>31+X@8xbo}Ss$)C7%h$Q?Ww z=$-dnZio;?!uJuU3;J|g+`)58OA2xF6V^h+!vyLCf6gfMzrV)Ir|4%<7i(zFs835* zb%A1v$wrrKCXQ*zkRgD9m=6vt5s?HENI^xFAWI9zo%cPT#z!$4#SW0Eu}U4oQG@LT zss)KLqg%C1rP{weoed2>zy&)^cxb$A+sg4TVBY82qOQE$Yum=a&VG=dJ~H_`%+2dj z*8|IoMWW1W*u0NeMWo;spvJjhk`d$`Rf*qsptpn875hqenQc%la@@~Qz!H&h#pKis zW2p^e9S%)MOy&zm1aX8_VCzlkHF|PEgyu5#=w=QA|BB@%@6Y`AI zZ??k)y2uAWBMlVxtp$+PG!Dm){lsPCRE?$7g!?gUp{;!elKO!`AMp!zUR+rnDI#Wo zMo)@6pF}oV>bzNfYj0?szKE!3qWb!RzYAv1V$vbFHP!jCadA6yc56vlK1fw;`gmp6 z?FbR6DsQ^|2M(M$cWz%+2hw}hR|2`fV_n_cx>9BA^bSJwElvDC;+YQOIp!026&4mQ zXe2g10_6@|39XA%@NGM+p`k(0tH$%hDHoqYXFF0$jo1!idkpZQXVXqexT8=wE4vdV z5clFV0ouZ6<5Lld@TE&=^NRw2cm1Xf=zY!B?j&EZtnK9VYEsh*Hg5E9ag1U1he>0y^3kD~F$5j8T3#OUw{&Z5l8+d=dz!;3&0Jw?AVXS~u31P!dA?gzWZ%An>~^m0 z&z&3r*pC?BJ40UgDM2N9gU`{G*lWdt0+SybX-V|E*I!~Ei`j5ZfrI-2cn*}1U0f-a2-D*^H_VE?u zpmSjCkY+OX4PWBKqxqmsRX@xO`k!e%TfOIbq-?ELx{v?&C&brYBMue%pBLbt;&T7r z{nIfXgMQvr$0^EeY5w<;NafEf#J1S1`|2v5tIgHoS1C6X-XHFFfF!T-~VX&S6ryoAzoK?c$Go-S665(N^*lYD#jc`)-^J(`|P9pPNVgMtN4I za=x{@Yf5BCE0=e^U0~M@tsfW*xPHgR?96R9%k8G}T;_xS{o?q8YO5MQ-EVu@#GOOF zCx-8#THqiwdss)`N;iy&;M8g`i+|kS9NGV!TlBwFFCrI$I+s@}Fz7LhgEUK(-LX6V zX61%^?BwVkBvZ_jEL^1i_&|&7`fF9{|FV*ZUt7tp##fj6gsgE`Xx)73zhfh+We3E> z$nM>E6`D?~pG6)WMTlngX^$RF?9JONRAtoWI8w`sPTiNUn@7aEUz+xuN~`4gpC|pF z2e)k-5XqEv)li$O%ei)VY!>g>8K+#}D4~^i+$YJ<`tbQo?#21Jrh8{={kl`m46KYE zbq?y{OI}%6h*Hg+sUDmk6d#_iiezGn5dzcFO=*qweIAS@L zE3%MPmmuFivA@OeMNm3rcC~9hRmySF>#y{=n>@}{v$Ciw?N$?(8W|j{Ko*fC62Yyv zbEUf}g5}m3e-n^04F$abuCQqh-EHuEyO<^w8y|xcBnOis75U0GF^j)#L zf_G*w7+Bu-_*ui>PpeyAS4b7T|6%}`Ds<7U3Ffw$19U@o9$SF@1tP)WXC5c+S5LW& z1aEyYwm(5gRqeZ_p>YBA?G7Aazdn6a$MNYO6LSqZN4MNuyV!3m|NDVk&Y-A_{7H_o zATeM+&*;{wH#npr`#x%5;k?%YJG&b%CiBUU|GCS`g`6bIb~-&p`SUSC^yk&r-ffdh zvZ4HbsLfwDH+#SX)T7(c?1qTQ`LkmGyXEFr?vLB$Hb3GR>+u}x_F&~!C<+XcPW{?* zU#3n!f_HpO>G3q@172cx$$88Ekhy(<-eaT;R0sFsMC77+3!Mzx{RX?fx;#M<#dVLOxS@K7T6$8FSEW(WMo!BKpwD(Y{hz}TSIW`IY~idYF9-7 zZOs1$tX0*-zvF=fn(((t+1+F9oSq6<4eu<)PE1C^sK9CIS`YoTO-1LiliLp7rW4K7 zwsuk078b-UeC>Mnot(rLL)?`ea|;WwGZ1GG5Ljub(m>vEhc&rv5>7U>DK2|Yo>V&o zQFzec|I&%cTr_i;r1pNaxkGWM$t$g)d08gO`)CZW4DDaoLDDlXJnZvo69mzPkh=kng!PQmeB>DXxEe7N4*jfJf@mU!3{AQwl_8|Jx z?fc?tqG5A~%)d8EStW-SC6$$(wl1iNZiinsBkz|HI!`16|6RDH~en?-|>JOqyK-?0{=h%XIci_Rnd91y3rXSV8)Ld zViz-QBz5zR&Y!ROxv9m-v8@KK$;P%7T90erj!4;XFbhJ%a&fVN?R;@BT!DLh9kvrM zsNK{bsWnS~Ff#Y&Ws2HAomcD8(JoL|?9!{&H!$FO{9EbR30gKzEei!Sj$UwITVO{T*|s4ITQda!kun)Vo?a<=apK$#>^Syhz@OWLm1h*UZIft)Xt zCr;FSy1vL(+}qyHlN;0P!aW^+_%f2QfLNIm_m!0sM7-Y`5*d2w_Au25O;F7}h3=GD z!8CNr5Kzj__R95R$f0TQ(9k0KD?vEY6mwFQKf88jSM1-P=-gzY6qu^&QuUufb~FTY zq(;sg7Su#9&)D1mAk}82CLfj3tNcxno-4Blma5H;)X|Q0WLZuYhqtDw-vUCA2)9wf z+1r)S&V8kyYk^z6FK(#HMi?tD7P1#n6| zco?kdqJI79)02|XJF+^S(nhbZqoPnw&7E;FL#qn3GqU5y4`2R|;(Qag!6!(ySC{)C zf2e6*I4Jlz#vR7FsY>Z$mxK$u&DE8prSi*WdW6|F9MgxHSoT8F^Z=x^+PXM?_y{YQTj1Nd@u_9s)fA_7g%qpA`78dSW@*!-k4%!tJ zJ0)tCmZu(CrDp-b6kPjyKRGe=ahv$~_|Nu>ENEXx8>?nd7^tcDpdvDj&CS)T(cjoi zCK~S(*pFMqZsaWk2f7<8-Ewc~!O)FDHsXexPuICf)t+ZTM{;h zx>RQMyP%*N%*c8&S3X0@@^fHNCzx+ixR9x%?`L&@IMFzeS<03zHbzaW+CP0-=((K8 zynJl4u>HdBLMD~I5|`p$A|upZWd52svlPo#@R>6qjOqqNUU6p~?LVY#UD{Y#fG)B2zf$5e0eOZ0{aaKKDZ$qMvkLh)_ft~FVO zqiZ;CV?%_OCVL_O>G*GE*lWB1Ib*%;>`(prFmE?El9CeVXB<~BLizD;rUA~j;wSU4 z7hG*rjbH-A#$LLa^S;9E$oVc~@whLFzPemoRYW73&z}waxxKx;0an1P=)}pB#^Nc6 z0ThR5c>S3=OmrucZ)eE(_DG9wehJgB`{b{ysI0tdQ(C2w+?$XvB3+EM?|$L3X8KAW zu^f2g5)P|?*9YyxQ&sH-2M0;Zz~7X(eEH)&7GdEU)AO3p@C${fb+4txPeHI^+r*TW znMr8JOa}k}@M-N!+Z7pT>rQc2``o!725o6{(#6d6VS=~7tKYHXxovdyTMsYndpY~3 zdd0&S1>wW}f|)%f$MP0@5C90$*i5vGF@Yq2br=f)EQ}b?o{~iJgi@)jp+PRO0b_#u zpK-i~I0CXCwsl{>2CHS`qXZz5P&g}h*sac8!I2CawlqEylsNh1<5v|GSwK$s{)qQ{ z+b0|}OiY!7v$N@yMulm?)fu({(%12=fRBCnpo6Ky1hpH*7OU$@tTuG_0EH@ao>Nbs z&cE~uOdO140(TiKwSo!G*Y57~2`w~4(8a?8!6*P5@gcb5xE15)u;TU`seeqOoFpp& zWq~JwwxrjYqn;Iw2F8|s-HRHI`|t67(65o7(un`+AR%FNFIJke&}d|A>{?UYu*-fC zEY1DzG7+87w9 zZ+9XWwVgVLemjs3tC?;U**I;CLM7fC0{F~7ew=GI%)XZ%ACEHnF16s`$cW;|4G%Pp z5FX-1(m?Kxipm)>M{^rb7KR^hiCe?{CFnEg`4AUNS6963jqU#OO_1;{Cz_>zlL`DKG^^R(<9mb3j3yUVBibr={ zHZ?sA{yrN;1=Jlss;k+p=m@p?6mSjuW|+N`?3Bg{PR_0qQ~v&>2nU4zp_q6n3e|GW=GBif2-u<3eOg{eNK`INltlgZCh~I;U#}6+AUI@*= zj_MK|n#>GjbSB6)se*2RoX>N8Pj^p0$0l#flTD<`#Rv3|S# z%VXNDEd~F=@8C? zS%O+q$F6R9wok^wVm^|q`FmSiYaasF5oosc*ZvAVOYK`)o7`n#o3j*+h*kG@{QmyK zhd(=d8R+RPjD)_#-Dja>QdELQOL zc?@o|{?r#2-<~Wu)i#sdD!=v!kCOHL`LA7Fh23I$?v<5Kz>!8{JXaE$&#(+W2m8F5x9$vJE z4|~Hlm#umkyBOV}8nAW}73-E?Z~r{2gG6Bmes61o*pX@4LnG<4^#cy}>J!zI0(BHLRG@i_5 zIvZ&)-KmMddIYDmJ2VkAF5BmEoMNoT532@IsYj0v;XQVdlt@AbXl`S}wnEdcz3Mq- ztV*(-7#|UBHJS$0A=9MmxMI4-x7@z^y~a}S+cap)!UX%W%>Sr)pA!8V%oC3hvS*<> ziBriM!JFfU7~ep@6E0-yIGCc^CZ%L#bhb7GiG{9))guG~8(idSAQbX#!} z<&DJEg~VXIYlRh3HQ1i2!b&v20a;`D>U{Kg&$@+PJyBnwbrI1i2z@28qxZrE`c48F9>{8t z1XH=}`qO{Im!RduvkL?(6dT`sUi$!oh%Q3I6GzAUci#Cx5&_d)iKU4s0=D4- zTzY)5<&~6_pd?6QN-g83oTv?M@}w7k5S%Gu-0t}0v6W9xKFis()qT7E%LRxWOius4 z_{S~hNsA#LxHdWviGdS{2H31Vw4NUT;v^|%tM`G9a?z|;8%# zA_314hx6c{KR??vVacNVMq(s6=(~qxj-E`L?0vR>Ym*J= zy?oXF46mUEPiiZu(!T!u=?)!D|Jc|~Ev<_+LED#K?)Ace4iC%p9?sHhM11KP$4@@3 zveSi3hPXCZ@r^fdwm|flC9&Lsc;ENB>!)+ajIW_os zu$U)q0Vq=zztfs^iJpLf98lUR=zWOVZ7{AbIr6{fEcqZmvSCmkR*yZKXZ}Y-HD^N- z%He$nk|gimWx#sVftY#+m7par-Wuw*_bOR&6xfwP8Z`q`#m2WS8fnlk3`&(W7>DY zp39*A3^Wa(i!u^5vsP9Z0k;l(NPn`m4+cgI`T6-pb6=alvyMb>&wNJhDAYS-z+}Fo zxF?QYQ-D?Z>C^9E>;3H4ubTaP~UqoF)Ig8m+ zvT%s2UY*ypU|oU2kIg2E7*pcP91t_+x0_eVAoRs`^R~?AUR|<-5`P#@1W~ zIk8mJ*7nAns|$orpB~H&c%+k2QMq;)voJ73aF$TvkQubFv>ZSjfMWRydVJH>BSX4P z=tz##Z$?n_Y&G<%R9*jE?6OgjdAja5!|AuyZvNNXdwOiX8J#_E`#e11%^4QkXLN6< zKB!S%+;P3^)5DyJoBNs{WHBgA3k(LI!nUFW^_`7>MhGH z&kX0yV!DsV&?6Y8#his#kKE<_@U>Q36QxMcVznMJrjR&(SM{daSj?bq6tVxa zzL$7}xQ||dG;l9yv;Wo1_{I1m@7PfQq-dzPn#%YXkq04KPL z_l)tE_my|${)FWF009n)d#R~4!4EqDp3r_8nvk2)4iFx0S7JQ;n25!~(73sk(GJA= zwI2WNoo}ePv@16bLi4E$220;YA;^Y(pXBuQSs+M1YihbYG(UKQNmw`(yo9DfL>8vj zRuj<)|H_hj64@?Tb#D77A`}qs+ z8L%Aj=^kWPe;PyjEE<$EUCFq$D^C-XX8Z*9$wOm}6}oGGrTV6H@SK9hU2Fqvdz7ot z9lu#0P8y$?lM|==-Sa1|4VlW#?(Qk~SJx?gKdgq}8+cOty?Oa^Pe+Lp_)+hGsriXH z6|^{PQL-JUaCEeSVe3(R2pAg-ATPvVGx-Ju$?Rj$ZO_;-wDE5reuu}+O#FlqSxL9Q ze|fcyjHHp?B>)E@|FWr5^%cCP{nUJh0GHoEnldnDEaU6j3-CFZ-{g#idB$mBJ5xqi zvZHi#*Tce1peQ8ml#IXK8>7NwWVtk z@FDP~C{5BONaPmA8g~`YQRM{_<2M$E@sv)W@%r*9TsiGgYWo0uG@wfNmoJ$?<5El2 z0r%$#pblqzqlXVke#S_-;3n8_i@myZN%^Q)q+D0A#UKrCQmU%JQB_r*wPHCb`x|;j z19N|N=`IY-TZcA`Qjn0y;2z3Eh;3r^-Mn0OK-3F(Wn-1$ zabK^*wVZ)o;wt}~#lwgmdyG?Z-uKzQc;cPEWO0)CtqSdU8d`q*NG4wK@2Hn&O|md% z>pz!INhyU}eeRJk@nsNoniN+ z>_~Eyp1#VL?fm&OP(z*(6N|pyIo6g=VquxdLi~X%nPq>O1~&x$cuVvGDmyv?mu@F( z4Svto{r2`7-^B26OPGk`GS>Hx7kf%7dwXBNd6l@h(OQ&>zipC`5+5&&3YGx_6_{Kv z_UVw2ka9b%RX$js9^?r@x6joyQuxH}lvJ;uWzUP1r@wy_WyT(J*)m@96tcSz21R^E zYfkb#1x2h5C?S6rWRtpkI7;q&7(u?gd|Y?%J0Cv#lvt4*RuY_c@W>w7lO)^ln{{4gck0^i9jT*BG`3luITY8>e4qnK zpP6?L4pu|r;3!Js!^ieWKQnpF^(q5aSA?iA#o4n)YrSV&-(?xdy~lBe4UTO5^zq}j zegttwB6NCE^MqXzdf>Z@WfNBdOJ2o^2Xcw*>KH?PiSf6SO z`QFj7hk=1)vLzxb%P2JyGpJq^6ny8bTgiM_p@>PuQQvh84Gr_`7f-R3PxgVIMGdl< z(&Ri;L=R`WUuB=_%i|(5>HM-jvv}%KS&C_zO4fYW*FLGy`kt}3MR9S*&oItrTxHmy zwJ=0YC185Bxa%ah?rzkIV>$R`nr7+!WHtv_N0XD?aY-lGtpxI_MYF`+4tEFrau-!}J$rW$KSws{Kq?#u`c46jQbm`76HOZY1*!=5gY(9BRi)E6TN<^s>R+(XE45t~mZd22QwW+Pxb;SuAXLXg2$1bKPev z!@CdubSEMrW_X*kUx;sgcqZi+w@d5l(DJPK!u?U?RJ)cQ&9s@FhCd9;8LI_d*PG{T z;Jx|TJSu^mfc_7CW8)Dr+Vy=Ls{9qLsij*z%f%46Q9*r~y0ltg6WSOhu_^j!v_aGJ z`7XC+hmG1`(ldWTmY6S^Q|#O&khPqc$Ymw2prAk~dwob%`IJMSM^+Zw@{}Oq*}Raj zC2xDsN3$>XUj)|~_ z7D-etLN*IuG4}l0J&lb6U^z-k1Y@et^-+JyM@Ewj3G$u{JX@LO<|8z`e`?=|3v&Qyig(Wv^oRFL`;Xlv8_`c+4;PX0!Cy z)z%(sEHr2k%g(v}h78sfQUBzTlwG%^eu^p7TCau`&azKoE@%Btt*gs?99UxlbyV|(% z`{ZE~oWsIb_Z6RY{c1_})m2bwb4#AyEpjtLvDl?_B_iQApaI;i?{T-D!xK=~2}bAj zr_aCLZ?@5B=-HPH8u^vE6-{rXsXCQ!xTwUQ$`>~%6mKT|n>Y0R_uetnu+(`^i%r6K zhkTz=k!iTN(+qm_jYaBwJ${t(B29*q4M-J~OTzY#pV+sX_lRFf$qpbj&o8KVe){s| zn6T|soINvI4{j7^y}vd!(dFbUqc5wPDr9xZ#)aOwrC1|!5^2ZY|F|<)y8%tO9rlK7 zKTk@vri)J^g;``k@XJpcT z@QGOrP+ib0*+)oGlkpUZZkp;?WME``iIg-dFOSOE*<-SK*x=FcN~FRh(0H)zdv$fH zld}52En(-4eHS!DG^0yA>%(RpT%aM@2?Ym9+0d~sUvx)LZ@m9kHr3HYEJRX% zJ5pXQJMl6z^LJz#w|ZMqF{o)M$>OT4tgN)mG=pERsxIaioMU4%C>BVzT$wSc4ORNL znGiCYCDzOzl+HsAtI3MWHtLMg7hz!{1g)mH>{5kNa1gZS`u|v~N>8k$f0GSeJ_~`B zPh)hjLK=AK(FqB2xsfYM0|>8!RdS!YPI^}!aa7$r02m-DKHkS>l0Ujg4J{z`v7SQu z?(PteABK+}Y0vgn%*|7K4Gf&Yz?d9KK`!H%SXy|l*X=vl?fJM#zv=va!r&6Wt#Rz= z8MlhWZ0VWwt9YK^+e-k6JHwcM=F$_lAJw0!?(WTTUr~&IhMEr^IPex@_ejFR)aGW?xd9YE z!%JKq1oe6S2jcC{z`=@4iAp4o6OJp7Ehi^FeE6UZ2r*^4^T2GgYe)zU&f-@a8&B1W z9rin}>?Lkk@gAQEbU2~7ueQxslX_1dQe9n*vwbJN-7lsU0w^YKsMWOF(u(igy}QZ0 zW{#^fHFkwz#4|E|v5O9WpM-F>)FgA@H2>zCUh}3UDS(9V(X7w(U64{)V|2WV#tcTK z#zf>2oZYK_R=VHU(y16rPD|TTr@RH{k3S==J5_V{MtwX@kNoL|x%oK`wYg*%<3B6i zesGReAtyOCwa)jCWvrIA_Uq^ya)2oRut)1Y8as7U+LBB6hxtZ0@M!YhUK1|EV}nl6 zEL#Yf1^W8F`22alQ$2_jM=4ljUjzgkIz}1r3oRZPP9I3uEUmDE_z<+g2|W%6Qq z2~JXFQn!zeE=p%`7Vh42^~{+S?ks}vDdxe-MfvteEn(IV{>=O*)@8mz5l*LwW;6*Bb3w@NMVaeIS<1vN^Y-B(vHJu)=J4+-Xz zt+ztX3Bm!^@9g?7Z9+@F4ch@g#+&-v^^r%akp2G|tZ?<#)qM(Ee!tI_!w(dh^UxGO zBN8UXvN7~iQ@PkdFV*Cf*wbg#t=~Jdx4vYyq8Wjyl|F9C7*hEmRCS=IFju+2dIvc5 zT%vHryWd?vsW9xEv1%$8v4`~Od;hBh6%gdU!l%hy3_Dvj@iRk z^7J2e>ee-!|1u*eUM{&r%y+->a&pZ!+PvNgsS5Kg8ahC7Zb#ZUnYN$-;LZ+u*xpn5tj)nwGp4b_JbQlU&0nGOQt7 z@K=Cv^kOm5A5Z(7x(@&_HkOi?mv?@oZgO@;ZqL?M%{+iHLRm1+S&%HE=uMNwz#GM) zIDi=bWJ~0fo?dKrb@k7mS-n*)hjioRBFjGO$TEZhjMDmfRQx^v!Gj;{9-%l8bKbZU zZwhzOO5C9x7sbU^rpOObrn#4Hz5RyLJ0T)2Zlrnai{%zyP=T4-2U z(|7LQj~-3YVBIjlkYO?Gil3c9;o)#It6p)-&)4&cc-dzflt^$I`f)|kB6E9ZskOU! zB;hKd`slO3nB8G|m)h^Dy`3}u7$Bm>e(0u?`ny%8bCS)42SwKXeMVjA{x}s( zoEdR>iLeEolXgeu9$rq&4*veA@kL^-fx+mrnI1>?Cns-(T~c5=>s4ILSYR{hjxf-C zt_yR!rn;%${Q4!@d|e$_J$kmg8FoWACh>Cbp^KJ7%2d>Rl#NRjZq}>+>YgJ)u(>JR zg6Roz#{aQEIlSlA?I*e?nRkw0Dg%SmJU81)QbC*t1& z7)Kk-2RLa)Co$DW`s9kssad^40d@R0w2;hK=bRtdKETe+GH6I&w4wxSro6%IFoA_c zS>ZwULQKQoxAeTezP=xLs*c=`tG%o{q_DQr<=?^{Bg@F3p!GUigx9x6=zrf;K35hl z+=zx%vK{MuZOUf(r>HPRzlr zO)88L_U6pPG)%^2kpoB_#-AJbjr%gjTzneR)OT`T-%nG85x<1HoF}$u||jY zyZiXOjO;s^kdy=q?{T7Y8+ZwD`Pqnyi+kPPUUiY%@U3Z&Lu*nMSh{2XtgWpZvyF}r zJh>jO&NcoO)_wfg3-q|pV#(=d1dQtuFBOEdf7wftl?<)&qk$xzuU;{u!O=e|K!Q8- zqrP6dt^sYtmrIjMI!$plzgkS*pevk^nAj5Bl<)#rF(U^DWnf_IlCPbG#SQHNTG&Mr zCG6)oIIiO<2<4ytGtpV} z_He+TEgpk4cvQN#XX=Tfx$=Va#D|k2ii-SH7qu>ObC&?ml=kVzH~eK@10a{-{Dcqz zbXM~F@muX-n9gFaTq;Hg zd?yd$hW$bQecxHupWi-RuTgouJR5}xLa;Eb+}dP#vcPm)v*f8HU@wp@-qa7H$Zj$) zsd(*>A`%=a?((V4a(U_>%wG-=A81)w-6b&Ec=@umOiVoNW_w!`Q5w>{kBE4UGUaY` zCh}kaGG%|v=KzbNS9e#!71+$$l8)s?qJ`Y8&}HSET6!GJ52>qxhn3f*3f9)1x9Xn% z_mo|^U*?c`g`3Zd&s@UdG-dMr$q%Hm?Pg1OdGnmsZ{L)YlTdDFU}7oxm*ln+AL4xO z`qww)(Vu}n!W-%3Yi|J)L$&xSjeEao$?itJb%;t$eL3D_P|@ci7`_hTGeznH`(OE* zsA$73l@G=H`TBm%)Z1d8%|Ua*9B>>8{t&*EWaVabQ{w_ejo=5pzb0s1rzL54-@b$* z9~6V0nCbYZDc<}$x?h|2aAZf(Ar)I`42&lQLv5H zh~bZm{QRjrvc1jCCxItC!`em!BFBGf)itolMR+G9VEAa*4gwI~7rpdo1gD%d2b&@8 zd+g$9g~ez+2jQ8oFE@*nUd& zQv3V+n{RK4ws&^A@YsAGYjn|?Z1sX>rV@+%V_e)}N5>mN^y%*P;f0^S3kZjXQA$lA+q=O9H0As?$_)0d%l15H9p?sy3Xr7kMlT= zllR)SsTW%?l)tPuot`cW9@&=8R?_xCoSF@*^Vk2i+b?7QvOdVpUVlh5XR3;7Tg4sC zVG@!yBKBqwY=Jzs&X0U_OPeY<9*y3*e?0@n#b3L-{nFBY+4m^Iz!PXXj@dn-&BXZv z0Rg9zM0t4UKjwt7!*F8E;c)1ln>U$3d&C5ThW9z#m|vS#(Ec#ZY{xXi^n}=jf1~3bgS;oldVU)LlvNDsN-d7DBod?m;rw};d`JsAOTVFq0sVl!# zZ%K^}f4%= z;J|#!(flyU!_AEgO)UHIB25Y_ux31;>Ue8uN`uq&C_@*wNZ*3K@xTWA~;6T^vi0tDIq&|b*N_{8na%fBhDt{%FiCMQQ@ zXU8XqqZhB0#Pnb_x!>>!Zf>98U{-^&TPSfT^;XPuUzOfXeg2#h%mY-+d#_wMdx$xK z7^;_+Lb^!dn8e1!6g8k`#ZvXD!s#{7kSQ2Lw@|<$&@g@ddg>!?#m9&J=+QGMZPS`$ zI62LMXneU@9~38oPrfPYEwUU!8x*XTmX@|pNooI`JBP09+ZR~0CSLdM9d1q;zvhQJ z6D#V|i!|fXbs4&{vU_5#4EUBFqX}hiZ*M(f4sq@3>Jk?&iY8Fe$oA}MHYhSPFyMh5 z9;R0hPE3%wxn0nMQ6M~xWp9kT;lVGAcQ5~Qsyhhs#MD5j4|HY_3;7iks3PVx{7kB7 zqC5PWfnT18pPo8ZcH$(hG!|NNvaPl79q(0==TOZ}E18?qys{q%+(I?|)H^->AX1IX z(-tFV8-uiQx>$dfUoe2UroN%!u`6wUUS308Dz(Q}US1yfz?7ToRL_Jl170oukc?vX z6bA_kDxA17U^IB>y(urpjZt972#SaVBpMEv4$e9gaWQPLk3IHB=j@70OCRRuGCE7> z=H%q)RCq0Z%nYPfR#6Fyj#gg2KlVAP!vmTSct>4Kc?ieSG*^7DzNu+Hp4HRHKj}cU zMgIi6{Uxodi=)5Y{abIZZ+`?P1Qr%f4c5>{vsF3 z{%7KXLqBN0e-}r}Aq~E5b-?;En@+w=EItc4&QT@LU2on{*49+UEk7-^lY4bzI51gq zUBg@*PyM2b%9k45lfn*XSn%6=74%RY>RRC@Wk>BmQ6 z>X@7kVhL6qH>=3;Y^#$3(n?BPk>zdSkVps5b22kugV_P9!5-fpJtn%Aj$Uk@1Rz=f;7otYawud|`WaGo&fVUhWX{OGeW52u4|&%j6=b8B-rA}3^l2$;6d|cSs>u8Pkj8}s(ek( zw?!$MX-@Nc&n3naGvIF}r>sooF2#l=gT(*_X||In%Fg#KE&i}sLMLk9)vMy`lk{36U?E_8BWUk6}2p+j&pwT?ilTzpSeJs+li--Y1ET!x}I5mzkuxsuy<$=685fYzVr~Yquc8sR77!P=NrR8OX~Vy7OU=- zqA=0#+z#v~`QK(`QoOtVr{4G~HEY5RnWb}b%Kg=DPhj+)p`NmJ^0hG?oo;#MYv15t zThw5b)+IC4XN35Ko4)U9aOT`kw!EN_})U)c2Ca zv~8CDiVkMJoysqBdqstPF5kss;Qfv+Us-q6&W4E4voCsdFZ|#dus@QY3OkWlv77u5 zfQ;3kuRHkl`3W4IL}=#Qw<|=}oWbkDllh*@Q+yWJMSem4@a$w8ACPqZdP2m-vqH0C z$hA|8?7fj|bD%6kh`xa8?V^&yugRYwrRl4{p_mE@g85O1O(%a&_f;s!8RU&Wjf(P% zjXkH+@#RZ`e{k2%6cg{99OjcAyn50m)vi9^nISN8oLUk>+GPFU0~wLD&}P-sQ#sn5 z&)_`o@9` zuA#Y@!-b|lHCtzSvPtDV#)hJb>3A`xX97>rQ45QRp!C?hfHIUHJ9%*O=YDk7%RSC9 zRa8W|+{2TnaB@-!n>VcWq*G8(9k_Mt)=i_~Je5aAo)yuJH zW|kXro#X=HI4n$G2;`IAALkyt{gql(MFGChCpep<&K_KvOd$5$;ac*9*i^tO1K{nQ zVJ;$S{gD6wL*8_d3#F0|P8sBbGFssekE!T2;D{q=m#qP75~argA5Y|DhtSYCbDy6D zNJ3ijZAzw#Z@aszzmi=CDqSF-hv!0^P6{%oVfpR-fr0jey^8}rwGFKkOrlQpMT24lEz_m&IPfScoI-kUne3r<4XouV$ax20t1VRaqk!} zPN5j;FLUCgqWgvjbgC(T`>Pp%a5~J7Q1+EOP#RS(5y4HQ&3grkPB~+45bClZ_2thOI_SRSa0I$7AC?6<1i|-${5v}2>;Y;CUy*PemXeAf zX32dhufZ=00AmK-Zc2h6gm)lc`7wRqfzQ@qXlqF!T>^}?hXC^|6)0u@srJ?DBhmB-rk+KKgG+vGRWXd^rZd_(;Z-` zqB1uA0BffG0J+Q|&_@amnaA7PTkbo7ZtS^!UH{fV4Ko3H-w^O5J{vN2x4d6@0K-nx z?JZ6W%Z?RaR3~C_d3iU8+-1TM{;Aye&KL?xja*eFrjS_v%E~PtIpe&CNSiIa8P|FO z#LUaZ*Mwx{sN~etSn-gW!L>>)C

K7w;y5%4{X=S6`QRtzvd?d?4JxMDq=f$@OQDtIz7;+;;%P3E}+q~eN-)8l+NY& zqg8v&l$pwwi0p03_(!X{cn`xVdcVB<8=vTJeBpVtx`#Ln3`xkUdj4$Nq4QgvUIx1m z9d$PxIT;Bj90}Ss4<3X&(q`<`Vtc9CpuPK-@^8C)`)D(dvhyC>cTR!(c5SU`tGXu4 z{O25>wO+-c{O>X{`ZKPtN;cNP;1F`)sQhgHg#P(~121a6E*)2ke=Oy(TjPq?_T9_n zxA`Rtb8>t^xr7c%T2C(|>d%+rvB~2+(=j@Qr)i5+Dm>;Bi~)&?{y#`*iH(1+E_Uk^|^tm>`&8p)F3O9 zdcC>tH4<G*PV7 zeaViR>L$t-oJKf4D3v+Sl7%_;b%R8C9JOm$Lc&A5pRYn!ue$BrJ$3L?eS@s%yNI@7 z*-Mu~LLR24Ydzn!^BueviSGpTo&Wyhe6zh!IEl2YF?Cs=XYfyua?dCwy~rudseD9s1i#fmfAk?lAfN`ShhO?*HFqA$*HdGB6tg|Fhy^}jfHB0>ckvmR|}?9ejUX-1=aCVwM-Wr~tn4-9xxV9Fym1Rm~Q ztoPj)@$nV6_Tkegw_961i_CJxv0tv1O-S3=a6fnme<>dg454Eo5JAOY=GVo4cw7JJ zjiQTy6|^HpK%eVwilEuVv^I-s+^S|qQ<~Sd43fBD%zU}Fx%T{gm)_-GZg^JGfE5Z_ z#U7(KI?+eUN=q3W7K?0IwiwRd`FjS5^WU=c^xssaob2pA&(wm)#15bL6y34o>!{@==Q@l}VhvwN#%$(pCKQ>8U_2RiPH&Ect2ND1J6cH?gW_a4fS0}8;U z5|RUq1kV35{<<9SNB25h#Lj^93I&(Hkoi`Q<_K8mM8E}@1!{WvgTLVnfNr;ssJtDN zT8NGP_s3wGeJb&c11;e;m<(VMtIJGEzTNVpo{Z{K#0dx%p38InPSH z5)1IpAB!H9vQud155WbI;7!iJ@xmd)`pmVv0Hui7=Wa@iu(*~>NP9az?={E%odAgd3vdt0W9-kBr`` ztQz0auK?K{jP{)b9H18lYJS>W&Oaoy2t^$!>7J$CDJC=O`5YJ8&$l91cwv{ceg3(B zti2%AG6wEr1K>!tVMNZN{aJm(K5f;Mt%3Z(|E|y84K4MO0)kAW_z~rgqFt@7o8W<@NRIal&oK8~(-S z9tUV&C3U|(>$GuMS2#aCFV7#OI@37|wgVjR&^d;D^91U(oOwfD{lfb2W1dJx_lt>% zfs4}6&~Oku!wfK+N@ix`g1}nJfW`_!7MY$xN#Z#iwuIt=$ohcZ&IkCZCRGVKdKn&W znydD+bHh$>=nk=4Ut5zgG1;#CLCvX*?lh`Ja_@bk!J%GDMdbfB8KFzwv0w2ZtP@wW zb#qS>o1zdgVlc#eF9SMdL1kM`_fCSG-|j=EnLgp4g%ee_g4#DY`WTc4)3vy`F5C3{lTeMS zA1=VK(aFKV!S}+ML}pH|_VrJ;`ug|b!(Gy9z|1JNi*N#HbgnkTn$~U%)3P_LHLh?S z{{4GD5XCoqoSY98oJByWEOdYT zC=ZY+Ej_(;Jf_6)gJpMAlndO;t&aIGFWKz@fIyH&BkQuU;`n$xT)KpkRsb}awMNFR z%&@Z(%#Z45Yb(CA>d2u)G55YzIIS4a$%~gS_tZI`E4?vHa=x|^EI=IwD7r*#TZ8n6 znl5m3KX-TMVh59oh)YPRsqrmLd{aDHRZ@s*0xst>GdogD2&m%hr|%Kd7CsIr!&t1W zMmSQOoNk7Iz>D8q&+mXw8kgYd*O_mKRY7ucKQ@HCnHhUk^^f|NTt*5CCK6Lw3*I0z zEDB=L;pwS@arGBFwaxy#DlVoOYX;XYHUFwjm+e3eCtq)Bdirks!G&1BM-~>I6N=zH z>tZa>hx1FEe-)LKT$YW{4pU*I;2~^+Jn)aY*&(HmRzr;vkb7hE2ll zk#;4(VdMmy0lt6#GK(?AgLd`g!Gj$<0d|Y(2CA}z&i|mQA1N*E<>thwo zIaV_ZNZ|^6mrK!Lwm)CPU->x#k6c%E;LYJkE1o zbtocHy*R!c^6=0psQbEZ|ETde4vtILKPLu(zjganpyWAl5`bhe+W+v)0TS^y>U$a z|6rS(;k=zZ%YjCse_kFBk)d*bnf}Zj>+@$=_BVwr0#7e^bPHLR^*M00_wFz3N<%S@ zVniB30#Io$U_oH)GC6hwicnhFv;(+htmw5o`xtvymWdw>vJA=wua_QFSCbN&UY_9^ zIR%?%A51XZL8P_s)72GQ`vyzFUyxJ~yrZM(B_wZp`s*HG+orJZuX?sS9eZo%E?dRz zt%s?3ttTI$SZ4LwTs%bhh=)e~?f123_IUn&fq^zjqvVu7AA-C^Xy;IGl)Yg4%5HMs z@$6Q=u%YI+V5Nx>(>8QEdtV;k3kvn$u3TnkiNjG(z-j{JY6##Ibc!P^sk#_HsFc)M z0s+!*G$9EDfNEcVOW#H74m|`qz?aTT6WskZYO+0r?Um1g72u8!iCUj4h{MFuK@v4(?n znWm74l6uG4WAe36lcgO9| z`{FyAQ%K67UJU?3P2}+y{q+Ca6FN!f`R6_RoA7V>g!~*MINH zt<%w@A|uP}fA;guqCAu>Xy5(aal>yvn(@yj5uv0#QaeLd7Lh@O9dPBIR z`w9VS)u-USL5^s8eH3SpK<2ZWX0Tau40Q!o$MHXkph`lXY1S6KIC%T0(Cxtk);2an ztx+nELcK0nE-oy5%2wYt__4zq%#KHo-|Q!#SJn8!EQ+ofjCLyho)IGG9kq$$<q>Uvg0ZC^clI-3no-o&EN5OY0AJP#h?lU1;0ySc!;I+(u_fYr2YX17s0=>%`vB7$ zBDi+szziT-HuP6l&ThEK22bi7IPAH5y8qZ0sp#lvWTgy5>k!cPKX3XT0Cpn- z9WCxl26tFgdw6K-=Z{x>vU{T#z)=FIhY&y%ND#Z5dV0HkyhG83hQy8KOx@p&UvlC* zcSxnD7rqQi5JU6MMIFM~XS?$vBkzN>7l;e}OjH3kWUH&jVs_awHORF+MJ7Jdb&7x$ z;SVS|%~9t}LzMH{k^9N|`cGZ3;~%PKVrBKi4Sbx}brzjj-6--Pf7cwUI$+mV?vJCT zr_vtKdqc$W;=8T-!{1(JqwrLDO-?pP&GcqHzdmr&v+VVKa9p^MUTRdwO^?hClRJa1 z+g-^&{RGEI-NzR~sz~|&;)puQ3U>30`}Ts4PKW$klV>kb^pZpw=80S1cB8H~{ul+}E%RJ3N2iX5@ zRo`acF+EUAN+3o)c6OO^&rKfu3{E-OQ6_MC3e(@J5P~$Vru!w~pMD140)~5l{+_pg zD>P#q{8Mr7tKXhnS|sk^8I z0tc!_3M_s_d_NTi<*M3dr}q?&zdZV1V&INCU%mi8R_O~(*Tb$416U<4Ip`sS;qm`k|_487Efz4m?O zmr`tWixePz$80)ZNE%!VfR3NG@2?wbrn30~&g)BxXaY#3`=D7@K)b}(cLLt(M{&bM zZ96U)z0_y^uYsI%ir#?|=J(irG=N?c<4Z%sem%wj^Y`rqE-VngVVSKgGM>c4570Ov zZ}CTrSm>=Un-d=ar1G$Wr_0diBbRMB8P zXRZMp*ois?JxjXCZ*tf^BkSbD!h3HHcxE_o@2k^Pp^hG( z^VZnAYs~A^0&z5NaWU1Eb@Y}~bFb7M&=A_D0P=~3z#_3s-`0c(KxTV+F^L2nPjC;v zuEv2;Ee(MbF~}lyMpr2mGB3cP$3c>mhW8KdZ5I)XpZ$FnfDDr2AV^K+K$*bM5n_6e zrZEQ13d<`FTzBErRRs8tIb{zaCLu!VXwtGsRk5L1^g)*d<_9=1sXi4A90_6`eTWYC z%&I%|3jW#GnW;&eUK5)E##PSy`D30iii{9UgD{C>cRJ{|v65~;gNGqv^v8i)*VmWc zm)e~6b_ZpaUv>60`$#je=VVsW~X#qQZZ zE#?sJG-fJIXl#R9T42IP5GX2(6*32tM@-PNbtf`YO;SVTtScKkzHaUnY|2N8O6)cH z_#`;sO{4pR>Z>%bmFjRG!|vVwAA7Dh%!>#M*9|M1^;aoeRPzW8VXYnnmHPt^eb3wz+7M2*H15mOo;K6I#@arf@+=6;s|1qTnx6~C;&>+4C|0{t`o3uV_>nkqQw9Rx zPhIUEw*9SnCovxW*VPwsNuNdJp z)%dwY6es@>e4=FK6|P;A`1DD$LGst&3=Nc2b={?>)srO}zJK?Zc_=~93F;^47aBG+ zkM1ul^l+@&gF-`hN@Pz!N{)UJJHF%$+z0%T2YoQ3fZ@)i@2{ud!K&(GS63$Ttln=? z3{`3vIU+B=CF#!47Rj~CN%PBR?*@ZiwwoTs#l@B_;kxGyD8mFY4bPr~1?NUa_kq=z zIpl4ysv!U)c~jTo1&Xlx{78tm@X^~dg9G5~lPEl48gqgebhzYYSR-g3>cVcjBQQli65O^p;CuU@OjYhz=JaYC!$AR0TS_9<>#b+r%E z(%8W}K2Rnp;ZN3mqdQIG1mHprIKS!cqi)N*)~LL(wO-D$&dOqdDJ1@(oviE=!ZdNJ zT+a7MpsEfdEXDsPDe%0DSIay!7pBx`N`=)kjh zC2UE@L#YJ7yGo1WV%^E=JW+Yh)0RcXl&uo6q`NKXGBM)HvcIZP_V3c@WrJwqb`|%FG!zy{@19?%h#$_bH9M$lRwl^-N4s;BP!T=p%42&=*hQ znyE%Caz6-}w2%W`#L06OEmvb>r!ka|r|r%Nx-H!StC7!_;!XK0y3b0z-=obpR=9zW zC@9oopeXt75>??JR>F7lVjed;$c%l;czs}p(Mu~^OrAXir^UAU*yU+Xzu#x#%qmPC z=HIkW`xqq-+(gxRe(%Z{M@qb>h6m z=0@_bVKLnmK4IbMP+mXTdRUVnuJDwHUoDORPqd-I_~o_6YnY-&uuNZ@xKQF159q9CjD5mQwke%Ij<%Ma8@_?gA3D5e{W8nVeztV(+*t(bmUJ{38!nU&$ zLF!wvIWI^?IM|n&7x|ySfn#<~OW^+J%rP{hB9JJ5dUKZ<6b)Wy5f45@d>BpWI=iT4 zfnNyQH&f*(tq^;I_#lv!)6&99FY1FBTI<1&un)0$eqSv$wF!eV-GRYuj?VUW*_lE{ zY!4jw@7iwis3m+CF|8|-9hl>U?=+wmj62~lGqEB`VDm{%K8#_}mV6Qr zWvLgbhZk2iDoo8Z4UV0@dN0zWva!VSiJymqgGtZpl@)aqhJh$Z2(6=+mOdh%X?}q; ztg7nS=YlIveSN#lu4$2JYl{$hvKYVlw8a8rV12NzwQ`=;>yORbA3t>}8WH;TOsepo z^CA+nZY8(AaU2aVP>-kQbL_mi!goy)jRpE~j78>2ix&zpSktp6_Ew z45@#bIhb0Ap>_1pll6-~$~yYWe{t$4CkdL}ky5lIivCo&6ciO>&_kU_~^87&>nx}2Uy9)J? zZcxDgEqaLa^qG}iwcApWy!s^#M!PBgMr5B1ly86)LGgsh!X1>MO=RdrOhm2`zf6ni*vn=YJ z!~xk)Dx9i8Z7}lr)Bomf1QHtu&+M-RO%fRWRu8<(6y_s6M%E?U|STi@Otxwta zlhnO1o5E$X=XyQdeIDeK62oTpbC`dZ#ConQZ{fqYZ&IP0B~wWaeos=0RJo4vsqruH z&VRGRHEY=zovq0Q-I6_~ZN9xZI;p)Zj+`G9O4-9N1=z*JcIE0kE-bY3=@N(W$oI({Vl=W`KJNrX9(L3kPUC9u7v>V6$ZGfUD3(H;;D7N+&jyX5&jb= z4tc$dhzr$GSD$9K;X{z&m=oJrIipAnd|r(3*trgk2_f;^{dhRxj9QDBO0&5xPx0#5 z0=7MlwQs=fCvcqViwyzH=BC3w<2Tl&@EKjk{@!d)ffsGBe zo1XNQqgF_kF|ZJ}e_&FZ%c`*N(&W`NjX$C~u5QFp zio+%z`~Pz|*+2ZN#D$l3Ua|OE6ELC(%)GpkbBBRpxmfya3q8LfUQ5K4%6rFtlyU37 zLmd9_Ijc3%kBNziMf}bKAJX--Ty7a{?Rf!p7FG^UPQUJv-rhrankU{Pgz>1w|C#)h zx?jJi-`Ym$a*eytrAulWCqCm%z_d|`J)j#zwBA=O%*V62knRM1d&%&^_Q#0C@YIjj zPY_r&YCYxPw%J_cp@>O~G&oum(AB^n;8Km{`O~n8otWT?M+&dfQwZLHbHltKHC{+ejNdzHe(l=deo0=&r3$C)3a3%} z;WmBK#c@ik)hHm1!dR(heE}4Vg{NY|qoaKxgBQ6sago@{J@GaNYdB@}j3uJN4)EeY z#{!C~UtCsZ*&O1r@NYE!pAbL)oE1o(J{$BHzXLyQiI-6(i`-A|P(!@OBfcI7vWLBR?q@do7M zG(U1T?RjA#|DOFU&2@F&csPC%O30ve6Po$Y85?V(ADjl90FFg6hX%rrse!LY0sWYU zjoap$E`f#hs^HD&xnvO$k*C#bi4JU0#fJb~WE!^?%ixxGZY!jTU4H(TE}^J~IQ zWiYXt6D~0rp(Lj;62iKUKBXxfGy2NY77UymZ?pt4Di7HrufhP|ubiq?SYBd|s$%ALld=V}4{#M@XApzR#nAqH3v&yjip`jrh>)}hTHZuxUHYxYI zwwo9gFuCJZzyo$W?g-~1h5~JP?Ea8pIU{a?pU*d5U#)#VRqw2Q<<%s z6Xn@m!}As>n$TX+`smj9xKuSsT&S}c$wI1b{)n};HBQ9~R-MN0F=hmsQh4=D9}yGt zL;hRhXgOv41U>hWk7=6?F6WEJtL%PqVWvtWxMIj=8E{Zyv&*kYva=h%Uo5vX>Ypx7 zS9k)qL|shf2&!BcXo#g?`g5tscymtTR0N=ZNP92g<>G1bMh(EjvbCsotKD~BZAO0n z!rb`x?kEz{-GCUf9aB7vWyDkpMa-L2O^2FnDGpEgzjTW38L4u40+VlcM;CF&)fl%` zIQKq!-HjU;0uLSwMB-y; z$YR-Mz!}rFZ|_XTwZ_(l<~gV(btFp382H0Eh3?(HeE@QL*%NI6RG%`RJtOP>COmAV zRaT&u?9xO_wrgpLGFH@vX=!OckL}QJsgW7ymO_COk~Y__Nts&cP#`HsY;yXb6!qerkb`r!WB>k{-@K^^)d2~KCl9+k+VT}lV_jocOEUN2I0=9Hl-SUODCyhx z-Owp=`^tF~%E3z!2FIzmwF>`LGy>+)RC`rg%574^fluk}jRcYwg9Wy;v-(p9wb zM|pT2Ls}U%07h``<>G^=n?8O#!0yf~;6WlQCkGTzyrbi}FV*16iZdz$B4aAa$YsZl z4Q~BH7G(9PNx7tqZH}Hk#b2nUa4AjW05b7#@1K2rJIsfEziVm=k3FQ0n>o+?l5mnw zh5T$*dU`+J+pY@XxRU{=RpNy8X!&mBl-c5qps|ZNNlhIfQ*feJovrF zWBo$TMs5{-z3ltUKqaEy5IZJQm65k}lr)P(;MA$zxI$Wf!&oXdDN}RvC$edE0|TK! z6pbe4dV0ss_rc1+dH%xYnH&@kN{xTRtL;;qpcjQbOI;w%C>Gu}2P=`Sc85tSAwm1q} zV~UR43h>>D!zG+EXnNiuM#Bvy_tjlz)J4iQmKa)oCSSq)K zbKUr{d*_O|r7pdPhey=?>a;ZKrluy$EhX1glZhicQu(REdG=szTwFwCBl<3Q`k_SCb-Kg^M&D|et&zro+K-F1W-X2!WXaBz+BOv>~kHLBEQ&~A0swYRR&$d~u ztgHYajQ)RrbY77c{$c;me{&hs!506|*Km*1|M#mV7cckTv=F{hSlebH496J0TeWV> z(Exo7e{AoS@^}oW@-N%-3(0s3GjokLDPZ8SCor`A#@i zB%;HYu5p5ZnW4wIxyJ(ja&Uw*ut~|&AaMiy29h3!u<&oi{MnSjq2|lLSUg`bxg0#a z6%r#Lr=+U7@+t4phAH+x2GFlp>HQh-GvtQ`rog3rnTusrZNWb8Ncol8_Sw#LKAZ_;7t!ra8Sh$5-`cAz8^nIt+qA4=8G z64|$J_JP^&m03z2vHNHB(aGfIZuwSbxiP0=0wl&G%P{V-VVo-WX%3E!{6AYpi0^;< zDq@7Zr2fYRNHQ%yeD2;+xSp=CzuDM}DxsxiyT(mY0F|PWvhoHGBR=tLGF3(J+fmzY zKF6b6d0Vzt95LCs9@{xL6WHKFU^(5NWa8ep{2Qo85Zm^8sNN9U@v~=Fi_XeVP4~Wg zCyyRlSlcks-|r!4rW@Kko zqs4_r#pZ|Mt=Z-#dyZwdBmV;rf`d`&%Y+bd);0Du7<(r`^y+bX6@I{PfdOFgbd-MR zJipw4|3M{1ntFeFOEvM#B=MbK>^H1|_uzVskh!F%2cF z?{ik0dz4{VZ8K`}L&6p_c!W=&Nf83dxz58F!4>>r*8Pxpmyzv{K$_;9R|!%c@R^Zx zz4NYf+9hNYu(jU$*6i}~I?twpCksB9c>Ulxb(X5Z1m?wS`#Pfe&h7ilFu)Gmj(lvQ zI@)0yhg6`aXdnwY9+ur>v734$F72^GoQ{1xC=+-;u41myRpL7UfC_)|n)3$1+ct=( z@TvWY>q~&bK#!h3aXvIrg)8FovtSxCvnv=R<;^*#Jh5 z)f!AK%NE#i6RW6;yR~v7N%w?k7hD!Hv;UOte_o!Ml{IOa$AmwIGfLTy?$+JRtd^(B zSq)?%@*Jy$;vRg$aTI~_9FL&l}^8I7?f-dTsMeM1jP5H%yy5N ziK!{U&aV2~8?l?m-2Q6ZH#Gb%Y}aRDmI4qQZda`(mRHEBg#jQ0C3+>0DTveY=va(t zbt^o@7 z9?3V+CLwjctJ-9%Ha*e)k@>7-%lr2$`W<6i{9|Kt?xS@BkAo#B?Sp8f6NrlI8jo%_zF^jK;aJKV&kZO+OM47hKRP;#SiT~=d}-=)W2FxsWG-tu zjLGoMzK#UO2_6ydlC>E5N<^wq(=#ktT384=zes3pRkK14Iv{Lu@oQ_LY#Q9{NRYUZ z3c9bHfFb0k&!0gS4o8>5%+~hp#;S_rt6doV$pB9sfm_HQTYdLs_)S87cFpDrleg`U zQ%>+G|8*KdVQ{KdvDK%hNS)W0_=p>{E>$q~4quFNR{5KI^xyL`tTp8zZ+D!4nEv{V z>FKJfk-26zX6LO9MmsxF2M3#Gl=-lT;U{+1x=TfnLQpc75iO#3Q#y_U{)H|n0yY<) zUtTvsGrALPBa&fq&$s@350b}0W`GfBal=xHW&SQ!L`UD`WGOV4slS8D0b|>q-&0cF zGc&KT`Rj3Ac6JYUGA>UKm}B;2`A~y}@Ul=<|ZcVCC8STHQwH zgnmZ|zJkcuG+1vZd*%Z+l}+yp>Hwu>!h9M#}IMu*20d+t6pl5OwL!&`k7UmDJ$ z1Q2%2Jbw6aGW0;lZ ztEzsD1fg?bECObtl9WsvJBeNxXoRt&ydgyLW=&1i3VLlFMAdk?#DWCf7Xp@dW2(&I zvmK|ey|YJ)`T-do57|1u;hE-$<5Y~2uHc|33cHu*O@Tk2?YZgiRVvvA4DXPnL9X15 z8$1v9R2Ex*a#W5I);&Ab;P(>h36%@gdPjlU0DzP6rm%>{5S2tkB!Q$B(bI$L{OO@9~EJIMIQPz@t~-8`EP* zcLi@@wDHLi0-l8eXzS%}%cp?E9Tyhfq2JR%C@?5JOcS96$pw`Oy4p~;{faS}TY4%Y z%=64qKvCY8hHlZg_po?Z(!EJ>ByTj2>G^mj?%%#G3s?fM!Ic_!wHkAv(D_SeBU^Ar zp9Lk32&Y*!1yxDz>_DG1nlFKXdS656E6GX2GciD2Nd|v^)*HTpF&K|fgg)?r6;KP> zu?*hmx)k5d*DCb$Q`rBuAK;zyOr8GIt9g-E`dRm23TjIjXMnFQ^i0wGAIK(C&Nxs= zx-R?%e+sJieGD=8(6`m$<$Y=U+~BUS2bS|67>NIOSkBJApL=o+6%k?I4+-aXz;o<$ zIcRa(*&Xdm>(WgjNf2!F!AccP>m9bXwq>^K5A$^Mb6;&H0-J<^lic=J?cQ}9@r)AA zpoA2k{oXokbK{2<(`T+riLDq&ddF2*~*IT0A?*b!KrU=pJEnp*o#e+9CzG zh(cH#dts<0LUCboU1ajd{ohT&`2{dXCCJHfp1Sq^+^t1?4{F$~>CySK8m`KaPg4?j z^GiS?S6#84=nZ?&qdHJyhoBmUyrIPE16f)y8VvpYR|Q3N_{$27s}oBspWE~lauRUm z7Cj|-QS+hV5}g=$?tTSWW_1biINm>2Cu>sdfmA7yI>9X zSFewLhk5cdavO<~*B*;Jk*o8gMDPP2bbyVmvn$saPuA$n5~ijU80BvyoYZTFto+oU zvo)!nQpkobu&^e9W6Mnd_kjMh^C4#Dmv%o#ZmnH<`{`30U>U#;O6WRoEM5J&A>uR@ z^E9o_1%AfC^b8Dp`2)2nQd*PsW9w77{lPZ6t#q^ z*?Bkrgdaz6?2d4Ew%vR@=+g&R6c(r2iTSevMcl7$jmb)TvmtBa;8VMRvwFDoTds3% z2$PtOrBsa4hy-;cc@y!$3kniUzm+KHdvoicjpdma&m2WVq(Mlu;jnv z<8$lNLpWTx{m2>U|I|2Bzl-D^I?pVUW#}yzutdYmEQh6vw7g0toa{m@tBws|zem zFR(B-Hd91g7k2JH+{Zf+8WQq*@<%~gid3TzhElw_>!hHsKenn@Xy^j+V@G#>%xy=l z@vE5^HDyNeUcl8xh1mL)Ev z0a_>wo+3x+H(#3Ah46G#RMZ#yKr>Bt7oj8RoE%z!Yl}`97sCoddmep{4180O%u2Cibhj`3L8Z*b6`t;?CVw%R_=(6guo}W-% zKYHvcuyFj#Ic<)xnKpr1GTtPl`0_kaT9x;zYyU{K=uSOT`}eKZi>fR98nBfm=J?ic0iJ)7jsv80_%)nOXuh z4b59bO{p)x;=b!Hv_|EBF3BQ~;WvWRn+AD4T7!rv?=S%5_T5Q2B(i5=x{hTgi{^}t zVIP`eLPA2aY?PG2XdU*|dWGWn`-nsy-M$xPWoDhpNl;?@;kDz}KY$rJGZ)_gQ~X^n zAhgpoEu*PE@#8f!P?9?ny|CtgZB;q_xWsu@0(rACM%)pDB^<#ZQZs(euEk39Pe)YY zSx5DQ@qnl4NUvDcB1JiN;zX)+$^12h_IHgQv}@ruUGIajqTz^qkcvv(xN7gUxBjJQ zs62o!ZEyYz*h*QLaY@*@r`B}d%6|9$JENQH7oq8H^d@=uu}jAap@)b3MDXr}Q!d)C ztf@U$Ed|ku#0P}0&NFa^Sr=pEBE}+I`1jS;rYlFNzFuHuD3lVN-V^#p_b0zMp(cG% zT%2|FbWiPq5kxMWad4AC-a9zRaPqQXfZlUM?1&AOsSBQ~!#yl>Z|+UjgUhI-rZ!AW zLx)=xruwVZpbHKR3NrovN=d?V<0(W`<`z0ZNZ^Td5({B&zN>F$#{KEL8h83%tjIK|wi@7WpP=#P6`lRS)US3%T~^=~P`&@D4LVOQBr0n0A)Zcl0E{jtbVhMN<<8l)RGmU+ zZ4j6~#ue|qKB|Xx5QDL{=mfVwo8o}-_H(Atoqr=dCkUE_UWV}Jbkk%)%ceBs&>i@6c>{5dP(-aR^B z&#Y(4vkNTk8>>&8JeIE-L~AkzbdEYHhOl5lOX zQ%Q^^Xl7ggD3fdsVck+;qg+^Agnuacxyrc*W;v>HB`zWN*OyprKFfbQ1s@-D$3GXP zFmrR~;$EKodh3;Ov*$3*EaEI75QmAg3ejD$++6F%Q%5^4F)~uepK|`ah*wO?fCyF~ z=p99Vjrjlph<4KKQSVphl`F7vP#_a2bu+&Xquslcl#~?cIDiRipyLRFe{c*G7*&Sj zr)U_K!;~VL9PqZ9LQ~+u%y`<)P>w6&_u$6|p={>F{fnU<4Ma8MbdkefRWz~)d-u*< z2M~b(o`uVGb}OPQbSb{p2-?6tJlc2tHD~wlzeJpEbN8QK?xBBD*_f?*`3kr8B_NLQ z3Sq$?I@!*ht;!gRBXMFf%1OCGA{bEWFi(+OKu7P7(+mqgiNjph78pi6zwM)>ggxV# zc+ukHN9s~yW2wL$HHp37GVF-vZJ4=KPeB|fGGhzSuEBN_vFnrn{Dn?6St2BmCR-~n zk{j?edXmDpb8Moc5)z3DPez1q^-fbTEifa?e1=I1kvzI&%n6Q$RnEr4)j3t3ygFM` zs%lYBlGWmS&26723h)khn1i5z-V${08Drh~(57Tz%MPRXeDG@(2`6z-6za-`KBPfp z$carC{?2yg=>`DZW)Xj75*xsE?3mDvE)A5&C;Mmy9#2~xZF}z>%FQ_87T(ZCHTI56 zCS1oyo+JBF@@}(~SJrm_rMCIZ| zK>`i{v=)TimL9N-x}oMLl3zdA9s#8<6%(#c(2{}r=8b$Dz87!N$ORdX{O~zMOeC=l zi><*Zs1CAh$o8H(eOmttw~p~^`pA>%nBhpTS*8>va*uBL-yWeZ?c}(-S_!?KhK}PzkbKj z(b2$t-`91W=lOoW-mih{){t!~d;0WG5N0AYB5YP?h0$R(VuM8adhl>MK}h(i!m#nf zadL8YW|MVv#w5iUnLZ7u+6<{|Ju@_>-h`V|C8N1;=P;{34Q*7ZuZW z=%GK9L@W*#Dhq&slD2FSR z6w3R={IJQ)qBFH!U*JclfX_sa2AeA1sCO#>wNgX=3rYA!;r42GX4YC$(;;Q^9AJJE z6TNH0Rq`&IScgEB{!U!~;QGak{@9o=`qN#+-!Z?SKOr?i!DSnh3W?b*NZAKK zBSEuw{#KiVo*oGTgmq{8PT|mcg}K68K`W;HH}@XexBB-l<}4~G&fM`syXwL6KMNOHQdF>Y=ewR} zfJ6|oCOtfT_pv%arYA)Ed^75%w%Zg%aLgBo;i+OxF+yz{=C`QF7xwKn98|wQ)maB<99aXK1^YsHow}a!Z^Hb5IwE0_2tHYC` zoB;(t1IjhL6UOI4`3?+s9<;I1(V30>frG>;kVt|dbhc80cM_+q;%Ma;9*K6BL31Z*Mx4HlBKIm^Cw?Hcr zMxfI_k9wH*{KUhD^gulLux8J2b5n)hD+3-_$b8&(#I_h*la=W;%0u%nB_hAe#EP*4 z@r!xCfZoN#!r8C6>e;%&!71-Hnznb{nQBsE;0^>QO;dmvu$Z=8qDf- zYxr>IG9={~zy2s6wfsEl>ES`R#ZYHl*PaeIe&=1_`hGjR&BCFM1=RdyzS|EOOES%d zKk@N>`%(8<2uI+N`IS3yG7z8q%r*@*uX-OL@a!d&OeEzrv`3F_*?+||-@=D#lCTdK z*g1SO>i%oc{aq<;69P8?D^3M=-Cxq#>Tz9X=lH`%`Phy!SML&+%z+*ArwzElU&qGA ztkmcND56F)a64jBEe%U%txhXYK<-Cb88sllcOvL1bLvK~J_!W!ikZz0+z>GIm?Tfc z%LohQ{Uk{U50_#84Xt`HHXo@?_}d!~UY zm<^Oj-3LuF&-Aey;E&?(L{%nx-m?za;m$ieBYn|YqS%pUiH1$TSeK$8R zh_2||$ZE|kJPKPu2tpZ7x?52*U-#oY_YAw`2b-m^yypks#zqQYuAT5`ah2}H z`iSV)MIe_lh4#*Ldv`tioha)I-mN)O{6I3g3Ij(tE$RL`Ns*x$ABxyJ)A2@E)#7{j z{=n<%STZ0(pHJ4~)|)+y#_f=O)>l@q0NJ}}o%7+*sOrTHH9T9Njj+{#PUG1A77B z@_-(8!kTsmIw`Gjnc+V3EN^t(d{o@e! z>cVYv9Q?OY+wM<(VM$85zbVIDq0t7<6x|gYX5TYgC&`5&Co; zK+-R)CA3{kpgCAfcikr$t~v{+9z>BM_LV!M`984s>zIratxR{v*{*r=cRU8`*e&2( zkmei|DYZ@2`vOmBj*N_;Q+`DdzmM>|YDrlj_gxc2mHbJ_{Un>ndq`#QwVJ?2Am%79 zWtbl15$%XNq5{)A<0j0f&wpAx!PYTWW(qLIHqYjjSE{k)zSToufeN=6K@&H*jBb z(&+DN;KV@JK(cln8RASrt=HDnKBM5rI=cyF0JJS~QAO%6?OGw z-ODL;p@l$9o@kvJA*tOBaWu71AeQqO-YQf)N3zw4P$YA3u*k<`qV_ItZFNWMPN3>j zX?Y5uEIWD3kC3GjsuX-K7vrRdx!*@DnPEQ7^`!B2k(SkZ!(p7QpG;ZO}6zx z$N5FqSAV!0kRIWLFWRM^A%B#XYxT}0zQi+}oH8WaTS}G`%VrW^3>Hhv5d`y5}=7g>B)dOEUHgIlq6) z!CCX0^QCh8>UN44-s= zH}rYQQpK-4ZQf^G%FFE^r+ZcI(cU7C@w``l=4Wn5d_7VXOr$HgFK++Sxp*U*EH!P) zfP}u0V14+_6xWMv`^TFy^BQ%3 zuY`>9m9OGR=ik&o_Ee>G9!!_ozCF2uN8%hzezE!3Z&{x#E5l4{jvJ-=O$ew6jEu{I(t`&h{4B`YW@JP%%r%fETnj3PMR-`|(9Z57B|XVTTuXUudK25!EYjS|0qpX&8vF|kq;bJ~jeVK2YxCVsoWyYYCD zF!*zZ-a97ZaYHoA=(Fg9kwRDKH9UNL0PRfSgEnTTZBjJF;Zy@9ZWKs3fnkoZ6drom z4ONJ!k(T4Y#@;m95l0t-xyY}$yH-J^2{TU4&YT--FZ!X^0`t{%os*lJv3?n_q8Z{p zf~=Cizogl=#3v#s<-te{#6$v=$ae$m!I2=N9;TsTbs-zgl3J1U3ucndA;<20xY25e zK&k_Q;-{#}=3f!%v`2A5zUZ&{@MGWjzn^rtR(6V!QR!C${2B!Xb5%RRqKU-eWtVR3 z1aNBZkGvj_-GW289hq5<>aY#)lCU#DKe9$}HnM63`_K2T+RK#V0nXnHtQ)30&g-n5 zw|Vy5!yS7&q$=e^*A6Kk8`nR{wyS?1Wk5txcsAFx%QZLAqe%nGV@GE<0hgD6E=d$u z?pk197gP+L5TX8uo`QsJ2h?`&fk5^)-(KEWlf}hL%U~yFR=giAZ1+#zv2~peO8`7C z4uiLxiQCZ*YPxfen!gl@Z0Fs<$eXa(aA$#T4w1ZD%|-nzm6^3>F3az*MT*{wD!~qy4oC6_?Yl?8nXJL}fF7TbfbsCa z=K*P!K*KF2rzRGfB)#{XQNqvx1ySHdbtl~IQw9+87eD>iSKw>Z#{SV z6=6E(uq~~rZe-^T+#J=vdP;1HAwT3jEAniCIfVP~b@UpmTNd<5ge0EU)O8ZJuvoF- zNK(bfE{tHRg4iU1cu#k&eK&2(oT5O6`qk>-3yzJ~6HoRB$JEF!LMVvh9^TQMAg0{9 zpqQdRIh~2ALAXY$BJ;`z-GT3H85Ibxt~^M#q~4CPo28x zqAI!uqg?`^)@&1Mv6k&_?FyI2s6H3k5}4+|7rl3*e4$3;cg09g}81j6>O zhml3aTDUz|z8521F?7F({mHpclC}F+Q6Oczxju0xyroZvFBy|qhjo;WTp4jsmE z%*g=74{q71gTS7|6L=0X8yuti#o7wJf`Yh#hoKpj0!y(c+Iuk;ZR>0$Yj2whiYzxTp) zw+bepw;~0Wz?8wh&C>d&9z%@PzddXw4Cb+t4BGRX&_9?EYE$pW@bJ|hD0%YIYJQ}) zNA#1|OUe^l5^=@|?5fG?(1Fqk=b8eG=RsQ9*v5}HJp6&m#iDfF)4~{VFIHnD;_FEQ zQ4!+p{WHy2;ls50k^CZ6HMMV#qQH;QsTKH{^#gFAyeGdc3&zEma<_{OS!2)dcppsD?8hl)eLS9 z%gqf(9YTzC&IWuet_|Vz5fUGe^+X2CyB#v@uU0=?Gx)l5m*KvKJI5=eVou!|Ep@l( zVXSygb0OZmR+KCAd>gB=g~hi^J476|Xo7?Jk>`O??C*qk&?67mgjN$-DaIG=x^b#oJAl`l1m zMNb^a{aCZdiDMcMY>+PGExc*LbufE9FYsYEAH?>ZtW=01@ zM7ZGCgd!!!o-3GH+8^2l7xRkYc_FexVq#(sl#~+30`0W(Kolm-%JHRyQ)+oKk&bic zuAsebFOTJ;yQ#nnNi%bT_fS5uTc{M9Rypqo&M%k|qRBq=!K6GGKv&&he@rBlKK z4lPYTP7(dz380qhf>Ur_>8n3FERJV??m=J~lbGm~@vLRxA|D?@KPj0c6;jM5XJ*dX z@~J#{u)kRuLprl#j8Hth#O?q#_E`Y|8Y#Cexr8@aStY;-`RxAk!S)pJRk}gDC>pO< zh{-z1D;}?sfMFEO0ll0N}R+s{mU0jpaagU7aWtUKj_GLFH_808M6YZL>VfA z>4T^ryyVCU10f6whQ}ix;^ZX=F0erYc%U{j;?bLJ;#Ij(bwg5;LNIqfVP=KxP6Lht z{)`7!7g;1KbhQms=`LS3x3#moegD2ThGyzhWR1z8yKuiw6XW#NUof(lXn22s#IoM);E;idZ0-FWXhpaV*-0_A3i2r&HU~=*OS^`3*hLtv4^A z(g$u2eNGgB1GoZMVpCuEy#QneFU+j`TdIO(ksrj|PhFkX8JiK1x1x|hQcL87V9W2{ z_ev8&@})clz;3>lDD#n3KzrqJCMJr2z$%8#-uY|16Lp2c`~w~fP#4HRZ22J13>rEB zhLRFn4bZ>v$^Edmt!}QoBRs2b%O6Ld1MwV|<)s(rneItQD1;jC-n*AX4YxtSTA@5e zCN8Y%n6?`&^=^o0-@kuP;1B>+g-Fr^r}5~xtG1rrZCnQ_8`T?;FCL`taGW`4a5krih5bI$hC+ru zH(?cn3@F8X_bl`94C4fO`MR$!qIajdX!EC>36+F5J0MIrWG`r3^W>~oIb-S_Em`g8sW za{q?xG$HRvP zK=i6=z|4a8pR{FvQlO2E4VL#ytUmFO3y1*P3ml7pVf*{v6BYfbelcf&KL%4^#w)mDoEIH$R{8cr*C>5I=pagco)dis->lzvKN>YzjHo&j-JRYhYr-RwUKtp zg9j@`Px}$-P}~W{b`b(6HFr72r2i+sS{^XngG_HBHfsM?8IGCa{zBbt4OToY=A#!L zHGN#deEEdbXCiXCg!8V+v9Wi@8TMA(HCIa%bZrQ9N*WAVX@BqVWgy!V{P$De8%U z%L-)Fe8`Ly)F8voWmwqrf^tZ*?yzq7b~bHe;AYGvdz3dYMk5g*hixCM612+6_c53N z2tLT99<$+Cy>*(GYeQstT2R1q{%PN;)%wSkH{yp}e!bX7zvH0vhof=Kw~yWkv)Dy) zdOs`A8*=emyY2Ok9C>rHF?=Vr{utv`(Lc*8zKpw`ic0=aoEfF7)6|VZh^l4#!)f8t zkf!*6S3nRO-ly4a%q^;}oVs-BZAr;}gKnGj_|gF1M*nU(e>;oeGb|)z#JS_iR&}_338uld%16u~=HKqYkC( zGY&N|*HY7TYFm?)7PyI~I`R{aNX~O={Gj}%%)W2m)1aukapFOmzhd4Uxj^SFJ}h96 zib=0thCuN7HJO|&P0jwAs3}{!!tJedq%^6v z4sz7-382iJx%Hj;tJ!X1;?b}Vy?R`axC9h~Rq~$ivB`Jh&|z5Zj;D%G4IztD=Uh79}PlQNE{PoMb7YK?gp7a#<4QWUD;sSxxQV@j>Ri{UGr=g-#+ z3#Mdc@j5wKMK_h#*HefThDSf??>~qaR~4`{sQ#VEtH?snH%q2n(D0}E>A=WH*{g%s zXXod2@X(Jn#yNBDK7Z-bZ6&2CiI>jTRc*3BfjUG_AMmuanth~C@XhrW|_;nYr8Cf*AT8UNw5S@pul*OvlT zF>?F;jPp2lW+>OXkxjIx6}PixU2_(zV(lP;Dcjf*@Ak~l=xDtgnFu9_;eg9?zST-6 zNS$g)S%)8Tfo!IH@`F%3f)p9bv5Q};4<0*~(4`KxHl!s%+lv>JzrC!e_?ct#nfFQK z5$B@5`R{0+a}0NUQb-ZV&dK4hS-ceTv~um+Q`uRU8csH{o*SGru*t5w*&X2N;xB7Ia{f|ouX#Op zvBss@BI22Y3^S^aN4zcugBeB}GIJ{nAn(oqCOdSJ`9bR(c7N$)WQ~^>5h~2T*V&0e zBw{0L#$LUDY6^3?gs-m-@Tnue{!~?dC@hlc1-_Xooyyd$S9}7y(5NUi@lKWdVT;0m z_!LG8caHwvQ@5`1qqFl?rFPkC>(|E)`ijRfahL`)p2^a0<^xFlmW}6XZ$T>5rn(nW zOCw$?*HMII*{>|DP*j*(sQ6g*ZaQif?`8EWcQlVuHQ9PDWI5THw=wTU1d5@rr0|+l zj;^q9!CA)0lUUSgX^c=t*U%T%Lug18+u#ksQtpt5`G_s#T99QbbnL`!VH258kYhc4 zCiboHrWTRd>sRMap1f*J0m3Ke;d2r?a2C0cc1|)%92+6N;&8|mzsT;y=DHU=hGCZx z=dDFTLLz1VHdQWhKjF)N#e|zeHHipOe@@*LU*FVfUq{};`r&P^9jrf07 z>&(<>4EiP0I?0c5^=Ud@GN#(4KhE+;x6f;{-GEQ0U);^vfURw^&Yaj<|M?2P@h4YW z>E1Yr;6Mw1-DtyC?(W3sCC)2<`#F5ngYj;`P^48^Z0iK!BiZ&u0($O^y5)Bq{d z3*+&!YxC9C$GpX=g4ye1u3aB*j6;Pg$U)NEw7_aJ9i9S@?N?{m$*St05QYbKrM*m?^J1K$0hKDm;YJw{xa&TLP8K!%q1` z8CRR7dEM+P2iJB3ovDuIvrJn$~VUKr*cxLn30jrqYuu*Xu7R8ny znxv{$vZl&p1=_ZH>OXxpAMN#UZ)`WKTDxl!e6xC()P&C@czXJ0cQ-O}4?pS5REk=U zw*9(;ULda|+tfNW4={@$nhF<;u{dm3^~mYkZn={iHcUJ`AbsXmK@pyZV*(a|ob|V% zif_xac5nPBpY$v=JA{YU%#?Zo&$U-g@_TwGk{%V>AOMkrRhI@79XZwmD9IedO5@#&oF;v=dpLW8D7Sa7DV#m9(l{{l?o{y(1={Q#G!(xQ`o%wnQXO|B z>-uIXe!Thl_Z>F3^Bc744!@e?HA$7FPLR{!qLE6JgF4LJswY&mHY@}7K;)NoY{gJ) zPxGx=)YRS3Pk3z>`J(KWtwS_V=x1~cr8b|S< zm(kJbv%(#E&vvoF0+^q3gWiW1D?NB5edu!d>)M-|0<^0Y4j)&-zc|h{!di26`hPI}&Q$5k4hn*5S{%5C}7f{w^Dx3=D^ zWT^?QsP>3>9yqnXbB&&Va4;K95iP)MJ&D)$ikpR8L|OqW^rp&b~c8=o^38 zpzWmg=^@Z*WT80POK$7TrszNOJUJ`Nmorl}m3N4rUxQGN9Md=XT*YHKS$jf1^_u zWOx15_E*Fh_y+~uxpAXkHHl*XsT1CZ7{%we))_`S)ILdEUT>j;j2G-x!H;(H)@n1NS(@9|d$cpuq18i)rn zyXNK+qZ}WcNG*h)w-(?$uY`oLTvz*6&QPg&$!dAqWa-eWrP0<6( zQ!tR(bhMewbv5;S_a}2;5ard?;bz0ELepF>&p*sRV{s(1;$C{+Jtp7m?lXL4?w8Yb zGN#DA>1x+Ms@)G(^SU1^7WdN3m2@%r&)sU7s6bNt*>^V(QdnldlWsalapTs}oY4#I zw7gp}$&G}Sf*ro^b2XGI_0K43D>h?DQz*W1-PCra{fIpDX` z4#O&vU+JO*s7g1!Jy^6{WYPGZb|rOfb+emGsDEXajfV#;7Wt%t0bddOc+e2Rv|syN zj$E-<0p}zMoID?TK~LqBf_TORFKX{NfC#APYhQLOO|(AjFzC#rN^ifH_9$)lo}9AD z#yCM(ert@>Jh^eRlwj^UX-NyVR(^RB)qmg7+WlSVs4Wc&hzktT(zf&wmrR|a=5;;k zW{OPz7pK}sMfzz{T?y|#ruG+Tbx!eoO}`Iv&aKcawkua6fBiD~B=2>Gm6e7lso4`b zY04RYh|u;)<(SFm<>v!ZDypxKo-{bj6yVXg33u<_%{scg zvJ#Jy9b!43${``R0PaQyQPkNPjxdvZOqZDg_Nl9jXphM?e=>D6*S;5Ci#oaJG3P-_ z%8K-Qo>EXhAE2k)YPC>OUdcF9>WF_T$M+AwO4^{Z(W*#_j;0#zXeTQwX z_S&tGsi~TA%@k4SzCCU>M8g!jBi8-k>%F>u zHKZdo_i92zxfYr)Cw#Fgh+e;@nrrDDZQt<&)#Nb|`$GcV#VaO<2MPyPdL1yA?EgIV zNiI zRy}W?O&o%={MhxPA7K$~bapB4s$R=QrfX93$V|lJEY1Y^8^@ zXw*v1?<|~;r(7zIt_h!0@{w|Oo9>S~`{5@)*%+6Gywk%2YGUj`cHM~+ORH{&Ae!=@ zDKL+`BqAgVroRgE& z+gcsSjN>OM$jGjzwz3&sb5%>l%y;dx=`~kmH~P;Y`UhMdxejn@cSuTJtkDTLw9*)N z0N>~DFR?TGo1{d+JtJ@*st}tNRL{!xkM+_)~Iz$h*XqJDv$$x$@AhPmqqhE`r~?+lct&rAvS#D1PwE z2_wZwU0ofY4n;c(=tJnDzyw5w_z)g&l-wmvO^1P3fFZVz>>0haI3m5`B;lsx7%?f+@bI5HLGwH{>n%tWC1vyjiSd~8$K`B~N4 zujY(RYZDRD2mFM2MOFf240gZxbf?ntjgeX3%xBRg1-~bjeWM=-EI!c(?e|=LBGvm* zCs5PUgu7GXRlHk3tHA|+W|!{F|8M~!B(vB|cXb(UG3%zqeyctBC$3C(M(EC`%6@-m zB*O8U@tJpv1((8&bFk;mr}mx5qX3!ZmfB!-vBbGh2s8kfe>+6`{pI6`QG1K*4JAT~SB5Sk6^h1x7Wi!ok-XZrEq zBCo6;0PN=_77HJ{`ZVPfh;scwPhTiGT>AFPx|gcy4xQS+blzgMeMQAP2%%j0Hu*nC zYCD5?P?lb+4mQM(I;ouEhRT6M^Cw@8&S7YiugA$OY_5bG4TS;uD6B?LY~AlFu{hPq z;9T@}BG2xxh52#OoJXZHI0UOoJOXxPn=yudyie=*Hv6y%_2+rd7mH&DVdMn5b7x>% zR^}ePj&FOw%qcO-g6x^4BjYLgkFFdqW~HxzoFR{W?A9$W<6YpP(Cci;5txG%8EO#i zpDt;z?K&7K;a>VE4s=1=`AUnft}f$sng;;(n7iVPT@-Jhfli zlM|Zt2L{WVvggvrECgCo?rPwm!Cd=pv~c$?{b#nDOT4>@k3wTB4cAI)%gI$&EU2bD zYc>?F)!&{lu#N7isHu6pIHrl%0SZTqdw#{&KLvlntH@b>*VXu@bhBaQm(B+cGKlya zcG~Me4`91CEChc$Bt68!x0vB!uBDt>0NkG$c`~1W9v!fMFg08K~=0&s-H1YPP1XvKKNMnJTdu$(VgN62V4vw&2j!*QsvTdezVMzw+48eC3#Q z`L0+6*IIH1)l3 zCy6>PNcR7@$tJ)}n%rMB+fkQomA>`Lqge4g*K<+#<+6O~cR#D?CA9h8erFHRDJA22 z-I%tVY9KS&7;x|3A#D0)pO_2fHmjtN^y}uN!d)<4o4I|j>l(@oaFK$sH_i=s(cih( z1(RzA^U1b@%9*x2im&$_E@L*l&Md@bu`E*w0m9LqU6G@OBuzy;#j^hYYuI^(Qs>-mmBcuc~iG`s%WF<;v4bk zbLJbyR|<_XM)O>Gs$~NgER;h<#{%z)t9sM8eU_B%D69Sc{zyR`#lDZq**?=xKc{Or z1Rq*hk7X(|G8-}3SUM@R$f{pc@Ut$RdW37CAFmy{SYI4)OrJD-_efb1Kq(NK_?(aP%if7|h^jk7m7Pn8s+W>;`)Jnk*_T8#I%J~y?O zE3VC*XyH^%uJ44~4_G#ZR4cbR#qgN`y=AWV?Cfo9AKndPZur%1P^6Q~fA*7hH4h>3 zC$@nMn^R?=;DxKHYN;qvi-#%?w;f*l+Rn2Pc;l`cYJ%2`mHv{o-oPbgicdCxAc*M8{>Cj-MR_cMAg)K z10D`!+;wEUIEeBDpYXE%MhR`Pl(A$|^Y4p9FG3xU@vZPutCImJce{k2w)%Rka?Jsa0^Z0t1fse#Y+rJG;c-`$9Di&md2e;EH0 zzaH=DWPiG2{5SKug+7&%LaXab>Tiqho|rnDZ+lA^lD%I#|8&ADSHd;C#rpLo`2o_P ziyyQ$@7iY#^-UfRK790t?I25<;K^SPYu^<(?f#x*+M4*Fz0UV9hm8?^f7{8jAO1WA z;`gZP-o@SRTy0FgF`d048n?67TZD(0F7J=Vh8x#jIjb|xk9EtH4p)ZqeA5r?(fQY& z4K&!~X`OJT95^_SlBK-7eOEOwjs&UcoD?PrI>0;^8{kk8$NmFq%i~;Q+{1H;vUe_& zBM_>8bku=@fAzh>(`=h1Rwh{<^e>Ej*^~%cDZ)`W-na*WUnW+Cns0G(BX=wExRB&_*un#FRd zSgHnP6FPxK;aLirj#c zDwI%|muN9!*}7!kMD_u}+q-bf#?g(;czFb$ItEzL1;e|6%xeiKFrnHsgPb}^NHJdW z91L~4b_zx-r@S*C{ah8H3%`ca1CzEyotc|8W!@sJt+=#6fa;PS?cK9y)MgWi=Hxr` zeG843k~1f|Uc@;^sI%)#RSwlW%l*1tK}FkSdBwJ2-t^CdI&c4Lyax<83MiJj#pB&h z_w*&U#`KFdOfE+b6Ogu3C1*|(_8A9+Gxr`oc<@fFSiQ+)n>30#F2!(AA_zC9CTf!( zOF_&#YRAblXRt7qFFmf9wXGcf;bey{95YMxAMNIPxD$Ha-|2693i(|et*EXFs!mkq z_CaTFva!nHb7Iqr`)Pp=(w8Xc%!^*~V^}DgX|QGsd%~pD;QkqgtB}z^I(^ZL+Rn6m z`IgUyN0Ely{s?z+`aDCwNz`@20v zt=iBd!oxZ|*`8j-9agLJtwYcuB0er|uG4t^_@zE?)%Ak)X{)$LC+tm%rB&R@8HVn&wDD?@}AR zZjF%a?*PwtD`+G4wyv@NW}RK@9RH?IrXTb={Rm+hK9Bfto5^LhHSDtPUL&JvF5@0g z7#3YdBZRS4ErY{G9sHx)Fz$sBLd~l+G8qcFFjtLx9znC z-Q5*wqI09s4xEoGNH{NF9_w6rhOE~+;Jz@+F`um;yr5oCb1vHUm3SNhJ6y5r!81a5 zwXW`N77Ri#hy(K_9kdHK3I@C0IU)gz=N=gIa-vTcPfL7U*=S9EFfV*@kyLnX=sJ;r zrEO?1dnX}(1Fup901|@cUjApS9!A|ZT|8ou0+L@Hw$&KxhO0wVm#rpOIl++CE%z}@ zX#S&G%nWT*pqAjX?+ZJ3V0f}P-R;Y7uA{;A9UBbsReWIhM*h6=(EQN=6PVxP2+@#A zGG3Ny)Z>CvojbnteXE1mg9m(l5rfHKd0{V+u51FD8WwN3FcO_@(|kPZw%>c9rQc0B zeWZ?4?}uJX5Go`BAOm#9>b!q#cSxz*U|mkzAF=T#4{k_$TqR={KNgzFcDS4Uu4I8s zgEzA}S$!Ezn|0aGxA*Is+3VE`efQ<v)S2X5ZNPE`!o&BBa)*mq5D_$mvijjv1_N!uRdrj@*+DW$OW?9n{i^;a~NO#JC?KCju!Lv7OwFGAqmXSxF3zNG?E-rEz@X)rmw+FJw219aBfR8Ez z?^{~(;I2WvpL--6T484Og7k}n(TKACFGx0*3_Kj;(CoE zbtlfjFUss7xv&s zdlMPyjTZ&206*yi^aNF^dU#8qefC-&(*w(w;}|J$O!y7@|M+q8eXLhZvpyKE`k&X| z$S#_ek;Ocp^KUcYNmd}ZVeXE(7ivcI;JnUo0X7JzTn_7Tg%y_GC+HNw>KU%8)k*)} z)r-$6L(sa}?9xg1K);BlJyCs|r6X&`q;s^uq@Vdb^?|}|`&alcE*dh33{5ImfNzct zlrHdkDpBntA;GI2YBR`G`kfI(AS4Vw;6IAp*d4BE{w2gV3c99~sC;qv?!1O(h> zXG!7=>#kJgWSN?BgOhL$AVE$hJ`QqgP!S|x_NAW@hFwpKQ(G%TIj{|A1VIMLz@QF~ zUZV6_wRE!uq#m$uU~vn`Hk<_C;5__V^1gtCq{SWkI@GkKI_xU<|dBU?-u~bWV4_)RFY3i zOMXw`cCFj_q|0R~4m-Q#iilV|=Hp3YKvs=@DI#YcyO>hb)6|NJ{fInn0`2jV}_3cvmT_*X@Zo1Dbt zH42v%KdTk>n;iN5|M55soBuItIa zD*S&+@mp6_q@3gvz9=Ven66ULDG&o=K8+d#!>@~Tz_Exaw%m$M(^shvO27T_<45iZ zaNRg;ZEZh$uQOos~_L+fBT; zX(gjzvO6opurt#XPnGSsv`&UHzvUz|Y*ipozebp08g&a0h6*bd8^jEG<%IIU7f~j4 zD#rQajU%zXAEm$PrMcJ1|MvrIEKog=nFhs}d)G)U9M_u?V%$DfwJtj;A z@F(%k@ioPEzzmYOU>+a)34uJtagozxiQo zzO%2tzw+-=ICdmh1$d)x{%Y8%AiQD1*>^rc={z-pK0ba!Ch#5%vfp7+a4%|u+;zVz zp-p}FiR$6D5ml3eneGfB!A}~~iHZ88y=;-!OJ5vb9 z8FimqSUU0F%lV2}R->4GyRNA_!05_%)A4ym9>b0jxDTCRRnyU7stvnR45(#?Zhdk@ z)MJ3FI$hb)CE!PVlHXSomf^@_7=;b&0O6$wE-{kPtq(F-o#c}aJsMMak}Bt*@|2{UdEi!o;W`$;yo0AFDn_3_G) z$+Z?A*8?GJqshwL)9*g3|M#sAMc--+AdR?w(RssJZ`t;8aLNO*fqIW``VCduuZHsX z1I6n9IZTwd)DjLS)JxB2FJTAWf7Ql@h7flIXOkOZ)J&M)5d04^l=o5i{-~{`$B}gU z%z<5$$Bw-!(vUhaIy@d94J-B#z{AKm@QM&|kZ8Bs+Ta)SJ#iQ1W#8Z+^l(#^RaHY9 z*19|DAElWPG{nVc0{cV$^)LT^8;BnCqpBn_Ag6`l`;X#o=hGZFrIHwu&x99g5Tx}) z7GtxAFqzk?3cRy8!3!IKKSU<;L;Hj`Em->^#(E8SMC7L5z0-sQzsJ(Sz`#_Su_hvu z|K``eK8-RTyKqQvvE(sQI3_LKKoR8ozpK%uLc}-uwoZl$7~b?D0T*TC%&5eVT%7xH z^Q#I7Od*(I!m99A#FZCf?I$QHZ$q&iRQ~Lb5VTLd*P~~yflWU9Th<#q%#4iImB74L_)#SHT;cTU@m5d!Crc0?tMtK<3zHeS(|J z(-zyQMobdHDT9GeZShA3Nl?gqz)%9K22N9g9vxF;nSzM2A+Ch0(*5zCj z^Zu*g{2gIE^7Hla=p52?P$F~8rUChBWOcGAb5Vn%c9HPuEClEgM*cn37T!;Fit6k) zV;f}hp6~MyxEK%>_3=n0>4Rd+Y+{r{wykMd}%_@1z1R>>41l20mo*ECL$>Z@ciu^NJr zjm$z~fDV0Gz2u0sKaKMn)Hx4t_PUl7k7M3OLff_nfOy8%a439z{A6Rph`bq&E#}9o z*8Wa7V~ZhBZ1~p>)n92P6%i4!oa)$jRYBq7-4kGQVmvwWZpQgPmk>i22G$?_CVcZ( zzI1Dj4h(zMycKq)u2qrxB*(I7V^Zw;+v^xWs5#ip4ocj5wR7eF1c&hXOz1qoTk2c%T58KgyHrC8hR1MF;SkQzImLqAt7g_$hXPVaUPrm(8A#sk& zM&^B6p@Z39f^YA17k`N1RA=Gp+ph=zyP#Gk{F05P31ZL|yj}-}2l>Sku%g#$lSJ z36Y?Sa}ufBJ61$pNto3ys1N+#7b}^%?RSr4E;aM{oG1!fe(QM<9p~P8Jto4l_p`j5 zm*MOB3KT#`p#pXoJKdf*Q&1jZ6RE{k@bk>+mv3mA=Pn$&Zj$k7EijRi0vXRwRSV2Q zLHtKmjdgk}wxw@y!r3>ALbyQK#m(i>FWM7UpZ;eT68@hTZiW8@SQwF`!WfYTvwKtx zqDVx~N_17G@eVwJb~?t#pF>Rvz6n7>1ka-3w_tG$V2&7)z1KMknOZx(XqEHeyXxQ( zi10=sA~0yM+mB@OGYBlw9=)KN{j?LEwaL;Sc_NU_S(LvWBSJzaq*V`}96hSIOH#7F zu#_xTF0oOZ7BS|qs07MFgl!@i0t6yVv&vyJVWb-Fgx4CW8m{mY;kQ{Nfpgd6VmH`q z&A-PES+zCQ>2M0}wbr&z3mmMTteoJiS3fy1uWi6|+0tuIZYi*Uxd-j^mhiHw^NYR3 z|6-X=G4XP#xGBr_7XnwE3YJ{;(m>i zSEp(s*BL>2<3qcNCK)?`C7QcCcXN?LQckjezs`b=uHTQufDa>l zjX%Fxkk=X!6QcoknR|FR^d{(w&eP%6Ks?68R&9;wFxsoI5tmu~3y#^2zR}TWT|a~M zWpzRZETFP{T%04lg|(2d+2Wd zNz>X`8h#}7v-p+K-}5-Bvg|&)GV2`=J$^P){83Zc65k{%NM$UC9=cRi+ZRWX8z3}?0Xa|X*AVr&Bv9}nIkqZ~l zRPeb~J8Iu@c*6k<7KD66K>x$6dXCqFR=n`KGqslpmnG&~B-az6%ep-V@cZFsx=&O8 zG?nbVOk7pfGFqZcqwb$!+(~A`TUBh4s}rdr$HAOc&N3>;v=uhUJ1^_h40dEB!94)s zd6BDYYdLgTmQ(r|)!DSZXvi^FyvKw(j&5`+t5-I&bIKCl>o3)e`|?+W(WQ#ti{9F& zZp(4hTWqj#S;75d?a4nmOseaf6#fO9KK|Y6IfHAi%*;&b9(Kgb^TQh#6Biyoq!HFZjZT|W$XawpR}r=XL0ZM{H^ z7fP-!V6cBsp4Gcm9~WbpROIa5@S)Nilt|6AuGi?FFVT3vz1NPv=X4$L7V}b0VGHJs|E10{2vnW<|9>CdTqVzzcgO2R-ty|XRD>gdFw7EasMOOGDS zPj9YSrQOuBp6RAg%CTh$=h?dL93KVS%#V)gRBM&`83QJKC+=LlIyxG>&$;MLYO(nN zRwMhb?FQ(;1?}thV-N84{A+sdqzmO5BCV2sr_h$epKiP(6)9~$zw$%(eK%TU9>Uxn|xl>;HafT8}B{jRa-}>^%)%)ietlS%$>K#g!oUh@zqC=TOx8j*w)dV+^?Ll+|D`9 z@rY!wEdM@`#)p~Peqx42B*8#2bv^xA92wz@DZDQwt2BOALs6AdJ#?XSZCJJ zi}}B)jExzHfDhl)*Y|830V}pIK=R{=O|){ZCAX525|`fWk-iAsxfW5CYXUEp?>SMG zZe3uX62QnMs2r8=PuJM_Q%1^8B?O+{7TdqWSP|LA=Mi$SBgS@Zzqk`AfU9a{$S;vN%nS4ic#iG+oP zU(>%>h#J-&t(zjusS!j9-MNo)iq21$m182pQFj8E@Jc^$(gPNadp=iMXZ4z~WY9k} zw9-%O7F>19I;+>6Z2X1+KRjQz(aKQbvtLXVq^|t27KP9+c_L7>O0huGI;X0(0Exo` zb3LdW=*uY1!tW)Zz>^}Mi|E_am7Sm->Xv#!)9qj5xWf*n8ge#)-V7pcY>KMT>Bl#H zy#E43-#VPDvt_i!V7?p#A8Ie@F;P?oYzpT!Ct9L+jIJ93v?uz~J_&iVyXjyLEC3Ig zEGu&#i?~?;kbj}yeFg#CdxizfK@j9I+Bk?QC1O^m2QLWHi`WMuAzaFuj$xY`geoF} zE))#MDEsdojh5q$H=z{?#n_vglXU| z;)0@ZV{%=zrZ}zH=0JG-YQMSSXzuA~zq$7fs9X47JdQh2M;L?bQ=QfOd3Yk#xQtyc zfiksF*ae(>xI8N;1#06R8}x2@nfXLy^P{A>j|=l4>w*(>=ks0WwR*o3=ICb#nR7wS z;X80_*4(|wKRN>0@K7zU`@%^0;M>c(Oh8ZufQcMDs#wfe1{7v>b#Uc4h>kSgV(kTw zD@DO^z%DE}ic?8+i1=T1B#)s;qHO#LXj73)ez|oEePsWL&e^kPNkRM?7%*CXtlu{K z#MUly+k;t^PrUu;p+g@@w^8X5t}h6wM1kxoQE*OLC}(gF%0wl9;pW$lWwJ)-T@G&CPK9>&Sc4F!+^T(=kxJ$PK{?Uyemm~i_6-%?!}o-s9! zbW}}k&F%8qOGX2&&MUL&2s;RcekWP2dn`f`dkd8$JK0%9qJ*;d z$jVMgvUjqQ?Dc(~_viioe1Cs@|NQ-PKkoZhuIoCl^E{5%@tki|w9@WJ{qAXK+btj< zpb#hPk|Kx!)(9!NAQu9O4mQ`NGjMJ{)<}CJ7cqm|^TPUXF$#vjAs=>M(!I=DJGr@8 z6B6~U1gEO1Z`HQ7$(f=$^CWPEhj{QX6;`*1v!l7pHmo@`)C_hyiZEHJl|OV!skfY5 zTr%&k>__RMgp-q?{p5wK*fH_qujC>uWYe*#hvD{sK=LXe|IlfiOa`!w0K4JoT)35T z-3PZ^VdFk$aZt?KeGLdDzcSve4TuT3vYuyVlR!le1DtgRNJdclX;_kB*n}(VA2Ol- zOQ@!L2q3`Py5np#7qUTv0n@;~7bW6I-w@9A27@BjlqdqT0PTt!o=9qeVi)oTAafTX ze15OHb%@>%O&&661`x8BmD19($2<9`!L`0TER63&wwbiD|9;jJXi!2Y>sESNP55r6 zF?sjSX!StiJIfQzh32FEbaVk4)Bcmw(}`7wM4b){)B*qln77Sqx3p4`gEp!LKLaGW zl-Np$tw5#WQjVFSofq?+Car;GlT)xL7=BL%iKrXk5GbUd;zXPZsXwng4K5lng^=i}WoD z>c1|;Az>!s-;MSp<}Jsm*qfOKoCI|uTB@x%9~vto_ehD*yQSzD2(91WfI4J!Nqj4RTpuwgE!ZLQ%{9w5UGWhv zA<~4ve6R*#K2gUPB!*TQtSh+5Zm47^Tz{fCj-7=nwIg9&6J5&&*iEzVc056I$o~EN z>ml#^UgDbEV2yq8!2=RJYD(%8)(zqDJ9qCULU^(3#KH}v!})x|P8d#{fNH%#k1b6v zJQo0bwfhcY-EiJq8C$Zao|U?O{X>JRdg2v(=f$pZ+>`m!XW{xpDmoA7Q-H-Z^LXyk9NV?Tjv4h`K!PFYODg%X|FuWi#Es;&q-p@o$# z89Kw1n*zg-RsXUv2cHTgwhb9a?^FVY0RiC9cz?cWEA$AXp!atH^JTuXXQd*A?I{qA zQTQ*ZPQw9i7?)M~!uGM|*t#I`^kgUyWJN43E#q8goT2|C+vit;eQtouW|8yQ=nkoeoI+U-ZMOEOa3OmYOuGR4-W=CRhYSS=d4 z%@i0l#){C8q^ZauLLNG@$C$Bk6FQ#WyRCTLMgY{xwiHx3dQ)xG;Mfti0S6tZXYNjG zh>(Hv9pjuh=1twtd^fpsGVD>qR98I07xakz8d2^y2C4%`MjGm`JC_?;RPRtq*CKnt zSGRFVno1n|ChLVNpetbOgBmV)R+M9UslCn9v*e6L>5?b8;^@g|+dy`1E|qoE@9n{o z*QYv#C46_7usiq zXR}H?jCeSQ*yy-4{IS-+dqqP47wGBT7bJ9wt*R16r2L{Hlomb7%Uilso27PIjY|a^ z+UyU6H`&&&)d9+Ffxu^WMHCbQrYZEWa$s&g8+ENcqyKlhSLP1uk^z1oCRs}PaA~^h&5y~;22UX{iOi*0`f75UQrV_5^rSRck$~=NJ^4%w`DAGl zeg^zSlp%GGi@JNu_ENA_ZK*=T)pY(J<(+d|(XA%OjvRReR}6X-fAIz{d&*puA6#9y znLxo%YSs;Gix+0^?ioc{;fkK}Z7F$Y#HttaCfy{sP0HU0gp zFc+iIr4j<~FOv(7O<73Jv71`X)7UnaPzT&Vgg4}Z`!UVjshe?$s=Cv2<<>}QgQ)rYrEwQL)zFXomX(QPdPhpw$o6V$ z$E5*+zbkW>KciDz{&&JQROljj!l%-&%6$zSykoN)`KVY#mp!I>9qnih8OjIybN`aE zg+0D0x$D)@8~;esz2-dZ>wEi>)b)#dx9tl)$swcaBE4;c!}n3b1KHq{B~Sj@`S|gd zul#j0%}ce@4euuVdV7N6`v0>=aU*1)N1zH(u2J*^(+zb<09$av1fH#gQ0HF^`Q z(1$K<#o$r647_h?chY zwiE;`BH8jb!MRn(=J|-Y{H@J4@6w3v+>I*owl}c|_!RE#&HE4-7>E;QS9X)mw*BvI zRZjX!;*B`WZu*(Fm6lgmJ3Nd)LEg|%bE;qdNOePl-&7 zJH6u~&uQg1dr+Zp4D{Q0oa??1RQ>HRU#zYI4=1zVncf;1C#SVNFfe!NF$+tVb(Ygi z!3<&xPT@q>WRFBmf_SVCZ8;k)5Bq2M)`le=F)^9887(m@17&x*E}PA+E^9+^Dm<;+ zfDaf-FDd0&j-66U@GE?9Zfb5$S3B{IYuCzXk;_6Jq27jiX!KwM*rJbW?LM~KczOMc z|9+jR$;20~^?$rn!{P?yxijm#N)^UXkpN$GbwdK32cVGS+uqHSK24jCbRYx)P8; zf_9)g5B&^qMm2^Vi%1iG0I3p$y2xK{m|I+|Kp?r1jV{}aH_|U~+FQNf-SJl08>3E- zxBuh42`02s@RIF6dgcD7d9k=;hkze~-}^Ncr}Og#`8NuELfZ{=Jf;IgU6Txrj9zk3 zEFv*SOsw~fcc@NAEgF8BM9!bTHGS1#&Fvz@0m9M|Dyg?zBa_~|c{i^qBq;d1LzSo< zr>K15_NdFe#)R+3-zyE_!FP_GJ15uM99P@);u1w(zmBk=V9za+Y_-#l^6$4mNoDHS zIsl{aR@HGn6jFEDrSP62r?K(47OOv`fzi%i%YQ_lS$km&?Ne~DPsPjH+aI!o@olHY6wY{Mv9D1BEq;+d&M~D{mA^PKf#^CbKt#V{ri-- ztE)G&pYu27KV|F~f*pH{P`3UAb&U4;i8>kF?Hd6K$qiX0v9Tph=Sw$wY(!eR=S${) zj4i5T|e45aC;Lx?Y;JRBx#5FqCtaDQ_U}9V~ zTv0qW#RBnhp~-Q-(A`t?J#$n56ScgPlN6LEpXInqYF=L4*hW-{BRmoNrxTLFfPS}p zc~z;r;wDOrm6sGV+GuW`c{;;g+?aQ&?3HaqdMMY($zXBI)hHxuYUG$maW36B9y(Ei zGck(S3Y$Xre*Ab=biUCRz`;6AD??SuweQ@Uhp;7{bNWp}0vV~4jLhfl%`*7y9<6T9 zqKO?QoUAHwV_eZ$(=GQnd_Nrx61|}(a2rL-VT|YASPj?M!(-*$YBG`-L=Ke8^ML5` zQH5Ax({m97-h{a*Mc&_Y$JPmy#TVF?4MkgqE9Km^Cq5}s5OM5Cu zf@vE)Q6Kncw9+r8EH?HK7%WnHKgI{~?yC>|_Z)=`5outBm!;#!R>spp@`2CUq5~5k z`)77^u2eo_+rBaq@)7Dm5W9_N`Ni!Z1VH!5!-o}B zRWXC!tlxse!{5|wO=Vd_<8-$(y>h;#4AEWe%QHn`na|^KD{lQ$qM!)%?)SxU*2dU# z(bAJ0$uo%y9Jfx+KI%k(q*{s5c@unRawqk9 zd_xL9eZqc-<|KOZE;MQcgrhF`TGWZ$%~HAml}mnOT)xE`wB;E3!GT5!vv(EPel##R zfc&H-94d2!chus3CQd>VKNi$+M>Mc{m;(R|MuD_BDrw|MFik*77wMQtG_qO83x5US@MYLg+cACKY_k@e zc8Y2STi7Y-XQ<&A4ieucVe^Ob!ln}keB;$E8K+5riXTIC6g<8G5Oq9%X01p>>-l}RCL*G51ap;i@uxk zG2zhToUP+_I#S5_7j0*{PIYJJLC2-9PAkiJ;!PWk&cPUTtV;K=7*_yIYpY<9pmL%M z<;h#`Z<_lt(6PrVNc+(TjrU)Fx`ugAs$`20?6QQeiG0z0=-;@94}l1t6-HsvpXz}v zG{-28~6+XVDWXAMH*s8#ta3wQ~qUWaOXP z4r0p3vQ)jM(EeaYLIm#qAn{!Ep=x60uhK3+S`KGFsrr>GClKf2qmWz_WyuAU?zw(9 zs8f2b7a0lfdx@7Ik{|RCZtcd!=)oVLlX+|1-HOB#(creet`;w)gE#$xDoA zKp-Gj5-S@Uwv#6_znrD5{zM$L?%Inks?o%Gl#0-u>Wj6+0*8zVbm`cto&I)<-kkjx z1F^kLBXdDZH7iQ?g30|VtB?!=E2Nq!k^ z@Ik{gWCV`y?m;P-_NCS@@In(3`gT!ge8y9S$8Ak)lnZ<3PEC*$%gdktng5?R$$wnu z*tsbA%e9y1H-5~%)h)XKsbx)5Q`+UAiNV3EH@+Ie3DEp>pFV<6#vx-MaA$V*$v=IY zo1<#E=KIpqEuixx4#AKXnF616%eB~$i#^T9!GTA#6q3xgf-L(?7h_{%$x96pGBb;d ziv+xho`SaxI_&KIA53jGR?kzhtRHlBb+u>7>|R;hff-dVGc(g^B1u)qW`qZD>>zJ z5Z1^$ek+8o+Hwm-nwfw`9-QZtNq%J)LFdu$yX*iagP zsT0wrhn17v?az5@?mk?+xvF_!j{^V{8L=%Qo71vye@;L|M5lHtxsb4M-+9#k1aXsl z#uiTh`t^o>miVTKQ3uo*7az``vLAQka?qct(!JgD)7lP2%2=32MB1)bwLoBN+%kl#Ih{=?KPoz%sQ&IofwUR42Am*TIUzk)kH7NrS1|KAtE z-Fj@PwAjG?;du?MSgp78O7av2|9uBQcv#b_d<|}Mh1Ttr`_FI2U!7A_P5A%nrP)}> zZyclfzkh4X`TxiNT-_1-fOxxAm6w%5i%P#dz)3z}K`u3H{Mo;+NPUn1^zf-^Kh1^I zc6rCG z-rhqb_&#L|3am#4*c@iQHz&eT{px>AzpM&IVgCl8e17;y(&dVGzmK+-`}&+KYRxJX#nU{# zyj|CaQ8Mzl9DPsTa8tavH-?;0iJq?G`}6X(N@G61zDffT616aqibTEbzaN3v&nOSN z!=k-MWIN-3wE#-9txxj%D=)7P(w*GTq!Kr8J>He&s8~9^G}Tr8Uj5wn{JCVU?)CL~ zMI7TjVKLtJvUBnSx5VJgMZhf5!1%q;vw>4`j1W!JkDRRr+xXt1Er>`M`E_^GHzG7; z)U_DT1VjGxM)sXb7wB^mEYQ|8vLeJ#jWr*g6$MRZR8&+y?WCevXFqv8_tAWg{h=8? zu(Z@K#Er4?Y%u)auhtRH^AYUy4i^0vTOxF;o0_KM^gG^Zd$(uXEzb1GnOJdvgfGbL z{iuHsO}uZU{8WJK3)k}Zdz3wi_vkB!*8S4-kD$Hu^a^Tf%VOiIUr}>}5FRDF=^vCI z=vT0&D|k~Wjuy5oPJ3ip4+jy6uWnqfGkNQXLm{To-&0xKFFUtvE$o5e$^&*!xyhMO z6$BDSi2h7WvX1Qoi(Va$C;7(e*(RHZtcw_g(wCQ%7iXkaHXK8$lQO8l~oEDQ*TF!uO=8Q|GNUMW_Kj8VP{wu&lU-|?Tp zm3()5j`h2p(N!>jFb-5o_t*jyfX^Z$om9JFU>y6t2;m({DZOtS8`ok&MnW6$C$T#+ z@j2~@RWNR&N1IIi@87<^a*;RIoh!~0op$NU(W9x@*~##5SwqvNbuYD3bNFt~w|pdu zk0BJvyl?#!F^-Mkm*d}4<-0{X&{lH(wo02h-*4AVpSALaV zJTha!(k!>~@Sx#D#DM|`WTFH=cwiIC?cq4+w6-YjX>; z_WAQ&ht89OqyvhQsd}M&Z)cyTZ@_Ax!l5Xha)6m2`3&B4CXWWFUbXf(SXnQ7zS4*KGmC zJ|^fCZ}!T>yT#utbU9RL@A{As_7!IDK ze?~78hi4S_aB6;whejCe)Z4M!T)#SMT3dZ~GYmmCN)O)aQ)k|3#6=2<6zyfP;5xA9 z(CP)tvfg-1EjBo|V6v(UQFJ(RVr);UYR1s7j?}w7pFh9zKPceaSJHpthC zFLrYimxlyJ4Wg?i+yA;iY2ltmUx<*6tF?i#g0?4KAYEb=ZpSBWgSDUi~dCdTwEX=vWKk^y5@ELI$28Ja)r10k1E4E5wK}G(Zu9l%{PhqVvoE zbj|g+)ObK^#KHMRo?lpKgExTY0`}v_rF;#lWeS}38MYn?ZHgWoo0WZa{MgI&KfCL{ zrI{ood?{W&!X#d%*Mwu6%@INrjtQZMtv9k6sM2F^@5B!J4TrkK>>Ww6u6x~Pv`X)3 z=9)L5cNYecBWLGSX8o$F{vig}*%E3Kl;{Pno%H>bBsYg}#>a?4sICt)Q!B8cR21Jh zO+q}(aMs3!o$CDHG$-)ATjWc!BKPy>&!L6chZKq@abmjqYm4^~`A3nhLQ26Desu)SmG-3T*ztKvGp#hoDQ9 z5BNb&%HM@fIcrDmCVT{Zx{D;sD`B_hHSl2w#Rjl+n+@}rm>58_Nk81%-o$rho9dUw zPkjFvuavBy-RCsS1sg~uj_{-dz>1N$C>MZo_`NxT3wT1le;AZ5bZ`sAn?#e9K%ZM) zo_tTsg@e-Fxrd1Bg&x?(c=2c~mw)DJ6FD{cB?6**C%H9oRKq6w0?wLVhZ(t!!MFOg z?r%yh_?RFc;)iRx=J#OY?^xu15Z_BTnVK;M?~C2ybXGHUK12*i0e1qn@n>U?RE1hNcP+j>j)MYyt`DaiqN4C` zdd?g6ryC;1`*n7*`O3Kb=T56I;j`IXcZPu6H%SIXV_1k!jZ<7dw*AZ9^UNX+k8$*? ze?l3(&1ujpT`PaDw@S2YOD+(xIHv?MJiEzS1?5G3mhCCKLfBi1Cl^2zB%rX6z4sOfRSdp+LLd9eyb#a|$l9sQIZyvTd|UCZ|pi#ROivZMQ1R0LuLA zNEJ8{Qg@=o9L>#msx@8(iC|TSi=n+`TEQqwy@cLNn=Vs1IT>ZxM@fJ_s+X+R7P+&K zQ!!ry!o?ssmYPvoVU|&{O9Hl~NO2ENc;|9V&pAvP^I0(8O3{*skSol7f1FyWRQGXOxPjt01vUgQA*^%7uxVSn6<0;g6)_Vi(B>ukIj`e zw}#_@*0$FAU4-pS0$NQB&?3KdGm`T?z{^h$wy~ykBT_`9D8@CmHx)z9pT=`}^m}El zUTw~DgD?QT$LrpjZ<3O}zE}6tYnpHXDpCix9Eq8Ab9Z-9RiJ$l=%I?%#BX7O0X2V% zeElSQ6s}&Y;&tI;7FGLG`y+qf=#W(QCGUi}KlL6v*dB8n<9tr%iG`whZI(I-!T0|& zO-s^l-?3xIdc&&iSR*5HjeQkV^M$fzLStgC$=difJ)U-kxe$!fURIA_hiQ#%-|hrq zk(Sc9JfH(yx46U&+rTbgy*poD?}EdK8oSW-gxZ{}tlHj^n?BXzcnsq`E(9jYsitI< zEcJC4?BaCn$qg zu_347(CgIo@QD+PS1#kX?E5QWGtr$VzPb4=x(^e`2Z!k`78w>|66ZjxAJy`XWm|Mx zlTubRw1lOqLXSbgHd;U0zx)Q!Dx;W-C?=h!ffuTOwhr5BedK1JE$a`$L4|f%4JI<| z*1aU}bvC&C7`o{}XK=Bxy?Xp4oSk!m7ujsTT%-9n8i53mz&Pw9(0|{nvC*HDb?xF= zrZ%6TG8q#S=Y>wH#l;+#!>GD1fvHXcQZjY^e*S(RX1|Yy5}Ii`I!1hMsq-W%fZt52}`y)_hNGUtb{V zlzD7MtWbu2b>izcQfUjCjqP~jF^b}cs$X9n#&$hg!7!qx!*mCZ5 z&+a*3m1-Q3GyRiv;q^JDfITdtB(Vw&-In8`oUSr52QrGkHjEuGZmAhzYC|F_wK#Ld zhdZ9_@jk$izh=L+&-n~7FS1vvA8fN69vNv=RV-0+uBvyvXtt8tn>kVU*cu*_j#Xh^c)!6R{X`D@n<)|Xp}UJBS^ z$^}X+{v2?}5+LtyoS7g;=+iDR?=6fnY@o+0Xg&=PyCfkYgt+0mZ4MppEO8R9LaHFn zlCpgvY|d;%D~K;*J%-kwlDMr)AGe zrNk40BI7-4JKu|aM_B#Nd}rO)9d{w%zyg1QI5lhU`U=kA!-qf65@WLDz*PKaH0_l2 z6ECk}K+Ij4n-Dt;BB^ub&tT{&hRX#u5C7TGP5%qO49_OqM?Xqs!(>=IiYe`Xsj+Jc zM9bqwkPm=Q>L8X;5}-7DFkZr-MuaQk^kCYP&k3)CdQ(STUDp^33L*wZM*}i4Sl!(X zAu9Z(y<~zl%gJ@^U2UVqK}OSillWGWWcLAd-~R1Y6rwBfh`nr6cipkF5(Y*f=;_mw zP^R8^C3!sBm0Ma`nv|6EUh_0AZ<52bw3V%G*<{wotgNGad{FMDrxf6gc>@T%@#Y#M zM2J!oUs+%VK(&Kxk;9?izd0^}AN-J&RasYuWLYx>IE-;<9GIO|RQsOR_wdY_^vhRN zh#w*{Vtu`SXxMgA7^i5o^%#<9XX3%ca}%6(p^c; z+N6@Ya^>ALayBS~gF8$*(-T*-PE$w|6aADLhn{8K5fOK0`J1#%oyDw&cd}i+h+IQ< z6OtssC;JTKnqsV`Lu z!xdStX<6zC)3jLi%Ds6@WsRJEvW#B!RDO|{PgOD5L3#48J4nOyZnN86{il2% zfgax+42Rebm11!5Rl@9fJzFDz#qU!^#WrM%*O?D3e@vYEk+oZz-S`FH-5V*SjB4@p zc&vkQLR}v8&Vj&088yIyL)}|gQjXCNhi?j;!IMxngJWE#+gd!nJwJlg zqU+EKI7nlAqF*10NeOKe6P>d&1$&Vb zJ72cw#fufx!m-}rHbei^k2QI9*VXRm9jSZP<{N5ZVRGcim-};M^}jmQ-t>v7>cp*> z_xb;6S2j6$lS4~Ea%ZsTe)Zn3I8L3sb)@yK{rgo5ItLdKmbddeq3mK7caG`b>Ukt> zO8tV*;!#GP<*VTc&f&TgrFc>vtbCx&%ja8`koa%hE*S-u046e{$!|>u0wyAx^2TV? z3+?uSxy<2wMt2huBpui30LfW)0^0V5K0k0#;qS}_zxaF2OW}2w@$>ul-8x=9F1V_o zZ~}U`URTHA@k!}Qa>{vg?#CR?Kpg&MVcW*FaV7+O$D&c6*Z--hRglb3`LLhgrLLUa z$Inoa$ZxEgSTrl9IsdtuU00_@f11PTcjL8C%QC5RPFAmM_DepE36%-n^M3vaaa)w= zv^1)pQ@TzppyFHW=N?{sc=^1k#!nUlAx5!PWe{=b_d?XjEmw1J7|-7-Tc$Z-5hRdw7PAHhDlCan6DM=pxGRZl$BsQ_|6xCn8rAmH$0rFAQY`Ve zdA{G79e4nq9WpUKraGQCh;|pU0Z-z-9QUi^-Mm_5?eD*#bblW^eW?jpTfdn6JL4s@ z;PsTnAEj;`q)|2_JHt!e?hU&w9eR<%kzM&@+sldX`zVx;6?w-X-(29h%CYT}|0EOH zGA+?=k^HtyoB}sY`qRba5y~}T)N0O;9_PmZ8vh3cf_{FI{~ppIiLtcf>cv?*Om=uq ztsETc76et(kI^|N)nnw$w~V>Mk&w}@cM4pJ8EJ0oH_XG`%0cYyPhBW zu6HUYBKRS4F=B=-`uxA~d0p^rx3nob4s`0~y=^cy<72X~hHs?-sLdGJwMrLiwSpXY6^MC?4qJEC&P|T=wy@@{z<@7tjVF7NAJ#_xX+^J z!H7Y=9p}>b?!5k!HocYoe!z1G@`+a6hoLSL4Kn+rl-eb4DM6+6HPcYv;#>9d&%|J) zgTo9T_v=wfi5P~&S4xS}?QW$Ti>_FTAVfBX@duq*@Z~%wBY{;uWTMS@9?ssj+7Pu+n`D5m$+KeC0nTw+;DHcNZ; zhzx?n7!lQC7)IR6?26tANOh zuSrhP{7|C*Tp%X_wvcZ<{A4xG({nqvPPNnYdV0+es^Q-;uF$cwvtt)7K)&S_ec=li za{VZQKqJV+&(qUWUWf898xP@J_td>=YXu`PB`%Y-!vkvzJws z_iKvSpM3Fj=cIL<>zNiEVRM;WdqKuMzst}>dO}%`|i$8#f`q+Ua{I&G|XqdE8<5>oxsnNWDKXe12JFLnFDKCsY0ApF@Hl;-&n?FvM4V4jzV6j#~IQu^!-% zm@kkQP{qlA;ett#qpCnylH4qp!qpMH!It17>bsy-kwT#c2B}kjN4EYwRO+CznAMH~ zY^IemZTr<%ex5@mATA17yetk;2%ZY>PHD80{93ZrzQJJ`y{GXTFE2ZjB#w*|P z&cvIFjGMb$<8aosSeMytmh?X`&2s$TM3W=B6yL)7ePwCrycRc>D*F1E@=_oX(rSzj&zJo_i7JryMW!vt4}$G@>2cI{I|e_0x7 zSHMBFnjr36QbtLoV>m^CaSBq_n(|#w8d@2l%e7X|rIPf)T zNUpKF`$aTX-r&Fg%k(N8esQ;hqVvK@ilz`n4FTB%2?uJSU2K;vUbFv8tP&3eX{+6g zf2RE@10(vBlEu-8j@hsggKW3ek)ohXJu*~#lgWKgg#Y=QH&Y&* zI7wkRT(jPNMGCll+Vq#}J1LtS#SQx}aNG{QhRX`i6lo5fW!@wOsLkg;@0;UszQH-;^vHat%BpHwnyV8=f0=&Uo*x)bsBO_!lu{IH zCU5doKrWT+HNVmQW)o>{D6nK*tg&jNrI*Ow0s z&tIB$P~bnQN510+-2dfHkDl#lWF7yyvL-3aqM%V9@v*Y9PU1n)Hg4lXC;UDY96T|U zZWR2&aOnD@;MaEND7VKx{he9abvTKL;thJ^;SuV`uv^qa?c-YwI{B^5rKLzh>-FDX zF1aoJjpp+Cn$L>0A*SkmUMi!pb9RMUKa*bhM?7TGAt$-JDsysvX$bnetVcXuMtAD2=C1S_HjP96tBAxScX=sV7k~>U9Q|efyzA-$A zK6r6)(T<;~U}&n56Iu4oE*HK(_S%~e8F`w*EGWr}6rQdU$D=kgt`~Zur>mxEA=;+?}NRMhVf`dlE$!V^p!^!zoEYCKS8SiIx zd5g=BD};$pGV}m(foxtwO!H?tk7EawgrwvQCAV%33&#$mDkrRVW%XED9d54lbYo*X zmS5DL5sHtZ7DXo*p{Lh4_7C{2Bg?s@QFWvf>hxc;PDj#BnvtiGGq`ds3RAv_?)Z>? zD>mwHaxmSFbeciKAaA$6$}_NL002?SvlkWv`oS4KPfVO(td`dP&f0)-Y()Ox^wiX& z`Fp8@_z1vzx~GO`bSMbDj0m<_9J}Dk)Bdw-e4v)K%(yeX3|o^%;H++$dw{>ce^K+a zLsuu;TFqx)7 zvEpID$an?R)9&^~cUjp&{~}k;oXBjr`>+8bA)DH7Lk+<%k=NAo3)DRXLPA0&de_c_ z(e^an$09n$ymU(?O+(duE8U9L%lRa_^=Y@)?#H#Ywx3#p4h;_WSlOKHyNoOU`1tF{ zpBviD%0JeIhixXquWn1oc%insL>WF^_G#sy`T;wpldeKMDLw*0-a

j;Sr*m2dT^ z+mDck z*naVEP%#MM;6QWY{x%7~5X%dl;(o_xFg`=E{hVnDcs`wwg-&*F;j7D1bSpYH42`|9 z!Z!JF*Pq0}a7~ifV!{kp{^+@_Cg-U=ed>2~>g#a_FRzQS!qxj#u_pewmFOkjVt6Cx z{q`WTAH!DN_w~wZ-<&gCyX7t#ckM~nqiRw{Bd-z$|KjXlqT8dL{@mqqysvFX5^CG2 z+}Zz7y!qt1^O=w*qf>uG9l#wP;JM91GB?Kn%4`>8faR@ogHGQe&b$IEMI`^daACfC zpB|s(zlY+l7TmGKu{yd_I%qSpy`2^qmRstibf>0LNlso|7$&wli&~iT{eX4L^FhwePo3STVmQ+LC>-YEl48X*oW03^q z2%n&nPzu$Y4LT_Be7f6mftTPgkwalXGrZ8Ld*s6A5fa>F5ny)yz*KNmPA*Bm_8S(y zxenF&Z9h9Ek0W=jWSWi;t{k-dI|%F;>4A*Ut0hYZVHh|-ILnE{BJ54;f7_@@kVPLU zyhmP%mN0XH<9A_!qVlG9+P(hG9hiTmlH1+Ad0=L(%m4b}wAk`NSKynOi>h&Q9Gt@4MnHVFPBfg7`$l+_W2dGHSe4Oto< z9$xRq?QnE3aHt%`D_HJwOc6IB8^qFrk}a}wZ`Q!uh)e)dHZV2S2nA5ejii(4FV0Wp zl8C=Bi<#Zbehq3>WbR+@jXP(&4GoE>yN}&!Fgz>Ap zEJ4QM==Sg_R9blLxn@Mkp>h4%x_iCMbw)AEcE{wlDD5{U|YnwhcV;nC!e0xzi?+`)gDnraVaTdgqa;dMcxVJ&)8UlgYTf^_=4T9 zb~@NUNe}=AGt`k2Ctl#0nER$Vi`0XcxxJ_!*jS@J0%L{8W9Esasi z9i1W1pUa?0JP-60uU?gR@!E`pov_(#C73jV|3wk~*j#PeN?}0(4VcA?o~tMaQ9@?r z5f~gJc@2*!zqxko=+O{hlIUGi!1L5RCT!4h^}O?+@%34cRHvzrHQD#f?iInfJm7Z4 z|3GE=!%GKv2JYb|@){VpPExvNaU3@aq+`Y84jnHBU_VUwRMo1_OBM|k>ZLVEHrc5a)@{>UL&<`>X2yz7? z2#6Vp%Z#P6US#&K(bw0eSj;Z07#x6-BpI}|DaamVx!s275Pc=l{{GiCH(kXuN>`7d zCwMzMyD>3t;RFtB_bBeA$jEc}V+YyUlcPJQj-3d(+GIJ?lfe^p?bk|vktV}UsM3c# zsh_;_`ir@vh%ry-<45DC0Re+KoqfezGrP{uRQU|6XN`$KPt#gxuZfPF5V}*PnWP{eDJ zjw{ouOcgz>`zPvzSnJgj&)X^#QZHtZWs&i6S&20@zHXcp?3v2{%KypB*U(PzC(D!& z6u&PG414>J7j2_rA!zI$yJ%iZM}c8K#ntdB$}H;gYUmZ$Zc#b!GmJh(!C|#=Dr>{% z@?(rh-%IgQvmZ)2WIyFA&uvA8Ywt*@ENb@?WzY66VGTpuwsP)!ai)N9gvxCH_Nful zJi>8PAGSNYOW@cse{h8`gnw}f{5NIL)3N`MM0f5qCp6gDgdj3A%Zks++6^uy3gS6s zKf&4{)+DF|i!H zG|M?OHufftwH&DNiQ}Ux7f&8Zpa>H0djjr*fS$XuESp+#E&Ewq7PA+h1F@{GOx%N6 z4tl;NV|se}Cy9wi#W((Lhsk!pi^1i2WMnxcFo>CvO4G2niT%5Ynj~-tiY29v&0-9Q z7fDr7+{>uGV6v)usV#H6T0>;Mv$QlBH=N7vypGVck zsLssH@LPNDVU&=Sl}(?1*q!cq2vW%pQ6cZ|uULVuk%LJLHj!fpf0iy#j}=DsU95;W z!U9^5PjHxBk!5_KV*9Vs#YG3v6$4|mgZl%%!tO)R8sJ{{F*C#D=lfz3l##j33z5zr z`e~5T;(_cgHs(2yqB{Fc2moX>jLuAaA8O>~<(tmWfcrFoNC6LA2uMExzhEY;5*=@} zvy8sAd;$lIE+}?>{u3=`9MB|Zd1uOm8>&22;GLV~Ji6#hMM=+W$0W<>fAd4XRLaK1 z{qhf)Wz1wV>%z8=XG&~;dt&E8V?sSMusY%d(F2Y}-dC%{WirSVCpLt|xOTb|>biwrmfJwzCYGjmPMWs8 zIYa^^T0P5%$8|9Rcp)UYr~Bu*eWBgzonkb!hXEsc>6FU*_w*h%f4=JnbU3#o^$l#n zEr;pVQ=N->i)Np&I3u-GfVkG+vEA41(ae^L97cKs#DVZ~hwM9gWqjG)fhwS=_)dbv;B>yEK;tDN;>5e_Ks5D;hSe5(E(9qkIzn z%+Kd>a;&WWP{`~{kUEvKq?Ue85H(UDLq@|S{DVevLa}C;D*^aS2e#|6MDD(R0Bfg8Yms!dF(fOG8=;g~J zz9yIV?xygiNZ5HqM%nyuN#fr=xt$aC-NhcK8P)c?9R6o!oH=L;!5@wSyUb@cWv7L! zYE(!MA4w2Jpum~0$BNcwjLx(Ghq5p<%)B~wo$Xx9lV2nu7lRa(u0Ir9y45}(srYnr z=f0Z5cC;Uk6^U3Fe>?g4*7OMN_m9Fi&p7@WMSU~CvK`uiUS3{krK)X67XSc&<)JNW z{HW>zwZ1yy<&GpIo-%2pp_RI*l?tKF7@2?++LEZM5$>r#|| zJ9dV|=pX&w^zwZDdZSC@l|y8?ep@y(X5aL`#=B(%8{0p#wBLKX^sgqjl+u?;dnh2= ziX6pV7FPR5JMZzKuzCwf!x2VC)AhMpJ*2dQ5Gk5sj*v@kd(|nj<(8p#Hr!^kp25cy zCNTc!fQ+)Z#<8Y@IVZYcK#UZccZJk7rRo>a&sMfsD3e+@QFEU|1A0MpP}KV~_MgKf z@j5BC#(;MY2jAhbF^5ZcIc}oHZw7&y?#p+W_@l!(l~2q8hXA&0uRZJ9sqOP)Rj0G^ zTiVuKi@02NMuvjp+)_J2d+*E*>9(x7=a)8bM4?07S=)W4ISi)~oHf2o&{C9jw)EaX zX=zp1sSx>0NrxS@f)dHwL!K+1&pXcX&P$xPXy0gVw20_f7T+2wjmKTK^LM;)tG6j| z-&|q8p{!^Y|DE(0dptt?V$o8qr4pE(ee=Y%19BjbE&NV&Vf;7k$_)5+ELE%EBvv@C z(RWn^?ZdUPMQY&=huV@8`OQvfy6k4N5N5gJb-;s0Q-S_^wQh!dLGjU^#^)Q(ugB@M z{;poxr}Nk)_RvPyi^;=WEf>uZuRgs4Lp(pqWeNsX&YP(yy}f~!IyzL-up)-*^!~QI z4BLv|#&L`f$~?-YJk)iIo%VrYJAU}^gQjSKOxy9rBS)QlX_%QmxgiPik7aR_k$!8! z3Qj{5$ORU*FN_EMYBpY3c{ByzWnG9k_t#^ZB`(L^-Q91d-=DKD_eD#K0yNy8^7=Pl z9@5MEU3BtF#Z=Z2==xBp9ugRCaz?<^dW}al5bzU@k4)UDn z8rjFH>jf4ZZZYwQ4Q9DEm;}BfSQ%&*i>LEv1KNlA)@ErAj@)9CNPOL$D6)Rqj+ zkwK6vzWT2YWf%s?0rx?xk=S_ z&KBMpEJqOG$=tnr5-+ZYlq$r9f;*~&n(3;Hph(Fb6veBZHuk7MfaI(DD>CIm=k;d$ z2t$ZwYMx4($eH{&?|hqI0{s#S&F9Bk#Wwh4$D315sSG$x=g8?=mBui)Tb2f!Mo2!5 z4)j)%HhpQMdpx?<>Em3amp&u^4I96BVMdzULz{QwF0aM8MTZ4jvUlEP=l}Ut zKGW~5dKUluxJc(F)_Nh2tqlesZHaDc3J+|9F*vIr@!af``7*7ro3I!3zC$w>Z>|LV zGgF*(meq}qzNAmW-260@Gq>TRi7YN91(g7{Z_x1Ia;&b>tdPMq!n$@@0 zqVrqOpFe-T_C>U(1ee3OP6)Sd3>T zpA=_4uB@y?I7zj<1EACIzD5UK6BK!9!XU?h(vrk!eb%whnE|?HBBci@|2Q2v*O}dS zbMx`{H(LI!idL8^6Fc`7q{o$fcgpJW{E;(@u<2K@qCpZA$uoG##>OV6Q{eb$=pswn z%W}!YD*-vJ=9mY@ljGg1@PUw|h!F5ftfB=|{^~LCXClPo#{K*2T750CslQ8fU-?zX zabxqqWx6}d>8G5oRTX6vKF`wCCB(4tTLf&^=g%AwFDNLQ({S=hJGwl@V8t zHPBj+83%AG5?x)7^^J{!;XoH)nAZ+YzX%U^AageRJ>Qa*U5uv{y^XB-<8clVx3ZwW z_pLVwxwg&D*Y-zJB^AfXTW)!KCp=zQ@%~=ic(S)rNpfMLy;-w)CWh&ys?x3ToKE4L zLTApz;X1_aV4Z6Gnq-zOzyh3z2GcD0K(oj}?3IZI2CvP!xq}WyJWlwDGv~45l2gRa zNzc7WXGK*v)0WJtq(tXiGVViD8zt&|1hD{-U@i6Z^bQFA#v|)bcKi1L1M+bg)C+8c z&@7%TADxT9WO+^1NdkWsi$2lEP1&w4F(^*lDQ!S=TXDj7P} zSgenUiawexi?8q0RqS-=KsBBz5&*3o1#AJpA;?IkzjXUfgyoJmA1Yq`b^A)tCX!}r zZ|8~N{WD_tzTcZn(L>d)U34AcBR^=oo+MxCM^vlZo3yCjvMB3nQ&xzv{YzEa;vU*ZqI=eL6G>jwM$Xwg zx<6I9t$MX3@0IG!caOD-uhP@f`d3&D<{4jlQtYdc{NZkg?6(Zv-R1ZoM9bO(+t5~N zRyPUv(s|DmA~gELU@QsRoI;|brEh#a06jdaG_NA9RcLF;!|nex_tk$@ZC|tpQBYDP z6(m$bkPzuqkP-nA>28q*=~PsZ?hfhhZfTH`?rurx=FQ{1_xt{V_rp7%&-LExIcJ}} z*Is+AIp-L2jFOUO@cH$us;VlbjvO@}8lvYO4wmM3hrZom4WghBRy6b6FLDqe1ECO> z$Jw>Kx`8=#EMl=}aIN>Jm-AX~Ch}m0{3N_u)SnF6%;v#A1gZm{p&Ire=UmcVnZFBl)%MZk{a=n81WqGc)8rdn>)( zA5r5$I+cOw=sl;X@$t!tk$+8%Gn6y$-nw;*(Sm@k=^gn2)Fq6n=vtcPfLd7qC2H3e z|I26Ix+;BZbqZp-^^@C&ssUC}(_UDSGQ&1)ZE%)fJL z{QCn|pFe-rEQy;eZtUvvEieB$w%4Md;f(4AcPHO6rD!%RVkG3~h)!4=<^F@D?S1Q9 z1){%=Ley~Po?c!{T^!S?mWxGsqeVS9f@%HG;OF{o8nl^*miC9IwFlB|q3WT|h~3y= zy$#D_ds`dDBSS1u0jmBZqNToUbTDDXlsLSmwo?iU4YwXl^;tsCw@38&Xr8dS`3lwW zCp z!&Qv7HU;|wQ}QtdcDxk}`!zh|eFQvblO+gi1|DnSDBb0g%_=icm%;{-uX5eTKl17r zH9=YL2=0(KAMoy96EdECQLiDJA2mQPFrB;$yTH%0<2uw|g?f0f^VnUUTYyr-XN&ou zw(f2uxmYnr9=hxOwHnozmg9*kA7Ah|9nn9ADlg<&F$Qt=DCV2R;6%%DacqDsk`%Z( z$+No<-19423A4pl0yIi$lXY4deTe@MLg6Y|ArDk{BtU2Odb zT1xZS+F4loDj?nhA}zCFAIIBV)zBw8A|R~)q0(lfn?4WApesraP_XM@$P0bCS0GKr z<^2VAs}3N65v?&aEU6kXA8Y#>w&lc}XKdDyl}0tXdTP?T{$vfO1t|Gv_r!%??yo1rgo%w$F3v>^rx>ldl$CE)KApa(>!JX&&L%$LEs+TjcHv zKSpIVYfXRgcfUI2+!bcw?3xN||MQq6-Uh2GZc#mScUtx#RgHwXxmX5k8vc*B;G1O_e&oi-_*}&7$|rvm?QD z1kv8E5KqC1f9|;T{KZv#{Ac1DBcU-qm0GATW4Wnjgn%kL&Q1E*?Yjf@^EZeyb3l9g-v$s|o7g#tmF3gd?t!R0nQXz^EUFV83KW)Hi5nk2=fc7r6)LD=R+3!!2rpu8A>fc??=}8_@n@aueO9{uRL`>@VCw$o2H1^Tc zpCjhLnPhua@Hm&<5Xc3l>}c1bUPKpsXFe(mo*-G4Tz(H}ox0O-Ll;fX!}DOl8s*rx1PA97i_t!AnJ5D!~(8+;rLJZ`c_Z+QK-Urkvi=CWjkosU`Xr|weE z29IPDQklkhNFclb5XjZ~!} zEp8IyIGaFKs-}r%8cKaL)%qg8>>I{Mk%k(qk#)LLDHW~&Q!4tN20vLGW%<2ii(;O@ zT9H>LM(3Wn3!s_{8zTJ%3v%92n%+ewakQ_y$A9$OUSrW0r>m0kNaAeZvMqT+V7@}} zLrBlun?f7a2TTlg!BZB@>e<|iDnf&UyS8V|Dvf2%2V{Fd*p~&a1Mvf}JWo&Byx5+e zp5;LW4Ux3|U3eR+XwD#ya>E_H?)xI2ZEN%{cof7A4D)3Fuo` z%x8*xNWz~sqXWm^Qbw+(h9Us0psx_pFH4MK~j5aC1DfwXrd*Dm@{wod zC;ie?3OyCMDeM5IbvsRdU}ZFG8BfpW8~qvh3cc#hu2MdI_~U5QnkyG*d{g@O5~duK zw3K9kgk6I&qpjWB#(rJ{)qS^yx)VkmtXn)x<;MswpHwfgRJYm0*pbqdIH8NP1 zlEUHQ8XdFB13^x<_YV=>3>ry3E6S$Y=Iu;vTJ=L&D_k z4zDZdXT=QBhS5bzww(TZswC>04!^@~(;Ts-9R?1X&rgis*>`}76UCDP6mP=w#Xctz z4#saWF~%mg5;CPDTQx-8tkM#Kvo@2zy$CpSt$(Mqe|DK|xSjqI;8g=N`vcUthPpbq zQ6V_TJWAJPl)E=R5?m}JrernSu=uzEPb}w`HyyvdYOeM(L)CjMxH&TDyIc8uU(LgMFg-$_fg z!UiwxP# z+Nxp+$Zh6y4_W^*IW3;B1iiX0b0R4C8l06jfE)79@g`c5#i^S%MC2r@KHU$AVw0%4 z`uFqjM;TZ6B!k}FPdCf>t%n&&d-yR4B@DyobXgKUY$%WY&&{&DtAe#10=bu2IFwDk zx9@zTd~$12vJYP&icRR7KhwX<5&Yi7l4_JLBn2sQV7!Y~_+i6q`DZ9?MMa8=XBy2< zn02Pu|D4lx%B#z4z>g|JXJZZd#HeN-&%P10qq^2z4pa)-+1cR`K-vGf0NNXc=5;sA z9<7}p>X-~=4{YWY8@lI;`oF2F`}YE`TQI_YWI@tF!i-QE%;dOexp9M*soH#g>wj)* zs&0RW^pVJe;~oK59TL48H&(u43q84OHo^CwDX6DJ0Cgk`2^(|3#H|OWZ37(($|b*Q z4#{4cZ(G-e|L@1BU^qXU`_Vd{819g}5DzvcHSH1+V?EANjRfVQ_Ur$1Uge+~oqTgW zp9AoMJ3gaNp>t#2?*h8xTBc855 zF>1O>Z}PPo(>d^#hi?{jlMCxdVpxd#jVSKKI};+#>n^nwOE4yTlUB-%pQF5%Gq*w| zC&!qW5bN%t8SD?{)6ycv!Jr!)15Vn*^h~cV{lB}-Tq;OBgBV+i+E;iY%T)@+!*nDU z%@0Iy^vv!Lhe_2YxjAKhxuQZih&nc7xXrY2`wOk?I-8Mpo)R8n3ryV539g+td_j;- z)W%-JBn*+ahqz}BgGBe*&=ssom7NWca8f1k_zhacuOgCVs6Ur4P6P>M_A$_KMw~M# zmFi}{=RYoeEVWFwJiQ>m73+Gv>ir}55x95@JXtw{Xf=^Qpz2zXW};S2s*mYG%hb23 zYtg!N#|N(pP11@VuzT!EnpRSMDL#9kNNS%Vr+TZ(c1s(0St*uV*d#+13vIJ&L5>|^ zNGqN#>vp8V*u-@VFQ5C6Qthtb-*XTa0aBl-WSM4g=SL}-UV01!9UYDb>g(P|-({c6 zt$&QD4dA75i^1@{|UNJm^3uc?8S>0_v!m9_m@?XLqe z@cwWJkAQ$bl&6z2bD4fK)pdez1l4ee%7618R_F@25{FK1S0}6lH=MTwS(9FgZt>CN zAD3ufIrPwXS8CQXA(a`*rd`}2$I3lAsjlWl!*+-o7#N_hJy6~Nz*iM%>J8zpJ_=<+qtfyYzDrt=XgkSPM)2tJy0=g%KS#4 zm;_}BVPAArIS zeTGBYD6q}J-h=>MZ0IZe8QE)&sHot=$LADHfcSuyuLiLk^=Nf<6=-3go1Vj#1*!Sw zrapWNJb1v7sjn{vn;TqLpcVr3l@A#x@JpcJn!$IlzfaF@re&U|$3 zSsC5E^@02R+U^zQ$DGlgnVHZ>*=>LC1GuNC{q8_Y=l?Un7G0+8)RE#_l0MRWf)h#N z-J=p=hlYtxYx8E;tA3-6reNLO!}8}Ji>8*`MAMwA<^ogBxWEU~iz5X|ynDaS(=*+t zY8(@2F_J`Gzc*ijVqwUzI>{Aeh1_cS;%mEZU$^UCucFKGq5%S2Nx`PY4~>F`Ci-;C zto3lZXK7FY-DoX(f9>!g@<;SK!nVhZgkH;q;@lfUfYAXj5N7OlyA;G<8H;$}#Fm_b zjy01s-=MT3FTD8`+fgZ6TRDPgrtXp*!nJewBBR)e*~w;f%R2oXB?oTe}{$x2+PiGjQK_8q8LU8 z1T%)8bFHs<;{N&ZoV(%x%Xq|m*nU}+813fisFJ6Q!!@DS; zoP)aye77f-3-5jp8o6a=c1Avp&dx5%69QWpuQ>HoXPVHvzicGee8ms^U`^-BD%fW^7a zO_~`R}7_d#t1eN4UHXYtorRi0wozC5EZ^N3L?l< zd?IfYpys=`#|r43r;iVvrRn;}A*a(31yZ9c(PF-dzS|76o?lb8q^NUn3_F~kGo5o^ zw?NWTxdH=aKp^!XGZ!g1G2iO?!*R=5u_5$-F`D{M^xX z;@0Y;u8tbaXZxv2Ep6$p89vxVRVK- zall>yzZUUOWXB~e0<=j#Rf8Wh47ZG-!h|Fklf$H#e!u+Mfs9bDSt~ylZI(bqnuKz_bYWR{nrCUupZNznro#fuhy$Ie%I70D}rwvH30gM`>I;V~RX~f@l_xZnpqdzN)4>)}ED`V@ zjh2?B@AIY$Wal(kN|G!Ik`EB^qgu|~L_QHnp<)1Df8EtZfcyrKF24W-r`h7O3h;?9 z)UQGIj108auzo-~0h|M2%Zr^3W9YsYgO&Wni{p;W2Tuy_JbILNba9%202?E#VKoKz z#U~)YSycC9S8S8b_YvVQ1 zl6w{?0LPQVlZgOa59G)jK`sEWJEWo()NPS$3NojB8gD`d3S+N}plRPPipDAAZ@#WuEC4f#5K8Y7K*g|$P)tz;o>>Hu{TEk{6 z$WfV=)#WQJFSocRN!-EenB^hOxN<<4eR5&$&4wRJ>{F|D6(kl((i_7O~gA;AO&3xk>EjyQ6+h7m#l z+kxKz)E6QCGs)BdT0DROU$M6ymmX-iL?TroiqQt4ZUrRXAcYTtK@Dhy!dP-B@5%?pZkhGL*Ab-_bF?$aW(;(oIy6R@CJZ zucqDi$LG5*N)3Ixb?FY+UIAnZfX33%pLt;7H!MzoF8KB#E(LY!eOO(=eHKFRL%{Js z3|rQipVCx5a&>imvSv3kS~v2}>eVlwL(Jv=ZnJvQk+9+j~OV8UyU5gfK{%FNq zf1Gul%UpGz@8sZ~dA$|LS%9uDZMY7f!(OFkb#ycj(0@e&=Rtp*&a!i|=AAKwp58tb z6|b|Oni*~MKz(2M{WWBS9S#ziG%#lb1IuaRj_U5WVnFs!6kP=i7^6S^TiV*Mg3ae| z-m^#BZ9kaL!E7t3ZdNKae#BJE`59b1 zFx|MUT(kkZBQg$B^TXx03#SxP@3$mG?y(w9e;xtBQy1_`1gzQeM!!E=O_l(4+h{pB zSUNG24yc5SAP+r!cO^-*uKCloI`9BvgL-miGuR+Q%>@OYvkJ>w$Pm=waI>}4 zL}hifh~9Q;^mEzNT@XX&0J}(L6ciNYU=X2UgO(M4BwZhfh1zA~;;*u$;RL){+Yy%j z@f6O>Qt#`IuF$JHMOt=6sppHAI-jybGfF+6Dh!sU08T;E^DVr2(mN{PI=fkSi4y1H z0L6?ZleDFK*8i4rJfj68O@dH#3GiQ+o7Q%r;GoCw)c0WTHDFq z>ayjlw0_V}Oala5HfCZX=4p~v{j9lW*|>KT@Si?T)$}awA08U?CFe1n@M`PO_d<~# zD43X4lYWyfv$z~rj0PX(%S$4nT#uWDchz43EnF`ollF;CRc!SHDQ``6d-u;5a&qt= zuof;XFKQLwYqCJD%5GGkKE=<-Woc!_OzZ<(6UZWu?Ys8{thv<+3QC_Q>~Ceu&A-PaY?-hJW%(%P>Sl)j(E9s3R=J1)YAZtek^y% zwV9G(G;j|@Sw7JLQVpzVBK}fzUAHBgfH2Sk_FBue0RufnH+4ngh9o zW1EzG&Z_wm zz>M;my~T{DymBs0srmRqGY5@s-y!Il6+$1W-4{4JLw#p%fcMHkM2k`5glL~+QuvwX z&GE7eFrsIT^jzlt$FSU1rsD5KmKRO0;3F%b zqW6HmmIX9ClOkF4EFUSnEo||Ng|zD-mG4qf4>fXgL+LI-xSm<~Nn}ge?)#>F!CWpf zpXCMTO;k?NAb{Cdeq#!V0ssLz>f(&87$nhxAp{j%T#waR{T+Eev}iIH?&VF3OL7V4 zaPPmH&Y(v>*wi|Yl4Gr=4@C3DQ(|?++2Ee?uh-OEgn)-cBhqt62Jxcx?ZZq#ECko+ zC}RPA*hSZBi0nYFN_@l!=fT!w*9lwJbxt!O&>y-Ctx_qbreOAzBpG6H?dI0jo=5&h z284j8hr-2%!v!PDg+|LZbd^mPFQcEXvHsQdp7;rIIM%bY{jzSe508ZXC751$jt{Mm zVtV@KB(tf;IqfJ-Om;yE^wwKkl25Wo-xhqfoj|1sJb4X{V5?JOPcM%oV6S~UI9g7Z zOiMNX?u{IQoLrv7?n@bbL$7ZvJ;=ZWwxoBwPv>6BRV1kk-A_u4<>8_K9(TMT_1xm( z*BjzYZvWUMbB=ey7QWZgW$OaNI4T8&KXCJ*A8uKHGaO6Ac0oZg$n|*nM=t#h-|Q;} zj7*1F6Rr7fZ@$Zmzxz;GCd(*v+IwOGNmihT@9-f4L?9Stv1+QTp*#fnSsh?&oXAAB zM<8Bsy4HUO(rX=N;-l%ylK@buS6(!VbGErDaJGGKvXV>G46N7Zp;~ksnSomzZ9hi< z0W;4e0{lMjA%|o`*$tOJ;@N=QrV~2Q1|;x>do43Ft!#f84T3$@2kzJ~g|vR4<(4r< zqgPQ5K1_Y#X0rXp4>`EZy0g*C`?_#UYHIn~)Ttz#F+hW&>BRa!% zSuI|=~?G>JeqM~>FdvkdyVOKcE-zYrl=6L_|L3nM;6h`Q$QpvFk)oy z({e|+f3nkY5jJCR``d>X6KeNCxS?c8HUZH7Dqj9Nl%>^G<2MAEvT5pp+z>F_z{X~< zJUgpiUglSrtQ6iQ+}WwzUVE)71(s96)WY*UzWax`jKqlNGnS&*ofn-Q2vF zYm`w?KC+sO#Q<=p?r3rySZ%Gw2Z--4L*FY;KvWG0L^JrbFk#;f>Et#NR0R_S8qSA4 zC15*WG@AY<2hG$Vs&Q0F2^cJbjj`A(G1?-fo0BzoN$oGp#c0!lqzi2iyGfM)LK96n zFQbqm7p6+!DGWxGfj&N1{HN>l+QV8bcYVPrBO3C75Wz2kFAi78;$(OT}^esi!p}7t5!hn*qtW>K!Ed4ufa!;Lw*QEx>>B?lI5`gu4|o z-h?`C8Y*CfepC5URTa5HJRBIZn3VWukGrZg&OcA1fTvTWwQ0_jzbZ^=wzwn70~e)R z#(;pn*=Sfq&hxq4J>BHA`TX%e5NO_K@sg#HzS7;rODFGTt0epQAuCoRm;Yo}?misi z{aOYAxym05ja$eQ@+=fDD0xSzLU@BR*XzPx05MYQ%mcP-<+@J5y?QrRypT2s#d&cn zPEy5gl4iLep!Q-ebtX3RZEWuZ`2tX-=P#8;Z!>=ru4*)6d4om$$kn}`;sGEb$l=4! z8hq)X4Apk`AK!28IXD}JKm7YfHxjQw?jP7e(ZO9y*hb(5J29C^;80Ud@YlYfT!|RV z^+IV~u;uR>l&E`ra@?P};rtiHK-M@!dI@y@gMZ-v%e%ya|4Oa?{kY)70dkW5Qy)N{ zhhyLWv_jyr%lQ7@2G9@@5^nyTA7*n0un1X;bewe@#~1cbiT~pQ7>2`#hrb|U9XLpL z5-kQ=4a&8YVu@Qw?yyvv5I9;Ozbi9`m7?~KHAI()3_cc`eKcI=a(_}dT;*IC)z-z| z19(BHStO~TxZ|Jm;_zf`&vgeXxK7zPP?;ZXykUH|Hgwt6-cAX*0u=W-)@z|-;V-;E z2eJCh>Z;P*A(&YSKvD`qfq6~4pwD{~4-e=y=HHh7SDSmW8pPJlI18LYWK&OZ@c?EE znA5n`I35NB2c!M~qF#HVFsA9-Zwl)Wsen42oroW4H`s|onNjlP&kS#ME0E-d_TTv( zV6Kbit<*yQ^2T@>%liQmkZ_EdZ_Qgj>DULu_M^jTNvf#bnfi05vp<~3qd;qg1S^o# z|IT&*x8i*sRzYO#5G!!03QCjJKip8H2}mGTN&+K?&k$?J036>7O&q50d=)Z*Y3M_8 zcms;KSHY0-p`~RZaF&{`<=uh(1v=0hbXg2rkrGy?TmG%%V?idPVA^N$^aD)JJLgFk#@ zfLR3AxbH5(9nc@LjNXEIz7b=222&`87EgeB!u20u%xu425C_VxeW{YNAa#yxOhkYH zwr%kdlueB60mLz!JTXOUU{6~TN9*xDe?_!9t+Wsq5bX|)V`k7cVEfN-;&cJ{8Ya!oZEx0wKj1@aC-)$sFj9EsSQ zK063CVcIzpv%X^vrE5lEc0PFv^@7nr>gr)8`5 zG)z30KM9IXagL@p)1;`N(Fy1Xb4FnIiquTGIAJDpIdX+j3IvW*`0@%k@ReJ{_tjm_ z!;roPMmQBj8BjZHTxiEDLH3NyrG&>VCwNo>nxX(1s7wv)6qk3R(&Fhs2{^6rw`LNT3cPR=b9e}Ftz&h^a1TrxG+Ii514%#4p9-*S~ z3JVGX!+E&g5pw@jt7TK=Mr2DNDW|y`z*iuIS7mN%Yp^||a7Tb&oP;VgFi;8(m#H94 zYgy-xj@wu3EDDWWKy&W}axN&pfDkOQku*mc8yZjw3POw5+}(v>J!E8`4jrqq#r5ai z;he1G6H`>=gkBYxAVLs?K&a-SZuaXvvha>LoE-kOQx@kFZzKzi#~(>8-@88?^)b5M9dRgj_UaZ@P!$xqzvQrZg;fBf80aCZ#d>RRYK0_4ry3EAjv-AigY7x*H@=Q^YYr_d{ zf*}y4^J=+?ZEc?d%{|liHL9n7-mAB7S!ayh2BFpkBV1WY<3a!-?sv)Olh90g>lV@F zU8r?@LDt#bU^gP-nogIQ$27&6f#MB73ygOiSAL;D9sBP0ws+6WYvY=sjgRX7{UC5y zK!H6;9K4)g<2O?QJ36xu-GM36GS9e39;VCZaF-ZO*TXa1;Xz(24c7{lLaErz;V31Jmp~Rr`uxI^^Ok`6)lmSy z^U3VShLzA7a;yM?&0Y=gWu4C^pjE{Ad-;6l?HuE#s{Gr{`KZoV;0KJbrz*M|NmfS6R z%Kcqk)Df{z?<0ka0chJno)Hpk1f+T!dj6m)z+|tcuTL#-#_S8?$d%c4S%VF5Ezos` zI|~meoMSy$P|_-FuD>hX-nK-pBuYw=52@K_>d_tFOBTWk^SZ)P?)L5Xmf*JNa+bS zcMxHDw#_a8HNoaO) zcgAaP=q?)s=yWw{6(tN;-1>dTBc3aURN^j8;ek1;32rNkKvUz2_vnJq>Cv+1?qR*! zBbSq@W^m1o4+)Wd3@m>L(5tr_I>M`|flhaq?KVPWble79^uE~PkbOPblrJrKG<_HyEBQ`)HS%FLaB1`@--+mVjNEo6} z%VbnuhVE0va&vyD(y45jP}yG`hZjdc@f*yA9|P+E`z|Na zIzzU~CRW=DoR8wc(C8@;L7@Z-)rBy&cfVE=_qlh&K-Aa=T2$T{#pGzzg-uMTGEno^ zVt^<*fY{WK%3`~<>n20P)i7&Rw&fxn5C-0MID)ztNHXvO>AHFHd`yG^nIt7H2xbwM`%iS~ImDpPL*um z;W)|;xk*xGQN)rub7$D66`Uwq46B`yeVLn^1D)z#GW4rg-_*G@-ZxT&sdG<2V0laz z`V)b8f%>f3E7b0MUj|m8D^CqBzBhY(`Em;nPga+sIUwLB)U4)44KDpPT-6Yq!&Sdw z|ASTmlpny2JO&(VtOAzo!6-Apdxd21!yX^YdPB=BDv(DrCzGJ74#cVZ$iNaQ4k$N& z&JSfl)aiYJB%l{RfmKnjx7>ERxwaBS^y{wvatph$9Sw-<)=y4Clw_?IB@2KA*l!i+ zwreQYz*(m~cNZbXLi;^z2BtZEb2{4Kz;zex$35EtE#zjw=a6gz=q9-iYt;7cZhu@= z?>l7ALNPHDlNq#J+Uq}Xzshi+{eCdhJ#Bfk>kiN-J?k}Rs+f-Ia|Mj_(G0Q?Xjtk!Ap@l1n=RR*SEgFsAmOoJC9|6Nq$|fa@?_nj6vZ**Pd7z5zZ?l z7w&yqk)T0tz)cK`6J(0B@p5v_n#|^r^BJc6bgwo0(E?|U_8N_`G>2Ci&MJ55FL(;D zlDdPRl@&d(e;nickHw>&yU>?Cr&EGD|Bg1>UnVEFhDh5Rr?b%s`gYbA6iJ6uq>wW& z#01GVE9yaHqA< zn!v2fRTp;B9)p*|mNCS)Jq8nQvpaA&8<5vYh5nuBkLiPrf*!d=ljS`B`aVHl?CE{p zEW8bq#Fx+T_P8HF&!I@~VbS3c-FL(uwU5IujdO<$qHL6PSkFaWa)#Rk-XUsZ-72&3b9+w^6xR7kaNd zzt4W`)^4q;1#&7K$+b_#((=6V|+1_n+Ei29a{o6T-V@Q1lmG1sn`Uu7S zD_-}}%)8QcK6^6Pmp8o|Sn<3&5Yc<*Y0C_mXA~s{+H3cpsoF1Id=`24x-|8$rt%=u zUPkgcre|Tvpv!fSdSJqiEW-Y2Iv zU2!`tWCyIm4f)YuA6fy=(3^u}_gCTj(xH=zqs7=JMJ)Bm5ckPG8@jUzrn?!o=yyU) zmJ@I@QSwzJt9hSPNpAFKttnPl+;J;%;4C+?8;>n9bJD?G%+ZNpe;8TtCGcLpz}W0k zf?lA_J$XDP$xi(imBk5e)=-z#z}U3qT%+&xBy*{WZ8+18QCH69$O+(}(Zt^MaMq)5 z7kv+`wWiD8nJCG+Mdkoj^*Ak&>&N7Bs)fESx~tOg4~@EaSHHW8UEcG`CCZjy$1aok)AYbL<@S%}xq zXIX7)`H$*Cb0mcne3gfis+`iG)h>m9rJDa0QO`V>G2dgz6X7A8F(VgBF;r z_J3TBs;1m@DEpmX*A+EMw&|GXVe3Raf7-0Yey8(2c3bzxy$%M0H1juQ5nGq; z-pG;fgONuRY3Ye|zhK`y3)q-q2noqaE;XcK@2FMM{utmtmdfIj|E+V6w7ZQ=w3=Zt z!XH|$;`P=?EOhnB>Pi^G7@a+ij;?xnb@Q4!!_*g3xzLP2pUR_7wSF!e-8}PK7LRuG z4(5*o2Z8vlKRe^QeH968ymX4Sq4em~LGgDZeM8BN{K&@XZ({BCjiIH+1U7XE1+_~S zvzR>RGV0(}?PH1yw3iy%{6lI!RYuhmLHpC1+2R?m^(KX>tEXt#u=$o}@jEg0Vh{HO zK2k*I^hnc|f`}lCD=o`crqsg(X|EE=Dk?ek(xIaWKJKKh~JvFY<>6PT4Pqn|Ea0}$(t*{RJ8Cn!2JZ3quw809e#e^X=VfaNeF;D9mY7e=F>2u} zE&Q4$kTG99C8Zx1+mNB;5cLd9(QtAazv_O~N{mhlu)?68+wDoow#4JftUZ&z74b?x zNVcD=Y?|$ZKZ$vhzjCfhS=jzsooB7InAl8^1T})$cC!PE%&El!yFHBI)NOs;_>1oS z`}b*HN3`AF<}a$BhO2m`Mf$WyYIfmV|3ReW&Ff$6caoG5zxht}gMH4KO)^F8*5<3?hei*~4{^4Bh=_*t)L(wENsvE5Dzwj?sk24m_hDG#CYFq@Ottx49rVw zBxm{-unXQ-@tj=1o$b?pP?Sg=8{$@w5I8){@y9xrylPNWm)xM(rppx9A}9KaZmY^l zyoIrQj2zEIwd`1D=~&yVY&Bn(gIsw+ohNo5UZFjmqDw2}5~IZ;I`qD(x4h@mtj})e zq{ko?{SAH@{<2Z~{*ChMXqDUCj)5+-9y&(8jyk@2m% z+6nQgo+94$;!eWr>u#Su)rzv(09wOkLq;5l^UPbIiDTcz0lpy9=~HCB#`Oq)ksHTh zstM)BE7E`;(;Vy;Jymi(F_laYt4;=9wCwvnpj>Jjl3*~x$WQ3&aPuLa_{dCOR(2EX zOHwPjhEn6T~bf{Ox5S5gD12<4NpB5##nH#Ww7^YcR9&!r4_dv*5n#F*2FWg z@ngI(VYL%8yl`OPEMt2%Tid#*LK8gjGOcu)it+)JufamSYOqnZju0I2VS!5 z1e>CTxq2RnnB_u#^&XpzLU>T*h`ZJoJgx_heKIBI9s<1G09O$UTokSteED*IG`SVW z`Oewen!sv_w=q%JEHEnSYwJ8x17}&FPRyUI239BFb$I|a=!tgIF#=@!Zu6h-X#io> zb^h>lv^e84iRsa!$x1!#0>wyf>${SYzRwP1)L>!vB#lKENwwN-uq0EFX*3f_zGe2b zcOCPI#gyq(MXqRZu0ari$Kdxwu4l14J823@94~r?G`n<(@l!|3FD`%D&C-lwy;q~B z?=tl37PLBTG|t@7VxbTiY^kTVU^uP(BC0T8zMRi$!+un;k`fCWXnsjd|L9E7_Z$=Y-W-jy(PUFwj+a&TmQ(1G+^5|peZh#NoC zl_@u@>zisPlbDCY_MhMsWfn2|m?lMHx|(=~4>>hOU&9;>-0FKISa_X2&AKWg=14HJ zW;%ehKX!fOg2oA7n*aDJCecMK0Ow)jrd7cuMglrNL)IdAkKcqbU4D*;*mCjF1|xS> zi{`747Xn^v4-_Vgag)n>$E_NP>DqItUveq(&94>wHCd#MRN?%Hm0pM# zQ{M5rg5yAB{poDoK=$~!Ck@s7cZNIEQ_NJYx(?%eL2{(EFNNNM`vFHLlpY<|532k- z6ougkGY$`xj!#O@R=UF+`B=E!m6BMP%k<^ltw=+rm42nRj5%~qDI@xy$EBaWd(YHx z8t2#4rwnoPL@hfu4sqiJjslP42Q*y&u`-FpsXKx5m2BMXa6F2>|Rl2HZx<9^m3+uadp>LnY(!ISgQzog!a3R^G`H~2% zQl}neax(dbNOo$Z-!F-)KwfH9{IJRSP@XXO7B&%F{R=;lG|YDR z_X|IH2ttPQIt{n9NZ;h?(z~kOQ!>b=9ll5+TPp~g9oWc1KJes~9h^Skr?RwBMpR(; z2P*kIIBtD?3}=f>OqSEmxMX`VUofXBxVXN6x1|@X_nlGJmz3ig<=fZ*^OAu=zo>v! zmC8{wQ|g~zLPenUw&?Hbin+#@ltf&BRcM2t;TM>o;Vh8V4aWTJ;vZA zvt{KZ;j+ZHw?A%bZH*6DgLVGzYxO-A1?iNl3e~MZ^7Q27&w#DmE8X1dmo_-so~6-z z0rwjDLLU=A9Y5tJ#SvwfG|qbt+wniIGeuftK=Jn#$SD0cVf_2f2YZaa_Zu$mMRJF% z7&3PG`%;S&Wcl|Cw^n!XgZ?{|Sa@2%E99qKG*Ie_w%~Qn!Mxx#fM@md15j zL>J7@qHJqm;D7nv{c3~g)WJ|r%3B2mXM-+O+=<464GnU8nw+TUXfUPiV2_8wZvb=? zUU@BF8Vwv0Qfq;KNB@4Gya#T3!;kKpowh>X%(e`)KGomk`ORBh-relCbW@Z&Vf`Bo z+2Z+OI9b-L3&;b#ET8v_G~uthyzoGxVF=gL@vQ2-zFivK$NwEtO&kuXs%1BLExP8W zaqJU9Ec8EUXRN1MIwqd2{Km;cMErB#ja@%JLxgvH=~zrmX}11#H@=4`=a1cliC;-^ z@lA{`+jhL=s*GnYuElEptwOZ;UU4Ki9u`%TSKXgit26P(0ey+ewVQ6`SOIW^ya=r{;Cu=i67mkCN*PrG%r0bG+W-I*C|!#|?X<2{M#IaP3x|@t4YbM}rE|+~2o=fEo(8=5BhP?BAKoA?UP;KwOJK>H@&br(eyd zj1<7KQqhb>ze3r@{5;_fnldF5wV0|;_(+8Q&b_sA8Uwm;r9A!FO6d&a15%54vs$kB z>5Bu7g=HdOAm3iX&Lm{!Dm4v&FxF`Jp?@)IQ2@9}N!J3wO< z#sg75?fOqt<&%sT%dQvR2}0iXN3*SfhUvlILZR`qkB_Ncjk;h01;oX=I}2ImD~S?` zty`6A{M4_?X}L*ET6{9VJ}3(Os7Q~A=>NULeb$KEM_}}L?9L9~+qWTQh6XJ@DzuFJ;h>hJ={vg~?CUa6$?;i5fL<=O=2cumTXBm8>zKhPkH!1AWLUF?Bdi0_)IazmS z7ZU}npJFV3W{en@vICXy%zJF?F2!v(XO-vAHNeTp)qMKD-?DW2P#*Bu*sa6On!gR< zFnZr#<>boEF*7w5Jgw}j`ST6kwbu@8*^e@c1$*)>H0N8zdg5w0mt$so4?&5yH6 zO)fGuak8AlfAJJ}g=`xj)>+ZCdm=g?8P=>2TIo_M8Lkp8^|;1%Fh+mwSzfGIj!P*h zD3J8+SiBESGN3a|+Lb~k@8om^EXmW#%df}xv}Wa9#ICQ$%#Wr0yTFSX49p6$&<7Yj ztGvh3mEVG{_xy*O?$Z%$&obh-t-7xphzU7P%kSIV(|>w|mz$z-KpgWVgH-&5{Oe!g z(4=*-mzJhNG=M9krY1~_?=yr?fSmw2m(|kQH*mZ|4G0MMAxxyUQ*-jp*cgCu1w{Em z&<%9b>1unt-K82q5fQWpqUz>X6)683?dc&n9nWk5ee~`E!CHbahZ!rT^3DM5E1lHF z`t&6itQVuKG41U1`c|I&T+8kZtLXb|<}(zaJBPwK??VYht~lTbLB|1sO_e)3`Pn_# zWt*DBs$dAfU>anDy^oIOlkn5BDG6K)dg~8*eixPgHEHxNG~CRLjKH}$5OZ_!&(2;yAoKemLq$dPSh;v5 z-x`=7+@R|&U>y6;eQEoX?}}D>Xw6C5qFwO8uec2ZtK^v$Y4!M(EfUH~+ah!Ox~piT zYnsla5hgDh3g*i+FTXA9JEW(le@{vIGBH6G(G@$FhX3yrGbDxhf2BK>_O*ZjZR^9>NQ2V|fBoz9+Ojwh~dVe@o9rKWEo;3Y0B^&(eL^V9zUgH1Nv literal 0 HcmV?d00001 From 2bd67d3bb87589456fdd1fd24314712a63c765c4 Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Wed, 30 Oct 2024 12:22:49 +0000 Subject: [PATCH 09/11] updated postgres implementation --- docs/08_lab_private_postgres/0801.md | 107 ++++++++++++++++++ docs/08_lab_private_postgres/0802.md | 67 +++++++++++ docs/08_lab_private_postgres/0803.md | 11 ++ docs/08_lab_private_postgres/0804.md | 18 +++ .../08_openlab_private_endpoints_aca.md | 42 +++++++ docs/09_lab_messaging/0901.md | 2 +- .../0901_postgres_application.yml | 74 ++++++++++++ docs/09_lab_messaging/0902.md | 20 ++++ .../09_openlab_messaging_aca.md | 2 +- .../10_reliable_java_aca.md | 2 +- 10 files changed, 342 insertions(+), 3 deletions(-) create mode 100644 docs/08_lab_private_postgres/0801.md create mode 100644 docs/08_lab_private_postgres/0802.md create mode 100644 docs/08_lab_private_postgres/0803.md create mode 100644 docs/08_lab_private_postgres/0804.md create mode 100644 docs/08_lab_private_postgres/08_openlab_private_endpoints_aca.md create mode 100644 docs/09_lab_messaging/0901_postgres_application.yml diff --git a/docs/08_lab_private_postgres/0801.md b/docs/08_lab_private_postgres/0801.md new file mode 100644 index 0000000..245b6da --- /dev/null +++ b/docs/08_lab_private_postgres/0801.md @@ -0,0 +1,107 @@ +--- +title: '1. PostgreSQL' +layout: default +nav_order: 1 +parent: 'Lab 8: Secure PostgreSQL database and Key Vault using a Private Endpoint [PostgreSQL]' +--- + +# Lock down the Azure Database for PostgreSQL Flexible Server instance by using a private endpoint + +To start, you need to lock down access to your PostgreSQL database by using a private endpoint. This will protect the database content. A private endpoint is represented by a private IP address within a virtual network. Once you enable it, you can block public access to your PostgreSQL Flexible Server. To accomplish this, you can use the following guidance: + +- [Create and manage Private Link for Azure Database for PostgreSQL - Flexible Server using CLI](https://learn.microsoft.com/azure/PostgreSQL/flexible-server/how-to-networking-private-link-azure-cli). +- [Private Link for Azure Database for PostgreSQL - Flexible Server](https://learn.microsoft.com/azure/PostgreSQL/flexible-server/concepts-networking-private-link) + +## Step by step guidance + +1. To start, you need to create an additional subnet for the private endpoints. + + ```bash + PRIVATE_ENDPOINTS_SUBNET_CIDR=10.1.4.0/24 + PRIVATE_ENDPOINTS_SUBNET_NAME=private-endpoints-subnet + + az network vnet subnet create \ + --name $PRIVATE_ENDPOINTS_SUBNET_NAME \ + --resource-group $RESOURCE_GROUP \ + --vnet-name $VIRTUAL_NETWORK_NAME \ + --address-prefix $PRIVATE_ENDPOINTS_SUBNET_CIDR + ``` + +1. Next, disable private endpoint network policies in the subnet you will use to create the private endpoints. + + ```bash + az network vnet subnet update \ + --name $PRIVATE_ENDPOINTS_SUBNET_NAME \ + --resource-group $RESOURCE_GROUP \ + --vnet-name $VIRTUAL_NETWORK_NAME \ + --disable-private-endpoint-network-policies true + ``` + +1. You can now create a private endpoint for the PostgreSQL instance. + + ```bash + POSTGRES_RESOURCE_ID=$(az resource show -g $RESOURCE_GROUP -n $POSTGRES_SERVER_NAME --resource-type "Microsoft.DBforPostgreSQL/flexibleServers" --query "id" -o tsv) + + az network private-endpoint create \ + --name pe-openlab-postgressql \ + --resource-group $RESOURCE_GROUP \ + --vnet-name $VIRTUAL_NETWORK_NAME \ + --subnet $PRIVATE_ENDPOINTS_SUBNET_NAME \ + --private-connection-resource-id $POSTGRES_RESOURCE_ID \ + --group-id postgresqlServer \ + --connection-name openlab-postgresql-connection \ + --location $LOCATION + ``` + + {: .note } + > Once you created the private endpoint, you will set up a private Azure DNS zone named `privatelink.postgresql.database.azure.com` with an `A` DNS record matching the original DNS name with the suffix `postgresql.database.azure.com` but replacing that suffix with `privatelink.postgresql.database.azure.com`. Your apps connecting to the PostgreSQL will not need to be updated, but instead they can continue using the existing connection settings. + + +1. To implement this configuration, start by creating a new private DNS zone and linking it to your virtual network. + + ```bash + az network private-dns zone create \ + --resource-group $RESOURCE_GROUP \ + --name "privatelink.postgresql.database.azure.com" + + az network private-dns link vnet create \ + --resource-group $RESOURCE_GROUP \ + --zone-name "privatelink.postgresql.database.azure.com"\ + --name MyPostgreSQLDNSLink \ + --virtual-network $VIRTUAL_NETWORK_NAME \ + --registration-enabled false + ``` + +1. Next, create a new `A` record pointing to the IP address of the newly created private endpoint. + + ```bash + POSTGRES_NIC_ID=$(az network private-endpoint show --name pe-openlab-postgresql --resource-group $RESOURCE_GROUP --query 'networkInterfaces[0].id' -o tsv) + POSTGRES_NIC_IPADDRESS=$(az resource show --ids $POSTGRES_NIC_ID --api-version 2019-04-01 -o json | jq -r '.properties.ipConfigurations[0].properties.privateIPAddress') + + az network private-dns record-set a create \ + --name $POSTGRES_SERVER_NAME \ + --zone-name privatelink.postgresql.database.azure.com \ + --resource-group $RESOURCE_GROUP + + az network private-dns record-set a add-record \ + --record-set-name $POSTGRES_SERVER_NAME \ + --zone-name privatelink.PostgreSQL.database.azure.com \ + --resource-group $RESOURCE_GROUP \ + -a $POSTGRES_NIC_IPADDRESS + ``` + +1. You can now disable all public access towards your PostgreSQL. + + ```bash + az PostgreSQL flexible-server update \ + --name $POSTGRES_SERVER_NAME \ + --resource-group $RESOURCE_GROUP \ + --public-access Disabled + ``` + +1. You should be able to browse the spring petclinic app and see the data again. + + {: .note } + > Notice that for this change you didn't need to make any changes to your apps, nor did you need to recreate any service connections. + +1. In the Azure Portal navigate to your newly created PostgreSQL Flexible Server and select the `Networking` menu. In the menu you will notice public access is not allowed and the private endpoint is configured on the server. \ No newline at end of file diff --git a/docs/08_lab_private_postgres/0802.md b/docs/08_lab_private_postgres/0802.md new file mode 100644 index 0000000..bf339a9 --- /dev/null +++ b/docs/08_lab_private_postgres/0802.md @@ -0,0 +1,67 @@ +--- +title: '2. Key Vault' +layout: default +nav_order: 2 +parent: 'Lab 8: Secure PostgreSQL database and Key Vault using a Private Endpoint [PostgreSQL]' +--- + +# Lock down the Key Vault instance by using a private endpoint + +Once you have locked down the internet access to the PostgreSQL database, you will apply a private endpoint to the Key Vault as well to protect the Key Vault content. Once you enable it, you can block public access to your Key Vault as well. To accomplish this, you can use the following guidance: + +- [Integrate Key Vault with Azure Private Link](https://docs.microsoft.com/azure/key-vault/general/private-link-service?tabs=cli). + +## Step by step guidance + +1. Since you already created the subnet for the private endpoints, You can directly create a private endpoint for the Key Vault instance. + + ```bash + KEYVAULT_RESOURCE_ID=$(az resource show -g ${RESOURCE_GROUP} -n ${KEYVAULT_NAME} --query "id" --resource-typ "Microsoft.KeyVault/vaults" -o tsv) + + az network private-endpoint create --resource-group $RESOURCE_GROUP \ + --vnet-name $VIRTUAL_NETWORK_NAME \ + --subnet $PRIVATE_ENDPOINTS_SUBNET_NAME \ + --name pe-openlab-keyvault \ + --private-connection-resource-id "$KEYVAULT_RESOURCE_ID" \ + --group-id vault \ + --connection-name openlab-keyvault-connection \ + --location $LOCATION + ``` + + {: .note } + > Once you created the private endpoint, you will set up a private Azure DNS zone named `privatelink.vaultcore.azure.net` with an `A` DNS record matching the original DNS name with the suffix `vaultcore.azure.net` but replacing that suffix with `privatelink.vaultcore.azure.net`. Your apps connecting to the Key Vault will not need to be updated, but instead they can continue using the existing connection settings. This is the same as with the PostgreSQL Server. + +1. To implement this configuration, start by creating a new private DNS zone and linking it to your virtual network. + + ```bash + az network private-dns zone create \ + --resource-group $RESOURCE_GROUP \ + --name "privatelink.vaultcore.azure.net" + + az network private-dns link vnet create \ + --resource-group $RESOURCE_GROUP \ + --zone-name "privatelink.vaultcore.azure.net" \ + --name MyVaultDNSLink \ + --virtual-network $VIRTUAL_NETWORK_NAME \ + --registration-enabled false + ``` + +1. Next, create a new `A` record pointing to the IP address of the newly created private endpoint. + + ```bash + KEYVAULT_NIC_ID=$(az network private-endpoint show --name pe-openlab-keyvault --resource-group $RESOURCE_GROUP --query 'networkInterfaces[0].id' -o tsv) + KEYVAULT_NIC_IPADDRESS=$(az resource show --ids $KEYVAULT_NIC_ID --api-version 2019-04-01 -o json | jq -r '.properties.ipConfigurations[0].properties.privateIPAddress') + + az network private-dns record-set a add-record -g $RESOURCE_GROUP -z "privatelink.vaultcore.azure.net" -n $KEYVAULT_NAME -a $KEYVAULT_NIC_IPADDRESS + az network private-dns record-set list -g $RESOURCE_GROUP -z "privatelink.vaultcore.azure.net" + ``` + +1. You can now disable all public access towards your Key Vault. + + ```bash + az keyvault update \ + --name $KEYVAULT_NAME \ + --resource-group $RESOURCE_GROUP \ + --public-network-access Disabled + ``` + diff --git a/docs/08_lab_private_postgres/0803.md b/docs/08_lab_private_postgres/0803.md new file mode 100644 index 0000000..9a67a8a --- /dev/null +++ b/docs/08_lab_private_postgres/0803.md @@ -0,0 +1,11 @@ +--- +title: '3. Test' +layout: default +nav_order: 3 +parent: 'Lab 8: Secure PostgreSQL database and Key Vault using a Private Endpoint [PostgreSQL]' +--- + +# Test your setup + +As the last step of this exercise and the lab, test your setup again. You should still be able to navigate to your application through the custom domain that you configured on your Application Gateway and view the listing of owners and veterinarians. + diff --git a/docs/08_lab_private_postgres/0804.md b/docs/08_lab_private_postgres/0804.md new file mode 100644 index 0000000..621b313 --- /dev/null +++ b/docs/08_lab_private_postgres/0804.md @@ -0,0 +1,18 @@ +--- +title: '4. Review' +layout: default +nav_order: 4 +parent: 'Lab 8: Secure PostgreSQL database and Key Vault using a Private Endpoint [PostgreSQL]' +--- + +# Review + +In this lab, you implemented a configuration in which PaaS services used by Azure Spring Apps applications accept only connections that originate from within the virtual network hosting these apps. In this lab you + +- Locked down the Azure Database for PostgreSQL Flexible Server instance by redeploying it in a subnet +- Locked down the Key Vault instance by using a private endpoint +- Tested your setup + +The below image illustrates the end state you have build in this lab. + +![lab 8 overview](../../images/acalab8.png) diff --git a/docs/08_lab_private_postgres/08_openlab_private_endpoints_aca.md b/docs/08_lab_private_postgres/08_openlab_private_endpoints_aca.md new file mode 100644 index 0000000..4668dc2 --- /dev/null +++ b/docs/08_lab_private_postgres/08_openlab_private_endpoints_aca.md @@ -0,0 +1,42 @@ +--- +title: 'Lab 8: Secure PostgreSQL database and Key Vault using a Private Endpoint [PostgreSQL]' +layout: default +nav_order: 12 +has_children: true +--- + +# Lab 8: Secure PostgreSQL database and Key Vault using a Private Endpoint + +# Student manual + +## Lab scenario + +You now have your application deployed into a virtual network and the microservices connection requests from the internet must pass through your Application Gateway instance with Web Application Firewall enabled. However, the apps communicate with the backend services, such Azure Database for PostgreSQL Flexible Server and Key Vault via their public endpoints. In this exercise, you will lock them down by implementing a configuration in which they only accept connections that originate from within your virtual network. + +## Objectives + +After you complete this lab, you will be able to: + +- Lock down the Azure Database for PostgreSQL Flexible Server instance by redeploying it in a subnet +- Lock down the Key Vault instance by using a private endpoint +- Test your setup + +The below image illustrates the end state you will be building in this lab. + +![lab 8 overview](../../images/acalab8.png) + +## Lab Duration + +- **Estimated Time**: 60 minutes + +## Instructions + +During this lab, you will: + +- Lock down the Azure Database for PostgreSQL Flexible Server instance by redeploying it in a subnet +- Lock down the Key Vault instance by using a private endpoint +- Test your setup + +{: .note } +> The instructions provided in this exercise assume that you successfully completed the previous exercise and are using the same lab environment, including your Git Bash session with the relevant environment variables already set. + diff --git a/docs/09_lab_messaging/0901.md b/docs/09_lab_messaging/0901.md index c4d39de..b8cc7eb 100644 --- a/docs/09_lab_messaging/0901.md +++ b/docs/09_lab_messaging/0901.md @@ -83,7 +83,7 @@ The connection to the Service Bus needs to be stored in the `spring.jms.serviceb az role assignment create --assignee $SP_ID --scope $SERVICEBUS_ID --role "Azure Service Bus Data Receiver" ``` -1. In the config repository you will need to add the service bus connection information. Replace the contents of the current `application.yml` file with the contents of the [0901_application.yml file](0901_application.yml). The service bus namespace and identity client id will be injected via environment variables. This file includes the following change: +1. In the config repository you will need to add the service bus connection information. Replace the contents of the current `application.yml` file with the contents of the [0901_application.yml file](0901_application.yml) for MySQL and [0901_postgres_application.yml file](0901_postgres_application.yml) for PostgreSQL. The service bus namespace and identity client id will be injected via environment variables. This file includes the following change: - An additional `spring.jms` section after the `spring.sql` section. diff --git a/docs/09_lab_messaging/0901_postgres_application.yml b/docs/09_lab_messaging/0901_postgres_application.yml new file mode 100644 index 0000000..3485cf6 --- /dev/null +++ b/docs/09_lab_messaging/0901_postgres_application.yml @@ -0,0 +1,74 @@ +# COMMON APPLICATION PROPERTIES + +server: + # start services on random port by default + # port: 0 + # The stop processing uses a timeout which provides a grace period during which existing requests will be allowed to complete but no new requests will be permitted + shutdown: graceful + +# embedded database init, supports PostgreSQL too trough the 'PostgreSQL' spring profile +spring: + sql: + init: + schema-locations: classpath*:db/postgres/schema.sql + data-locations: classpath*:db/postgres/data.sql + mode: ALWAYS + jms: + queue: + visits-requests: visits-requests + visits-confirmations: visits-confirmations + servicebus: + enabled: true + namespace: ${SERVICEBUS_NAMESPACE} + pricing-tier: premium + passwordless-enabled: true + credential: + managed-identity-enabled: true + client-id: ${CLIENT_ID} + sleuth: + sampler: + probability: 1.0 + cloud: + config: + # Allow the microservices to override the remote properties with their own System properties or config file + allow-override: true + # Override configuration with any local property source + override-none: true + jpa: + open-in-view: false + hibernate: + ddl-auto: none + +# Spring Boot 1.5 makes actuator secure by default +management.security.enabled: false +# Enable all Actuators and not only the two available by default /health and /info starting Spring Boot 2.0 +management.endpoints.web.exposure.include: "*" + +# Temporary hack required by the Spring Boot 2 / Spring Cloud Finchley branch +# Waiting issue https://github.com/spring-projects/spring-boot/issues/13042 +spring.cloud.refresh.refreshable: false + +# Logging +logging.level.org.springframework: INFO + +# Metrics +management: + endpoint: + metrics: + enabled: true + prometheus: + enabled: true + endpoints: + web: + exposure: + include: '*' + metrics: + export: + prometheus: + enabled: true +eureka: + client: + serviceUrl: + defaultZone: http://discovery-server:8761/eureka/ + instance: + preferIpAddress: true diff --git a/docs/09_lab_messaging/0902.md b/docs/09_lab_messaging/0902.md index 0921d24..6d6323c 100644 --- a/docs/09_lab_messaging/0902.md +++ b/docs/09_lab_messaging/0902.md @@ -51,6 +51,7 @@ In the java-microservices-aca-lab repository's src directory, the `spring-petcli sed -i "s|$APP_NAME|my-service|g" Dockerfile rm spring-petclinic-$APP_NAME-$VERSION.jar ``` +### For MySQL Setup 1. Update the container app to connect to database securely using identity. ```bash @@ -69,6 +70,25 @@ In the java-microservices-aca-lab repository's src directory, the `spring-petcli -c messaging-emulator ``` +### For PostgreSQL Setup + + 1. Update the container app to connect to database securely using identity. + ```bash + EMULATOR_ID=$(az containerapp show \ + --resource-group $RESOURCE_GROUP \ + --name $APP_NAME \ + --query id \ + -o tsv) + + az containerapp connection create Postgres-flexible \ + --connection Postgres_conn \ + --source-id $EMULATOR_ID \ + --target-id $DB_ID \ + --client-type SpringBoot \ + --user-identity client-id=$CLIENT_ID subs-id=$SUBID \ + -c messaging-emulator + ``` + 1. You configured the messaging-emulator with an external ingress. You can go to the portal and check application url for the messaging-emulator container app. ```bash messaging_emulator_FQDN=$(az containerapp show \ diff --git a/docs/09_lab_messaging/09_openlab_messaging_aca.md b/docs/09_lab_messaging/09_openlab_messaging_aca.md index 2561c9a..dc898f7 100644 --- a/docs/09_lab_messaging/09_openlab_messaging_aca.md +++ b/docs/09_lab_messaging/09_openlab_messaging_aca.md @@ -1,7 +1,7 @@ --- title: 'Lab 9: Send messages between microservices' layout: default -nav_order: 12 +nav_order: 13 has_children: true --- diff --git a/docs/10_lab_reliable_application/10_reliable_java_aca.md b/docs/10_lab_reliable_application/10_reliable_java_aca.md index 9af84ec..4bf5d0e 100644 --- a/docs/10_lab_reliable_application/10_reliable_java_aca.md +++ b/docs/10_lab_reliable_application/10_reliable_java_aca.md @@ -1,7 +1,7 @@ --- title: 'Lab 10: Build reliable Java application on ACA' layout: default -nav_order: 13 +nav_order: 15 has_children: true --- From ad3a90a99891ffe769b3d3262cf80790bd9cef69 Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Wed, 30 Oct 2024 17:58:04 +0530 Subject: [PATCH 10/11] Update 11_openlab_scale_aca.md --- docs/11_lab_scale/11_openlab_scale_aca.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/11_lab_scale/11_openlab_scale_aca.md b/docs/11_lab_scale/11_openlab_scale_aca.md index f81fb4f..246d78c 100644 --- a/docs/11_lab_scale/11_openlab_scale_aca.md +++ b/docs/11_lab_scale/11_openlab_scale_aca.md @@ -1,7 +1,7 @@ --- title: 'Lab 11: Set up autoscaling for microservices on ACA' layout: default -nav_order: 14 +nav_order: 15 has_children: true --- From 9aabca0a6d64d86eef599a18bfa6822f16173152 Mon Sep 17 00:00:00 2001 From: Aryan-CC Date: Wed, 30 Oct 2024 17:58:21 +0530 Subject: [PATCH 11/11] Update 10_reliable_java_aca.md --- docs/10_lab_reliable_application/10_reliable_java_aca.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/10_lab_reliable_application/10_reliable_java_aca.md b/docs/10_lab_reliable_application/10_reliable_java_aca.md index 4bf5d0e..4df5fe7 100644 --- a/docs/10_lab_reliable_application/10_reliable_java_aca.md +++ b/docs/10_lab_reliable_application/10_reliable_java_aca.md @@ -1,7 +1,7 @@ --- title: 'Lab 10: Build reliable Java application on ACA' layout: default -nav_order: 15 +nav_order: 14 has_children: true ---