From 101c4a6d45f6f216422ca07f7835187e77dee6a4 Mon Sep 17 00:00:00 2001
From: Dominic Reich <dominic@noreply.oe7drt.com>
Date: Fri, 26 Jan 2024 11:16:40 +0000
Subject: [PATCH] update obsd note (certbot)

---
 content/notes/openbsd/index.md             |  91 ++++++++++++++++++++-
 content/notes/openbsd/mod-status-certs.png | Bin 0 -> 20373 bytes
 2 files changed, 89 insertions(+), 2 deletions(-)
 create mode 100644 content/notes/openbsd/mod-status-certs.png

diff --git a/content/notes/openbsd/index.md b/content/notes/openbsd/index.md
index 89e40eb..318ce29 100644
--- a/content/notes/openbsd/index.md
+++ b/content/notes/openbsd/index.md
@@ -1,7 +1,7 @@
 ---
-title: OpenBSD notes
+title: OpenBSD
 date: 2023-11-29T20:33:48+0100
-lastmod: 2024-01-22T22:02:30+0000
+lastmod: 2024-01-26T11:16:40+0000
 tags:
   - openbsd
   - python
@@ -10,6 +10,9 @@ tags:
   - git
   - rust
   - neovim
+  - apache2
+  - mod_md
+  - certbot
 
 #showDate: false
 showReadingTime: false
@@ -27,6 +30,90 @@ These are random notes -- more or less about OpenBSD. Some may
 not fit here well, but they could relate to OpenBSD or similar
 operating systems in some way...
 
+## Apache with wildcard certificates
+
+I often got errors when I clicked a link on my main website for example
+to the weather page. It was complaining about different
+<abbr title="Server Name Indication">SNI</abbr> because both hosts used different
+certificates and I wasn't sure how I could fix that easily. I thought wildcard
+certs could fix that because I'd only have one cert for all the domains.
+
+~~~console
+$ doas pkg_add certbot
+~~~
+
+Run and follow instructions:
+
+~~~console
+$ doas certbot certonly --manual --preferred-challenges dns \
+  --server https://acme-v02.api.letsencrypt.org/directory \
+  --manual-public-ip-logging-ok -d '*.oe7drt.com' -d oe7drt.com
+
+[...]
+Successfully received certificate.
+Certificate is saved at: /etc/letsencrypt/live/oe7drt.com/fullchain.pem
+Key is saved at:         /etc/letsencrypt/live/oe7drt.com/privkey.pem
+This certificate expires on 2024-04-25.
+These files will be updated when the certificate renews.
+
+NEXT STEPS:
+- This certificate will not be renewed automatically. Autorenewal of --manual
+  certificates requires the use of an authentication hook script (--manual-auth-hook)
+  but one was not provided. To renew this certificate, repeat this same certbot
+  command before the certificate's expiry date.
+
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+If you like Certbot, please consider supporting our work by:
+ * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
+ * Donating to EFF:                    https://eff.org/donate-le
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+~~~
+
+Also adding my .net domain to the certs:
+
+~~~console
+$ doas certbot certonly --manual --manual-public-ip-logging-ok \
+  --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory \
+  -d "*.oe7drt.com" -d "*.oe7drt.net" -d oe7drt.com -d oe7drt.net
+~~~
+
+Some changes to the apache2 configuration was made:
+
+~~~apache
+<MDomain oe7drt.com oe7drt.net>
+    MDMember *.oe7drt.com
+    MDMember *.oe7drt.net
+    MDCertificateFile /etc/letsencrypt/live/oe7drt.com/fullchain.pem
+    MDCertificateKeyFile /etc/letsencrypt/live/oe7drt.com/privkey.pem
+</MDomain>
+
+MDChallengeDns01 /etc/apache2/dns/dns-challenge.phar --
+MDCertificateAgreement accepted
+MDContactEmail dominic@mm.st
+MDCAChallenges dns-01
+~~~
+
+It seems Apache likes this:
+
+![cropped output of apaches status website /md-status](./mod-status-certs.png) 
+
+This is **currently testing** because I have no idea if mod_md will update these certs
+itself or if I should run certbot again when it's needed. In the meantime I monitor my
+website with [UptimeKuma](https://github.com/louislam/uptime-kuma) which alerts me on
+expiring certificates.
+
+The binary (`dns-challenge.phar`) that actually does the DNS Challenge is taken from
+[kategray/dns-challenge-cloudflare](https://github.com/kategray/dns-challenge-cloudflare).
+
+An **easier way** to obtain wildcard certificates would be the use of **Cloudflares proxy**.
+They would also create another wildcard cert of another issuer in case the first one
+would get compromised so they would actually replace your main cert with a backup cert
+just with a whoooop.
+
+Certbot commands have been taken from
+[this article by nabbisen](https://dev.to/nabbisen/let-s-encrypt-wildcard-certificate-with-certbot-plo)
+at dev.to.
+
 ## Get some filesystem information
 
 ~~~console
diff --git a/content/notes/openbsd/mod-status-certs.png b/content/notes/openbsd/mod-status-certs.png
new file mode 100644
index 0000000000000000000000000000000000000000..96d4a01a1f15a2ee1911a5006dcfc7a94e7bacfe
GIT binary patch
literal 20373
zcmb@tbx>SO_bz<SAtWJKa0`&20YdP>A-F?ucXtN2L4z~MU;zdQ?(QDkAvg@q;5PW+
zT;B8k?)T5F`s%Ct?*3!%uIjE{y?b@7UTZziiukT5h53&3-CuwGg()K~uJYGkC_XQ3
z^SA%JynWK`yZ`!2Nl!*xM9mX+oZ+R1x$^wGRTrtDqjoKBo&sXFtr4g3p@QYr#o?oA
z=cv_)tB5DteL~A#N&E6C8&a23H?MDbH#XYd=rDpgaq*Bz-;sqpyoD=IFY{WC`;OoH
zj`O<E9=wS9&$IrFhgS3-x&L{h@&5b$3;ybV8mx-{)A;|{MH-!uM0!x?swVYL=AW>f
z4nX|krPk$As@J=RwFDY<I_;y5TN3N^d{H@y5Bl7Nm7EcuBjG5DOko-wQ46*lnzlc$
zNBiiQ6p}}|YgWD3cgB`%ZNUPDz~^x;wIp9lv?of2Xe|zTZIQ8cX;R%AAH`Kc%8Oz#
zDMeie(^iv%KiSje50pv2{2RBH&mrtzIc@*_Em#2%*W~hcoyN<WVR?FxJjIa7(f9ND
z*&pAlambCM411{M2+VWnPtI@a%Q-L}v)pxhE~88ic2(pc!G|6O`BOHv!UUQkl*YE3
z!;^k552u#v<lP`VHA6k=1s40!RcwLHgw8dcauI6f7TvYdJ{!R9?^iNtXeB#qx8j>F
znRev-a3idLj!FNsngD<;bPt&j+QO8A%-&R4bg*y=ENXEwv@_h>YLQMpog6PkR4=sv
zlYflb&GIyp1lID!Rik*r`Zc)c`eNxZ_+*~k;No)dIqc*dOeZ{2dL7?+b&qdZY&(|h
z&AwzpfQ&$O8j!}@_&GEGrac>n9p`KN<F(JMDo*D4d<xFpfB%oJVGY3X^nJ=k%_zlg
z`f(|rcKGab#ZG3=KUp)U=DzSF6Y`66GI||Xi%eXS=k_%CqeZ8b(47)l?G+0Nz0S4O
zJdMQB=*(-l-MiflZ_Ibsi_xe=HaGsgrW*LW{-aOlnn`%Kxa|&F{70(+z<*EPDH*Zl
zH-oOBMdv0>m3tmx3-qhwp#7=!2Uz${|Im}`bWg9*B%|&Kst(8-18UNM{K_UaHqzGQ
zjqhN9OM{wVyU5M0aF|O&J@2+BTA63k<t(w9()*|pdZA!n9!-bTJmwg;TAIbkcFtC}
z-sNWgAnbhZn{b=k+Gr|0Wu?Zb?j8ATnHQ7pKQZE(R?+oN4zA620SL8xH!oKsWZ<G(
zw9*=!GkhvxfV0ZcOGbab=+B;^_3<MY(#{K=py%%9L4g67VRZ)Y0o?J`Ml)*?%cq)q
zoU0RD!(qEpM3`}(EQZ5Qr2Smn%U6FZMjq5+=O-__kd#ivd<Nu-v5bkp8)>%0o1+mw
zp2dSIJlcrO*MOuI1=7?9$_8$~3JNUz33yE&ztnfyM*db#rOb6tA7f)}&@14u3W(V@
z?!r}K;|e9zuOXe1iR@g@mNOjtRQqTEr^i)Qw%Sgg#`1={5`EQe_-&Lq3AG-#_j~yF
z=>Mj)fTBuEYz>c_iGCT&VMG%i;jI~baAp{`v49@Yr@xkl@H2O6gp%NJSZBPJ2ok5P
zqYb%XcIT<6pee?YOkaMSc&&@wR|sJcoa<dr6<oas!OaJcFN4slgtzk%6e0;9mA%V4
zg8iu=<YkrebokM#VT2UvUnQuNXUh<YxeF4KmHX5(kTk;ZM{;^ERbfW;o*hLJMm;i_
zoGW(0gu9K!+xpz?K@)K8b)+)C2_AlPsX}RsdP19h9!3OUnHsDa=DS?TEOXNK8N<*a
zz>mK|ir5}mty(BgJV~G_Jt|~)@dI62!WjyE<)a??hv!Tus(wGzkj!+0*4LlVeH93y
z>K{@R&Y6!FoplB2=ni<T7fHr{^x$kZn6v?(O}S&{%7pLm^l7M>*CjDZ*tqX`;7<$+
zIg!u0sB;q2|GSCL6~G*~vM|MVpcvH<*$+RF!=_62F<^KxEq+ZkFvl?V(3nsLqU~8t
z%2D`0&DX>`+3#(+esOm6Syf`0$2|GRJZ|JZ@4FN#*s1={4r6-Vudzxfhabj!@FTpe
zaZr$r24oa2tm!ZgTw#c@)9VRgXUN=j@7J(0JHPZXpH7c288jmM$I;|rhSfsk_W_HA
z9l&X1bax}yWdEJndAJ-pVHR9GDh5X*T&bk8mBo*VUk5)YHtA=c6=_J}8*Ofl2KsoK
z+dd|K!8e^IxS;MpyB`<(Y3UJXp;6k)Ey>Xr*$I+N{Skz(<gHm1X^;yT+BrXznmpM7
z-!#+2Pui$*+UiMd9iS#mk&lDLL=r($v+IMU?;cDT@vu+@!yb?S-K2-5e(eFDU0%|8
zZd}tgLkqVDzDN5X37iwaoNbozBj<~E{<>iHD1#s6qyY%N9Po0&R~zVYvOyn6p^8>F
zh;KoVKv?(qzSO{>Ra8}0Sy9HjZiINq`)~XMJkt|x0sn#K*xlRkN7=H?IBn0I#Iiqz
z9u?Wy8&G9^hMS$NdbBJorGBMvHl63M**uo-_!KuzfDd^dee^e4@k}r{ZJb6{fIn;*
zXwzgkLSkq-M@FyR2Z)(oP<c)U=7a=JpW@2KT--|+QLDt?KdCaD;cVKLr2=y{85tvz
zqWHfUsMp0%M|*^JmVeve{r7*@g;~e>@;++C{&X+EsseHWPN}CtnThHBtQJe<TIJnB
zZAk2|*vZ82z2Ln>wtnH~^{KojGkUuy*D$K5UYRT65N(`i>AI~t5q{i=5@SkDu-QGB
zDBK)h?h@9_Q1Mut^Up#H@O;$=T!7<9X#Vy(s!_Ucu^GeU?}DcxgaS4$F}=jB&_))g
z;z{k8xQG?C!0LILe%u17t<8(3-Vx1n2VMZ(b~<&`OB%I3h3o+T+Tisy?(vqEbK4Pq
zTr#6U=UTDI8{rq#j?PQ%xE98LZl7Cbl8T=Qqmy~613K6C$lpoF4`vW$v4|g(OiWmY
zE54{Pr*T{@Mg0%dw%Sflv*qD0xM}5?2XRu^7&YKXT9I#N@A0C|<AK4aCTCyaIu=}u
zHN?l+O#ZB(w9{y#Q$#`$7ByFm(82NX)A8oreNF&Ur3&eAnn?7t)hehpy&N<^>DP*!
zs%chjfn`0=m#WBZM;sTKP;0k;cm0VA&IuJM!=W*QEWDZ7(?7-RAM&T9*KzKD|NOU%
zgZ8Uh5eENZ9_`7O>vPibm49Dv38S3>HN4Er!>>IvbEVmm^5Pu5Lxa;yO_(y3N?{af
z>(jZLPH|3qJ#$qCdv#CIG%KUH)%g!OvjAVxxc|NK2m)RP+R3Js8s(qB7`BEelqm>T
z>rK#RzhiE1(u%KyevL(CVQ2LB-Z5dkppUMl>|m^=6W%35rpy7Ivm8mJX#slR3q_*j
z)`lBhg4%l0Qtt6Hzs0vYPrSQ6F+U?qnvKn!Sjje0X!}faJ{0@W{?|+U{oD$qqI{&o
za`OIM_rV}-z=>31Oej#>F|W`9FQGcm{bEA%y)cjcH=3!zi~>hAtcAMos_~tI%U|}C
zE!-Xr-1a3>PBX+juPa2#em0Iqd|=cz7}>D;gOw1Uak{c<w(aGIw!db(c|7}>X2{r9
zaV@6vd3^&;Ke1|-QguVpIoykxh9R2oJ+as%Y?L+Pn_*s9<K@<d@yzhf3=J1_3M(3g
z7K$*vsiTI64IOw3vp6Uh#pU=o;PI<S=eeUOV9{^Sn(Xds`1-k<Bd5+1=70E8ae|W$
zxMDuPQkR(T+8qpJ9w{I`@#(W$C{<L^qnPB8(gB$l3n(AO+hUy<SmVSE!D;wTktIr)
zG&OxkON8Wa;ZP!t5JRa7;p*4wO(VNYVD<KJ^}0HWS^%m+43EE4`A}$hP}-ag27`d)
zmuDI#1t9NM!|0PJ4r4)%7Pkf?lC|UaGlbS+Q^&1j>cPd(i1~l)`*Xi`67Hs5w0~tw
zB5X!|sS?+)KYWWKqnK99Wyr_htF$lg1QLW$FZ9SVi}A1YJ}&*1`-$9qTb<Kw^qQW)
z0;*H?b*W<dH}8qZ1$*~=^ru&9LCbzecj>(Qmf-s{P|}o)kFFjs{bAeef`hYj#yyw=
z=5?rg;zl-h%`V&SM&2XLjvjL`g?fk)68HHWC57BSs+79&WB;_L-NZFUi(N`rEqAEp
z+eBh!uXRhlVt*-;{g~jC8(L`1)Q9rMUgzW2QUgZS>D6AeEaQl}8Oq{G84<;5IpoO!
z^-kGY)Dw+Kk=2l?|Hu$1F@K+({7#`BQ>MIkZQz!D!Rq6uC0v@~%mj_Ff+#bYRPp>l
z=|%*{%9Y07h3nTlG8qiL*~g(e`a`~C7UlV)mBb;FhYo&EPF=3=fsDBI14oZa!@#q#
z)?ITxH?4{5sh8R18w5O`$^5)4Zb(gMv$wI^Es&~-$@@H3tE=}9>V?c2_=g2!KP0Y8
zlUX=846DC;jNWYDQ}_m(L;rh|ko7P27kQJL0K_vzv)_G8cuSk0>)C<f@UQ>;*I&fD
zYoRGP0*$TExy-sdHR@r;@CM3n`AXP9w}$^t@E7ZNr;>V8ynwdF-Q)zO>a3O5W=r78
zPS#K`n$iCr;s2MzQ+vCGY8W<IVW(MsetkU{TpyC!jvR}vcN+NbsNXz)|F`jfhD`t0
zyZ-vW6@&f11a<$<qW@1>|GO(-?GI0UrHqsvy?cSQQ5?bRiAJDStzGEc4X=hz_gdno
z=LyZ>5dk4Xh3uue$4XwOrKgX7YVIlcG8kyk&~Vk=_WJ}x_&3e<*E;MxeQXNP03t)?
zpJ%3@0np{W6}nJ4du|7JAgf`E-B`iwbaZg%+cZ>uL05nAjaZcLvv|)vK=n?!`1m${
ze#_EHY4N&a9v~PQLbR<FxQL)?n^#oNcKhJybB$RW!jlU0^YZ7r)^vSLSW^ZXC#1WL
z445PeXp4$E*Z6-ux0FndY}6DOy`me_vS>BVt?gk%=Z{sLpWv-L_3S4o--&&5d5I!K
z-D#QNP`ylx^ibFjSkaNK#Ej+D;_7uIofQH88Us5%s}XM#2=gB|*d5S-RNq(<(etCr
zNo7?H8rhBn*g33bj3w}!WGRrfTwo$tGCQuv&QNWBn#Z+j4OHneS)DcaC3tk~G+d^)
zc8D-6H~e{5idcyD2(Nq`%9TLyABHqKG+rM>i3xuyuRF8gZUjp;8;%2=Datelk`gLB
zpr5Ic7pSJ{?;=)Ro~j#1pC_2g+Z}SGAs_40eRlY71}G(GAFm#ZJSSu!)7PFF`fGC(
zt$Ss10e|;D3zQ|6i<!;XncChcH?Uv*Ir^$H9UOi_QZDUG@uhG(;Wqe$<k5LWUf<%n
zcxr7ZbvU=&dwnt)HgF5<aS0$qW#+^nJd9W_Og}A*aD;C5(6RLRd^wKgQXC(sA^_zN
z9T%P`;ay%2A`^pMT2+fd+;mYzZ@FhdtVsZ~d!`e_d|sa_(Bi9@6|@a$kXsEzukSn*
z&NZs9j3F+X`n*DzF@(b@<6yk(o`Gd1W54z#4~rQCD*NoyA2F-g%g#F$8;v)_TSl$0
zZ%sC@w(Gh0>2*euLhge7I@*(;aXgiT^-y0{d~!dM{L$N_fKvmFoH@6TC~tqv{$BYc
z1)PxHR?U*+2<>~26+cHQH0Bb6%(#NipZB55-EXp==r@IH4+DfTXy*OB>HFNxmU)Y9
zm@3}B_G)X)i~<O~f<G9BUA#EEAyYn&C>o&PA#C=au^tn%#cwR#3*xMV_cAA^?w9%*
z;%N6eQ-CJ1-(V*=5E^+3HI2363V)q{QkGWmv-;MBJjlNPyLXWN+^a%T`uo1|c&#k)
z{o~8H+0Pr7f4ok=DZ|a^7T}AVve?=8j{t?1t53cQZQk%QvC>roVQ(6NE6P-clIVJb
z0(CsiOO#GTAX`T>C2uNV43!9+e(C@k7(R)?x7rtZF%p<-rZ%H!sc7K@l8aanx_JDh
zARtw<RN;`31C8Le(|D|d#l`*ja0k(m|Mk$k26g)2*due!vak_!p%#}FHLL#<6LV}4
zm73sHUT~KkULkl6{W961GXgurlO$y{Y<S&8a2mVsO)AFm7wXxLwas51^|#972|j~E
zpRcCZk_IW?s1;_o7#MdLx2BIB;h@wdAGIXJqJ|%&1YXP*-?Z!Ej*CVi5UH!E*!Tyw
zmEz507{_x4&9SQu3yyIQ5BlJXQ>sJN6lNcIM(HbU;~Wngduq6N<fiWz1-k|Z7xv6N
zUb9erX&YLdu&ot$lFA<w>(R@=`=AUB4{ZkCdJ>-mCOL@v#L2WlL3>)vG}yNbu9M*o
zGw|PGr=M4Mv8=%I0wY)3mOsxob0jbDmUHQ{Th_>|TfRCGU*a5pi67qq^3+os_PY;N
z{Dd`<k|72?K16M<Mn3GTW_JoRx^)PKH&HD^fej;?%`J|cSpc(jnpza>>XYz{qte1j
zENo@+H%b}iI1fC2_u}S96GdVTohJS<?pcfESv`k!2Ux38)vIBP`xAN{?!k|dAsqB&
z%@1pe-?KyLFSk#b9EG1h2zQ*V-V!%24=99WkT<Wmh6LYhgrVx7NRisLLAz{Bpz1ls
z2|W6Xa8SRgH>1Z1ch98H*s1Ug&&XFYhRyPv+&+7aX{f6FX<xKA0b^_xNpWb{`<l%h
zblN?~nY?NWHY=PRKU^B#+~C48N%th%HPgg+1hpR}%m`Z6rh8ZqLoaOhqWoIc>xzNs
zc!UQt(_gA+?D5%b54m=a{W;(50!$Aaq&im3kuB)AD|PxkzGlX>p5cjG4k*6KQoXnL
zhS3;DZt0`PFp82zPaofTNv(8{Z}DU4IDO2QWj&R<Zv4r%WS1MYZ--KN8v76J)|RAC
z*-y*Oy*9fCBl7g=eR*ZLxX_Ao)@(52wA>oQrG!Kev&qUDk9IE8^)e*S?cs1YW3r}I
zm)>=t1qZi$DV(I1ya)Yhq+v{Mjla>u<AHASb!+DqVBE3;Lz~}!@<74;j#_ejja)Nv
z^`?WKXl0E9>;ye=KQm{+9_x;Zd=&Hd(DPG=p{BD%wx>WrS=8Px=@QMakZ3oiA4QJa
zc|JC8`3wW`#;$wpa?hWp2OhIt;=b#Z*^CIt)yhrc$cO-+ScH5QZot)5nRr+x{*X|E
z2OG*R=#*5UhZeXIxTm=v4*(V6(lCJc73nG3{j2ObGsJT+*OK~6;T<rcACkw2ha$o#
ztU?R9cxmT5`gc`Io4t!A-w(trkMku|v=Z!ujqRo74<5;37?4-$E{Et2<frMRyJ=R0
z7h{3Nvf?=jb4%y_nrc>1tNnc1$i(Yfu`0`ui{57JB=O_z%eR#6DL+PgbI6)6E{}00
z*63Tni8S#=jBtCbzJgAkB6=mruS+LsnwVAxScWLsVZu-;6F-M$=-dEXaRKYhFG0|`
z@xv|LPk_&7yz2w&I6!t=pNxyK`d7TTGBMA@mFuu(S3-<0OxOT7s;Rs8FaFgAehJx;
zdvc|?9%>IA677hU4gC41rVupA=e<U_w`&K`q+O7ISS_B0RdLm44LHS)&a$pg!{N63
zD!1y{TSjeL;i6(eOazkVxlXMiIbLfo$*)?yNu3qDC#$L^Pc1julJ<ET%M8~vT9dC*
zCZ<+-VauF+GKoHcpn!7RNWFcvu=Lcj0&cdZJ&T4-UAIBus5?@dEm5dZ-s(4xb{JW8
zkm0+Bch1kX&!?CphJ7?Q#ThNOrmjirNFhocPhjyHj$%3afnMkRucbIw8V#KF5l+He
zJsCwzj;?+knr779k?)s>A${aSW)ca9TnoSYUGTv)TsFu<x>-#>2Z~Gp<d>50H7bE-
z@ed$mJ8bC(U7-}e&E{j<xbaa*+yuP^Q+&Q<7NcamU0JkB?seOSN%if{fdS+a=tqg;
zHwVcki_>I+z_%>I%2-{MY}lFgy?Tt@_CS?vu6nz#?eQjg-RsPyYQ%L1fi;xPsmGm^
z^3lW$B>*I8%^tMz-VMJ<pV?7!zPjQ|Je{(d9b8-C#E1Oi+(bYrmW2LIEj=Z3SrI<L
zp^xX+0`~4Xb_~h@Kyx!VSC5>(k0AC{5U)qwUehh?E)}u{<7u7%z)=%Edep}hhgWw|
zeUM06n<jz>W<0Z^(*yev1C(}8qIjap)sYd^Cqeb`*G!I8RZh+7s*p0)U9(R*11;4x
zf*K<Shi3vQMrxl~6*X>f9~_Ec@R0`|8QU`{rT)El=-#_)^E`{5!4VB)zdzz;M7F$9
z$wF+9Sq|NXM4IVP5{<HZk*u0lS%_zO{p0ADUuZFXnDzPEJ_^eWt)}Ld`AB{_MfVL_
ztA5@`CsKfGyf*H5Z%m~AG&s6%^Bx=Oqbd!tx$rd+=1|_bx3o@*qjIdBY2)qi4frxC
zhL=%Sb3ONJv@XqUV$^4D<@46Kg|hlWz*U|QMRde%XF>lEWyxFcMMDU?wh{CP2x7*m
zN#XMl5}cebG;uef>E@K#jM>}6<o0XHMbUoQ8;+vwsU3eLmS8SDr6cq+(uu-xFGS*-
zSHfXgK|cd7ASCIxVbJsLc*zAnQJGb5x9Ay3(dgrd9z^S>0l0rxqbN<+z{xL{PJf`e
z6Uz|ix0WYP%KN7=S{WNe&+zgf51E3CsRlQGY}WKYXTDo0zxHn`Lyu+Q)l>@j(%r%v
z1L{Kzf1`p;s36DOinyIR{m^N1w{lW?`#mf@O>LYJGt@^;#8`zfr{1sAujzxtll@1J
zzZKUwWFg{{AKBlkqv^UyO<a5H>1V;)5`0D!=a0_k>9R>4z5ADUY<N{XeF+VM6Hn$m
zY++EK#!3x0=D5@_wT3HI%^rI9kA5|r>JNv-d$ppn-|g@{oo^Q+N?Ck&09=Z51k@zi
zK$AwsnQs)7gz2kAqH;a+6|p6DYD>(d^mEBr3XpCB8+}}K28`-O-)CX&JpW!E-q=%5
zsaK~dm4cFgoZc+R+r2GoZ~FdD>47E62mnxgqW&a34u?CHfj|Eg-@FP`0}ZhZgK&UW
z7ip;=nzI9E-%}L0?|RYdDbqTVOHsh64SR;39iPVAQGccQ>w_D#3~?J0l6sciN}dwa
z*C_ff&CnE1qe5n89<{WP>RH)<-9_1vx}Z81F>oQUP|LqKlNJjWGm@1FGBq?I%<BC<
z35>aUbr`(FQ}&Se>*@})Jt)qiFsYT&Yd0ro`gciNRn^`!JW6PsFrhl&lL*=N?Fmsd
z-lO|$9$APLAv>vyfJx^m>^J;u$WSUxYqa@biuW+-Q%KP7s5!!2B7!zB7R*7|G5iCe
z$aZq01$3`*okT0UIv#|NWBIK0V%s>W3uJW+<px0~9adzka-UGUypP{HYJ(c@kk(U}
z{a$EmLV><QJj%FPi0YP+Cu=wjyXb@A#*h*zn*UoZH)$-tuaIuY2mx3E;j?GQKs8Y8
zQ}_Nc5Qs}TfYhpqwEs{D@MY`BQ?6-TWi-Zj=S5!I4$AxbIR`AcOy0@_0vV&B0(vp>
z`yK2#XF<GM@K4lX{7t6Gh8$h3D9-n<Gi<3}GRk48sdz+vEr{?#92uL<F1sHHIYrVN
zFo%HV>>h*T7!R95d#Ej=_R!wu{rA=}w9%F<Rz>+SrHMX?`lS+G%AjL+fky<l!~=D|
zwwK@EnYM+ORk4*aYYN1LMxp7#w+axhj_c|Ep|Q?wKzW#*V}c7w{(Sh~xWv295a4Dh
zXp<WwiLlp*ewk--IAuTsOI;<c=}}}deTCY((*`Pzr56P7MubU{zvo7bk9$3CM{sk<
znB>xGB}_`{4lD}N3%@H5zdt_fx)rphL4&b=83v$Fk4B@r!!owRc$Y`Vs9zltffINn
znl3oGa{h*x6@D0hLVz%sF%2U-PeN&?vtzYAi@)>8oggySG&`0)JkM;3>k0W8L8YJK
z8MO4#?l*<!c_tkTch-wpp75)QZA|U%t;g9Ld#kkAlRdW$dvq4pvSqlr#`T_uAh`dC
z+@kkKbShgte%F@WC2<(IPRD}exc*s5f!PsxzGiD?I!f>#;z^y4K1=VOIGUx@cf!vi
zpkqpvWJ@QZmvM+ZKEUyeQFPnB+6)!$-tzQBFfg6zS~iOozUkl*Y1+vfBc_MAXla@*
zt89{vUESekDw6MAV^ne}wvl%@K|6;J3&D7{)qtDaWrrCWIQayRo3J_5Q^*ZfgWRl7
zhGPtw*APf?^5P#IEG6ro{e8U^tQ9uiW*hP-#)=n%dadn>hHKjWWVf{&jdzRBN<ij#
z?il)!7Q6qp^JN;Q5v+_@%e0$*Z8FRG1kp_?T7$bxLxAGtVTAV068_ds2Ei+S4P}F_
zX}qqX8(70;;ooxJG7uf@v{w&}<<uh{kn2p>3Tc-vK22QH;dlXY;sVsJ^z;_f&l%z-
zMxTgU51Gm6&z?x0E@|AV?wK4+;bjVM`9fGi&4_xv4&3tNV9f0>!k~8vS@hYiwYXn<
zMdiMd7!%6wgFCq+SSbIK?Vnqjy*Z$L?T^RLGQArM;#YCoyz_(n+;`=QvVr6?$qBhI
zBt`JI-9mof1<lj(tRo(%+4_%1wjSveS|WhwDGl*?S23oHx0=y-wimqdilG<eND4k@
z&Mh5ToYub46|Mva{I*?puc@2nZymjvEt!1;j?gx2pMm#CGxfUlr0?ptUioEt^@0(%
z^tSQlF_`>eCrO2N<o&;Wyr;c)%fKF-mqmug!`qJ9DZj85E)!Q4c%FOSq}=!S{HcCo
zhTbH*QAMqeZEDbVkg;0vty0P;;Og@&Z*_2UkMoV=Ew@WUsF8UW2QLQ{Q=f!`;!u!Q
znlrxht~|Q-2?U+KA?MV2vKp}>sX6+1SlTQe*tGwKjwvqxGR9xxZ~=SH_PZ6SMq|f3
z;sfMEBQ|A}S|;rr@EX{)rq&fx-<70pvC+rawa=ixOVQ+Wzixur7U5por1w4WZSrq9
zW~xjUzjJ&;rxC+}h<OH6MJtlaiB9U}l%;-BeY-jdlyc8HH&=c}2WT$<`{?g{Y(pXn
zAHQHg$Frhy_v#FyzFSS*&}6+Eo6C&0HvNWge8&EUPf^Ci_Pq|Nd4=q!_#(lbdkJAL
z;tgvDmxD*<(!dKPy!-3Z&!c<wPk)b=HmbvC3YZjOXWxF36*rl#Bve>XXzO+2f|uPE
zhZd+Eq%sZq_<7K55J`n56+WZCk=`m?-2Hy#n;qK|?U#+%oyW(1d|?uKB!k1~qP0=0
zKeX2?<>`mU1yzGIGBeg3XPHgX|KaaaRQImiU21q=c<6~}ADB9ucdj|~U+0YsMf~~M
zCU~$491+oqm4vWi3^Tyrt_{e1adW^2q{eb%#nHqkVTxTeZx8X;ok8*3{v_}E8}(Fz
z$XPYjA>yirxR($7Ye!mMXiud(<w6-<-FEi@t2wGvxAGeruOeY-KTFnfWpe+4=N0L$
z-VB%f)mXEF#g(<a$c4@ONKlq}X6J>A)_BFYJ6+VOT*51&SSH0gaVaI*auOHxWmEwI
z=U<q(J5NWDHf*=7br0DCTQT^M%U`oZYwEZYuXQrqTqe$M72|K)TIeY0J*zD=ebL`T
ze5SsUP@ZA1qDLwzwp8`aFl?d^`!xFFW=`ZG4JbUHdkPyHkq7}~_T7O>nc#)y+Zh2^
zQ3OlHp>gOumWH4u;l%kEK36>o-f3U{7FN{Pb&o_x6kLeu3PNvX14sGXFb{_@$KI7&
z5XUR{1X+7=`Y1+2LjG*mCfs5lf*_-2Qds_Q#>jstvp4>DW-b9fxo7(7zx%#<DXr<w
zQpkSZDQ(8=IaII$Y@0q$Gkk{KBl!!Z_!4+u1MB^Lp7L^6U+*=+6Td#FE7qXw!piEo
zGB}JM>}<1&q8a1my{w&oA86MqaNF1G<~4ebT-gb1CweV96IZ(!iulNN4;0=<tUS@Q
z6!gtvJ5G=w`=l6XBG22Vv!<24%&I}ur-*IaxKC~uw-0L0R|b|0{qB#5&(g5%e*W^m
zF<(Vt*_@=F^k(6`xbDd(xCzh*5_b@0A~pbCwBCx3YeyMp?3?Wixo~Ir8GO34s9#2>
zQ`HO45MxWHcS}h?l<=CaG!p^&2N>%QS)BqAJ(qh5c&DhkH2p@0WZI5OEc+65ahd3%
zt7hVh;J8n)9}nWfzIK|AcUx)u!RlLi+dfvhuiDGR7d^<`Fg0{wtu6Ldf3j+Nk;)8a
zJWD0O6GP4sixt@(Ui2}$4Cs971UKiJ4}A({=p+j_`G9+TyvCf~(Q{5o#a(fw9}DVY
z42WKv0(8FMZ;|32*>2Ia!Yt}ZIgy5?oSeKbFm*2fnj+4*d)}&aaK!znuytqQ@55@-
zE5dZ03inuP>{@8k@6q8&`&#%piRxHPXN5I&eSn`}`}YCrauNUdHYNZy{}5vl7RNH~
zExU7hL7Uw!4pVHWx69;@oAFOI=ZP!8h(JtZj{4XB*(y!&89#Cu12TQvc@(tzk-1%h
zX;g#KQ|s|f1DV0lMXhd%63L8yb3#9>eR(yX93Vr6d4T3&g?9w!UG!?GLl-hC9A|f6
z=?%9$Lee*dLZ$}U9UL1ux%Nv2JvyNRUe%)|r{64=B{NqzWeaTgYD#}u0>tc@fQV9p
z7u;v~OAJC`;eU7$7G)8fAA$M?uc6;kV7a`<pZl#?58E|cJSCne)nsBQF{Ofi^=&OW
z<%gvzE8otq!}@nIGZdv<puTZilHPb}zq%0~iA{JYOx(|tfRiXom`>S;nfEa!<RvkL
zQjl=xk({J)Bxt@8g7GBIr{cRd;d=i2YmLgeV7<nP|7rQ%EDlH%+X@sds&bKaH~yRG
z+LTWap*H2VE0bZxI6X(%CYSdnKB(6SdD|YL|4bvx-G1zG@qVtf=i-i0dZ<Kki~qFq
z=@*^n0rD4<ZRIN2S&Yn{#W1f@!YB3zM{HHnU8fhsX5hieI=D;PO~N`=F|AhbE2zlc
zd5uZ#m7`Sm2TSXptY<N1lrx5&C4OJAhB|4TT`uBV3X~O3Kl(24TldEU*c1L<E5-T`
z{L)DTww!(LKqZnWCtK8R_E8Et$uP5~fy|7;t7i5ZLz1#^FL(+YViIbW80w0^%ToVE
zH*UtF6FNV=5Go2b5m^|_?G7bW+!vm~Kh*{niyNs42mbD)9<+QO!obx>{+V{M<zD^b
z$drQGkM^%f9INf9_55BF_L`cLWLw9MX9YI#k(@7TB%ra0d_r}Xrn2)121|Q4*9Mxz
zK&PjQnF3EG)ubfV$%fA4dG|TepnoY(zn=kZH69)lua7R4H#$~&xKBlo?o}w%-u?Ao
zF)wVe|5Bq~Wd0A=<gfp4T~GE}hHJ}cg3o*RS&sm1#r?3Gsy_>D!uRPbUP)OLA(WlB
z8~)q+_RqH4kCer4n#!O5Uf!Izo&Am(@Y&GNMbThW<9GVbbKaYbzRf3p63Z+5kqR?3
z9BJ2#9&iUI1%vko6G2f~XXx6%+FT#czjTEB#9vtMN(AL<mp%vi;DjWrM}Xk=Q$@ab
z%|rjROin(Hhc4a-A+!1HeR}I|(f1@~huUW`-9a8!P>>WO(m%iLJN7f{vp$f~aS8K#
z7Uelfu^7{u)El1#=9%hu_j6^95+jDMwD&I$X(|^?w{rA7&Uvn~1)f(=)OX0-eGotc
zIPP7+oz%emv%bbJgT}ti&H%D<UpJeK;`;m5_N5O;?I#2;42bV#!8>m~s_n~n9#IQZ
zgIgFryONb5a5I&eR5o>!8SzEtzmYXuxaD&EGJLn`Zdh}0QrqOQH@Q9v_1|p0VO(qL
zG{G^O8M6!-pAEpA3?$1znOi+g1C5$FUCLn%ep|}fB3W{lW&ph_{k6#P-6dNm(xAFK
zoq%|B=%a()8TB0LbXvx$yk=`!Ppt9-%X^xyKM2<KIaC_#bUseC)aUd~bh{H@=0OIX
zQLYr2<-wSA;5k6mh0^Dn32(dAd78CtSbO4j5?6n@!0D-O`$sm8%9b?k7B6pvt6uHZ
zfz(`VOyzScQEQzycg%{y!TMx2SHU%ZyP*E@9J!w!V_7u}J0;`ljfZO7@gEP^U1?UY
z`XKhEyuIS6h!oR3vrnv)f06jJVKg3ddyQXTrY&}6;klQ)w|OPneOf9ly|ukks1{tj
zQ~U(Wb2VA89N?E8VXGw?`74oyiag93z%6HRcY=da-5;Sr<8=~cKk~?htgkFyiSQX>
zxy|<_>2y(1iqhp$7&+sz;uEve9J}|l@z^Wu<ga<JskxWpb1ztF!QPprZAPr7mf=3P
zf?VakM6w`Q<|in1u%9<Mro4eqlS;VE_}mx6SdDlrC8t@`(8}!BHJ8?b5(*CFh#nj`
zs_uB7kaReY8CQ;=woTpu6ID@_!4YY$4RKoRyvvwrN|z0t=2>Msp-<a;ci5*#2Nf0c
zz8B7->tfSxoPyG+Ps~;Z=l5Ay0?g{S@`rl&@SrUtw*ClwsG<3~)5CahUV4{e0-v%~
z`#jxSJ>nsB00%NQ=2JKbIxET;l|at=XMSN%{dR)eC^6$C>s+!;=-hygujs^upYfak
zY~>aNI=b)|et6nbc~<KXXGh6=o{2|lq;T{S7s?}G1KlNX^J)v%%1e+GXR7Ot=WNOP
z(cS&n1?i(H96#-?gv##Qv$wOK)*N(^*;8*EWsDz*+<N5~x%`XglX}CdQ?5y`Qa+7L
z@FWMn$Dy7x{>CzregkE_dkpoe3_Qdu(c$gLED3AvXHsol3`fsyE6e3*QMv>Td^-4J
z*>+I2Zubf~*s5C&LJ+Yw&uVLGVw(+42(FkoPT4?<{m7e&It$Js>L}$+9u(kP+ii+?
zXjIFZC)9OFKvwbQvSA@zKhI=jVtY%*oxQw6&&#H@`#t7wz~YyCRJphXYzQSh_kAQI
zITUwV;TP)sX)87_W0E^Tw0unrtxb8z;lYv}eYaB#HhnIg54-HLK&a!~8VB~7TS&6d
zd1Gd$=i^x%Na(49F!ZAQ0axzNT6>$n`7b2>Tu<j+be#&+zd_Tw{QD7qDIZ%J2|aRA
zBvyLkSlk)wP<m4G$Zw>FFH24?k$_OY?EQyplaX)5#{7mCz2t^#Zo(IC%l@9~9@fDA
zA)k8Fq8TF(V}vpxz);c4+Oxgl6KV=~Gb#c~#oW&mA3NZYfvaen-A6>opz2ehK-EpX
zd)q)V5@bj?S2xAZlNB6xPg?1FKRtcC{805ay{pl%&IIa6>G1t(33p*nuB&tnbbsww
znSFDX{}iv5$LhwfZYTd#9Bf*q%P~$LL>Sh;lq9!b^-6B;{nmPKP3E;;;OF!A2sU9$
z=ra9yI|D@ZpC6P1UeS-~e1DERr9EetS6Y#QRkO9KD`9{3rh_|vxee}8x709RMaaIy
zr20z={Ap3){2d*t;fou-CTrd9FLX-4YDHn<IF2#-&Ijn=o^{sm64Q1WZz{dBK_3K{
zj(3@dB)XC;6Y%vAula(u@l;2nFjnD9gk1S~bspH0`IuRed|{D(NAuP#>h^4>D`RQp
zC}q!T%(Vrwa>={-0yo-3OM%Ktz1^10S2QZyTN|5n<PW|LfD_bDw;nRpr!AYLB<(Xx
zR+U|*AEO5qTJ(!$VLRz7vAzD*Q)W#PXkmcXlhwoO{%@B19d90VjQt~*s~vJ<v%)Uk
zp`fIjPMlV$BmnRKgi65R07)S}3(KOFQnAJeUASCFua7Qq^x>?w*cwtB{S1TIhqS2+
zIN*mU2SizrHA`*39qwTc$G%+Xn4L6Bo5L@S<5oxzlzy5dd7P(1J4{Y;vyKWr%xuqG
z0xXWJ<-+@inEeQ<*Zi)V>WOfDG49>eYNJQPFEUF-l1NRqTE^%PRN<`=8tv^>wr~JT
z<=9BUKCi*BSyU@v>u`Fy^-CePKJF=vbJ$Q_*Gl3&i(snq*~!uC+<h^%mYBMZsVUs4
z<P!AffZ;khp`}L08UVCN(DA-K$HHHmqN8rUrj(#tSC_cmC!==2ppv|TYzI5Bx78-^
z0d%RH5~5Q;fASx^b;{o0yWP(*E!2`>HQmNz`Yese#Hy{n+Z7G(p5)g;Eqiu6HDS(3
znF?ei>b&y#Wny7#Yi(Z{5HI=IUoVu(P^Xyb=my4O&6b@G21Av^J4Z`JVJ2R;6T^k+
zs}&BJ2K=K}uFS!P=SzlTOI2fs4L7$ZTCJ|v516~twx|4$JCU&&T}7#x)z$Z3uBu_m
z>D$OQ0ea`9NbOv2R}w4NO_1E<EaK&Y-vaFttggW87C~d9Y_KSgH70yD8T6~gg9+Ww
z<CWm5C<;VYp{P1*gxT!bIc3N~3?zGlg03Qu89!1Ldd;KozEKyTsHogA=t{C1ugX#k
zylGP&11Al;#*YV(RO^X2M|-?h9X$)ed3;<sR5F|EU5emRTn%eCr6JIioK;$BU*b?v
zvEIgf>S{asUYK!~k1FNXM`{Ta`P4eOn0I$Ru(Ca`=}IRj9XH6nGLTB{dy0AcLZ`Q_
z{VLeJmG0!~wE$?fBq4CyYn+%L3j)t5k)Qg$CsB==0SX&RzaSMEPCLc{x4E2(BmG0(
zXS^tmui7eQSjM%&>@P-T`Q3f)d#MTexJ`Z#L?-)3T*$Qe-pK5gM6C)f<_j3?M|o&w
zu=w0q2qIg|xNo+ax6ajKtCAS+^_GRUk~dPGw&yZ1`5F_1)!RBRKmXZVF1F>JFH>B?
z5ZE+Ij8h5VY@HDfENMK_C$nvDvq@1Xb#D7%#NDxu<}*=JLUIBv8dE<YX9BE9QE{ug
z=O<gI&$m!+08XYS=Reh_KWb$M*6)Ol^0)^B=|X1ZNxoMs6n9^K>3(5<eyC8boLU`U
zzWeUER;^c)!isV?4^D8KXkkh%X}&_$l%Jm%?(kUf8oG(7n1>@%UwpI~<8{cot9uk*
zZ-r-z3-pVO^AA&biu;jA@)lXMgKtrPh!%Rr$J*`r<w1+vqLYB{s#@P+PJLx$O!#@2
ziYdmJ0%pnhV$X@E9{)mu43BY}2g$KSF~6v}9a~h?$U4N!fSd6mHH|Kyxt}g;$_h2}
zp#xA!MSN>E@1f=i=6ZD?uo#P3fI}%_&h{}lYY4y53|h9!FNxH5D-EjDG>&Q=j)7hM
z!>?^V3ezT|T$gi=oA|jttjG`JDID=>^%)I64vJ?-z}X%}m@07~;l6yF5rLKPty%p1
zkgq+jR7alVO+*JRQl=4JZ62Aq#30?_7sSJ3G7T>d{G4-_EJ370nPT=;hr*QG=;xs-
z6{)k(hqRJkoYe1GxDf5TpJh^w=XR$Vl`roJ;EI=-s@#TS7RJFR7wAbamX_}@*8|3j
zLDws<!U(Hazs}ZzShcl!pq9swUx%u{+bcg#9cSZsTvN~Kd@0m{%e#gC>Q~e08+2(d
zF?a=Ge(1V`h66))$-tEkVRf6+;a>}Hh&;-KAu3UXl=G&a>*Ef-355{HxP<o=CdQ3|
z;Ct*YqH^DX^BS5iE8_7bIi1`c0jdKs7sN7}q!ydcc^Ji}?aP2fHY?p}3K2cGYzZRG
z(UtTV%CWxJa*&MVQ0}34bv^xx>Mh7GLCs!Xtc<N8%HL`$^(P`<0^mu0vaa)xyz8`G
zk3;1x1A0Ug;^<Ax0mgB%v%Y#t%Am4(0iq>gKr*WG%V7|CQp8&QXuz$U()(FWyxM}W
zyihSwg^Y!kZtq%@ge0GIgQuI*^}wbwr)i<%f!hvveb;%;T7_=3z8_lFxp-#=ATDX9
zJ2FbYR|PENN22GqX}u(Eon)SJ7BK2pWe{AzX*>;%9p$4zEVybf`h{j9Bb(gXl)_xi
z)a*>OI&B3X#E|3(AJ@=8<%l^GRG!WvYKelZ%;KdaB~<45!Ub=KYM#zCGG?^YzK_uf
z(i{%6W^V=L<z*z$`<Q(3?YQ(p=hnDFmLh=wlE3w|ia5Ke!C@<|m6M!zqj-JYxx5ir
zf<=)9%16nu^cC0l8TMq|&hdPTO#MTVdfDI94WGX+T>LVOQOKRH^F1BeZR2klKLm2k
z6^C<=(^*DUE6-}BOZ(yuGmiK_^RPQzY-Y>iLuTT@NGAU=p2?g);V8Qiw8r&Wv9Z^+
zOKDLa;>H{OD5w!)mxs12k72wwZfESiC&I=JFZjYX@+a3M+Jod66INEkgg7_frwnja
zWaS>BQBNsPv8ivKNFPIqTJe(II^$p?fLLSkzD}&?I&~sK!5d1poAmQ%$XxZgqRs7M
zGrC4qwTUTKMzJ`K!*+r=y?Un`R`GswS;^(RU+#747r%(BiJX+XHvzsTWHF@?w8={r
zC#88KY9WNV64poN`f^EiHsdtTVu1NfzgWSFQRQetXQ&m9?e$L`KWgu`@@v`h-#pfg
zNlR2Xbdf>}-#-=WB>c9vfm)&Y(6zhP5mgEe=6k9AAyzMxeGUcY)Mp{=(`Pba+QOd`
zcpOLcg%M-p*>&#0V@mBM>uiQT(H5?pogs}i$*x6wuo5y5hJSKOMq9D4*w0s6`98W{
z`SlPJDd$Hwm=bocDAjIu!fW-_EpN~tOMQJ<3~cEZt#KP3;lG{XvFc5RzWwE_KSH7+
z)fHw{iR><2&-cP8WV4trwI@d&g0gtU3Vi5No_c+?#h@ZW<Ugh9M{ITNYP31MjFiB}
zE&ziOi{~JqhQt?52bQ<Ro_&IPYf*E?+u#z&v`bRhmz5fF%k*s?+L{^Y_sNyrpBL7c
zI0c2;XxBFSnk&X!Wts0sOH9SqCof;fD$vmJJaf1>dhEnO-D%KA@w4;IamfPB?2s<+
z8dAlpu4=08JZkVC*SgD@qr1$%hOWs5zE^|sFgyh%r7>5|(&o)_UTkQ~C*O+@b>S`B
zG3KZW&`!(yd{>X36{1~cB6ai<Q89-|9Z;jj&lz$$N6(73)uxa`o(Mk~_o3~B(1?L#
zAJy@mD^QpnXoz5o+CU$@)o>8c!~QcH+Hd0HKEuY}9rlxfpFUI=kEv)_oNdGC+!mbO
zs%x&nh&=mh@aJs}c(#g}d2RY=KiDYbF39C!DQb&6qlEP=z$l60F5md?538D!ZijE8
z-9A+B1R`TF{OCh@eFDDbjvV+L@tsVAAJq$Ct$6d*lU3MBveAsa>2Flxvkd#;?Z_#L
zU@mt9FF!xjsn;Vf)jw>4We7AKVGj7*V(X%v?_@~b=_(GUwFSQn72g><sGt2u${47n
zn9_9cT2r7acv?($3&p?I`=;=OpW-qf)r;RE8vM@mg+fYIA+%`XH;$tVH5BC>H<}aD
zvVt<F)a?gPfI7@SKEA-Y%mUUtu2=SL=<7mD0s)NmrzZA2Ux=<z`h(E9m?>k49uEo>
z=EG@JZC~)q@wiDVYBPeTV38#Q=Tw%5xf3OG+}%eR_?J#&HrI_s-@L`kbGOnbSB8up
z-a!^(`o_JZJX8KgfwnsAdzML`2cg`vh}7l&{?vq;{Q0whL1$mw&y|<xjjKGMF}EIM
zc}vXWZaa;u`Wn-j?~6-w!o1?xa6%3I2x;K`<JonAn-}A?TQJ*AL>ttvoPcxtiHtu}
zlQbJ)d7R8N<?-wG$rAiViWZJWqIl4-*Hrm%^8^z+cKTNK?XojOPpiNiK!yI;6MeC9
z7x_uot9v!lgE=}1!3ICOj`@1*FhH<B{o=XNL=`iu8oT2dZ=#>a#X<{e56X&cBqY_P
zWmI2iUDb5b$p;@K4|FFAQIa5#q^D;8m)w$m9U*fXo2-8Ih*s^&E~N8qMQg)$1tnR4
zg5}#c?ob|Gg8n?Q=C`mKtZLl(5;jRM+@9wWCu%QPRfgj!sq94q|IbBPNIJ61^4zL%
zOULi~-hve~9R+QXe!1zwixM2s1vZ*E0=3?(L;_7rctliGcAXx@KR>_m{7frEyPNq;
z7qu8%m7R?t+_P}-TbE{h#(*Q4nu#QI=OX;gC->uzEi+aVoF@~c^vLZ75lD`#7G8&V
zGN2o-o|7x-L3TEB_rgwrbB1h&d*G;uMGWs8>Ob-+9#yenOsZAz{0FH&{za#SHFMfS
zd{_a&-0efzP~-FG5~GHXUS%yCK^26RJ%8j~LQe1AkIGaXDjrq?HpViQozYn|q70wh
zoMS@!#z;k4E{ZDDJX&9MrAo{JbJmm&IAE1+U3Y>1md_j)ya7r0@4%{BepCK@4Ueuq
znKFXDlzmz5W!XLa!w8&BBCFN|o;GN-#2%0p9Jq*~4(o!s0^F}ss9XN3*bi$kq4>!+
ziyY|YSieB6p^E*DeWbS)&}%9M?*zoM*ypv~>=mwruk3>dcxH)+WT)L?33I4OB@*<#
zlVs|GUc-Hx-M$9{g;xJWu@&^Gb9IUcKA0lOV`VNWZXndYLw^F%j-8eWG_z<o{k}Hv
zJVyf?)TS&#y2Co7vt9t+`*JrqccEhZ*9+C0Emq~G%1I@5UsVjju@k(leuv~;ljS=+
zxf%_Hk*}m54)!6i`&EHcJ)cW*sf8fFex6dwRu*9NSBGK&tNmNlci@Wau$PoW+v>`$
ziL3GSG}jbQ-CeP2RrPS!m2GA_-ie15pfqOdgS;#*sbzFHu)_tLJ@ftuJ;==S19$zH
zU4vrTWy_P_eFnJUB-e1d?T%u>tp(S72fBKb+zAeJgi66*z1h^Bq6i$I{N$eqqzaGK
zSiJmLxBvL@N9BAdC7C68q_|e%^pH793OmBz+L)aF-a)}qa(lAdf_EHY2lC$6a?E>@
z%tLg!Knq8nO=37IIgQ)tG72n6m4y!{eCD0!m7*06!Kzm5(0k^?_x~xHd`;m!>A0&o
zmdgIa(~4)p9roIfkOeBeY8_=RHKpy={Zq+)t!gkohM-zL8Rn5Y_!K8OP&<vqf22UD
z=WffZI4ZNp8L!UURQZSabs<^%$DkCCNv$MUU{-(meQJ}MrXMUo1WyaVHr{s-1#nj4
zLs)|GqH;J>QFjk_g%>81$@g@G_StM(WG3D|G451QX?Nh=&0DIUl2I?RDqm<u*IrMF
zT8HFok|K<Z24Jqa?$sTdhPg?WyX-d+8-|?YZ9ROLez8RSef7fau_HaZC&Br>bA$j-
z%#6~8O>gxc<^;8(3IAtQcrTN#%|b>0zB_O}RM7W@qhV4~`u;F6DOoD~>L4wh@ZgUA
z)dbZY=3xM-#l@4z#kcd=J?Y}|)`?pQIKCVi1B)L@zBdmI;H&0XzQmN8g0T>pQZIs1
zNt3gE=xL;Xaqe&<s}<3vWSL^)ntpPzWxE)*Zmvr1Xi7v|AvB`%<fYcJuvw=J-!jVt
zu6pMh?-N}V6tjcc3;|O{k&&*)q1?foLYb$M5e0Eoztn)B<`2aiSzp?2C;2(mP%9cP
zV|L=J4`)7)DSjh^KYkr^!7ty)x&q@dv~~2|+9mU}Zgwp2Y1QWo>9hd}+m|aSTp3BM
z$9T@rE4+wYd#YnACyNI2^y+9|*xw^IjLqf5^oX&7+>vONkw27V^qDYMEY8e3R_d>8
zTi)frc)4Ee?cosJRRWR0vv&W`b~E-@vWBRE`;q>LXRLOFrr@`R!~z}A&h!MSC3(u>
zRAF5fQ{^fyh2!T!WI2J>f?=AvWyf+kt(<ZuP`pYpb1zDF@9xEjyO$A@Z+3K>bpI-!
z5V}ckr8WOBnKZk6{&{@tI`1YTIxQt^-iLN}!Yr5eg|o`GlUe+pO(Hb9YyZw_>Bh60
zEM2f5@ui}bfMPzE`{9Bu?7lZ2yFH8b`jnr@d(DDB1Gp5&_FIS|_MrQ(KUR55G+#HA
z<uA+QZuXMr)S7hC)hj!UVezopgBYjlf}_h1B;YG-E$t2+$Z^5z8KtPIHGK>@3&4*n
z8PEsZ#jEE_GI|-xMx{S*&Jfc=XZ;K{ne`p(O59hu^;u+$ZK_s_2|p7fS?Dbrb1{q7
zbVALJr;|4huPRCC*@P96(mfQlV#{=Q$obR6)e?V<$0vVifD;r7ZFoM)m$AOjrnTI?
z;_OgaBb1#OP0GIZ01aESj(5E1WzJ4p;SIXwj>-07;+F?rq^aJ6l*P!rhBmUaKO(aD
zt456+rH)jt+|^L{!B%Yw8AUy8PyK-7pTk{w?MCLR*T!C@vU#NdB1Z~S5WAPKC50BH
z&0JuC1Ci#lP8Z}S2lu%r^Ze|@ml|8@ZS&QJJ#qEwCI-9D(#j@B=`ie7Q`-Hj=@z%;
zEih=?@_z*_4bt)k7oz{XasGk#o%#06_MHKzPMwQPDPRdEmRhb)u9%-Q#TMt6C<~p<
zkXz0lWpbap4g4A7Y$()E8z-+IYS*^Q^_w%%^3rmo^wJWgh5-Zb&8}fm!-R?K7LMm}
z*(@PdvGzS==ASEPvANBM1-#cghG2cIFiBB$WvOC^rQxLrmtB7XW?sNF8BMpR)oczA
zZ8`0cxNq}`H^NQ>ttu;T(vxAWtN+5V=C4#}**LkGAurM^KL!liXXp00zC~2tfBUSE
zn5rIdoBygKBsVuLhgdg|^X|}CzYV_le)Jais@HM9C!YCS+p=+DS`oHXJuLF0@GqFf
zZ=TkmEgNSYFYV!mo&g&c#6GF-3K|<H_hF39$UCXbI?+r0?LpBqbIWK0YDIc0Zv01a
z##!$CxcR`58~2f@-7NMpwbH@vxIzAuan_-6w&gN<Ea7Mv37l4@=D=mv{dMESXQPkJ
zQl>}`bA3=r1fiC@{+5js5vxP^Zf~hx)90-4`@qAOH_54wooanv+^a;`nPFS^MAyFw
zhg)7&#mhaS+fL0<I3VXF*!Pf|7AVL+H9x+R%V~JdD=r(!ceRSHVzar;Kad$`+e1b#
zSXhUJfzzbb91@t#QjXh(4Hr9`(NbJ030u%!&hU(|i0r#oon>YOiBas9b`G&$d1}dZ
zUVNUvaplXI`F#vdVBs72=s!i4qBw5DrIf7fH+K)Nu{&Ac#UMEcbu`w*HuM!pcEB__
zYWGE_GO(Z3yz!YVOYLoUyQqeTFG^(e6v=O(MS)Wp?H6Ax<9^M~sm2PldHJeiFY$#Q
zZ@sl-$O@xvgYTxKKD@Zi#tVNnKxN|k0n)wJ+#`YsFKhplerDJ4$rQBs#7u^~&^SLG
zm_YBe>JGbJX*HahzRd{94xZIPPWMnIQMDDftp-fk`<jh)78e$Gq{s|e74qOi_WPt0
zj#m5Y*EFEt!xpMySK2UgF2209GgW!2?~5w5j`Qi{yiU}POV8z0a)_&uGrrbvH*2pL
z$<n7B$>WuO%Kl#S;;7|vx0?kBCasZXDiq0{b9Y~P@bdYc!wyd8ur@5_+K6SJ8Vup$
zU%bDfPdLDD^Q`O3<ruR<nl@}P)x~+SZ3vyxMQ>NstL%?2ukW#Pxz@02x%TdAbzRZ7
z_*ci<YtUpzyC#-km-Z#nLW3$j{m{EI7XG2~43U8z-U-rs*v8hf^FHQrco|{#%N))V
zjf4|#t0Hs~B>%`1hLYJ$tUy&UYkE@X8jBCcq-SS7xv<%CXM8!@xUPO2MUaLz(^ksM
zeCXU?lG164>$&*nFB48W+XcMlU`^}V3RS7$+ny8MGBd?(<WT3NDnX25Xb5Hm@YQ*A
zp)3+AH+t{SeKSrQtcQQ<zE|9}*Ri~qRa{Xk5=h0>r?{VsEzYmyk7I1QO7?SzFGFgx
zZ@N$ILQ}Q5S0lcpO$x<*wS5Q!U$n|U7rqi(_h_?ax@bwPoAJ8S51#RPnsj-W$7L*9
z)F!(P?Xi^DkXFZf={{1;_%c68i#c9I>#&|uM(q1Ik%F`HRYvVdWf1}Y!V<MHJDV)z
z!W~*h{H%IaiqDGG0dXn(&rf+6xo_LackJxzySMC*$|RN`G2b0rJpW)?3zf~u4$$;9
zUXfNUa%anv61LgCtwK4kU4xeN4E8(zIsbE6#`XJw`*Um1I`+*QD|+Iy?KQdO6={zT
zA1dbW&Pa6*+Ib3}<>tLiT&wEW_<fwLtV5SPj(kVZsymBu<K$-}(p--k&q={LaJ2A^
z*8tz;lW*RPDa?7972*2e#dqxY->=Quzs5bkS>CHUe#IdR`^?%pQR6)59ZsY?QPvCR
zQ#*r8cy)~~wd(i(TAk9!Y86Up&$-Mi4|vb-upFG&c<;mGd5$XUxsEH+r?aLq$`)Tl
zxnGf-Dl~C#^-6Cpb~CuC%$0k1{KM|7DxZ1;Uzd5?qKrO)#qY(~H>;KCg4LOgjkAvX
zo;A5!RRHl0PToh>)E-qwvl=B?f9`#p3HGWK$#KGo0;Di}nJR_abH$ZHL|oTTEXo#+
z8QF1bx-p35o#J%}$v!YaO2P09v2XP2sX21W##dVYY6D*06^CVRSDpx-+vK>@+kB$S
z>(H{>R=xV!6MKd0Dq?K=4{(U9Xytg(6*3Xa<i)>_lly-E<ZjafvUx-u9-i7`#?dSu
z{si7V9sZQRoE0rka4}eOqvfe=adD>R;l@GjC;NRM&cJ@YWr(`jjqkto26*IalCRm^
zCAQo5`S01dIV4r^{&?P(IFALxRTbJPX-r%dn9}e(Be{ol)f%#*{GWYG^jtJTRjE_I
z$t%5mZ6{4K-gNZNi{wk|wdKjQek%j-eGt6z7s(A<-djm+lBNHnGAttdPEze_b)C3g
z?DKXn9Nt|)uCwNB*XzRVPn^#;w;LH4J9_Ltw9{pKcm^IttFz;M=XRw~2UwndR#=*O
zXXkWfGPTc&;3xSdA8u`#tU#6?<8<Xs6CFd#p9ifmoNu|s+uwKdrb7>k1<S_EQv6qF
zsVm90R~>Ea9pBI+qh%KttIj{$=q%Vd0?f2EI&{#`UcBv~i@w$Z$Ndp0&!TqdbtY4~
z8+u2+u74ZMZHFPsDr1a2?-udCU$^S3I@y=M3BD%%^ctPM9pw~zjx#$V+$Pr2wV~fq
z&)W}Ykd>$Jx|2~_^z4+y02;ad<gHQfOA4O`ne?GjR2Lph`dr&Ih0wgZ@OF`NedA2c
zE^>06`p;Mw_Eu!~0W)@u#-sz;jZz^s@6Xv!>Dx(3b)><D0Qbcs^=&-E9=(V=uvnc!
zR+_Tqa!P?<X5y{?tnSMFW~>c;Q(MPOavj=zm}?Rft#}u{W{4zq;XChUeb0^GuB%9<
z_BTKC8Y`@z^s@3@hZ=6V@rl#4u72W`B8}QiTPUya^JZywkylU|vDh<CI0aGr{=$X@
zhNc_64jtI$;&mqvPluPii`p_to-8wV!_~CnlDAi##>kMQhTC6w^|ko*Mf`p%P1_lr
z@e|(y*XHWsAG`19mrKjK(}<a15}78`q4yMr%fve@TBuKP^(?M9&%XWQTWh!(r&kW^
zDBpR2p3~)oBTKdCul0?5S0uKiB8AG$eR_WVSQ)a^NQbazh2<aP1D0bCZI?M-x6(y-
zht@pv9Iw#md)&y1i!bu;D!1^ShqcW%-+dnT7LF%h5rMh2<A2ULac6vU(s9*#Pe1R?
ztE_f4ROHVXCpRN_b{C51cUF<4ryTi=@UlWphIEoq=x?xg`yNmK$c)<NUD(&cB=7Lm
z-F+7KIlj~8_R$T|0S-4j^^cjT__?1TntW|ZqU*)AgAcA87V5n>>l=SnUuky8)Wg>L
zQP&cyc^_W*&AxQx;OoS&C!xF3^VxM(Z!;pSf{nWQEZ4qxaQ&U2jdzYZT;Dn6h_UMN
zGtarDPm?`|_!{X%C%mqydiOS9;=aWLFJ69#Pq|m8zBoK5$h_}ihsCi;Snr84b8f_M
z>FaAW@z&j>(wfGzM}>jcj>T~58X4z-b<1uAY)-u3850`%g+JXcdZ~ZJ_c)^Ir)zZj
zmdPoWk27N>m*R=fSC?wF<x6S(ssr!wgnc>^w!B<Pt<ut;TgF39&M#M6fV(O0Eo;%(
zDpL>E>Eq1x8`<wzbtS26vwo%I_LW<1A?1bKz-8rBa@h<IZUL{UabkRb!m_oh_4Z>r
zS=JnUB(j|J=Zq6ANxkAZuO|g-o<qzI-FQRz3tATI&|i`)qiO6Noy~6E^>Ygz?A7l?
zrVX?__592CH)qWHQOQcWJK}QLt>{oesJ&Z)V6Vsb@C}<|T6_;fX{^%_=|*4mM!`qz
zd~^JG)peD<$3EZfHkPheGMPU*{^yJnznmwBY^^qV`*}K9+8%sF$O&2z=Qd77uEX$U
z?uUYo9=(uU+;W1WwK&816uHG{(W=d!`}eupxtx7lBla#x)BykhwCQfHBIVeg;Cqi^
zqpqAkbLvE(pW9-cwb3l77~sDFsf=+>OcU|<CbR0m->128isk2XoWOq#7$*P#ZQ3`#
zN0<&aZ}b)?UV7l+yG*E>KY&GDeSVk!u&ZU|f6dCQE{=;kco@$F)&HvAI9vbo-(D9a
zO8>S0FyoZ&Sbe#qwT~9cDR)CZFitQ|004l$3$aSHyP;ofMoBG)SyA{l=ESZY=ijlR
zW`KWr>{FYt;=tmrJ|@$W(i^`-h4muIN%g?q%S@1-e+q6E=XfA15c@BflOb-iKZ3-C
z5XS_vqSB%6!8ic`0RCo2U-|m1%L48GJ-cfRnJ|0Brr-yK9H<rGzZm^|{qo{o-j~K-
zorIR;$NE3Ma`5rhz*mo6RKm<U0Dy4<00000003Z|000000000OCjbBd00000fN=r<
z000000AQQ|00000000;#000000001haRLAU00000zX$&Z2z)lFHK;Ok00000NkvXX
Hu0mjfFE;$D

literal 0
HcmV?d00001